GNU bug report logs -
#30948
[PATCH core-updates] guix: Reap finished child processes in build containers.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 30948 in the body.
You can then email your comments to 30948 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#30948; Package
guix-patches.
(Mon, 26 Mar 2018 11:17:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Carlo Zancanaro <carlo <at> zancanaro.id.au>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 26 Mar 2018 11:17:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
When working on the Shepherd, I found that in the build containers
processes don't get reaped by pid 1. See
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30637#29. This
caused (and will cause) the Shepherd's tests to fail on some
systems.
Our guile-builder script should handle SIGCHLD and then use
waitpid to reap the child processes. Here's my attempt at a patch
to do that.
I haven't been able to build anything with it because the computer
I'm currently on is laughably slow. If someone else can check that
you can still build with it I'd really appreciate it.
[0001-guix-Reap-finished-child-processes-in-build-containe.patch (text/x-patch, inline)]
From 7c66818570a139fc4e7b11de34d07c76ebdc6bac Mon Sep 17 00:00:00 2001
From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
Date: Mon, 26 Mar 2018 22:08:26 +1100
Subject: [PATCH] guix: Reap finished child processes in build containers.
* guix/derivations (build-expression->derivation)[prologue]: Handle SIGCHLD
and reap child processes when they finish.
---
guix/derivations.scm | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/guix/derivations.scm b/guix/derivations.scm
index da686e89e..80787e99e 100644
--- a/guix/derivations.scm
+++ b/guix/derivations.scm
@@ -1180,6 +1180,17 @@ ALLOWED-REFERENCES, DISALLOWED-REFERENCES, LOCAL-BUILD?, and SUBSTITUTABLE?."
(filter module-form? exp))
(_ `(,exp)))
+ ;; The root process in the build container should reap
+ ;; processes that die, so handle SIGCHLD.
+ (sigaction SIGCHLD
+ (lambda ()
+ (let loop ()
+ (match (waitpid WAIT_ANY WNOHANG)
+ ((0 . _) #f)
+ ((pid . _) (loop))
+ (_ #f))))
+ SA_NOCLDSTOP)
+
(define %output (getenv "out"))
(define %outputs
(map (lambda (o)
--
2.16.2
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30948; Package
guix-patches.
(Mon, 26 Mar 2018 23:40:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 30948 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Okay, it turns out my previous patch was very wrong. I tried to
start a build and it broke pretty significantly.
I've attached a new patch that at least starts building. My
computer takes too long to actually build anything, but I'm
slightly more confident that my change won't break everything.
[0001-guix-Reap-finished-child-processes-in-build-containe.patch (text/x-patch, inline)]
From c57b2fe19865afc21fd1fd9a7cad3286b05a9b22 Mon Sep 17 00:00:00 2001
From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
Date: Mon, 26 Mar 2018 22:08:26 +1100
Subject: [PATCH] guix: Reap finished child processes in build containers.
* guix/derivations (build-expression->derivation)[prologue]: Handle SIGCHLD
and reap child processes when they finish.
---
guix/derivations.scm | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/guix/derivations.scm b/guix/derivations.scm
index da686e89e..27ab3e420 100644
--- a/guix/derivations.scm
+++ b/guix/derivations.scm
@@ -1201,6 +1201,21 @@ ALLOWED-REFERENCES, DISALLOWED-REFERENCES, LOCAL-BUILD?, and SUBSTITUTABLE?."
(else drv))))))
inputs))
+ ;; The root process in the build container should reap
+ ;; processes that die, so handle SIGCHLD.
+ (use-modules (ice-9 match))
+ (sigaction SIGCHLD
+ (lambda _
+ (let loop ()
+ (match (catch 'system-error
+ (lambda ()
+ (waitpid WAIT_ANY WNOHANG))
+ (lambda args
+ '(0 . -)))
+ ((0 . _) #f)
+ ((pid . _) (loop)))))
+ SA_NOCLDSTOP)
+
,@(if (null? modules)
'()
;; Remove our own settings.
--
2.16.2
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30948; Package
guix-patches.
(Thu, 29 Mar 2018 20:08:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 30948 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Carlo,
Carlo Zancanaro <carlo <at> zancanaro.id.au> skribis:
> When working on the Shepherd, I found that in the build containers
> processes don't get reaped by pid 1. See
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30637#29. This caused
> (and will cause) the Shepherd's tests to fail on some systems.
>
> Our guile-builder script should handle SIGCHLD and then use waitpid to
> reap the child processes. Here's my attempt at a patch to do that.
I would rather install the handler as a phase in gnu-build-system: this
leaves ‘build-expression->derivation’ generic, and also gives us more
flexibility (e.g., we can disable that phase without doing a full
rebuild if needed.) See the patch below.
WDYT?
On my first attempt with:
./pre-inst-env guix build -e '(@@ (gnu packages commencement) findutils-boot0)'
quickly failed:
--8<---------------cut here---------------start------------->8---
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... Backtrace:
In ice-9/boot-9.scm:
yes
checking for working vfork... (cached) yes
checking for strcasecmp... 157: 13 [catch #t #<catch-closure c900a0> ...]
In unknown file:
?: 12 [apply-smob/1 #<catch-closure c900a0>]
In ice-9/boot-9.scm:
63: 11 [call-with-prompt prompt0 ...]
In ice-9/eval.scm:
432: 10 [eval # #]
In ice-9/boot-9.scm:
2320: 9 [save-module-excursion #<procedure cc1b80 at ice-9/boot-9.scm:3961:3 ()>]
3966: 8 [#<procedure cc1b80 at ice-9/boot-9.scm:3961:3 ()>]
1645: 7 [%start-stack load-stack #<procedure cbd2c0 at ice-9/boot-9.scm:3957:10 ()>]
1650: 6 [#<procedure cc3060 ()>]
In unknown file:
?: 5 [primitive-load "/gnu/store/pz3jy89ax5jg0j6fnp5n42x4vznga8s3-make-boot0-4.2.1-guile-builder"]
In ice-9/eval.scm:
387: 4 [eval # ()]
In srfi/srfi-1.scm:
619: 3 [for-each #<procedure 1217560 at /gnu/store/hf8xflikhgsd4hfy9h8s0cjzfqm8f3yb-module-import/guix/build/gnu-build-system.scm:815:12 (expr)> ...]
In /gnu/store/hf8xflikhgsd4hfy9h8s0cjzfqm8f3yb-module-import/guix/build/gnu-build-system.scm:
819: 2 [#<procedure 1217560 at /gnu/store/hf8xflikhgsd4hfy9h8s0cjzfqm8f3yb-module-import/guix/build/gnu-build-system.scm:815:12 (expr)> #]
In /gnu/store/hf8xflikhgsd4hfy9h8s0cjzfqm8f3yb-module-import/guix/build/utils.scm:
614: 1 [invoke "/gnu/store/g34swjqyw205d15pyra39j56qvyxq9w9-bootstrap-binaries-0/bin/bash" ...]
In unknown file:
?: 0 [system* "/gnu/store/g34swjqyw205d15pyra39j56qvyxq9w9-bootstrap-binaries-0/bin/bash" ...]
ERROR: In procedure system*:
ERROR: In procedure system*: Interrupted system call
builder for `/gnu/store/hc96d5dcshbdgavpp0j01qnsjf0yf9z5-make-boot0-4.2.1.drv' failed with exit code 1
--8<---------------cut here---------------end--------------->8---
This is why ‘install-SIGCHLD-handler’ in the patch does nothing on Guile
<= 2.0.9.
Now, we’d need to test it for real with Guile 2.2. I suppose one way to
test without rebuilding it all would be to add this phase explicitly in
a package and try building it with --rounds=10 or something. Would you
like to try that?
Note that we have only a couple of days left before the ‘core-updates’
freeze.
Thanks,
Ludo’.
[Message part 2 (text/x-patch, inline)]
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index be5ad78b9..2c6cb4ad2 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -51,6 +51,28 @@
(define time-monotonic time-tai))
(else #t))
+(define* (install-SIGCHLD-handler #:rest _)
+ "Handle SIGCHLD signals. Since this code is usually running as PID 1 in the
+build daemon, it has to reap dead processes, hence this procedure."
+ ;; In Guile <= 2.0.9, syscalls could throw EINTR. With these versions,
+ ;; installing a SIGCHLD handler is not safe because we could have uncaught
+ ;; 'system-error' exceptions at any time.
+ (when (or (not (string=? (effective-version) "2.0"))
+ (> (string->number (micro-version)) 9))
+ (format #t "installing SIGCHLD handler in PID ~a\n" (getpid))
+ (sigaction SIGCHLD
+ (lambda _
+ (let loop ()
+ (match (catch 'system-error
+ (lambda ()
+ (waitpid WAIT_ANY WNOHANG))
+ (lambda args
+ '(0 . -)))
+ ((0 . _) #f)
+ ((pid . _) (loop)))))
+ SA_NOCLDSTOP))
+ #t)
+
(define* (set-SOURCE-DATE-EPOCH #:rest _)
"Set the 'SOURCE_DATE_EPOCH' environment variable. This is used by tools
that incorporate timestamps as a way to tell them to use a fixed timestamp.
@@ -758,7 +780,8 @@ which cannot be found~%"
;; Standard build phases, as a list of symbol/procedure pairs.
(let-syntax ((phases (syntax-rules ()
((_ p ...) `((p . ,p) ...)))))
- (phases set-SOURCE-DATE-EPOCH set-paths install-locale unpack
+ (phases install-SIGCHLD-handler
+ set-SOURCE-DATE-EPOCH set-paths install-locale unpack
bootstrap
patch-usr-bin-file
patch-source-shebangs configure patch-generated-file-shebangs
Information forwarded
to
guix-patches <at> gnu.org:
bug#30948; Package
guix-patches.
