about summary refs log tree commit diff
path: root/src/libstore/store-api.hh
AgeCommit message (Collapse)AuthorFilesLines
2016-06-03 Support sandbox builds by non-root usersEelco Dolstra1-0/+5
This allows an unprivileged user to perform builds on a diverted store (i.e. where the physical store location differs from the logical location). Example: $ NIX_LOG_DIR=/tmp/log NIX_REMOTE="local?real=/tmp/store&state=/tmp/var" nix-build -E \ 'with import <nixpkgs> {}; runCommand "foo" { buildInputs = [procps nettools]; } "id; ps; ifconfig; echo $out > $out"' will do a build in the Nix store physically in /tmp/store but logically in /nix/store (and thus using substituters for the latter).
2016-06-02 Make derivationFromPath work on diverted storesEelco Dolstra1-0/+2
2016-06-02 Allow setting the state directory as a store parameterEelco Dolstra1-6/+8
E.g. "local?store=/tmp/store&state=/tmp/var".
2016-06-01 Make the store directory a member variable of StoreEelco Dolstra1-62/+71
2016-05-31 nix-copy-closure / build-remote.pl: Disable signature checkingEelco Dolstra1-3/+3
This restores the Nix 1.11 behaviour.
2016-05-30 Re-implement the WantMassQuery property of binary cachesEelco Dolstra1-0/+2
2016-05-30 Fix repair during substitutionEelco Dolstra1-1/+1
2016-05-04 Add a Store::addToStore() variant that accepts a NAREelco Dolstra1-16/+18
As a side effect, this ensures that signatures are propagated when copying paths between stores. Also refactored import/export to make use of this.
2016-05-04 Remove OpenSSL-based signingEelco Dolstra1-7/+4
2016-05-04 Add a copyStorePath() utility functionEelco Dolstra1-0/+5
2016-04-29 BinaryCacheStore: Make the signing key a parameterEelco Dolstra1-4/+0
2016-04-29 Allow parameters in store URIsEelco Dolstra1-2/+5
This is to allow store-specific configuration, e.g. s3://my-cache?compression=bzip2&secret-key=/path/to/key.
2016-04-29 Eliminate the substituter mechanismEelco Dolstra1-0/+6
Substitution is now simply a Store -> Store copy operation, most typically from BinaryCacheStore to LocalStore.
2016-04-21 Implement S3BinaryCacheStore::queryAllValidPaths()Eelco Dolstra1-3/+8
This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-20 Cache path info lookups in SQLiteEelco Dolstra1-0/+7
This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-19 Move path info caching from BinaryCacheStore to StoreEelco Dolstra1-12/+50
Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-15 BinaryCacheStore::readFile(): Return a shared_ptr to a stringEelco Dolstra1-0/+1
This allows readFile() to indicate that a file doesn't exist, and might eliminate some large string copying.
2016-04-08 Remove failed build cachingEelco Dolstra1-8/+0
This feature was implemented for Hydra, but Hydra no longer uses it.
2016-04-07 nix verify-paths: Add ‘--sigs-needed <N>’ flagEelco Dolstra1-0/+3
This specifies the number of distinct signatures required to consider each path "trusted". Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables verifying whether a path is trusted (since a path can also be trusted if it has no signatures, but was built locally).
2016-04-05 Add "nix copy-sigs" commandEelco Dolstra1-0/+4
This imports signatures from one store into another. E.g. $ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/ imported 595 signatures
2016-03-30 Improve the SQLite wrapper APIEelco Dolstra1-2/+2
In particular, this eliminates a bunch of boilerplate code.
2016-03-24 Move signature support from NarInfo to ValidPathInfoEelco Dolstra1-0/+15
2016-03-22 Don't overload dumpPath()Eelco Dolstra1-2/+2
2016-03-21 Move signatures from NarInfo to ValidPathInfoEelco Dolstra1-0/+7
This allows queryPathInfo() to return signatures.
2016-03-21 Add Store::dumpPath() methodEelco Dolstra1-0/+5
This allows applying nix-store --verify-path to binary cache stores: NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7...
2016-03-14 Fix another mismatched tagEelco Dolstra1-1/+1
http://hydra.nixos.org/build/33279570
2016-03-04 BinaryCacheStore: Remove publicKeyFile argumentEelco Dolstra1-2/+1
The public key can be derived from the secret key, so there's no need for the user to supply it separately.
2016-03-02 Provide function required by HydraEelco Dolstra1-0/+5
2016-03-02 Make store implementations pluggableEelco Dolstra1-0/+17
This for instance allows hydra-queue-runner to add the S3 backend at runtime.
2016-03-02 importPaths(): Optionally add NARs to binary cache accessorEelco Dolstra1-2/+5
This enables an optimisation in hydra-queue-runner, preventing a download of a NAR it just uploaded to the cache when reading files like hydra-build-products.
2016-02-25 Add NAR / Store accessor abstractionEelco Dolstra1-1/+11
This is primary to allow hydra-queue-runner to extract files like "nix-support/hydra-build-products" from NARs in binary caches.
2016-02-24 Eliminate reserveSpace flagEelco Dolstra1-7/+3
2016-02-24 Move BinaryCacheStore / LocalBinaryCacheStore from HydraEelco Dolstra1-2/+22
So you can now do: $ NIX_REMOTE=file:///tmp/binary-cache nix-store -qR /nix/store/...
