From unknown Sat Aug 09 13:01:08 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#27426 <27426@debbugs.gnu.org> To: bug#27426 <27426@debbugs.gnu.org> Subject: Status: [PATCH 0/2] 'guix-daemon --listen' can specify multiple interfaces Reply-To: bug#27426 <27426@debbugs.gnu.org> Date: Sat, 09 Aug 2025 20:01:08 +0000 retitle 27426 [PATCH 0/2] 'guix-daemon --listen' can specify multiple inter= faces reassign 27426 guix-patches submitter 27426 Ludovic Court=C3=A8s severity 27426 normal tag 27426 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 19 12:03:28 2017 Received: (at submit) by debbugs.gnu.org; 19 Jun 2017 16:03:28 +0000 Received: from localhost ([127.0.0.1]:56414 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMz9E-0003xO-5R for submit@debbugs.gnu.org; Mon, 19 Jun 2017 12:03:28 -0400 Received: from eggs.gnu.org ([208.118.235.92]:51037) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMz9D-0003xB-9I for submit@debbugs.gnu.org; Mon, 19 Jun 2017 12:03:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dMz94-0006H4-Di for submit@debbugs.gnu.org; Mon, 19 Jun 2017 12:03:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:50261) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dMz94-0006Gs-BL for submit@debbugs.gnu.org; Mon, 19 Jun 2017 12:03:18 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41936) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dMz93-00012m-5I for guix-patches@gnu.org; Mon, 19 Jun 2017 12:03:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dMz92-0006G1-80 for guix-patches@gnu.org; Mon, 19 Jun 2017 12:03:17 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:46502) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dMz8x-0006Dx-JW; Mon, 19 Jun 2017 12:03:11 -0400 Received: from [193.50.110.101] (port=48058 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dMz8x-0006tW-0I; Mon, 19 Jun 2017 12:03:11 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/2] 'guix-daemon --listen' can specify multiple interfaces Date: Mon, 19 Jun 2017 18:03:02 +0200 Message-Id: <20170619160302.31557-1-ludo@gnu.org> X-Mailer: git-send-email 2.13.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.4 (---) Hello Guix! Commit 3dff90ce34448551bc82a6a7262837c0561a4691 added support for guix:// URIs on the client side. This commit adds guix-daemon support to specify TCP sockets to listen to, like this: # Listen on the loopback interface only, port 1234. guix-daemon --listen=localhost:1234 # Listen on the Unix-domain socket and on the public interface, # port 44146. guix-daemon --listen=/var/guix/daemon-socket/socket \ --listen=0.0.0.0 The primary use case is clusters running a single ‘guix-daemon’ instance that can be accessed from other nodes on the local network. Feedback welcome! Ludo’. Ludovic Courtès (2): store: Define a default port for TCP connections. daemon: '--listen' can be passed several times, can specify TCP endpoints. doc/guix.texi | 39 +++++- guix/store.scm | 12 +- nix/nix-daemon/guix-daemon.cc | 152 +++++++++++++++++++++-- nix/nix-daemon/nix-daemon.cc | 283 +++++++++++++++++++----------------------- tests/guix-daemon.sh | 12 ++ 5 files changed, 317 insertions(+), 181 deletions(-) -- 2.13.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 19 12:05:14 2017 Received: (at 27426) by debbugs.gnu.org; 19 Jun 2017 16:05:14 +0000 Received: from localhost ([127.0.0.1]:56421 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMzAw-00040W-Hq for submit@debbugs.gnu.org; Mon, 19 Jun 2017 12:05:14 -0400 Received: from eggs.gnu.org ([208.118.235.92]:52054) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMzAu-00040E-Un for 27426@debbugs.gnu.org; Mon, 19 Jun 2017 12:05:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dMzAl-00071H-85 for 27426@debbugs.gnu.org; Mon, 19 Jun 2017 12:05:07 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:46544) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dMzAl-00071D-5H; Mon, 19 Jun 2017 12:05:03 -0400 Received: from [193.50.110.101] (port=48060 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dMzAk-0002xc-LY; Mon, 19 Jun 2017 12:05:02 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 27426@debbugs.gnu.org Subject: [PATCH 1/2] store: Define a default port for TCP connections. Date: Mon, 19 Jun 2017 18:04:51 +0200 Message-Id: <20170619160452.31679-1-ludo@gnu.org> X-Mailer: git-send-email 2.13.