aboutsummaryrefslogtreecommitdiff
path: root/guix/scripts/substitute-binary.scm
Commit message (Collapse)AuthorAge
* Merge branch 'core-updates'Ludovic Courtès2014-06-20
|\
| * substitute-binary: Warn about uninitialized ACL.Ludovic Courtès2014-06-19
| | | | | | | | | | | | | | * guix/scripts/substitute-binary.scm (guix-substitute-binary): Call 'check-acl-initialized'. (check-acl-initialized): Don't rely on 'equal?' to compare keys. Instead, convert keys to strings.
* | substitute-binary: Avoid the term "narinfo" in user messages.Ludovic Courtès2014-06-17
|/ | | | | * guix/scripts/substitute-binary.scm (assert-valid-narinfo): Change message to avoid the term "narinfo".
* pk-crypto: Add pretty-printer to 'gcry-error' exceptions.Ludovic Courtès2014-04-22
| | | | | | | | | | | | | * guix/pk-crypto.scm (string->canonical-sexp, sign, generate-key): Pass the procedure name as the first argument to 'throw'. (gcrypt-error-printer): New procedure. <top level>: Add call to 'set-exception-printer!'. * guix/nar.scm (restore-one-item): Add 'proc' parameter to 'catch' handler for 'gcry-error. * guix/scripts/archive.scm (%options, generate-key-pair, authorize-key): Likewise. * guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp): Likewise.
* substitute-binary: Avoid consing 'regexp-exec' arguments.Ludovic Courtès2014-04-01
| | | | | * guix/scripts/substitute-binary.scm (regexp-exec): Change formals to (rx str . rest).
* substitute-binary: Avoid reloading the ACL repeatedly.Ludovic Courtès2014-04-01
| | | | | | * guix/scripts/substitute-binary.scm (guix-substitute-binary) <--query>: Cache the result of (current-acl); pass it to 'valid-narinfo?' calls. This saves 12% wall-clock time for "guix build emacs -n".
* Use 'signature-case' in (guix nar) and 'substitute-binary'.Ludovic Courtès2014-03-31
| | | | | | | | | | | | | | | | | | | * guix/nar.scm (restore-file-set)[assert-valid-signature]: Rewrite in terms of 'signature-case'. * guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp): Call 'leave' instead of 'raise' when SIGNATURE is invalid. (&nar-signature-error, &nar-invalid-hash-error): Remove. (assert-valid-signature): Add 'narinfo' parameter; remove 'port'. Rewrite in terms of 'signature-case' and 'leave'. Mention NARINFO's URI in error messages. Adjust caller. (narinfo-sha256): New procedure. (assert-valid-narinfo): Use it. (valid-narinfo?): Rewrite using 'narinfo-sha256' and 'signature-case'. * tests/substitute-binary.scm (assert-valid-signature, test-error-condition): Remove. ("corrupt signature data", "unauthorized public key", "invalid signature"): Remove.
* substitute-binary: Notify of valid signatures.Ludovic Courtès2014-03-31
| | | | | | * guix/scripts/substitute-binary.scm (assert-valid-narinfo): Add #:verbose? parameter; when true, write "found valid signature". (valid-narinfo?): Pass #:verbose? #f.
* substitute-binary: Defer narinfo authentication and authorization checks.Ludovic Courtès2014-03-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * guix/scripts/substitute-binary.scm (narinfo-signature->canonical-sexp): Catch 'gcry-error' around 'string->canonical-sexp' call, and re-raise as a SRFI-35 &message and &nar-signature-error. (narinfo-maker): Handle when SIGNATURE is #f or an invalid canonical sexp. (&nar-signature-error, &nar-invalid-hash-error): New variables. (assert-valid-signature): Use them. Expect 'signature' to be a canonical sexp. (read-narinfo): Remove authentication and authorization checks. (%signature-line-rx): New variable. (assert-valid-narinfo, valid-narinfo?): New procedures. (guix-substitute-binary): Wrap body in 'with-error-handling'. [valid?]: New procedure. <--query>: Show only store items of narinfos that match 'valid-narinfo?'. <--substitute>: Call 'assert-valid-narinfo'. * tests/substitute-binary.scm (test-error*): Use 'test-equal'. (%keypair): Remove. (%public-key, %private-key): Load from signing-key.{pub,sec}. (signature-body): Add #:public-key parameter. (call-with-narinfo): New procedure. (with-narinfo): New macro. ("corrupt signature data", "unauthorized public key", "invalid signature"): Make the first argument to 'assert-valid-signature' a canonical sexp. ("invalid hash", "valid read-narinfo", "valid write-narinfo"): Remove. ("query narinfo with invalid hash", "query narinfo signed with authorized key", "query narinfo signed with unauthorized key", "substitute, invalid hash", "substitute, unauthorized key"): New tests.
