aboutsummaryrefslogtreecommitdiff
path: root/nix
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2018-12-11 22:18:05 +0100
committerMarius Bakke <mbakke@fastmail.com>2018-12-11 22:18:05 +0100
commitb03e4fd5269897448124a7b61a737802b2c638ee (patch)
treee4eaab1d3076e335c57eea462ff7fda7919f0831 /nix
parentda3c6a7f19ef1243af725f63c16c8fd92fde33b4 (diff)
parent99aad42138e0895df51e64e1261984f277952516 (diff)
downloadguix-b03e4fd5269897448124a7b61a737802b2c638ee.tar
guix-b03e4fd5269897448124a7b61a737802b2c638ee.tar.gz
Merge branch 'master' into core-updates
Diffstat (limited to 'nix')
-rw-r--r--nix/libstore/local-store.cc17
-rw-r--r--nix/local.mk7
-rw-r--r--nix/nix-daemon/guix-daemon.cc12
-rw-r--r--nix/nix-daemon/nix-daemon.cc6
-rw-r--r--nix/scripts/authenticate.in (renamed from nix/scripts/guix-authenticate.in)0
5 files changed, 23 insertions, 19 deletions
diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc
index 4c55c6ea0d..0aed59710f 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -1222,6 +1222,18 @@ static void checkSecrecy(const Path & path)
}
+static std::string runAuthenticationProgram(const Strings & args)
+{
+ /* Use the 'authenticate' script from 'LIBEXECDIR/guix' or just
+ 'LIBEXECDIR', depending on whether we're uninstalled or not. */
+ const bool installed = getenv("GUIX_UNINSTALLED") == NULL;
+ const string program = settings.nixLibexecDir
+ + (installed ? "/guix" : "")
+ + "/authenticate";
+
+ return runProgram(program, false, args);
+}
+
void LocalStore::exportPath(const Path & path, bool sign,
Sink & sink)
{
@@ -1276,7 +1288,8 @@ void LocalStore::exportPath(const Path & path, bool sign,
args.push_back(secretKey);
args.push_back("-in");
args.push_back(hashFile);
- string signature = runProgram(OPENSSL_PATH, true, args);
+
+ string signature = runAuthenticationProgram(args);
writeString(signature, hashAndWriteSink);
@@ -1366,7 +1379,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
args.push_back("-pubin");
args.push_back("-in");
args.push_back(sigFile);
- string hash2 = runProgram(OPENSSL_PATH, true, args);
+ string hash2 = runAuthenticationProgram(args);
/* Note: runProgram() throws an exception if the signature
is invalid. */
diff --git a/nix/local.mk b/nix/local.mk
index 7d45f200b8..fe45c344f0 100644
--- a/nix/local.mk
+++ b/nix/local.mk
@@ -113,7 +113,6 @@ libstore_a_CPPFLAGS = \
-DGUIX_CONFIGURATION_DIRECTORY=\"$(sysconfdir)/guix\" \
-DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
-DNIX_BIN_DIR=\"$(bindir)\" \
- -DOPENSSL_PATH="\"guix-authenticate\"" \
-DDEFAULT_CHROOT_DIRS="\"\""
libstore_a_CXXFLAGS = $(AM_CXXFLAGS) \
@@ -168,10 +167,8 @@ nodist_pkglibexec_SCRIPTS += \
endif BUILD_DAEMON_OFFLOAD
-
-# XXX: It'd be better to hide it in $(pkglibexecdir).
-nodist_libexec_SCRIPTS = \
- %D%/scripts/guix-authenticate
+nodist_pkglibexec_SCRIPTS += \
+ %D%/scripts/authenticate
# The '.service' files for systemd.
systemdservicedir = $(libdir)/systemd/system
diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc
index b71b100f6c..8fdab2d116 100644
--- a/nix/nix-daemon/guix-daemon.cc
+++ b/nix/nix-daemon/guix-daemon.cc
@@ -466,18 +466,6 @@ main (int argc, char *argv[])
{
settings.processEnvironment ();
- /* Hackily help 'local-store.cc' find our 'guix-authenticate' program, which
- is known as 'OPENSSL_PATH' here. */
- std::string search_path;
- search_path = settings.nixLibexecDir;
- if (getenv ("PATH") != NULL)
- {
- search_path += ":";
- search_path += getenv ("PATH");
- }
-
- setenv ("PATH", search_path.c_str (), 1);
-
/* Use our substituter by default. */
settings.substituters.clear ();
settings.set ("build-use-substitutes", "true");
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 2939422172..6ce475a26c 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -565,6 +565,12 @@ static void performOp(bool trusted, unsigned int clientVersion,
case wopSetOptions: {
settings.keepFailed = readInt(from) != 0;
+ if (isRemoteConnection)
+ /* When the client is remote, don't keep the failed build tree as
+ it is presumably inaccessible to the client and could fill up
+ our disk. */
+ settings.keepFailed = 0;
+
settings.keepGoing = readInt(from) != 0;
settings.set("build-fallback", readInt(from) ? "true" : "false");
verbosity = (Verbosity) readInt(from);
diff --git a/nix/scripts/guix-authenticate.in b/nix/scripts/authenticate.in
index 5ce57915f0..5ce57915f0 100644
--- a/nix/scripts/guix-authenticate.in
+++ b/nix/scripts/authenticate.in