| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
/tmp/nix-<pid>-<counter> for temporary build directories. This
increases purity a bit: many packages store the temporary build path
in their output, causing (generally unimportant) binary differences.
|
|
* nix-store --register-validity: option to supply the content hash of
each path.
* Removed compatibility with Nix <= 0.7 stores.
|
|
|
|
exportBuildReferenceGraph
|
|
* queryDeriver in daemon mode: don't barf if the other side returns an
empty string (which means there is no deriver).
|
|
|
|
|
|
* Removed some debug messages.
|
|
executed in a chroot that contains just the Nix store, the temporary
build directory, and a configurable set of additional directories
(/dev and /proc by default). This allows a bit more purity
enforcement: hidden build-time dependencies on directories such as
/usr or /nix/var/nix/profiles are no longer possible. As an added
benefit, accidental network downloads (cf. NIXPKGS-52) are prevented
as well (because files such as /etc/resolv.conf are not available in
the chroot).
However the usefulness of chroots is diminished by the fact that
many builders depend on /bin/sh, so you need /bin in the list of
additional directories. (And then on non-NixOS you need /lib as
well...)
|
|
lock on the output path after trying each. Otherwise the
pathIsLockedByMe() test gets confused.
|
|
fixed-output derivations or substitutions try to build the same
store path at the same time. Locking generally catches this, but
not between multiple goals in the same process. This happened
especially often (actually, only) in the build farm with fetchurl
downloads of the same file being executed on multiple machines and
then copied back to the main machine where they would clobber each
other (NIXBF-13).
Solution: if a goal notices that the output path is already locked,
then go to sleep until another goal finishes (hopefully the one
locking the path) and try again.
|
|
need any info on substitutable paths, we just call the substituters
(such as download-using-manifests.pl) directly. This means that
it's no longer necessary for nix-pull to register substitutes or for
nix-channel to clear them, which makes those operations much faster
(NIX-95). Also, we don't have to worry about keeping nix-pull
manifests (in /nix/var/nix/manifests) and the database in sync with
each other.
The downside is that there is some overhead in calling an external
program to get the substitutes info. For instance, "nix-env -qas"
takes a bit longer.
Abolishing the substitutes table also makes the logic in
local-store.cc simpler, as we don't need to store info for invalid
paths. On the downside, you cannot do things like "nix-store -qR"
on a substitutable but invalid path (but nobody did that anyway).
* Never catch interrupts (the Interrupted exception).
|
|
|
|
environment cleanly even when an exception is thrown from a
destructor. We still crash, but we don't take all other Nix
processes with us.
|
|
|
|
signal. This is necessary because those processes may have joined
the BDB environment, so they have to be given a chance to clean up.
(NIX-85)
|
|
|
|
in /nix/etc/nix/signing-key.sec
|
|
|
|
from a source directory. All files for which a predicate function
returns true are copied to the store. Typical example is to leave
out the .svn directory:
stdenv.mkDerivation {
...
src = builtins.filterSource
(path: baseNameOf (toString path) != ".svn")
./source-dir;
# as opposed to
# src = ./source-dir;
}
This is important because the .svn directory influences the hash in
a rather unpredictable and variable way.
|
|
|
|
very carefully, since it can invalidate iterators into the
`children' map.
|
|
* Throw more exceptions as BuildErrors instead of Errors. This
matters when --keep-going is turned on. (A BuildError is caught
and terminates the goal in question, an Error terminates the
program.)
|
|
seconds without producing output on stdout or stderr (NIX-65). This
timeout can be specified using the `--max-silent-time' option or the
`build-max-silent-time' configuration setting. The default is
infinity (0).
* Fix a tricky race condition: if we kill the build user before the
child has done its setuid() to the build user uid, then it won't be
killed, and we'll potentially lock up in pid.wait(). So also send a
conventional kill to the child.
|
|
in case of failure.
|
|
|
|
back to the Nix account.
|
|
|
|
since if we're running a build user in non-root mode, we can't. Let
the setuid helper do it.
|
|
processes before and after the build.
|
|
ownership, then try again.
|
|
ownership of the build result after the build.
|
|
deleting them using the setuid helper.
|
|
|
|
builder under the desired build user.
|
|
|
|
|
|
`build-users-group'. This makes configuration easier: you can just
add users in /etc/group.
|
|
that have to be done as root: running builders under different uids,
changing ownership of build results, and deleting paths in the store
with the wrong ownership).
|
|
|
|
changes completely depending on whether you're root...
|
|
|
|
`nix-store --delete'. But unprivileged users are not allowed to
ignore liveness.
* `nix-store --delete --ignore-liveness': ignore the runtime roots as
well.
|
|
* Added `build-users-group', the group under which builds are to be
performed.
* Check that /nix/store has 1775 permission and is owner by the
build-users-group.
|
|
client.
|
|
syncWithGC() to allow clients to register GC roots without needing
write access to the global roots directory or the GC lock.
|
|
* Added new operation hasSubstitutes(), which is more efficient than
querySubstitutes().size() > 0.
|
|
|
|
containing functions that operate on the Nix store. One
implementation is LocalStore, which operates on the Nix store
directly. The next step, to enable secure multi-user Nix, is to
create a different implementation RemoteStore that talks to a
privileged daemon process that uses LocalStore to perform the actual
operations.
|
|
now that reference scanning is sufficiently streamy.
|
