about summary refs log tree commit diff
path: root/src/libexpr/primops.cc
AgeCommit message (Collapse)AuthorFilesLines
2011-08-06 * Refactoring: move parseExprFromFile() and parseExprFromString() intoEelco Dolstra1-2/+1
the EvalState class.
2011-07-20 * Don't allow derivations with fixed and non-fixed outputs.Eelco Dolstra1-43/+38
2011-07-20 * Fix a huuuuge security hole in the Nix daemon. It didn't check thatEelco Dolstra1-61/+3
derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-18 * Support multiple outputs. A derivation can declare multiple outputsEelco Dolstra1-45/+84
by setting the ‘outputs’ attribute. For example: stdenv.mkDerivation { name = "aterm-2.5"; src = ...; outputs = [ "out" "tools" "dev" ]; configureFlags = "--bindir=$(tools)/bin --includedir=$(dev)/include"; } This derivation creates three outputs, named like this: /nix/store/gcnqgllbh01p3d448q8q6pzn2nc2gpyl-aterm-2.5 /nix/store/gjf1sgirwfnrlr0bdxyrwzpw2r304j02-aterm-2.5-tools /nix/store/hp6108bqfgxvza25nnxfs7kj88xi2vdx-aterm-2.5-dev That is, the symbolic name of the output is suffixed to the store path (except for the ‘out’ output). Each path is passed to the builder through the corresponding environment variable, e.g., ${tools}. The main reason for multiple outputs is to allow parts of a package to be distributed and garbage-collected separately. For instance, most packages depend on Glibc for its libraries, but don't need its header files. If these are separated into different store paths, then a package that depends on the Glibc libraries only causes the libraries and not the headers to be downloaded. The main problem with multiple outputs is that if one output exists while the others have been garbage-collected (or never downloaded in the first place), and we want to rebuild the other outputs, then this isn't possible because we can't clobber a valid output (it might be in active use). This currently gives an error message like: error: derivation `/nix/store/1s9zw4c8qydpjyrayxamx2z7zzp5pcgh-aterm-2.5.drv' is blocked by its output paths There are two solutions: 1) Do the build in a chroot. Then we don't need to overwrite the existing path. 2) Use hash rewriting (see the ASE-2005 paper). Scary but it should work. This is not finished yet. There is not yet an easy way to refer to non-default outputs in Nix expressions. Also, mutually recursive outputs aren't detected yet and cause the garbage collector to crash.
2011-01-14 * builtins.substring: if "start" is beyond the end of the string,Eelco Dolstra1-1/+1
return the empty string.
2010-10-24 * When allocating an attribute set, reserve enough space for allEelco Dolstra1-11/+12
elements. This prevents the vector from having to resize itself.
2010-10-24 * Keep attribute sets in sorted order to speed up attribute lookups.Eelco Dolstra1-8/+24
* Simplify the representation of attributes in the AST. * Change the behaviour of listToAttrs() in case of duplicate names.
2010-10-24 * Don't create thunks for variable lookups (if possible). ThisEelco Dolstra1-1/+1
significantly reduces the number of values allocated (e.g. from 8.7m to 4.9m for the Bittorrent test).
2010-10-24 * Store attribute sets as a vector instead of a map (i.e. a red-blackEelco Dolstra1-28/+37
tree). This saves a lot of memory. The vector should be sorted so that names can be looked up using binary search, but this is not the case yet. (Surprisingly, looking up attributes using linear search doesn't have a big impact on performance.) Memory consumption for $ nix-instantiate /etc/nixos/nixos/tests -A bittorrent.test --readonly-mode on x86_64-linux with GC enabled is now 185 MiB (compared to 946 MiB on the trunk).
2010-10-23 * Remove allocValues().Eelco Dolstra1-16/+7
2010-10-22 * Store Value nodes outside of attribute sets. I.e., Attr now storesEelco Dolstra1-36/+34
a pointer to a Value, rather than the Value directly. This improves the effectiveness of garbage collection a lot: if the Value is stored inside the set directly, then any live pointer to the Value causes all other attributes in the set to be live as well.