(Thu, 29 Mar 2018 21:17:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 30948 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hey Ludo,
On Thu, Mar 29 2018, Ludovic Courtès wrote:
> I would rather install the handler as a phase in
> gnu-build-system: this leaves ‘build-expression->derivation’
> generic, and also gives us more flexibility (e.g., we can
> disable that phase without doing a full rebuild if needed.) See
> the patch below.
>
> WDYT?
What do you mean by "generic"? From what I can understand it's one
of pid 1's responsiblities to reap child processes, so I would
expect this to be set up for every builder, before the builder is
run. Given it's not specific to the gnu-build-system, I don't
think it really fits there.
> On my first attempt with:
>
> ./pre-inst-env guix build -e '(@@ (gnu packages commencement)
> findutils-boot0)'
>
> quickly failed:
>
> ...
>
> This is why ‘install-SIGCHLD-handler’ in the patch does nothing
> on Guile <= 2.0.9.
From what I understand, Guix depends on Guile 2.0.13 or later, so
I didn't think it needed to work with 2.0.9. From my quick check,
though, our bootstrap binaries are Guile 2.0.9? I can see how that
might cause a problem. In what sense does Guix require 2.0.13 (as
the manual claims) rather than 2.0.9?
> Now, we’d need to test it for real with Guile 2.2. I suppose
> one way to
> test without rebuilding it all would be to add this phase
> explicitly in
> a package and try building it with --rounds=10 or something.
> Would you
> like to try that?
Yeah, I'll give it a go.
Carlo
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30948; Package
guix-patches.
(Fri, 30 Mar 2018 08:17:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Heya,
Carlo Zancanaro <carlo <at> zancanaro.id.au> skribis:
> On Thu, Mar 29 2018, Ludovic Courtès wrote:
>> I would rather install the handler as a phase in gnu-build-system:
>> this leaves ‘build-expression->derivation’ generic, and also gives
>> us more flexibility (e.g., we can disable that phase without doing a
>> full rebuild if needed.) See the patch below.
>>
>> WDYT?
>
> What do you mean by "generic"?
I want as little magic as possible around the expression that’s passed
to ‘build-expression->derivation’.
> From what I can understand it's one of pid 1's responsiblities to reap
> child processes, so I would expect this to be set up for every
> builder, before the builder is run.
True, but for derivations it’s also “optional” because eventually
guix-daemon terminates all its child processes.
> Given it's not specific to the gnu-build-system, I don't think it
> really fits there.
Yes, but note that it would be inherited by all the build systems.
>> On my first attempt with:
>>
>> ./pre-inst-env guix build -e '(@@ (gnu packages commencement)
>> findutils-boot0)'
>>
>> quickly failed:
>>
>> ...
>>
>> This is why ‘install-SIGCHLD-handler’ in the patch does nothing on
>> Guile <= 2.0.9.
>
> From what I understand, Guix depends on Guile 2.0.13 or later, so I
> didn't think it needed to work with 2.0.9. From my quick check,
> though, our bootstrap binaries are Guile 2.0.9?
Exactly.
> I can see how that might cause a problem. In what sense does Guix
> require 2.0.13 (as the manual claims) rather than 2.0.9?
There’s the “host side” (the ‘guix’ commands and related modules), and
there’s the “build side” (code used in the build environment when
building derivations.)
The “build side” is fully specified: ‘guix graph’ shows exactly what
Guile is used where, and you can see with, say:
guix graph -t derivation \
-e '(@@ (gnu packages commencement) findutils-boot0)'
that the early derivations run on Guile 2.0.9.
For “host side” code, users can use any Guile >= 2.0.13.
See also
<https://gnu.org/software/guix/manual/html_node/G_002dExpressions.html>.
I hope this clarifies a bit!
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#30948; Package
guix-patches.
(Fri, 30 Mar 2018 11:18:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 30948 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hey,
On Fri, Mar 30 2018, Ludovic Courtès wrote:
>> From what I can understand it's one of pid 1's responsiblities
>> to reap child processes, so I would expect this to be set up
>> for every builder, before the builder is run.
>
> True, but for derivations it’s also “optional” because
> eventually guix-daemon terminates all its child processes.
As long as the build process doesn't rely on behaviour that,
strictly speaking, it should be allowed to rely on. It's not an
issue of resource leaking, it's an issue of correctness.
>> Given it's not specific to the gnu-build-system, I don't think
>> it really fits there.
>
> Yes, but note that it would be inherited by all the build
> systems.
Except for trivial-build-system, which is probably fine. I still
don't think it fits in a specific build system, given it's a
behaviour that transcends the specific action happening within the
container.
Putting it in gnu-build-system will solve the problem in all
realistic cases, so that's probably fine. It's still subtly
incorrect, but will only be a problem if something using the
trivial build system relies on pid 1 to reap a process, or if we
make a new build system not deriving from gnu-build-system (which
seems unlikely, but not impossible).
