about summary refs log tree commit diff
path: root/src/libstore
AgeCommit message (Collapse)AuthorFilesLines
2016-02-11 Move addPermRoot into StoreEelco Dolstra3-10/+9
2016-02-11 ref<T>: Add cast operatorEelco Dolstra1-2/+2
2016-02-04 StoreAPI -> StoreEelco Dolstra12-27/+27
Calling a class an API is a bit redundant...
2016-02-04 Eliminate the "store" global variableEelco Dolstra14-251/+238
Also, move a few free-standing functions into StoreAPI and Derivation. Also, introduce a non-nullable smart pointer, ref<T>, which is just a wrapper around std::shared_ptr ensuring that the pointer is never null. (For reference-counted values, this is better than passing a "T&", because the latter doesn't maintain the refcount. Usually, the caller will have a shared_ptr keeping the value alive, but that's not always the case, e.g., when passing a reference to a std::thread via std::bind.)
2016-01-31 Add build mode to compute fixed-output derivation hashesEelco Dolstra2-7/+33
For example, $ nix-build --hash -A nix-repl.src will build the fixed-output derivation nix-repl.src (a fetchFromGitHub call), but instead of *verifying* the hash given in the Nix expression, it prints out the resulting hash, and then moves the result to its content-addressed location in the Nix store. E.g build produced path ‘/nix/store/504a4k6zi69dq0yjc0bm12pa65bccxam-nix-repl-8a2f5f0607540ffe56b56d52db544373e1efb980-src’ with sha256 hash ‘0cjablz01i0g9smnavhf86imwx1f9mnh5flax75i615ml71gsr88’ The goal of this is to make all nix-prefetch-* scripts unnecessary: we can just let Nix run the real thing (i.e., the corresponding fetch* derivation). Another example: $ nix-build --hash -E 'with import <nixpkgs> {}; fetchgit { url = "https://github.com/NixOS/nix.git"; sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffff"; }' ... git revision is 9e7c1a4bbdbe6129dd9dc385776612c307d3d1bb ... build produced path ‘/nix/store/gmsnh9i7x4mb7pyd2ns7n3c9l90jfsi1-nix’ with sha256 hash ‘1188xb621diw89n25rifqg9lxnzpz7nj5bfh4i1y3dnis0dmc0zp’ (Having to specify a fake sha256 hash is a bit annoying...)
2016-01-31 Use the daemon when we don't have write access to the Nix databaseEelco Dolstra4-13/+31
2016-01-12 --option build-repeat: Keep the differing output if -K is givenEelco Dolstra1-7/+38
Similar to 00903fa79961d7eb0fadeb9ed2d7cda7821dc293. Regardless of -K, we now also print which output differs.
2016-01-12 Canonicalize gids to 0Eelco Dolstra1-2/+2
Previously files in the Nix store were owned by root or by nixbld, depending on whether they were created by a substituter or by a builder. This doesn't matter much, but causes spurious diffoscope differences. So use root everywhere.
2016-01-12 --check: Keep the differing output if -K is givenEelco Dolstra1-2/+12
This makes it easier to investigate the non-determinism, e.g. $ nix-build pkgs/stdenv/linux -A stage1.pkgs.zlib --check -K error: derivation ‘/nix/store/l54i8wlw22656i4pk05c52ngv9rpl39q-zlib-1.2.8.drv’ may not be deterministic: output ‘/nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8’ differs from ‘/nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8-check’ $ diffoscope /nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8 /nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8-check ... ├── lib/libz.a │ ├── metadata │ │ @@ -1,15 +1,15 @@ │ │ -rw-r--r-- 30001/30000 3096 Jan 12 15:20 2016 adler32.o ... │ │ +rw-r--r-- 30001/30000 3096 Jan 12 15:28 2016 adler32.o ...
2016-01-12 --check: Fix "failed to produce output path"Eelco Dolstra1-1/+1
This occured when sandbox building is disabled, at least one output exists, and at least one other output does not.
