about summary refs log tree commit diff
path: root/src/libstore/build.cc
AgeCommit message (Collapse)AuthorFilesLines
2016-06-09 Run builds in a user namespaceEelco Dolstra1-14/+65
This way, all builds appear to have a uid/gid of 0 inside the chroot. In the future, this may allow using programs like systemd-nspawn inside builds, but that will require assigning a larger UID/GID map to the build. Issue #625.
2016-06-09 Use O_CLOEXEC in most placesEelco Dolstra1-2/+1
2016-06-03 Support sandbox builds by non-root usersEelco Dolstra1-53/+63
This allows an unprivileged user to perform builds on a diverted store (i.e. where the physical store location differs from the logical location). Example: $ NIX_LOG_DIR=/tmp/log NIX_REMOTE="local?real=/tmp/store&state=/tmp/var" nix-build -E \ 'with import <nixpkgs> {}; runCommand "foo" { buildInputs = [procps nettools]; } "id; ps; ifconfig; echo $out > $out"' will do a build in the Nix store physically in /tmp/store but logically in /nix/store (and thus using substituters for the latter).
2016-06-03 Don't call shared_from_this() from a destructorEelco Dolstra1-1/+1
2016-06-02 LocalStore: Allow the physical and logical store directories to differEelco Dolstra1-0/+3
This is primarily to subsume the functionality of the copy-from-other-stores substituter. For example, in the NixOS installer, we can now do (assuming we're in the target chroot, and the Nix store of the installation CD is bind-mounted on /tmp/nix): $ nix-build ... --option substituters 'local?state=/tmp/nix/var&real=/tmp/nix/store' However, unlike copy-from-other-stores, this also allows write access to such a store. One application might be fetching substitutes for /nix/store in a situation where the user doesn't have sufficient privileges to create /nix, e.g.: $ NIX_REMOTE="local?state=/home/alice/nix/var&real=/home/alice/nix/store" nix-build ...
2016-06-02 Respect build-use-substitutesEelco Dolstra1-1/+1
2016-06-01 Skip substituters with an incompatible store directoryEelco Dolstra1-0/+5
2016-06-01 Make the store directory a member variable of StoreEelco Dolstra1-15/+15
2016-05-30 Check signatures before downloading the substituteEelco Dolstra1-0/+10
2016-05-30 Fix repair during substitutionEelco Dolstra1-1/+2
2016-05-04 Cleanup: Remove singleton()Eelco Dolstra1-4/+3
2016-05-04 Do compression in a sinkEelco Dolstra1-42/+19
2016-05-04 Add a copyStorePath() utility functionEelco Dolstra1-5/+1
2016-04-29 Eliminate the substituter mechanismEelco Dolstra1-207/+85
Substitution is now simply a Store -> Store copy operation, most typically from BinaryCacheStore to LocalStore.
2016-04-28 Really handle carriage returnEelco Dolstra1-4/+9
2016-04-25 Handle carriage returnEelco Dolstra1-12/+7
2016-04-25 Show the log tail when a build failsEelco Dolstra1-9/+45
If --no-build-output is given (which will become the default for the "nix" command at least), show the last 10 lines of the build output if the build fails.
2016-04-25 Remove --print-build-traceEelco Dolstra1-44/+1
This was added to support Hydra, but Hydra no longer uses it.
2016-04-25 Improved logging abstractionEelco Dolstra1-14/+7
This also gets rid of --log-type, since the nested log type isn't useful in a multi-threaded situation, and nobody cares about the "pretty" log type.
2016-04-19 Move path info caching from BinaryCacheStore to StoreEelco Dolstra1-5/+5
Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-16 Print out all bad references/requisites at onceDan Peebles1-2/+13
Also updates tests to check for new information. Fixes #799
2016-04-14 Set RLIMIT_CORE to 0, infinity in buildersEelco Dolstra1-0/+7
This prevents the builder from being affected by whatever the host system limits happen to be.
2016-04-08 Remove failed build cachingEelco Dolstra1-40/+1
This feature was implemented for Hydra, but Hydra no longer uses it.