> The “build side” is fully specified: ‘guix graph’ shows exactly
> what Guile is used where, and you can see with, say:
>
> guix graph -t derivation \
> -e '(@@ (gnu packages commencement) findutils-boot0)'
>
> that the early derivations run on Guile 2.0.9.
>
> For “host side” code, users can use any Guile >= 2.0.13.
Yeah, okay. That makes sense. I guess I just expected 2.0.13 to be
the minimum version throughout.
Carlo
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#30948; Package
guix-patches.
(Fri, 30 Mar 2018 15:18:01 GMT)
Full text and
rfc822 format available.
Message #23 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hello,
Carlo Zancanaro <carlo <at> zancanaro.id.au> skribis:
> On Fri, Mar 30 2018, Ludovic Courtès wrote:
>>> From what I can understand it's one of pid 1's responsiblities to
>>> reap child processes, so I would expect this to be set up for every
>>> builder, before the builder is run.
>>
>> True, but for derivations it’s also “optional” because eventually
>> guix-daemon terminates all its child processes.
>
> As long as the build process doesn't rely on behaviour that, strictly
> speaking, it should be allowed to rely on. It's not an issue of
> resource leaking, it's an issue of correctness.
Right.
>>> Given it's not specific to the gnu-build-system, I don't think it
>>> really fits there.
>>
>> Yes, but note that it would be inherited by all the build systems.
>
> Except for trivial-build-system, which is probably fine. I still don't
> think it fits in a specific build system, given it's a behaviour that
> transcends the specific action happening within the container.
>
> Putting it in gnu-build-system will solve the problem in all realistic
> cases, so that's probably fine. It's still subtly incorrect, but will
> only be a problem if something using the trivial build system relies
> on pid 1 to reap a process, or if we make a new build system not
> deriving from gnu-build-system (which seems unlikely, but not
> impossible).
I agree, every Guile process running as PID 1 should reap processes.
My view is just that this mechanism belongs in “user code”, not in the
low-level mechanisms such as ‘build-expression->derivation’ and
‘gexp->derivation’. It’s a matter of separation of concerns.
Of course we don’t want to duplicate that code every time, but the way
we should factorize it, IMO, is by putting it in a “normal” module that
people will use.
Putting it in gnu-build-system is an admittedly hacky but easy way to
have it widely shared.
Thanks,
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#30948; Package
guix-patches.
(Thu, 24 Nov 2022 16:41:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 30948 <at> debbugs.gnu.org (full text, mbox):
reassign 30948 guix
thanks
--
Hi,
I'm moving this from 'guix-patches' to 'guix', so that it's more
discoverable as a *bug*. It still bites us every now and then (grep the
Guix source code for usages of tini to find some occurrences).
Thanks,
Maxim
bug reassigned from package 'guix-patches' to 'guix'.
Request was from
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
to
control <at> debbugs.gnu.org.
(Thu, 24 Nov 2022 16:41:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Thu, 24 Nov 2022 16:45:02 GMT)
Full text and
rfc822 format available.
Message #31 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hi,
ludo <at> gnu.org (Ludovic Courtès) writes:
> Hello,
>
> Carlo Zancanaro <carlo <at> zancanaro.id.au> skribis:
>
>> On Fri, Mar 30 2018, Ludovic Courtès wrote:
>>>> From what I can understand it's one of pid 1's responsiblities to
>>>> reap child processes, so I would expect this to be set up for every
>>>> builder, before the builder is run.
>>>
>>> True, but for derivations it’s also “optional” because eventually
>>> guix-daemon terminates all its child processes.
>>
>> As long as the build process doesn't rely on behaviour that, strictly
>> speaking, it should be allowed to rely on. It's not an issue of
>> resource leaking, it's an issue of correctness.
>
> Right.
>
>>>> Given it's not specific to the gnu-build-system, I don't think it
>>>> really fits there.
For what it's worth, I agree. The evaluation container should have the
correct signal handling configured for *any* code about to be evaluated,
not just when on demand, if we want to fix this fully in a way that
won't come back to haunt us in some edge case.
>>> Yes, but note that it would be inherited by all the build systems.
>>
>> Except for trivial-build-system, which is probably fine. I still don't
>> think it fits in a specific build system, given it's a behaviour that
>> transcends the specific action happening within the container.
>>
>> Putting it in gnu-build-system will solve the problem in all realistic
>> cases, so that's probably fine. It's still subtly incorrect, but will
>> only be a problem if something using the trivial build system relies
>> on pid 1 to reap a process, or if we make a new build system not
>> deriving from gnu-build-system (which seems unlikely, but not
>> impossible).
>
> I agree, every Guile process running as PID 1 should reap processes.
Agreed too.
