about summary refs log tree commit diff
path: root/src/libstore/store-api.hh
AgeCommit message (Collapse)AuthorFilesLines
2016-02-15 Add function to extract hash part of a store pathEelco Dolstra1-0/+6
2016-02-11 Move addPermRoot into StoreEelco Dolstra1-5/+4
2016-02-04 StoreAPI -> StoreEelco Dolstra1-4/+4
Calling a class an API is a bit redundant...
2016-02-04 Eliminate the "store" global variableEelco Dolstra1-18/+36
Also, move a few free-standing functions into StoreAPI and Derivation. Also, introduce a non-nullable smart pointer, ref<T>, which is just a wrapper around std::shared_ptr ensuring that the pointer is never null. (For reference-counted values, this is better than passing a "T&", because the latter doesn't maintain the refcount. Usually, the caller will have a shared_ptr keeping the value alive, but that's not always the case, e.g., when passing a reference to a std::thread via std::bind.)
2016-01-31 Add build mode to compute fixed-output derivation hashesEelco Dolstra1-1/+1
For example, $ nix-build --hash -A nix-repl.src will build the fixed-output derivation nix-repl.src (a fetchFromGitHub call), but instead of *verifying* the hash given in the Nix expression, it prints out the resulting hash, and then moves the result to its content-addressed location in the Nix store. E.g build produced path ‘/nix/store/504a4k6zi69dq0yjc0bm12pa65bccxam-nix-repl-8a2f5f0607540ffe56b56d52db544373e1efb980-src’ with sha256 hash ‘0cjablz01i0g9smnavhf86imwx1f9mnh5flax75i615ml71gsr88’ The goal of this is to make all nix-prefetch-* scripts unnecessary: we can just let Nix run the real thing (i.e., the corresponding fetch* derivation). Another example: $ nix-build --hash -E 'with import <nixpkgs> {}; fetchgit { url = "https://github.com/NixOS/nix.git"; sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffff"; }' ... git revision is 9e7c1a4bbdbe6129dd9dc385776612c307d3d1bb ... build produced path ‘/nix/store/gmsnh9i7x4mb7pyd2ns7n3c9l90jfsi1-nix’ with sha256 hash ‘1188xb621diw89n25rifqg9lxnzpz7nj5bfh4i1y3dnis0dmc0zp’ (Having to specify a fake sha256 hash is a bit annoying...)
2015-11-09 Add option to verify build determinismEelco Dolstra1-3/+11
Passing "--option build-repeat <N>" will cause every build to be repeated N times. If the build output differs between any round, the build is rejected, and the output paths are not registered as valid. This is primarily useful to verify build determinism. (We already had a --check option to repeat a previously succeeded build. However, with --check, non-deterministic builds are registered in the DB. Preventing that is useful for Hydra to ensure that non-deterministic builds don't end up getting published at all.)
2015-10-06 nix-store --serve: Implement log size limitEelco Dolstra1-1/+2
2015-08-21 nix-collect-garbage: Revive --max-freedEelco Dolstra1-5/+4
Fixes #609.
2015-07-20 Provide more detailed info about build status to hydra-queue-runnerEelco Dolstra1-4/+14
In particular, hydra-queue-runner can now distinguish between remote build / substitution / already-valid. For instance, if a path already existed on the remote side, we don't want to store a log file.
2015-07-17 Allow remote builds without sending the derivation closureEelco Dolstra1-0/+22
Previously, to build a derivation remotely, we had to copy the entire closure of the .drv file to the remote machine, even though we only need the top-level derivation. This is very wasteful: the closure can contain thousands of store paths, and in some Hydra use cases, include source paths that are very large (e.g. Git/Mercurial checkouts). So now there is a new operation, StoreAPI::buildDerivation(), that performs a build from an in-memory representation of a derivation (BasicDerivation) rather than from a on-disk .drv file. The only files that need to be in the Nix store are the sources of the derivation (drv.inputSrcs), and the needed output paths of the dependencies (as described by drv.inputDrvs). "nix-store --serve" exposes this interface. Note that this is a privileged operation, because you can construct a derivation that builds any store path whatsoever. Fixing this will require changing the hashing scheme (i.e., the output paths should be computed from the other fields in BasicDerivation, allowing them to be verified without access to other derivations). However, this would be quite nice because it would allow .drv-free building (e.g. "nix-env -i" wouldn't have to write any .drv files to disk). Fixes #173.