2016-04-08 Make LocalStore thread-safeEelco Dolstra1-4/+39
Necessary for multi-threaded commands like "nix verify-paths".
2016-04-07 Sign locally-built pathsEelco Dolstra1-0/+3
Locally-built paths are now signed automatically using the secret keys specified by the ‘secret-key-files’ option.
2016-03-30 LocalStore: Keep track of ultimately trusted pathsEelco Dolstra1-0/+9
These are content-addressed paths or outputs of locally performed builds. They are trusted even if they don't have signatures, so "nix verify-paths" won't complain about them.
2016-03-04 Eliminate some large string copyingEelco Dolstra1-3/+3
2016-03-03 build.cc: fs.h doesn't appear to be necessary anymoreNathan Zadoks1-1/+0
2016-02-24 deletePath(): Succeed if path doesn't existEelco Dolstra1-13/+9
Also makes it robust against concurrent deletions.
2016-02-16 Rename ValidPathInfo::hash -> narHash for consistencyEelco Dolstra1-3/+3
2016-02-04 Eliminate the "store" global variableEelco Dolstra1-63/+22
Also, move a few free-standing functions into StoreAPI and Derivation. Also, introduce a non-nullable smart pointer, ref<T>, which is just a wrapper around std::shared_ptr ensuring that the pointer is never null. (For reference-counted values, this is better than passing a "T&", because the latter doesn't maintain the refcount. Usually, the caller will have a shared_ptr keeping the value alive, but that's not always the case, e.g., when passing a reference to a std::thread via std::bind.)
2016-01-31 Add build mode to compute fixed-output derivation hashesEelco Dolstra1-6/+32
For example, $ nix-build --hash -A nix-repl.src will build the fixed-output derivation nix-repl.src (a fetchFromGitHub call), but instead of *verifying* the hash given in the Nix expression, it prints out the resulting hash, and then moves the result to its content-addressed location in the Nix store. E.g build produced path ‘/nix/store/504a4k6zi69dq0yjc0bm12pa65bccxam-nix-repl-8a2f5f0607540ffe56b56d52db544373e1efb980-src’ with sha256 hash ‘0cjablz01i0g9smnavhf86imwx1f9mnh5flax75i615ml71gsr88’ The goal of this is to make all nix-prefetch-* scripts unnecessary: we can just let Nix run the real thing (i.e., the corresponding fetch* derivation). Another example: $ nix-build --hash -E 'with import <nixpkgs> {}; fetchgit { url = "https://github.com/NixOS/nix.git"; sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffff"; }' ... git revision is 9e7c1a4bbdbe6129dd9dc385776612c307d3d1bb ... build produced path ‘/nix/store/gmsnh9i7x4mb7pyd2ns7n3c9l90jfsi1-nix’ with sha256 hash ‘1188xb621diw89n25rifqg9lxnzpz7nj5bfh4i1y3dnis0dmc0zp’ (Having to specify a fake sha256 hash is a bit annoying...)
2016-01-12 --option build-repeat: Keep the differing output if -K is givenEelco Dolstra1-7/+38
Similar to 00903fa79961d7eb0fadeb9ed2d7cda7821dc293. Regardless of -K, we now also print which output differs.
2016-01-12 --check: Keep the differing output if -K is givenEelco Dolstra1-2/+12
This makes it easier to investigate the non-determinism, e.g. $ nix-build pkgs/stdenv/linux -A stage1.pkgs.zlib --check -K error: derivation ‘/nix/store/l54i8wlw22656i4pk05c52ngv9rpl39q-zlib-1.2.8.drv’ may not be deterministic: output ‘/nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8’ differs from ‘/nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8-check’ $ diffoscope /nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8 /nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8-check ... ├── lib/libz.a │ ├── metadata │ │ @@ -1,15 +1,15 @@ │ │ -rw-r--r-- 30001/30000 3096 Jan 12 15:20 2016 adler32.o ... │ │ +rw-r--r-- 30001/30000 3096 Jan 12 15:28 2016 adler32.o ...
