about summary refs log tree commit diff
path: root/src/libstore
AgeCommit message (Collapse)AuthorFilesLines
2017-01-26 Moving more code out of DerivationGoal::startBuilder()Eelco Dolstra1-100/+111
2017-01-26 On HTTP errors, also show the curl errorEelco Dolstra1-1/+1
This is a hopefully temporary measure to diagnose the intermittent "HTTP error 200" failures.
2017-01-26 Move exportReferencesGraph into a separate methodEelco Dolstra1-44/+55
startBuilder() is getting rather obese.
2017-01-24 Enable verbose curl outputEelco Dolstra1-1/+14
Closes #1182.
2017-01-19 Merge pull request #981 from shlevy/build-remote-c++Eelco Dolstra5-3/+39
build-remote: Implement in C++
2017-01-19 Kill builds when we get EOF on the log FDEelco Dolstra1-11/+10
This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 Use std::unique_ptr for HookInstanceEelco Dolstra1-5/+4
2017-01-17 Handle SIGINT etc. via a sigwait() signal handler threadEelco Dolstra1-5/+15
This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-16 AutoCloseDir: Use std::unique_ptrEelco Dolstra2-12/+12
2017-01-16 AutoDeleteArray -> std::unique_ptrEelco Dolstra1-3/+2
Also, switch to C++14 for std::make_unique.
2017-01-09 Merge pull request #1139 from Mic92/masterEelco Dolstra1-6/+2
Simplify remouting with MS_PRIVATE in sandbox build
2017-01-02 Provide /var/run/nscd/socket in the sandboxEelco Dolstra1-0/+1
Otherwise sandbox builds can fail, e.g. $ NIX_REMOTE=local?root=/tmp/nix nix-build '<nixpkgs>' -A hello --option build-use-substitutes false ... downloading ‘http://ftpmirror.gnu.org/bash/bash-4.3-patches/bash43-047’... error: unable to download ‘http://ftpmirror.gnu.org/bash/bash-4.3-patches/bash43-047’: Couldn't resolve host name (6)
2016-12-22 Call Aws::InitAPIEelco Dolstra1-1/+17
This is required now.
2016-12-22 Add commentEelco Dolstra1-1/+2
2016-12-19 Revert "Merge branch 'seccomp' of https://github.com/aszlig/nix"Eelco Dolstra2-69/+29
This reverts commit 9f3f2e21edb17dbcd674539dff96efb6cceca10c, reversing changes made to 47f587700d646f5b03a42f2fa57c28875a31efbe.
2016-12-19 Revert "Give root a valid home directory"Eelco Dolstra1-3/+3
This reverts commit ec7d498b72b0e283814c27cbc6c064496f95445d.
2016-12-15 Give root a valid home directoryEelco Dolstra1-3/+3
Some programs barf if the current user has a non-writable home directory, e.g. http://hydra.nixos.org/build/44818144.
2016-12-15 Merge branch 'seccomp' of https://github.com/aszlig/nixEelco Dolstra2-29/+69
2016-12-09 Probably fix a segfault in PathLocksEelco Dolstra1-37/+50
2016-12-08 Don't delete .check directories of running buildsEelco Dolstra2-2/+7
We need to keep them around for diffoscope.
2016-12-08 Fix warning on 32-bit systemsEelco Dolstra1-1/+2
http://hydra.nixos.org/build/44628517
2016-12-08 Fix buildEelco Dolstra1-2/+2
http://hydra.nixos.org/build/44628517
2016-12-08 S3BinaryCacheStore: Ensure it only builds on LinuxEelco Dolstra1-0/+2
2016-12-08 Fix S3BinaryCacheStoreEelco Dolstra2-1/+10
It failed with AWS error uploading ‘6gaxphsyhg66mz0a00qghf9nqf7majs2.ls.xz’: Unable to parse ExceptionName: MissingContentLength Message: You must provide the Content-Length HTTP header. possibly because the istringstream_nocopy introduced in 0d2ebb4373e509521f27a6e8f16bfd39d05b2188 doesn't supply the seek method that the AWS library expects. So bring back the old version, but only for S3BinaryCacheStore.
2016-12-07 Add a hook to run diffoscope when non-determinism is detectedEelco Dolstra1-7/+32
2016-12-07 Keep track of the exact build start/stop timesEelco Dolstra2-1/+7
2016-12-07 Bail out early when non-determinism is detectedEelco Dolstra1-0/+1
2016-12-07 Add an option to make non-determinism non-fatalEelco Dolstra2-11/+24
That is, when build-repeat > 0, and the output of two rounds differ, then print a warning rather than fail the build. This is primarily to let Hydra check reproducibility of all packages.
2016-12-06 Use a steady clock for timeoutsEelco Dolstra1-22/+28
Fixes #1146.
2016-12-06 nix-store --serve: Suppress log output on stderr when repeating a buildEelco Dolstra2-1/+7
2016-11-26 Revert "Get rid of unicode quotes (#1140)"Eelco Dolstra28-314/+314
This reverts commit f78126bfd6b6c8477fcdbc09b2f98772dbe9a1e7. There really is no need for such a massive change...
2016-11-25 Get rid of unicode quotes (#1140)Guillaume Maudoux28-314/+314
2016-11-25 Simplify remouting with MS_PRIVATE in sandbox buildJörg Thalheim1-6/+2
also fix race condition if mounts are added after mountinfo is read.
2016-11-17 Update darwin build for optional sandbox pathsShea Levy1-3/+6
Fixes #1132
2016-11-16 seccomp: Forge return values for *chown32aszlig1-0/+4
These syscalls are only available in 32bit architectures, but libseccomp should handle them correctly even if we're on native architectures that do not have these syscalls. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 seccomp: Forge return codes for POSIX ACL syscallsaszlig1-0/+4
Commands such as "cp -p" also use fsetxattr() in addition to fchown(), so we need to make sure these syscalls always return successful as well in order to avoid nasty "Invalid value" errors. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 libstore/build: Forge chown() to return successaszlig1-0/+41
What we basically want is a seccomp mode 2 BPF program like this but for every architecture: BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_chown, 4, 0), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_fchown, 3, 0), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_fchownat, 2, 0), BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_lchown, 1, 0), BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO) However, on 32 bit architectures we do have chown32, lchown32 and fchown32, so we'd need to add all the architecture blurb which libseccomp handles for us. So we only need to make sure that we add the 32bit seccomp arch while we're on x86_64 and otherwise we just stay at the native architecture which was set during seccomp_init(), which more or less replicates setting 32bit personality during runChild(). The FORCE_SUCCESS() macro here could be a bit less ugly but I think repeating the seccomp_rule_add() all over the place is way uglier. Another way would have been to create a vector of syscalls to iterate over, but that would make error messages uglier because we can either only print the (libseccomp-internal) syscall number or use seccomp_syscall_resolve_num_arch() to get the name or even make the vector a pair number/name, essentially duplicating everything again. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 Add build dependency for libseccompaszlig1-0/+4
We're going to use libseccomp instead of creating the raw BPF program, because we have different syscall numbers on different architectures. Although our initial seccomp rules will be quite small it really doesn't make sense to generate the raw BPF program because we need to duplicate it and/or make branches on every single architecture we want to suuport. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 Run builds as root in user namespace againaszlig1-29/+16
This reverts commit ff0c0b645cc1448959126185bb2fafe41cf0bddf. We're going to use seccomp to allow "cp -p" and force chown-related syscalls to always return 0. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 S3BinaryCacheStore:: Eliminate a string copy while uploadingEelco Dolstra2-2/+2
This cuts hydra-queue-runner's peak memory usage by about a third.
2016-11-14 buildPaths(): Handle ecIncompleteClosureEelco Dolstra1-1/+1
buildPaths() on a non-derivation would incorrectly not throw an error if the path didn't have a substitute.
2016-11-14 Don't rely on %mEelco Dolstra1-1/+2
2016-11-14 daemon: Do not error out when deduplication fails due to ENOSPC.Ludovic Courtès1-5/+19
This solves a problem whereby if /gnu/store/.links had enough entries, ext4's directory index would be full, leading to link(2) returning ENOSPC. * nix/libstore/optimise-store.cc (LocalStore::optimisePath_): Upon ENOSPC from link(2), print a message and return instead of throwing a 'SysError'.
2016-11-10 Store::computeFSClosure(): Support a set of pathsEelco Dolstra3-7/+18
This way, callers can exploits the parallelism of computeFSClosure() when they have multiple paths that they need the (combined) closure of.
2016-11-10 build-remote: Implement in C++Shea Levy5-3/+39
2016-11-09 copyClosure() / copyStorePath(): Expose dontCheckSigsEelco Dolstra2-6/+6
Needed by Hydra.
2016-11-09 Merge branch 'ssh-store' of https://github.com/shlevy/nixEelco Dolstra10-86/+355
2016-11-09 Implement backwards-compatible RemoteStore::addToStore()Eelco Dolstra1-1/+22
The SSHStore PR adds this functionality to the daemon, but we have to handle the case where the Nix daemon is 1.11. Also, don't require signatures for trusted users. This restores 1.11 behaviour. Fixes https://github.com/NixOS/hydra/issues/398.
2016-11-08 TypoEelco Dolstra1-1/+1
2016-10-31 Support optional sandbox pathsEelco Dolstra1-9/+26
For example, you can now set build-sandbox-paths = /dev/nvidiactl? to specify that /dev/nvidiactl should only be mounted in the sandbox if it exists in the host filesystem. This is useful e.g. for EC2 images that should support both CUDA and non-CUDA instances.