Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
They are unnecessary because we set the close-on-exec flag.
|
|
|
|
|
|
Slight optimisation.
|
|
We have close-on-exec on all FDs now, and there is no security risk in
passing open FDs to substituters anyway.
|
|
|
|
Fixes #57.
|
|
|
|
|
|
http://hydra.nixos.org/build/3123177
|
|
AFAIK nobody uses this, setuid binaries are evil, and there is no good
reason why people can't just run the daemon.
|
|
|
|
|
|
This allows repairing corrupted derivations and other source files.
|
|
|
|
If we find a corrupted path in the output closure, we rebuild the
derivation that produced that particular path.
|
|
With this flag, if any valid derivation output is missing or corrupt,
it will be recreated by using a substitute if available, or by
rebuilding the derivation. The latter may use hash rewriting if
chroots are not available.
|
|
missing/corrupt paths
Also, return a non-zero exit code if errors remain after
verifying/repairing.
|
|
This operation allows fixing corrupted or accidentally deleted store
paths by redownloading them using substituters, if available.
Since the corrupted path cannot be replaced atomically, there is a
very small time window (one system call) during which neither the old
(corrupted) nor the new (repaired) contents are available. So
repairing should be used with some care on critical packages like
Glibc.
|
|
|
|
|
|
|
|
|
|
Reported by "gio" on IRC.
|
|
Using the immutable bit is problematic, especially in conjunction with
store optimisation. For instance, if the garbage collector deletes a
file, it has to clear its immutable bit, but if the file has
additional hard links, we can't set the bit afterwards because we
don't know the remaining paths.
So now that we support having the entire Nix store as a read-only
mount, we may as well drop the immutable bit. Unfortunately, we have
to keep the code to clear the immutable bit for backwards
compatibility.
|
|
It turns out that the immutable bit doesn't work all that well. A
better way is to make the entire Nix store a read-only bind mount,
i.e. by doing
$ mount --bind /nix/store /nix/store
$ mount -o remount,ro,bind /nix/store
(This would typically done in an early boot script, before anything
from /nix/store is used.)
Since Nix needs to be able to write to the Nix store, it now detects
if /nix/store is a read-only bind mount and then makes it writable in
a private mount namespace.
|
|
|
|
Fixes issue #123 in Nixpkgs.
|
|
This ensures that "nix-build --run-env" doesn't keep a connection to
the worker open, preventing it from exiting.
|
|
|
|
The outputs of a derivation can refer to each other (even though they
cannot have cycles), so they have to be deleted in the right order.
http://hydra.nixos.org/build/3026118
|
|
I've seen operations like "nix-store --import" take much longer on one
system. So default to off until I've investigated this a bit further.
|
|
|
|
If the options gc-keep-outputs and gc-keep-derivations are both
enabled, you can get a cycle in the liveness graph. There was a hack
to handle this, but it didn't work with multiple-output derivations,
causing the garbage collector to fail with errors like ‘error: cannot
delete path `...' because it is in use by `...'’. The garbage
collector now handles strongly connected components in the liveness
graph as a unit and decides whether to delete all or none of the paths
in an SCC.
|
|
Note that this will only work if the client has a very recent Nix
version (post 15e1b2c223494ecb5efefc3ea0e3b926a6b1d7dc), otherwise the
--option flag will just be ignored.
Fixes #50.
|
|
Probably it's not a good idea to pass a temporary object to
StringSource.
|
|
case)
This uses scary hash rewriting.
Fixes #21.
|
|
|
|
This handles the chroot and build hook cases, which are easy.
Supporting the non-chroot-build case will require more work (hash
rewriting!).
Issue #21.
|
|
"config.h" must be included first, because otherwise the compiler
might not see the right value of _FILE_OFFSET_BITS. We've had this
before; see 705868a8a96a10f70e629433cfffc2d5cd2703eb. In this case,
GCC would compute a different address for ‘settings.useSubstitutes’ in
misc.cc because of the off_t in ‘settings’.
Reverts 3854fc9b42d16b810f62b64194b699033b03aaf1.
http://hydra.nixos.org/build/3016700
|
|
|
|
|
|
http://hydra.nixos.org/build/2955671
|
|
This is required on systemd, which mounts filesystems as "shared"
subtrees. Changes to shared trees in a private mount namespace are
propagated to the outside world, which is bad.
|
|
|
|
|
|
|
|
Fixes bogus messages like "currently hard linking saves
17592186044416.00 MiB".
|
|
This is a problem because one process may set the immutable bit before
the second process has created its link.
Addressed random Hydra failures such as:
error: cannot rename `/nix/store/.tmp-link-17397-1804289383' to
`/nix/store/rsvzm574rlfip3830ac7kmaa028bzl6h-nixos-0.1pre-git/upstart-interface-version':
Operation not permitted
|