From: "Ludovic Courtès" <ludo@gnu.org>
To: Christopher Baines <mail@cbaines.net>
Cc: Josselin Poiret <dev@jpoiret.xyz>,
70494@debbugs.gnu.org, Simon Tournier <zimon.toutoune@gmail.com>,
Mathieu Othacehe <othacehe@gnu.org>,
Tobias Geerinckx-Rice <me@tobias.gr>,
Ricardo Wurmus <rekado@elephly.net>,
Christopher Baines <guix@cbaines.net>
Subject: [bug#70494] [PATCH 04/23] guix: store: environment: New module.
Date: Mon, 13 May 2024 17:10:06 +0200 [thread overview]
Message-ID: <87pltp929d.fsf@gnu.org> (raw)
In-Reply-To: <fef23bb1a9eca46cf31e44e0ec6766d1ea3989ae.1713692561.git.mail@cbaines.net> (Christopher Baines's message of "Sun, 21 Apr 2024 10:42:22 +0100")
Hi Chris,
Christopher Baines <mail@cbaines.net> skribis:
> From: Caleb Ristvedt <caleb.ristvedt@cune.org>
>
> * guix/store/environment.scm: New file.
> * guix/store.scm: Export compressed-hash.
> * guix/store/database.scm (output-path-id-sql, outputs-exist?, references-sql,
> file-closure, all-input-output-paths, all-transitive-inputs): New variables.
> (outputs-exist?, file-closure, all-transitive-inputs): Export procedures.
> * Makefile.am (STORE_MODULES): Add guix/store/environment.scm.
>
> Co-authored-by: Christopher Baines <mail@cbaines.net>
> Change-Id: I71ac38fa8596a0c05b34880ca60e8a27ef3892d8
Very cool. Some comments:
> +++ b/guix/store.scm
> @@ -192,6 +192,7 @@ (define-module (guix store)
> grafting?
>
> %store-prefix
> + compressed-hash
> store-path
> output-path
> fixed-output-path
We can keep it this way for now.
However, the suggestion I made to reepca back then was that we should
move the low-level hashing/file name computation procedures to a
separate module, say (guix store file-names), such that daemon code does
not import (guix store).
(guix store) would only contain client-side code, possibly re-exporting
some of (guix store file-names) for compatibility and convenience.
> +(define* (file-closure db path #:key (list-so-far vlist-null))
> + "Return a vlist containing the store paths referenced by PATH, the store
> +paths referenced by those paths, and so on."
s/file-closure/store-item-closure/ ?
> +(define (all-input-output-paths drv)
> + "Return a list containing the output paths this derivation's inputs need to
> +provide."
> + (apply append (map derivation-input-output-paths
Use ‘append-map’ instead.
> + #:export (<environment>
Don’t export record type descriptors in general as this exposes the ABI.
> + environment-namespaces
> + environment-variables
> + environment-temp-dirs
s/temp-dirs/temporary-directories/
> + environment-filesystems
> + environment-new-session?
> + environment-new-pgroup?
> + environment-setup-i/o-proc
> + environment-preserved-fds
> + environment-chroot
> + environment-personality
> + environment-user
> + environment-group
> + environment-hostname
> + environment-domainname
I’d write “file-systems”, “host-name”, and “domain-name”, to be
consistent with the rest of the code base (we can keep “namespaces”
because that’s how Linux spells it.)
> + build-environment-vars
s/vars/variables/
> +(define-record-type* <environment> environment
We should keep in mind that maybe we’ll want to use that in ‘guix shell
-C’ eventually.
> +(define (delete-environment env)
> + "Delete all temporary directories used in ENV."
s/delete-environment/delete-temporary-directories/
> +(define* (temp-directory tmpdir name #:optional permissions user group)
> + "Create a temporary directory under TMPDIR with permissions PERMISSIONS if
> +specified, otherwise default permissions as specified by umask, and belonging
> +to user USER and group GROUP (defaulting to current user if not specified or
> +#f). Return the full filename of the form <tmpdir>/<name>-<number>."
s/temp-directory/create-temporary-directory/
This procedure missed the fix in commit
ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf (CVE-2021-27851). It’s fine to
implement it later but we should at least leave a big FIXME comment.
