Package: guix-patches;
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Sat, 22 Mar 2025 18:14:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
To reply to this bug, email your comments to 77189 AT debbugs.gnu.org.
There is no need to reopen the bug first.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
guix-patches <at> gnu.org:bug#77189; Package guix-patches.
(Sat, 22 Mar 2025 18:14:01 GMT) Full text and rfc822 format available.Ludovic Courtès <ludo <at> gnu.org>:guix-patches <at> gnu.org.
(Sat, 22 Mar 2025 18:14:01 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: guix-patches <at> gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 0/3] Socket activation for guix-daemon Date: Sat, 22 Mar 2025 19:13:29 +0100
Hello Guix, This is a small refactor and improvement that will make it easier to implement support for unprivileged guix-daemon¹ in Guix System. Thoughts? Ludo’. ¹ https://issues.guix.gnu.org/75810 Ludovic Courtès (3): services: guix: Factorize ‘guix-daemon’ arguments. services: guix: Streamline the default ‘start’ case. services: guix: Socket-activate ‘guix-daemon’. gnu/services/base.scm | 174 ++++++++++++++++++++++-------------------- 1 file changed, 90 insertions(+), 84 deletions(-) base-commit: efac1498c15198afc4f9a2bc700408bde1b3b3ed -- 2.48.1
guix-patches <at> gnu.org:bug#77189; Package guix-patches.
(Sat, 22 Mar 2025 18:24:02 GMT) Full text and rfc822 format available.guix-patches <at> gnu.org:bug#77189; Package guix-patches.
(Sat, 22 Mar 2025 18:25:01 GMT) Full text and rfc822 format available.Message #11 received at 77189 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 77189 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 1/3] services: guix: Factorize ‘guix-daemon’ arguments. Date: Sat, 22 Mar 2025 19:23:34 +0100
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method,
move ‘fork+exec-command/container’ arguments to the new variables
‘daemon-command’ and ‘environment-variables’.
Change-Id: Ic04a1006849697e4e185ad94185bbdec8a91a05a
---
gnu/services/base.scm | 115 ++++++++++++++++++++++--------------------
1 file changed, 59 insertions(+), 56 deletions(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 0d2bb31190..6793822666 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2061,6 +2061,63 @@ (define (guix-shepherd-service config)
(define discover?
(or (getenv "discover") #$discover?))
+ (define daemon-command
+ (cons* #$(file-append guix "/bin/guix-daemon")
+ "--build-users-group" #$build-group
+ "--max-silent-time"
+ #$(number->string max-silent-time)
+ "--timeout" #$(number->string timeout)
+ "--log-compression"
+ #$(symbol->string log-compression)
+ #$@(if use-substitutes?
+ '()
+ '("--no-substitutes"))
+ (string-append "--discover="
+ (if discover? "yes" "no"))
+ "--substitute-urls" #$(string-join substitute-urls)
+ #$@extra-options
+
+ #$@(if chroot?
+ '()
+ '("--disable-chroot"))
+ ;; Add CHROOT-DIRECTORIES and all their dependencies
+ ;; (if these are store items) to the chroot.
+ (append-map
+ (lambda (file)
+ (append-map (lambda (directory)
+ (list "--chroot-directory"
+ directory))
+ (call-with-input-file file
+ read)))
+ '#$(map references-file
+ chroot-directories))))
+
+ (define environment-variables
+ (append (list #$@(if tmpdir
+ (list (string-append "TMPDIR=" tmpdir))
+ '())
+
+ ;; Make sure we run in a UTF-8 locale so that
+ ;; 'guix offload' correctly restores nars
+ ;; that contain UTF-8 file names such as
+ ;; 'nss-certs'. See
+ ;; <https://bugs.gnu.org/32942>.
+ (string-append "GUIX_LOCPATH="
+ #$locales "/lib/locale")
+ "LC_ALL=en_US.utf8"
+ ;; Make 'tar' and 'gzip' available so
+ ;; that 'guix perform-download' can use
+ ;; them when downloading from Software
+ ;; Heritage via '(guix swh)'.
