about summary refs log tree commit diff
path: root/src/nix-daemon
AgeCommit message (Collapse)AuthorFilesLines
2019-06-16 Style fixEelco Dolstra1-1/+1
2019-06-15 Daemon: warn when an untrusted user cannot override a settingFélix Baylac-Jacqué1-1/+1
In a daemon-based Nix setup, some options cannot be overridden by a client unless the client's user is considered trusted. Currently, if an untrusted user tries to override one of those options, we are silently ignoring it. This can be pretty confusing in certain situations. e.g. a user thinks he disabled the sandbox when in reality he did not. We are now sending a warning message letting know the user some options have been ignored. Related to #1761.
2019-03-14 findRoots(): Don't censor for trusted usersEelco Dolstra1-1/+1
They're pretty much root anyway.
2019-03-14 findRoots(): Add 'censor' parameterEelco Dolstra1-31/+10
This is less brittle than filtering paths after the fact in nix-daemon.
2019-03-10 Fix warning about unused variableGuillaume Maudoux1-2/+5
2019-03-10 Also obfuscate the number of memory rootsGuillaume Maudoux1-2/+16
2019-03-10 Make roots a map of store paths to pinning linksGuillaume Maudoux1-7/+12
This new structure makes more sense as there may be many sources rooting the same store path. Many profiles can reference the same path but this is even more true with /proc/<pid>/maps where distinct pids can and often do map the same store path. This implementation is also more efficient as the `Roots` map contains only one entry per rooted store path.
2019-03-10 Obfuscate memory roots for non-root usersGuillaume Maudoux1-2/+9
2018-10-26 Merge all nix-* binaries into nixEelco Dolstra2-19/+9
These are all symlinks to 'nix' now, reducing the installed size by about ~1.7 MiB.
2018-10-04 Remove unnecessary typecastEelco Dolstra1-1/+1
2018-09-25 nix-daemon: allow setting builders to "" by any user (untrusted)Will Dietz1-1/+2
(cherry picked from commit a94a2eb1cb1c81e90a7529be5fecac27899a3442)
2018-08-03 Make adding paths via nix-store --serve run in constant memoryEelco Dolstra1-0/+1
It adds a new operation, cmdAddToStoreNar, that does the same thing as the corresponding nix-daemon operation, i.e. call addToStore(). This replaces cmdImportPaths, which has the major issue that it sends the NAR first and the store path second, thus requiring us to store the incoming NAR either in memory or on disk until we decide what to do with it. For example, this reduces the memory usage of $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' /nix/store/95cwv4q54dc6giaqv6q6p4r02ia2km35-blender-2.79 from 267 MiB to 12 MiB. Probably fixes #1988.
2018-07-03 nix-daemon: Respect --storeEelco Dolstra1-3/+7
For example, this allows you to do run nix-daemon as a non-privileged user: eelco$ NIX_STATE_DIR=~/my-nix/nix/var nix-daemon --store ~/my-nix/ The NIX_STATE_DIR is still needed because settings.nixDaemonSocketFile is not derived from settings.storeUri (and we can't derive it from the store's state directory because we don't want to open the store in the parent process).
2018-05-30 Move some Download-specific settings to download.ccEelco Dolstra1-1/+1
2018-05-30 Make 'nix copy --to daemon' run in constant memory (daemon side)Eelco Dolstra1-3/+13
Continuation of 97002b684c902dadcd351a67208f9c2a88ff8f8f. This makes the daemon use constant memory. For example, it reduces the daemon's maximum RSS on $ nix copy --from ~/my-nix --to daemon /nix/store/1n7x0yv8vq6zi90hfmian84vdhd04bgp-blender-2.79a from 264 MiB to 7 MiB. We now use a TunnelSource to prevent the connection from ending up in an undefined state if an exception is thrown while the NAR is being sent. Issue https://github.com/NixOS/nix/issues/1681.
2018-05-26 nix-daemon: remove unused "pendingMsgs" variableWill Dietz1-2/+0
2018-05-21 serialise: fix buffer size used, hide method for internal use onlyWill Dietz1-1/+2
Fixes #2169.
2018-04-09 nix-daemon: Exit successfully when interrupted.Shea Levy1-1/+1
Fixes #2058.
2018-03-22 Merge branch 'fix/avoid-large-stack-buffers' of https://github.com/dtzWill/nixEelco Dolstra1-3/+3
2018-03-16 Reduce substitution memory consumptionEelco Dolstra1-1/+1
copyStorePath() now pipes the output of srcStore->narFromPath() directly into dstStore->addToStore(). The sink used by the former is converted into a source usable by the latter using boost::coroutine2. This is based on [1]. This reduces the maximum resident size of $ nix build --store ~/my-nix/ /nix/store/b0zlxla7dmy1iwc3g459rjznx59797xy-binutils-2.28.1 --substituters file:///tmp/binary-cache-xz/ --no-require-sigs from 418592 KiB to 53416 KiB. (The previous commit also reduced the runtime from ~4.2s to ~3.4s, not sure why.) A further improvement will be to download files into a Sink. [1] https://github.com/NixOS/nix/compare/master...Mathnerd314:dump-fix-coroutine#diff-dcbcac55a634031f9cc73707da6e4b18 Issue #1969.