2010-10-04 * Make sure that config.h is included before the system headers,Eelco Dolstra1-1/+1
because it defines _FILE_OFFSET_BITS. Without this, on OpenSolaris the system headers define it to be 32, and then the 32-bit stat() ends up being called with a 64-bit "struct stat", or vice versa. This also ensures that we get 64-bit file sizes everywhere. * Remove the redundant call to stat() in parseExprFromFile(). The file cannot be a symlink because that's the exit condition of the loop before.
2010-08-02 * intersectAttrs: optimise for the case where the second set is largerEelco Dolstra1-7/+7
than the first set. (That's usually the case with callPackage.)
2010-06-01 * Turn build errors during evaluation into EvalErrors.Eelco Dolstra1-1/+5
2010-05-12 * Implemented tryEval, the last missing primop in the fast-evalEelco Dolstra1-12/+6
branch. Also added a test for tryEval.
2010-05-07 * Sync with the trunk.Eelco Dolstra1-1/+1
2010-05-07 * Updated addErrorContext.Eelco Dolstra1-6/+7
2010-05-07 * Keep track of the source positions of attributes.Eelco Dolstra1-30/+36
2010-04-21 * Fixed builtins.genericClosure.Eelco Dolstra1-22/+54
2010-04-21 * Store user environment manifests as a Nix expression inEelco Dolstra1-14/+17
$out/manifest.nix rather than as an ATerm. (Hm, I thought I committed this two days ago...)
2010-04-19 * Don't use the ATerm library for parsing/printing .drv files.Eelco Dolstra1-1/+1
2010-04-16 * Updated some more primops.Eelco Dolstra1-48/+23
2010-04-16 * Improve sharing a bit.Eelco Dolstra1-1/+1
2010-04-15 * Store lists as lists of pointers to values rather than as lists ofEelco Dolstra1-11/+16
values. This improves sharing and gives another speed up. Evaluation of the NixOS system attribute is now almost 7 times faster than the old evaluator.
2010-04-14 * Fix builtins.Eelco Dolstra1-15/+11
2010-04-14 * After parsing, compute level/displacement pairs for each variableEelco Dolstra1-0/+4
use site, allowing environments to be stores as vectors of values rather than maps. This should speed up evaluation and reduce the number of allocations.
2010-04-13 * Use a symbol table to represent identifiers and attribute namesEelco Dolstra1-13/+14
efficiently. The symbol table ensures that there is only one copy of each symbol, thus allowing symbols to be compared efficiently using a pointer equality test.
2010-04-12 * Finished the ATerm-less parser.Eelco Dolstra1-2/+2
2010-04-12 * Don't use ATerms for the abstract syntax trees anymore. NotEelco Dolstra1-20/+18
finished yet.
2010-04-07 * expr-to-xml -> value-to-xml.Eelco Dolstra1-1/+1
2010-04-07 * Implemented the primops necessary for generating the NixOS manual.Eelco Dolstra1-30/+34
2010-04-01 * Make `derivation' lazy again for performance. It also turns outEelco Dolstra1-28/+8
that there are some places in Nixpkgs (php_configurable / composableDerivation, it seems) that call `derivation' with incorrect arguments (namely, the `name' attribute missing) but get away with it because of laziness.
2010-03-31 * Fixed the trace primop and path comparison.Eelco Dolstra1-41/+8
* Removed exprToString and stringToExpr because there is no ATerm representation to work on anymore (and exposing the internals of the evaluator like this is not a good idea anyway).
