[PATCH 0/3] Socket activation for guix-daemon

  • Done
  • quality assurance status badge
Details
One participant
  • Ludovic Courtès
Owner
unassigned
Submitted by
Ludovic Courtès
Severity
normal

Debbugs page

Ludovic Courtès wrote 12 months ago
(address . guix-patches@gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
cover.1742667082.git.ludo@gnu.org
Hello Guix,

This is a small refactor and improvement that will make it easier
to implement support for unprivileged guix-daemon¹ in Guix System.

Thoughts?

Ludo’.


Ludovic Courtès (3):
services: guix: Factorize ‘guix-daemon’ arguments.
services: guix: Streamline the default ‘start’ case.
services: guix: Socket-activate ‘guix-daemon’.

gnu/services/base.scm | 174 ++++++++++++++++++++++--------------------
1 file changed, 90 insertions(+), 84 deletions(-)


base-commit: efac1498c15198afc4f9a2bc700408bde1b3b3ed
--
2.48.1
Ludovic Courtès wrote 12 months ago
[PATCH 1/3] services: guix: Factorize ‘gu ix-daemon’ arguments.
(address . 77189@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
7dbcbbbd99883ac9c4655447ab0df451dfc59b94.1742667082.git.ludo@gnu.org
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method,
move ‘fork+exec-command/container’ arguments to the new variables
‘daemon-command’ and ‘environment-variables’.

Change-Id: Ic04a1006849697e4e185ad94185bbdec8a91a05a
---
gnu/services/base.scm | 115 ++++++++++++++++++++++--------------------
1 file changed, 59 insertions(+), 56 deletions(-)

