diff options
-rw-r--r-- | configure.ac | 19 | ||||
-rw-r--r-- | release.nix | 2 | ||||
-rw-r--r-- | src/libstore/build.cc | 60 | ||||
-rw-r--r-- | src/libstore/local-store.cc | 9 | ||||
-rw-r--r-- | src/libutil/affinity.cc | 10 |
5 files changed, 27 insertions, 73 deletions
diff --git a/configure.ac b/configure.ac index 88e64573da88..df92950ff0cc 100644 --- a/configure.ac +++ b/configure.ac @@ -76,18 +76,7 @@ static char buf[1024];]], AC_LANG_POP(C++) -# Check for chroot support (requires chroot() and bind mounts). -AC_CHECK_FUNCS([chroot]) -AC_CHECK_FUNCS([unshare]) AC_CHECK_FUNCS([statvfs]) -AC_CHECK_HEADERS([sched.h]) -AC_CHECK_HEADERS([sys/param.h]) -AC_CHECK_HEADERS([sys/mount.h], [], [], -[#ifdef HAVE_SYS_PARAM_H -# include <sys/param.h> -# endif -]) -AC_CHECK_HEADERS([sys/syscall.h]) # Check for lutimes, optionally used for changing the mtime of @@ -95,10 +84,6 @@ AC_CHECK_HEADERS([sys/syscall.h]) AC_CHECK_FUNCS([lutimes]) -# Check for sched_setaffinity. -AC_CHECK_FUNCS([sched_setaffinity]) - - # Check whether the store optimiser can optimise symlinks. AC_MSG_CHECKING([whether it is possible to create a link to a symlink]) ln -s bla tmp_link @@ -122,10 +107,6 @@ AC_CHECK_HEADER([err.h], [], [bsddiff_compat_include="-Icompat-include"]) AC_SUBST([bsddiff_compat_include]) -# Check for <linux/fs.h> (for immutable file support). -AC_CHECK_HEADERS([linux/fs.h]) - - AC_DEFUN([NEED_PROG], [ AC_PATH_PROG($1, $2) diff --git a/release.nix b/release.nix index adf87f68ada3..53ab8ca5f846 100644 --- a/release.nix +++ b/release.nix @@ -152,7 +152,7 @@ let src = tarball; buildInputs = - [ curl perl bzip2 openssl pkgconfig sqlite + [ curl perl bzip2 openssl pkgconfig sqlite xz libsodium # These are for "make check" only: graphviz libxml2 libxslt ]; diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 1c751ab98734..e522cb8b4ebf 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -34,47 +34,27 @@ #include <bzlib.h> -/* Includes required for chroot support. */ -#if HAVE_SYS_PARAM_H -#include <sys/param.h> -#endif -#if HAVE_SYS_MOUNT_H -#include <sys/mount.h> -#endif -#if HAVE_SYS_SYSCALL_H -#include <sys/syscall.h> -#endif -#if HAVE_SCHED_H -#include <sched.h> -#endif - -/* In GNU libc 2.11, <sys/mount.h> does not define `MS_PRIVATE', but - <linux/fs.h> does. */ -#if !defined MS_PRIVATE && defined HAVE_LINUX_FS_H -#include <linux/fs.h> -#endif - -#define CHROOT_ENABLED HAVE_CHROOT && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_PRIVATE) && defined(CLONE_NEWNS) && defined(SYS_pivot_root) - /* chroot-like behavior from Apple's sandbox */ #if __APPLE__ - #define SANDBOX_ENABLED 1 #define DEFAULT_ALLOWED_IMPURE_PREFIXES "/System/Library /usr/lib /dev /bin/sh" #else - #define SANDBOX_ENABLED 0 #define DEFAULT_ALLOWED_IMPURE_PREFIXES "" #endif -#if CHROOT_ENABLED +/* Includes required for chroot support. */ +#if __linux__ #include <sys/socket.h> #include <sys/ioctl.h> #include <net/if.h> #include <netinet/ip.h> -#endif - -#if __linux__ #include <sys/personality.h> #include <sys/mman.h> +#include <sched.h> +#include <sys/param.h> +#include <sys/mount.h> +#include <sys/syscall.h> +#include <linux/fs.h> +#define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old)) #endif #if HAVE_STATVFS @@ -781,10 +761,10 @@ private: DirsInChroot dirsInChroot; typedef map<string, string> Environment; Environment env; -#if SANDBOX_ENABLED + +#if __APPLE__ typedef string SandboxProfile; SandboxProfile additionalSandboxProfile; - AutoDelete autoDelSandbox; #endif @@ -1908,7 +1888,7 @@ void DerivationGoal::startBuilder() if (useChroot) { string defaultChrootDirs; -#if CHROOT_ENABLED +#if __linux__ if (isInStore(BASH_PATH)) defaultChrootDirs = "/bin/sh=" BASH_PATH; #endif @@ -1943,7 +1923,7 @@ void DerivationGoal::startBuilder() for (auto & i : closure) dirsInChroot[i] = i; -#if SANDBOX_ENABLED +#if __APPLE__ additionalSandboxProfile = get(drv->env, "__sandboxProfile"); #endif string allowed = settings.get("allowed-impure-host-deps", string(DEFAULT_ALLOWED_IMPURE_PREFIXES)); @@ -1972,7 +1952,7 @@ void DerivationGoal::startBuilder() dirsInChroot[i] = i; } -#if CHROOT_ENABLED +#if __linux__ /* Create a temporary directory in which we set up the chroot environment using bind-mounts. We put it in the Nix store to ensure that we can create hard-links to non-directory @@ -2065,7 +2045,7 @@ void DerivationGoal::startBuilder() for (auto & i : drv->outputs) dirsInChroot.erase(i.second.path); -#elif SANDBOX_ENABLED +#elif __APPLE__ /* We don't really have any parent prep work to do (yet?) All work happens in the child, instead. */ #else @@ -2148,7 +2128,7 @@ void DerivationGoal::startBuilder() builderOut.create(); /* Fork a child to build the package. */ -#if CHROOT_ENABLED +#if __linux__ if (useChroot) { /* Set up private namespaces for the build: @@ -2250,7 +2230,7 @@ void DerivationGoal::runChild() commonChildInit(builderOut); -#if CHROOT_ENABLED +#if __linux__ if (useChroot) { /* Initialise the loopback interface. */ @@ -2383,10 +2363,8 @@ void DerivationGoal::runChild() if (mkdir("real-root", 0) == -1) throw SysError("cannot create real-root directory"); -#define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old)) if (pivot_root(".", "real-root") == -1) throw SysError(format("cannot pivot old root directory onto ‘%1%’") % (chrootRootDir + "/real-root")); -#undef pivot_root if (chroot(".") == -1) throw SysError(format("cannot change root directory to ‘%1%’") % chrootRootDir); @@ -2468,7 +2446,7 @@ void DerivationGoal::runChild() string sandboxProfile; if (isBuiltin(*drv)) { ; -#if SANDBOX_ENABLED +#if __APPLE__ } else if (useChroot) { /* Lots and lots and lots of file functions freak out if they can't stat their full ancestry */ PathSet ancestry; @@ -2736,8 +2714,8 @@ void DerivationGoal::registerOutputs() Hash h2 = recursive ? hashPath(ht, actualPath).first : hashFile(ht, actualPath); if (h != h2) throw BuildError( - format("Nix expects output path ‘%1%’ to have %2% hash ‘%3%’, instead it has ‘%4%’") - % path % i.second.hashAlgo % printHash16or32(h) % printHash16or32(h2)); + format("output path ‘%1%’ has %2% hash ‘%3%’ when ‘%4%’ was expected") + % path % i.second.hashAlgo % printHash16or32(h2) % printHash16or32(h)); } /* Get rid of all weird permissions. This also checks that diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index 978bca28d7fa..d7cd0b088d98 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -23,16 +23,11 @@ #include <time.h> #include <grp.h> -#if HAVE_UNSHARE && HAVE_STATVFS && HAVE_SYS_MOUNT_H +#if __linux__ #include <sched.h> #include <sys/statvfs.h> #include <sys/mount.h> -#endif - -#if HAVE_LINUX_FS_H -#include <linux/fs.h> #include <sys/ioctl.h> -#include <errno.h> #endif #include <sqlite3.h> @@ -502,7 +497,7 @@ void LocalStore::openDB(bool create) bind mount. So make the Nix store writable for this process. */ void LocalStore::makeStoreWritable() { -#if HAVE_UNSHARE && HAVE_STATVFS && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_REMOUNT) +#if __linux__ if (getuid() != 0) return; /* Check if /nix/store is on a read-only mount. */ struct statvfs stat; diff --git a/src/libutil/affinity.cc b/src/libutil/affinity.cc index 3e21f43a2e9d..3cbdf878617a 100644 --- a/src/libutil/affinity.cc +++ b/src/libutil/affinity.cc @@ -2,14 +2,14 @@ #include "util.hh" #include "affinity.hh" -#if HAVE_SCHED_H +#if __linux__ #include <sched.h> #endif namespace nix { -#if HAVE_SCHED_SETAFFINITY +#if __linux__ static bool didSaveAffinity = false; static cpu_set_t savedAffinity; #endif @@ -17,7 +17,7 @@ static cpu_set_t savedAffinity; void setAffinityTo(int cpu) { -#if HAVE_SCHED_SETAFFINITY +#if __linux__ if (sched_getaffinity(0, sizeof(cpu_set_t), &savedAffinity) == -1) return; didSaveAffinity = true; printMsg(lvlDebug, format("locking this thread to CPU %1%") % cpu); @@ -32,7 +32,7 @@ void setAffinityTo(int cpu) int lockToCurrentCPU() { -#if HAVE_SCHED_SETAFFINITY +#if __linux__ int cpu = sched_getcpu(); if (cpu != -1) setAffinityTo(cpu); return cpu; @@ -44,7 +44,7 @@ int lockToCurrentCPU() void restoreAffinity() { -#if HAVE_SCHED_SETAFFINITY +#if __linux__ if (!didSaveAffinity) return; if (sched_setaffinity(0, sizeof(cpu_set_t), &savedAffinity) == -1) printMsg(lvlError, "failed to restore affinity %1%"); |