2016-02-16 Rename ValidPathInfo::hash -> narHash for consistencyEelco Dolstra1-2/+2
2016-02-15 Expose the export magic value and move LocalStore::queryReferences to StoreEelco Dolstra1-6/+9
2016-02-15 Add function to extract hash part of a store pathEelco Dolstra1-0/+6
2016-02-11 Move addPermRoot into StoreEelco Dolstra1-5/+4
2016-02-04 StoreAPI -> StoreEelco Dolstra1-4/+4
Calling a class an API is a bit redundant...
2016-02-04 Eliminate the "store" global variableEelco Dolstra1-18/+36
Also, move a few free-standing functions into StoreAPI and Derivation. Also, introduce a non-nullable smart pointer, ref<T>, which is just a wrapper around std::shared_ptr ensuring that the pointer is never null. (For reference-counted values, this is better than passing a "T&", because the latter doesn't maintain the refcount. Usually, the caller will have a shared_ptr keeping the value alive, but that's not always the case, e.g., when passing a reference to a std::thread via std::bind.)
2016-01-31 Add build mode to compute fixed-output derivation hashesEelco Dolstra1-1/+1
For example, $ nix-build --hash -A nix-repl.src will build the fixed-output derivation nix-repl.src (a fetchFromGitHub call), but instead of *verifying* the hash given in the Nix expression, it prints out the resulting hash, and then moves the result to its content-addressed location in the Nix store. E.g build produced path ‘/nix/store/504a4k6zi69dq0yjc0bm12pa65bccxam-nix-repl-8a2f5f0607540ffe56b56d52db544373e1efb980-src’ with sha256 hash ‘0cjablz01i0g9smnavhf86imwx1f9mnh5flax75i615ml71gsr88’ The goal of this is to make all nix-prefetch-* scripts unnecessary: we can just let Nix run the real thing (i.e., the corresponding fetch* derivation). Another example: $ nix-build --hash -E 'with import <nixpkgs> {}; fetchgit { url = "https://github.com/NixOS/nix.git"; sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffff"; }' ... git revision is 9e7c1a4bbdbe6129dd9dc385776612c307d3d1bb ... build produced path ‘/nix/store/gmsnh9i7x4mb7pyd2ns7n3c9l90jfsi1-nix’ with sha256 hash ‘1188xb621diw89n25rifqg9lxnzpz7nj5bfh4i1y3dnis0dmc0zp’ (Having to specify a fake sha256 hash is a bit annoying...)
2015-11-09 Add option to verify build determinismEelco Dolstra1-3/+11
Passing "--option build-repeat <N>" will cause every build to be repeated N times. If the build output differs between any round, the build is rejected, and the output paths are not registered as valid. This is primarily useful to verify build determinism. (We already had a --check option to repeat a previously succeeded build. However, with --check, non-deterministic builds are registered in the DB. Preventing that is useful for Hydra to ensure that non-deterministic builds don't end up getting published at all.)
2015-10-06 nix-store --serve: Implement log size limitEelco Dolstra1-1/+2
2015-08-21 nix-collect-garbage: Revive --max-freedEelco Dolstra1-5/+4
Fixes #609.
2015-07-20 Provide more detailed info about build status to hydra-queue-runnerEelco Dolstra1-4/+14
In particular, hydra-queue-runner can now distinguish between remote build / substitution / already-valid. For instance, if a path already existed on the remote side, we don't want to store a log file.
2015-07-17 Allow remote builds without sending the derivation closureEelco Dolstra1-0/+22
Previously, to build a derivation remotely, we had to copy the entire closure of the .drv file to the remote machine, even though we only need the top-level derivation. This is very wasteful: the closure can contain thousands of store paths, and in some Hydra use cases, include source paths that are very large (e.g. Git/Mercurial checkouts). So now there is a new operation, StoreAPI::buildDerivation(), that performs a build from an in-memory representation of a derivation (BasicDerivation) rather than from a on-disk .drv file. The only files that need to be in the Nix store are the sources of the derivation (drv.inputSrcs), and the needed output paths of the dependencies (as described by drv.inputDrvs). "nix-store --serve" exposes this interface. Note that this is a privileged operation, because you can construct a derivation that builds any store path whatsoever. Fixing this will require changing the hashing scheme (i.e., the output paths should be computed from the other fields in BasicDerivation, allowing them to be verified without access to other derivations). However, this would be quite nice because it would allow .drv-free building (e.g. "nix-env -i" wouldn't have to write any .drv files to disk). Fixes #173.
2015-06-02 Add a ‘verifyStore’ RPCLudovic Courtès1-0/+4
Hello! The patch below adds a ‘verifyStore’ RPC with the same signature as the current LocalStore::verifyStore method. Thanks, Ludo’. >From aef46c03ca77eb6344f4892672eb6d9d06432041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> Date: Mon, 1 Jun 2015 23:17:10 +0200 Subject: [PATCH] Add a 'verifyStore' remote procedure call.
2015-03-25 addToStore(): Take explicit name argumentEelco Dolstra1-10/+10
2014-09-01 Add an 'optimiseStore' remote procedure call.Ludovic Courtès1-0/+4
2014-03-30 boost::shared_ptr -> std::shared_ptrEelco Dolstra1-4/+3
2014-02-18 Add a flag ‘--check’ to verify build determinismEelco Dolstra1-1/+4
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.