> My view is just that this mechanism belongs in “user code”, not in the
> low-level mechanisms such as ‘build-expression->derivation’ and
> ‘gexp->derivation’. It’s a matter of separation of concerns.
Why? On my Guix System, such signal handling is handled by Shepherd, if
I'm not mistaken. As I user, I can trust the foundation to be sane,
rather than having to provide the bits to make it so myself.
> Of course we don’t want to duplicate that code every time, but the way
> we should factorize it, IMO, is by putting it in a “normal” module that
> people will use.
>
> Putting it in gnu-build-system is an admittedly hacky but easy way to
> have it widely shared.
I think we can do better than hacky here :-)
--
Thanks,
Maxim
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Sat, 26 Nov 2022 15:12:02 GMT)
Full text and
rfc822 format available.
Message #34 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hi,
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
>> My view is just that this mechanism belongs in “user code”, not in the
>> low-level mechanisms such as ‘build-expression->derivation’ and
>> ‘gexp->derivation’. It’s a matter of separation of concerns.
>
> Why? On my Guix System, such signal handling is handled by Shepherd, if
> I'm not mistaken. As I user, I can trust the foundation to be sane,
> rather than having to provide the bits to make it so myself.
>
>> Of course we don’t want to duplicate that code every time, but the way
>> we should factorize it, IMO, is by putting it in a “normal” module that
>> people will use.
>>
>> Putting it in gnu-build-system is an admittedly hacky but easy way to
>> have it widely shared.
>
> I think we can do better than hacky here :-)
I think the real issue here is semantic clarity when it comes to
derivation inputs.
If I write:
(gexp->derivation "foo" #~(mkdir #$output))
I can be sure that my derivation depends on nothing but (default-guile).
This is important for tests, but also to make sure we can use this
primitive everywhere—if it pulled in the Shepherd, I wouldn’t be able to
use to build glibc, because there’d be a cycle.
In that sense, having child-reaping code in gnu-build-system.scm, just
like in (guix least-authority), doesn’t seem unreasonable to me.
That said, I’m open to other proposals so please unleash your
creativity! :-)
We’re touching core components though so this will require discussion.
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Sun, 27 Nov 2022 03:01:02 GMT)
Full text and
rfc822 format available.
Message #37 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hi,
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hi,
>
> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
>
>>> My view is just that this mechanism belongs in “user code”, not in the
>>> low-level mechanisms such as ‘build-expression->derivation’ and
>>> ‘gexp->derivation’. It’s a matter of separation of concerns.
>>
>> Why? On my Guix System, such signal handling is handled by Shepherd, if
>> I'm not mistaken. As I user, I can trust the foundation to be sane,
>> rather than having to provide the bits to make it so myself.
>>
>>> Of course we don’t want to duplicate that code every time, but the way
>>> we should factorize it, IMO, is by putting it in a “normal” module that
>>> people will use.
>>>
>>> Putting it in gnu-build-system is an admittedly hacky but easy way to
>>> have it widely shared.
>>
>> I think we can do better than hacky here :-)
>
> I think the real issue here is semantic clarity when it comes to
> derivation inputs.
>
> If I write:
>
> (gexp->derivation "foo" #~(mkdir #$output))
>
> I can be sure that my derivation depends on nothing but (default-guile).
> This is important for tests, but also to make sure we can use this
> primitive everywhere—if it pulled in the Shepherd, I wouldn’t be able to
> use to build glibc, because there’d be a cycle.
I was not suggesting to pull in extra dependencies such as Shepherd, but
to weave the to-be-added signal handling logic at a much lower level.
One idea could be to arrange so that the correct signal handlers always
get installed for any Guile code running in the build side (I'm not sure
how, but perhaps by adjusting the gexp "compiler"?).
The handlers could be defined in (guix build signal-handling) or
similar. Users wouldn't need to explicitly import the module and
install its signal handlers, that'd be taken care of automatically, all
the time.
Does that sound feasible?
--
Thanks,
Maxim
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Mon, 28 Nov 2022 15:05:02 GMT)
Full text and
rfc822 format available.
Message #40 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
> Ludovic Courtès <ludo <at> gnu.org> writes:
[...]
>> If I write:
>>
>> (gexp->derivation "foo" #~(mkdir #$output))
>>
>> I can be sure that my derivation depends on nothing but (default-guile).
>> This is important for tests, but also to make sure we can use this
>> primitive everywhere—if it pulled in the Shepherd, I wouldn’t be able to
>> use to build glibc, because there’d be a cycle.
>
> I was not suggesting to pull in extra dependencies such as Shepherd, but
> to weave the to-be-added signal handling logic at a much lower level.
> One idea could be to arrange so that the correct signal handlers always
> get installed for any Guile code running in the build side (I'm not sure
> how, but perhaps by adjusting the gexp "compiler"?).
>
> The handlers could be defined in (guix build signal-handling) or
> similar. Users wouldn't need to explicitly import the module and
> install its signal handlers, that'd be taken care of automatically, all
> the time.
