Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
As a side effect, this ensures that signatures are propagated when
copying paths between stores.
Also refactored import/export to make use of this.
|
|
|
|
This is to allow store-specific configuration,
e.g. s3://my-cache?compression=bzip2&secret-key=/path/to/key.
|
|
Substitution is now simply a Store -> Store copy operation, most
typically from BinaryCacheStore to LocalStore.
|
|
This allows commands like "nix verify --all" or "nix path-info --all"
to work on S3 caches.
Unfortunately, this requires some ugly hackery: when querying the
contents of the bucket, we don't want to have to read every .narinfo
file. But the S3 bucket keys only include the hash part of each store
path, not the name part. So as a special exception
queryAllValidPaths() can now return store paths *without* the name
part, and queryPathInfo() accepts such store paths (returning a
ValidPathInfo object containing the full name).
|
|
This re-implements the binary cache database in C++, allowing it to be
used by other Store backends, in particular the S3 backend.
|
|
Caching path info is generally useful. For instance, it speeds up "nix
path-info -rS /run/current-system" (i.e. showing the closure sizes of
all paths in the closure of the current system) from 5.6s to 0.15s.
This also eliminates some APIs like Store::queryDeriver() and
Store::queryReferences().
|
|
http://hydra.nixos.org/build/34453794
|
|
This feature was implemented for Hydra, but Hydra no longer uses it.
|
|
Necessary for multi-threaded commands like "nix verify-paths".
|
|
Locally-built paths are now signed automatically using the secret keys
specified by the ‘secret-key-files’ option.
|
|
This imports signatures from one store into another. E.g.
$ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/
imported 595 signatures
|
|
These are content-addressed paths or outputs of locally performed
builds. They are trusted even if they don't have signatures, so "nix
verify-paths" won't complain about them.
|
|
In particular, this eliminates a bunch of boilerplate code.
|
|
|
|
|
|
|
|
This allows applying nix-store --verify-path to binary cache stores:
NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7...
|
|
|
|
|
|
This enables an optimisation in hydra-queue-runner, preventing a
download of a NAR it just uploaded to the cache when reading files
like hydra-build-products.
|
|
Also makes it robust against concurrent deletions.
|
|
|
|
This eliminates some unnecessary (presumably cached) I/O.
|
|
http://hydra.nixos.org/build/32085949
|
|
|
|
|
|
|
|
Also, move a few free-standing functions into StoreAPI and Derivation.
Also, introduce a non-nullable smart pointer, ref<T>, which is just a
wrapper around std::shared_ptr ensuring that the pointer is never
null. (For reference-counted values, this is better than passing a
"T&", because the latter doesn't maintain the refcount. Usually, the
caller will have a shared_ptr keeping the value alive, but that's not
always the case, e.g., when passing a reference to a std::thread via
std::bind.)
|
|
|
|
Previously files in the Nix store were owned by root or by nixbld,
depending on whether they were created by a substituter or by a
builder. This doesn't matter much, but causes spurious diffoscope
differences. So use root everywhere.
|
|
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent
ambiguity.
|
|
And make exportPath() less spammy by default.
|
|
|
|
|
|
|
|
|
|
This broke NixOS VM tests.
Mostly reverts 27b7b94923d2f207781b438bb7a57669bddf7d2b,
5ce50cd99e740d0d0f18c30327ae687be9356553,
afa433e58c3fe6029660a43fdc2073c9d15b4210.
|
|
|
|
|
|
|
|
I.e., not readable to the nixbld group. This improves purity a bit for
non-chroot builds, because it prevents a builder from enumerating
store paths (i.e. it can only access paths it knows about).
|
|
See NixOS/nixpkgs@9245516
|
|
|
|
The pid field can be -1 if forking the substituter process failed.
|
|
|
|
Fixes #269.
|
|
|
|
|