Somewhere we’ll also need the fix for CVE-2024-27297 (commits
ff1251de0bc327ec478fc66a562430fbf35aef42 and
8f4ffb3fae133bb21d7991e97c2f19a7108b1143).
> +(define* (dump-port port #:optional (target-port (current-output-port)))
Use the one from (guix build utils) instead.
Thanks,
Ludo’.
next prev parent reply other threads:[~2024-05-13 15:11 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-21 9:35 [bug#70494] [PATCH 00/23] Groundwork for the Guile guix-daemon Christopher Baines
2024-04-21 9:42 ` [bug#70494] [PATCH 01/23] store: database: Register derivation outputs Christopher Baines
2024-05-07 14:30 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 02/23] gnu: linux-container: Make it more suitable for derivation-building Christopher Baines
2024-05-07 14:28 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 03/23] syscalls: Add missing pieces for derivation build environment Christopher Baines
2024-05-07 14:27 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 04/23] guix: store: environment: New module Christopher Baines
2024-05-13 15:10 ` Ludovic Courtès [this message]
2024-04-21 9:42 ` [bug#70494] [PATCH 05/23] store: build-derivations: " Christopher Baines
2024-05-13 15:22 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 06/23] store: Export protocol related constants Christopher Baines
2024-05-13 15:58 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 07/23] serialization: Export read-byte-string Christopher Baines
2024-05-13 15:58 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 08/23] store: Add text-output-path and text-output-path-from-hash Christopher Baines
2024-05-13 15:59 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 09/23] store: Add validate-store-name Christopher Baines
2024-05-13 16:04 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 10/23] store: database: Add procedures for querying valid paths Christopher Baines
2024-05-16 16:04 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 11/23] scripts: substitute: Untangle selecting fast vs small compressions Christopher Baines
2024-05-16 16:08 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 12/23] scripts: substitute: Extract script specific output from download-nar Christopher Baines
2024-05-16 16:13 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 13/23] syscalls: Add unshare Christopher Baines
2024-05-16 16:14 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 14/23] scripts: perform-download: Support configuring the %store-prefix Christopher Baines
2024-05-16 16:17 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 15/23] store: Export operation-id Christopher Baines
2024-05-16 16:18 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 16/23] store: database: Log when aborting transactions Christopher Baines
2024-05-16 16:20 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 17/23] store: database: Export transaction helpers Christopher Baines
2024-05-16 16:21 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 18/23] guix: http-client: Add network-error? Christopher Baines
2024-05-16 16:23 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 19/23] http-client: Include EPIPE in network-error? Christopher Baines
2024-05-16 16:23 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 20/23] scripts: substitute: Simplify with-timeout usage Christopher Baines
2024-05-16 16:27 ` Ludovic Courtès
2024-04-21 9:42 ` [bug#70494] [PATCH 21/23] scripts: substitute: Don't enforce cached connections in download-nar Christopher Baines
2024-04-21 9:42 ` [bug#70494] [PATCH 22/23] substitutes: Move download-nar from substitutes script to here Christopher Baines
2024-04-21 9:42 ` [bug#70494] [PATCH 23/23] substitutes: Add #:keep-alive? keyword argument to download-nar Christopher Baines
2024-05-16 16:29 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pltp929d.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=70494@debbugs.gnu.org \
--cc=dev@jpoiret.xyz \
--cc=guix@cbaines.net \
--cc=mail@cbaines.net \
--cc=me@tobias.gr \
--cc=othacehe@gnu.org \
--cc=rekado@elephly.net \
--cc=zimon.toutoune@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.