>
> Does that sound feasible?
Not like this: the imported-modules derivation for (guix build
signal-handling) would be a dependency in themselves.
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Mon, 28 Nov 2022 20:11:02 GMT)
Full text and
rfc822 format available.
Message #43 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hi,
Ludovic Courtès <ludo <at> gnu.org> writes:
> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
>
>> Ludovic Courtès <ludo <at> gnu.org> writes:
>
> [...]
>
>>> If I write:
>>>
>>> (gexp->derivation "foo" #~(mkdir #$output))
>>>
>>> I can be sure that my derivation depends on nothing but (default-guile).
>>> This is important for tests, but also to make sure we can use this
>>> primitive everywhere—if it pulled in the Shepherd, I wouldn’t be able to
>>> use to build glibc, because there’d be a cycle.
>>
>> I was not suggesting to pull in extra dependencies such as Shepherd, but
>> to weave the to-be-added signal handling logic at a much lower level.
>> One idea could be to arrange so that the correct signal handlers always
>> get installed for any Guile code running in the build side (I'm not sure
>> how, but perhaps by adjusting the gexp "compiler"?).
>>
>> The handlers could be defined in (guix build signal-handling) or
>> similar. Users wouldn't need to explicitly import the module and
>> install its signal handlers, that'd be taken care of automatically, all
>> the time.
>>
>> Does that sound feasible?
>
> Not like this: the imported-modules derivation for (guix build
> signal-handling) would be a dependency in themselves.
Can we make it an implicit dependency, since we want it to *always* be
used?
It'd be useless/annoying boilerplate otherwise.
--
Thanks,
Maxim
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Tue, 29 Nov 2022 02:08:02 GMT)
Full text and
rfc822 format available.
Message #46 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hi,
Ludovic Courtès <ludo <at> gnu.org> writes:
> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
>
>> Ludovic Courtès <ludo <at> gnu.org> writes:
>
> [...]
>
>>> If I write:
>>>
>>> (gexp->derivation "foo" #~(mkdir #$output))
>>>
>>> I can be sure that my derivation depends on nothing but (default-guile).
>>> This is important for tests, but also to make sure we can use this
>>> primitive everywhere—if it pulled in the Shepherd, I wouldn’t be able to
>>> use to build glibc, because there’d be a cycle.
>>
>> I was not suggesting to pull in extra dependencies such as Shepherd, but
>> to weave the to-be-added signal handling logic at a much lower level.
>> One idea could be to arrange so that the correct signal handlers always
>> get installed for any Guile code running in the build side (I'm not sure
>> how, but perhaps by adjusting the gexp "compiler"?).
>>
>> The handlers could be defined in (guix build signal-handling) or
>> similar. Users wouldn't need to explicitly import the module and
>> install its signal handlers, that'd be taken care of automatically, all
>> the time.
>>
>> Does that sound feasible?
>
> Not like this: the imported-modules derivation for (guix build
> signal-handling) would be a dependency in themselves.
I see a couple of options for the lowest place to inject the minimal
signal handling of a PID.
1. In Guile itself. We could make it detect when it's running as PID 1
and then set up the required signal handling. This is apparently what
Bash does, a peculiarity exploited by NixOS (they launch their builder
scripts via Bash, which is PID 1 and takes care of reaping the dead
processes)
2. In a Guile wrapper. Instead of running Guile directly in the
container, guix-daemon would run it through a wrapper that acts as PID 1.
This would make it a tool comparable to dumb-init [0] or tini [1],
except written in Scheme.
[0] https://github.com/Yelp/dumb-init/
[1] https://github.com/krallin/tini
If we implement 1, it'd make Guile potentially useful as a wrapper
itself to launch scripts in containerized environment (the same as
tini), and it alleviates any integration overhead for us, so I find it
attractive.
What do you think?
For further reading, see [2], which I found interesting.
[2] https://medium.com/hackernoon/my-process-became-pid-1-and-now-signals-behave-strangely-b05c52cc551c
--
Thanks,
Maxim
Information forwarded
to
maxim.cournoyer <at> gmail.com, carlo <at> zancanaro.id.au, bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Sun, 17 Dec 2023 20:25:01 GMT)
Full text and
rfc822 format available.
Message #49 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Fixes <https://issues.guix.gnu.org/30948>.
* guix/build/gnu-build-system.scm (separate-from-pid1): New procedure.
(%standard-phases): Add it.
* guix/build-system/gnu.scm (gnu-build): Add #:separate-from-pid1? and
honor it.
(gnu-cross-build): Likewise.
Reported-by: Carlo Zancanaro <carlo <at> zancanaro.id.au>
Change-Id: I6f3bc8d8186d1a571f983a38d5e3fd178ffa2678
---
guix/build-system/gnu.scm | 4 ++++
guix/build/gnu-build-system.scm | 39 ++++++++++++++++++++++++++++++++-
2 files changed, 42 insertions(+), 1 deletion(-)
Hi!
