about summary refs log tree commit diff
path: root/src/libstore
AgeCommit message (Collapse)AuthorFilesLines
2014-07-19 Revert old useBuildHook behaviourEelco Dolstra2-2/+2
2014-07-17 nix-daemon: Add trusted-users and allowed-users optionsEelco Dolstra2-0/+13
‘trusted-users’ is a list of users and groups that have elevated rights, such as the ability to specify binary caches. It defaults to ‘root’. A typical value would be ‘@wheel’ to specify all users in the wheel group. ‘allowed-users’ is a list of users and groups that are allowed to connect to the daemon. It defaults to ‘*’. A typical value would be ‘@users’ to specify the ‘users’ group.
2014-07-16 Handle case collisions on case-insensitive systemsEelco Dolstra1-0/+2
When running NixOps under Mac OS X, we need to be able to import store paths built on Linux into the local Nix store. However, HFS+ is usually case-insensitive, so if there are directories with file names that differ only in case, then importing will fail. The solution is to add a suffix ("~nix~case~hack~<integer>") to colliding files. For instance, if we have a directory containing xt_CONNMARK.h and xt_connmark.h, then the latter will be renamed to "xt_connmark.h~nix~case~hack~1". If a store path is dumped as a NAR, the suffixes are removed. Thus, importing and exporting via a case-insensitive Nix store is round-tripping. So when NixOps calls nix-copy-closure to copy the path to a Linux machine, you get the original file names back. Closes #119.
2014-07-14 build-remote.pl: Fix building multiple output derivationsEelco Dolstra1-1/+0
We were importing paths without sorting them topologically, leading to "path is not valid" errors. See e.g. http://hydra.nixos.org/build/12451761
2014-07-11 build-remote.pl: Use ‘nix-store --serve’ on the remote sideEelco Dolstra1-0/+1
This makes things more efficient (we don't need to use an SSH master connection, and we only start a single remote process) and gets rid of locking issues (the remote nix-store process will keep inputs and outputs locked as long as they're needed). It also makes it more or less secure to connect directly to the root account on the build machine, using a forced command (e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix daemon and is therefore more efficient. Also, don't call nix-store to import the output paths.
2014-07-11 Allow $NIX_BUILD_HOOK to be relative to Nix libexec directoryEelco Dolstra2-3/+5
2014-07-10 Replace message "importing path <...>" with "exporting path <...>"Eelco Dolstra1-2/+2
This causes nix-copy-closure to show what it's doing before rather than after.
2014-07-10 Remove tabsEelco Dolstra1-3/+3
2014-07-10 Refactoring: Move all fork handling into a higher-order functionEelco Dolstra2-75/+33
C++11 lambdas ftw.
2014-07-10 Remove maybeVforkEelco Dolstra2-3/+3
2014-06-27 allow-arbitrary-code-during-evaluation -> ↵Eelco Dolstra1-1/+1
allow-unsafe-native-code-during-evaluation
2014-06-24 Only add the importNative primop if the ↵Shea Levy2-0/+5
allow-arbitrary-code-during-evaluation option is true (default false)
2014-06-10 Report daemon OOM betterEelco Dolstra1-5/+17
When copying a large path causes the daemon to run out of memory, you now get: error: Nix daemon out of memory instead of: error: writing to file: Broken pipe
2014-06-10 Print a warning when loading a large path into memoryEelco Dolstra1-0/+3
I.e. if you have a derivation with src = ./huge-directory; you'll get a warning that this is not a good idea.
2014-05-26 Use std::unordered_setEelco Dolstra2-12/+3
2014-05-21 nix-store -l: Fetch build logs from the InternetEelco Dolstra2-0/+4
If a build log is not available locally, then ‘nix-store -l’ will now try to download it from the servers listed in the ‘log-servers’ option in nix.conf. For instance, if you have: log-servers = http://hydra.nixos.org/log then it will try to get logs from http://hydra.nixos.org/log/<base name of the store path>. So you can do things like: $ nix-store -l $(which xterm) and get a log even if xterm wasn't built locally.
2014-05-15 lvlInfo -> lvlTalkativeEelco Dolstra1-1/+1
2014-05-15 nix-store --optimise: Remove bogus statisticsEelco Dolstra2-10/+7
2014-05-15 Remove tabEelco Dolstra1-2/+2
2014-05-15 Shortcut store files before lstatWout Mertens2-9/+37
readdir() already returns the inode numbers, so we don't need to call lstat to know if a file was already linked or not.
2014-05-14 Use the inodes given by readdir directlyWout Mertens2-21/+25
2014-05-13 Preload linked hashes to speed up lookupsWout Mertens2-10/+41
By preloading all inodes in the /nix/store/.links directory, we can quickly determine of a hardlinked file was already linked to the hashed links. This is tolerant of removing the .links directory, it will simply recalculate all hashes in the store.
2014-05-10 Shortcut already-hardlinked fileswmertens1-1/+10
If an inode in the Nix store has more than 1 link, it probably means that it was linked into .links/ by us. If so, skip. There's a possibility that something else hardlinked the file, so it would be nice to be able to override this. Also, by looking at the number of hardlinks for each of the files in .links/, you can get deduplication numbers and space savings.
