mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-27 04:59:27 -05:00
daemon: 'guix substitute' replies on FD 4.
This avoids the situation where error messages would unintentionally go
to stderr and be wrongfully interpreted as a reply by the daemon.
Fixes <https://bugs.gnu.org/46362>.
This is a followup to ee3226e9d5
.
* guix/scripts/substitute.scm (display-narinfo-data): Add 'port'
parameter and honor it.
(process-query): Likewise.
(process-substitution): Likewise.
(%error-to-file-descriptor-4?, with-redirected-error-port): Remove.
(%reply-file-descriptor): New variable.
(guix-substitute): Remove use of 'with-redirected-error-port'. Define
'reply-port' and pass it to 'process-query' and 'process-substitution'.
* nix/libstore/build.cc (SubstitutionGoal::handleChildOutput): Swap
'builderOut' and 'fromAgent'.
* nix/libstore/local-store.cc (LocalStore::getLineFromSubstituter):
Likewise.
* tests/substitute.scm <top level>: Set '%reply-file-descriptor'
rather than '%error-to-file-descriptor-4?'.
This commit is contained in:
parent
ccff338086
commit
2d73086262
4 changed files with 95 additions and 108 deletions
|
@ -63,7 +63,7 @@ (define-module (guix scripts substitute)
|
||||||
#:use-module (web uri)
|
#:use-module (web uri)
|
||||||
#:use-module (guix http-client)
|
#:use-module (guix http-client)
|
||||||
#:export (%allow-unauthenticated-substitutes?
|
#:export (%allow-unauthenticated-substitutes?
|
||||||
%error-to-file-descriptor-4?
|
%reply-file-descriptor
|
||||||
|
|
||||||
substitute-urls
|
substitute-urls
|
||||||
guix-substitute))
|
guix-substitute))
|
||||||
|
@ -279,29 +279,29 @@ (define-syntax-rule (with-cpu-usage-monitoring exp ...)
|
||||||
"Evaluate EXP... Return its CPU usage as a fraction between 0 and 1."
|
"Evaluate EXP... Return its CPU usage as a fraction between 0 and 1."
|
||||||
(call-with-cpu-usage-monitoring (lambda () exp ...)))
|
(call-with-cpu-usage-monitoring (lambda () exp ...)))
|
||||||
|
|
||||||
(define (display-narinfo-data narinfo)
|
(define (display-narinfo-data port narinfo)
|
||||||
"Write to the current output port the contents of NARINFO in the format
|
"Write to PORT the contents of NARINFO in the format expected by the
|
||||||
expected by the daemon."
|
daemon."
|
||||||
(format #t "~a\n~a\n~a\n"
|
(format port "~a\n~a\n~a\n"
|
||||||
(narinfo-path narinfo)
|
(narinfo-path narinfo)
|
||||||
(or (and=> (narinfo-deriver narinfo)
|
(or (and=> (narinfo-deriver narinfo)
|
||||||
(cute string-append (%store-prefix) "/" <>))
|
(cute string-append (%store-prefix) "/" <>))
|
||||||
"")
|
"")
|
||||||
(length (narinfo-references narinfo)))
|
(length (narinfo-references narinfo)))
|
||||||
(for-each (cute format #t "~a/~a~%" (%store-prefix) <>)
|
(for-each (cute format port "~a/~a~%" (%store-prefix) <>)
|
||||||
(narinfo-references narinfo))
|
(narinfo-references narinfo))
|
||||||
|
|
||||||
(let-values (((uri compression file-size)
|
(let-values (((uri compression file-size)
|
||||||
(narinfo-best-uri narinfo
|
(narinfo-best-uri narinfo
|
||||||
#:fast-decompression?
|
#:fast-decompression?
|
||||||
%prefer-fast-decompression?)))
|
%prefer-fast-decompression?)))
|
||||||
(format #t "~a\n~a\n"
|
(format port "~a\n~a\n"
|
||||||
(or file-size 0)
|
(or file-size 0)
|
||||||
(or (narinfo-size narinfo) 0))))
|
(or (narinfo-size narinfo) 0))))
|
||||||
|
|
||||||
(define* (process-query command
|
(define* (process-query port command
|
||||||
#:key cache-urls acl)
|
#:key cache-urls acl)
|
||||||
"Reply to COMMAND, a query as written by the daemon to this process's
|
"Reply on PORT to COMMAND, a query as written by the daemon to this process's
|
||||||
standard input. Use ACL as the access-control list against which to check
|
standard input. Use ACL as the access-control list against which to check
|
||||||
authorized substitutes."
|
authorized substitutes."
|
||||||
(define valid?
|
(define valid?
|
||||||
|
@ -338,17 +338,17 @@ (define (report-progress)
|
||||||
#:open-connection open-connection-for-uri/cached
|
#:open-connection open-connection-for-uri/cached
|
||||||
#:make-progress-reporter make-progress-reporter)))
|
#:make-progress-reporter make-progress-reporter)))
|
||||||
(for-each (lambda (narinfo)
|
(for-each (lambda (narinfo)
|
||||||
(format #t "~a~%" (narinfo-path narinfo)))
|
(format port "~a~%" (narinfo-path narinfo)))
|
||||||
substitutable)
|
substitutable)
|
||||||
(newline)))
|
(newline port)))
|
||||||
(("info" paths ..1)
|
(("info" paths ..1)
|
||||||
;; Reply info about PATHS if it's in CACHE-URLS.
|
;; Reply info about PATHS if it's in CACHE-URLS.
|
||||||
(let ((substitutable (lookup-narinfos/diverse
|
(let ((substitutable (lookup-narinfos/diverse
|
||||||
cache-urls paths valid?
|
cache-urls paths valid?
|
||||||
#:open-connection open-connection-for-uri/cached
|
#:open-connection open-connection-for-uri/cached
|
||||||
#:make-progress-reporter make-progress-reporter)))
|
#:make-progress-reporter make-progress-reporter)))
|
||||||
(for-each display-narinfo-data substitutable)
|
(for-each (cut display-narinfo-data port <>) substitutable)
|
||||||
(newline)))
|
(newline port)))
|
||||||
(wtf
|
(wtf
|
||||||
(error "unknown `--query' command" wtf))))
|
(error "unknown `--query' command" wtf))))
|
||||||
|
|
||||||
|
@ -428,14 +428,14 @@ (define-syntax-rule (with-cached-connection uri port exp ...)
|
||||||
"Bind PORT with EXP... to a socket connected to URI."
|
"Bind PORT with EXP... to a socket connected to URI."
|
||||||
(call-with-cached-connection uri (lambda (port) exp ...)))
|
(call-with-cached-connection uri (lambda (port) exp ...)))
|
||||||
|
|
||||||
(define* (process-substitution store-item destination
|
(define* (process-substitution port store-item destination
|
||||||
#:key cache-urls acl
|
#:key cache-urls acl
|
||||||
deduplicate? print-build-trace?)
|
deduplicate? print-build-trace?)
|
||||||
"Substitute STORE-ITEM (a store file name) from CACHE-URLS, and write it to
|
"Substitute STORE-ITEM (a store file name) from CACHE-URLS, and write it to
|
||||||
DESTINATION as a nar file. Verify the substitute against ACL, and verify its
|
DESTINATION as a nar file. Verify the substitute against ACL, and verify its
|
||||||
hash against what appears in the narinfo. When DEDUPLICATE? is true, and if
|
hash against what appears in the narinfo. When DEDUPLICATE? is true, and if
|
||||||
DESTINATION is in the store, deduplicate its files. Print a status line on
|
DESTINATION is in the store, deduplicate its files. Print a status line to
|
||||||
the current output port."
|
PORT."
|
||||||
(define narinfo
|
(define narinfo
|
||||||
(lookup-narinfo cache-urls store-item
|
(lookup-narinfo cache-urls store-item
|
||||||
(if (%allow-unauthenticated-substitutes?)
|
(if (%allow-unauthenticated-substitutes?)
|
||||||
|
@ -565,10 +565,10 @@ (define cpu-usage
|
||||||
(let ((actual (get-hash)))
|
(let ((actual (get-hash)))
|
||||||
(if (bytevector=? actual expected)
|
(if (bytevector=? actual expected)
|
||||||
;; Tell the daemon that we're done.
|
;; Tell the daemon that we're done.
|
||||||
(format (current-output-port) "success ~a ~a~%"
|
(format port "success ~a ~a~%"
|
||||||
(narinfo-hash narinfo) (narinfo-size narinfo))
|
(narinfo-hash narinfo) (narinfo-size narinfo))
|
||||||
;; The actual data has a different hash than that in NARINFO.
|
;; The actual data has a different hash than that in NARINFO.
|
||||||
(format (current-output-port) "hash-mismatch ~a ~a ~a~%"
|
(format port "hash-mismatch ~a ~a ~a~%"
|
||||||
(hash-algorithm-name algorithm)
|
(hash-algorithm-name algorithm)
|
||||||
(bytevector->nix-base32-string expected)
|
(bytevector->nix-base32-string expected)
|
||||||
(bytevector->nix-base32-string actual)))))))
|
(bytevector->nix-base32-string actual)))))))
|
||||||
|
@ -682,28 +682,10 @@ (define (validate-uri uri)
|
||||||
(unless (string->uri uri)
|
(unless (string->uri uri)
|
||||||
(leave (G_ "~a: invalid URI~%") uri)))
|
(leave (G_ "~a: invalid URI~%") uri)))
|
||||||
|
|
||||||
(define %error-to-file-descriptor-4?
