about summary refs log tree commit diff
path: root/src/libstore
AgeCommit message (Collapse)AuthorFilesLines
2013-08-26 Fix personality switching from x86_64 to i686Gergely Risko1-1/+6
On Linux, Nix can build i686 packages even on x86_64 systems. It's not enough to recognize this situation by settings.thisSystem, we also have to consult uname(). E.g. we can be running on a i686 Debian with an amd64 kernel. In that situation settings.thisSystem is i686-linux, but we still need to change personality to i686 to make builds consistent.
2013-08-07 Run the daemon worker on the same CPU as the clientEelco Dolstra4-2/+19
On a system with multiple CPUs, running Nix operations through the daemon is significantly slower than "direct" mode: $ NIX_REMOTE= nix-instantiate '<nixos>' -A system real 0m0.974s user 0m0.875s sys 0m0.088s $ NIX_REMOTE=daemon nix-instantiate '<nixos>' -A system real 0m2.118s user 0m1.463s sys 0m0.218s The main reason seems to be that the client and the worker get moved to a different CPU after every call to the worker. This patch adds a hack to lock them to the same CPU. With this, the overhead of going through the daemon is very small: $ NIX_REMOTE=daemon nix-instantiate '<nixos>' -A system real 0m1.074s user 0m0.809s sys 0m0.098s
2013-07-18 Revert "build-remote.pl: Enforce timeouts locally"Eelco Dolstra1-1/+3
This reverts commit 69b8f9980f39c14a59365a188b300a34d625a2cd. The timeout should be enforced remotely. Otherwise, if the garbage collector is running either locally or remotely, if will block the build or closure copying for some time. If the garbage collector takes too long, the build may time out, which is not what we want. Also, on heavily loaded systems, copying large paths to and from the remote machine can take a long time, also potentially resulting in a timeout.
2013-07-15 Allow bind-mounting regular files into the chrootShea Levy1-1/+9
mount(2) with MS_BIND allows mounting a regular file on top of a regular file, so there's no reason to only bind directories. This allows finer control over just which files are and aren't included in the chroot without having to build symlink trees or the like. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-12 Garbage collector: Don't follow symlinks arbitrarilyEelco Dolstra2-45/+40
Only indirect roots (symlinks to symlinks to the Nix store) are now supported.
2013-06-20 Don't set $preferLocalBuild and $requiredSystemFeatures in buildersEelco Dolstra2-8/+15
With C++ std::map, doing a comparison like ‘map["foo"] == ...’ has the side-effect of adding a mapping from "foo" to the empty string if "foo" doesn't exist in the map. So we ended up setting some environment variables by accident.
2013-06-20 Don't substitute derivations that have preferLocalBuild setEelco Dolstra3-7/+15
In particular this means that "trivial" derivations such as writeText are not substituted, reducing the number of GET requests to the binary cache by about 200 on a typical NixOS configuration.
2013-06-20 Increase SQLite's auto-checkpoint intervalEelco Dolstra1-2/+2
Common operations like instantiating a NixOS system config no longer fitted in 8192 pages, leading to more fsyncs. So increase this limit.
2013-06-20 Disable the copy-from-other-stores substituterEelco Dolstra1-0/+2
This substituter basically cannot work reliably since we switched to SQLite, since SQLite databases may need write access to open them even just for reading (and in WAL mode they always do).
2013-06-20 Don't keep "disabled" substituters runningEelco Dolstra2-2/+27
For instance, it's pointless to keep copy-from-other-stores running if there are no other stores, or download-using-manifests if there are no manifests. This also speeds things up because we don't send queries to those substituters.
2013-06-13 Allow hard links between the outputs of a derivationEelco Dolstra3-9/+20
2013-06-13 Fix a security bug in hash rewritingEelco Dolstra1-0/+6
Before calling dumpPath(), we have to make sure the files are owned by the build user. Otherwise, the build could contain a hard link to (say) /etc/shadow, which would then be read by the daemon and rewritten as a world-readable file. This only affects systems that don't have hard link restrictions enabled.
2013-06-13 Fix assertion failure in canonicalisePathMetaData() after hash rewritingEelco Dolstra1-2/+9
The assertion in canonicalisePathMetaData() failed because the ownership of the path already changed due to the hash rewriting. The solution is not to check the ownership of rewritten paths. Issue #122.
2013-06-13 computeFSClosure: Only process the missing/corrupt pathsEelco Dolstra1-11/+17
Issue #122.
2013-06-13 In repair mode, update the hash of rebuilt pathsEelco Dolstra2-4/+5
Otherwise subsequent invocations of "--repair" will keep rebuilding the path. This only happens if the path content differs between builds (e.g. due to timestamps).
2013-06-07 Remove obsolete EOF checksEelco Dolstra1-26/+18
2013-06-07 Process stderr from substituters while doing have/info queriesEelco Dolstra2-9/+51
2013-06-07 Buffer reads from the substituterEelco Dolstra2-10/+27
This greatly reduces the number of system calls.
2013-05-23 nix-store --export: Export paths in topologically sorted orderEelco Dolstra1-1/+1
Fixes #118.
2013-05-10 In trace messages, don't print the output pathEelco Dolstra1-19/+15
This doesn't work if there is no output named "out". Hydra didn't use it anyway.
2013-05-09 Communicate build timeouts to HydraEelco Dolstra1-7/+11
2013-05-09 build-remote.pl: Enforce timeouts locallyEelco Dolstra1-3/+1
Don't pass --timeout / --max-silent-time to the remote builder. Instead, let the local Nix process terminate the build if it exceeds a timeout. The remote builder will be killed as a side-effect. This gives better error reporting (since the timeout message from the remote side wasn't properly propagated) and handles non-Nix problems like SSH hangs.
