bool canSendStderr;
-
+/* This variable is used to keep track of whether a connection
+ comes from a host other than the host running guix-daemon. */
+static bool isRemoteConnection;
/* This function is called anytime we want to write something to
stderr. If we're in a state where the protocol allows it (i.e.,
bool sign = readInt(from) == 1;
startWork();
TunnelSink sink(to);
- store->exportPath(path, sign, sink);
+ try {
+ store->exportPath(path, sign, sink);
+ }
+ catch (Error &e) {
+ /* Flush SINK beforehand or its destructor will rightfully trigger
+ an assertion failure. */
+ sink.flush();
+ throw e;
+ }
sink.flush();
stopWork();
writeInt(1, to);
/* Repairing is not atomic, so disallowed for "untrusted"
clients. */
if (mode == bmRepair && !trusted)
- throw Error("repairing is not supported when building through the Nix daemon");
+ throw Error("repairing is a privileged operation");
}
startWork();
store->buildPaths(drvs, mode);
}
case wopCollectGarbage: {
+ if (isRemoteConnection) {
+ throw Error("Garbage collection is disabled for remote hosts.");
+ break;
+ }
+
GCOptions options;
options.action = (GCOptions::GCAction) readInt(from);
options.pathsToDelete = readStorePaths<PathSet>(from);
case wopSetOptions: {
settings.keepFailed = readInt(from) != 0;
+ if (isRemoteConnection)
+ /* When the client is remote, don't keep the failed build tree as
+ it is presumably inaccessible to the client and could fill up
+ our disk. */
+ settings.keepFailed = 0;
+
settings.keepGoing = readInt(from) != 0;
settings.set("build-fallback", readInt(from) ? "true" : "false");
verbosity = (Verbosity) readInt(from);
if (name == "build-timeout" || name == "build-max-silent-time"
|| name == "build-max-jobs" || name == "build-cores"
|| name == "build-repeat"
- || name == "use-ssh-substituter")
+ || name == "multiplexed-build-output")
settings.set(name, value);
else
settings.set(trusted ? name : "untrusted-" + name, value);
stopWork(false, e.msg(), GET_PROTOCOL_MINOR(clientVersion) >= 8 ? e.status : 0);
if (!errorAllowed) throw;
} catch (std::bad_alloc & e) {
- stopWork(false, "Nix daemon out of memory", GET_PROTOCOL_MINOR(clientVersion) >= 8 ? 1 : 0);
+ stopWork(false, "build daemon out of memory", GET_PROTOCOL_MINOR(clientVersion) >= 8 ? 1 : 0);
throw;
}
connection. Setting these to -1 means: do not change. */
settings.clientUid = clientUid;
settings.clientGid = clientGid;
+ isRemoteConnection = (remoteAddr.ss_family != AF_UNIX);
/* Handle the connection. */
from.fd = remote;
processConnection(trusted);
exit(0);
- }, false, "unexpected Nix daemon error: ", true);
+ }, false, "unexpected build daemon error: ", true);
} catch (Interrupted & e) {
throw;
HCoop / jackhill / guix / guix.git / blobdiff