2016-01-12 --check: Fix "failed to produce output path"Eelco Dolstra1-1/+1
This occured when sandbox building is disabled, at least one output exists, and at least one other output does not.
2016-01-12 --check: Fix assertion failure when some outputs are missingEelco Dolstra1-1/+1
E.g. $ nix-build pkgs/stdenv/linux/ -A stage1.pkgs.perl --check nix-store: src/libstore/build.cc:1323: void nix::DerivationGoal::tryToBuild(): Assertion `buildMode != bmCheck || validPaths.size() == drv->outputs.size()' failed. when perl.out exists but perl.man doesn't. The fix is to only check the outputs that exist. Note that "nix-build -A stage1.pkgs.all --check" will still give a (proper) error in this case.
2016-01-07 Fix "Bad address" executing build hookEelco Dolstra1-5/+9
This was observed in the deb_debian7x86_64 build: http://hydra.nixos.org/build/29973215 Calling c_str() on a temporary should be fine because the temporary shouldn't be destroyed until after the execl() call, but who knows...
2016-01-07 Fix some signedness warningsEelco Dolstra1-1/+1
2016-01-06 nix-store --repair-path: Rebuild if there is no substituterEelco Dolstra1-2/+12
2016-01-06 Fix --repair failure on multiple-output derivationsEelco Dolstra1-1/+3
If repair found a corrupted/missing path that depended on a multiple-output derivation, and some of the outputs of the latter were not present, it failed with a message like error: path ‘/nix/store/cnfn9d5fjys1y93cz9shld2xwaibd7nn-bash-4.3-p42-doc’ is not valid
2016-01-05 Fix non-Darwin buildEelco Dolstra1-0/+2
2016-01-05 libstore: mmap() returns MAP_FAILED, not NULL on failureTuomas Tynkkynen1-1/+1
2016-01-04 Don't allow sandbox profile except in relaxed modeEelco Dolstra1-5/+10
This makes Darwin consistent with Linux: Nix expressions can't break out of the sandbox unless relaxed sandbox mode is enabled. For the normal sandbox mode this will require fixing #759 however.
2015-12-29 Fix regression in passAsFileEelco Dolstra1-2/+3
Caused by 8063fc497ab78fa72962b93874fe25dcca2b55ed. If tmpDir != tmpDirInSandbox (typically when there are multiple concurrent builds with the same name), the *Path attribute would not point to an existing file. This caused Nixpkgs' writeTextFile to write an empty file. In particular this showed up as hanging VM builds (because it would run an empty run-nixos-vm script and then wait for it to finish booting).
2015-12-22 Handle /tmp being a symlinkEelco Dolstra1-1/+1
Hopefully fixes Darwin sandbox regression introduced in 8063fc497ab78fa72962b93874fe25dcca2b55ed.
2015-12-22 Fix bad error message in Darwin chrootsEelco Dolstra1-1/+3
2015-12-10 Build sandbox support etc. unconditionally on LinuxEelco Dolstra1-39/+17
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent ambiguity.
2015-12-08 Clarify error message for hash mismatches (again)Bjørn Forsman1-2/+2
This is arguably nitpicky, but I think this new formulation is even clearer. My thinking is that it's easier to comprehend when the calculated hash value is displayed close to the output path. (I think it is somewhat similar to eliminating double negatives in logic statements.) The formulation is inspired / copied from the OpenEmbedded build tool, bitbake.
2015-12-02 Use deterministic $TMPDIR in sandboxEelco Dolstra1-28/+36
Rather than using $<host-TMPDIR>/nix-build-<drvname>-<number>, the temporary directory is now always /tmp/nix-build-<drvname>-0. This improves bitwise-exact reproducibility for builds that store $TMPDIR in their build output. (Of course, those should still be fixed...)
2015-11-25 Merge branch 'p/sandbox-rename-minimal' of https://github.com/vcunat/nixEelco Dolstra1-8/+15