about summary refs log tree commit diff
path: root/src/libstore
AgeCommit message (Collapse)AuthorFilesLines
2014-10-29 Remove comments claiming we use a private PID namespaceEelco Dolstra1-8/+1
This is no longer the case since 524f89f1399724e596f61faba2c6861b1bb7b9c5.
2014-10-14 Improved error message when encountering unsupported file typesEelco Dolstra1-3/+3
Fixes #269.
2014-10-03 Remove some duplicate codeEelco Dolstra1-6/+2
2014-09-18 Update spec fileEelco Dolstra1-1/+1
http://hydra.nixos.org/build/14344391
2014-09-18 Install some pkgconfig filesEelco Dolstra2-0/+11
2014-09-17 On Linux, disable address space randomizationEelco Dolstra1-5/+9
2014-09-17 Settings: Add bool get()Eelco Dolstra3-2/+12
2014-09-01 Add an 'optimiseStore' remote procedure call.Ludovic Courtès6-1/+34
2014-08-28 Add disallowedReferences / disallowedRequisitesEelco Dolstra1-26/+29
For the "stdenv accidentally referring to bootstrap-tools", it seems easier to specify the path that we don't want to depend on, e.g. disallowedRequisites = [ bootstrapTools ];
2014-08-28 Introduce allowedRequisites featureGergely Risko1-1/+18
2014-08-21 fix disappearing bash argumentsJoel Taylor1-2/+7
2014-08-21 Use unshare() instead of clone()Eelco Dolstra1-55/+35
It turns out that using clone() to start a child process is unsafe in a multithreaded program. It can cause the initialisation of a build child process to hang in setgroups(), as seen several times in the build farm: The reason is that Glibc thinks that the other threads of the parent exist in the child, so in setxid_mark_thread() it tries to get a futex that has been acquired by another thread just before the clone(). With fork(), Glibc runs pthread_atfork() handlers that take care of this (in particular, __reclaim_stacks()). But clone() doesn't do that. Fortunately, we can use fork()+unshare() instead of clone() to set up private namespaces. See also https://www.mail-archive.com/lxc-devel@lists.linuxcontainers.org/msg03434.html.
2014-08-20 Use proper quotes everywhereEelco Dolstra11-234/+234
2014-08-20 Add some colorEelco Dolstra1-37/+1
2014-08-20 Filter Nix-specific ANSI escape sequences from stderrEelco Dolstra1-1/+37
The Nixpkgs stdenv prints some custom escape sequences to denote nesting and stuff like that. Most terminals (e.g. xterm, konsole) ignore them, but some do not (e.g. xfce4-terminal). So for the benefit of the latter, filter them out.
2014-08-19 Make hook shutdown more reliableEelco Dolstra1-1/+1
2014-08-18 DohEelco Dolstra1-4/+1
2014-08-17 Reduce verbosityEelco Dolstra1-1/+2
2014-08-17 Propagate remote timeouts properlyEelco Dolstra1-21/+33
2014-08-13 Use regular file GC roots if possibleEelco Dolstra1-1/+4
This makes hydra-eval-jobs create roots as regular files. See 1c208f2b7ef8ffb5e6d435d703dad83223a67bd6.
2014-08-05 Remove unnecessary call to addTempRoot()Eelco Dolstra1-1/+0
2014-08-05 DohEelco Dolstra1-9/+0
2014-08-04 Move some options out of globalsEelco Dolstra2-5/+11
2014-08-04 RefactorEelco Dolstra3-43/+43
2014-08-04 Add option ‘build-extra-chroot-dirs’Eelco Dolstra4-13/+9
This is useful for extending (rather than overriding) the default set of chroot paths.
2014-08-04 Get rid of "killing <pid>" message for unused build hooksEelco Dolstra1-1/+1
2014-08-04 Make chroot builds easier to set upEelco Dolstra1-0/+3
By default, we now include /bin/sh as a bind-mount of bash.
2014-08-01 Remove ugly hack for detecting build environment setup errorsEelco Dolstra1-13/+10
2014-08-01 Call commonChildInit() before doing chroot initEelco Dolstra1-4/+6
This ensures that daemon clients see error messages from the chroot setup.
2014-08-01 findRoots(): Prevent a call to lstat()Eelco Dolstra1-9/+14
This means that getting the roots from /nix/var/nix/.../hydra-roots doesn't need any I/O other than reading the directory.
