You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

550 lines
16 KiB

  1. /* GNU Guix --- Functional package management for GNU
  2. Copyright (C) 2012, 2013, 2014, 2015, 2016, 2017, 2018 Ludovic Courtès <ludo@gnu.org>
  3. Copyright (C) 2006, 2010, 2012, 2014 Eelco Dolstra <e.dolstra@tudelft.nl>
  4. This file is part of GNU Guix.
  5. GNU Guix is free software; you can redistribute it and/or modify it
  6. under the terms of the GNU General Public License as published by
  7. the Free Software Foundation; either version 3 of the License, or (at
  8. your option) any later version.
  9. GNU Guix is distributed in the hope that it will be useful, but
  10. WITHOUT ANY WARRANTY; without even the implied warranty of
  11. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. GNU General Public License for more details.
  13. You should have received a copy of the GNU General Public License
  14. along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
  15. #include <config.h>
  16. #include <types.hh>
  17. #include "shared.hh"
  18. #include <globals.hh>
  19. #include <util.hh>
  20. #include <gcrypt.h>
  21. #include <stdlib.h>
  22. #include <argp.h>
  23. #include <unistd.h>
  24. #include <sys/types.h>
  25. #include <sys/stat.h>
  26. #include <sys/socket.h>
  27. #include <sys/un.h>
  28. #include <netdb.h>
  29. #include <strings.h>
  30. #include <exception>
  31. #include <iostream>
  32. #include <libintl.h>
  33. #include <locale.h>
  34. /* Variables used by `nix-daemon.cc'. */
  35. volatile ::sig_atomic_t blockInt;
  36. char **argvSaved;
  37. using namespace nix;
  38. /* Entry point in `nix-daemon.cc'. */
  39. extern void run (const std::vector<int> &);
  40. /* Command-line options. */
  41. #define n_(str) str
  42. #define _(str) gettext (str)
  43. static const char guix_textdomain[] = "guix";
  44. const char *argp_program_version =
  45. "guix-daemon (" PACKAGE_NAME ") " PACKAGE_VERSION;
  46. const char *argp_program_bug_address = PACKAGE_BUGREPORT;
  47. static char doc[] =
  48. n_("guix-daemon -- perform derivation builds and store accesses")
  49. "\v\n"
  50. n_("This program is a daemon meant to run in the background. It serves \
  51. requests sent over a Unix-domain socket. It accesses the store, and \
  52. builds derivations on behalf of its clients.");
  53. #define GUIX_OPT_SYSTEM 1
  54. #define GUIX_OPT_DISABLE_CHROOT 2
  55. #define GUIX_OPT_BUILD_USERS_GROUP 3
  56. #define GUIX_OPT_CACHE_FAILURES 4
  57. #define GUIX_OPT_LOSE_LOGS 5
  58. #define GUIX_OPT_DISABLE_LOG_COMPRESSION 6
  59. #define GUIX_OPT_DISABLE_DEDUPLICATION 7
  60. #define GUIX_OPT_IMPERSONATE_LINUX_26 8
  61. #define GUIX_OPT_DEBUG 9
  62. #define GUIX_OPT_CHROOT_DIR 10
  63. #define GUIX_OPT_LISTEN 11
  64. #define GUIX_OPT_NO_SUBSTITUTES 12
  65. #define GUIX_OPT_SUBSTITUTE_URLS 13
  66. #define GUIX_OPT_NO_BUILD_HOOK 14
  67. #define GUIX_OPT_GC_KEEP_OUTPUTS 15
  68. #define GUIX_OPT_GC_KEEP_DERIVATIONS 16
  69. #define GUIX_OPT_BUILD_ROUNDS 17
  70. #define GUIX_OPT_TIMEOUT 18
  71. #define GUIX_OPT_MAX_SILENT_TIME 19
  72. #define GUIX_OPT_LOG_COMPRESSION 20
  73. static const struct argp_option options[] =
  74. {
  75. { "system", GUIX_OPT_SYSTEM, n_("SYSTEM"), 0,
  76. n_("assume SYSTEM as the current system type") },
  77. { "cores", 'c', n_("N"), 0,
  78. n_("use N CPU cores to build each derivation; 0 means as many as available")
  79. },
  80. { "max-jobs", 'M', n_("N"), 0,
  81. n_("allow at most N build jobs") },
  82. { "timeout", GUIX_OPT_TIMEOUT, n_("SECONDS"), 0,
