archive.scm 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422
  1. ;;; GNU Guix --- Functional package management for GNU
  2. ;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
  3. ;;; Copyright © 2020 Tobias Geerinckx-Rice <me@tobias.gr>
  4. ;;;
  5. ;;; This file is part of GNU Guix.
  6. ;;;
  7. ;;; GNU Guix is free software; you can redistribute it and/or modify it
  8. ;;; under the terms of the GNU General Public License as published by
  9. ;;; the Free Software Foundation; either version 3 of the License, or (at
  10. ;;; your option) any later version.
  11. ;;;
  12. ;;; GNU Guix is distributed in the hope that it will be useful, but
  13. ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
  14. ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. ;;; GNU General Public License for more details.
  16. ;;;
  17. ;;; You should have received a copy of the GNU General Public License
  18. ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
  19. (define-module (guix scripts archive)
  20. #:use-module (guix config)
  21. #:use-module (guix utils)
  22. #:use-module (guix combinators)
  23. #:use-module ((guix build utils) #:select (mkdir-p))
  24. #:use-module ((guix serialization)
  25. #:select (fold-archive restore-file))
  26. #:use-module (guix store)
  27. #:use-module ((guix status) #:select (with-status-verbosity))
  28. #:use-module (guix grafts)
  29. #:use-module (guix packages)
  30. #:use-module (guix derivations)
  31. #:use-module (guix monads)
  32. #:use-module (guix ui)
  33. #:use-module (guix pki)
  34. #:use-module (gcrypt common)
  35. #:use-module (gcrypt pk-crypto)
  36. #:use-module (guix scripts)
  37. #:use-module (guix scripts build)
  38. #:use-module (gnu packages)
  39. #:use-module (ice-9 match)
  40. #:use-module (ice-9 format)
  41. #:use-module (ice-9 rdelim)
  42. #:use-module (srfi srfi-1)
  43. #:use-module (srfi srfi-11)
  44. #:use-module (srfi srfi-26)
  45. #:use-module (srfi srfi-37)
  46. #:use-module (ice-9 binary-ports)
  47. #:use-module (rnrs bytevectors)
  48. #:export (guix-archive
  49. options->derivations+files))
  50. ;;;
  51. ;;; Command-line options.
  52. ;;;
  53. (define %default-options
  54. ;; Alist of default option values.
  55. `((system . ,(%current-system))
  56. (substitutes? . #t)
  57. (offload? . #t)
  58. (graft? . #t)
  59. (print-build-trace? . #t)
  60. (print-extended-build-trace? . #t)
  61. (multiplexed-build-output? . #t)
  62. (verbosity . 2)
  63. (debug . 0)))
  64. (define (show-help)
  65. (display (G_ "Usage: guix archive [OPTION]... PACKAGE...
  66. Export/import one or more packages from/to the store.\n"))
  67. (display (G_ "
  68. --export export the specified files/packages to stdout"))
  69. (display (G_ "
  70. -r, --recursive combined with '--export', include dependencies"))
  71. (display (G_ "
  72. --import import from the archive passed on stdin"))
  73. (display (G_ "
  74. --missing print the files from stdin that are missing"))
  75. (display (G_ "
  76. -x, --extract=DIR extract the archive on stdin to DIR"))
  77. (display (G_ "
  78. -t, --list list the files in the archive on stdin"))
  79. (newline)
  80. (display (G_ "
  81. --generate-key[=PARAMETERS]
  82. generate a key pair with the given parameters"))
  83. (display (G_ "
  84. --authorize authorize imports signed by the public key on stdin"))
  85. (newline)
  86. (display (G_ "
  87. -e, --expression=EXPR build the package or derivation EXPR evaluates to"))
  88. (display (G_ "
  89. -S, --source build the packages' source derivations"))
  90. (display (G_ "
  91. -s, --system=SYSTEM attempt to build for SYSTEM--e.g., \"i686-linux\""))
  92. (display (G_ "
  93. --target=TRIPLET cross-build for TRIPLET--e.g., \"armel-linux-gnu\""))
  94. (display (G_ "
  95. -v, --verbosity=LEVEL use the given verbosity LEVEL"))
  96. (newline)
  97. (show-build-options-help)
  98. (newline)
  99. (display (G_ "
  100. -h, --help display this help and exit"))
  101. (display (G_ "
  102. -V, --version display version information and exit"))
  103. (newline)
  104. (show-bug-report-information))
  105. (define %key-generation-parameters
  106. ;; Default key generation parameters. We prefer Ed25519, but it was
  107. ;; introduced in libgcrypt 1.6.0.