* substitute-binary: Store the cache's URI in the local cached narinfo.Ludovic Courtès2014-03-30
| | | | | | | | | * guix/scripts/substitute-binary.scm (<narinfo>)[uri-base]: New field. (narinfo-maker): Pass CACHE-URL as the 'uri-base' value. (string->narinfo): Add 'cache-uri' parameter. (lookup-narinfo)[cache-entry]: Switch to version 1. Add 'cache-uri' field. Adjust body accordingly. (remove-expired-cached-narinfos): Switch to version 1 by default.
* substitute-binary: Support the Signature field of a narinfo file.Nikita Karetnikov2014-03-30
| | | | | | | | | | | | | | | | * guix/scripts/substitute-binary.scm (<narinfo>): Add the 'signature' and 'contents' fields. (narinfo-signature->canonical-sexp): New function. (narinfo-maker): Add the 'signature' argument and use it. (assert-valid-signature): New function. (read-narinfo): Support the Signature field. (write-narinfo): Use 'narinfo-contents'. (%allow-unauthenticated-substitutes?): New variable. * guix/base64.scm, tests/base64.scm, tests/substitute-binary.scm: New files. * Makefile.am (SCM_TESTS): Add tests/base64.scm and tests/substitute-binary.scm. (MODULES): Add guix/base64.scm. * test-env.in: Set 'GUIX_ALLOW_UNAUTHENTICATED_SUBSTITUTES'.
* utils: Add 'decompressed-port' and 'compressed-port'.Ludovic Courtès2014-03-22
| | | | | | | | | * guix/utils.scm (decompressed-port, compressed-port): New procedures. * guix/scripts/substitute-binary.scm (decompressed-port): Remove. (guix-substitute-binary): Pass a symbol or #f as the first argument to 'decompress-port'. * tests/utils.scm ("compressed-port, decompressed-port, non-file"): New test.
* substitute-binary: Quietly handle 404s when fetching narinfos.Ludovic Courtès2014-03-19
| | | | | | | * guix/scripts/substitute-binary.scm (fetch): Add #:quiet-404? parameter. Upon &http-get-error, re-raise C if the QUIET-404? is true and the code is 404. (fetch-narinfo): Pass #:quiet-404? #t.
* substitute-binary: Gracefully handle HTTP GET errors.Ludovic Courtès2014-03-01
| | | | | | | * guix/http-client.scm (&http-get-error): New condition type. (http-fetch): Raise it instead of using 'error'. * guix/scripts/substitute-binary.scm (fetch) <http>: Wrap body into 'guard' form; gracefully handle 'http-get-error?' conditions.
* Update 'nix-upstream' sub-module; adjust build system, doc, and substituter.Ludovic Courtès2014-01-18
| | | | | | | | | | | | | * nix-upstream: Update sub-module. * daemon.am (libutil_a_SOURCES): Add affinity.cc. (libutil_headers): Add affinity.hh. (libexec_PROGRAMS, nix_setuid_helper_SOURCES, nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): Remove. * doc/guix.texi (Setting Up the Daemon): Remove paragraph about 'nix-setuid-helper'. * guix/scripts/substitute-binary.scm (guix-substitute-binary): Exit 0 when %CACHE-URL has an HTTP scheme and looking up its host fails. Always print a newline to stdout when starting.
* Move 'with-atomic-file-output' to (guix utils).Ludovic Courtès2013-12-29
| | | | | * guix/scripts/substitute-binary.scm (with-atomic-file-output): Move to... * guix/utils.scm (with-atomic-file-output): ... here.
* substitute-binary: Work around Guile 2.0.5's broken 'n-par-map'.Ludovic Courtès2013-11-26
| | | | | | * guix/scripts/substitute-binary.scm (n-par-map*): New procedure. (guix-substitute-binary): Use it instead of 'n-par-map'. Reported by Nikita Karetnikov and Eric Bavier.