Toggle diff (142 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 0d2bb31190..6793822666 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2061,6 +2061,63 @@ (define (guix-shepherd-service config)
(define discover?
(or (getenv "discover") #$discover?))
+ (define daemon-command
+ (cons* #$(file-append guix "/bin/guix-daemon")
+ "--build-users-group" #$build-group
+ "--max-silent-time"
+ #$(number->string max-silent-time)
+ "--timeout" #$(number->string timeout)
+ "--log-compression"
+ #$(symbol->string log-compression)
+ #$@(if use-substitutes?
+ '()
+ '("--no-substitutes"))
+ (string-append "--discover="
+ (if discover? "yes" "no"))
+ "--substitute-urls" #$(string-join substitute-urls)
+ #$@extra-options
+
+ #$@(if chroot?
+ '()
+ '("--disable-chroot"))
+ ;; Add CHROOT-DIRECTORIES and all their dependencies
+ ;; (if these are store items) to the chroot.
+ (append-map
+ (lambda (file)
+ (append-map (lambda (directory)
+ (list "--chroot-directory"
+ directory))
+ (call-with-input-file file
+ read)))
+ '#$(map references-file
+ chroot-directories))))
+
+ (define environment-variables
+ (append (list #$@(if tmpdir
+ (list (string-append "TMPDIR=" tmpdir))
+ '())
+
+ ;; Make sure we run in a UTF-8 locale so that
+ ;; 'guix offload' correctly restores nars
+ ;; that contain UTF-8 file names such as
+ ;; 'nss-certs'. See
+ ;; <https://bugs.gnu.org/32942>.
+ (string-append "GUIX_LOCPATH="
+ #$locales "/lib/locale")
+ "LC_ALL=en_US.utf8"
+ ;; Make 'tar' and 'gzip' available so
+ ;; that 'guix perform-download' can use
+ ;; them when downloading from Software
+ ;; Heritage via '(guix swh)'.
+ (string-append "PATH="
+ #$(file-append tar "/bin") ":"
+ #$(file-append gzip "/bin")))
+ (if proxy
+ (list (string-append "http_proxy=" proxy)
+ (string-append "https_proxy=" proxy))
+ '())
+ '#$environment))
+
(mkdir-p "/var/guix")
;; Ensure that a fresh directory is used, in case the old
;; one was more permissive and processes have a file
@@ -2084,35 +2141,7 @@ (define (guix-shepherd-service config)
;; to solve an installation issue. See the comment below for
;; more details.
(fork+exec-command/container
- (cons* #$(file-append guix "/bin/guix-daemon")
- "--build-users-group" #$build-group
- "--max-silent-time"
- #$(number->string max-silent-time)
- "--timeout" #$(number->string timeout)
- "--log-compression"
- #$(symbol->string log-compression)
- #$@(if use-substitutes?
- '()
- '("--no-substitutes"))
- (string-append "--discover="
- (if discover? "yes" "no"))
- "--substitute-urls" #$(string-join substitute-urls)
- #$@extra-options
-
- #$@(if chroot?
- '()
- '("--disable-chroot"))
- ;; Add CHROOT-DIRECTORIES and all their dependencies
- ;; (if these are store items) to the chroot.
- (append-map
- (lambda (file)
- (append-map (lambda (directory)
- (list "--chroot-directory"
- directory))
- (call-with-input-file file
- read)))
- '#$(map references-file
- chroot-directories)))
+ daemon-command
;; When running the installer, we need guix-daemon to
;; operate from within the same MNT namespace as the
@@ -2123,33 +2152,7 @@ (define (guix-shepherd-service config)
#:pid (match args
((pid) (string->number pid))
(else (getpid)))
-
- #:environment-variables
- (append (list #$@(if tmpdir
- (list (string-append "TMPDIR=" tmpdir))
- '())
-
- ;; Make sure we run in a UTF-8 locale so that
- ;; 'guix offload' correctly restores nars
- ;; that contain UTF-8 file names such as
- ;; 'nss-certs'. See
- ;; <https://bugs.gnu.org/32942>.
- (string-append "GUIX_LOCPATH="
- #$locales "/lib/locale")
- "LC_ALL=en_US.utf8"
- ;; Make 'tar' and 'gzip' available so
- ;; that 'guix perform-download' can use
- ;; them when downloading from Software
- ;; Heritage via '(guix swh)'.
- (string-append "PATH="
- #$(file-append tar "/bin") ":"
- #$(file-append gzip "/bin")))
- (if proxy
- (list (string-append "http_proxy=" proxy)
- (string-append "https_proxy=" proxy))
- '())
- '#$environment)
-
+ #:environment-variables environment-variables
#:log-file #$log-file))))
(stop #~(make-kill-destructor))))))
--
2.48.1
Ludovic Courtès wrote 12 months ago
[PATCH 2/3] services: guix: Streamline the defa ult ‘start’ case.
(address . 77189@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
993d04f2cd1957d02ac054fc403c9436807f7734.1742667082.git.ludo@gnu.org
* gnu/services/base.scm (guix-shepherd-service): In ‘start’ method, use
‘fork+exec-command’ in the default case.

Change-Id: Id04d3d2651f89fbcdb2f17f027df91e132ff9ed1
---
gnu/services/base.scm | 31 ++++++++++++++-----------------
1 file changed, 14 insertions(+), 17 deletions(-)

Toggle diff (44 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 6793822666..c7abc9b422 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2137,23 +2137,20 @@ (define (guix-shepherd-service config)
(gid (if group (group:gid (getgrnam group)) -1)))
(chown "/var/guix/daemon-socket" uid gid))
- ;; Start the guix-daemon from a container, when supported,
- ;; to solve an installation issue. See the comment below for
- ;; more details.
- (fork+exec-command/container
- daemon-command
-
- ;; When running the installer, we need guix-daemon to
- ;; operate from within the same MNT namespace as the
- ;; installation container. In that case only, enter the
- ;; namespace of the process PID passed as start argument.
- ;; Otherwise, for symmetry purposes enter the caller
- ;; namespaces which is a no-op.
- #:pid (match args
- ((pid) (string->number pid))
- (else (getpid)))
- #:environment-variables environment-variables
- #:log-file #$log-file))))
+ (match args
+ (((= string->number (? integer? pid)))
+ ;; Start the guix-daemon in the same mnt namespace as
+ ;; PID. This is necessary when running the installer.
+ (fork+exec-command/container
+ daemon-command
+ #:pid pid
+ #:environment-variables environment-variables
+ #:log-file #$log-file))
+ (()
+ (fork+exec-command daemon-command
+ #:environment-variables
+ environment-variables
+ #:log-file #$log-file))))))
(stop #~(make-kill-destructor))))))
(define (guix-accounts config)
--
2.48.1
Ludovic Courtès wrote 12 months ago
[PATCH 3/3] services: guix: Socket-activate ‘guix-daemon’.
(address . 77189@debbugs.gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
61aa1ba0be9a26f3789962e78e91b6cbe91105da.1742667082.git.ludo@gnu.org
* gnu/services/base.scm (guix-shepherd-service): Change ‘start’ to use
‘make-systemd-constructor’ in the default case. Remove now-redundant
code creating /var/guix/daemon-socket/. Adjust ‘stop’ method to use
‘make-systemd-destructor’ when appropriate.

Change-Id: I3572670c90f65509fbad01dcf13a60f772a86839
---
gnu/services/base.scm | 40 +++++++++++++++++++++++-----------------
1 file changed, 23 insertions(+), 17 deletions(-)

Toggle diff (70 lines)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index c7abc9b422..9a9dfdb304 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -2118,40 +2118,46 @@ (define (guix-shepherd-service config)
'())
'#$environment))
- (mkdir-p "/var/guix")
;; Ensure that a fresh directory is used, in case the old
;; one was more permissive and processes have a file
;; descriptor referencing it hanging around, ready to use
;; with openat.
(false-if-exception
(delete-file-recursively "/var/guix/daemon-socket"))
- (let ((perms #$(logand socket-directory-permissions
- (lognot #o022))))
- (mkdir "/var/guix/daemon-socket" perms)
- ;; Override umask
- (chmod "/var/guix/daemon-socket" perms))
-
- (let* ((user #$socket-directory-user)
- (uid (if user (passwd:uid (getpwnam user)) -1))
- (group #$socket-directory-group)
- (gid (if group (group:gid (getgrnam group)) -1)))
- (chown "/var/guix/daemon-socket" uid gid))
(match args
(((= string->number (? integer? pid)))
;; Start the guix-daemon in the same mnt namespace as
;; PID. This is necessary when running the installer.
+ ;; Assume /var/guix/daemon-socket was created by a
+ ;; previous 'start' call without arguments.
(fork+exec-command/container
daemon-command
#:pid pid
#:environment-variables environment-variables
#:log-file #$log-file))
(()
- (fork+exec-command daemon-command
- #:environment-variables
- environment-variables
- #:log-file #$log-file))))))
- (stop #~(make-kill-destructor))))))
+ ;; Default to socket activation.
+ (let ((socket (endpoint
+ (make-socket-address
+ AF_UNIX
+ "/var/guix/daemon-socket/socket")
+ #:name "socket"
+ #:socket-owner
+ (or #$socket-directory-user 0)
+ #:socket-group
+ (or #$socket-directory-group 0)
+ #:socket-directory-permissions
+ #$socket-directory-permissions)))
+ ((make-systemd-constructor daemon-command
+ (list socket)
+ #:environment-variables
+ environment-variables
+ #:log-file #$log-file))))))))
+ (stop #~(lambda (value)
+ (if (or (process? value) (integer? value))
+ ((make-kill-destructor) value)
+ ((make-systemd-destructor) value))))))))
(define (guix-accounts config)
"Return the user accounts and user groups for CONFIG."
--
2.48.1
Ludovic Courtès wrote 11 months ago
Re: [bug#77189] [PATCH 0/3] Socket activation for guix-daemon
(address . 77189-done@debbugs.gnu.org)
87o6x91syi.fsf@gnu.org
Pushed:

c4dd590eab services: guix: Socket-activate ‘guix-daemon’.
96ae99c957 services: guix: Streamline the default ‘start’ case.
b16e3f451f services: guix: Factorize ‘guix-daemon’ arguments.

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 77189@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 77189
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help