2014-05-02 Set up directories and permissions for multi-user install automaticallyEelco Dolstra1-1/+28
This automatically creates /nix/var/nix/profiles/per-user and sets the permissions/ownership on /nix/store to 1775 and root:nixbld.
2014-05-02 Set build-max-jobs to the number of available cores by defaultEelco Dolstra1-0/+5
More zero configuration.
2014-05-02 When running as root, use build users by defaultEelco Dolstra1-0/+1
This removes the need to have a nix.conf, and prevents people from accidentally running Nix builds as root.
2014-04-08 If a .drv cannot be parsed, show its pathEelco Dolstra4-8/+18
Otherwise you just get ‘expected string `Derive(['’ which isn't very helpful.
2014-04-03 Fix compile errors on IllumosDanny Wilson2-0/+5
2014-04-03 Make sure /dev/pts/ptmx is world-writableLudovic Courtès1-0/+4
While running Python 3’s test suite, we noticed that on some systems /dev/pts/ptmx is created with permissions 0 (that’s the case with my Nixpkgs-originating 3.0.43 kernel, but someone with a Debian-originating 3.10-3 reported not having this problem.) There’s still the problem that people without CONFIG_DEVPTS_MULTIPLE_INSTANCES=y are screwed (as noted in build.cc), but I don’t see how we could work around it.
2014-03-30 boost::shared_ptr -> std::shared_ptrEelco Dolstra4-31/+34
2014-03-29 Fix potential segfault in waitForInput()Eelco Dolstra1-3/+5
Since the addition of build-max-log-size, a call to handleChildOutput() can result in cancellation of a goal. This invalidated the "j" iterator in the waitForInput() loop, even though it was still used afterwards. Likewise for the maxSilentTime handling. Probably fixes #231. At least it gets rid of the valgrind warnings.
2014-03-29 restoreSIGPIPE(): Fill in sa_maskEelco Dolstra1-0/+1
Issue #231.
2014-03-21 Make /dev/kvm optionalLudovic Courtès1-1/+4
The daemon now creates /dev deterministically (thanks!). However, it expects /dev/kvm to be present. The patch below restricts that requirement (1) to Linux-based systems, and (2) to systems where /dev/kvm already exists. I’m not sure about the way to handle (2). We could special-case /dev/kvm and create it (instead of bind-mounting it) in the chroot, so it’s always available; however, it wouldn’t help much since most likely, if /dev/kvm missing, then KVM support is missing.
2014-02-27 Set up a private /dev/pts in the chrootEelco Dolstra2-2/+14
2014-02-27 Set up a minimal /dev in chrootsEelco Dolstra4-13/+28
Not bind-mounting the /dev from the host also solves the problem with /dev/shm being a symlink to something not in the chroot.
2014-02-27 Fix deadlock in SubstitutionGoalEelco Dolstra1-0/+1
We were relying on SubstitutionGoal's destructor releasing the lock, but if a goal is a top-level goal, the destructor won't run in a timely manner since its reference count won't drop to zero. So release it explicitly. Fixes #178.
2014-02-26 Only start download-via-ssh if it's enabledEelco Dolstra1-12/+14
2014-02-26 Add use-ssh-substituter setting.Shea Levy2-0/+5
It defaults to false and can be overridden by RemoteStore. Untested currently, just quickly put this together
2014-02-18 Slight simplificationEelco Dolstra1-17/+10
2014-02-18 Add a flag ‘--check’ to verify build determinismEelco Dolstra5-49/+86
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.
2014-02-17 Make --repair work on DarwinEelco Dolstra1-3/+3
Mac OS X doesn't allow renaming a read-only directory. http://hydra.nixos.org/build/9113895
2014-02-17 RefactoringEelco Dolstra1-29/+36
2014-02-17 When using a build hook, only copy missing pathsEelco Dolstra1-9/+6
2014-02-17 Move some code aroundEelco Dolstra1-92/+82
In particular, do replacing of valid paths during repair later. This prevents us from replacing a valid path after the build fails.
2014-02-17 Heuristically detect if a build may have failed due to a full diskEelco Dolstra2-5/+28
This will allow Hydra to detect that a build should not be marked as "permanently failed", allowing it to be retried later.
2014-02-14 Minor style fixesEelco Dolstra2-2/+2
2014-02-10 Move StoreApi::serve into opServeShea Levy2-38/+0
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-10 Pass in params by const refShea Levy2-2/+2
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-08 Add download-via-ssh substituterShea Levy2-0/+26
This substituter connects to a remote host, runs nix-store --serve there, and then forwards substituter commands on to the remote host and sends their results to the calling program. The ssh-substituter-hosts option can be specified as a list of hosts to try. This is an initial implementation and, while it works, it has some limitations: * Only the first host is used * There is no caching of query results (all queries are sent to the remote machine) * There is no informative output (such as progress bars) * Some failure modes may cause unhelpful error messages * There is no concept of trusted-ssh-substituter-hosts Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-08 nix-store --serve: Flush out after every loopShea Levy2-2/+3
Signed-off-by: Shea Levy <shea@shealevy.com>