diff options
-rw-r--r-- | Makefile.am | 6 | ||||
-rw-r--r-- | nix.conf.example | 181 | ||||
-rw-r--r-- | nix.spec.in | 5 |
3 files changed, 2 insertions, 190 deletions
diff --git a/Makefile.am b/Makefile.am index f50cdf19b216..c97d0e266cd7 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = src perl scripts corepkgs doc misc tests EXTRA_DIST = substitute.mk nix.spec nix.spec.in bootstrap.sh \ - nix.conf.example NEWS version misc/systemd/nix-worker.service + NEWS version misc/systemd/nix-worker.service pkginclude_HEADERS = config.h @@ -10,10 +10,6 @@ nix.spec: nix.spec.in install-data-local: init-state $(INSTALL) -d $(DESTDIR)$(sysconfdir)/nix - $(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix - if ! test -e $(DESTDIR)$(sysconfdir)/nix/nix.conf; then \ - $(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix/nix.conf; \ - fi $(INSTALL) -d $(DESTDIR)$(docdir) $(INSTALL_DATA) README $(DESTDIR)$(docdir)/ diff --git a/nix.conf.example b/nix.conf.example deleted file mode 100644 index 3c55b570e60f..000000000000 --- a/nix.conf.example +++ /dev/null @@ -1,181 +0,0 @@ -### Option `gc-keep-outputs' -# -# If `true', the garbage collector will keep the outputs of -# non-garbage derivations. If `false' (default), outputs will be -# deleted unless they are GC roots themselves (or reachable from other -# roots). -# -# In general, outputs must be registered as roots separately. -# However, even if the output of a derivation is registered as a root, -# the collector will still delete store paths that are used only at -# build time (e.g., the C compiler, or source tarballs downloaded from -# the network). To prevent it from doing so, set this option to -# `true'. -#gc-keep-outputs = false - - -### Option `gc-keep-derivations' -# -# If `true' (default), the garbage collector will keep the derivations -# from which non-garbage store paths were built. If `false', they -# will be deleted unless explicitly registered as a root (or reachable -# from other roots). -# -# Keeping derivation around is useful for querying and traceability -# (e.g., it allows you to ask with what dependencies or options a -# store path was built), so by default this option is on. Turn it off -# to safe a bit of disk space (or a lot if `gc-keep-outputs' is also -# turned on). -#gc-keep-derivations = true - - -### Option `env-keep-derivations' -# -# If `false' (default), derivations are not stored in Nix user -# environments. That is, the derivation any build-time-only -# dependencies may be garbage-collected. -# -# If `true', when you add a Nix derivation to a user environment, the -# path of the derivation is stored in the user environment. Thus, the -# derivation will not be garbage-collected until the user environment -# generation is deleted (`nix-env --delete-generations'). To prevent -# build-time-only dependencies from being collected, you should also -# turn on `gc-keep-outputs'. -# -# The difference between this option and `gc-keep-derivations' is that -# this one is `sticky': it applies to any user environment created -# while this option was enabled, while `gc-keep-derivations' only -# applies at the moment the garbage collector is run. -#env-keep-derivations = false - - -### Option `build-max-jobs' -# -# This option defines the maximum number of jobs that Nix will try to -# build in parallel. The default is 1. You should generally set it -# to the number of CPUs in your system (e.g., 2 on a Athlon 64 X2). -# It can be overriden using the `--max-jobs' / `-j' command line -# switch. -#build-max-jobs = 1 - - -### Option `build-cores' -# -# This option defines the number of CPU cores to utilize in parallel -# within a build job, i.e. by passing an appropriate `-jN' flag to GNU -# Make. The default is 1, meaning that parallel building within jobs -# is disabled. Passing the special value `0' causes Nix to try and -# auto-detect the number of available cores on the local host. This -# setting can be overridden using the `--cores' command line switch. -#build-cores = 1 - - -### Option `build-max-silent-time' -# -# This option defines the maximum number of seconds that a builder can -# go without producing any data on standard output or standard error. -# This is useful (for instance in a automated build system) to catch -# builds that are stuck in an infinite loop, or to catch remote builds -# that are hanging due to network problems. It can be overriden using -# the `--max-silent-time' command line switch. -# -# The value 0 means that there is no timeout. This is also the -# default. -# -# Example: -# build-max-silent-time = 600 # = 10 minutes -#build-max-silent-time = 0 - - -### Option `build-users-group' -# -# This options specifies the Unix group containing the Nix build user -# accounts. In multi-user Nix installations, builds should not -# be performed by the Nix account since that would allow users to -# arbitrarily modify the Nix store and database by supplying specially -# crafted builders; and they cannot be performed by the calling user -# since that would allow him/her to influence the build result. -# -# Therefore, if this option is non-empty and specifies a valid group, -# builds will be performed under the user accounts that are a member -# of the group specified here (as listed in /etc/group). Those user -# accounts should not be used for any other purpose! -# -# Nix will never run two builds under the same user account at the -# same time. This is to prevent an obvious security hole: a malicious -# user writing a Nix expression that modifies the build result of a -# legitimate Nix expression being built by another user. Therefore it -# is good to have as many Nix build user accounts as you can spare. -# (Remember: uids are cheap.) -# -# The build users should have permission to create files in the Nix -# store, but not delete them. Therefore, /nix/store should be owned -# by the Nix account, its group should be the group specified here, -# and its mode should be 1775. -# -# If the build users group is empty, builds will be performed under -# the uid of the Nix process (that is, the uid of the caller if -# $NIX_REMOTE is empty, the uid under which the Nix daemon runs if -# $NIX_REMOTE is `daemon', or the uid that owns the setuid nix-worker -# program if $NIX_REMOTE is `slave'). Obviously, this should not be -# used in multi-user settings with untrusted users. -# -# The default is empty. -# -# Example: -# build-users-group = nix-builders -#build-users-group = - - -### Option `build-use-chroot' -# -# If set to `true', builds will be performed in a chroot environment, -# i.e., the build will be isolated from the normal file system -# hierarchy and will only see the Nix store, the temporary build -# directory, and the directories configured with the -# `build-chroot-dirs' option (such as /proc and /dev). This is useful -# to prevent undeclared dependencies on files in directories such as -# /usr/bin. -# -# The use of a chroot requires that Nix is run as root (but you can -# still use the "build users" feature to perform builds under -# different users than root). Currently, chroot builds only work on -# Linux because Nix uses "bind mounts" to make the Nix store and other -# directories available inside the chroot. -# -# The default is `false'. -# -# Example: -# build-use-chroot = true -#build-use-chroot = false - - -### Option `build-chroot-dirs' -# -# When builds are performed in a chroot environment, Nix will mount -# (using `mount --bind' on Linux) some directories from the normal -# file system hierarchy inside the chroot. These are the Nix store, -# the temporary build directory (usually /tmp/nix-<pid>-<number>) and -# the directories listed here. The default is "/dev /dev/pts /proc". -# Files in /dev (such as /dev/null) are needed by many builds, and -# some files in /proc may also be needed occasionally. -# -# Example: -# build-use-chroot = /dev /proc /bin -#build-chroot-dirs = /dev /dev/pts /proc - - -### Option `build-cache-failure' -# -# If this option is enabled, Nix will do negative caching; that is, it -# will remember failed builds, and won't attempt to try to build them -# again if you ask for it. Negative caching is disabled by default -# because Nix cannot distinguish between permanent build errors (e.g., -# a syntax error in a source file) and transient build errors (e.g., a -# full disk), as they both cause the builder to return a non-zero exit -# code. You can clear the cache by doing `rm -f -# /nix/var/nix/db/failed/*'. -# -# Example: -# build-cache-failure = true -#build-cache-failure = false diff --git a/nix.spec.in b/nix.spec.in index 44ea8d7c9476..29e53c0c350e 100644 --- a/nix.spec.in +++ b/nix.spec.in @@ -121,10 +121,7 @@ ln -sf %{_libdir}/nix/libNixStore.so.0 Store.so popd # Specify build users group -sed -i "s|#build-users-group =$|build-users-group = %{nixbld_group}|" \ - $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf -# ... and delete the example configuration -rm $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf.example +echo "build-users-group = %{nixbld_group}" > $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf # make per-user directories for d in profiles gcroots; |