about summary refs log tree commit diff
path: root/src/libstore/local-store.hh
AgeCommit message (Collapse)AuthorFilesLines
2015-09-18 Shut up clang warningsEelco Dolstra1-29/+29
2015-07-17 Allow remote builds without sending the derivation closureEelco Dolstra1-0/+3
Previously, to build a derivation remotely, we had to copy the entire closure of the .drv file to the remote machine, even though we only need the top-level derivation. This is very wasteful: the closure can contain thousands of store paths, and in some Hydra use cases, include source paths that are very large (e.g. Git/Mercurial checkouts). So now there is a new operation, StoreAPI::buildDerivation(), that performs a build from an in-memory representation of a derivation (BasicDerivation) rather than from a on-disk .drv file. The only files that need to be in the Nix store are the sources of the derivation (drv.inputSrcs), and the needed output paths of the dependencies (as described by drv.inputDrvs). "nix-store --serve" exposes this interface. Note that this is a privileged operation, because you can construct a derivation that builds any store path whatsoever. Fixing this will require changing the hashing scheme (i.e., the output paths should be computed from the other fields in BasicDerivation, allowing them to be verified without access to other derivations). However, this would be quite nice because it would allow .drv-free building (e.g. "nix-env -i" wouldn't have to write any .drv files to disk). Fixes #173.
2015-03-25 addToStore(): Take explicit name argumentEelco Dolstra1-1/+1
2014-11-19 Clean up temp roots in a more C++ wayEelco Dolstra1-0/+4
2014-09-01 Add an 'optimiseStore' remote procedure call.Ludovic Courtès1-0/+3
2014-05-26 Use std::unordered_setEelco Dolstra1-10/+2
2014-05-15 nix-store --optimise: Remove bogus statisticsEelco Dolstra1-4/+2
2014-05-15 Shortcut store files before lstatWout Mertens1-0/+1
readdir() already returns the inode numbers, so we don't need to call lstat to know if a file was already linked or not.
2014-05-14 Use the inodes given by readdir directlyWout Mertens1-4/+4
2014-05-13 Preload linked hashes to speed up lookupsWout Mertens1-1/+13
By preloading all inodes in the /nix/store/.links directory, we can quickly determine of a hardlinked file was already linked to the hashed links. This is tolerant of removing the .links directory, it will simply recalculate all hashes in the store.
2014-02-18 Add a flag ‘--check’ to verify build determinismEelco Dolstra1-1/+1
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.
2013-11-14 Remove nix-setuid-helperEelco Dolstra1-13/+1
AFAIK, nobody uses it, it's not maintained, and it has no tests.
2013-10-16 Retry all SQLite operationsEelco Dolstra1-0/+4
To deal with SQLITE_PROTOCOL, we also need to retry read-only operations.
2013-08-26 Fix typos, especially those that end up in the Nix manualIvan Kozik1-1/+1
2013-06-20 Don't keep "disabled" substituters runningEelco Dolstra1-0/+2
For instance, it's pointless to keep copy-from-other-stores running if there are no other stores, or download-using-manifests if there are no manifests. This also speeds things up because we don't send queries to those substituters.
2013-06-13 Allow hard links between the outputs of a derivationEelco Dolstra1-0/+5
2013-06-07 Process stderr from substituters while doing have/info queriesEelco Dolstra1-0/+1
2013-06-07 Buffer reads from the substituterEelco Dolstra1-0/+5
This greatly reduces the number of system calls.
2013-03-08 Revert "Prevent config.h from being clobbered"Eelco Dolstra1-2/+2
This reverts commit 28bba8c44f484eae38e8a15dcec73cfa999156f6.
2013-03-07 Prevent config.h from being clobberedEelco Dolstra1-2/+2
2013-02-27 Refactoring: Split off the non-recursive canonicalisePathMetaData()Eelco Dolstra1-1/+1
Also, change the file mode before changing the owner. This prevents a slight time window in which a setuid binary would be setuid root.
2013-02-26 Security: Don't allow builders to change permissions on files they don't ownEelco Dolstra1-2/+2
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway.
2013-01-03 Clear any immutable bits in the Nix storeEelco Dolstra1-2/+3
Doing this once makes subsequent operations like garbage collecting more efficient since we don't have to call makeMutable() first.
2012-12-20 nix-store -q --roots: Respect the gc-keep-outputs/gc-keep-derivations settingsEelco Dolstra1-4/+0
So if a path is not garbage solely because it's reachable from a root due to the gc-keep-outputs or gc-keep-derivations settings, ‘nix-store -q --roots’ now shows that root.
2012-12-20 Yet another rewrite of the garbage collectorEelco Dolstra1-1/+5
But this time it's *obviously* correct! No more segfaults due to infinite recursions for sure, etc. Also, move directories to /nix/store/trash instead of renaming them to /nix/store/bla-gc-<pid>. Then we can just delete /nix/store/trash at the end.
2012-11-09 Use vfork() instead of fork() if availableEelco Dolstra1-0/+4
Hopefully this reduces the chance of hitting ‘unable to fork: Cannot allocate memory’ errors. vfork() is used for everything except starting builders.
2012-10-03 Add a ‘--repair’ flag to nix-instantiateEelco Dolstra1-3/+3
This allows repairing corrupted derivations and other source files.
2012-10-03 When repairing a derivation, check and repair the entire output closureEelco Dolstra1-0/+5
If we find a corrupted path in the output closure, we rebuild the derivation that produced that particular path.
2012-10-02 Add a --repair flag to ‘nix-store -r’ to repair derivation outputsEelco Dolstra1-1/+5
With this flag, if any valid derivation output is missing or corrupt, it will be recreated by using a substitute if available, or by rebuilding the derivation. The latter may use hash rewriting if chroots are not available.
2012-10-02 nix-store --verify: Add an option ‘--repair’ to repair all ↵Eelco Dolstra1-3/+4
missing/corrupt paths Also, return a non-zero exit code if errors remain after verifying/repairing.
2012-10-02 Add operation ‘nix-store --repair-path’Eelco Dolstra1-0/+4
This operation allows fixing corrupted or accidentally deleted store paths by redownloading them using substituters, if available. Since the corrupted path cannot be replaced atomically, there is a very small time window (one system call) during which neither the old (corrupted) nor the new (repaired) contents are available. So repairing should be used with some care on critical packages like Glibc.
2012-09-19 Support having /nix/store as a read-only bind mountEelco Dolstra1-0/+2
It turns out that the immutable bit doesn't work all that well. A better way is to make the entire Nix store a read-only bind mount, i.e. by doing $ mount --bind /nix/store /nix/store $ mount -o remount,ro,bind /nix/store (This would typically done in an early boot script, before anything from /nix/store is used.) Since Nix needs to be able to write to the Nix store, it now detects if /nix/store is a read-only bind mount and then makes it writable in a private mount namespace.
2012-09-13 Vacuum the SQLite DB after running the garbage collectorEelco Dolstra1-0/+2
2012-08-27 Merge branch 'master' into no-manifestsEelco Dolstra1-3/+2
2012-08-01 Count bytes freed deleting unused linksEelco Dolstra1-1/+1
2012-08-01 Drop the block count in the garbage collectorEelco Dolstra1-2/+1
2012-08-01 Report substituter errors to clients of the Nix daemonEelco Dolstra1-1/+1
2012-07-30 Refactor settings processingEelco Dolstra1-26/+23
Put all Nix configuration flags in a Settings object.
2012-07-30 Remove unused variablesEelco Dolstra1-3/+0
2012-07-26 Merge branch 'master' into no-manifestsEelco Dolstra1-6/+11
2012-07-23 Garbage collect unused links in /nix/store/.linksEelco Dolstra1-0/+2
Incremental optimisation requires creating links in /nix/store/.links to all files in the store. However, this means that if we delete a store path, no files are actually deleted because links in /nix/store/.links still exists. So we need to check /nix/store/.links for files with a link count of 1 and delete them.
2012-07-23 Automatically optimise the Nix store when a new path is addedEelco Dolstra1-0/+7
Auto-optimisation is enabled by default. It can be turned off by setting auto-optimise-store to false in nix.conf.
2012-07-23 optimiseStore(): Use a content-addressed file store in /nix/store/.linksEelco Dolstra1-1/+1
optimiseStore() now creates persistent, content-addressed hard links in /nix/store/.links. For instance, if it encounters a file P with hash H, it will create a hard link P' = /nix/store/.link/<H> to P if P' doesn't already exist; if P' exist, then P is replaced by a hard link to P'. This is better than the previous in-memory map, because it had the tendency to unnecessarily replace hard links with a hard link to whatever happened to be the first file with a given hash it encountered. It also allows on-the-fly, incremental optimisation.
2012-07-18 Use "#pragma once" to prevent repeated header file inclusionEelco Dolstra1-5/+1
2012-07-18 Merge branch 'master' into no-manifestsEelco Dolstra1-0/+3
2012-07-17 Add function queryPathFromHashPart()Eelco Dolstra1-0/+3
To implement binary caches efficiently, Hydra needs to be able to map the hash part of a store path (e.g. "gbg...zr7") to the full store path (e.g. "/nix/store/gbg...kzr7-subversion-1.7.5"). (The binary cache mechanism uses hash parts as a key for looking up store paths to ensure privacy.) However, doing a search in the Nix store for /nix/store/<hash>* is expensive since it requires reading the entire directory. queryPathFromHashPart() prevents this by doing a cheap database lookup.
2012-07-11 Replace hasSubstitutes() with querySubstitutablePaths()Eelco Dolstra1-3/+1
querySubstitutablePaths() takes a set of paths, so this greatly reduces daemon <-> client latency.
2012-07-11 Add a function queryValidPaths()Eelco Dolstra1-0/+2
queryValidPaths() combines multiple calls to isValidPath() in one. This matters when using the Nix daemon because it reduces latency. For instance, on "nix-env -qas \*" it reduces execution time from 5.7s to 4.7s (which is indistinguishable from the non-daemon case).
2012-07-11 Rename queryValidPaths() to queryAllValidPaths()Eelco Dolstra1-1/+1
2012-07-11 Implement querySubstitutablePathInfos() in the daemonEelco Dolstra1-3/+0
Also removed querySubstitutablePathInfo().