2015-06-02 Add a ‘verifyStore’ RPCLudovic Courtès1-0/+4
Hello! The patch below adds a ‘verifyStore’ RPC with the same signature as the current LocalStore::verifyStore method. Thanks, Ludo’. >From aef46c03ca77eb6344f4892672eb6d9d06432041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> Date: Mon, 1 Jun 2015 23:17:10 +0200 Subject: [PATCH] Add a 'verifyStore' remote procedure call.
2015-03-25 addToStore(): Take explicit name argumentEelco Dolstra1-10/+10
2014-09-01 Add an 'optimiseStore' remote procedure call.Ludovic Courtès1-0/+4
2014-03-30 boost::shared_ptr -> std::shared_ptrEelco Dolstra1-4/+3
2014-02-18 Add a flag ‘--check’ to verify build determinismEelco Dolstra1-1/+4
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.
2013-05-23 nix-store --export: Export paths in topologically sorted orderEelco Dolstra1-1/+1
Fixes #118.
2012-12-20 nix-store -q --roots: Respect the gc-keep-outputs/gc-keep-derivations settingsEelco Dolstra1-0/+6
So if a path is not garbage solely because it's reachable from a root due to the gc-keep-outputs or gc-keep-derivations settings, ‘nix-store -q --roots’ now shows that root.
2012-10-03 Add a ‘--repair’ flag to nix-instantiateEelco Dolstra1-2/+2
This allows repairing corrupted derivations and other source files.
2012-10-02 Add a --repair flag to ‘nix-store -r’ to repair derivation outputsEelco Dolstra1-1/+1
With this flag, if any valid derivation output is missing or corrupt, it will be recreated by using a substitute if available, or by rebuilding the derivation. The latter may use hash rewriting if chroots are not available.
2012-08-27 Merge branch 'master' into no-manifestsEelco Dolstra1-6/+1
2012-08-01 Drop the block count in the garbage collectorEelco Dolstra1-4/+0
2012-08-01 nix-store --gc: Make ‘--max-freed 0’ do the right thingEelco Dolstra1-2/+1
That is, delete almost nothing (it will still remove unused links from /nix/store/.links).
2012-07-26 Merge branch 'master' into no-manifestsEelco Dolstra1-5/+1
2012-07-18 Use "#pragma once" to prevent repeated header file inclusionEelco Dolstra1-5/+1
2012-07-18 Merge branch 'master' into no-manifestsEelco Dolstra1-0/+4
2012-07-17 Add function queryPathFromHashPart()Eelco Dolstra1-0/+4
To implement binary caches efficiently, Hydra needs to be able to map the hash part of a store path (e.g. "gbg...zr7") to the full store path (e.g. "/nix/store/gbg...kzr7-subversion-1.7.5"). (The binary cache mechanism uses hash parts as a key for looking up store paths to ensure privacy.) However, doing a search in the Nix store for /nix/store/<hash>* is expensive since it requires reading the entire directory. queryPathFromHashPart() prevents this by doing a cheap database lookup.
2012-07-11 Replace hasSubstitutes() with querySubstitutablePaths()Eelco Dolstra1-2/+2
querySubstitutablePaths() takes a set of paths, so this greatly reduces daemon <-> client latency.
2012-07-11 Add a function queryValidPaths()Eelco Dolstra1-0/+3
queryValidPaths() combines multiple calls to isValidPath() in one. This matters when using the Nix daemon because it reduces latency. For instance, on "nix-env -qas \*" it reduces execution time from 5.7s to 4.7s (which is indistinguishable from the non-daemon case).
2012-07-11 Rename queryValidPaths() to queryAllValidPaths()Eelco Dolstra1-6/+6
2012-07-11 Implement querySubstitutablePathInfos() in the daemonEelco Dolstra1-5/+3
Also removed querySubstitutablePathInfo().
2012-07-06 download-from-binary-cache: parallelise fetching of NAR info filesEelco Dolstra1-0/+5
Getting substitute information using the binary cache substituter has non-trivial latency overhead. A package or NixOS system configuration can have hundreds of dependencies, and in the worst case (when the local info cache is empty) we have to do a separate HTTP request for each of these. If the ping time to the server is t, getting N info files will take tN seconds; e.g., with a ping time of 0.1s to nixos.org, sequentially downloading 1000 info files (a typical NixOS config) will take at least 100 seconds. To fix this problem, the binary cache substituter can now perform requests in parallel. This required changing the substituter interface to support a function querySubstitutablePathInfos() that queries multiple paths at the same time, and rewriting queryMissing() to take advantage of parallelism. (Due to local caching, parallelising queryMissing() is sufficient for most use cases, since it's almost always called before building a derivation and thus fills the local info cache.) For example, parallelism speeds up querying all 1056 paths in a particular NixOS system configuration from 116s to 2.6s. It works so well because the eccentricity of the top-level derivation in the dependency graph is only 9. So we only need 10 round-trips (when using an unlimited number of parallel connections) to get everything. Currently we do a maximum of 150 parallel connections to the server. Thus it's important that the binary cache server (e.g. nixos.org) has a high connection limit. Alternatively we could use HTTP pipelining, but WWW::Curl doesn't support it and libcurl has a hard-coded limit of 5 requests per pipeline.
