Next: , Previous: , Up: 安装   [Contents][Index]


2.5 调用guix-daemon

guix-daemon程序实现了所有访问仓库的功能。包括启动构建进程,运行垃圾回收器,查询构建结果,等。它通常以root身份运行:

# guix-daemon --build-users-group=guixbuild

关于如何设置它,see 设置后台进程

By default, guix-daemon launches build processes under different UIDs, taken from the build group specified with --build-users-group. In addition, each build process is run in a chroot environment that only contains the subset of the store that the build process depends on, as specified by its derivation (see derivation), plus a set of specific system directories. By default, the latter contains /dev and /dev/pts. Furthermore, on GNU/Linux, the build environment is a container: in addition to having its own file system tree, it has a separate mount name space, its own PID name space, network name space, etc. This helps achieve reproducible builds (see 功能).

When the daemon performs a build on behalf of the user, it creates a build directory under /tmp or under the directory specified by its TMPDIR environment variable. This directory is shared with the container for the duration of the build, though within the container, the build tree is always called /tmp/guix-build-name.drv-0.

The build directory is automatically deleted upon completion, unless the build failed and the client specified --keep-failed (see --keep-failed).

The daemon listens for connections and spawns one sub-process for each session started by a client (one of the guix sub-commands). The guix processes command allows you to get an overview of the activity on your system by viewing each of the active sessions and clients. See 调用guix processes, for more information.

下面这些命令行选项受支持:

--build-users-group=用户组

这会从用户组里选取用户,以运行构建进程(see 构建用户)。

--no-substitutes

不要为构建商品使用substitute。即,总是在本地构建,而不是下载预构建的二进制文件(see substitutes)。

When the daemon runs with --no-substitutes, clients can still explicitly enable substitution via the set-build-options remote procedure call (see 仓库).

--substitute-urls=urls

urls是用空格分隔的substitute源URL列表。当这个选项被省略时,默认使用‘https://ci.guix.gnu.org’。

这意味着可以从urls下载substitute,只要它们的签名可信(see substitutes)。

See Getting Substitutes from Other Servers, for more information on how to configure the daemon to get substitutes from other servers.

--no-offload

Do not use offload builds to other machines (see 下发工作给后台进程的设置). That is, always build things locally instead of offloading builds to remote machines.

--cache-failures

缓存失败的构建。默认地,只缓存成功的构建。

当这个选项被使用时,可以用guix gc --list-failures查询被标记为失败的仓库文件;guix gc --clear-failures从仓库里删除失败的缓存。See 调用guix gc

--cores=n
-c n

n个CPU核来构建每个derivation;0表示有多少就用多少。

The default value is 0, but it may be overridden by clients, such as the --cores option of guix build (see 调用guix build).

The effect is to define the NIX_BUILD_CORES environment variable in the build process, which can then use it to exploit internal parallelism—for instance, by running make -j$NIX_BUILD_CORES.

--max-jobs=n
-M n

最多允许n个并行的构建任务。默认值是1。设置为0表示不在本地执行构建;而是下发构建任务(see 下发工作给后台进程的设置),或者直接失败。

--max-silent-time=seconds

当构建或substitution进程超过seconds秒仍然保持静默,就把它结束掉并报告构建失败。

默认值是0,表示关闭超时。

The value specified here can be overridden by clients (see --max-silent-time).

--timeout=seconds

类似地,当构建或substitution进程执行超过seconds秒,就把它结束掉并报告构建失败。

默认值是0,表示关闭超时。

The value specified here can be overridden by clients (see --timeout).

--rounds=N

为每个derivation构建n次,如果连续的构建结果不是每个比特都相同就报告错误。这个设置可以被guix build之类的客户端覆盖(see 调用guix build)。

当和--keep-failed一起使用时,不同的输出保存在/gnu/store/…-check。这让检查两个结果的区别更容易。

--debug

生成调试输出。

This is useful to debug daemon start-up issues, but then it may be overridden by clients, for example the --verbosity option of guix build (see 调用guix build).

--chroot-directory=dir

dir添加到构建的chroot。

这么做可能会改变构建进程的结果–例如,如果它们使用了在dir里发现的可选依赖。因此,建议不要这么做,而是确保每个derivation声明所需的全部输入。

--disable-chroot

关闭chroot构建。

不建议使用这个选项,因为它会允许构建进程访问到没被声明的依赖。但是,当guix-daemon以没有特权的用户身份运行时,这个选项是必须的。

--log-compression=type

type方式压缩构建日志,可选的值:gzipbzip2none

Unless --lose-logs is used, all the build logs are kept in the localstatedir. To save space, the daemon automatically compresses them with Bzip2 by default.

--discover[=yes|no]

Whether to discover substitute servers on the local network using mDNS and DNS-SD.

This feature is still experimental. However, here are a few considerations.

  1. It might be faster/less expensive than fetching from remote servers;
  2. There are no security risks, only genuine substitutes will be used (see 验证substitute);
  3. An attacker advertising guix publish on your LAN cannot serve you malicious binaries, but they can learn what software you’re installing;
  4. Servers may serve substitute over HTTP, unencrypted, so anyone on the LAN can see what software you’re installing.

It is also possible to enable or disable substitute server discovery at run-time by running:

herd discover guix-daemon on
herd discover guix-daemon off
--disable-deduplication

关闭自动对仓库文件“去重”。

默认地,添加到仓库的文件会被自动“去重”:如果新添加的文件和仓库里找到的某个文件完全相同,后台进程把这个新文件变成另一个文件的硬链接。这可以明显地减少硬盘使用,代价是构建结束后轻微地增加输入/输出负载。这个选项关闭这个优化。

--gc-keep-outputs[=yes|no]

垃圾收集器(GC)是否必须保留存活的derivation的输出。

When set to yes, the GC will keep the outputs of any live derivation available in the store—the .drv files. The default is no, meaning that derivation outputs are kept only if they are reachable from a GC root. See 调用guix gc, for more on GC roots.

--gc-keep-derivations[=yes|no]

垃圾收集器(GC)是否必须保留和存活的输出相关的derivation。

When set to yes, as is the case by default, the GC keeps derivations—i.e., .drv files—as long as at least one of their outputs is live. This allows users to keep track of the origins of items in their store. Setting it to no saves a bit of disk space.

In this way, setting --gc-keep-derivations to yes causes liveness to flow from outputs to derivations, and setting --gc-keep-outputs to yes causes liveness to flow from derivations to outputs. When both are set to yes, the effect is to keep all the build prerequisites (the sources, compiler, libraries, and other build-time tools) of live objects in the store, regardless of whether these prerequisites are reachable from a GC root. This is convenient for developers since it saves rebuilds or downloads.

--impersonate-linux-2.6

On Linux-based systems, impersonate Linux 2.6. This means that the kernel’s uname system call will report 2.6 as the release number.

这可能会有助于构建那些(通常是错误地)依赖内核版本号的程序。

--lose-logs

Do not keep build logs. By default they are kept under localstatedir/guix/log.

--system=system

假设system是当前的系统类型。默认值是configure时发现的架构/内核元组,如x86_64-linux

--listen=endpoint

Listen for connections on endpoint. endpoint is interpreted as the file name of a Unix-domain socket if it starts with / (slash sign). Otherwise, endpoint is interpreted as a host name or host name and port to listen to. Here are a few examples:

--listen=/gnu/var/daemon

Listen for connections on the /gnu/var/daemon Unix-domain socket, creating it if needed.

--listen=localhost

Listen for TCP connections on the network interface corresponding to localhost, on port 44146.

--listen=128.0.0.42:1234

Listen for TCP connections on the network interface corresponding to 128.0.0.42, on port 1234.

This option can be repeated multiple times, in which case guix-daemon accepts connections on all the specified endpoints. Users can tell client commands what endpoint to connect to by setting the GUIX_DAEMON_SOCKET environment variable (see GUIX_DAEMON_SOCKET).

注: The daemon protocol is unauthenticated and unencrypted. Using --listen=host is suitable on local networks, such as clusters, where only trusted nodes may connect to the build daemon. In other cases where remote access to the daemon is needed, we recommend using Unix-domain sockets along with SSH.

When --listen is omitted, guix-daemon listens for connections on the Unix-domain socket located at localstatedir/guix/daemon-socket/socket.


Next: , Previous: , Up: 安装   [Contents][Index]