+ (string-append "PATH="
+ #$(file-append tar "/bin") ":"
+ #$(file-append gzip "/bin")))
+ (if proxy
+ (list (string-append "http_proxy=" proxy)
+ (string-append "https_proxy=" proxy))
+ '())
+ '#$environment))
+
(mkdir-p "/var/guix")
;; Ensure that a fresh directory is used, in case the old
;; one was more permissive and processes have a file
@@ -2084,35 +2141,7 @@ (define (guix-shepherd-service config)
;; to solve an installation issue. See the comment below for
;; more details.
(fork+exec-command/container
- (cons* #$(file-append guix "/bin/guix-daemon")
- "--build-users-group" #$build-group
- "--max-silent-time"
- #$(number->string max-silent-time)
- "--timeout" #$(number->string timeout)
- "--log-compression"
- #$(symbol->string log-compression)
- #$@(if use-substitutes?
- '()
- '("--no-substitutes"))
- (string-append "--discover="
- (if discover? "yes" "no"))
- "--substitute-urls" #$(string-join substitute-urls)
- #$@extra-options
-
- #$@(if chroot?
- '()
- '("--disable-chroot"))
- ;; Add CHROOT-DIRECTORIES and all their dependencies
- ;; (if these are store items) to the chroot.
- (append-map
- (lambda (file)
- (append-map (lambda (directory)
- (list "--chroot-directory"
- directory))
- (call-with-input-file file
- read)))
- '#$(map references-file
- chroot-directories)))
+ daemon-command
;; When running the installer, we need guix-daemon to
;; operate from within the same MNT namespace as the
@@ -2123,33 +2152,7 @@ (define (guix-shepherd-service config)
#:pid (match args
((pid) (string->number pid))
(else (getpid)))
-
- #:environment-variables
- (append (list #$@(if tmpdir
- (list (string-append "TMPDIR=" tmpdir))
- '())
-
- ;; Make sure we run in a UTF-8 locale so that
- ;; 'guix offload' correctly restores nars
- ;; that contain UTF-8 file names such as
- ;; 'nss-certs'. See
- ;; <https://bugs.gnu.org/32942>.
- (string-append "GUIX_LOCPATH="
- #$locales "/lib/locale")
- "LC_ALL=en_US.utf8"
- ;; Make 'tar' and 'gzip' available so
- ;; that 'guix perform-download' can use
- ;; them when downloading from Software
- ;; Heritage via '(guix swh)'.
- (string-append "PATH="
- #$(file-append tar "/bin") ":"
- #$(file-append gzip "/bin")))
- (if proxy
- (list (string-append "http_proxy=" proxy)
- (string-append "https_proxy=" proxy))
- '())
- '#$environment)
-
+ #:environment-variables environment-variables
#:log-file #$log-file))))
(stop #~(make-kill-destructor))))))
--
2.48.1
guix-patches <at> gnu.org:bug#77189; Package guix-patches.
(Sat, 22 Mar 2025 18:25:02 GMT) Full text and rfc822 format available.Message #14 received at 77189 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 77189 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 2/3] services: guix: Streamline the default ‘start’ case. Date: Sat, 22 Mar 2025 19:23:35 +0100
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method, use
‘fork+exec-command’ in the default case.
Change-Id: Id04d3d2651f89fbcdb2f17f027df91e132ff9ed1
---
gnu/services/base.scm | 31 ++++++++++++++-----------------
1 file changed, 14 insertions(+), 17 deletions(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 6793822666..c7abc9b422 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2137,23 +2137,20 @@ (define (guix-shepherd-service config)
(gid (if group (group:gid (getgrnam group)) -1)))
(chown "/var/guix/daemon-socket" uid gid))
- ;; Start the guix-daemon from a container, when supported,
- ;; to solve an installation issue. See the comment below for
- ;; more details.
- (fork+exec-command/container
- daemon-command
-
- ;; When running the installer, we need guix-daemon to
- ;; operate from within the same MNT namespace as the
- ;; installation container. In that case only, enter the
- ;; namespace of the process PID passed as start argument.
- ;; Otherwise, for symmetry purposes enter the caller
- ;; namespaces which is a no-op.
- #:pid (match args
- ((pid) (string->number pid))
- (else (getpid)))
- #:environment-variables environment-variables
- #:log-file #$log-file))))
+ (match args
+ (((= string->number (? integer? pid)))
+ ;; Start the guix-daemon in the same mnt namespace as
+ ;; PID. This is necessary when running the installer.
+ (fork+exec-command/container
+ daemon-command
+ #:pid pid
+ #:environment-variables environment-variables
+ #:log-file #$log-file))
+ (()
+ (fork+exec-command daemon-command
+ #:environment-variables
+ environment-variables
+ #:log-file #$log-file))))))
(stop #~(make-kill-destructor))))))
(define (guix-accounts config)
--
2.48.1
guix-patches <at> gnu.org:bug#77189; Package guix-patches.
(Sat, 22 Mar 2025 18:25:02 GMT) Full text and rfc822 format available.Message #17 received at 77189 <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 77189 <at> debbugs.gnu.org Cc: Ludovic Courtès <ludo <at> gnu.org> Subject: [PATCH 3/3] services: guix: Socket-activate ‘guix-daemon’. Date: Sat, 22 Mar 2025 19:23:36 +0100
* gnu/services/base.scm (guix-shepherd-service): Change ‘start’ to use
‘make-systemd-constructor’ in the default case. Remove now-redundant
code creating /var/guix/daemon-socket/. Adjust ‘stop’ method to use
‘make-systemd-destructor’ when appropriate.
Change-Id: I3572670c90f65509fbad01dcf13a60f772a86839
---
gnu/services/base.scm | 40 +++++++++++++++++++++++-----------------
1 file changed, 23 insertions(+), 17 deletions(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index c7abc9b422..9a9dfdb304 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2118,40 +2118,46 @@ (define (guix-shepherd-service config)
'())
'#$environment))
- (mkdir-p "/var/guix")
;; Ensure that a fresh directory is used, in case the old
;; one was more permissive and processes have a file
;; descriptor referencing it hanging around, ready to use
;; with openat.
(false-if-exception
(delete-file-recursively "/var/guix/daemon-socket"))
- (let ((perms #$(logand socket-directory-permissions
- (lognot #o022))))
- (mkdir "/var/guix/daemon-socket" perms)
- ;; Override umask
- (chmod "/var/guix/daemon-socket" perms))
-
- (let* ((user #$socket-directory-user)
- (uid (if user (passwd:uid (getpwnam user)) -1))
- (group #$socket-directory-group)
- (gid (if group (group:gid (getgrnam group)) -1)))
- (chown "/var/guix/daemon-socket" uid gid))
(match args
(((= string->number (? integer? pid)))
;; Start the guix-daemon in the same mnt namespace as
;; PID. This is necessary when running the installer.
+ ;; Assume /var/guix/daemon-socket was created by a
+ ;; previous 'start' call without arguments.
(fork+exec-command/container
daemon-command
#:pid pid
#:environment-variables environment-variables
#:log-file #$log-file))
(()
- (fork+exec-command daemon-command
- #:environment-variables
- environment-variables
- #:log-file #$log-file))))))
- (stop #~(make-kill-destructor))))))
+ ;; Default to socket activation.
+ (let ((socket (endpoint
+ (make-socket-address
+ AF_UNIX
+ "/var/guix/daemon-socket/socket")
+ #:name "socket"
+ #:socket-owner
+ (or #$socket-directory-user 0)
+ #:socket-group
+ (or #$socket-directory-group 0)
+ #:socket-directory-permissions
+ #$socket-directory-permissions)))
+ ((make-systemd-constructor daemon-command
+ (list socket)
+ #:environment-variables
+ environment-variables
+ #:log-file #$log-file))))))))
+ (stop #~(lambda (value)
+ (if (or (process? value) (integer? value))
+ ((make-kill-destructor) value)
+ ((make-systemd-destructor) value))))))))
(define (guix-accounts config)
"Return the user accounts and user groups for CONFIG."
--
2.48.1
Ludovic Courtès <ludo <at> gnu.org>:Ludovic Courtès <ludo <at> gnu.org>:Message #22 received at 77189-done <at> debbugs.gnu.org (full text, mbox):
From: Ludovic Courtès <ludo <at> gnu.org> To: 77189-done <at> debbugs.gnu.org Subject: Re: [bug#77189] [PATCH 0/3] Socket activation for guix-daemon Date: Sun, 06 Apr 2025 12:32:05 +0200
Pushed: c4dd590eab services: guix: Socket-activate ‘guix-daemon’. 96ae99c957 services: guix: Streamline the default ‘start’ case. b16e3f451f services: guix: Factorize ‘guix-daemon’ arguments. Ludo’.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.