about summary refs log tree commit diff
path: root/src/libstore/build.cc
AgeCommit message (Collapse)AuthorFilesLines
2013-11-14 Remove nix-setuid-helperEelco Dolstra1-141/+26
AFAIK, nobody uses it, it's not maintained, and it has no tests.
2013-09-02 Only show trace messages when tracing is enabledEelco Dolstra1-4/+3
2013-09-02 Add an option to limit the log output of buildersEelco Dolstra1-0/+13
This is mostly useful for Hydra to deal with builders that get stuck in an infinite loop writing data to stdout/stderr.
2013-08-26 Fix personality switching from x86_64 to i686Gergely Risko1-1/+6
On Linux, Nix can build i686 packages even on x86_64 systems. It's not enough to recognize this situation by settings.thisSystem, we also have to consult uname(). E.g. we can be running on a i686 Debian with an amd64 kernel. In that situation settings.thisSystem is i686-linux, but we still need to change personality to i686 to make builds consistent.
2013-08-07 Run the daemon worker on the same CPU as the clientEelco Dolstra1-0/+4
On a system with multiple CPUs, running Nix operations through the daemon is significantly slower than "direct" mode: $ NIX_REMOTE= nix-instantiate '<nixos>' -A system real 0m0.974s user 0m0.875s sys 0m0.088s $ NIX_REMOTE=daemon nix-instantiate '<nixos>' -A system real 0m2.118s user 0m1.463s sys 0m0.218s The main reason seems to be that the client and the worker get moved to a different CPU after every call to the worker. This patch adds a hack to lock them to the same CPU. With this, the overhead of going through the daemon is very small: $ NIX_REMOTE=daemon nix-instantiate '<nixos>' -A system real 0m1.074s user 0m0.809s sys 0m0.098s
2013-07-18 Revert "build-remote.pl: Enforce timeouts locally"Eelco Dolstra1-1/+3
This reverts commit 69b8f9980f39c14a59365a188b300a34d625a2cd. The timeout should be enforced remotely. Otherwise, if the garbage collector is running either locally or remotely, if will block the build or closure copying for some time. If the garbage collector takes too long, the build may time out, which is not what we want. Also, on heavily loaded systems, copying large paths to and from the remote machine can take a long time, also potentially resulting in a timeout.
2013-07-15 Allow bind-mounting regular files into the chrootShea Levy1-1/+9
mount(2) with MS_BIND allows mounting a regular file on top of a regular file, so there's no reason to only bind directories. This allows finer control over just which files are and aren't included in the chroot without having to build symlink trees or the like. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-06-20 Don't set $preferLocalBuild and $requiredSystemFeatures in buildersEelco Dolstra1-7/+14
With C++ std::map, doing a comparison like ‘map["foo"] == ...’ has the side-effect of adding a mapping from "foo" to the empty string if "foo" doesn't exist in the map. So we ended up setting some environment variables by accident.
2013-06-20 Don't substitute derivations that have preferLocalBuild setEelco Dolstra1-5/+10
In particular this means that "trivial" derivations such as writeText are not substituted, reducing the number of GET requests to the binary cache by about 200 on a typical NixOS configuration.
2013-06-13 Allow hard links between the outputs of a derivationEelco Dolstra1-2/+7
2013-06-13 Fix a security bug in hash rewritingEelco Dolstra1-0/+6
Before calling dumpPath(), we have to make sure the files are owned by the build user. Otherwise, the build could contain a hard link to (say) /etc/shadow, which would then be read by the daemon and rewritten as a world-readable file. This only affects systems that don't have hard link restrictions enabled.
2013-06-13 Fix assertion failure in canonicalisePathMetaData() after hash rewritingEelco Dolstra1-2/+9
The assertion in canonicalisePathMetaData() failed because the ownership of the path already changed due to the hash rewriting. The solution is not to check the ownership of rewritten paths. Issue #122.
2013-06-13 computeFSClosure: Only process the missing/corrupt pathsEelco Dolstra1-11/+17
Issue #122.
2013-06-13 In repair mode, update the hash of rebuilt pathsEelco Dolstra1-1/+1
Otherwise subsequent invocations of "--repair" will keep rebuilding the path. This only happens if the path content differs between builds (e.g. due to timestamps).
2013-05-10 In trace messages, don't print the output pathEelco Dolstra1-19/+15
This doesn't work if there is no output named "out". Hydra didn't use it anyway.
2013-05-09 Communicate build timeouts to HydraEelco Dolstra1-7/+11
2013-05-09 build-remote.pl: Enforce timeouts locallyEelco Dolstra1-3/+1
Don't pass --timeout / --max-silent-time to the remote builder. Instead, let the local Nix process terminate the build if it exceeds a timeout. The remote builder will be killed as a side-effect. This gives better error reporting (since the timeout message from the remote side wasn't properly propagated) and handles non-Nix problems like SSH hangs.
2013-04-23 Fix --timeoutEelco Dolstra1-38/+25
I'm not sure if it has ever worked correctly. The line "lastWait = after;" seems to mean that the timer was reset every time a build produced log output. Note that the timeout is now per build, as documented ("the maximum number of seconds that a builder can run").
2013-04-23 Nix daemon: respect build timeout from the clientEelco Dolstra1-1/+1
2013-04-04 Complain if /homeless-shelter existsEelco Dolstra1-1/+5
2013-03-08 Revert "Prevent config.h from being clobbered"Eelco Dolstra1-5/+13
This reverts commit 28bba8c44f484eae38e8a15dcec73cfa999156f6.
2013-03-07 Prevent config.h from being clobberedEelco Dolstra1-13/+5
2013-02-26 Security: Don't allow builders to change permissions on files they don't ownEelco Dolstra1-2/+2
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway.
