| Commit message (Collapse) | Author | Age |
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
* guix/scripts/substitute-binary.scm (guix-substitute-binary): Call
'check-acl-initialized'.
(check-acl-initialized): Don't rely on 'equal?' to compare keys.
Instead, convert keys to strings.
|
|/
|
|
|
| |
* guix/scripts/substitute-binary.scm (assert-valid-narinfo): Change
message to avoid the term "narinfo".
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/pk-crypto.scm (string->canonical-sexp, sign, generate-key): Pass
the procedure name as the first argument to 'throw'.
(gcrypt-error-printer): New procedure.
<top level>: Add call to 'set-exception-printer!'.
* guix/nar.scm (restore-one-item): Add 'proc' parameter to 'catch'
handler for 'gcry-error.
* guix/scripts/archive.scm (%options, generate-key-pair, authorize-key):
Likewise.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Likewise.
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (regexp-exec): Change formals
to (rx str . rest).
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (guix-substitute-binary) <--query>:
Cache the result of (current-acl); pass it to 'valid-narinfo?' calls.
This saves 12% wall-clock time for "guix build emacs -n".
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/nar.scm (restore-file-set)[assert-valid-signature]: Rewrite in
terms of 'signature-case'.
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Call 'leave' instead of 'raise' when SIGNATURE is invalid.
(&nar-signature-error, &nar-invalid-hash-error): Remove.
(assert-valid-signature): Add 'narinfo' parameter; remove 'port'.
Rewrite in terms of 'signature-case' and 'leave'. Mention NARINFO's
URI in error messages. Adjust caller.
(narinfo-sha256): New procedure.
(assert-valid-narinfo): Use it.
(valid-narinfo?): Rewrite using 'narinfo-sha256' and
'signature-case'.
* tests/substitute-binary.scm (assert-valid-signature,
test-error-condition): Remove.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Remove.
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (assert-valid-narinfo): Add
#:verbose? parameter; when true, write "found valid signature".
(valid-narinfo?): Pass #:verbose? #f.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp):
Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise
as a SRFI-35 &message and &nar-signature-error.
(narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical
sexp.
(&nar-signature-error, &nar-invalid-hash-error): New variables.
(assert-valid-signature): Use them. Expect 'signature' to be a
canonical sexp.
(read-narinfo): Remove authentication and authorization checks.
(%signature-line-rx): New variable.
(assert-valid-narinfo, valid-narinfo?): New procedures.
(guix-substitute-binary): Wrap body in 'with-error-handling'.
[valid?]: New procedure.
<--query>: Show only store items of narinfos that match
'valid-narinfo?'.
<--substitute>: Call 'assert-valid-narinfo'.
* tests/substitute-binary.scm (test-error*): Use 'test-equal'.
(%keypair): Remove.
(%public-key, %private-key): Load from signing-key.{pub,sec}.
(signature-body): Add #:public-key parameter.
(call-with-narinfo): New procedure.
(with-narinfo): New macro.
("corrupt signature data", "unauthorized public key", "invalid
signature"): Make the first argument to 'assert-valid-signature' a
canonical sexp.
("invalid hash", "valid read-narinfo", "valid write-narinfo"):
Remove.
("query narinfo with invalid hash", "query narinfo signed with
authorized key", "query narinfo signed with unauthorized key",
"substitute, invalid hash", "substitute, unauthorized key"): New
tests.
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field.
(narinfo-maker): Pass CACHE-URL as the 'uri-base' value.
(string->narinfo): Add 'cache-uri' parameter.
(lookup-narinfo)[cache-entry]: Switch to version 1. Add 'cache-uri'
field. Adjust body accordingly.
(remove-expired-cached-narinfos): Switch to version 1 by default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature'
and 'contents' fields.
(narinfo-signature->canonical-sexp): New function.
(narinfo-maker): Add the 'signature' argument and use it.
(assert-valid-signature): New function.