|
(define %reply-file-descriptor
|
||||||
;; Whether to direct 'current-error-port' to file descriptor 4 like
|
;; The file descriptor where replies to the daemon must be sent, or #f to
|
||||||
;; 'guix-daemon' expects.
|
;; use the current output port instead.
|
||||||
(make-parameter #t))
|
(make-parameter 4))
|
||||||
|
|
||||||
;; The daemon's agent code opens file descriptor 4 for us and this is where
|
|
||||||
;; stderr should go.
|
|
||||||
(define-syntax-rule (with-redirected-error-port exp ...)
|
|
||||||
"Evaluate EXP... with the current error port redirected to file descriptor 4
|
|
||||||
if needed, as expected by the daemon's agent."
|
|
||||||
(let ((thunk (lambda () exp ...)))
|
|
||||||
(if (%error-to-file-descriptor-4?)
|
|
||||||
(parameterize ((current-error-port (fdopen 4 "wl")))
|
|
||||||
;; Redirect diagnostics to file descriptor 4 as well.
|
|
||||||
(guix-warning-port (current-error-port))
|
|
||||||
|
|
||||||
;; 'with-continuation-barrier' captures the initial value of
|
|
||||||
;; 'current-error-port' to report backtraces in case of uncaught
|
|
||||||
;; exceptions. Without it, backtraces would be printed to FD 2,
|
|
||||||
;; thereby confusing the daemon.
|
|
||||||
(with-continuation-barrier thunk))
|
|
||||||
(thunk))))
|
|
||||||
|
|
||||||
(define-command (guix-substitute . args)
|
(define-command (guix-substitute . args)
|
||||||
(category internal)
|
(category internal)
|
||||||
|
@ -719,7 +701,12 @@ (define print-build-trace?
|
||||||
(define deduplicate?
|
(define deduplicate?
|
||||||
(find-daemon-option "deduplicate"))
|
(find-daemon-option "deduplicate"))
|
||||||
|
|
||||||
(with-redirected-error-port
|
(define reply-port
|
||||||
|
;; Port used to reply to the daemon.
|
||||||
|
(if (%reply-file-descriptor)
|
||||||
|
(fdopen (%reply-file-descriptor) "wl")
|
||||||
|
(current-output-port)))
|
||||||
|
|
||||||
(mkdir-p %narinfo-cache-directory)
|
(mkdir-p %narinfo-cache-directory)
|
||||||
(maybe-remove-expired-cache-entries %narinfo-cache-directory
|
(maybe-remove-expired-cache-entries %narinfo-cache-directory
|
||||||
cached-narinfo-files
|
cached-narinfo-files
|
||||||
|
@ -754,7 +741,7 @@ (define deduplicate?
|
||||||
(let loop ((command (read-line)))
|
(let loop ((command (read-line)))
|
||||||
(or (eof-object? command)
|
(or (eof-object? command)
|
||||||
(begin
|
(begin
|
||||||
(process-query command
|
(process-query reply-port command
|
||||||
#:cache-urls (substitute-urls)
|
#:cache-urls (substitute-urls)
|
||||||
#:acl acl)
|
#:acl acl)
|
||||||
(loop (read-line)))))))
|
(loop (read-line)))))))
|
||||||
|
@ -768,7 +755,7 @@ (define deduplicate?
|
||||||
((? eof-object?)
|
((? eof-object?)
|
||||||
#t)
|
#t)
|
||||||
((= string-tokenize ("substitute" store-path destination))
|
((= string-tokenize ("substitute" store-path destination))
|
||||||
(process-substitution store-path destination
|
(process-substitution reply-port store-path destination
|
||||||
#:cache-urls (substitute-urls)
|
#:cache-urls (substitute-urls)
|
||||||
#:acl (current-acl)
|
#:acl (current-acl)
|
||||||
#:deduplicate? deduplicate?
|
#:deduplicate? deduplicate?
|
||||||
|
@ -780,7 +767,7 @@ (define deduplicate?