  108. (if (version>? (gcrypt-version) "1.6.0")
  109. "(genkey (ecdsa (curve Ed25519) (flags rfc6979)))"
  110. "(genkey (rsa (nbits 4:4096)))"))
  111. (define %options
  112. ;; Specifications of the command-line options.
  113. (cons* (option '(#\h "help") #f #f
  114. (lambda args
  115. (show-help)
  116. (exit 0)))
  117. (option '(#\V "version") #f #f
  118. (lambda args
  119. (show-version-and-exit "guix build")))
  120. (option '("export") #f #f
  121. (lambda (opt name arg result)
  122. (alist-cons 'export #t result)))
  123. (option '(#\r "recursive") #f #f
  124. (lambda (opt name arg result)
  125. (alist-cons 'export-recursive? #t result)))
  126. (option '("import") #f #f
  127. (lambda (opt name arg result)
  128. (alist-cons 'import #t result)))
  129. (option '("missing") #f #f
  130. (lambda (opt name arg result)
  131. (alist-cons 'missing #t result)))
  132. (option '("extract" #\x) #t #f
  133. (lambda (opt name arg result)
  134. (alist-cons 'extract arg result)))
  135. (option '("list" #\t) #f #f
  136. (lambda (opt name arg result)
  137. (alist-cons 'list #t result)))
  138. (option '("generate-key") #f #t
  139. (lambda (opt name arg result)
  140. (catch 'gcry-error
  141. (lambda ()
  142. ;; XXX: Curve25519 was actually introduced in
  143. ;; libgcrypt 1.6.0.
  144. (let ((params
  145. (string->canonical-sexp
  146. (or arg %key-generation-parameters))))
  147. (alist-cons 'generate-key params result)))
  148. (lambda (key proc err)
  149. (leave (G_ "invalid key generation parameters: ~a: ~a~%")
  150. (error-source err)
  151. (error-string err))))))
  152. (option '("authorize") #f #f
  153. (lambda (opt name arg result)
  154. (alist-cons 'authorize #t result)))
  155. (option '(#\S "source") #f #f
  156. (lambda (opt name arg result)
  157. (alist-cons 'source? #t result)))
  158. (option '(#\s "system") #t #f
  159. (lambda (opt name arg result)
  160. (alist-cons 'system arg
  161. (alist-delete 'system result eq?))))
  162. (option '("target") #t #f
  163. (lambda (opt name arg result)
  164. (alist-cons 'target arg
  165. (alist-delete 'target result eq?))))
  166. (option '(#\e "expression") #t #f
  167. (lambda (opt name arg result)
  168. (alist-cons 'expression arg result)))
  169. (option '(#\v "verbosity") #t #f
  170. (lambda (opt name arg result)
  171. (let ((level (string->number* arg)))
  172. (alist-cons 'verbosity level
  173. (alist-delete 'verbosity result)))))
  174. (option '(#\n "dry-run") #f #f
  175. (lambda (opt name arg result)
  176. (alist-cons 'dry-run? #t result)))
  177. %standard-build-options))
  178. (define (derivation-from-expression store str package-derivation
  179. system source?)
  180. "Read/eval STR and return the corresponding derivation path for SYSTEM.
  181. When SOURCE? is true and STR evaluates to a package, return the derivation of
  182. the package source; otherwise, use PACKAGE-DERIVATION to compute the
  183. derivation of a package."
  184. (match (read/eval str)
  185. ((? package? p)
  186. (if source?
  187. (let ((source (package-source p)))
  188. (if source
  189. (package-source-derivation store source)
  190. (leave (G_ "package `~a' has no source~%")
  191. (package-name p))))
  192. (package-derivation store p system)))
  193. ((? procedure? proc)
  194. (run-with-store store
  195. (mbegin %store-monad
  196. (set-guile-for-build (default-guile))
  197. (proc)) #:system system))))
  198. (define (options->derivations+files store opts)
  199. "Given OPTS, the result of 'args-fold', return a list of derivations to
  200. build and a list of store files to transfer."
  201. (define package->derivation
  202. (match (assoc-ref opts 'target)
  203. (#f package-derivation)
  204. (triplet
  205. (cut package-cross-derivation <> <> triplet <>))))
  206. (define src? (assoc-ref opts 'source?))
  207. (define sys (assoc-ref opts 'system))
  208. (fold2 (lambda (arg derivations files)
  209. (match arg
  210. (('expression . str)
  211. (let ((drv (derivation-from-expression store str
  212. package->derivation
  213. sys src?)))
  214. (values (cons drv derivations)
  215. (cons (derivation->output-path drv) files))))
  216. (('argument . (? store-path? file))
  217. (values derivations (cons file files)))
  218. (('argument . (? string? spec))
  219. (let-values (((p output)
  220. (specification->package+output spec)))
  221. (if src?
  222. (let* ((s (package-source p))
  223. (drv (package-source-derivation store s)))
  224. (values (cons drv derivations)
  225. (cons (derivation->output-path drv)
  226. files)))
  227. (let ((drv (package->derivation store p sys)))
  228. (values (cons drv derivations)
  229. (cons (derivation->output-path drv output)
  230. files))))))
  231. (_
  232. (values derivations files))))
  233. '()
  234. '()
  235. opts))
  236. ;;;
  237. ;;; Entry point.
  238. ;;;
  239. (define (export-from-store store opts)
  240. "Export the packages or derivations specified in OPTS from STORE. Write the
  241. resulting archive to the standard output port."
  242. (let-values (((drv files)
  243. (options->derivations+files store opts)))
  244. (if (build-derivations store drv)
  245. (export-paths store files (current-output-port)
  246. #:recursive? (assoc-ref opts 'export-recursive?))
  247. (leave (G_ "unable to export the given packages~%")))))
  248. (define (generate-key-pair parameters)
  249. "Generate a key pair with PARAMETERS, a canonical sexp, and store it in the
  250. right place."
  251. (when (or (file-exists? %public-key-file)
  252. (file-exists? %private-key-file))
  253. (leave (G_ "key pair exists under '~a'; remove it first~%")
  254. (dirname %public-key-file)))
  255. (format (current-error-port)
  256. (G_ "Please wait while gathering entropy to generate the key pair;
  257. this may take time...~%"))
  258. (let* ((pair (catch 'gcry-error
  259. (lambda ()
  260. (generate-key parameters))
  261. (lambda (key proc err)
  262. (leave (G_ "key generation failed: ~a: ~a~%")
  263. (error-source err)
  264. (error-string err)))))
  265. (public (find-sexp-token pair 'public-key))
  266. (secret (find-sexp-token pair 'private-key)))
  267. ;; Create the following files as #o400.
  268. (umask #o266)
  269. (mkdir-p (dirname %public-key-file))
  270. (with-atomic-file-output %public-key-file
  271. (lambda (port)
  272. (display (canonical-sexp->string public) port)))
  273. (with-atomic-file-output %private-key-file
  274. (lambda (port)
  275. (display (canonical-sexp->string secret) port)))
  276. ;; Make the public key readable by everyone.
  277. (chmod %public-key-file #o444)))
  278. (define (authorize-key)
  279. "Authorize imports signed by the public key passed as an advanced sexp on
  280. the input port."
  281. (define (read-key)
  282. (catch 'gcry-error
  283. (lambda ()
  284. (string->canonical-sexp (read-string (current-input-port))))
  285. (lambda (key proc err)
  286. (leave (G_ "failed to read public key: ~a: ~a~%")
  287. (error-source err) (error-string err)))))
  288. ;; Warn about potentially volatile ACLs, but continue: system reconfiguration
  289. ;; might not be possible without (newly-authorized) substitutes.
  290. (let ((stat (false-if-exception (lstat %acl-file))))
  291. (when (and stat (eq? 'symlink (stat:type (lstat %acl-file))))
  292. (warning (G_ "replacing symbolic link ~a with a regular file~%")
  293. %acl-file)
  294. (when (string-prefix? (%store-prefix) (readlink %acl-file))
  295. (display-hint (G_ "On Guix System, add all @code{authorized-keys} to the
  296. @code{guix-service-type} service of your @code{operating-system} instead.")))))
  297. (let ((key (read-key))
  298. (acl (current-acl)))
  299. (unless (eq? 'public-key (canonical-sexp-nth-data key 0))
  300. (leave (G_ "s-expression does not denote a public key~%")))
  301. ;; Add KEY to the ACL and write that.
  302. (let ((acl (public-keys->acl (cons key (acl->public-keys acl)))))
  303. (mkdir-p (dirname %acl-file))
  304. (with-atomic-file-output %acl-file
  305. (cut write-acl acl <>)))))
  306. (define (list-contents port)
  307. "Read a nar from PORT and print the list of files it contains to the current
  308. output port."
  309. (define (consume-input port size)
  310. (let ((bv (make-bytevector 32768)))
  311. (let loop ((total size))
  312. (unless (zero? total)
  313. (let ((n (get-bytevector-n! port bv 0
  314. (min total (bytevector-length bv)))))
  315. (loop (- total n)))))))
  316. (fold-archive (lambda (file type content result)
  317. (match type
  318. ('directory
  319. (format #t "D ~a~%" file))
  320. ('directory-complete
  321. #t)
  322. ('symlink
  323. (format #t "S ~a -> ~a~%" file content))
  324. ((or 'regular 'executable)
  325. (match content
  326. ((input . size)
  327. (format #t "~a ~60a ~10h B~%"
  328. (if (eq? type 'executable)
  329. "x" "r")
  330. file size)
  331. (consume-input input size))))))
  332. #t
  333. port
  334. ""))
  335. ;;;
  336. ;;; Entry point.
  337. ;;;
  338. (define-command (guix-archive . args)
  339. (category plumbing)
  340. (synopsis "manipulate, export, and import normalized archives (nars)")
  341. (define (lines port)
  342. ;; Return lines read from PORT.
  343. (let loop ((line (read-line port))
  344. (result '()))
  345. (if (eof-object? line)
  346. (reverse result)
  347. (loop (read-line port)
  348. (cons line result)))))
  349. (with-error-handling
  350. (let ((opts (parse-command-line args %options (list %default-options))))
  351. (parameterize ((%graft? (assoc-ref opts 'graft?)))
  352. (cond ((assoc-ref opts 'generate-key)
  353. =>
  354. generate-key-pair)
  355. ((assoc-ref opts 'authorize)
  356. (authorize-key))
  357. (else
  358. (with-status-verbosity (assoc-ref opts 'verbosity)
  359. (with-store store
  360. (set-build-options-from-command-line store opts)
  361. (with-build-handler
  362. (build-notifier #:use-substitutes?
  363. (assoc-ref opts 'substitutes?)
  364. #:verbosity
  365. (assoc-ref opts 'verbosity)
  366. #:dry-run?
  367. (assoc-ref opts 'dry-run?))
  368. (cond ((assoc-ref opts 'export)
  369. (export-from-store store opts))
  370. ((assoc-ref opts 'import)
  371. (import-paths store (current-input-port)))
  372. ((assoc-ref opts 'missing)
  373. (let* ((files (lines (current-input-port)))
  374. (missing (remove (cut valid-path? store <>)
  375. files)))
  376. (format #t "~{~a~%~}" missing)))
  377. ((assoc-ref opts 'list)
  378. (list-contents (current-input-port)))
  379. ((assoc-ref opts 'extract)
  380. =>
  381. (lambda (target)
  382. (restore-file (current-input-port) target)))
  383. (else
  384. (leave
  385. (G_ "either '--export' or '--import' \
  386. must be specified~%")))))))))))))