This is a second attempt I’m currently testing as part of an
initially unrelated ‘core-updates’ series:
https://issues.guix.gnu.org/67824
The principle is simple: if the build process runs as PID 1, fork
so that PID 1 does nothing but call ‘waitpid’ in a loop while the
actual build process runs as PID 2.
This is simple and robust. The code is written in a defensive way
as an extra phase that can be disabled.
Thoughts?
Ludo’.
diff --git a/guix/build-system/gnu.scm b/guix/build-system/gnu.scm
index 0f886fe21d..6a89bcc0d8 100644
--- a/guix/build-system/gnu.scm
+++ b/guix/build-system/gnu.scm
@@ -362,6 +362,7 @@ (define* (gnu-build name inputs
(license-file-regexp %license-file-regexp)
(phases '%standard-phases)
(locale "C.UTF-8")
+ (separate-from-pid1? #t)
(system (%current-system))
(build (nix-system->gnu-triplet system))
(imported-modules %default-gnu-imported-modules)
@@ -404,6 +405,7 @@ (define* (gnu-build name inputs
(sexp->gexp phases)
phases)
#:locale #$locale
+ #:separate-from-pid1? #$separate-from-pid1?
#:bootstrap-scripts #$bootstrap-scripts
#:configure-flags #$(if (pair? configure-flags)
(sexp->gexp configure-flags)
@@ -502,6 +504,7 @@ (define* (gnu-cross-build name
(license-file-regexp %license-file-regexp)
(phases '%standard-phases)
(locale "C.UTF-8")
+ (separate-from-pid1? #t)
(system (%current-system))
(build (nix-system->gnu-triplet system))
(imported-modules %default-gnu-imported-modules)
@@ -547,6 +550,7 @@ (define* (gnu-cross-build name
(sexp->gexp phases)
phases)
#:locale #$locale
+ #:separate-from-pid1? #$separate-from-pid1?
#:bootstrap-scripts #$bootstrap-scripts
#:configure-flags #$configure-flags
#:make-flags #$make-flags
diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm
index 39707e7ace..51b8f9acbf 100644
--- a/guix/build/gnu-build-system.scm
+++ b/guix/build/gnu-build-system.scm
@@ -72,6 +72,42 @@ (define (first-subdirectory directory)
((first . _) first)
(_ #f)))
+(define* (separate-from-pid1 #:key (separate-from-pid1? #t)
+ #:allow-other-keys)
+ "When running as PID 1 and SEPARATE-FROM-PID1? is true, run build phases as
+a child process; PID 1 then becomes responsible for reaping child processes."
+ (if separate-from-pid1?
+ (if (= 1 (getpid))
+ (dynamic-wind
+ (const #t)
+ (lambda ()
+ (match (primitive-fork)
+ (0 #t)
+ (builder-pid
+ (format (current-error-port)
+ "build process now running as PID ~a~%"
+ builder-pid)
+ (let loop ()
+ ;; Running as PID 1 so take responsibility for reaping
+ ;; child processes.
+ (match (waitpid WAIT_ANY)
+ ((pid . status)
+ (if (= pid builder-pid)
+ (if (zero? status)
+ (primitive-exit 0)
+ (begin
+ (format (current-error-port)
+ "build process ~a exited with status ~a~%"
+ pid status)
+ (primitive-exit 1)))
+ (loop))))))))
+ (const #t))
+ (format (current-error-port) "not running as PID 1 (PID: ~a)~%"
+ (getpid)))
+ (format (current-error-port)
+ "build process running as PID ~a; not forking~%"
+ (getpid))))
+
(define* (set-paths #:key target inputs native-inputs
(search-paths '()) (native-search-paths '())
#:allow-other-keys)
@@ -872,7 +908,8 @@ (define %standard-phases
;; Standard build phases, as a list of symbol/procedure pairs.
(let-syntax ((phases (syntax-rules ()
((_ p ...) `((p . ,p) ...)))))
- (phases set-SOURCE-DATE-EPOCH set-paths install-locale unpack
+ (phases separate-from-pid1
+ set-SOURCE-DATE-EPOCH set-paths install-locale unpack
bootstrap
patch-usr-bin-file
patch-source-shebangs configure patch-generated-file-shebangs
base-commit: 2f3b64b9d967b4eea5cbdb32c859f4e3ac3b1a83
--
2.41.0
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Sun, 17 Dec 2023 21:48:02 GMT)
Full text and
rfc822 format available.
Message #52 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hi Ludovic,
Ludovic Courtès <ludo <at> gnu.org> writes:
> Fixes <https://issues.guix.gnu.org/30948>.
>
> * guix/build/gnu-build-system.scm (separate-from-pid1): New procedure.
> (%standard-phases): Add it.
> * guix/build-system/gnu.scm (gnu-build): Add #:separate-from-pid1? and
> honor it.
