diff options
Diffstat (limited to 'doc/manual/command-ref/conf-file.xml')
| -rw-r--r-- | doc/manual/command-ref/conf-file.xml | 85 |
1 files changed, 36 insertions, 49 deletions
diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index c947d19fa0e1..4c8f3d9d3809 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -224,16 +224,16 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> </varlistentry> - <varlistentry><term><literal>build-use-chroot</literal></term> + <varlistentry><term><literal>build-use-sandbox</literal></term> <listitem><para>If set to <literal>true</literal>, builds will be - performed in a <emphasis>chroot environment</emphasis>, i.e., + performed in a <emphasis>sandboxed environment</emphasis>, i.e., they’re isolated from the normal file system hierarchy and will only see their dependencies in the Nix store, the temporary build directory, private versions of <filename>/proc</filename>, <filename>/dev</filename>, <filename>/dev/shm</filename> and - <filename>/dev/pts</filename>, and the paths configured with the - <link linkend='conf-build-chroot-dirs'><literal>build-chroot-dirs</literal> + <filename>/dev/pts</filename> (on Linux), and the paths configured with the + <link linkend='conf-build-sandbox-paths'><literal>build-sandbox-paths</literal> option</link>. This is useful to prevent undeclared dependencies on files in directories such as <filename>/usr/bin</filename>. In addition, on Linux, builds run in private PID, mount, network, IPC @@ -241,8 +241,8 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> system (except that fixed-output derivations do not run in private network namespace to ensure they can access the network).</para> - <para>Currently, chroots only work on Linux and Mac OS X. The use - of a chroot requires that Nix is run as root (so you should use + <para>Currently, sandboxing only work on Linux and Mac OS X. The use + of a sandbox requires that Nix is run as root (so you should use the <link linkend='conf-build-users-group'>“build users” feature</link> to perform the actual builds under different users than root).</para> @@ -250,7 +250,7 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> <para>If this option is set to <literal>relaxed</literal>, then fixed-output derivations and derivations that have the <varname>__noChroot</varname> attribute set to - <literal>true</literal> do not run in chroots.</para> + <literal>true</literal> do not run in sandboxes.</para> <para>The default is <literal>false</literal>.</para> @@ -259,17 +259,16 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> </varlistentry> - <varlistentry xml:id="conf-build-chroot-dirs"><term><literal>build-chroot-dirs</literal></term> + <varlistentry xml:id="conf-build-sandbox-paths"> + <term><literal>build-sandbox-paths</literal></term> - <listitem><para>A list of paths bind-mounted into Nix chroot - environments. Contrary to what the name suggests, the specified - paths do not have to be directories; you can bind-mount other - types of files as well. You can use the syntax + <listitem><para>A list of paths bind-mounted into Nix sandbox + environments. You can use the syntax <literal><replaceable>target</replaceable>=<replaceable>source</replaceable></literal> - to mount a path in a different location in the chroot; for + to mount a path in a different location in the sandbox; for instance, <literal>/bin=/nix-bin</literal> will mount the path <literal>/nix-bin</literal> as <literal>/bin</literal> inside the - chroot.</para> + sandbox.</para> <para>Depending on how Nix was built, the default value for this option may be empty or provide <filename>/bin/sh</filename> as a @@ -278,10 +277,11 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> </varlistentry> - <varlistentry xml:id="conf-build-extra-chroot-dirs"><term><literal>build-extra-chroot-dirs</literal></term> + <varlistentry xml:id="conf-build-extra-sandbox-paths"> + <term><literal>build-extra-sandbox-paths</literal></term> <listitem><para>A list of additional paths appended to - <option>build-chroot-dirs</option>. Useful if you want to extend + <option>build-sandbox-paths</option>. Useful if you want to extend its default value.</para></listitem> </varlistentry> @@ -306,21 +306,6 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> </varlistentry> - <varlistentry><term><literal>build-cache-failure</literal></term> - - <listitem><para>If set to <literal>true</literal>, Nix will - “cache” build failures, meaning that it will remember (in its - database) that a derivation previously failed. If you then try to - build the derivation again, Nix will immediately fail rather than - perform the build again. Failures in fixed-output derivations - (such as <function>fetchurl</function> calls) are never cached. - The “failed” status of a derivation can be cleared using - <command>nix-store --clear-failed-paths</command>. By default, - failure caching is disabled.</para></listitem> - - </varlistentry> - - <varlistentry><term><literal>build-keep-log</literal></term> <listitem><para>If set to <literal>true</literal> (the default), @@ -426,7 +411,7 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> <listitem><para>The maximum number of parallel HTTP connections used by the binary cache substituter to get NAR info files. This number should be high to minimise latency. It defaults to - 150.</para></listitem> + 25.</para></listitem> </varlistentry> @@ -440,18 +425,6 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> </varlistentry> - <varlistentry><term><literal>force-manifest</literal></term> - - <listitem><para>If this option is set to <literal>false</literal> - (default) and a Nix channel provides both a manifest and a binary - cache, only the binary cache will be used. If set to - <literal>true</literal>, the manifest will be fetched as well. - This is useful if you want to use binary patches (which are - currently not supported by binary caches).</para></listitem> - - </varlistentry> - - <varlistentry><term><literal>system</literal></term> <listitem><para>This option specifies the canonical Nix system @@ -593,19 +566,21 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> between different versions of the same system to be hard-coded into nix. </para> - <para>The hook is passed the derivation path and, if chroots are enabled, - the chroot directory. It can then modify the chroot and send a series of + <para>The hook is passed the derivation path and, if sandboxes are enabled, + the sandbox directory. It can then modify the sandbox and send a series of commands to modify various settings to stdout. The currently recognized commands are:</para> <variablelist> - <varlistentry xml:id="extra-chroot-dirs"><term><literal>extra-chroot-dirs</literal></term> + <varlistentry xml:id="extra-sandbox-paths"> + <term><literal>extra-sandbox-paths</literal></term> <listitem> <para>Pass a list of files and directories to be included in the - chroot for this build. One entry per line, terminated by an empty - line. Entries have the same format as build-chroot-dirs.</para> + sandbox for this build. One entry per line, terminated by an empty + line. Entries have the same format as + <literal>build-sandbox-paths</literal>.</para> </listitem> @@ -616,6 +591,18 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para> </varlistentry> + <varlistentry xml:id="conf-build-repeat"><term><literal>build-repeat</literal></term> + + <listitem><para>How many times to repeat builds to check whether + they are deterministic. The default value is 0. If the value is + non-zero, every build is repeated the specified number of + times. If the contents of any of the runs differs from the + previous ones, the build is rejected and the resulting store paths + are not registered as “valid” in Nix’s database.</para></listitem> + + </varlistentry> + + </variablelist> </para> |