GNU bug report logs - #77189
[PATCH 0/3] Socket activation for guix-daemon

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sat, 22 Mar 2025 18:14:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

To reply to this bug, email your comments to 77189 AT debbugs.gnu.org.
There is no need to reopen the bug first.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to guix-patches <at> gnu.org:
bug#77189; Package guix-patches. (Sat, 22 Mar 2025 18:14:01 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ludovic Courtès <ludo <at> gnu.org>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Sat, 22 Mar 2025 18:14:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: guix-patches <at> gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH 0/3] Socket activation for guix-daemon
Date: Sat, 22 Mar 2025 19:13:29 +0100
Hello Guix,

This is a small refactor and improvement that will make it easier
to implement support for unprivileged guix-daemon¹ in Guix System.

Thoughts?

Ludo’.

¹ https://issues.guix.gnu.org/75810

Ludovic Courtès (3):
  services: guix: Factorize ‘guix-daemon’ arguments.
  services: guix: Streamline the default ‘start’ case.
  services: guix: Socket-activate ‘guix-daemon’.

 gnu/services/base.scm | 174 ++++++++++++++++++++++--------------------
 1 file changed, 90 insertions(+), 84 deletions(-)


base-commit: efac1498c15198afc4f9a2bc700408bde1b3b3ed
-- 
2.48.1





Information forwarded to guix-patches <at> gnu.org:
bug#77189; Package guix-patches. (Sat, 22 Mar 2025 18:24:02 GMT) Full text and rfc822 format available.

Information forwarded to guix-patches <at> gnu.org:
bug#77189; Package guix-patches. (Sat, 22 Mar 2025 18:25:01 GMT) Full text and rfc822 format available.

Message #11 received at 77189 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 77189 <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH 1/3] services: guix: Factorize ‘guix-daemon’ arguments.
Date: Sat, 22 Mar 2025 19:23:34 +0100
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method,
move ‘fork+exec-command/container’ arguments to the new variables
‘daemon-command’ and ‘environment-variables’.

Change-Id: Ic04a1006849697e4e185ad94185bbdec8a91a05a
---
 gnu/services/base.scm | 115 ++++++++++++++++++++++--------------------
 1 file changed, 59 insertions(+), 56 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 0d2bb31190..6793822666 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2061,6 +2061,63 @@ (define (guix-shepherd-service config)
                   (define discover?
                     (or (getenv "discover") #$discover?))
 
+                  (define daemon-command
+                    (cons* #$(file-append guix "/bin/guix-daemon")
+                           "--build-users-group" #$build-group
+                           "--max-silent-time"
+                           #$(number->string max-silent-time)
+                           "--timeout" #$(number->string timeout)
+                           "--log-compression"
+                           #$(symbol->string log-compression)
+                           #$@(if use-substitutes?
+                                  '()
+                                  '("--no-substitutes"))
+                           (string-append "--discover="
+                                          (if discover? "yes" "no"))
+                           "--substitute-urls" #$(string-join substitute-urls)
+                           #$@extra-options
+
+                           #$@(if chroot?
+                                  '()
+                                  '("--disable-chroot"))
+                           ;; Add CHROOT-DIRECTORIES and all their dependencies
+                           ;; (if these are store items) to the chroot.
+                           (append-map
+                            (lambda (file)
+                              (append-map (lambda (directory)
+                                            (list "--chroot-directory"
+                                                  directory))
+                                          (call-with-input-file file
+                                            read)))
+                            '#$(map references-file
+                                    chroot-directories))))
+
+                  (define environment-variables
+                    (append (list #$@(if tmpdir
+                                         (list (string-append "TMPDIR=" tmpdir))
+                                         '())
+
+                                  ;; Make sure we run in a UTF-8 locale so that
+                                  ;; 'guix offload' correctly restores nars
+                                  ;; that contain UTF-8 file names such as
+                                  ;; 'nss-certs'.  See
+                                  ;; <https://bugs.gnu.org/32942>.
+                                  (string-append "GUIX_LOCPATH="
+                                                 #$locales "/lib/locale")
+                                  "LC_ALL=en_US.utf8"
+                                  ;; Make 'tar' and 'gzip' available so
+                                  ;; that 'guix perform-download' can use
+                                  ;; them when downloading from Software
+                                  ;; Heritage via '(guix swh)'.
+                                  (string-append "PATH="
+                                                 #$(file-append tar "/bin") ":"
+                                                 #$(file-append gzip "/bin")))
+                            (if proxy
+                                (list (string-append "http_proxy=" proxy)
+                                      (string-append "https_proxy=" proxy))
+                                '())
+                            '#$environment))
+
                   (mkdir-p "/var/guix")
                   ;; Ensure that a fresh directory is used, in case the old
                   ;; one was more permissive and processes have a file
@@ -2084,35 +2141,7 @@ (define (guix-shepherd-service config)
                   ;; to solve an installation issue. See the comment below for
                   ;; more details.
                   (fork+exec-command/container
-                   (cons* #$(file-append guix "/bin/guix-daemon")
-                          "--build-users-group" #$build-group
-                          "--max-silent-time"
-                          #$(number->string max-silent-time)
-                          "--timeout" #$(number->string timeout)
-                          "--log-compression"
-                          #$(symbol->string log-compression)
-                          #$@(if use-substitutes?
-                                 '()
-                                 '("--no-substitutes"))
-                          (string-append "--discover="
-                                         (if discover? "yes" "no"))
-                          "--substitute-urls" #$(string-join substitute-urls)
-                          #$@extra-options
-
-                          #$@(if chroot?
-                                 '()
-                                 '("--disable-chroot"))
-                          ;; Add CHROOT-DIRECTORIES and all their dependencies
-                          ;; (if these are store items) to the chroot.
-                          (append-map
-                           (lambda (file)
-                             (append-map (lambda (directory)
-                                           (list "--chroot-directory"
-                                                 directory))
-                                         (call-with-input-file file
-                                           read)))
-                           '#$(map references-file
-                                   chroot-directories)))
+                   daemon-command
 
                    ;; When running the installer, we need guix-daemon to
                    ;; operate from within the same MNT namespace as the
@@ -2123,33 +2152,7 @@ (define (guix-shepherd-service config)
                    #:pid (match args
                            ((pid) (string->number pid))
                            (else (getpid)))
-
-                   #:environment-variables
-                   (append (list #$@(if tmpdir
-                                        (list (string-append "TMPDIR=" tmpdir))
-                                        '())
-
-                                 ;; Make sure we run in a UTF-8 locale so that
-                                 ;; 'guix offload' correctly restores nars
-                                 ;; that contain UTF-8 file names such as
-                                 ;; 'nss-certs'.  See
-                                 ;; <https://bugs.gnu.org/32942>.
-                                 (string-append "GUIX_LOCPATH="
-                                                #$locales "/lib/locale")
-                                 "LC_ALL=en_US.utf8"
-                                 ;; Make 'tar' and 'gzip' available so
-                                 ;; that 'guix perform-download' can use
-                                 ;; them when downloading from Software
-                                 ;; Heritage via '(guix swh)'.
-                                 (string-append "PATH="
-                                                #$(file-append tar "/bin") ":"
-                                                #$(file-append gzip "/bin")))
-                           (if proxy
-                               (list (string-append "http_proxy=" proxy)
-                                     (string-append "https_proxy=" proxy))
-                               '())
-                           '#$environment)
-
+                   #:environment-variables environment-variables
                    #:log-file #$log-file))))
            (stop #~(make-kill-destructor))))))
 
-- 
2.48.1





Information forwarded to guix-patches <at> gnu.org:
bug#77189; Package guix-patches. (Sat, 22 Mar 2025 18:25:02 GMT) Full text and rfc822 format available.

Message #14 received at 77189 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 77189 <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH 2/3] services: guix: Streamline the default ‘start’ case.
Date: Sat, 22 Mar 2025 19:23:35 +0100
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method, use
‘fork+exec-command’ in the default case.

Change-Id: Id04d3d2651f89fbcdb2f17f027df91e132ff9ed1
---
 gnu/services/base.scm | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 6793822666..c7abc9b422 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2137,23 +2137,20 @@ (define (guix-shepherd-service config)
                          (gid (if group (group:gid (getgrnam group)) -1)))
                     (chown "/var/guix/daemon-socket" uid gid))
 
-                  ;; Start the guix-daemon from a container, when supported,
-                  ;; to solve an installation issue. See the comment below for
-                  ;; more details.
-                  (fork+exec-command/container
-                   daemon-command
-
-                   ;; When running the installer, we need guix-daemon to
-                   ;; operate from within the same MNT namespace as the
-                   ;; installation container. In that case only, enter the
-                   ;; namespace of the process PID passed as start argument.
-                   ;; Otherwise, for symmetry purposes enter the caller
-                   ;; namespaces which is a no-op.
-                   #:pid (match args
-                           ((pid) (string->number pid))
-                           (else (getpid)))
-                   #:environment-variables environment-variables
-                   #:log-file #$log-file))))
+                  (match args
+                    (((= string->number (? integer? pid)))
+                     ;; Start the guix-daemon in the same mnt namespace as
+                     ;; PID.  This is necessary when running the installer.
+                     (fork+exec-command/container
+                      daemon-command
+                      #:pid pid
+                      #:environment-variables environment-variables
+                      #:log-file #$log-file))
+                    (()
+                     (fork+exec-command daemon-command
+                                        #:environment-variables
+                                        environment-variables
+                                        #:log-file #$log-file))))))
            (stop #~(make-kill-destructor))))))
 
 (define (guix-accounts config)
-- 
2.48.1





Information forwarded to guix-patches <at> gnu.org:
bug#77189; Package guix-patches. (Sat, 22 Mar 2025 18:25:02 GMT) Full text and rfc822 format available.

Message #17 received at 77189 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 77189 <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH 3/3] services: guix: Socket-activate ‘guix-daemon’.
Date: Sat, 22 Mar 2025 19:23:36 +0100
* gnu/services/base.scm (guix-shepherd-service): Change ‘start’ to use
‘make-systemd-constructor’ in the default case.  Remove now-redundant
code creating /var/guix/daemon-socket/.  Adjust ‘stop’ method to use
‘make-systemd-destructor’ when appropriate.

Change-Id: I3572670c90f65509fbad01dcf13a60f772a86839
---
 gnu/services/base.scm | 40 +++++++++++++++++++++++-----------------
 1 file changed, 23 insertions(+), 17 deletions(-)

diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index c7abc9b422..9a9dfdb304 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2118,40 +2118,46 @@ (define (guix-shepherd-service config)
                                 '())
                             '#$environment))
 
-                  (mkdir-p "/var/guix")
                   ;; Ensure that a fresh directory is used, in case the old
                   ;; one was more permissive and processes have a file
                   ;; descriptor referencing it hanging around, ready to use
                   ;; with openat.
                   (false-if-exception
                    (delete-file-recursively "/var/guix/daemon-socket"))
-                  (let ((perms #$(logand socket-directory-permissions
-                                         (lognot #o022))))
-                    (mkdir "/var/guix/daemon-socket" perms)
-                    ;; Override umask
-                    (chmod "/var/guix/daemon-socket" perms))
-
-                  (let* ((user #$socket-directory-user)
-                         (uid (if user (passwd:uid (getpwnam user)) -1))
-                         (group #$socket-directory-group)
-                         (gid (if group (group:gid (getgrnam group)) -1)))
-                    (chown "/var/guix/daemon-socket" uid gid))
 
                   (match args
                     (((= string->number (? integer? pid)))
                      ;; Start the guix-daemon in the same mnt namespace as
                      ;; PID.  This is necessary when running the installer.
+                     ;; Assume /var/guix/daemon-socket was created by a
+                     ;; previous 'start' call without arguments.
                      (fork+exec-command/container
                       daemon-command
                       #:pid pid
                       #:environment-variables environment-variables
                       #:log-file #$log-file))
                     (()
-                     (fork+exec-command daemon-command
-                                        #:environment-variables
-                                        environment-variables
-                                        #:log-file #$log-file))))))
-           (stop #~(make-kill-destructor))))))
+                     ;; Default to socket activation.
+                     (let ((socket (endpoint
+                                    (make-socket-address
+                                     AF_UNIX
+                                     "/var/guix/daemon-socket/socket")
+                                    #:name "socket"
+                                    #:socket-owner
+                                    (or #$socket-directory-user 0)
+                                    #:socket-group
+                                    (or #$socket-directory-group 0)
+                                    #:socket-directory-permissions
+                                    #$socket-directory-permissions)))
+                       ((make-systemd-constructor daemon-command
+                                                  (list socket)
+                                                  #:environment-variables
+                                                  environment-variables
+                                                  #:log-file #$log-file))))))))
+           (stop #~(lambda (value)
+                     (if (or (process? value) (integer? value))
+                         ((make-kill-destructor) value)
+                         ((make-systemd-destructor) value))))))))
 
 (define (guix-accounts config)
   "Return the user accounts and user groups for CONFIG."
-- 
2.48.1





Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Sun, 06 Apr 2025 10:33:02 GMT) Full text and rfc822 format available.

Notification sent to Ludovic Courtès <ludo <at> gnu.org>:
bug acknowledged by developer. (Sun, 06 Apr 2025 10:33:02 GMT) Full text and rfc822 format available.

Message #22 received at 77189-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: 77189-done <at> debbugs.gnu.org
Subject: Re: [bug#77189] [PATCH 0/3] Socket activation for guix-daemon
Date: Sun, 06 Apr 2025 12:32:05 +0200
Pushed:

  c4dd590eab services: guix: Socket-activate ‘guix-daemon’.
  96ae99c957 services: guix: Streamline the default ‘start’ case.
  b16e3f451f services: guix: Factorize ‘guix-daemon’ arguments.

Ludo’.




This bug report was last modified 2 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.