  83. n_("mark builds as failed after SECONDS of activity") },
  84. { "max-silent-time", GUIX_OPT_MAX_SILENT_TIME, n_("SECONDS"), 0,
  85. n_("mark builds as failed after SECONDS of silence") },
  86. { "disable-chroot", GUIX_OPT_DISABLE_CHROOT, 0, 0,
  87. n_("disable chroot builds") },
  88. { "chroot-directory", GUIX_OPT_CHROOT_DIR, n_("DIR"), 0,
  89. n_("add DIR to the build chroot") },
  90. { "build-users-group", GUIX_OPT_BUILD_USERS_GROUP, n_("GROUP"), 0,
  91. n_("perform builds as a user of GROUP") },
  92. { "no-substitutes", GUIX_OPT_NO_SUBSTITUTES, 0, 0,
  93. n_("do not use substitutes") },
  94. { "substitute-urls", GUIX_OPT_SUBSTITUTE_URLS, n_("URLS"), 0,
  95. n_("use URLS as the default list of substitute providers") },
  96. { "no-build-hook", GUIX_OPT_NO_BUILD_HOOK, 0, 0,
  97. n_("do not use the 'build hook'") },
  98. { "cache-failures", GUIX_OPT_CACHE_FAILURES, 0, 0,
  99. n_("cache build failures") },
  100. { "rounds", GUIX_OPT_BUILD_ROUNDS, "N", 0,
  101. n_("build each derivation N times in a row") },
  102. { "lose-logs", GUIX_OPT_LOSE_LOGS, 0, 0,
  103. n_("do not keep build logs") },
  104. { "disable-log-compression", GUIX_OPT_DISABLE_LOG_COMPRESSION, 0,
  105. OPTION_HIDDEN, // deprecated
  106. n_("disable compression of the build logs") },
  107. { "log-compression", GUIX_OPT_LOG_COMPRESSION, "TYPE", 0,
  108. n_("use the specified compression type for build logs") },
  109. /* '--disable-deduplication' was known as '--disable-store-optimization'
  110. up to Guix 0.7 included, so keep the alias around. */
  111. { "disable-deduplication", GUIX_OPT_DISABLE_DEDUPLICATION, 0, 0,
  112. n_("disable automatic file \"deduplication\" in the store") },
  113. { "disable-store-optimization", GUIX_OPT_DISABLE_DEDUPLICATION, 0,
  114. OPTION_ALIAS | OPTION_HIDDEN, NULL },
  115. { "impersonate-linux-2.6", GUIX_OPT_IMPERSONATE_LINUX_26, 0,
  116. #ifdef HAVE_SYS_PERSONALITY_H
  117. 0,
  118. #else
  119. OPTION_HIDDEN,
  120. #endif
  121. n_("impersonate Linux 2.6")
  122. },
  123. { "gc-keep-outputs", GUIX_OPT_GC_KEEP_OUTPUTS,
  124. "yes/no", OPTION_ARG_OPTIONAL,
  125. n_("tell whether the GC must keep outputs of live derivations") },
  126. { "gc-keep-derivations", GUIX_OPT_GC_KEEP_DERIVATIONS,
  127. "yes/no", OPTION_ARG_OPTIONAL,
  128. n_("tell whether the GC must keep derivations corresponding \
  129. to live outputs") },
  130. { "listen", GUIX_OPT_LISTEN, n_("SOCKET"), 0,
  131. n_("listen for connections on SOCKET") },
  132. { "debug", GUIX_OPT_DEBUG, 0, 0,
  133. n_("produce debugging output") },
  134. { 0, 0, 0, 0, 0 }
  135. };
  136. /* Default port for '--listen' on TCP/IP. */
  137. #define DEFAULT_GUIX_PORT "44146"
  138. /* List of '--listen' options. */
  139. static std::list<std::string> listen_options;
  140. /* Convert ARG to a Boolean value, or throw an error if it does not denote a
  141. Boolean. */
  142. static bool
  143. string_to_bool (const char *arg, bool dflt = true)
  144. {
  145. if (arg == NULL)
  146. return dflt;
  147. else if (strcasecmp (arg, "yes") == 0)
  148. return true;
  149. else if (strcasecmp (arg, "no") == 0)
  150. return false;
  151. else
  152. throw nix::Error (format ("'%1%': invalid Boolean value") % arg);
  153. }
  154. /* Parse a single option. */
  155. static error_t
  156. parse_opt (int key, char *arg, struct argp_state *state)
  157. {
  158. switch (key)
  159. {
  160. case GUIX_OPT_DISABLE_CHROOT:
  161. settings.useChroot = false;
  162. break;
  163. case GUIX_OPT_CHROOT_DIR:
  164. {
  165. std::string chroot_dirs;
  166. chroot_dirs = settings.get ("build-extra-chroot-dirs",
  167. (std::string) "");
  168. if (chroot_dirs == "")
  169. chroot_dirs = arg;
  170. else
  171. chroot_dirs = chroot_dirs + " " + arg;
  172. settings.set("build-extra-chroot-dirs", chroot_dirs);
  173. break;
  174. }
  175. case GUIX_OPT_LOG_COMPRESSION:
  176. if (strcmp (arg, "none") == 0)
  177. settings.logCompression = COMPRESSION_NONE;
  178. else if (strcmp (arg, "gzip") == 0)
  179. settings.logCompression = COMPRESSION_GZIP;
  180. #if HAVE_BZLIB_H
  181. else if (strcmp (arg, "bzip2") == 0)
  182. settings.logCompression = COMPRESSION_BZIP2;
  183. #endif
  184. else
  185. {
  186. fprintf (stderr, _("error: %s: unknown compression type\n"), arg);
  187. exit (EXIT_FAILURE);
  188. }
  189. break;
  190. case GUIX_OPT_DISABLE_LOG_COMPRESSION:
  191. settings.logCompression = COMPRESSION_NONE;
  192. break;
  193. case GUIX_OPT_BUILD_USERS_GROUP:
  194. settings.buildUsersGroup = arg;
  195. break;
  196. case GUIX_OPT_DISABLE_DEDUPLICATION:
  197. settings.autoOptimiseStore = false;
  198. break;
  199. case GUIX_OPT_CACHE_FAILURES:
  200. settings.cacheFailure = true;
  201. break;
  202. case GUIX_OPT_BUILD_ROUNDS:
  203. {
  204. char *end;
  205. unsigned long n = strtoul (arg, &end, 10);
  206. if (end != arg + strlen (arg))
  207. {
  208. fprintf (stderr, _("error: %s: invalid number of rounds\n"), arg);
  209. exit (EXIT_FAILURE);
  210. }
  211. settings.set ("build-repeat", std::to_string (std::max (0UL, n - 1)));
  212. break;
  213. }
  214. case GUIX_OPT_IMPERSONATE_LINUX_26:
  215. settings.impersonateLinux26 = true;
  216. break;
  217. case GUIX_OPT_LOSE_LOGS:
  218. settings.keepLog = false;
  219. break;
  220. case GUIX_OPT_LISTEN:
  221. listen_options.push_back (arg);
  222. break;
  223. case GUIX_OPT_SUBSTITUTE_URLS:
  224. settings.set ("substitute-urls", arg);
  225. break;
  226. case GUIX_OPT_NO_SUBSTITUTES:
  227. settings.set ("build-use-substitutes", "false");
  228. break;
  229. case GUIX_OPT_NO_BUILD_HOOK:
  230. settings.useBuildHook = false;
  231. break;
  232. case GUIX_OPT_DEBUG:
  233. verbosity = lvlDebug;
  234. break;
  235. case GUIX_OPT_GC_KEEP_OUTPUTS:
  236. settings.gcKeepOutputs = string_to_bool (arg);
  237. break;
  238. case GUIX_OPT_GC_KEEP_DERIVATIONS:
  239. settings.gcKeepDerivations = string_to_bool (arg);
  240. break;
  241. case 'c':
  242. settings.set ("build-cores", arg);
  243. break;
  244. case 'M':
  245. settings.set ("build-max-jobs", arg);
  246. break;
  247. case GUIX_OPT_TIMEOUT:
  248. settings.set ("build-timeout", arg);
  249. break;
  250. case GUIX_OPT_MAX_SILENT_TIME:
  251. settings.set ("build-max-silent-time", arg);
  252. break;
  253. case GUIX_OPT_SYSTEM:
  254. settings.thisSystem = arg;
  255. break;
  256. default:
  257. return (error_t) ARGP_ERR_UNKNOWN;
  258. }
  259. return (error_t) 0;
  260. }
  261. /* Argument parsing. */
  262. static const struct argp argp =
  263. {
  264. options, parse_opt,
  265. NULL, doc,
  266. NULL, NULL, // children and help_filter
  267. guix_textdomain
  268. };
  269. static int
  270. open_unix_domain_socket (const char *file)
  271. {
  272. /* Create and bind to a Unix domain socket. */
  273. AutoCloseFD fdSocket = socket (PF_UNIX, SOCK_STREAM, 0);
  274. if (fdSocket == -1)
  275. throw SysError (_("cannot create Unix domain socket"));
  276. createDirs (dirOf (file));
  277. /* Urgh, sockaddr_un allows path names of only 108 characters.
  278. So chdir to the socket directory so that we can pass a
  279. relative path name. */
  280. if (chdir (dirOf (file).c_str ()) == -1)
  281. throw SysError (_("cannot change current directory"));
  282. Path fileRel = "./" + baseNameOf (file);
  283. struct sockaddr_un addr;
  284. addr.sun_family = AF_UNIX;
  285. if (fileRel.size () >= sizeof (addr.sun_path))
  286. throw Error (format (_("socket file name '%1%' is too long")) % fileRel);
  287. strcpy (addr.sun_path, fileRel.c_str ());
  288. unlink (file);
  289. /* Make sure that the socket is created with 0666 permission
  290. (everybody can connect --- provided they have access to the
  291. directory containing the socket). */
  292. mode_t oldMode = umask (0111);
  293. int res = bind (fdSocket, (struct sockaddr *) &addr, sizeof addr);
  294. umask (oldMode);
  295. if (res == -1)
  296. throw SysError (format (_("cannot bind to socket '%1%'")) % file);
  297. if (chdir ("/") == -1) /* back to the root */
  298. throw SysError (_("cannot change current directory"));
  299. if (listen (fdSocket, 5) == -1)
  300. throw SysError (format (_("cannot listen on socket '%1%'")) % file);
  301. return fdSocket.borrow ();
  302. }
  303. /* Return a listening socket for ADDRESS, which has the given LENGTH. */
  304. static int
  305. open_inet_socket (const struct sockaddr *address, socklen_t length)
  306. {
  307. AutoCloseFD fd = socket (address->sa_family, SOCK_STREAM, 0);
  308. if (fd == -1)
  309. throw SysError (_("cannot create TCP socket"));
  310. int res = bind (fd, address, length);
  311. if (res == -1)
  312. throw SysError (_("cannot bind TCP socket"));
  313. if (listen (fd, 5) == -1)
  314. throw SysError (format (_("cannot listen on TCP socket")));
  315. return fd.borrow ();
  316. }
  317. /* Return a list of file descriptors of listening sockets. */
  318. static std::vector<int>
  319. listening_sockets (const std::list<std::string> &options)
  320. {
  321. std::vector<int> result;
  322. if (options.empty ())
  323. {
  324. /* Open the default Unix-domain socket. */
  325. auto fd = open_unix_domain_socket (settings.nixDaemonSocketFile.c_str ());
  326. result.push_back (fd);
  327. return result;
  328. }
  329. /* Open the user-specified sockets. */
  330. for (const std::string& option: options)
  331. {
  332. if (option[0] == '/')
  333. {
  334. /* Assume OPTION is the file name of a Unix-domain socket. */
  335. settings.nixDaemonSocketFile = canonPath (option);
  336. int fd =
  337. open_unix_domain_socket (settings.nixDaemonSocketFile.c_str ());
  338. result.push_back (fd);
  339. }
  340. else
  341. {
  342. /* Assume OPTIONS has the form "HOST" or "HOST:PORT". */
  343. auto colon = option.find_last_of (":");
  344. auto host = colon == std::string::npos
  345. ? option : option.substr (0, colon);
  346. auto port = colon == std::string::npos
  347. ? DEFAULT_GUIX_PORT
  348. : option.substr (colon + 1, option.size () - colon - 1);
  349. struct addrinfo *res, hints;
  350. memset (&hints, '\0', sizeof hints);
  351. hints.ai_socktype = SOCK_STREAM;
  352. hints.ai_flags = AI_NUMERICSERV | AI_ADDRCONFIG;
  353. int err = getaddrinfo (host.c_str(), port.c_str (),
  354. &hints, &res);
  355. if (err != 0)
  356. throw Error(format ("failed to look up '%1%': %2%")
  357. % option % gai_strerror (err));
  358. printMsg (lvlDebug, format ("listening on '%1%', port '%2%'")
  359. % host % port);
  360. /* XXX: Pick the first result, RES. */
  361. result.push_back (open_inet_socket (res->ai_addr,
  362. res->ai_addrlen));
  363. freeaddrinfo (res);
  364. }
  365. }
  366. return result;
  367. }
  368. int
  369. main (int argc, char *argv[])
  370. {
  371. setlocale (LC_ALL, "");
  372. bindtextdomain (guix_textdomain, LOCALEDIR);
  373. textdomain (guix_textdomain);
  374. /* Initialize libgcrypt. */
  375. if (!gcry_check_version (GCRYPT_VERSION))
  376. {
  377. fprintf (stderr, _("error: libgcrypt version mismatch\n"));
  378. exit (EXIT_FAILURE);
  379. }
  380. /* Tell Libgcrypt that initialization has completed, as per the Libgcrypt
  381. 1.6.0 manual (although this does not appear to be strictly needed.) */
  382. gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
  383. /* Set the umask so that the daemon does not end up creating group-writable
  384. files, which would lead to "suspicious ownership or permission" errors.
