about summary refs log tree commit diff
path: root/src/libstore/build.cc
AgeCommit message (Collapse)AuthorFilesLines
2015-04-18 Add the pre-build hook.Shea Levy1-0/+36
This hook can be used to set system-specific per-derivation build settings that don't fit into the derivation model and are too complex or volatile to be hard-coded into nix. Currently, the pre-build hook can only add chroot dirs/files through the interface, but it also has full access to the chroot root. The specific use case for this is systems where the operating system ABI is more complex than just the kernel-support system calls. For example, on OS X there is a set of system-provided frameworks that can reliably be accessed by any program linked to them, no matter the version the program is running on. Unfortunately, those frameworks do not necessarily live in the same locations on each version of OS X, nor do their dependencies, and thus nix needs to know the specific version of OS X currently running in order to make those frameworks available. The pre-build hook is a perfect mechanism for doing just that.
2015-04-18 Revert "Add the pre-build hook."Shea Levy1-107/+0
Going to reimplement differently. This reverts commit 1e4a4a2e9fc382f47f58b448f3ee034cdd28218a.
2015-04-12 Add the pre-build hook.Shea Levy1-0/+107
This hook can be used to set system specific per-derivation build settings that don't fit into the derivation model and are too complex or volatile to be hard-coded into nix. Currently, the pre-build hook can only add chroot dirs/files. The specific use case for this is systems where the operating system ABI is more complex than just the kernel-supported system calls. For example, on OS X there is a set of system-provided frameworks that can reliably be accessed by any program linked to them, no matter the version the program is running on. Unfortunately, those frameworks do not necessarily live in the same locations on each version of OS X, nor do their dependencies, and thus nix needs to know the specific version of OS X currently running in order to make those frameworks available. The pre-build hook is a perfect mechanism for doing just that.
2015-04-07 Revert /nix/store permission back to 01775Eelco Dolstra1-1/+1
This broke NixOS VM tests. Mostly reverts 27b7b94923d2f207781b438bb7a57669bddf7d2b, 5ce50cd99e740d0d0f18c30327ae687be9356553, afa433e58c3fe6029660a43fdc2073c9d15b4210.
2015-04-02 Chroot builds: Provide world-readable /nix/storeEelco Dolstra1-1/+1
This was causing NixOS VM tests to fail mysteriously since 5ce50cd99e740d0d0f18c30327ae687be9356553. Nscd could (sometimes) no longer read /etc/hosts: open("/etc/hosts", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) Probably there was some wacky interaction between the guest kernel and the 9pfs implementation in QEMU.
2015-03-24 Improve setting the default chroot dirsEelco Dolstra1-1/+6
2015-03-24 Add the closure of store paths to the chrootEelco Dolstra1-0/+8
Thus, for example, to get /bin/sh in a chroot, you only need to specify /bin/sh=${pkgs.bash}/bin/sh in build-chroot-dirs. The dependencies of sh will be added automatically.
2015-03-24 Tighten permissions on chroot directoriesEelco Dolstra1-2/+12
2015-03-04 Don't use vfork() before clone()Eelco Dolstra1-1/+3
I'm seeing hangs in Glibc's setxid_mark_thread() again. This is probably because the use of an intermediate process to make clone() safe from a multi-threaded program (see 524f89f1399724e596f61faba2c6861b1bb7b9c5) is defeated by the use of vfork(), since the intermediate process will have a copy of Glibc's threading data structures due to the vfork(). So use a regular fork() again.
2015-03-03 Merge branch 'allow-system-library' of git://github.com/copumpkin/nixShea Levy1-1/+1
Make the default impure prefix include all of /System/Library
2015-03-02 Make the default impure prefix (not actual allowed impurities!) include all ↵Dan Peebles1-1/+1
of /System/Library, since we also want PrivateFrameworks from there and (briefly) TextEncodings, and who knows what else. Yay infectious impurities?
2015-03-02 Allow local networking in the darwin sandbox to appease testsDan Peebles1-0/+3
2015-02-23 More graceful fallback for chroots on Linux < 2.13Eelco Dolstra1-6/+5
2015-02-23 Use chroots for all derivationsEelco Dolstra1-12/+35
If ‘build-use-chroot’ is set to ‘true’, fixed-output derivations are now also chrooted. However, unlike normal derivations, they don't get a private network namespace, so they can still access the network. Also, the use of the ‘__noChroot’ derivation attribute is no longer allowed. Setting ‘build-use-chroot’ to ‘relaxed’ gives the old behaviour.
2015-02-17 Use $<attr>Path instead of $<attr> for passAsFileEelco Dolstra1-1/+1
2015-02-17 Allow passing attributes via files instead of environment variablesEelco Dolstra1-4/+16
Closes #473.
2015-02-16 Use pivot_root in addition to chroot when possibleHarald van Dijk1-7/+28
chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use.
2015-02-04 Require linux 3.13 or later for chrootShea Levy1-1/+6
Fixes #453
2015-01-18 Make inputs writeable in the sandbox (builds still can’t actually write ↵Daniel Peebles1-2/+7
due to user permissions)
2015-01-13 Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy1-1/+1
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 SysError -> ErrorEelco Dolstra1-1/+1
2015-01-13 Don't resolve symlinks while checking __impureHostDepsEelco Dolstra1-2/+5
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12 Add basic Apple sandbox supportDaniel Peebles1-17/+169
2015-01-08 Set /nix/store permission to 1737Eelco Dolstra1-15/+0
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-06 Fix building on DarwinEelco Dolstra1-1/+4
Fixes #433.
2014-12-23 Revive running builds in a PID namespaceEelco Dolstra1-30/+59
2014-12-12 Silence some warnings on GCC 4.9Eelco Dolstra1-2/+4
2014-12-12 Fix some memory leaksEelco Dolstra1-29/+9
2014-12-12 Ensure we're writing to stderr in the builderEelco Dolstra1-3/+3
http://hydra.nixos.org/build/17862041
2014-12-12 Remove chatty messageEelco Dolstra1-2/+0
This broke building with "-vv", because the builder is not allowed to write to stderr at this point.
2014-12-12 DohEelco Dolstra1-1/+1
2014-12-10 Don't do vfork in conjunction with setuidEelco Dolstra1-0/+2
2014-12-10 Rename functionEelco Dolstra1-4/+4
2014-11-24 Build derivations in a more predictable orderEelco Dolstra1-7/+41
Derivations are now built in order of derivation name, so a package named "aardvark" is built before "baboon". Fixes #399.
2014-11-24 Don't create unnecessary substitution goals for derivationsEelco Dolstra1-0/+5
2014-11-17 Fix messageEelco Dolstra1-1/+1
2014-11-14 Don't use ADDR_LIMIT_3GBEelco Dolstra1-1/+1
This gives 32-bit builds on x86_64-linux more memory.
2014-11-12 Make ~DerivationGoal more reliableEelco Dolstra1-7/+3
2014-10-29 Remove comments claiming we use a private PID namespaceEelco Dolstra1-8/+1
This is no longer the case since 524f89f1399724e596f61faba2c6861b1bb7b9c5.
2014-09-17 On Linux, disable address space randomizationEelco Dolstra1-5/+9
2014-09-17 Settings: Add bool get()Eelco Dolstra1-2/+2
2014-08-28 Add disallowedReferences / disallowedRequisitesEelco Dolstra1-26/+29
For the "stdenv accidentally referring to bootstrap-tools", it seems easier to specify the path that we don't want to depend on, e.g. disallowedRequisites = [ bootstrapTools ];
2014-08-28 Introduce allowedRequisites featureGergely Risko1-1/+18
2014-08-21 fix disappearing bash argumentsJoel Taylor1-2/+7
2014-08-21 Use unshare() instead of clone()Eelco Dolstra1-55/+35
It turns out that using clone() to start a child process is unsafe in a multithreaded program. It can cause the initialisation of a build child process to hang in setgroups(), as seen several times in the build farm: The reason is that Glibc thinks that the other threads of the parent exist in the child, so in setxid_mark_thread() it tries to get a futex that has been acquired by another thread just before the clone(). With fork(), Glibc runs pthread_atfork() handlers that take care of this (in particular, __reclaim_stacks()). But clone() doesn't do that. Fortunately, we can use fork()+unshare() instead of clone() to set up private namespaces. See also https://www.mail-archive.com/lxc-devel@lists.linuxcontainers.org/msg03434.html.
2014-08-20 Use proper quotes everywhereEelco Dolstra1-87/+87
2014-08-20 Add some colorEelco Dolstra1-37/+1
2014-08-20 Filter Nix-specific ANSI escape sequences from stderrEelco Dolstra1-1/+37
The Nixpkgs stdenv prints some custom escape sequences to denote nesting and stuff like that. Most terminals (e.g. xterm, konsole) ignore them, but some do not (e.g. xfce4-terminal). So for the benefit of the latter, filter them out.
2014-08-19 Make hook shutdown more reliableEelco Dolstra1-1/+1
2014-08-18 DohEelco Dolstra1-4/+1