2012-06-27 nix-store -r: do substitutions in parallelEelco Dolstra1-3/+5
I.e. when multiple non-derivation arguments are passed to ‘nix-store -r’ to be substituted, do them in parallel.
2012-05-29 Reserve some disk space for the garbage collectorEelco Dolstra1-1/+1
We can't open a SQLite database if the disk is full. Since this prevents the garbage collector from running when it's most needed, we reserve some dummy space that we can free just before doing a garbage collection. This actually revives some old code from the Berkeley DB days. Fixes #27.
2012-03-26 Remove the --max-links GC optionEelco Dolstra1-4/+0
We don't need this anymore now that current filesystems support more than 32,000 files in a directory.
2011-12-30 * Reject a build if there is a cycle among the outputs. This isEelco Dolstra1-0/+4
necessary because existing code assumes that the references graph is acyclic.
2011-12-16 * Sync with the trunk.Eelco Dolstra1-6/+10
2011-12-16 * importPath() -> importPaths(). Because of buffering of the inputEelco Dolstra1-3/+3
stream it's now necessary for the daemon to process the entire sequence of exported paths, rather than letting the client do it.
2011-12-01 * When doing "nix-store --add-fixed" without "--recursive" via the NixEelco Dolstra1-3/+1
daemon (which is an error), print a nicer error message than "Connection reset by peer" or "broken pipe". * In the daemon, log errors that occur during request parameter processing.
2011-11-23 * Add an API function exportPaths() that provides the functionality ofEelco Dolstra1-0/+6
‘nix-store --export’. * Add a Perl module that provides the functionality of ‘nix-copy-closure --to’. This is used by build-remote.pl so it no longer needs to start a separate nix-copy-closure process. Also, it uses the Perl API to do the export, so it doesn't need to start a separate nix-store process either. As a result, nix-copy-closure and build-remote.pl should no longer fail on very large closures due to an "Argument list too long" error. (Note that having very many dependencies in a single derivation can still fail because the environment can become too large. Can't be helped though.)
2011-11-06 Include all outputs of derivations in the closure of explicitly-passed ↵Shea Levy1-0/+3
derivation paths This required adding a queryOutputDerivationNames function in the store API
2011-08-31 * Eliminate all uses of the global variable ‘store’ from libstore.Eelco Dolstra1-3/+3
This should also fix: nix-instantiate: ./../boost/shared_ptr.hpp:254: T* boost::shared_ptr<T>::operator->() const [with T = nix::StoreAPI]: Assertion `px != 0' failed. which was caused by hashDerivationModulo() calling the ‘store’ object (during store upgrades) before openStore() assigned it.
2011-07-20 * Fix a huuuuge security hole in the Nix daemon. It didn't check thatEelco Dolstra1-0/+6
derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2010-11-17 * Before a build, show the disk space that the downloaded store pathsEelco Dolstra1-0/+1
will approximately require.
2010-11-16 * Store the size of a store path in the database (to be precise, theEelco Dolstra1-16/+24
size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-11-16 * Sync with the trunk.Eelco Dolstra1-3/+3
2010-10-04 * Make sure that config.h is included before the system headers,Eelco Dolstra1-3/+3
because it defines _FILE_OFFSET_BITS. Without this, on OpenSolaris the system headers define it to be 32, and then the 32-bit stat() ends up being called with a 64-bit "struct stat", or vice versa. This also ensures that we get 64-bit file sizes everywhere. * Remove the redundant call to stat() in parseExprFromFile(). The file cannot be a symlink because that's the exit condition of the loop before.
2010-06-21 * Sync with the trunk.Eelco Dolstra1-2/+0
2010-06-01 * Turn build errors during evaluation into EvalErrors.Eelco Dolstra1-2/+0
2010-05-04 * Allow unprivileged users to do `nix-store --clear-failed-paths' andEelco Dolstra1-0/+7
`nix-store --query-failed-paths'.
2010-03-04 * Remove some unused functions.Eelco Dolstra1-18/+0