about summary refs log tree commit diff
path: root/src/libstore/build.cc
AgeCommit message (Collapse)AuthorFilesLines
2019-02-05 Revert "Restore parent mount namespace before executing a child process"Eelco Dolstra1-2/+0
This reverts commit a0ef21262f4d5652bfb65cfacaec01d89c475a93. This doesn't work in 'nix run' and nix-shell because setns() fails in multithreaded programs, and Boehm GC mark threads are uncancellable. Fixes #2646.
2018-12-12 libstore: improve hash mismatch error messageszimbatm1-2/+2
Use the same output ordering and format everywhere. This is such a common issue that we trade the single-line error message for more readability. Old message: ``` fixed-output derivation produced path '/nix/store/d4nw9x2sy9q3r32f3g5l5h1k833c01vq-example.com' with sha256 hash '08y4734bm2zahw75b16bcmcg587vvyvh0n11gwiyir70divwp1rm' instead of the expected hash '1xzwnipjd54wl8g93vpw6hxnpmdabq0wqywriiwmh7x8k0lvpq5m' ``` New message: ``` hash mismatch in fixed-output derivation '/nix/store/d4nw9x2sy9q3r32f3g5l5h1k833c01vq-example.com': wanted: sha256:1xzwnipjd54wl8g93vpw6hxnpmdabq0wqywriiwmh7x8k0lvpq5m got: sha256:08y4734bm2zahw75b16bcmcg587vvyvh0n11gwiyir70divwp1rm ```
2018-11-15 Fix 'Read-only file system' when building a derivationEelco Dolstra1-0/+2
2018-10-27 Restore old (dis)allowedRequisites behaviour for self-referencesEelco Dolstra1-29/+34
stdenv relies on this. So ignore self-references (but only in legacy non-structured attributes mode).
2018-10-23 Per-output reference and closure size checksEelco Dolstra1-51/+168
In structured-attributes derivations, you can now specify per-output checks such as: outputChecks."out" = { # The closure of 'out' must not be larger than 256 MiB. maxClosureSize = 256 * 1024 * 1024; # It must not refer to C compiler or to the 'dev' output. disallowedRequisites = [ stdenv.cc "dev" ]; }; outputChecks."dev" = { # The 'dev' output must not be larger than 128 KiB. maxSize = 128 * 1024; }; Also fixed a bug in allowedRequisites that caused it to ignore self-references.
2018-09-28 Check requiredSystemFeatures for local buildsEelco Dolstra1-12/+9
For example, this prevents a "kvm" build on machines that don't have KVM. Fixes #2012.
2018-09-28 Move structured attrs handling into a separate classEelco Dolstra1-98/+15
This is primarily because Derivation::{can,will}BuildLocally() depends on attributes like preferLocalBuild and requiredSystemFeatures, but it can't handle them properly because it doesn't have access to the structured attributes.
2018-09-28 Remove obsolete check on system featuresEelco Dolstra1-1/+0
2018-09-28 Support special attributes in structured attributes derivationsEelco Dolstra1-94/+175
E.g. __noChroot and allowedReferences now work correctly. We also now check that the attribute type is correct. For instance, instead of allowedReferences = "out"; you have to write allowedReferences = [ "out" ]; Fixes #2453.
2018-09-07 If fallback is enabled, temporarily disable substituters after a failureEelco Dolstra1-0/+6
Otherwise, we just keep asking the substituter for other .narinfo files, which can take a very long time due to retries/timeouts.
2018-09-07 Handle queryPathInfo() failure from substituters when fallback is enabledEelco Dolstra1-0/+7
Fixes #1990.
2018-08-31 Add localhost alias for ::1 to the sandboxEelco Dolstra1-1/+1
2018-06-12 Fix #2162: use getaddrinfo instead of curl to preload NSSYorick van Pelt1-4/+8
2018-06-05 Don't require --fallback to recover from disappeared binary cache NARsEelco Dolstra1-11/+21
2018-05-30 Modularize config settingsEelco Dolstra1-2/+4
Allow global config settings to be defined in multiple Config classes. For example, this means that libutil can have settings and evaluator settings can be moved out of libstore. The Config classes are registered in a new GlobalConfig class to which config files etc. are applied. Relevant to https://github.com/NixOS/nix/issues/2009 in that it removes the need for ad hoc handling of useCaseHack, which was the underlying cause of that issue.
2018-05-03 Don't set a CA assertion for paths with referencesEelco Dolstra1-0/+2
Really fixes #2133.
2018-05-02 Fix some random -Wconversion warningsEelco Dolstra1-3/+3
2018-04-23 Merge branch 'aarch64-armv7' of git://github.com/lheckemann/nixShea Levy1-0/+4
Support extra compatible architectures (#1916)
2018-04-20 build.cc: fix bind-mount of /dev/{pts,ptmx} fallbackWill Dietz1-2/+2
Don't bind-mount these to themselves, mount them into the chroot directory. Fixes pty issues when using sandbox on CentOS 7.4. (build of perlPackages.IOTty fails before this change)
2018-04-17 exportReferences: Check whether the path is in the input closureEelco Dolstra1-11/+14
Fixes #2082.
2018-04-13 Fix #1921Eelco Dolstra1-1/+1
2018-03-22 Merge branch 'fix/avoid-large-stack-buffers' of https://github.com/dtzWill/nixEelco Dolstra1-3/+3
2018-03-20 Make <nix/buildenv.nix> a builtin builderEelco Dolstra1-0/+2
This avoids sandbox annoyances.
2018-03-20 Hack to get SSH error messages from build-remoteEelco Dolstra1-0/+5
E.g. cannot build on 'ssh://mac1': cannot connect to 'mac1': bash: nix-store: command not found cannot build on 'ssh://mac2': cannot connect to 'mac2': Host key verification failed. cannot build on 'ssh://mac3': cannot connect to 'mac3': Received disconnect from 213... port 6001:2: Too many authentication failures Authentication failed.
2018-03-14 Use boost::format from the boost packageEelco Dolstra1-3/+3
Note that this only requires headers from boost so it doesn't add a runtime dependency. Also, use Nixpkgs 18.03.
2018-03-13 TypoEelco Dolstra1-1/+1
2018-03-06 rand() -> random(), since we use srandom().Will Dietz1-1/+1
rand() requires we call srand() instead, but might as well use random().
2018-03-02 hoist vector out of loop just in caseWill Dietz1-1/+1
2018-03-02 don't allocate large buffers on the stackWill Dietz1-3/+3
2018-02-27 seccomp: add 32-bit ARM on aarch64-linuxLinus Heckemann1-0/+4
This allows building armv[67]l-linux derivations on compatible aarch64 machines. Failure to add the architecture may result from missing hardware support, in which case we can't run 32-bit binaries and don't need to restrict them with seccomp anyway,
2018-02-19 Fix incorrect (and unnecessary) format stringEelco Dolstra1-3/+3
https://hydra.nixos.org/eval/1434547#tabs-now-fail
2018-02-19 Don't silently succeed seccomp setup when !HAVE_SECCOMP.Shea Levy1-2/+7
Running Nix with build users without seccomp on Linux is dangerous, and administrators should very explicitly opt-in to it.
2018-02-18 configure: Add a flag to disable seccomp.Shea Levy1-1/+3
This is needed for new arches where libseccomp support doesn't exist yet. Fixes #1878.
2018-02-12 Fix 'deadlock: trying to re-acquire self-held lock'Eelco Dolstra1-13/+17
This was caused by derivations with 'allowSubstitutes = false'. Such derivations will be built locally. However, if there is another SubstitionGoal that has the output of the first derivation in its closure, then the path will be simultaneously built and substituted. There was a check to catch this situation (via pathIsLockedByMe()), but it no longer worked reliably because substitutions are now done in another thread. (Thus the comment 'It can't happen between here and the lockPaths() call below because we're not allowing multi-threading' was no longer valid.) The fix is to handle the path already being locked in both SubstitutionGoal and DerivationGoal.
2018-02-09 nix: Ensure that the user sees errors from substitutersEelco Dolstra1-3/+3
2018-02-07 Improve filtering of ANSI escape sequences in build logsEelco Dolstra1-1/+1
All ANSI sequences except color setting are now filtered out. In particular, terminal resets (such as from NixOS VM tests) are filtered out. Also, fix the completely broken tab character handling.
2018-02-05 Allow substituters to be marked as trustedEelco Dolstra1-2/+5
This is needed by nixos-install, which uses the Nix store on the installation CD as a substituter. We don't want to disable signature checking entirely because substitutes from cache.nixos.org should still be checked. So now we can pas "local?trusted=1" to mark only the Nix store in /nix as not requiring signatures. Fixes #1819.
2018-02-05 Fix segfault using non-binary cache stores as substitutersEelco Dolstra1-1/+1
2018-02-03 Remove nix-build --hashEelco Dolstra1-20/+27
Instead, if a fixed-output derivation produces has an incorrect output hash, we now unconditionally move the outputs to the path corresponding with the actual hash and register it as valid. Thus, after correcting the hash in the Nix expression (e.g. in a fetchurl call), the fixed-output derivation doesn't have to be built again. It would still be good to have a command for reporting the actual hash of a fixed-output derivation (instead of throwing an error), but "nix-build --hash" didn't do that.
2018-01-23 Fix obscure corner case in name resolution for builtin:fetchurl in sandboxed ↵Dan Peebles1-0/+17
environments
2018-01-19 Rewrite builtin derivation environmentEelco Dolstra1-1/+6
Also add a test. Fixes #1803. Closes #1805.
2018-01-15 Barf when using a diverted store on macOSEelco Dolstra1-2/+7
Fixes #1792.
2017-12-11 Mark comparison call operator as constWill Dietz1-2/+2
2017-11-28 Show log tail when a remote build failsEelco Dolstra1-2/+2
2017-10-30 Merge pull request #1646 from copumpkin/optional-sandbox-local-networkEelco Dolstra1-3/+9
Allow optional localhost network access to sandboxed derivations
2017-10-30 Allow optional localhost network access to sandboxed derivationsDan Peebles1-3/+9
This will allow bind and connect to 127.0.0.1, which can reduce purity/ security (if you're running a vulnerable service on localhost) but is also needed for a ton of test suites, so I'm leaving it turned off by default but allowing certain derivations to turn it on as needed. It also allows DNS resolution of arbitrary hostnames but I haven't found a way to avoid that. In principle I'd just want to allow resolving localhost but that doesn't seem to be possible. I don't think this belongs under `build-use-sandbox = relaxed` because we want it on Hydra and I don't think it's the end of the world.
2017-10-25 Fix building on clangEelco Dolstra1-2/+2
https://hydra.nixos.org/build/62945761
2017-10-25 exportReferencesGraph: Allow exporting a list of store pathsEelco Dolstra1-14/+22
2017-10-25 Fix exportReferencesGraph in the structured attrs caseEelco Dolstra1-69/+68
2017-10-25 Pass lists/attrsets to bash as (associative) arraysEelco Dolstra1-3/+93