  385. See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. */
  386. umask (S_IWGRP | S_IWOTH);
  387. #ifndef HAVE_CHROOT
  388. # error chroot is assumed to be available
  389. #endif
  390. /* Always use chroots by default. */
  391. settings.useChroot = true;
  392. /* Turn automatic deduplication on by default. */
  393. settings.autoOptimiseStore = true;
  394. /* Default to using as many cores as possible and one job at a time. */
  395. settings.buildCores = 0;
  396. settings.maxBuildJobs = 1;
  397. argvSaved = argv;
  398. try
  399. {
  400. settings.processEnvironment ();
  401. /* Use our substituter by default. */
  402. settings.substituters.clear ();
  403. settings.set ("build-use-substitutes", "true");
  404. /* Use our substitute server by default. */
  405. settings.set ("substitute-urls", GUIX_SUBSTITUTE_URLS);
  406. #ifdef HAVE_DAEMON_OFFLOAD_HOOK
  407. /* Use our build hook for distributed builds by default. */
  408. settings.useBuildHook = true;
  409. if (getenv ("NIX_BUILD_HOOK") == NULL)
  410. {
  411. std::string build_hook;
  412. build_hook = settings.nixLibexecDir + "/guix/offload";
  413. setenv ("NIX_BUILD_HOOK", build_hook.c_str (), 1);
  414. }
  415. #else
  416. /* We are not installing any build hook, so disable it. */
  417. settings.useBuildHook = false;
  418. #endif
  419. argp_parse (&argp, argc, argv, 0, 0, 0);
  420. auto sockets = listening_sockets (listen_options);
  421. /* Effect all the changes made via 'settings.set'. */
  422. settings.update ();
  423. printMsg(lvlDebug,
  424. format ("build log compression: %1%") % settings.logCompression);
  425. if (settings.useSubstitutes)
  426. {
  427. string subs = getEnv ("NIX_SUBSTITUTERS", "default");
  428. if (subs == "default")
  429. {
  430. string subst =
  431. settings.nixLibexecDir + "/guix/substitute";
  432. setenv ("NIX_SUBSTITUTERS", subst.c_str (), 1);
  433. }
  434. }
  435. else
  436. /* Clear the substituter list to make sure nothing ever gets
  437. substituted, regardless of the client's settings. */
  438. setenv ("NIX_SUBSTITUTERS", "", 1);
  439. /* Effect the $NIX_SUBSTITUTERS change. */
  440. settings.update ();
  441. if (geteuid () == 0 && settings.buildUsersGroup.empty ())
  442. fprintf (stderr, _("warning: daemon is running as root, so \
  443. using `--build-users-group' is highly recommended\n"));
  444. if (settings.useChroot)
  445. {
  446. std::string chroot_dirs;
  447. chroot_dirs = settings.get ("build-extra-chroot-dirs",
  448. (std::string) "");
  449. printMsg (lvlDebug,
  450. format ("extra chroot directories: '%1%'") % chroot_dirs);
  451. }
  452. printMsg (lvlDebug,
  453. format ("automatic deduplication set to %1%")
  454. % settings.autoOptimiseStore);
  455. printMsg (lvlDebug,
  456. format ("listening on `%1%'") % settings.nixDaemonSocketFile);
  457. run (sockets);
  458. }
  459. catch (std::exception &e)
  460. {
  461. fprintf (stderr, _("error: %s\n"), e.what ());
  462. return EXIT_FAILURE;
  463. }
  464. return EXIT_SUCCESS; /* never reached */
  465. }