about summary refs log tree commit diff
path: root/src/libstore/remote-store.hh
AgeCommit message (Collapse)AuthorFilesLines
2014-09-01 Add an 'optimiseStore' remote procedure call.Ludovic Courtès1-1/+3
2014-07-23 Remove dead codeEelco Dolstra1-1/+0
2014-02-18 Add a flag ‘--check’ to verify build determinismEelco Dolstra1-1/+1
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.
2012-12-20 nix-store -q --roots: Respect the gc-keep-outputs/gc-keep-derivations settingsEelco Dolstra1-0/+2
So if a path is not garbage solely because it's reachable from a root due to the gc-keep-outputs or gc-keep-derivations settings, ‘nix-store -q --roots’ now shows that root.
2012-11-09 Remove definition of non-existant functionEelco Dolstra1-2/+0
2012-10-03 Add a ‘--repair’ flag to nix-instantiateEelco Dolstra1-2/+2
This allows repairing corrupted derivations and other source files.
2012-10-02 Add a --repair flag to ‘nix-store -r’ to repair derivation outputsEelco Dolstra1-1/+1
With this flag, if any valid derivation output is missing or corrupt, it will be recreated by using a substitute if available, or by rebuilding the derivation. The latter may use hash rewriting if chroots are not available.
2012-07-26 Merge branch 'master' into no-manifestsEelco Dolstra1-5/+1
2012-07-18 Use "#pragma once" to prevent repeated header file inclusionEelco Dolstra1-5/+1
2012-07-18 Merge branch 'master' into no-manifestsEelco Dolstra1-0/+2
2012-07-17 Add function queryPathFromHashPart()Eelco Dolstra1-0/+2
To implement binary caches efficiently, Hydra needs to be able to map the hash part of a store path (e.g. "gbg...zr7") to the full store path (e.g. "/nix/store/gbg...kzr7-subversion-1.7.5"). (The binary cache mechanism uses hash parts as a key for looking up store paths to ensure privacy.) However, doing a search in the Nix store for /nix/store/<hash>* is expensive since it requires reading the entire directory. queryPathFromHashPart() prevents this by doing a cheap database lookup.
2012-07-11 Replace hasSubstitutes() with querySubstitutablePaths()Eelco Dolstra1-1/+1
querySubstitutablePaths() takes a set of paths, so this greatly reduces daemon <-> client latency.
2012-07-11 Add a function queryValidPaths()Eelco Dolstra1-0/+2
queryValidPaths() combines multiple calls to isValidPath() in one. This matters when using the Nix daemon because it reduces latency. For instance, on "nix-env -qas \*" it reduces execution time from 5.7s to 4.7s (which is indistinguishable from the non-daemon case).
2012-07-11 Rename queryValidPaths() to queryAllValidPaths()Eelco Dolstra1-1/+1
2012-07-11 Implement querySubstitutablePathInfos() in the daemonEelco Dolstra1-3/+0
Also removed querySubstitutablePathInfo().
2012-07-06 download-from-binary-cache: parallelise fetching of NAR info filesEelco Dolstra1-0/+3
Getting substitute information using the binary cache substituter has non-trivial latency overhead. A package or NixOS system configuration can have hundreds of dependencies, and in the worst case (when the local info cache is empty) we have to do a separate HTTP request for each of these. If the ping time to the server is t, getting N info files will take tN seconds; e.g., with a ping time of 0.1s to nixos.org, sequentially downloading 1000 info files (a typical NixOS config) will take at least 100 seconds. To fix this problem, the binary cache substituter can now perform requests in parallel. This required changing the substituter interface to support a function querySubstitutablePathInfos() that queries multiple paths at the same time, and rewriting queryMissing() to take advantage of parallelism. (Due to local caching, parallelising queryMissing() is sufficient for most use cases, since it's almost always called before building a derivation and thus fills the local info cache.) For example, parallelism speeds up querying all 1056 paths in a particular NixOS system configuration from 116s to 2.6s. It works so well because the eccentricity of the top-level derivation in the dependency graph is only 9. So we only need 10 round-trips (when using an unlimited number of parallel connections) to get everything. Currently we do a maximum of 150 parallel connections to the server. Thus it's important that the binary cache server (e.g. nixos.org) has a high connection limit. Alternatively we could use HTTP pipelining, but WWW::Curl doesn't support it and libcurl has a hard-coded limit of 5 requests per pipeline.
2012-06-27 nix-store -r: do substitutions in parallelEelco Dolstra1-1/+1
I.e. when multiple non-derivation arguments are passed to ‘nix-store -r’ to be substituted, do them in parallel.
2012-05-29 Reserve some disk space for the garbage collectorEelco Dolstra1-1/+1
We can't open a SQLite database if the disk is full. Since this prevents the garbage collector from running when it's most needed, we reserve some dummy space that we can free just before doing a garbage collection. This actually revives some old code from the Berkeley DB days. Fixes #27.
2011-12-16 * Sync with the trunk.Eelco Dolstra1-1/+1
2011-12-16 * importPath() -> importPaths(). Because of buffering of the inputEelco Dolstra1-1/+1
stream it's now necessary for the daemon to process the entire sequence of exported paths, rather than letting the client do it.
2011-11-06 Include all outputs of derivations in the closure of explicitly-passed ↵Shea Levy1-0/+2
derivation paths This required adding a queryOutputDerivationNames function in the store API
2010-11-16 * Store the size of a store path in the database (to be precise, theEelco Dolstra1-0/+2
size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-05-04 * Allow unprivileged users to do `nix-store --clear-failed-paths' andEelco Dolstra1-0/+4
`nix-store --query-failed-paths'.
