1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
3 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
5 ;;; This file is part of GNU Guix.
7 ;;; GNU Guix is free software; you can redistribute it and/or modify it
8 ;;; under the terms of the GNU General Public License as published by
9 ;;; the Free Software Foundation; either version 3 of the License, or (at
10 ;;; your option) any later version.
12 ;;; GNU Guix is distributed in the hope that it will be useful, but
13 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
14 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 ;;; GNU General Public License for more details.
17 ;;; You should have received a copy of the GNU General Public License
18 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
20 (define-module (guix nar)
21 #:use-module (guix utils)
22 #:use-module (guix serialization)
23 #:use-module ((guix build utils)
24 #:select (delete-file-recursively with-directory-excursion))
25 #:use-module (guix store)
26 #:use-module (guix ui) ; for '_'
27 #:use-module (guix hash)
28 #:use-module (guix pki)
29 #:use-module (guix pk-crypto)
30 #:use-module (rnrs bytevectors)
31 #:use-module (rnrs io ports)
32 #:use-module (srfi srfi-1)
33 #:use-module (srfi srfi-11)
34 #:use-module (srfi srfi-26)
35 #:use-module (srfi srfi-34)
36 #:use-module (srfi srfi-35)
37 #:use-module (ice-9 ftw)
38 #:use-module (ice-9 match)
46 nar-invalid-hash-error?
47 nar-invalid-hash-error-expected
48 nar-invalid-hash-error-actual
51 nar-signature-error-signature
60 ;;; Read and write Nix archives, aka. ‘nar’.
64 (define-condition-type &nar-error &error ; XXX: inherit from &nix-error ?
66 (file nar-error-file) ; file we were restoring, or #f
67 (port nar-error-port)) ; port from which we read
69 (define-condition-type &nar-read-error &nar-error
71 (token nar-read-error-token)) ; faulty token, or #f
73 (define-condition-type &nar-signature-error &nar-error
75 (signature nar-signature-error-signature)) ; faulty signature or #f
77 (define-condition-type &nar-invalid-hash-error &nar-signature-error
78 nar-invalid-hash-error?
79 (expected nar-invalid-hash-error-expected) ; expected hash (a bytevector)
80 (actual nar-invalid-hash-error-actual)) ; actual hash
83 (define (dump in out size)
84 "Copy SIZE bytes from IN to OUT."
85 (define buf-size 65536)
86 (define buf (make-bytevector buf-size))
88 (let loop ((left size))
91 (let ((read (get-bytevector-n! in buf 0 (min left buf-size))))
92 (if (eof-object? read)
95 (put-bytevector out buf 0 read)
96 (loop (- left read))))))))
98 (define (write-contents file p size)
99 "Write SIZE bytes from FILE to output port P."
100 (define (call-with-binary-input-file file proc)
101 ;; Open FILE as a binary file. This avoids scan-for-encoding, and thus
102 ;; avoids any initial buffering. Disable file name canonicalization to
103 ;; avoid stat'ing like crazy.
104 (with-fluids ((%file-port-name-canonicalization #f))
105 (let ((port (open-file file "rb")))
110 (close-port port))))))
112 (write-string "contents" p)
113 (write-long-long size p)
114 (call-with-binary-input-file file
115 ;; Use `sendfile' when available (Guile 2.0.8+).
116 (if (and (compile-time-value (defined? 'sendfile))
118 (cut sendfile p <> size 0)
119 (cut dump <> p size)))
120 (write-padding size p))
122 (define (read-contents in out)
123 "Read the contents of a file from the Nar at IN, write it to OUT, and return
126 (match (read-string in)
130 (match (list (read-string in) (read-string in))
134 (message "unexpected executable file marker"))
135 (&nar-read-error (port in)
141 (condition (&message (message "unsupported nar file type"))
142 (&nar-read-error (port in) (file #f) (token x)))))))
144 (let ((size (read-long-long in)))
145 ;; Note: `sendfile' cannot be used here because of port buffering on IN.
150 (let ((m (modulo size 8)))
152 (get-bytevector-n in (- 8 m))))
155 (define %archive-version-1
156 ;; Magic cookie for Nix archives.
159 (define (write-file file port)
160 "Write the contents of FILE to PORT in Nar format, recursing into
161 sub-directories of FILE as needed."
164 (write-string %archive-version-1 p)
171 (write-string "type" p)
172 (write-string "regular" p)
173 (if (not (zero? (logand (stat:mode s) #o100)))
175 (write-string "executable" p)
176 (write-string "" p)))
177 (write-contents f p (stat:size s)))
179 (write-string "type" p)
180 (write-string "directory" p)
182 ;; NOTE: Guile 2.0.5's 'scandir' returns all subdirectories
183 ;; unconditionally, including "." and "..", regardless of the
184 ;; 'select?' predicate passed to it, so we have to filter
185 ;; those out externally.
186 (filter (negate (cut member <> '("." "..")))
187 ;; 'scandir' defaults to 'string-locale<?' to sort
188 ;; files, but this happens to be case-insensitive (at
189 ;; least in 'en_US' locale on libc 2.18.) Conversely,
190 ;; we want files to be sorted in a case-sensitive
192 (scandir f (const #t) string<?))))
193 (for-each (lambda (e)
194 (let ((f (string-append f "/" e)))
195 (write-string "entry" p)
197 (write-string "name" p)
199 (write-string "node" p)
201 (write-string ")" p)))
204 (write-string "type" p)
205 (write-string "symlink" p)
206 (write-string "target" p)
207 (write-string (readlink f) p))
209 (raise (condition (&message (message "unsupported file type"))
210 (&nar-error (file f) (port port))))))
211 (write-string ")" p))))
213 (define (restore-file port file)
214 "Read a file (possibly a directory structure) in Nar format from PORT.
216 (let ((signature (read-string port)))
217 (unless (equal? signature %archive-version-1)
219 (condition (&message (message "invalid nar signature"))
220 (&nar-read-error (port port)
224 (let restore ((file file))
225 (define (read-eof-marker)
226 (match (read-string port)
230 (&message (message "invalid nar end-of-file marker"))
231 (&nar-read-error (port port) (file file) (token x)))))))
233 (match (list (read-string port) (read-string port) (read-string port))
234 (("(" "type" "regular")
235 (call-with-output-file file (cut read-contents port <>))
237 (("(" "type" "symlink")
238 (match (list (read-string port) (read-string port))
240 (symlink target file)
244 (&message (message "invalid symlink tokens"))
245 (&nar-read-error (port port) (file file) (token x)))))))
246 (("(" "type" "directory")
249 (let loop ((prefix (read-string port)))
252 (match (list (read-string port)
253 (read-string port) (read-string port)
255 (("(" "name" file "node")
256 (restore (string-append dir "/" file))
257 (match (read-string port)
263 (message "unexpected directory entry termination"))
264 (&nar-read-error (port port)
267 (loop (read-string port)))))
268 (")" #t) ; done with DIR
272 (&message (message "unexpected directory inter-entry marker"))
273 (&nar-read-error (port port) (file file) (token x)))))))))
277 (&message (message "unsupported nar entry type"))
278 (&nar-read-error (port port) (file file) (token x))))))))
282 ;;; Restoring a file set into the store.
285 ;; The code below accesses the store directly and is meant to be run from
286 ;; "build hooks", which cannot invoke the daemon's 'import-paths' RPC since
287 ;; (1) the locks on the files to be restored as already held, and (2) the
288 ;; $NIX_HELD_LOCKS hackish environment variable cannot be set.
290 ;; So we're really duplicating that functionality of the daemon (well, until
291 ;; most of the daemon is in Scheme :-)). But note that we do use a couple of
292 ;; RPCs for functionality not available otherwise, like 'valid-path?'.
294 (define (lock-store-file file)
295 "Acquire exclusive access to FILE, a store file."
296 (call-with-output-file (string-append file ".lock")
297 (cut fcntl-flock <> 'write-lock)))
299 (define (unlock-store-file file)
300 "Release access to FILE."
301 (call-with-input-file (string-append file ".lock")
302 (cut fcntl-flock <> 'unlock)))
304 (define* (finalize-store-file source target
305 #:key (references '()) deriver (lock? #t))
306 "Rename SOURCE to TARGET and register TARGET as a valid store item, with
307 REFERENCES and DERIVER. When LOCK? is true, acquire exclusive locks on TARGET
308 before attempting to register it; otherwise, assume TARGET's locks are already
311 ;; XXX: Currently we have to call out to the daemon to check whether TARGET
314 (unless (valid-path? store target)
316 (lock-store-file target))
318 (unless (valid-path? store target)
319 ;; If FILE already exists, delete it (it's invalid anyway.)
320 (when (file-exists? target)
321 (delete-file-recursively target))
323 ;; Install the new TARGET.
324 (rename-file source target)
326 ;; Register TARGET. As a side effect, it resets the timestamps of all
327 ;; its files, recursively, and runs a deduplication pass.
328 (register-path target
329 #:references references
333 (unlock-store-file target)))))
335 (define (temporary-store-file)
336 "Return the file name of a temporary file created in the store."
337 (let* ((template (string-append (%store-prefix) "/guix-XXXXXX"))
338 (port (mkstemp! template)))
342 (define-syntax-rule (with-temporary-store-file name body ...)
343 "Evaluate BODY with NAME bound to the file name of a temporary store item
345 (let loop ((name (temporary-store-file)))
347 ;; Add NAME to the current process' roots. (Opening this connection to
348 ;; the daemon allows us to reuse its code that deals with the
349 ;; per-process roots file.)
350 (add-temp-root store name)
352 ;; There's a window during which GC could delete NAME. Try again when
354 (if (file-exists? name)
358 (loop (temporary-store-file))))))
360 (define* (restore-one-item port
361 #:key acl (verify-signature? #t) (lock? #t)
362 (log-port (current-error-port)))
363 "Restore one store item from PORT; return its file name on success."
365 (define (assert-valid-signature signature hash file)
366 ;; Bail out if SIGNATURE, which must be a string as produced by
367 ;; 'canonical-sexp->string', doesn't match HASH, a bytevector containing
368 ;; the expected hash for FILE.
369 (let ((signature (catch 'gcry-error
371 (string->canonical-sexp signature))
372 (lambda (key proc err)
375 (message "signature is not a valid \
377 (&nar-signature-error
379 (signature signature) (port port))))))))
380 (signature-case (signature hash (current-acl))
384 (&message (message "invalid signature"))
385 (&nar-signature-error
386 (file file) (signature signature) (port port)))))
388 (raise (condition (&message (message "invalid hash"))
389 (&nar-invalid-hash-error
390 (port port) (file file)
391 (signature signature)
392 (expected (hash-data->bytevector
393 (signature-signed-data signature)))
396 (raise (condition (&message (message "unauthorized public key"))
397 (&nar-signature-error
398 (signature signature) (file file) (port port)))))
401 (&message (message "corrupt signature data"))
402 (&nar-signature-error
403 (signature signature) (file file) (port port))))))))
405 (define %export-magic
406 ;; Number used to identify genuine file set archives.
410 ;; Keep that one around, for error conditions.
413 (let-values (((port get-hash)
414 (open-sha256-input-port port)))
415 (with-temporary-store-file temp
416 (restore-file port temp)
418 (let ((magic (read-int port)))
419 (unless (= magic %export-magic)
421 (&message (message "corrupt file set archive"))
423 (port port*) (file #f) (token #f))))))
425 (let ((file (read-store-path port))
426 (refs (read-store-path-list port))
427 (deriver (read-string port))
429 (has-sig? (= 1 (read-int port))))
431 (_ "importing file or directory '~a'...~%")
434 (let ((sig (and has-sig? (read-string port))))
435 (when verify-signature?
438 (assert-valid-signature sig hash file)
440 (_ "found valid signature for '~a'~%")
442 (finalize-store-file temp file
447 (&message (message "imported file lacks \
449 (&nar-signature-error
450 (port port*) (file file) (signature #f))))))
453 (define* (restore-file-set port
454 #:key (verify-signature? #t) (lock? #t)
455 (log-port (current-error-port)))
456 "Restore the file set read from PORT to the store. The format of the data
457 on PORT must be as created by 'export-paths'---i.e., a series of Nar-formatted
458 archives with interspersed meta-data joining them together, possibly with a
459 digital signature at the end. Log progress to LOG-PORT. Return the list of
462 When LOCK? is #f, assume locks for the files to be restored are already held.
463 This is the case when the daemon calls a build hook.
465 Note that this procedure accesses the store directly, so it's only meant to be
466 used by the daemon's build hooks since they cannot call back to the daemon
467 while the locks are held."
471 (let loop ((n (read-long-long port))
478 (restore-one-item port
479 #:acl acl #:verify-signature? verify-signature?
480 #:lock? lock? #:log-port log-port)))
481 (loop (read-long-long port)
486 (&message (message "invalid inter-file archive mark"))
488 (port port) (file #f) (token #f))))))))
491 ;;; eval: (put 'with-temporary-store-file 'scheme-indent-function 1)
494 ;;; nar.scm ends here