1 /* GNU Guix --- Functional package management for GNU
2 Copyright (C) 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org>
3 Copyright (C) 2006, 2010, 2012, 2014 Eelco Dolstra <e.dolstra@tudelft.nl>
5 This file is part of GNU Guix.
7 GNU Guix is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or (at
10 your option) any later version.
12 GNU Guix is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. */
32 #include <sys/types.h>
34 #include <sys/socket.h>
44 /* Variables used by `nix-daemon.cc'. */
45 volatile ::sig_atomic_t blockInt
;
50 /* Entry point in `nix-daemon.cc'. */
51 extern void run (const std::vector
<int> &);
54 /* Command-line options. */
57 #define _(str) gettext (str)
58 static const char guix_textdomain
[] = "guix";
61 const char *argp_program_version
=
62 "guix-daemon (" PACKAGE_NAME
") " PACKAGE_VERSION
;
63 const char *argp_program_bug_address
= PACKAGE_BUGREPORT
;
66 n_("guix-daemon -- perform derivation builds and store accesses")
68 n_("This program is a daemon meant to run in the background. It serves \
69 requests sent over a Unix-domain socket. It accesses the store, and \
70 builds derivations on behalf of its clients.");
72 #define GUIX_OPT_SYSTEM 1
73 #define GUIX_OPT_DISABLE_CHROOT 2
74 #define GUIX_OPT_BUILD_USERS_GROUP 3
75 #define GUIX_OPT_CACHE_FAILURES 4
76 #define GUIX_OPT_LOSE_LOGS 5
77 #define GUIX_OPT_DISABLE_LOG_COMPRESSION 6
78 #define GUIX_OPT_DISABLE_DEDUPLICATION 7
79 #define GUIX_OPT_IMPERSONATE_LINUX_26 8
80 #define GUIX_OPT_DEBUG 9
81 #define GUIX_OPT_CHROOT_DIR 10
82 #define GUIX_OPT_LISTEN 11
83 #define GUIX_OPT_NO_SUBSTITUTES 12
84 #define GUIX_OPT_SUBSTITUTE_URLS 13
85 #define GUIX_OPT_NO_BUILD_HOOK 14
86 #define GUIX_OPT_GC_KEEP_OUTPUTS 15
87 #define GUIX_OPT_GC_KEEP_DERIVATIONS 16
88 #define GUIX_OPT_BUILD_ROUNDS 17
89 #define GUIX_OPT_TIMEOUT 18
90 #define GUIX_OPT_MAX_SILENT_TIME 19
91 #define GUIX_OPT_LOG_COMPRESSION 20
92 #define GUIX_OPT_DISCOVER 21
94 static const struct argp_option options
[] =
96 { "system", GUIX_OPT_SYSTEM
, n_("SYSTEM"), 0,
97 n_("assume SYSTEM as the current system type") },
98 { "cores", 'c', n_("N"), 0,
99 n_("use N CPU cores to build each derivation; 0 means as many as available")
101 { "max-jobs", 'M', n_("N"), 0,
102 n_("allow at most N build jobs") },
103 { "timeout", GUIX_OPT_TIMEOUT
, n_("SECONDS"), 0,
104 n_("mark builds as failed after SECONDS of activity") },
105 { "max-silent-time", GUIX_OPT_MAX_SILENT_TIME
, n_("SECONDS"), 0,
106 n_("mark builds as failed after SECONDS of silence") },
107 { "disable-chroot", GUIX_OPT_DISABLE_CHROOT
, 0, 0,
108 n_("disable chroot builds") },
109 { "chroot-directory", GUIX_OPT_CHROOT_DIR
, n_("DIR"), 0,
110 n_("add DIR to the build chroot") },
111 { "build-users-group", GUIX_OPT_BUILD_USERS_GROUP
, n_("GROUP"), 0,
112 n_("perform builds as a user of GROUP") },
113 { "no-substitutes", GUIX_OPT_NO_SUBSTITUTES
, 0, 0,
114 n_("do not use substitutes") },
115 { "substitute-urls", GUIX_OPT_SUBSTITUTE_URLS
, n_("URLS"), 0,
116 n_("use URLS as the default list of substitute providers") },
117 { "no-offload", GUIX_OPT_NO_BUILD_HOOK
, 0, 0,
118 n_("do not attempt to offload builds") },
119 { "no-build-hook", GUIX_OPT_NO_BUILD_HOOK
, 0,
120 OPTION_HIDDEN
, // deprecated
121 n_("do not attempt to offload builds") },
122 { "cache-failures", GUIX_OPT_CACHE_FAILURES
, 0, 0,
123 n_("cache build failures") },
124 { "rounds", GUIX_OPT_BUILD_ROUNDS
, "N", 0,
125 n_("build each derivation N times in a row") },
126 { "lose-logs", GUIX_OPT_LOSE_LOGS
, 0, 0,
127 n_("do not keep build logs") },
128 { "disable-log-compression", GUIX_OPT_DISABLE_LOG_COMPRESSION
, 0,
129 OPTION_HIDDEN
, // deprecated
130 n_("disable compression of the build logs") },
131 { "log-compression", GUIX_OPT_LOG_COMPRESSION
, "TYPE", 0,
132 n_("use the specified compression type for build logs") },
133 { "discover", GUIX_OPT_DISCOVER
, "yes/no", OPTION_ARG_OPTIONAL
,
134 n_("use substitute servers discovered on the local network") },
136 /* '--disable-deduplication' was known as '--disable-store-optimization'
137 up to Guix 0.7 included, so keep the alias around. */
138 { "disable-deduplication", GUIX_OPT_DISABLE_DEDUPLICATION
, 0, 0,
139 n_("disable automatic file \"deduplication\" in the store") },
140 { "disable-store-optimization", GUIX_OPT_DISABLE_DEDUPLICATION
, 0,
141 OPTION_ALIAS
| OPTION_HIDDEN
, NULL
},
143 { "impersonate-linux-2.6", GUIX_OPT_IMPERSONATE_LINUX_26
, 0,
144 #ifdef HAVE_SYS_PERSONALITY_H
149 n_("impersonate Linux 2.6")
151 { "gc-keep-outputs", GUIX_OPT_GC_KEEP_OUTPUTS
,
152 "yes/no", OPTION_ARG_OPTIONAL
,
153 n_("tell whether the GC must keep outputs of live derivations") },
154 { "gc-keep-derivations", GUIX_OPT_GC_KEEP_DERIVATIONS
,
155 "yes/no", OPTION_ARG_OPTIONAL
,
156 n_("tell whether the GC must keep derivations corresponding \
159 { "listen", GUIX_OPT_LISTEN
, n_("SOCKET"), 0,
160 n_("listen for connections on SOCKET") },
161 { "debug", GUIX_OPT_DEBUG
, 0, 0,
162 n_("produce debugging output") },
167 /* Default port for '--listen' on TCP/IP. */
168 #define DEFAULT_GUIX_PORT "44146"
170 /* List of '--listen' options. */
171 static std::list
<std::string
> listen_options
;
173 static bool useDiscover
= false;
175 /* Convert ARG to a Boolean value, or throw an error if it does not denote a
178 string_to_bool (const char *arg
, bool dflt
= true)
182 else if (strcasecmp (arg
, "yes") == 0)
184 else if (strcasecmp (arg
, "no") == 0)
187 throw nix::Error (format ("'%1%': invalid Boolean value") % arg
);
190 /* Parse a single option. */
192 parse_opt (int key
, char *arg
, struct argp_state
*state
)
196 case GUIX_OPT_DISABLE_CHROOT
:
197 settings
.useChroot
= false;
199 case GUIX_OPT_CHROOT_DIR
:
201 std::string chroot_dirs
;
203 chroot_dirs
= settings
.get ("build-extra-chroot-dirs",
205 if (chroot_dirs
== "")
208 chroot_dirs
= chroot_dirs
+ " " + arg
;
209 settings
.set("build-extra-chroot-dirs", chroot_dirs
);
212 case GUIX_OPT_LOG_COMPRESSION
:
213 if (strcmp (arg
, "none") == 0)
214 settings
.logCompression
= COMPRESSION_NONE
;
215 else if (strcmp (arg
, "gzip") == 0)
216 settings
.logCompression
= COMPRESSION_GZIP
;
218 else if (strcmp (arg
, "bzip2") == 0)
219 settings
.logCompression
= COMPRESSION_BZIP2
;
223 fprintf (stderr
, _("error: %s: unknown compression type\n"), arg
);
227 case GUIX_OPT_DISABLE_LOG_COMPRESSION
:
228 settings
.logCompression
= COMPRESSION_NONE
;
230 case GUIX_OPT_BUILD_USERS_GROUP
:
231 settings
.buildUsersGroup
= arg
;
233 case GUIX_OPT_DISABLE_DEDUPLICATION
:
234 settings
.autoOptimiseStore
= false;
236 case GUIX_OPT_CACHE_FAILURES
:
237 settings
.cacheFailure
= true;
239 case GUIX_OPT_BUILD_ROUNDS
:
242 unsigned long n
= strtoul (arg
, &end
, 10);
243 if (end
!= arg
+ strlen (arg
))
245 fprintf (stderr
, _("error: %s: invalid number of rounds\n"), arg
);
248 settings
.set ("build-repeat", std::to_string (std::max (0UL, n
- 1)));
251 case GUIX_OPT_IMPERSONATE_LINUX_26
:
252 settings
.impersonateLinux26
= true;
254 case GUIX_OPT_LOSE_LOGS
:
255 settings
.keepLog
= false;
257 case GUIX_OPT_LISTEN
:
258 listen_options
.push_back (arg
);
260 case GUIX_OPT_SUBSTITUTE_URLS
:
261 settings
.set ("substitute-urls", arg
);
263 case GUIX_OPT_NO_SUBSTITUTES
:
264 settings
.set ("build-use-substitutes", "false");
266 case GUIX_OPT_NO_BUILD_HOOK
:
267 settings
.useBuildHook
= false;
269 case GUIX_OPT_DISCOVER
:
270 useDiscover
= string_to_bool (arg
);
271 settings
.set ("discover", useDiscover
? "true" : "false");
274 verbosity
= lvlDebug
;
276 case GUIX_OPT_GC_KEEP_OUTPUTS
:
277 settings
.gcKeepOutputs
= string_to_bool (arg
);
279 case GUIX_OPT_GC_KEEP_DERIVATIONS
:
280 settings
.gcKeepDerivations
= string_to_bool (arg
);
283 settings
.set ("build-cores", arg
);
286 settings
.set ("build-max-jobs", arg
);
288 case GUIX_OPT_TIMEOUT
:
289 settings
.set ("build-timeout", arg
);
291 case GUIX_OPT_MAX_SILENT_TIME
:
292 settings
.set ("build-max-silent-time", arg
);
294 case GUIX_OPT_SYSTEM
:
295 settings
.thisSystem
= arg
;
298 return (error_t
) ARGP_ERR_UNKNOWN
;
304 /* Argument parsing. */
305 static const struct argp argp
=
309 NULL
, NULL
, // children and help_filter
315 open_unix_domain_socket (const char *file
)
317 /* Create and bind to a Unix domain socket. */
318 AutoCloseFD fdSocket
= socket (PF_UNIX
, SOCK_STREAM
, 0);
320 throw SysError (_("cannot create Unix domain socket"));
322 createDirs (dirOf (file
));
324 /* Urgh, sockaddr_un allows path names of only 108 characters.
325 So chdir to the socket directory so that we can pass a
326 relative path name. */
327 if (chdir (dirOf (file
).c_str ()) == -1)
328 throw SysError (_("cannot change current directory"));
329 Path fileRel
= "./" + baseNameOf (file
);
331 struct sockaddr_un addr
;
332 addr
.sun_family
= AF_UNIX
;
333 if (fileRel
.size () >= sizeof (addr
.sun_path
))
334 throw Error (format (_("socket file name '%1%' is too long")) % fileRel
);
335 strcpy (addr
.sun_path
, fileRel
.c_str ());
339 /* Make sure that the socket is created with 0666 permission
340 (everybody can connect --- provided they have access to the
341 directory containing the socket). */
342 mode_t oldMode
= umask (0111);
343 int res
= bind (fdSocket
, (struct sockaddr
*) &addr
, sizeof addr
);
346 throw SysError (format (_("cannot bind to socket '%1%'")) % file
);
348 if (chdir ("/") == -1) /* back to the root */
349 throw SysError (_("cannot change current directory"));
351 if (listen (fdSocket
, 5) == -1)
352 throw SysError (format (_("cannot listen on socket '%1%'")) % file
);
354 return fdSocket
.borrow ();
357 /* Return a listening socket for ADDRESS, which has the given LENGTH. */
359 open_inet_socket (const struct sockaddr
*address
, socklen_t length
)
361 AutoCloseFD fd
= socket (address
->sa_family
, SOCK_STREAM
, 0);
363 throw SysError (_("cannot create TCP socket"));
365 int res
= bind (fd
, address
, length
);
367 throw SysError (_("cannot bind TCP socket"));
369 if (listen (fd
, 5) == -1)
370 throw SysError (format (_("cannot listen on TCP socket")));
375 /* Return a list of file descriptors of listening sockets. */
376 static std::vector
<int>
377 listening_sockets (const std::list
<std::string
> &options
)
379 std::vector
<int> result
;
381 if (options
.empty ())
383 /* Open the default Unix-domain socket. */
384 auto fd
= open_unix_domain_socket (settings
.nixDaemonSocketFile
.c_str ());
385 result
.push_back (fd
);
389 /* Open the user-specified sockets. */
390 for (const std::string
& option
: options
)
392 if (option
[0] == '/')
394 /* Assume OPTION is the file name of a Unix-domain socket. */
395 settings
.nixDaemonSocketFile