2010-02-22 * Get derivation outputs from the database instead of the .drv file,Eelco Dolstra1-0/+2
which requires more I/O.
2008-12-11 * Open the connection to the daemon lazily (on demand) so thatEelco Dolstra1-0/+3
read-only operations (like nix-env -qa) work properly when the daemon isn't running.
2008-12-03 * Pass HashType values instead of strings.Eelco Dolstra1-1/+1
2008-12-03 * Unify the treatment of sources copied to the store, and recursiveEelco Dolstra1-3/+3
SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-08-02 * Make nix-env --dry-run print the paths to be substituted correctlyEelco Dolstra1-2/+3
again. (After the previous substituter mechanism refactoring I didn't update the code that obtains the references of substitutable paths.) This required some refactoring: the substituter programs are now kept running and receive/respond to info requests via stdin/stdout.
2008-06-18 * Some refactoring: put the GC options / results in separate structs.Eelco Dolstra1-2/+1
* The garbage collector now also prints the number of blocks freed.
2008-01-29 * nix-store --dump-db / --load-db to dump/load the Nix DB.Eelco Dolstra1-0/+2
* nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2007-11-16 * Flag `--no-build-hook' to disable distributed builds.Eelco Dolstra1-0/+1
* queryDeriver in daemon mode: don't barf if the other side returns an empty string (which means there is no deriver).
2007-09-18 * Pass various options to the worker so that flags like -K or -j workEelco Dolstra1-0/+2
in multi-user Nix (NIX-72). * Client/worker: exchange a protocol version number for future compatibility.
2007-08-12 * Get rid of the substitutes database table (NIX-47). Instead, if weEelco Dolstra1-4/+4
need any info on substitutable paths, we just call the substituters (such as download-using-manifests.pl) directly. This means that it's no longer necessary for nix-pull to register substitutes or for nix-channel to clear them, which makes those operations much faster (NIX-95). Also, we don't have to worry about keeping nix-pull manifests (in /nix/var/nix/manifests) and the database in sync with each other. The downside is that there is some overhead in calling an external program to get the substitutes info. For instance, "nix-env -qas" takes a bit longer. Abolishing the substitutes table also makes the logic in local-store.cc simpler, as we don't need to store info for invalid paths. On the downside, you cannot do things like "nix-store -qR" on a substitutable but invalid path (but nobody did that anyway). * Never catch interrupts (the Interrupted exception).
2007-06-12 * Support queryDeriver() in multi-user installations.Eelco Dolstra1-0/+2
2007-02-21 * `nix-store --import' now also works in remote mode. The workerEelco Dolstra1-1/+1
always requires a signature on the archive. This is to ensure that unprivileged users cannot add Trojan horses to the Nix store.
2007-02-21 * Support exportPath() in remote mode.Eelco Dolstra1-1/+1
2007-02-21 * `nix-store --import': import an archive created by `nix-storeEelco Dolstra1-0/+2
--export' into the Nix store, and optionally check the cryptographic signatures against /nix/etc/nix/signing-key.pub. (TODO: verify against a set of public keys.)
2007-02-20 * Start of `nix-store --export' operation for serialising a storeEelco Dolstra1-0/+3
path. This is like `nix-store --dump', only it also dumps the meta-information of the store path (references, deriver). Will add a `--sign' flag later to add a cryptographic signature, which we will use for exchanging store paths between build farm machines in a secure manner.
2006-12-12 * New primop builtins.filterSource, which can be used to filter filesEelco Dolstra1-1/+2
from a source directory. All files for which a predicate function returns true are copied to the store. Typical example is to leave out the .svn directory: stdenv.mkDerivation { ... src = builtins.filterSource (path: baseNameOf (toString path) != ".svn") ./source-dir; # as opposed to # src = ./source-dir; } This is important because the .svn directory influences the hash in a rather unpredictable and variable way.
2006-12-05 * Allow unprivileged users to run the garbage collector and to doEelco Dolstra1-0/+3
`nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * `nix-store --delete --ignore-liveness': ignore the runtime roots as well.
2006-12-05 * The determination of the root set should be made by the privilegedEelco Dolstra1-0/+2
process, so forward the operation. * Spam the user about GC misconfigurations (NIX-71). * findRoots: skip all roots that are unreadable - the warnings with which we spam the user should be enough.
2006-12-04 * Add indirect root registration to the protocol so that unprivilegedEelco Dolstra1-0/+2
processes can register indirect roots. Of course, there is still the problem that the garbage collector can only read the targets of the indirect roots when it's running as root...
2006-12-04 * When NIX_REMOTE=daemon, connect to /nix/var/nix/daemon.socketEelco Dolstra1-1/+3
instead of forking a worker.
2006-12-04 * Refactoring.Eelco Dolstra1-0/+2
2006-12-03 * Use a Unix domain socket instead of pipes.Eelco Dolstra1-2/+1
2006-12-03 * Some hackery to propagate the worker's stderr and exceptions to theEelco Dolstra1-0/+2
client.
2006-12-02 * Move addTempRoot() to the store API, and add another functionEelco Dolstra1-0/+4
syncWithGC() to allow clients to register GC roots without needing write access to the global roots directory or the GC lock.
2006-12-01 * Merge addToStore and addToStoreFixed.Eelco Dolstra1-4/+2
* addToStore now adds unconditionally, it doesn't use readOnlyMode. Read-only operation is up to the caller (who can call computeStorePathForPath).
2006-11-30 * More remote operations.Eelco Dolstra1-6/+6
* Added new operation hasSubstitutes(), which is more efficient than querySubstitutes().size() > 0.
2006-11-30 * When NIX_REMOTE is set to "slave", fork off nix-worker in slaveEelco Dolstra1-0/+11
mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure.