Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.
Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.
* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter. Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
This could lead to random deadlocks in one of these two tests when
running "make check -j5".
* tests/guix-daemon.sh (tcp_socket): Change port to 9998 to avoid
collision with tests/lint.scm.
* nix/nix-daemon/nix-daemon.cc (isRemoteConnection): New variable.
(performOp): For wopCollectGarbage, throw an error when isRemoteConnection
is set.
(acceptConnection): Set isRemoteConnection when connection is not AF_UNIX.
* tests/guix-daemon.sh: Add a test for the new behavior.
* nix/nix-daemon/guix-daemon.cc (DEFAULT_GUIX_PORT): New macro.
(listen_options): New variable.
(parse_opt): Push back '--listen' options to LISTEN_OPTIONS.
(open_unix_domain_socket, open_inet_socket)
(listening_sockets): New functions.
(main): Use it. Pass SOCKETS to 'run'.
* nix/nix-daemon/nix-daemon.cc (matchUser): Remove.
(SD_LISTEN_FDS_START): Remove.
(acceptConnection): New function.
(daemonLoop): Rewrite to take a vector of file descriptors, to select(2)
on them, and to call 'acceptConnection'.
(run): Change to take a vector of file descriptors.
* tests/guix-daemon.sh: Add test.
Fixes <http://bugs.gnu.org/20217>.
* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0x161.
* nix/nix-daemon/nix-daemon.cc (performOp): "build-max-jobs",
"build-max-silent-time", and "build-cores" are no longer read upfront;
instead, read them from the key/value list at the end.
* nix/nix-daemon/guix-daemon.cc (main): Explicitly set
'settings.maxBuildJobs'.
* guix/store.scm (%protocol-version): Bump to #x161.
(set-build-options): #:max-build-jobs, #:max-silent-time, and
#:build-cores now default to #f. Adjust handshake to new protocol.
* tests/store.scm ("build-cores"): New test.
* tests/guix-daemon.sh: Add test for default "build-cores" value.
Suggested by Mark H Weaver <mhw@netris.org>.
* guix/store.scm (query-failed-paths, clear-failed-paths): New
procedures.
* tests/guix-daemon.sh: Add test with daemon started with
--cache-failures.
* guix/scripts/substitute.scm (or*): New macro.
(%cache-url): Honor "untrusted-substitute-urls".
* guix/tests.scm (%test-substitute-urls): New variable.
(open-connection-for-tests): Use it.
* tests/derivations.scm ("derivation-prerequisites-to-build and substitutes",
"derivation-prerequisites-to-build and substitutes, non-substitutable
build", "derivation-prerequisites-to-build and substitutes, local build"):
Pass it to 'set-build-options'.
* tests/guix-daemon.sh: Likewise.
* tests/store.scm ("substitute query, alternating URLs"): New test.
("substitute query", "substitute", "substitute + build-things with output
path", "substitute, corrupt output hash", "substitute --fallback"): Pass
#:substitute-urls to 'set-build-options'.
* test-env.in: New file.
* configure.ac: Add it to `AC_CONFIG_FILES' and `commands-exec'.
* config-daemon.ac: Set and substitute `GUIX_TEST_ROOT'.
* Makefile.am (SCM_LOG_COMPILER, SH_LOG_COMPILER): Use it in lieu of
`pre-inst-env'.
* daemon.am (test_root): Remove
(AM_TESTS_ENVIRONMENT): Remove `TEST_ROOT'.
(clean-local): Use $(GUIX_TEST_ROOT); make files writable before
removing them.guix_test_root
* tests/guix-daemon.sh: Remove `NIX_' variable settings; don't launch
`guix-daemon'.
* nix/scripts/list-runtime-roots.in: New file.
* config-daemon.ac: Add `AC_CONFIG_FILES' invocation for it.
* daemon.am (nodist_pkglibexec_SCRIPTS): New variable.
(AM_TESTS_ENVIRONMENT): Define `top_builddir'.
* tests/guix-daemon.sh: Export `NIX_ROOT_FINDER'.
* nix/sync-with-upstream: Substitute the path to the root finder in
libstore/gc.cc.
Ludovic Courtès
Roel Janssen
Ludovic Courtès
Taylan Ulrich Bayırlı/Kammer
Mark H Weaver