2018-03-14 nix-daemon: preserve errno in signal handler (thanks tsan)Will Dietz1-0/+3
2018-03-02 don't allocate large buffers on the stackWill Dietz1-3/+3
2018-02-08 Add plugins to make Nix more extensible.Shea Levy1-0/+2
All plugins in plugin-files will be dlopened, allowing them to statically construct instances of the various Register* types Nix supports.
2018-02-07 More completely fix recursive nix, unbreak testsWill Dietz1-1/+1
See: https://github.com/NixOS/nix/commit/88b5d0c8e89afefbc547b6243c5aa5a3ec8176e9#commitcomment-27406365
2018-02-07 Prevent accidental recursive NixEelco Dolstra1-1/+1
2018-01-08 Improve error message with --repair for untrusted usersEelco Dolstra1-1/+1
2017-10-24 Remove the remote-builds optionEelco Dolstra1-1/+1
This is superfluous since you can now just set "builders" to empty, e.g. "--builders ''".
2017-08-28 Give activities a verbosity level againEelco Dolstra1-3/+8
And print them (separately from the progress bar) given sufficient -v flags.
2017-08-28 Don't send progress messages to older clientsEelco Dolstra1-11/+18
2017-08-28 Tunnel progress messages from the daemon to the clientEelco Dolstra1-18/+62
This makes the progress bar work for non-root users.
2017-08-28 Make TunnelLogger thread-safeEelco Dolstra1-109/+129
Now that we use threads in lots of places, it's possible for TunnelLogger::log() to be called asynchronously from other threads than the main loop. So we need to ensure that STDERR_NEXT messages don't clobber other messages.
2017-08-16 Progress indicator: CleanupEelco Dolstra1-4/+0
2017-07-30 Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim1-6/+6
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-04 Support base-64 hashesEelco Dolstra1-3/+3
Also simplify the Hash API. Fixes #1437.
2017-07-03 Replace a few bool flags with enumsEelco Dolstra1-4/+6
Functions like copyClosure() had 3 bool arguments, which creates a severe risk of mixing up arguments. Also, implement copyClosure() using copyPaths().
2017-05-16 Improve progress indicatorEelco Dolstra1-6/+1
2017-05-11 Don't allow untrusted users to set info.ultimateEelco Dolstra1-0/+2
Note that a trusted signature was still required in this case so it was not a huge deal.
2017-04-28 Suppress warning about ssh-auth-sockEelco Dolstra1-1/+3
2017-04-20 Setting: Remove "Tag" template argumentEelco Dolstra1-1/+1
2017-04-20 Reimplement trusted-substituters (aka trusted-binary-caches)Eelco Dolstra1-6/+42
2017-04-14 Minor cleanupEelco Dolstra1-2/+2
2017-04-14 nix-daemon: Don't set untrusted-* settingsEelco Dolstra1-3/+1
These are no longer used anywhere.
2017-04-14 nix-daemon: Don't die if the user sends an unknown settingEelco Dolstra1-4/+8
2017-04-13 Convert Settings to the new config systemEelco Dolstra1-7/+6
This makes all config options self-documenting. Unknown or unparseable config settings and --option flags now cause a warning.
2017-04-13 Merge branch 'rework-options' of https://github.com/copumpkin/nixEelco Dolstra1-2/+2
2017-04-06 Implement RemoteStore::queryMissing()Eelco Dolstra1-0/+11
This provides a significant speedup, e.g. 64 s -> 12 s for nix-build --dry-run -I nixpkgs=channel:nixos-16.03 '<nixpkgs/nixos/tests/misc.nix>' -A test on a cold local and CloudFront cache. The alternative is to use lots of concurrent daemon connections but that seems wasteful.
2017-04-06 nix-daemon: Disable path info cacheEelco Dolstra1-1/+4
This is useless because the client also caches path info, and can cause problems for long-running clients like hydra-queue-runner (i.e. it may return cached info about paths that have been garbage-collected).
2017-03-01 TeeSink: Pre-reserve string spaceEelco Dolstra1-4/+3
When receiving a very large file, this can prevent the string from having tobe copied, which temporarily doubles memory consumption.
2017-03-01 RemoteStore::addToStore(): Send NAR rather than string containing NAREelco Dolstra1-7/+10
This allows the NAR to be streamed in the future (though we're not doing that yet).
2017-03-01 Handle importing NARs containing files greater than 4 GiBEelco Dolstra1-18/+14
Also templatize readInt() to work for various integer types.