diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-02-18T00·01+0100 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2014-02-18T00·01+0100 |
| commit | 1aa19b24b27c6bbf4d46cdd7f6d06b534dd67c19 (patch) | |
| tree | c406737fe705ef010f7efb555c6b319b1c984754 /scripts | |
| parent | 4ec626a286afd4a9596357fc6d36aaf8bc07442a (diff) | |
Add a flag ‘--check’ to verify build determinism
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/nix-build.in | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/nix-build.in b/scripts/nix-build.in index c197dcca9a12..828eb1c3967c 100755 --- a/scripts/nix-build.in +++ b/scripts/nix-build.in @@ -121,6 +121,10 @@ for (my $n = 0; $n < scalar @ARGV; $n++) { push @instArgs, $arg; } + elsif ($arg eq "--check") { + push @buildArgs, $arg; + } + elsif ($arg eq "--run-env") { # obsolete $runEnv = 1; } |