2013-02-19 Enable chroot support on old glibc versions.Ludovic Courtès1-0/+6
2013-01-17 Store build logs in /nix/var/log/nix/drvs/<XX>Eelco Dolstra1-3/+5
...where <XX> is the first two characters of the derivation. Otherwise /nix/var/log/nix/drvs may become so large that we run into all sorts of weird filesystem limits/inefficiences. For instance, ext3/ext4 filesystems will barf with "ext4_dx_add_entry:1551: Directory index full!" once you hit a few million files.
2013-01-03 Clear any immutable bits in the Nix storeEelco Dolstra1-8/+1
Doing this once makes subsequent operations like garbage collecting more efficient since we don't have to call makeMutable() first.
2013-01-02 If a substitute closure is incomplete, build dependencies, then retry the ↵Eelco Dolstra1-7/+28
substituter Issue #77.
2013-01-02 Automatically fall back if the references of a substitute are not substitutableEelco Dolstra1-1/+1
Fixes #77.
2012-12-29 Allow mounting a path in a different location in the chrootEelco Dolstra1-7/+14
Fixes #24.
2012-12-19 Kill the build hook rather than shutting it down cleanlyEelco Dolstra1-7/+1
Waiting for the hook to shut down cleanly sometimes seems to lead to hangs.
2012-12-18 Revert brain fartEelco Dolstra1-2/+0
This reverts commit cc511fd65b7b6de9e87e72fb4bed16fc7efeb8b7.
2012-12-18 Check for potential infinite select() loops when buildingEelco Dolstra1-0/+2
2012-11-26 Only substitute wanted outputs of a derivationEelco Dolstra1-9/+50
If a derivation has multiple outputs, then we only want to download those outputs that are actuallty needed. So if we do "nix-build -A openssl.man", then only the "man" output should be downloaded. Likewise if another package depends on ${openssl.man}. The tricky part is that different derivations can depend on different outputs of a given derivation, so we may need to restart the corresponding derivation goal if that happens.
2012-11-26 Make "nix-build -A <derivation>.<output>" do the right thingEelco Dolstra1-3/+5
For example, given a derivation with outputs "out", "man" and "bin": $ nix-build -A pkg produces ./result pointing to the "out" output; $ nix-build -A pkg.man produces ./result-man pointing to the "man" output; $ nix-build -A pkg.all produces ./result, ./result-man and ./result-bin; $ nix-build -A pkg.all -A pkg2 produces ./result, ./result-man, ./result-bin and ./result-2.
2012-11-15 Disable use of vfork()Eelco Dolstra1-1/+1
vfork() is just too weird. For instance, in this build: http://hydra.nixos.org/build/3330487 the value fromHook.writeSide becomes corrupted in the parent, even though the child only reads from it. At -O0 the problem goes away. Probably the child is overriding some spilled temporary variable. If I get bored I may implement using posix_spawn() instead.
2012-11-15 Don't use std::cerr in a few placesEelco Dolstra1-10/+8
Slightly scared of using std::cerr in a vforked process...
2012-11-09 Use vfork() instead of fork() if availableEelco Dolstra1-14/+13
Hopefully this reduces the chance of hitting ‘unable to fork: Cannot allocate memory’ errors. vfork() is used for everything except starting builders.
2012-11-09 Remove some redundant close() callsEelco Dolstra1-6/+0
They are unnecessary because we set the close-on-exec flag.
2012-11-09 Remove the quickExit functionEelco Dolstra1-4/+4
2012-10-23 If hashes do not match, print them in base-32 for SHA-1/SHA-256Eelco Dolstra1-1/+1
Fixes #57.
2012-10-11 Shorten the names of temporary build directoriesEelco Dolstra1-1/+1
2012-10-03 nix-env: Support ‘--repair’ flagEelco Dolstra1-2/+4
2012-10-03 Handle repairing paths that are in build-chroot-dirsEelco Dolstra1-0/+7
2012-10-03 When repairing a derivation, check and repair the entire output closureEelco Dolstra1-2/+66
If we find a corrupted path in the output closure, we rebuild the derivation that produced that particular path.
2012-10-02 Add a --repair flag to ‘nix-store -r’ to repair derivation outputsEelco Dolstra1-59/+94
With this flag, if any valid derivation output is missing or corrupt, it will be recreated by using a substitute if available, or by rebuilding the derivation. The latter may use hash rewriting if chroots are not available.
2012-10-02 Add operation ‘nix-store --repair-path’Eelco Dolstra1-28/+67
This operation allows fixing corrupted or accidentally deleted store paths by redownloading them using substituters, if available. Since the corrupted path cannot be replaced atomically, there is a very small time window (one system call) during which neither the old (corrupted) nor the new (repaired) contents are available. So repairing should be used with some care on critical packages like Glibc.
2012-09-28 Handle octal escapes in /proc/self/mountinfoEelco Dolstra1-2/+3
2012-09-28 Print a more descriptive error message if setting up the build environment failsEelco Dolstra1-3/+14
2012-09-19 Remove setting of the immutable bitEelco Dolstra1-11/+2
Using the immutable bit is problematic, especially in conjunction with store optimisation. For instance, if the garbage collector deletes a file, it has to clear its immutable bit, but if the file has additional hard links, we can't set the bit afterwards because we don't know the remaining paths. So now that we support having the entire Nix store as a read-only mount, we may as well drop the immutable bit. Unfortunately, we have to keep the code to clear the immutable bit for backwards compatibility.
2012-09-19 Templatise tokenizeString()Eelco Dolstra1-11/+8