2010-03-31 * Handle string contexts. `nix-instantiate' can now correctly computeEelco Dolstra1-2/+2
the `firefoxWrapper' attribute in Nixpkgs, and it's about 3 times faster than the trunk :-)
2010-03-31 * Implemented derivations.Eelco Dolstra1-85/+65
2010-03-30 * More primops.Eelco Dolstra1-86/+98
2010-03-30 * More operators / primops.Eelco Dolstra1-27/+28
2010-03-30 * More primops.Eelco Dolstra1-51/+53
2010-03-30 * More primops.Eelco Dolstra1-86/+23
2010-03-30 * Implemented `map'.Eelco Dolstra1-7/+15
2010-03-30 * Make `import' work.Eelco Dolstra1-14/+9
2010-03-29 * Started integrating the new evaluator.Eelco Dolstra1-16/+42
2010-03-25 * Simplify @-patterns: only `{attrs}@name' or `name@{attrs}' are nowEelco Dolstra1-6/+1
allowed. So `name1@name2', `{attrs1}@{attrs2}' and so on are now no longer legal. This is no big loss because they were not useful anyway. This also changes the output of builtins.toXML for @-patterns slightly.
2009-10-22 * builtins.trace: in the common case that the value is a string, thenEelco Dolstra1-1/+6
show the string, not the ATerm, so we get `trace: bla' instead of `trace: Str("bla",[])'.
2009-10-21 * Added a primop unsafeDiscardOutputDependency needed by Disnix toEelco Dolstra1-3/+34
pass derivation paths to a builder without actually building them.
2009-09-23 * tryEval shouldn't catch all exceptions of type Error, since not allEelco Dolstra1-2/+2
of them leave the evaluator in a continuable state. Also, it should be less chatty.
2009-09-15 * Two primops: builtins.intersectAttrs and builtins.functionArgs.Eelco Dolstra1-0/+66
intersectAttrs returns the (right-biased) intersection between two attribute sets, e.g. every attribute from the second set that also exists in the first. functionArgs returns the set of attributes expected by a function. The main goal of these is to allow the elimination of most of all-packages.nix. Most package instantiations in all-packages.nix have this form: foo = import ./foo.nix { inherit a b c; }; With intersectAttrs and functionArgs, this can be written as: foo = callPackage (import ./foo.nix) { }; where callPackage = f: args: f ((builtins.intersectAttrs (builtins.functionArgs f) pkgs) // args); I.e., foo.nix is called with all attributes from "pkgs" that it actually needs (e.g., pkgs.a, pkgs.b and pkgs.c). (callPackage can do any other generic package-level stuff we might want, such as applying makeOverridable.) Of course, the automatically supplied arguments can be overriden if needed, e.g. foo = callPackage (import ./foo.nix) { c = c_version_2; }; but for the vast majority of packages, this won't be needed. The advantages are to reduce the amount of typing needed to add a dependency (from three sites to two), and to reduce the number of trivial commits to all-packages.nix. For the former, there have been two previous attempts: - Use "args: with args;" in the package's function definition. This however obscures the actual expected arguments of a function, which is very bad. - Use "{ arg1, arg2, ... }:" in the package's function definition (i.e. use the ellipis "..." to allow arbitrary additional arguments), and then call the function with all of "pkgs" as an argument. But this inhibits error detection if you call it with an misspelled (or obsolete) argument.
2009-08-25 Adding tryEval builtin. It allows to catch presence of errors in an expression.Michael Raskin1-0/+18
2009-06-30 * Don't show trace information by default (`--show-trace' to enable).Eelco Dolstra1-1/+1
NixOS evaluation errors in particular look intimidating and generally aren't very useful. Ideally the builtins.throw messages should be self-contained.
2009-03-18 * Unify exportReferencesGraph and exportBuildReferencesGraph, and makeEelco Dolstra1-12/+18
sure that it works as expected when you pass it a derivation. That is, we have to make sure that all build-time dependencies are built, and that they are all in the input closure (otherwise remote builds might fail, for example). This is ensured at instantiation time by adding all derivations and their sources to inputDrvs and inputSrcs.