> (gnu-cross-build): Likewise.
>
> Reported-by: Carlo Zancanaro <carlo <at> zancanaro.id.au>
> Change-Id: I6f3bc8d8186d1a571f983a38d5e3fd178ffa2678
> ---
> guix/build-system/gnu.scm | 4 ++++
> guix/build/gnu-build-system.scm | 39 ++++++++++++++++++++++++++++++++-
> 2 files changed, 42 insertions(+), 1 deletion(-)
>
> Hi!
>
> This is a second attempt I’m currently testing as part of an
> initially unrelated ‘core-updates’ series:
>
> https://issues.guix.gnu.org/67824
>
> The principle is simple: if the build process runs as PID 1, fork
> so that PID 1 does nothing but call ‘waitpid’ in a loop while the
> actual build process runs as PID 2.
>
> This is simple and robust. The code is written in a defensive way
> as an extra phase that can be disabled.
>
> Thoughts?
I haven't yet looked at the code, but looking at the bigger picture,
wouldn't it be a useful behavior to have for Guile itself? Perhaps not,
as there already exists a Guile init manager (GNU Shepherd), but if it's
something relatively simple/compact to implement, perhaps it could find
its place in Guile itself, just like Bash implements correctly signal
handling when used as a PID 1 (if I'm not mistaken).
--
Thanks,
Maxim
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Mon, 18 Dec 2023 17:48:01 GMT)
Full text and
rfc822 format available.
Message #55 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hey Maxim,
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
> I haven't yet looked at the code, but looking at the bigger picture,
> wouldn't it be a useful behavior to have for Guile itself? Perhaps not,
> as there already exists a Guile init manager (GNU Shepherd), but if it's
> something relatively simple/compact to implement, perhaps it could find
> its place in Guile itself, just like Bash implements correctly signal
> handling when used as a PID 1 (if I'm not mistaken).
Bash is a shell whereas Guile is a programming language, and to me that
makes a big difference: we want to be able to implement init systems in
Guile just like we implement them in C, and that means we need full
control over what to do when running as PID 1. That’s why I wouldn’t do
anything special in Guile itself (nor in libc).
The patch I submitted fixes our immediate problem with build processes,
so I’d like to have it in ‘core-updates’.
Hopeful as I am, I see us merging ‘core-updates’ in the first half of
January. Ambition! :-)
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Tue, 19 Dec 2023 22:57:02 GMT)
Full text and
rfc822 format available.
Message #58 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hello,
Ludovic Courtès <ludo <at> gnu.org> skribis:
> Fixes <https://issues.guix.gnu.org/30948>.
>
> * guix/build/gnu-build-system.scm (separate-from-pid1): New procedure.
> (%standard-phases): Add it.
> * guix/build-system/gnu.scm (gnu-build): Add #:separate-from-pid1? and
> honor it.
> (gnu-cross-build): Likewise.
>
> Reported-by: Carlo Zancanaro <carlo <at> zancanaro.id.au>
> Change-Id: I6f3bc8d8186d1a571f983a38d5e3fd178ffa2678
I pushed this change in ‘core-updates’ as
7ebe4b72727632561ddbf8bb0c58527929682989 (together with other
world-rebuild changes.)
I’m closing this bug but please do re-open if you think the issue needs
further work.
Thanks,
Ludo’.
bug closed, send any further explanations to
30948 <at> debbugs.gnu.org and Carlo Zancanaro <carlo <at> zancanaro.id.au>
Request was from
Ludovic Courtès <ludo <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Tue, 19 Dec 2023 22:57:02 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org:
bug#30948; Package
guix.
(Sat, 30 Dec 2023 03:37:01 GMT)
Full text and
rfc822 format available.
Message #63 received at 30948 <at> debbugs.gnu.org (full text, mbox):
Hi Ludo,
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hey Maxim,
>
> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> skribis:
>
>> I haven't yet looked at the code, but looking at the bigger picture,
>> wouldn't it be a useful behavior to have for Guile itself? Perhaps not,
>> as there already exists a Guile init manager (GNU Shepherd), but if it's
>> something relatively simple/compact to implement, perhaps it could find
>> its place in Guile itself, just like Bash implements correctly signal
>> handling when used as a PID 1 (if I'm not mistaken).
>
> Bash is a shell whereas Guile is a programming language, and to me that
> makes a big difference: we want to be able to implement init systems in
> Guile just like we implement them in C, and that means we need full
> control over what to do when running as PID 1. That’s why I wouldn’t do
> anything special in Guile itself (nor in libc).
That sounds reasonable.
> The patch I submitted fixes our immediate problem with build processes,
> so I’d like to have it in ‘core-updates’.
>
> Hopeful as I am, I see us merging ‘core-updates’ in the first half of
> January. Ambition! :-)
Cool, let's see if we can get it done!
--
Thanks,
Maxim
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 27 Jan 2024 12:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 88 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.