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: 27426 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.4 (---) From: Ludovic Courtès * guix/store.scm (%default-guix-port): New variable. (connect-to-daemon)[connect]: Use it when (uri-port uri) is #f. --- guix/store.scm | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/guix/store.scm b/guix/store.scm index 2acab6b1a..d8fa833ea 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -379,6 +379,10 @@ (connect s a) s))) +(define %default-guix-port + ;; Default port when connecting to a daemon over TCP/IP. + 44146) + (define (open-inet-socket host port) "Connect to the Unix-domain socket at HOST:PORT and return it. Raise a '&nix-connection-error' upon error." @@ -440,12 +444,8 @@ name." (open-unix-domain-socket (uri-path uri)))) ('guix (lambda (_) - (unless (uri-port uri) - (raise (condition (&nix-connection-error - (file (uri->string uri)) - (errno EBADR))))) ;bah! - - (open-inet-socket (uri-host uri) (uri-port uri)))) + (open-inet-socket (uri-host uri) + (or (uri-port uri) %default-guix-port)))) ((? symbol? scheme) ;; Try to dynamically load a module for SCHEME. ;; XXX: Errors are swallowed. -- 2.13.1 From debbugs-submit-bounces@debbugs.gnu.org Mon Jun 19 12:05:20 2017 Received: (at 27426) by debbugs.gnu.org; 19 Jun 2017 16:05:20 +0000 Received: from localhost ([127.0.0.1]:56423 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMzAw-00040Z-Or for submit@debbugs.gnu.org; Mon, 19 Jun 2017 12:05:20 -0400 Received: from eggs.gnu.org ([208.118.235.92]:52052) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dMzAu-00040D-Ul for 27426@debbugs.gnu.org; Mon, 19 Jun 2017 12:05:13 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dMzAm-00071f-Fj for 27426@debbugs.gnu.org; Mon, 19 Jun 2017 12:05:07 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:46545) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dMzAm-00071T-Ab; Mon, 19 Jun 2017 12:05:04 -0400 Received: from [193.50.110.101] (port=48060 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dMzAl-0002xc-HL; Mon, 19 Jun 2017 12:05:04 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 27426@debbugs.gnu.org Subject: [PATCH 2/2] daemon: '--listen' can be passed several times, can specify TCP endpoints. Date: Mon, 19 Jun 2017 18:04:52 +0200 Message-Id: <20170619160452.31679-2-ludo@gnu.org> X-Mailer: git-send-email 2.13.1 In-Reply-To: <20170619160452.31679-1-ludo@gnu.org> References: <20170619160452.31679-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: 27426 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.4 (---) From: Ludovic Courtès * nix/nix-daemon/guix-daemon.cc (DEFAULT_GUIX_PORT): New macro. (listen_options): New variable. (parse_opt): Push back '--listen' options to LISTEN_OPTIONS. (open_unix_domain_socket, open_inet_socket) (listening_sockets): New functions. (main): Use it. Pass SOCKETS to 'run'. * nix/nix-daemon/nix-daemon.cc (matchUser): Remove. (SD_LISTEN_FDS_START): Remove. (acceptConnection): New function. (daemonLoop): Rewrite to take a vector of file descriptors, to select(2) on them, and to call 'acceptConnection'. (run): Change to take a vector of file descriptors. * tests/guix-daemon.sh: Add test. --- doc/guix.texi | 39 +++++- nix/nix-daemon/guix-daemon.cc | 152 +++++++++++++++++++++-- nix/nix-daemon/nix-daemon.cc | 283 +++++++++++++++++++----------------------- tests/guix-daemon.sh | 12 ++ 4 files changed, 311 insertions(+), 175 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 4933a98dd..ca265fc49 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1258,12 +1258,35 @@ Assume @var{system} as the current system type. By default it is the architecture/kernel pair found at configure time, such as @code{x86_64-linux}. -@item --listen=@var{socket} -Listen for connections on @var{socket}, the file name of a Unix-domain -socket. The default socket is -@file{@var{localstatedir}/daemon-socket/socket}. This option is only -useful in exceptional circumstances, such as if you need to run several -daemons on the same machine. +@item --listen=@var{endpoint} +Listen for connections on @var{endpoint}. @var{endpoint} is interpreted +as the file name of a Unix-domain socket if it starts with +@code{/} (slash sign). Otherwise, @var{endpoint} is interpreted as a +host name or host name and port to listen to. Here are a few example: + +@table @code +@item --listen=/gnu/var/daemon +Listen for connections on the @file{/gnu/var/daemon} Unix-domain socket, +creating it if needed. + +@item --listen=localhost +Listen for TCP connections on the network interface corresponding to +@code{localhost}, on port 44146. + +@item --listen=128.0.0.42:1234 +Listen for TCP connections on the network interface corresponding to +@code{128.0.0.42}, on port 1234. +@end table + +This option can be repeated multiple times, in which case +@command{guix-daemon} accepts connections on all the specified +endpoints. Users can tell client commands what endpoint to connect to +by setting the @code{GUIX_DAEMON_SOCKET} environment variable +(@pxref{The Store, @code{GUIX_DAEMON_SOCKET}}). + +When @code{--listen} is omitted, @command{guix-daemon} listens for +connections on the Unix-domain socket located at +@file{@var{localstatedir}/daemon-socket/socket}. @end table @@ -3781,6 +3804,10 @@ This setup is suitable on local networks, such as clusters, where only trusted nodes may connect to the build daemon at @code{master.guix.example.org}. +The @code{--listen} option of @command{guix-daemon} can be used to +instruct it to listen for TCP connections (@pxref{Invoking guix-daemon, +@code{--listen}}). + @item ssh @cindex SSH access to build daemons These URIs allow you to connect to a remote daemon over diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc index 0d9c33d1d..ba898f572 100644 --- a/nix/nix-daemon/guix-daemon.cc +++ b/nix/nix-daemon/guix-daemon.cc @@ -1,5 +1,6 @@ /* GNU Guix --- Functional package management for GNU Copyright (C) 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès + Copyright (C) 2006, 2010, 2012, 2014 Eelco Dolstra This file is part of GNU Guix. @@ -30,8 +31,12 @@ #include #include #include +#include +#include +#include #include #include +#include #include #include @@ -43,7 +48,7 @@ char **argvSaved; using namespace nix; /* Entry point in `nix-daemon.cc'. */ -extern void run (Strings args); +extern void run (const std::vector &); /* Command-line options. */ @@ -149,6 +154,12 @@ to live outputs") }, }; +/* Default port for '--listen' on TCP/IP. */ +#define DEFAULT_GUIX_PORT "44146" + +/* List of '--listen' options. */ +static std::list listen_options; + /* Convert ARG to a Boolean value, or throw an error if it does not denote a Boolean. */ static bool @@ -217,15 +228,7 @@ parse_opt (int key, char *arg, struct argp_state *state) settings.keepLog = false; break; case GUIX_OPT_LISTEN: - try - { - settings.nixDaemonSocketFile = canonPath (arg); - } - catch (std::exception &e) - { - fprintf (stderr, _("error: %s\n"), e.what ()); - exit (EXIT_FAILURE); - } + listen_options.push_back (arg); break; case GUIX_OPT_SUBSTITUTE_URLS: settings.set ("substitute-urls", arg); @@ -276,13 +279,134 @@ static const struct argp argp = guix_textdomain }; + +static int +open_unix_domain_socket (const char *file) +{ + /* Create and bind to a Unix domain socket. */ + AutoCloseFD fdSocket = socket (PF_UNIX, SOCK_STREAM, 0); + if (fdSocket == -1) + throw SysError ("cannot create Unix domain socket"); + + createDirs (dirOf (file)); + + /* Urgh, sockaddr_un allows path names of only 108 characters. + So chdir to the socket directory so that we can pass a + relative path name. */ + if (chdir (dirOf (file).c_str ()) == -1) + throw SysError ("cannot change current directory"); + Path fileRel = "./" + baseNameOf (file); + + struct sockaddr_un addr; + addr.sun_family = AF_UNIX; + if (fileRel.size () >= sizeof (addr.sun_path)) + throw Error (format ("socket path `%1%' is too long") % fileRel); + strcpy (addr.sun_path, fileRel.c_str ()); + + unlink (file); + + /* Make sure that the socket is created with 0666 permission + (everybody can connect --- provided they have access to the + directory containing the socket). */ + mode_t oldMode = umask (0111); + int res = bind (fdSocket, (struct sockaddr *) &addr, sizeof addr); + umask (oldMode); + if (res == -1) + throw SysError (format ("cannot bind to socket `%1%'") % file); + + if (chdir ("/") == -1) /* back to the root */ + throw SysError ("cannot change current directory"); + + if (listen (fdSocket, 5) == -1) + throw SysError (format ("cannot listen on socket `%1%'") % file); + + return fdSocket.borrow (); +} + +/* Return a listening socket for ADDRESS, which has the given LENGTH. */ +static int +open_inet_socket (const struct sockaddr *address, socklen_t length) +{ + AutoCloseFD fd = socket (address->sa_family, SOCK_STREAM, 0); + if (fd == -1) + throw SysError("cannot open inet socket"); + + int res = bind (fd, address, length); + if (res == -1) + throw SysError("cannot bind inet socket"); + + if (listen (fd, 5) == -1) + throw SysError (format ("cannot listen on inet socket")); + + return fd.borrow (); +} + +/* Return a list of file descriptors of listening sockets. */ +static std::vector +listening_sockets (const std::list &options) +{ + std::vector result; + + if (options.empty ()) + { + /* Open the default Unix-domain socket. */ + auto fd = open_unix_domain_socket (settings.nixDaemonSocketFile.c_str ()); + result.push_back (fd); + return result; + } + + /* Open the user-specified sockets. */ + for (const std::string& option: options) + { + if (option[0] == '/') + { + /* Assume OPTION is the file name of a Unix-domain socket. */ + settings.nixDaemonSocketFile = canonPath (option); + int fd = + open_unix_domain_socket (settings.nixDaemonSocketFile.c_str ()); + result.push_back (fd); + } + else + { + /* Assume OPTIONS has the form "HOST" or "HOST:PORT". */ + auto colon = option.find_last_of (":"); + auto host = colon == std::string::npos + ? option : option.substr (0, colon); + auto port = colon == std::string::npos + ? DEFAULT_GUIX_PORT + : option.substr (colon + 1, option.size () - colon - 1); + + struct addrinfo *res, hints; + + memset (&hints, '\0', sizeof hints); + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_NUMERICSERV | AI_ADDRCONFIG; + + int err = getaddrinfo (host.c_str(), port.c_str (), + &hints, &res); + + if (err != 0) + throw Error(format ("failed to look up '%1%': %2%") + % option % gai_strerror (err)); + + printMsg (lvlDebug, format ("listening on '%1%', port '%2%'") + % host % port); + + /* XXX: Pick the first result, RES. */ + result.push_back (open_inet_socket (res->ai_addr, + res->ai_addrlen)); + + freeaddrinfo (res); + } + } + + return result; +} int main (int argc, char *argv[]) { - static const Strings nothing; - setlocale (LC_ALL, ""); bindtextdomain (guix_textdomain, LOCALEDIR); textdomain (guix_textdomain); @@ -359,6 +483,8 @@ main (int argc, char *argv[]) argp_parse (&argp, argc, argv, 0, 0, 0); + auto sockets = listening_sockets (listen_options); + /* Effect all the changes made via 'settings.set'. */ settings.update (); @@ -402,7 +528,7 @@ using `--build-users-group' is highly recommended\n")); printMsg (lvlDebug, format ("listening on `%1%'") % settings.nixDaemonSocketFile); - run (nothing); + run (sockets); } catch (std::exception &e) { diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index 79580ffb4..3d8e90990 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -809,151 +810,87 @@ static void setSigChldAction(bool autoReap) } -bool matchUser(const string & user, const string & group, const Strings & users) +/* Accept a connection on FDSOCKET and fork a server process to process the + new connection. */ +static void acceptConnection(int fdSocket) { - if (find(users.begin(), users.end(), "*") != users.end()) - return true; - - if (find(users.begin(), users.end(), user) != users.end()) - return true; - - for (auto & i : users) - if (string(i, 0, 1) == "@") { - if (group == string(i, 1)) return true; - struct group * gr = getgrnam(i.c_str() + 1); - if (!gr) continue; - for (char * * mem = gr->gr_mem; *mem; mem++) - if (user == string(*mem)) return true; - } - - return false; -} - - -#define SD_LISTEN_FDS_START 3 - - -static void daemonLoop() -{ - if (chdir("/") == -1) - throw SysError("cannot change current directory"); - - /* Get rid of children automatically; don't let them become - zombies. */ - setSigChldAction(true); - - AutoCloseFD fdSocket; - - /* Handle socket-based activation by systemd. */ - if (getEnv("LISTEN_FDS") != "") { - if (getEnv("LISTEN_PID") != std::to_string(getpid()) || getEnv("LISTEN_FDS") != "1") - throw Error("unexpected systemd environment variables"); - fdSocket = SD_LISTEN_FDS_START; - } - - /* Otherwise, create and bind to a Unix domain socket. */ - else { - - /* Create and bind to a Unix domain socket. */ - fdSocket = socket(PF_UNIX, SOCK_STREAM, 0); - if (fdSocket == -1) - throw SysError("cannot create Unix domain socket"); - - string socketPath = settings.nixDaemonSocketFile; - - createDirs(dirOf(socketPath)); - - /* Urgh, sockaddr_un allows path names of only 108 characters. - So chdir to the socket directory so that we can pass a - relative path name. */ - if (chdir(dirOf(socketPath).c_str()) == -1) - throw SysError("cannot change current directory"); - Path socketPathRel = "./" + baseNameOf(socketPath); - - struct sockaddr_un addr; - addr.sun_family = AF_UNIX; - if (socketPathRel.size() >= sizeof(addr.sun_path)) - throw Error(format("socket path `%1%' is too long") % socketPathRel); - strcpy(addr.sun_path, socketPathRel.c_str()); - - unlink(socketPath.c_str()); - - /* Make sure that the socket is created with 0666 permission - (everybody can connect --- provided they have access to the - directory containing the socket). */ - mode_t oldMode = umask(0111); - int res = bind(fdSocket, (struct sockaddr *) &addr, sizeof(addr)); - umask(oldMode); - if (res == -1) - throw SysError(format("cannot bind to socket `%1%'") % socketPath); - - if (chdir("/") == -1) /* back to the root */ - throw SysError("cannot change current directory"); - - if (listen(fdSocket, 5) == -1) - throw SysError(format("cannot listen on socket `%1%'") % socketPath); - } - - closeOnExec(fdSocket); - - /* Loop accepting connections. */ - while (1) { - - try { - /* Important: the server process *cannot* open the SQLite - database, because it doesn't like forks very much. */ - assert(!store); - - /* Accept a connection. */ - struct sockaddr_un remoteAddr; - socklen_t remoteAddrLen = sizeof(remoteAddr); - - AutoCloseFD remote = accept(fdSocket, - (struct sockaddr *) &remoteAddr, &remoteAddrLen); - checkInterrupt(); - if (remote == -1) { - if (errno == EINTR) - continue; - else - throw SysError("accepting connection"); - } - - closeOnExec(remote); - - bool trusted = false; - pid_t clientPid = -1; - + uid_t clientUid = (uid_t) -1; + gid_t clientGid = (gid_t) -1; + + try { + /* Important: the server process *cannot* open the SQLite + database, because it doesn't like forks very much. */ + assert(!store); + + /* Accept a connection. */ + struct sockaddr_storage remoteAddr; + socklen_t remoteAddrLen = sizeof(remoteAddr); + + try_again: + AutoCloseFD remote = accept(fdSocket, + (struct sockaddr *) &remoteAddr, &remoteAddrLen); + checkInterrupt(); + if (remote == -1) { + if (errno == EINTR) + goto try_again; + else + throw SysError("accepting connection"); + } + + closeOnExec(remote); + + pid_t clientPid = -1; + bool trusted = false; + + /* Get the identity of the caller, if possible. */ + if (remoteAddr.ss_family == AF_UNIX) { #if defined(SO_PEERCRED) - /* Get the identity of the caller, if possible. */ - ucred cred; - socklen_t credLen = sizeof(cred); - if (getsockopt(remote, SOL_SOCKET, SO_PEERCRED, &cred, &credLen) == -1) - throw SysError("getting peer credentials"); + ucred cred; + socklen_t credLen = sizeof(cred); + if (getsockopt(remote, SOL_SOCKET, SO_PEERCRED, + &cred, &credLen) == -1) + throw SysError("getting peer credentials"); - clientPid = cred.pid; + clientPid = cred.pid; + clientUid = cred.uid; + clientGid = cred.gid; + trusted = clientUid == 0; struct passwd * pw = getpwuid(cred.uid); string user = pw ? pw->pw_name : std::to_string(cred.uid); - struct group * gr = getgrgid(cred.gid); - string group = gr ? gr->gr_name : std::to_string(cred.gid); - - Strings trustedUsers = settings.get("trusted-users", Strings({"root"})); - Strings allowedUsers = settings.get("allowed-users", Strings({"*"})); - - if (matchUser(user, group, trustedUsers)) - trusted = true; - - if (!trusted && !matchUser(user, group, allowedUsers)) - throw Error(format("user `%1%' is not allowed to connect to the Nix daemon") % user); - - printMsg(lvlInfo, format((string) "accepted connection from pid %1%, user %2%" - + (trusted ? " (trusted)" : "")) % clientPid % user); + printMsg(lvlInfo, + format((string) "accepted connection from pid %1%, user %2%") + % clientPid % user); #endif + } else { + char address_str[128]; + const char *result; - /* Fork a child to handle the connection. */ - startProcess([&]() { - fdSocket.close(); + if (remoteAddr.ss_family == AF_INET) { + struct sockaddr_in *addr = (struct sockaddr_in *) &remoteAddr; + struct in_addr inaddr = { addr->sin_addr }; + result = inet_ntop(AF_INET, &inaddr, + address_str, sizeof address_str); + } else if (remoteAddr.ss_family == AF_INET6) { + struct sockaddr_in6 *addr = (struct sockaddr_in6 *) &remoteAddr; + struct in6_addr inaddr = { addr->sin6_addr }; + result = inet_ntop(AF_INET6, &inaddr, + address_str, sizeof address_str); + } else { + result = NULL; + } + + if (result != NULL) { + printMsg(lvlInfo, + format("accepted connection from %1%") + % address_str); + } + } + + /* Fork a child to handle the connection. */ + startProcess([&]() { + close(fdSocket); /* Background the daemon. */ if (setsid() == -1) @@ -968,17 +905,11 @@ static void daemonLoop() strncpy(argvSaved[1], processName.c_str(), strlen(argvSaved[1])); } -#if defined(SO_PEERCRED) /* Store the client's user and group for this connection. This has to be done in the forked process since it is per - connection. */ - settings.clientUid = cred.uid; - settings.clientGid = cred.gid; -#else - /* Setting these to -1 means: do not change */ - settings.clientUid = (uid_t) -1; - settings.clientGid = (gid_t) -1; -#endif + connection. Setting these to -1 means: do not change. */ + settings.clientUid = clientUid; + settings.clientGid = clientGid; /* Handle the connection. */ from.fd = remote; @@ -988,23 +919,63 @@ static void daemonLoop() exit(0); }, false, "unexpected Nix daemon error: ", true); - } catch (Interrupted & e) { - throw; - } catch (Error & e) { - printMsg(lvlError, format("error processing connection: %1%") % e.msg()); - } + } catch (Interrupted & e) { + throw; + } catch (Error & e) { + printMsg(lvlError, format("error processing connection: %1%") % e.msg()); } } - -void run(Strings args) +static void daemonLoop(const std::vector& sockets) { - for (Strings::iterator i = args.begin(); i != args.end(); ) { - string arg = *i++; - if (arg == "--daemon") /* ignored for backwards compatibility */; + if (chdir("/") == -1) + throw SysError("cannot change current directory"); + + /* Get rid of children automatically; don't let them become + zombies. */ + setSigChldAction(true); + + /* Mark sockets as close-on-exec. */ + for(int fd: sockets) { + closeOnExec(fd); } - daemonLoop(); + /* Prepare the FD set corresponding to SOCKETS. */ + auto initializeFDSet = [&](fd_set *set) { + FD_ZERO(set); + for (int fd: sockets) { + FD_SET(fd, set); + } + }; + + /* Loop accepting connections. */ + while (1) { + fd_set readfds; + + initializeFDSet(&readfds); + int count = + select(*std::max_element(sockets.begin(), sockets.end()) + 1, + &readfds, NULL, NULL, + NULL); + if (count < 0) { + int err = errno; + if (err == EINTR) + continue; + throw SysError(format("select error: %1%") % strerror(err)); + } + + for (unsigned int i = 0; i < sockets.size(); i++) { + if (FD_ISSET(sockets[i], &readfds)) { + acceptConnection(sockets[i]); + } + } + } +} + + +void run(const std::vector& sockets) +{ + daemonLoop(sockets); } diff --git a/tests/guix-daemon.sh b/tests/guix-daemon.sh index 9186ffd58..7212e3eb6 100644 --- a/tests/guix-daemon.sh +++ b/tests/guix-daemon.sh @@ -81,6 +81,18 @@ guile -c " kill "$daemon_pid" +# Pass several '--listen' options, and make sure they are all honored. +guix-daemon --disable-chroot --listen="$socket" --listen="$socket-second" \ + --listen="localhost" --listen="localhost:9876" & +daemon_pid=$! + +for uri in "$socket" "$socket-second" \ + "guix://localhost" "guix://localhost:9876" +do + GUIX_DAEMON_SOCKET="$uri" guix build guile-bootstrap +done + +kill "$daemon_pid" # Check the failed build cache. -- 2.13.1 From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 20 08:30:08 2017 Received: (at 27426) by debbugs.gnu.org; 20 Jun 2017 12:30:08 +0000 Received: from localhost ([127.0.0.1]:56970 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNIIK-0007Fj-62 for submit@debbugs.gnu.org; Tue, 20 Jun 2017 08:30:08 -0400 Received: from eggs.gnu.org ([208.118.235.92]:51608) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNIIH-0007Dv-TJ for 27426@debbugs.gnu.org; Tue, 20 Jun 2017 08:30:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dNIIB-0006Ln-EC for 27426@debbugs.gnu.org; Tue, 20 Jun 2017 08:30:00 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:38687) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dNII6-0006KV-59; Tue, 20 Jun 2017 08:29:54 -0400 Received: from [143.121.198.177] (port=59564 helo=cog147) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dNII5-0007Dp-Ie; Tue, 20 Jun 2017 08:29:53 -0400 References: <20170619160302.31557-1-ludo@gnu.org> User-agent: mu4e 0.9.18; emacs 25.2.1 From: Roel Janssen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#27426] [PATCH 0/2] 'guix-daemon --listen' can specify multiple interfaces In-reply-to: <20170619160302.31557-1-ludo@gnu.org> Date: Tue, 20 Jun 2017 14:29:46 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: 27426 Cc: 27426@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.4 (---) Hi Ludo’, Ludovic Courtès writes: > Hello Guix! > > Commit 3dff90ce34448551bc82a6a7262837c0561a4691 added support for > guix:// URIs on the client side. This commit adds guix-daemon support > to specify TCP sockets to listen to, like this: > > # Listen on the loopback interface only, port 1234. > guix-daemon --listen=localhost:1234 > > # Listen on the Unix-domain socket and on the public interface, > # port 44146. > guix-daemon --listen=/var/guix/daemon-socket/socket \ > --listen=0.0.0.0 > > The primary use case is clusters running a single ‘guix-daemon’ instance > that can be accessed from other nodes on the local network. > > Feedback welcome! Thanks a lot for these patches! Today I tried to run the guix-daemon with it on our cluster. It works fine, except for the following (which might be unrelated): [root@hpcguix ~]$ /gnu/repositories/guix/guix-daemon --listen=/gnu/daemon-socket/socket --listen=: ... [roel@submit-node1 ~]$ guixr package -i samtools The following package will be installed: samtools 1.3.1 /gnu/store/syl74az7a5mw5f8r5jfldiddlyc3ry28-samtools-1.3.1 substitute: error: executing `/usr/local/libexec/guix/substitute': No such file or directory guix package: error: build failed: substituter `substitute' died unexpectedly When passing --no-substitutes, the command works, which means the guix-daemon with these patches applied does what we expect. Note that, I could've used 'guix' instead of 'guixr', but all 'guixr' essentially does is set the GUIX_DAEMON_SOCKET and GUIX_PACKAGE_PATH variables. I wonder where this /usr/local/libexec comes from, and how/where I can configure it so that it works the same as before. Thanks again for these patches. Kind regards, Roel Janssen From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 20 09:29:05 2017 Received: (at 27426) by debbugs.gnu.org; 20 Jun 2017 13:29:05 +0000 Received: from localhost ([127.0.0.1]:57002 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNJDN-00009n-A3 for submit@debbugs.gnu.org; Tue, 20 Jun 2017 09:29:05 -0400 Received: from eggs.gnu.org ([208.118.235.92]:38264) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNJDL-00009F-ER for 27426@debbugs.gnu.org; Tue, 20 Jun 2017 09:29:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dNJDB-0000rN-8G for 27426@debbugs.gnu.org; Tue, 20 Jun 2017 09:28:58 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:39304) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dNJCz-0000jH-VP; Tue, 20 Jun 2017 09:28:42 -0400 Received: from [143.121.198.177] (port=60058 helo=cog147) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dNJCz-0002o6-Ck; Tue, 20 Jun 2017 09:28:41 -0400 References: <20170619160302.31557-1-ludo@gnu.org> User-agent: mu4e 0.9.18; emacs 25.2.1 From: Roel Janssen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#27426] [PATCH 0/2] 'guix-daemon --listen' can specify multiple interfaces In-reply-to: Date: Tue, 20 Jun 2017 15:28:37 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: 27426 Cc: 