* substitute-binary: Adjust timeout handling for Guile > 2.0.9.Ludovic Courtès2013-11-14
| | | | | | | | * guix/scripts/substitute-binary.scm (with-timeout): Update comment to mention the fix's commit ID. (fetch): In the 'with-timeout' handler, close PORT only one Guile versions < 2.0.9.39. Before that, on Guile >= 2.0.9.39, the HTTP client would end up trying to read from a closed file descriptor.
* substitute-binary: Increase lookup concurrency to reduce latency.Ludovic Courtès2013-11-08
| | | | | | * guix/scripts/substitute-binary.scm (%lookup-threads): New variable. (guix-substitute-binary): Use 'n-par-map' instead of 'par-map' for batch 'lookup-narinfo' calls.
* substitute-binary: Add '--help'.Ludovic Courtès2013-09-13
| | | | | | | Reported by Nikita Karetnikov <nikita@karetnikov.org>. * guix/scripts/substitute-binary.scm (show-help): New procedure. (guix-substitute-binary): Add '--help'.
* substitute-binary: Show the Nar size, when available.Ludovic Courtès2013-09-02
| | | | | | * guix/scripts/substitute-binary.scm (guix-substitute-binary)["--substitute"]: Show the Nar size, when available. * guix/ui.scm (show-what-to-build): Add 'TODO'.
* utils: Add `guile-version>?', and use it.Ludovic Courtès2013-08-23
| | | | | | | | | | | | | | This fixes Guile version comparisons when (version) has a vendor-specific suffix. Reported by Andreas Enge <andreas@enge.fr>. * guix/utils.scm (guile-version>?): New procedure. * tests/utils.scm ("guile-version>? 1.8", "guile-version>? 10.5"): New tests. * guix/scripts/substitute-binary.scm (fetch, progress-report-port): Use `guile-version>?' instead of `version>?'. * guix/http-client.scm (when-guile<=2.0.5, http-fetch): Likewise.
* substitute-binary: Try hard to avoid port buffering.Ludovic Courtès2013-08-22
| | | | | | | | | * guix/scripts/substitute-binary.scm (fetch): In the `file' case, open with the `b' flag, so that the coding cookie reading thing doesn't lead to buffering some of the data (on 2.0.5). * tests/utils.scm ("filtered-port, file"): Open with `r0b'. Fixes a test failure with Guile 2.0.5 whereby the first byte of FILE would be missing from DECOMPRESSED.
* substitute-binary: Don't pretend to report download progress on Guile 2.0.5.Ludovic Courtès2013-08-21
| | | | | * guix/scripts/substitute-binary.scm (progress-report-port): On Guile 2.0.5, return PORT directly and emit a warning.
* Rename (guix web) to (guix http-client).Ludovic Courtès2013-07-14
| | | | | | | * guix/web.scm: Rename to... * guix/http-client.scm: ... this. * guix/gnu-maintenance.scm, guix/scripts/substitute-binary.scm, Makefile.am, po/POTFILES.in: Update accordingly.
* substitute-binary: Directly replace the global `regexp-exec'.Ludovic Courtès2013-07-11
| | | | | | | * guix/scripts/substitute-binary.scm (%regexp-exec-mutex, string->uri): Remove. (regexp-exec): Replace this global binding by a thread-safety wrapper. (fields->alist): Remove `with-mutex', and directly alias `recutils->alist'.
* substitute-binary: Increase the default timeout.Ludovic Courtès2013-07-11
| | | | * guix/scripts/substitute-binary.scm (%fetch-timeout): Set to 5 seconds.
* records: Add `recutils->alist' for public consumption.Ludovic Courtès2013-07-10
| | | | | | | * guix/records.scm (%recutils-field-rx): New variable. (recutils->alist): New procedure, formerly known as `fields->alist'. * guix/scripts/substitute-binary.scm (fields->alist): Use it. * tests/records.scm ("recutils->alist"): New test.
* substitute-binary: Avoid dangling connections to the server.Ludovic Courtès2013-06-29
| | | | | | | | | * guix/web.scm (open-socket-for-uri): New procedure. (http-fetch): Add `port' keyword parameter; use it. * guix/scripts/substitute-binary.scm (%random-state): New variable. (with-timeout): Wait a little before retrying. (fetch): Use `open-socket-for-uri', and keep a copy of the socket in variable `port'. Close PORT upon timeout.
* substitute-binary: Report progress while downloading.Ludovic Courtès2013-06-20
| | | | | | | * guix/scripts/substitute-binary.scm (decompressed-port): Improve docstring. (progress-report-port): New procedure. (guix-substitute-binary)["--substitute"]: Use it to report progress. * guix/build/download.scm: Export `progress-proc' and `uri-abbreviation'.
* substitute-binary: Provide feedback when the server is unresponsive.Ludovic Courtès2013-06-18
| | | | | | | | * guix/scripts/substitute-binary.scm (%fetch-timeout): New variable. (with-timeout): New macro. (fetch): Add `timeout?' keyword parameter. Enclose `http-fetch' call in `with-timeout'. (guix-substitute-binary): Call `fetch' with #:timeout? #f.
* substitute-binary: Don't cache .narinfo lookups when lacking networking.Ludovic Courtès2013-06-04
| | | | | * guix/scripts/substitute-binary.scm (lookup-narinfo): Don't cache NARINFO when CACHE is #f.
* substitute-binary: Gracefully exit upon networking errors.Ludovic Courtès2013-05-29
| | | | | | | Suggested by Andreas Enge <andreas@enge.fr>. * guix/scripts/substitute-binary.scm (with-networking): New macro. (guix-substitute-binary): Wrap the body in `with-networking'.
* substitute-binary: Pass `filtered-port' an unbuffered port.Ludovic Courtès2013-05-15
| | | | | | | | | | | | | | | | | | This fixes a bug whereby `read-response' would read more than just the response, with the extra data going into the port's buffer; the "bzip2 -dc" process spawned by `filtered-port' would not see the those buffered data, which are definitely lost, and would bail out with "bzip2: (stdin) is not a bzip2 file." * guix/utils.scm (filtered-port): Document that INPUT must be unbuffered. * guix/web.scm (http-fetch): Add `buffered?' parameter. Call `open-socket-for-uri' explicitly, and call `setvbuf' when BUFFERED? is false. Pass the port to `http-get'. Close it upon 301/302. * guix/scripts/substitute-binary.scm (fetch): Add `buffered?' parameter. Pass it to `http-fetch'; honor it for `file' URIs. (guix-substitute-binary): Call `fetch' with #:buffered? #f for port RAW. * tests/utils.scm ("filtered-port, file"): Open FILE as unbuffered.
* substitute-binary: Work around thread-unsafe `regexp-exec'.Ludovic Courtès2013-05-14
| | | | | | * guix/scripts/substitute-binary.scm (%regexp-exec-mutex): New variable. (string->uri): New procedure. (fields->alist): Wrap `regexp-exec' call in `with-mutex'.
* Move record utilities to (guix records).Ludovic Courtès2013-05-12
| | | | | | | | | | | | | | | | * guix/utils.scm (define-record-type*): Move to... * guix/records.scm: ... here. New file. * guix/build-system.scm, guix/packages.scm: Use it. * guix/gnu-maintenance.scm: Likewise. (official-gnu-packages)[alist->record]: Remove. * guix/scripts/substitute-binary.scm: Likewise. (alist->record, object->fields): Remove. * tests/utils.scm ("define-record-type*", "define-record-type* with letrec* behavior", "define-record-type* & inherit", "define-record-type* & inherit & letrec* behavior", "define-record-type* & thunked", "define-record-type* & thunked & default", "define-record-type* & thunked & inherited"): Move to... * tests/records.scm: ... here. New file.
* substitute-binary: Support decompression from non-file ports.Ludovic Courtès2013-04-29
| | | | | | | | | | | * guix/scripts/substitute-binary.scm (filtered-port): Move to utils.scm. (decompressed-port): Upon "none", return '() as the second value. (guix-substitute-binary): Expect `decompressed-port' to return a list of PIDs as its second value. * guix/utils.scm (filtered-port): New procedure. Add case for when INPUT is not `file-port?'. * tests/utils.scm ("filtered-port, file", "filtered-port, non-file"): New tests.
* web: Factorize `http-get' hackery.Ludovic Courtès2013-04-25
| | | | | | | | | | | | | This should fix `substitute-binary --query' on Guile 2.0.5. * guix/web.scm: New file. * Makefile.am (MODULES): Add it. * po/POTFILES.in: Add it. * guix/gnu-maintenance.scm (http-fetch): Remove. (%package-list-url): Turn into a URI. (official-gnu-packages): Add #:text? #t to `http-fetch' call. * guix/scripts/substitute-binary.scm (fetch): Remove `http' case, and use `http-fetch' instead.
* substitute-binary: Remove expired cache entries once in a while.Ludovic Courtès2013-04-20
| | | | | | | | | | * guix/scripts/substitute-binary.scm (%narinfo-expired-cache-entry-removal-delay): New variable. (obsolete?): New procedure, formerly in `lookup-narinfo'. (lookup-narinfo): Adjust accordingly. (remove-expired-cached-narinfos, maybe-remove-expired-cached-narinfo): New procedures. (guix-substitute-binary): Call `maybe-remove-expired-cached-narinfo'.
* substitute-binary: Skip servers that use a different store prefix.Ludovic Courtès2013-04-15
| | | | | * guix/scripts/substitute-binary.scm (fetch-narinfo): Return #f when CACHE uses a store directory different from (%store-prefix).
* substitute-binary: Call `open-cache' only when needed.Ludovic Courtès2013-04-15
| | | | | | * guix/scripts/substitute-binary.scm (lookup-narinfo): Force CACHE when passing it to `fetch-narinfo'. (guix-substitute-binary): Delay calls to `open-cache'.
* substitute-binary: Add a local cache.Ludovic Courtès2013-04-15
| | | | | | | | | | | | * guix/scripts/substitute-binary.scm (%narinfo-cache-directory, %narinfo-ttl, %narinfo-negative-ttl): New variables. (with-atomic-file-output, object->fields, read-narinfo, write-narinfo, narinfo->string, string->narinfo, lookup-narinfo): New procedures. (fetch-narinfo): Adjust to use `read-narinfo'. (guix-substitute-binary): Ensure the existence of %NARINFO-CACHE-DIRECTORY. Use `lookup-narinfo' instead of `fetch-narinfo'.
* substitute-binary: Implement `--substitute'.Ludovic Courtès2013-04-12
| | | | | | | | | | | | | | | | | | This allows build outputs to be transparently downloaded from http://hydra.gnu.org, for example. * config-daemon.ac: Check for `gzip', `bzip2', and `xz'. * guix/config.scm.in (%gzip, %bzip2, %xz): New variable. * guix/scripts/substitute-binary.scm (fetch): Return SIZE as a second value. (<narinfo>): Change `url' to `uri'. (make-narinfo): Rename to... (narinfo-maker): ... this. Handle relative URLs. (fetch-narinfo): Adjust accordingly. (filtered-port, decompressed-port): New procedures. (guix-substitute-binary): Implement the `--substitute' case. * tests/store.scm ("substitute query"): Use (%store-prefix) instead of (getenv "NIX_STORE_DIR"). ("substitute"): New test.
* substitute-binary: Correctly handle missing narinfos in `--query' mode.Ludovic Courtès2013-04-12
| | | | | * guix/scripts/substitute-binary.scm (guix-substitute-binary)["--query"]("have", "info"): Filter SUBSTITUTABLE through `narinfo?'.
* substitute-binary: Fix communication of several store paths to the daemon.Ludovic Courtès2013-04-04
| | | | | | * guix/scripts/substitute-binary.scm (guix-substitute-binary)["--query"]: Emit blank lines only after the complete list of store paths has been returned.
* Add preliminary binary substituter.Ludovic Courtès2013-04-03
* guix/scripts/substitute-binary.scm: New file. * Makefile.am (MODULES): Add it. * nix/scripts/substitute-binary.in: New file. * config-daemon.ac: Produce nix/scripts/substitute-binary. * daemon.am (nodist_pkglibexec_SCRIPTS): Add nix/scripts/substitute-binary. * guix/store.scm (substitutable-path-info): Use the `query-substitutable-path-infos' RPC. * nix/nix-daemon/guix-daemon.cc (main): Honor `NIX_SUBSTITUTERS'. * pre-inst-env.in: Set `NIX_SUBSTITUTERS'. * test-env.in: Leave `NIX_SUBSTITUTERS' unchanged. Set `GUIX_BINARY_SUBSTITUTE_URL, and create $NIX_STATE_DIR/substituter-data. Run `guix-daemon' within `./pre-inst-env'. * tests/store.scm ("substitute query"): New test.