2016-01-12 --check: Fix assertion failure when some outputs are missingEelco Dolstra1-1/+1
E.g. $ nix-build pkgs/stdenv/linux/ -A stage1.pkgs.perl --check nix-store: src/libstore/build.cc:1323: void nix::DerivationGoal::tryToBuild(): Assertion `buildMode != bmCheck || validPaths.size() == drv->outputs.size()' failed. when perl.out exists but perl.man doesn't. The fix is to only check the outputs that exist. Note that "nix-build -A stage1.pkgs.all --check" will still give a (proper) error in this case.
2016-01-07 Fix "Bad address" executing build hookEelco Dolstra1-5/+9
This was observed in the deb_debian7x86_64 build: http://hydra.nixos.org/build/29973215 Calling c_str() on a temporary should be fine because the temporary shouldn't be destroyed until after the execl() call, but who knows...
2016-01-07 Fix some signedness warningsEelco Dolstra1-1/+1
2016-01-06 nix-store --repair-path: Rebuild if there is no substituterEelco Dolstra1-2/+12
2016-01-06 Fix --repair failure on multiple-output derivationsEelco Dolstra1-1/+3
If repair found a corrupted/missing path that depended on a multiple-output derivation, and some of the outputs of the latter were not present, it failed with a message like error: path ‘/nix/store/cnfn9d5fjys1y93cz9shld2xwaibd7nn-bash-4.3-p42-doc’ is not valid
2016-01-05 Fix non-Darwin buildEelco Dolstra1-0/+2
2016-01-05 libstore: mmap() returns MAP_FAILED, not NULL on failureTuomas Tynkkynen1-1/+1
2016-01-04 Don't allow sandbox profile except in relaxed modeEelco Dolstra1-5/+10
This makes Darwin consistent with Linux: Nix expressions can't break out of the sandbox unless relaxed sandbox mode is enabled. For the normal sandbox mode this will require fixing #759 however.
2016-01-04 ~PathLocks(): Handle exceptionsEelco Dolstra1-1/+5
Otherwise, since the call to write a "d" character to the lock file can fail with ENOSPC, we can get an unhandled exception resulting in a call to terminate().
2015-12-29 Fix regression in passAsFileEelco Dolstra1-2/+3
Caused by 8063fc497ab78fa72962b93874fe25dcca2b55ed. If tmpDir != tmpDirInSandbox (typically when there are multiple concurrent builds with the same name), the *Path attribute would not point to an existing file. This caused Nixpkgs' writeTextFile to write an empty file. In particular this showed up as hanging VM builds (because it would run an empty run-nixos-vm script and then wait for it to finish booting).
2015-12-22 Handle /tmp being a symlinkEelco Dolstra1-1/+1
Hopefully fixes Darwin sandbox regression introduced in 8063fc497ab78fa72962b93874fe25dcca2b55ed.
2015-12-22 Fix bad error message in Darwin chrootsEelco Dolstra1-1/+3
2015-12-10 Build sandbox support etc. unconditionally on LinuxEelco Dolstra2-46/+19
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent ambiguity.
2015-12-08 Clarify error message for hash mismatches (again)Bjørn Forsman1-2/+2
This is arguably nitpicky, but I think this new formulation is even clearer. My thinking is that it's easier to comprehend when the calculated hash value is displayed close to the output path. (I think it is somewhat similar to eliminating double negatives in logic statements.) The formulation is inspired / copied from the OpenEmbedded build tool, bitbake.
2015-12-02 daemon: Add 'buildMode' parameter to 'buildPaths' RPCLudovic Courtès2-4/+10
2015-12-02 Use deterministic $TMPDIR in sandboxEelco Dolstra1-28/+36
Rather than using $<host-TMPDIR>/nix-build-<drvname>-<number>, the temporary directory is now always /tmp/nix-build-<drvname>-0. This improves bitwise-exact reproducibility for builds that store $TMPDIR in their build output. (Of course, those should still be fixed...)
2015-11-25 Merge branch 'p/sandbox-rename-minimal' of https://github.com/vcunat/nixEelco Dolstra1-8/+15
2015-11-25 Fix build failure introduced by #704Eelco Dolstra1-2/+3
Also, make the FreeBSD checks conditional on FreeBSD.
2015-11-24 Merge pull request #704 from ysangkok/freebsd-supportEelco Dolstra2-1/+3
FreeBSD support with knowledge about Linux emulation
2015-11-21 reintroduce host deps in tandem with sandbox profilesJude Taylor1-2/+1
2015-11-21 Revert "remove sandbox-defaults.sb"Shea Levy2-0/+64
As discussed in NixOS/nixpkgs#11001, we still need some of the old sandbox mechanism. This reverts commit d760c2638c9e1f4b8cd9b4ec90d68bf0c76a800b.
2015-11-19 re-fix permissions for GHCJude Taylor1-2/+5
2015-11-19 Merge branch 'sandbox-profiles' of git://github.com/pikajude/nixShea Levy3-84/+28
Temporarily allow derivations to describe their full sandbox profile. This will be eventually scaled back to a more secure setup, see the discussion at #695
2015-11-19 src/libstore/build.cc: clarify error message for hash mismatchesPeter Simons1-1/+1
Nix reports a hash mismatch saying: output path ‘foo’ should have sha256 hash ‘abc’, instead has ‘xyz’ That message is slightly ambiguous and some people read that statement to mean the exact opposite of what it is supposed to mean. After this patch, the message will be: Nix expects output path ‘foo’ to have sha256 hash ‘abc’, instead it has ‘xyz’
2015-11-17 FreeBSD can build Linux 32-bit binariesjanus1-0/+2
2015-11-16 AutoDelete: Add default constructor with deletion disabledShea Levy1-1/+1
2015-11-15 Use AutoDelete for sandbox profile fileShea Levy1-5/+14
2015-11-14 simplify build.cc using modern C++ featuresJude Taylor1-33/+31
2015-11-14 simplify build permissionsJude Taylor1-13/+3
2015-11-14 remove sandbox-defaults.sbJude Taylor2-64/+0
2015-11-14 use per-derivation sandbox profilesJude Taylor1-28/+39
2015-11-10 rename `chroot` to `sandbox` (fixes #656, close #682)Vladimír Čunát1-8/+15
- rename options but leav old names as lower-priority aliases, also "-dirs" -> "-paths" to get closer to the meaning - update docs to reflect the new names (old aliases are not documented), including a new file with release notes - tests need an update after corresponding changes to nixpkgs - __noChroot is left as it is (after discussion on the PR)
2015-11-09 Add option to verify build determinismEelco Dolstra2-12/+64
Passing "--option build-repeat <N>" will cause every build to be repeated N times. If the build output differs between any round, the build is rejected, and the output paths are not registered as valid. This is primarily useful to verify build determinism. (We already had a --check option to repeat a previously succeeded build. However, with --check, non-deterministic builds are registered in the DB. Preventing that is useful for Hydra to ensure that non-deterministic builds don't end up getting published at all.)
2015-11-09 Revert "Allow using /bin and /usr/bin as impure prefixes on non-darwin by ↵Eelco Dolstra1-1/+1
default" This reverts commit 79ca5033329053caa364bb2f7e50953f859cc97f. Ouch, never noticed this. We definitely don't want to allow builds to have arbitrary access to /bin and /usr/bin, because then they can (for instance) bring in a bunch of setuid programs. Also, we shouldn't be encouraging the use of impurities in the default configuration.
2015-11-09 optimizePath(): Detect some .links corruptionEelco Dolstra1-2/+9
If automatic store optimisation is enabled, and a hard-linked file in the store gets corrupted, then the corresponding .links entry will also be corrupted. In that case, trying to repair with --repair or --repair-path won't work, because the new "good" file will be replaced by a hard link to the corrupted file. We can catch most of these cases by doing a sanity-check on the file sizes.
2015-11-03 fix syntax errorJude Taylor1-1/+1
2015-11-03 darwin: allow reading system locale and zoneinfoJude Taylor1-2/+6
2015-10-31 allow reading ICU dataJude Taylor1-1/+2
2015-10-30 add special devices to sandbox-defaultsJude Taylor1-1/+4
2015-10-30 <nix/fetchurl.nix>: Support xz-compressed NARsEelco Dolstra1-0/+3