27426@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.4 (---) Roel Janssen writes: > Hi Ludo’, > > Ludovic Courtès writes: > >> Hello Guix! >> >> Commit 3dff90ce34448551bc82a6a7262837c0561a4691 added support for >> guix:// URIs on the client side. This commit adds guix-daemon support >> to specify TCP sockets to listen to, like this: >> >> # Listen on the loopback interface only, port 1234. >> guix-daemon --listen=localhost:1234 >> >> # Listen on the Unix-domain socket and on the public interface, >> # port 44146. >> guix-daemon --listen=/var/guix/daemon-socket/socket \ >> --listen=0.0.0.0 >> >> The primary use case is clusters running a single ‘guix-daemon’ instance >> that can be accessed from other nodes on the local network. >> >> Feedback welcome! > > Thanks a lot for these patches! Today I tried to run the guix-daemon > with it on our cluster. It works fine, except for the following (which > might be unrelated): > > [root@hpcguix ~]$ /gnu/repositories/guix/guix-daemon --listen=/gnu/daemon-socket/socket --listen=: ... > > [roel@submit-node1 ~]$ guixr package -i samtools > The following package will be installed: > samtools 1.3.1 /gnu/store/syl74az7a5mw5f8r5jfldiddlyc3ry28-samtools-1.3.1 > > substitute: error: executing `/usr/local/libexec/guix/substitute': No such file or directory > guix package: error: build failed: substituter `substitute' died unexpectedly > Ooh, nevermind.. This has to do with the 'pre-inst-env' script. > > When passing --no-substitutes, the command works, which means the > guix-daemon with these patches applied does what we expect. > > Note that, I could've used 'guix' instead of 'guixr', but all 'guixr' > essentially does is set the GUIX_DAEMON_SOCKET and GUIX_PACKAGE_PATH > variables. > > I wonder where this /usr/local/libexec comes from, and how/where I can > configure it so that it works the same as before. > > Thanks again for these patches. > > Kind regards, > Roel Janssen From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 20 10:09:17 2017 Received: (at 27426) by debbugs.gnu.org; 20 Jun 2017 14:09:17 +0000 Received: from localhost ([127.0.0.1]:58310 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNJqG-0001Sp-PQ for submit@debbugs.gnu.org; Tue, 20 Jun 2017 10:09:16 -0400 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:27478) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNJqF-0001Sc-CX for 27426@debbugs.gnu.org; Tue, 20 Jun 2017 10:09:15 -0400 X-IronPort-AV: E=Sophos;i="5.39,364,1493676000"; d="scan'208";a="229028180" Received: from unknown (HELO ribbon) ([193.50.110.127]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384; 20 Jun 2017 16:09:01 +0200 From: ludovic.courtes@inria.fr (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Roel Janssen Subject: Re: [bug#27426] [PATCH 0/2] 'guix-daemon --listen' can specify multiple interfaces References: <20170619160302.31557-1-ludo@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 2 Messidor an 225 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Tue, 20 Jun 2017 16:08:57 +0200 In-Reply-To: (Roel Janssen's message of "Tue, 20 Jun 2017 15:28:37 +0200") Message-ID: <87d19ybvk6.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 27426 Cc: 27426@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi Roel, Roel Janssen skribis: > Roel Janssen writes: > >> Hi Ludo=E2=80=99, >> >> Ludovic Court=C3=A8s writes: >> >>> Hello Guix! >>> >>> Commit 3dff90ce34448551bc82a6a7262837c0561a4691 added support for >>> guix:// URIs on the client side. This commit adds guix-daemon support >>> to specify TCP sockets to listen to, like this: >>> >>> # Listen on the loopback interface only, port 1234. >>> guix-daemon --listen=3Dlocalhost:1234 >>> >>> # Listen on the Unix-domain socket and on the public interface, >>> # port 44146. >>> guix-daemon --listen=3D/var/guix/daemon-socket/socket \ >>> --listen=3D0.0.0.0 >>> >>> The primary use case is clusters running a single =E2=80=98guix-daemon= =E2=80=99 instance >>> that can be accessed from other nodes on the local network. >>> >>> Feedback welcome! >> >> Thanks a lot for these patches! Today I tried to run the guix-daemon >> with it on our cluster. It works fine, except for the following (which >> might be unrelated): >> >> [root@hpcguix ~]$ /gnu/repositories/guix/guix-daemon --listen=3D/gnu/dae= mon-socket/socket --listen=3D: ... >> >> [roel@submit-node1 ~]$ guixr package -i samtools >> The following package will be installed: >> samtools 1.3.1 /gnu/store/syl74az7a5mw5f8r5jfldiddlyc3ry28-samt= ools-1.3.1 >> >> substitute: error: executing `/usr/local/libexec/guix/substitute': No su= ch file or directory >> guix package: error: build failed: substituter `substitute' died unexpec= tedly >> > > Ooh, nevermind.. This has to do with the 'pre-inst-env' script. OK. Thanks for testing! I=E2=80=99ll merge it soon if there aren=E2=80=99t mor= e comments on the interface or code. Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 20 11:15:23 2017 Received: (at 27426) by debbugs.gnu.org; 20 Jun 2017 15:15:23 +0000 Received: from localhost ([127.0.0.1]:58324 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNKsF-00030F-AU for submit@debbugs.gnu.org; Tue, 20 Jun 2017 11:15:23 -0400 Received: from eggs.gnu.org ([208.118.235.92]:38071) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNKsD-000303-Ej for 27426@debbugs.gnu.org; Tue, 20 Jun 2017 11:15:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dNKs3-0005P4-Ew for 27426@debbugs.gnu.org; Tue, 20 Jun 2017 11:15:16 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40746) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dNKs3-0005Ow-BS; Tue, 20 Jun 2017 11:15:11 -0400 Received: from [143.121.198.177] (port=34468 helo=cog147) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dNKs2-0001av-Ph; Tue, 20 Jun 2017 11:15:11 -0400 References: <20170619160302.31557-1-ludo@gnu.org> <87d19ybvk6.fsf@gnu.org> User-agent: mu4e 0.9.18; emacs 25.2.1 From: Roel Janssen To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#27426] [PATCH 0/2] 'guix-daemon --listen' can specify multiple interfaces In-reply-to: <87d19ybvk6.fsf@gnu.org> Date: Tue, 20 Jun 2017 17:15:08 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -3.4 (---) X-Debbugs-Envelope-To: 27426 Cc: 27426@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.4 (---) Ludovic Courtès writes: > Hi Roel, > > Roel Janssen skribis: > >> Roel Janssen writes: >> >>> Hi Ludo’, >>> >>> Ludovic Courtès writes: >>> >>>> Hello Guix! >>>> >>>> Commit 3dff90ce34448551bc82a6a7262837c0561a4691 added support for >>>> guix:// URIs on the client side. This commit adds guix-daemon support >>>> to specify TCP sockets to listen to, like this: >>>> >>>> # Listen on the loopback interface only, port 1234. >>>> guix-daemon --listen=localhost:1234 >>>> >>>> # Listen on the Unix-domain socket and on the public interface, >>>> # port 44146. >>>> guix-daemon --listen=/var/guix/daemon-socket/socket \ >>>> --listen=0.0.0.0 >>>> >>>> The primary use case is clusters running a single ‘guix-daemon’ instance >>>> that can be accessed from other nodes on the local network. >>>> >>>> Feedback welcome! >>> >>> Thanks a lot for these patches! Today I tried to run the guix-daemon >>> with it on our cluster. It works fine, except for the following (which >>> might be unrelated): >>> >>> [root@hpcguix ~]$ /gnu/repositories/guix/guix-daemon --listen=/gnu/daemon-socket/socket --listen=: ... >>> >>> [roel@submit-node1 ~]$ guixr package -i samtools >>> The following package will be installed: >>> samtools 1.3.1 /gnu/store/syl74az7a5mw5f8r5jfldiddlyc3ry28-samtools-1.3.1 >>> >>> substitute: error: executing `/usr/local/libexec/guix/substitute': No such file or directory >>> guix package: error: build failed: substituter `substitute' died unexpectedly >>> >> >> Ooh, nevermind.. This has to do with the 'pre-inst-env' script. > > OK. > > Thanks for testing! I’ll merge it soon if there aren’t more comments > on the interface or code. I tested it with the pre-inst-env and it works fine. Looking forward to see this in upstream! Thanks a lot! Kind regards, Roel Janssen From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 22 05:02:41 2017 Received: (at 27426-done) by debbugs.gnu.org; 22 Jun 2017 09:02:41 +0000 Received: from localhost ([127.0.0.1]:60587 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNy0e-000332-QA for submit@debbugs.gnu.org; Thu, 22 Jun 2017 05:02:40 -0400 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:54997) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNy0Z-00032h-Tj for 27426-done@debbugs.gnu.org; Thu, 22 Jun 2017 05:02:39 -0400 X-IronPort-AV: E=Sophos;i="5.39,372,1493676000"; d="scan'208";a="280139395" Received: from unknown (HELO ribbon) ([193.50.110.160]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/AES256-GCM-SHA384; 22 Jun 2017 11:02:29 +0200 From: ludovic.courtes@inria.fr (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Roel Janssen Subject: Re: [bug#27426] [PATCH 0/2] 'guix-daemon --listen' can specify multiple interfaces Organization: Inria Bordeaux Sud-Ouest References: <20170619160302.31557-1-ludo@gnu.org> <87d19ybvk6.fsf@gnu.org> X-URL: http://people.bordeaux.inria.fr/lcourtes/ X-Revolutionary-Date: 4 Messidor an 225 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Thu, 22 Jun 2017 11:02:29 +0200 In-Reply-To: (Roel Janssen's message of "Tue, 20 Jun 2017 17:15:08 +0200") Message-ID: <87a850e6oq.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: 27426-done Cc: 27426-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi! Roel Janssen skribis: > I tested it with the pre-inst-env and it works fine. > Looking forward to see this in upstream! Pushed, thanks! Ludo=E2=80=99. From unknown Sat Aug 09 13:01:08 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 20 Jul 2017 11:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator