diff options
author | Daiderd Jordan <daiderd@gmail.com> | 2019-04-17T19·42+0200 |
---|---|---|
committer | Daiderd Jordan <daiderd@gmail.com> | 2019-04-17T21·41+0200 |
commit | b614e0e53da1f825e198996f88935a1d1a89725f (patch) | |
tree | 9fdc881231f217c8466143a5b98b2ee3c46d78a7 | |
parent | 5112a33fb17f792ceb6d641738277cbbe6a58bfc (diff) |
build: only skip hash rewriting for sandboxing on linux
The sandbox on darwin, and possibly other future platforms, doesn't have enough isolation to redirect outputs without hash rewriting.
-rw-r--r-- | src/libstore/build.cc | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 53a0c743b035..dbadfacd51ef 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -803,6 +803,9 @@ private: /* Whether we're currently doing a chroot build. */ bool useChroot = false; + /* Whether we need to perform hash rewriting if there are valid output paths. */ + bool needsHashRewrite; + Path chrootRootDir; /* RAII object to delete the chroot directory. */ @@ -994,6 +997,13 @@ DerivationGoal::DerivationGoal(const Path & drvPath, const StringSet & wantedOut , wantedOutputs(wantedOutputs) , buildMode(buildMode) { +#if __linux__ + needsHashRewrite = !useChroot; +#else + /* Darwin requires hash rewriting even when sandboxing is enabled. */ + needsHashRewrite = true; +#endif + state = &DerivationGoal::getDerivation; name = (format("building of '%1%'") % drvPath).str(); trace("created"); @@ -2073,7 +2083,7 @@ void DerivationGoal::startBuilder() #endif } - else { + if (needsHashRewrite) { if (pathExists(homeDir)) throw Error(format("directory '%1%' exists; please remove it") % homeDir); @@ -2873,6 +2883,10 @@ void DerivationGoal::runChild() for (auto & i : missingPaths) { sandboxProfile += (format("\t(subpath \"%1%\")\n") % i.c_str()).str(); } + /* Also add redirected outputs to the chroot */ + for (auto & i : redirectedOutputs) { + sandboxProfile += (format("\t(subpath \"%1%\")\n") % i.second.c_str()).str(); + } sandboxProfile += ")\n"; /* Our inputs (transitive dependencies and any impurities computed above) @@ -3051,7 +3065,9 @@ void DerivationGoal::registerOutputs() throw SysError(format("moving build output '%1%' from the sandbox to the Nix store") % path); } if (buildMode != bmCheck) actualPath = worker.store.toRealPath(path); - } else { + } + + if (needsHashRewrite) { Path redirected = redirectedOutputs[path]; if (buildMode == bmRepair && redirectedBadOutputs.find(path) != redirectedBadOutputs.end() |