2014-08-01 Make readDirectory() return inode / file typeEelco Dolstra2-19/+15
2014-08-01 Allow regular files as GC rootsEelco Dolstra1-0/+6
If a root is a regular file, then its name must denote a store path. For instance, the existence of the file /nix/var/nix/gcroots/per-user/eelco/hydra-roots/wzc3cy1wwwd6d0dgxpa77ijr1yp50s6v-libxml2-2.7.7 would cause /nix/store/wzc3cy1wwwd6d0dgxpa77ijr1yp50s6v-libxml2-2.7.7 to be a root. This is useful because it involves less I/O (no need for a readlink() call) and takes up less disk space (the symlink target typically takes up a full disk block, while directory entries are packed more efficiently). This is particularly important for hydra.nixos.org, which has hundreds of thousands of roots, and where reading the roots can take 25 minutes.
2014-07-31 Restore default SIGPIPE handler before invoking ‘man’Eelco Dolstra1-12/+0
Fixes NixOS/nixpkgs#3410.
2014-07-25 nix-daemon: Pass on the user's $SSH_AUTH_SOCK to the SSH substituterEelco Dolstra3-0/+12
2014-07-25 Change the default for use-ssh-substituter to ‘true’Eelco Dolstra1-2/+2
Now you only have to pass ‘--option ssh-substituter-hosts nix-ssh@bla’ to enable SSH substitution.
2014-07-24 Remove some dead codeEelco Dolstra1-1/+0
2014-07-23 Remove dead codeEelco Dolstra2-3/+0
2014-07-19 Revert old useBuildHook behaviourEelco Dolstra2-2/+2
2014-07-17 nix-daemon: Add trusted-users and allowed-users optionsEelco Dolstra2-0/+13
‘trusted-users’ is a list of users and groups that have elevated rights, such as the ability to specify binary caches. It defaults to ‘root’. A typical value would be ‘@wheel’ to specify all users in the wheel group. ‘allowed-users’ is a list of users and groups that are allowed to connect to the daemon. It defaults to ‘*’. A typical value would be ‘@users’ to specify the ‘users’ group.
2014-07-16 Handle case collisions on case-insensitive systemsEelco Dolstra1-0/+2
When running NixOps under Mac OS X, we need to be able to import store paths built on Linux into the local Nix store. However, HFS+ is usually case-insensitive, so if there are directories with file names that differ only in case, then importing will fail. The solution is to add a suffix ("~nix~case~hack~<integer>") to colliding files. For instance, if we have a directory containing xt_CONNMARK.h and xt_connmark.h, then the latter will be renamed to "xt_connmark.h~nix~case~hack~1". If a store path is dumped as a NAR, the suffixes are removed. Thus, importing and exporting via a case-insensitive Nix store is round-tripping. So when NixOps calls nix-copy-closure to copy the path to a Linux machine, you get the original file names back. Closes #119.
2014-07-14 build-remote.pl: Fix building multiple output derivationsEelco Dolstra1-1/+0
We were importing paths without sorting them topologically, leading to "path is not valid" errors. See e.g. http://hydra.nixos.org/build/12451761
2014-07-11 build-remote.pl: Use ‘nix-store --serve’ on the remote sideEelco Dolstra1-0/+1
This makes things more efficient (we don't need to use an SSH master connection, and we only start a single remote process) and gets rid of locking issues (the remote nix-store process will keep inputs and outputs locked as long as they're needed). It also makes it more or less secure to connect directly to the root account on the build machine, using a forced command (e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix daemon and is therefore more efficient. Also, don't call nix-store to import the output paths.
2014-07-11 Allow $NIX_BUILD_HOOK to be relative to Nix libexec directoryEelco Dolstra2-3/+5
2014-07-10 Replace message "importing path <...>" with "exporting path <...>"Eelco Dolstra1-2/+2
This causes nix-copy-closure to show what it's doing before rather than after.
2014-07-10 Remove tabsEelco Dolstra1-3/+3
2014-07-10 Refactoring: Move all fork handling into a higher-order functionEelco Dolstra2-75/+33
C++11 lambdas ftw.
2014-07-10 Remove maybeVforkEelco Dolstra2-3/+3
2014-06-27 allow-arbitrary-code-during-evaluation -> ↵Eelco Dolstra1-1/+1
allow-unsafe-native-code-during-evaluation
2014-06-24 Only add the importNative primop if the ↵Shea Levy2-0/+5
allow-arbitrary-code-during-evaluation option is true (default false)
2014-06-10 Report daemon OOM betterEelco Dolstra1-5/+17
When copying a large path causes the daemon to run out of memory, you now get: error: Nix daemon out of memory instead of: error: writing to file: Broken pipe