* nix-upstream: Update sub-module.
* daemon.am (libutil_a_SOURCES): Add affinity.cc.
(libutil_headers): Add affinity.hh.
(libexec_PROGRAMS, nix_setuid_helper_SOURCES,
nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): Remove.
* doc/guix.texi (Setting Up the Daemon): Remove paragraph about
'nix-setuid-helper'.
* guix/scripts/substitute-binary.scm (guix-substitute-binary): Exit 0 when
%CACHE-URL has an HTTP scheme and looking up its host fails.
Always print a newline to stdout when starting.
# GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
libutil_a_SOURCES = \
nix/libutil/archive.cc \
+ nix/libutil/affinity.cc \
nix/libutil/serialise.cc \
nix/libutil/util.cc \
nix/libutil/xml-writer.cc \
nix/libutil/gcrypt-hash.cc
libutil_headers = \
+ nix/libutil/affinity.hh \
nix/libutil/hash.hh \
nix/libutil/serialise.hh \
nix/libutil/xml-writer.hh \
$(SQLITE3_LIBS) $(LIBGCRYPT_LIBS)
-libexec_PROGRAMS = nix-setuid-helper
-nix_setuid_helper_SOURCES = \
- nix/nix-setuid-helper/nix-setuid-helper.cc
-
-nix_setuid_helper_CPPFLAGS = \
- $(libutil_a_CPPFLAGS)
-
-nix_setuid_helper_LDADD = \
- libutil.a libformat.a
-
noinst_HEADERS = \
$(libformat_headers) $(libutil_headers) $(libstore_headers) \
$(guix_daemon_headers)
# guix archive --generate-key
@end example
-Guix may also be used in a single-user setup, with @command{guix-daemon}
-running as an unprivileged user. However, to maximize non-interference
-of build processes, the daemon still needs to perform certain operations
-that are restricted to @code{root} on GNU/Linux: it should be able to
-run build processes in a chroot, and to run them under different UIDs.
-To that end, the @command{nix-setuid-helper} program is provided; it is
-a small C program (less than 300 lines) that, if it is made setuid
-@code{root}, can be executed by the daemon to perform these operations
-on its behalf. The @code{root}-owned @file{/etc/nix-setuid.conf} file
-is read by @command{nix-setuid-helper}; it should contain exactly two
-words: the user name under which the authorized @command{guix-daemon}
-runs, and the name of the build users group.
-
-If you are installing Guix as an unprivileged user and do not have the
-ability to make @file{nix-setuid-helper} setuid-@code{root}, it is still
+If you are installing Guix as an unprivileged user, it is still
possible to run @command{guix-daemon}. However, build processes will
not be isolated from one another, and not from the rest of the system.
Thus, build processes may interfere with each other, and may access
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
"Implement the build daemon's substituter protocol."
(mkdir-p %narinfo-cache-directory)
(maybe-remove-expired-cached-narinfo)
+
+ ;; Starting from commit 22144afa in Nix, we are allowed to bail out directly
+ ;; when we know we cannot substitute, but we must emit a newline on stdout
+ ;; when everything is alright.
+ (let ((uri (string->uri %cache-url)))
+ (case (uri-scheme uri)
+ ((http)
+ ;; Exit gracefully if there's no network access.
+ (let ((host (uri-host uri)))
+ (catch 'getaddrinfo-error
+ (lambda ()
+ (getaddrinfo host))
+ (lambda (key error)
+ (warning (_ "failed to look up host '~a' (~a), \
+substituter disabled~%")
+ host (gai-strerror error))
+ (exit 0)))))
+ (else #t)))
+
+ ;; Say hello (see above.)
+ (newline)
+ (force-output (current-output-port))
+
(with-networking
(match args
(("--query")
-Subproject commit 1b6ee8f4c7e74f75e1f49b43cf22be7730b30649
+Subproject commit bf0ad8aabca67b4faabe3a1ac3c57884ae9924f4