= canonPath (option
);
397 open_unix_domain_socket (settings
.nixDaemonSocketFile
.c_str ());
398 result
.push_back (fd
);
402 /* Assume OPTIONS has the form "HOST" or "HOST:PORT". */
403 auto colon
= option
.find_last_of (":");
404 auto host
= colon
== std::string::npos
405 ? option
: option
.substr (0, colon
);
406 auto port
= colon
== std::string::npos
408 : option
.substr (colon
+ 1, option
.size () - colon
- 1);
410 struct addrinfo
*res
, hints
;
412 memset (&hints
, '\0', sizeof hints
);
413 hints
.ai_socktype
= SOCK_STREAM
;
414 hints
.ai_flags
= AI_NUMERICSERV
| AI_ADDRCONFIG
;
416 int err
= getaddrinfo (host
.c_str(), port
.c_str (),
420 throw Error(format ("failed to look up '%1%': %2%")
421 % option
% gai_strerror (err
));
423 printMsg (lvlDebug
, format ("listening on '%1%', port '%2%'")
426 /* XXX: Pick the first result, RES. */
427 result
.push_back (open_inet_socket (res
->ai_addr
,
439 main (int argc
, char *argv
[])
441 setlocale (LC_ALL
, "");
442 bindtextdomain (guix_textdomain
, LOCALEDIR
);
443 textdomain (guix_textdomain
);
445 /* Initialize libgcrypt. */
446 if (!gcry_check_version (GCRYPT_VERSION
))
448 fprintf (stderr
, _("error: libgcrypt version mismatch\n"));
452 /* Tell Libgcrypt that initialization has completed, as per the Libgcrypt
453 1.6.0 manual (although this does not appear to be strictly needed.) */
454 gcry_control (GCRYCTL_INITIALIZATION_FINISHED
, 0);
456 /* Set the umask so that the daemon does not end up creating group-writable
457 files, which would lead to "suspicious ownership or permission" errors.
458 See <http://lists.gnu.org/archive/html/bug-guix/2013-07/msg00033.html>. */
459 umask (S_IWGRP
| S_IWOTH
);
462 # error chroot is assumed to be available
465 /* Always use chroots by default. */
466 settings
.useChroot
= true;
468 /* Turn automatic deduplication on by default. */
469 settings
.autoOptimiseStore
= true;
471 /* Default to using as many cores as possible and one job at a time. */
472 settings
.buildCores
= 0;
473 settings
.maxBuildJobs
= 1;
479 settings
.processEnvironment ();
481 /* Enable substitutes by default. */
482 settings
.set ("build-use-substitutes", "true");
484 /* Use our substitute server by default. */
485 settings
.set ("substitute-urls", GUIX_SUBSTITUTE_URLS
);
487 #ifdef HAVE_DAEMON_OFFLOAD_HOOK
488 /* Use 'guix offload' for distributed builds by default. */
489 settings
.useBuildHook
= true;
491 /* We are not installing any build hook, so disable it. */
492 settings
.useBuildHook
= false;
495 argp_parse (&argp
, argc
, argv
, 0, 0, 0);
497 auto sockets
= listening_sockets (listen_options
);
499 /* Effect all the changes made via 'settings.set'. */
502 format ("build log compression: %1%") % settings
.logCompression
);
504 if (geteuid () == 0 && settings
.buildUsersGroup
.empty ())
505 fprintf (stderr
, _("warning: daemon is running as root, so \
506 using `--build-users-group' is highly recommended\n"));
508 if (settings
.useChroot
)
510 std::string chroot_dirs
;
512 chroot_dirs
= settings
.get ("build-extra-chroot-dirs",
515 format ("extra chroot directories: '%1%'") % chroot_dirs
);
522 args
.push_back("guix");
523 args
.push_back("discover");
526 execv(settings
.guixProgram
.c_str(), stringsToCharPtrs(args
).data());
531 format ("automatic deduplication set to %1%")
532 % settings
.autoOptimiseStore
);
535 format ("listening on `%1%'") % settings
.nixDaemonSocketFile
);
539 catch (std::exception
&e
)
541 fprintf (stderr
, _("error: %s\n"), e
.what ());
545 return EXIT_SUCCESS
; /* never reached */