2013-05-01 Don't let stderr writes in substituters cause a deadlockEelco Dolstra1-0/+4
2013-04-26 addAdditionalRoots(): Check each path only onceEelco Dolstra1-2/+2
2013-04-23 Fix --timeoutEelco Dolstra1-38/+25
I'm not sure if it has ever worked correctly. The line "lastWait = after;" seems to mean that the timer was reset every time a build produced log output. Note that the timeout is now per build, as documented ("the maximum number of seconds that a builder can run").
2013-04-23 Nix daemon: respect build timeout from the clientEelco Dolstra1-1/+1
2013-04-04 Complain if /homeless-shelter existsEelco Dolstra1-1/+5
2013-03-25 makeStoreWritable: Ask forgiveness, not permissionShea Levy1-2/+2
It is surprisingly impossible to check if a mountpoint is a bind mount on Linux, and in my previous commit I forgot to check if /nix/store was even a mountpoint at all. statvfs.f_flag is not populated with MS_BIND (and even if it were, my check was wrong in the previous commit). Luckily, the semantics of mount with MS_REMOUNT | MS_BIND make both checks unnecessary: if /nix/store is not a mountpoint, then mount will fail with EINVAL, and if /nix/store is not a bind-mount, then it will not be made writable. Thus, if /nix/store is not a mountpoint, we fail immediately (since we don't know how to make it writable), and if /nix/store IS a mountpoint but not a bind-mount, we fail at first write (see below for why we can't check and fail immediately). Note that, due to what is IMO buggy behavior in Linux, calling mount with MS_REMOUNT | MS_BIND on a non-bind readonly mount makes the mountpoint appear writable in two places: In the sixth (but not the 10th!) column of mountinfo, and in the f_flags member of struct statfs. All other syscalls behave as if the mount point were still readonly (at least for Linux 3.9-rc1, but I don't think this has changed recently or is expected to soon). My preferred semantics would be for MS_REMOUNT | MS_BIND to fail on a non-bind mount, as it doesn't make sense to remount a non bind-mount as a bind mount.
2013-03-25 makeStoreWritable: Use statvfs instead of /proc/self/mountinfo to find out ↵Shea Levy1-21/+12
if /nix/store is a read-only bind mount /nix/store could be a read-only bind mount even if it is / in its own filesystem, so checking the 4th field in mountinfo is insufficient. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-08 Revert "Prevent config.h from being clobbered"Eelco Dolstra9-55/+112
This reverts commit 28bba8c44f484eae38e8a15dcec73cfa999156f6.
2013-03-07 Prevent config.h from being clobberedEelco Dolstra9-112/+55
2013-02-28 Handle systems without lutimes() or lchown()Eelco Dolstra1-1/+1
2013-02-28 Handle symlinks properlyEelco Dolstra1-1/+1
Now it's really brown paper bag time...
2013-02-27 Handle hard links to other files in the outputEelco Dolstra1-6/+26
2013-02-27 Refactoring: Split off the non-recursive canonicalisePathMetaData()Eelco Dolstra3-37/+52
Also, change the file mode before changing the owner. This prevents a slight time window in which a setuid binary would be setuid root.
2013-02-26 Security: Don't allow builders to change permissions on files they don't ownEelco Dolstra4-12/+15
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway.
2013-02-19 Add `Settings::nixDaemonSocketFile'.Ludovic Courtès4-9/+13
2013-02-19 Enable chroot support on old glibc versions.Ludovic Courtès1-0/+6
2013-01-23 Only warn about SQLite being busy onceEelco Dolstra1-1/+5
No need to get annoying.
2013-01-17 Store build logs in /nix/var/log/nix/drvs/<XX>Eelco Dolstra1-3/+5
...where <XX> is the first two characters of the derivation. Otherwise /nix/var/log/nix/drvs may become so large that we run into all sorts of weird filesystem limits/inefficiences. For instance, ext3/ext4 filesystems will barf with "ext4_dx_add_entry:1551: Directory index full!" once you hit a few million files.
2013-01-05 Delete a left-over trash directory before doing a GCEelco Dolstra1-1/+4
2013-01-04 Fix "0 store paths deleted" messageEelco Dolstra1-0/+2
2013-01-03 Open the database after removing immutable bitsEelco Dolstra1-1/+1
2013-01-03 Clear any immutable bits in the Nix storeEelco Dolstra5-22/+64
Doing this once makes subsequent operations like garbage collecting more efficient since we don't have to call makeMutable() first.
2013-01-02 If a substitute closure is incomplete, build dependencies, then retry the ↵Eelco Dolstra1-7/+28
substituter Issue #77.
2013-01-02 Automatically fall back if the references of a substitute are not substitutableEelco Dolstra1-1/+1
Fixes #77.
2012-12-29 nix-build: Support talking to old daemonsEelco Dolstra1-1/+10
Fixes #76.
2012-12-29 Allow mounting a path in a different location in the chrootEelco Dolstra3-10/+17
Fixes #24.
2012-12-20 nix-store -q --roots: Respect the gc-keep-outputs/gc-keep-derivations settingsEelco Dolstra7-24/+59
So if a path is not garbage solely because it's reachable from a root due to the gc-keep-outputs or gc-keep-derivations settings, ‘nix-store -q --roots’ now shows that root.
2012-12-20 Yet another rewrite of the garbage collectorEelco Dolstra2-131/+138
But this time it's *obviously* correct! No more segfaults due to infinite recursions for sure, etc. Also, move directories to /nix/store/trash instead of renaming them to /nix/store/bla-gc-<pid>. Then we can just delete /nix/store/trash at the end.