|
||||||
(("--help")
|
(("--help")
|
||||||
(show-help))
|
(show-help))
|
||||||
(opts
|
(opts
|
||||||
(leave (G_ "~a: unrecognized options~%") opts)))))))
|
(leave (G_ "~a: unrecognized options~%") opts))))))
|
||||||
|
|
||||||
;;; Local Variables:
|
;;; Local Variables:
|
||||||
;;; eval: (put 'with-timeout 'scheme-indent-function 1)
|
;;; eval: (put 'with-timeout 'scheme-indent-function 1)
|
||||||
|
|
|
@ -3158,13 +3158,13 @@ void SubstitutionGoal::finished()
|
||||||
void SubstitutionGoal::handleChildOutput(int fd, const string & data)
|
void SubstitutionGoal::handleChildOutput(int fd, const string & data)
|
||||||
{
|
{
|
||||||
if (verbosity >= settings.buildVerbosity
|
if (verbosity >= settings.buildVerbosity
|
||||||
&& fd == substituter->builderOut.readSide) {
|
&& fd == substituter->fromAgent.readSide) {
|
||||||
writeToStderr(data);
|
writeToStderr(data);
|
||||||
/* Don't write substitution output to a log file for now. We
|
/* Don't write substitution output to a log file for now. We
|
||||||
probably should, though. */
|
probably should, though. */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fd == substituter->fromAgent.readSide) {
|
if (fd == substituter->builderOut.readSide) {
|
||||||
/* DATA may consist of several lines. Process them one by one. */
|
/* DATA may consist of several lines. Process them one by one. */
|
||||||
string input = data;
|
string input = data;
|
||||||
while (!input.empty()) {
|
while (!input.empty()) {
|
||||||
|
|
|
@ -780,8 +780,8 @@ Path LocalStore::queryPathFromHashPart(const string & hashPart)
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Read a line from the substituter's stdout, while also processing
|
/* Read a line from the substituter's reply file descriptor, while also
|
||||||
its stderr. */
|
processing its stderr. */
|
||||||
string LocalStore::getLineFromSubstituter(Agent & run)
|
string LocalStore::getLineFromSubstituter(Agent & run)
|
||||||
{
|
{
|
||||||
string res, err;
|
string res, err;
|
||||||
|
@ -802,9 +802,9 @@ string LocalStore::getLineFromSubstituter(Agent & run)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Completely drain stderr before dealing with stdout. */
|
/* Completely drain stderr before dealing with stdout. */
|
||||||
if (FD_ISSET(run.builderOut.readSide, &fds)) {
|
if (FD_ISSET(run.fromAgent.readSide, &fds)) {
|
||||||
char buf[4096];
|
char buf[4096];
|
||||||
ssize_t n = read(run.builderOut.readSide, (unsigned char *) buf, sizeof(buf));
|
ssize_t n = read(run.fromAgent.readSide, (unsigned char *) buf, sizeof(buf));
|
||||||
if (n == -1) {
|
if (n == -1) {
|
||||||
if (errno == EINTR) continue;
|
if (errno == EINTR) continue;
|
||||||
throw SysError("reading from substituter's stderr");
|
throw SysError("reading from substituter's stderr");
|
||||||
|
@ -822,9 +822,9 @@ string LocalStore::getLineFromSubstituter(Agent & run)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Read from stdout until we get a newline or the buffer is empty. */
|
/* Read from stdout until we get a newline or the buffer is empty. */
|
||||||
else if (FD_ISSET(run.fromAgent.readSide, &fds)) {
|
else if (FD_ISSET(run.builderOut.readSide, &fds)) {
|
||||||
unsigned char c;
|
unsigned char c;
|
||||||
readFull(run.fromAgent.readSide, (unsigned char *) &c, 1);
|
readFull(run.builderOut.readSide, (unsigned char *) &c, 1);
|
||||||
if (c == '\n') {
|
if (c == '\n') {
|
||||||
if (!err.empty()) printMsg(lvlError, "substitute: " + err);
|
if (!err.empty()) printMsg(lvlError, "substitute: " + err);
|
||||||
return res;
|
return res;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2014 Nikita Karetnikov <nikita@karetnikov.org>
|
;;; Copyright © 2014 Nikita Karetnikov <nikita@karetnikov.org>
|
||||||
;;; Copyright © 2014, 2015, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2014, 2015, 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org>
|
||||||
;;;
|
;;;
|
||||||
;;; This file is part of GNU Guix.
|
;;; This file is part of GNU Guix.
|
||||||
;;;
|
;;;
|
||||||
|
@ -198,7 +198,7 @@ (define-syntax-rule (with-narinfo* narinfo directory body ...)
|
||||||
|
|
||||||
;; Never use file descriptor 4, unlike what happens when invoked by the
|
;; Never use file descriptor 4, unlike what happens when invoked by the
|
||||||
;; daemon.
|
;; daemon.
|
||||||
(%error-to-file-descriptor-4? #f)
|
(%reply-file-descriptor #f)
|
||||||
|
|
||||||
|
|
||||||
(test-equal "query narinfo without signature"
|
(test-equal "query narinfo without signature"
|
||||||
|
|
Loading…
Reference in a new issue