(read-narinfo): Support the Signature field.
(write-narinfo): Use 'narinfo-contents'.
(%allow-unauthenticated-substitutes?): New variable.
* guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files.
* Makefile.am (SCM_TESTS): Add tests/base64.scm and
tests/substitute-binary.scm.
(MODULES): Add guix/base64.scm.
* test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
|
|
|
|
|
|
|
|
|
| |
* guix/utils.scm (decompressed-port, compressed-port): New procedures.
* guix/scripts/substitute-binary.scm (decompressed-port): Remove.
(guix-substitute-binary): Pass a symbol or #f as the first argument to
'decompress-port'.
* tests/utils.scm ("compressed-port, decompressed-port, non-file"): New
test.
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (fetch): Add #:quiet-404?
parameter. Upon &http-get-error, re-raise C if the QUIET-404? is
true and the code is 404.
(fetch-narinfo): Pass #:quiet-404? #t.
|
|
|
|
|
|
|
| |
* guix/http-client.scm (&http-get-error): New condition type.
(http-fetch): Raise it instead of using 'error'.
* guix/scripts/substitute-binary.scm (fetch) <http>: Wrap body into
'guard' form; gracefully handle 'http-get-error?' conditions.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* nix-upstream: Update sub-module.
* daemon.am (libutil_a_SOURCES): Add affinity.cc.
(libutil_headers): Add affinity.hh.
(libexec_PROGRAMS, nix_setuid_helper_SOURCES,
nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): Remove.
* doc/guix.texi (Setting Up the Daemon): Remove paragraph about
'nix-setuid-helper'.
* guix/scripts/substitute-binary.scm (guix-substitute-binary): Exit 0 when
%CACHE-URL has an HTTP scheme and looking up its host fails.
Always print a newline to stdout when starting.
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (with-atomic-file-output): Move to...
* guix/utils.scm (with-atomic-file-output): ... here.
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (n-par-map*): New procedure.
(guix-substitute-binary): Use it instead of 'n-par-map'.
Reported by Nikita Karetnikov and Eric Bavier.
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (with-timeout): Update comment to
mention the fix's commit ID.
(fetch): In the 'with-timeout' handler, close PORT only one Guile
versions < 2.0.9.39. Before that, on Guile >= 2.0.9.39, the HTTP
client would end up trying to read from a closed file descriptor.
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (%lookup-threads): New variable.
(guix-substitute-binary): Use 'n-par-map' instead of 'par-map' for
batch 'lookup-narinfo' calls.
|
|
|
|
|
|
|
| |
Reported by Nikita Karetnikov <nikita@karetnikov.org>.
* guix/scripts/substitute-binary.scm (show-help): New procedure.
(guix-substitute-binary): Add '--help'.
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (guix-substitute-binary)["--substitute"]:
Show the Nar size, when available.
* guix/ui.scm (show-what-to-build): Add 'TODO'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes Guile version comparisons when (version) has a
vendor-specific suffix.
Reported by Andreas Enge <andreas@enge.fr>.
* guix/utils.scm (guile-version>?): New procedure.
* tests/utils.scm ("guile-version>? 1.8", "guile-version>? 10.5"): New
tests.
* guix/scripts/substitute-binary.scm (fetch, progress-report-port): Use
`guile-version>?' instead of `version>?'.
* guix/http-client.scm (when-guile<=2.0.5, http-fetch): Likewise.
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (fetch): In the `file' case, open
with the `b' flag, so that the coding cookie reading thing doesn't
lead to buffering some of the data (on 2.0.5).
* tests/utils.scm ("filtered-port, file"): Open with `r0b'. Fixes a
test failure with Guile 2.0.5 whereby the first byte of FILE would be
missing from DECOMPRESSED.
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (progress-report-port): On Guile
2.0.5, return PORT directly and emit a warning.
|
|
|
|
|
|
|
| |
* guix/web.scm: Rename to...
* guix/http-client.scm: ... this.
* guix/gnu-maintenance.scm, guix/scripts/substitute-binary.scm,
Makefile.am, po/POTFILES.in: Update accordingly.
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (%regexp-exec-mutex, string->uri):
Remove.
(regexp-exec): Replace this global binding by a thread-safety wrapper.
(fields->alist): Remove `with-mutex', and directly alias `recutils->alist'.
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (%fetch-timeout): Set to 5 seconds.
|
|
|
|
|
|
|
| |
* guix/records.scm (%recutils-field-rx): New variable.
(recutils->alist): New procedure, formerly known as `fields->alist'.
* guix/scripts/substitute-binary.scm (fields->alist): Use it.
* tests/records.scm ("recutils->alist"): New test.
|
|
|
|
|
|
|
|
|
| |
* guix/web.scm (open-socket-for-uri): New procedure.
(http-fetch): Add `port' keyword parameter; use it.
* guix/scripts/substitute-binary.scm (%random-state): New variable.
(with-timeout): Wait a little before retrying.
(fetch): Use `open-socket-for-uri', and keep a copy of the socket in
variable `port'. Close PORT upon timeout.
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (decompressed-port): Improve docstring.
(progress-report-port): New procedure.
(guix-substitute-binary)["--substitute"]: Use it to report progress.
* guix/build/download.scm: Export `progress-proc' and `uri-abbreviation'.
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (%fetch-timeout): New variable.
(with-timeout): New macro.
(fetch): Add `timeout?' keyword parameter. Enclose `http-fetch' call
in `with-timeout'.
(guix-substitute-binary): Call `fetch' with #:timeout? #f.
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (lookup-narinfo): Don't cache
NARINFO when CACHE is #f.
|
|
|
|
|
|
|
| |
Suggested by Andreas Enge <andreas@enge.fr>.
* guix/scripts/substitute-binary.scm (with-networking): New macro.
(guix-substitute-binary): Wrap the body in `with-networking'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a bug whereby `read-response' would read more than just the
response, with the extra data going into the port's buffer; the
"bzip2 -dc" process spawned by `filtered-port' would not see the those
buffered data, which are definitely lost, and would bail out with
"bzip2: (stdin) is not a bzip2 file."
* guix/utils.scm (filtered-port): Document that INPUT must be
unbuffered.
* guix/web.scm (http-fetch): Add `buffered?' parameter. Call
`open-socket-for-uri' explicitly, and call `setvbuf' when BUFFERED? is
false. Pass the port to `http-get'. Close it upon 301/302.
* guix/scripts/substitute-binary.scm (fetch): Add `buffered?'
parameter. Pass it to `http-fetch'; honor it for `file' URIs.
(guix-substitute-binary): Call `fetch' with #:buffered? #f for port RAW.
* tests/utils.scm ("filtered-port, file"): Open FILE as unbuffered.
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (%regexp-exec-mutex): New variable.
(string->uri): New procedure.
(fields->alist): Wrap `regexp-exec' call in `with-mutex'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/utils.scm (define-record-type*): Move to...
* guix/records.scm: ... here. New file.
* guix/build-system.scm, guix/packages.scm: Use it.
* guix/gnu-maintenance.scm: Likewise.
(official-gnu-packages)[alist->record]: Remove.
* guix/scripts/substitute-binary.scm: Likewise.
(alist->record, object->fields): Remove.
* tests/utils.scm ("define-record-type*", "define-record-type* with
letrec* behavior", "define-record-type* & inherit",
"define-record-type* & inherit & letrec* behavior",
"define-record-type* & thunked", "define-record-type* & thunked &
default", "define-record-type* & thunked & inherited"): Move to...
* tests/records.scm: ... here. New file.
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (filtered-port): Move to utils.scm.
(decompressed-port): Upon "none", return '() as the second value.
(guix-substitute-binary): Expect `decompressed-port' to return a list
of PIDs as its second value.
* guix/utils.scm (filtered-port): New procedure. Add case for when
INPUT is not `file-port?'.
* tests/utils.scm ("filtered-port, file", "filtered-port, non-file"):
New tests.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should fix `substitute-binary --query' on Guile 2.0.5.
* guix/web.scm: New file.
* Makefile.am (MODULES): Add it.
* po/POTFILES.in: Add it.
* guix/gnu-maintenance.scm (http-fetch): Remove.
(%package-list-url): Turn into a URI.
(official-gnu-packages): Add #:text? #t to `http-fetch' call.
* guix/scripts/substitute-binary.scm (fetch): Remove `http' case, and
use `http-fetch' instead.
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (%narinfo-expired-cache-entry-removal-delay):
New variable.
(obsolete?): New procedure, formerly in `lookup-narinfo'.
(lookup-narinfo): Adjust accordingly.
(remove-expired-cached-narinfos, maybe-remove-expired-cached-narinfo):
New procedures.
(guix-substitute-binary): Call `maybe-remove-expired-cached-narinfo'.
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (fetch-narinfo): Return #f when
CACHE uses a store directory different from (%store-prefix).
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (lookup-narinfo): Force CACHE when
passing it to `fetch-narinfo'.
(guix-substitute-binary): Delay calls to `open-cache'.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (%narinfo-cache-directory,
%narinfo-ttl, %narinfo-negative-ttl): New variables.
(with-atomic-file-output, object->fields, read-narinfo,
write-narinfo, narinfo->string, string->narinfo, lookup-narinfo): New
procedures.
(fetch-narinfo): Adjust to use `read-narinfo'.
(guix-substitute-binary): Ensure the existence of
%NARINFO-CACHE-DIRECTORY. Use `lookup-narinfo' instead of
`fetch-narinfo'.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows build outputs to be transparently downloaded from
http://hydra.gnu.org, for example.
* config-daemon.ac: Check for `gzip', `bzip2', and `xz'.
* guix/config.scm.in (%gzip, %bzip2, %xz): New variable.
* guix/scripts/substitute-binary.scm (fetch): Return SIZE as a second value.
(<narinfo>): Change `url' to `uri'.
(make-narinfo): Rename to...
(narinfo-maker): ... this. Handle relative URLs.
(fetch-narinfo): Adjust accordingly.
(filtered-port, decompressed-port): New procedures.
(guix-substitute-binary): Implement the `--substitute' case.
* tests/store.scm ("substitute query"): Use (%store-prefix) instead
of (getenv "NIX_STORE_DIR").
("substitute"): New test.
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (guix-substitute-binary)["--query"]("have",
"info"): Filter SUBSTITUTABLE through `narinfo?'.
|
|
|
|
|
|
| |
* guix/scripts/substitute-binary.scm (guix-substitute-binary)["--query"]:
Emit blank lines only after the complete list of store paths has been
returned.
|
|
* guix/scripts/substitute-binary.scm: New file.
* Makefile.am (MODULES): Add it.
* nix/scripts/substitute-binary.in: New file.
* config-daemon.ac: Produce nix/scripts/substitute-binary.
* daemon.am (nodist_pkglibexec_SCRIPTS): Add
nix/scripts/substitute-binary.
* guix/store.scm (substitutable-path-info): Use the
`query-substitutable-path-infos' RPC.
* nix/nix-daemon/guix-daemon.cc (main): Honor `NIX_SUBSTITUTERS'.
* pre-inst-env.in: Set `NIX_SUBSTITUTERS'.
* test-env.in: Leave `NIX_SUBSTITUTERS' unchanged. Set
`GUIX_BINARY_SUBSTITUTE_URL, and create
$NIX_STATE_DIR/substituter-data.
Run `guix-daemon' within `./pre-inst-env'.
* tests/store.scm ("substitute query"): New test.
|