about summary refs log tree commit diff
path: root/src/nix-store/nix-store.cc
AgeCommit message (Collapse)AuthorFilesLines
2016-03-22 Don't overload dumpPath()Eelco Dolstra1-1/+1
2016-03-21 Add Store::dumpPath() methodEelco Dolstra1-1/+3
This allows applying nix-store --verify-path to binary cache stores: NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7...
2016-02-26 importPaths(): Optionally add NARs to binary cache accessorEelco Dolstra1-2/+2
This enables an optimisation in hydra-queue-runner, preventing a download of a NAR it just uploaded to the cache when reading files like hydra-build-products.
2016-02-24 Eliminate reserveSpace flagEelco Dolstra1-1/+1
2016-02-16 Rename ValidPathInfo::hash -> narHash for consistencyEelco Dolstra1-6/+6
2016-02-11 Move addPermRoot into StoreEelco Dolstra1-2/+2
2016-02-04 More of the sameEelco Dolstra1-7/+7
2016-02-04 StoreAPI -> StoreEelco Dolstra1-4/+4
Calling a class an API is a bit redundant...
2016-02-04 Eliminate the "store" global variableEelco Dolstra1-28/+29
Also, move a few free-standing functions into StoreAPI and Derivation. Also, introduce a non-nullable smart pointer, ref<T>, which is just a wrapper around std::shared_ptr ensuring that the pointer is never null. (For reference-counted values, this is better than passing a "T&", because the latter doesn't maintain the refcount. Usually, the caller will have a shared_ptr keeping the value alive, but that's not always the case, e.g., when passing a reference to a std::thread via std::bind.)
2016-01-31 Add build mode to compute fixed-output derivation hashesEelco Dolstra1-0/+1
For example, $ nix-build --hash -A nix-repl.src will build the fixed-output derivation nix-repl.src (a fetchFromGitHub call), but instead of *verifying* the hash given in the Nix expression, it prints out the resulting hash, and then moves the result to its content-addressed location in the Nix store. E.g build produced path ‘/nix/store/504a4k6zi69dq0yjc0bm12pa65bccxam-nix-repl-8a2f5f0607540ffe56b56d52db544373e1efb980-src’ with sha256 hash ‘0cjablz01i0g9smnavhf86imwx1f9mnh5flax75i615ml71gsr88’ The goal of this is to make all nix-prefetch-* scripts unnecessary: we can just let Nix run the real thing (i.e., the corresponding fetch* derivation). Another example: $ nix-build --hash -E 'with import <nixpkgs> {}; fetchgit { url = "https://github.com/NixOS/nix.git"; sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffff"; }' ... git revision is 9e7c1a4bbdbe6129dd9dc385776612c307d3d1bb ... build produced path ‘/nix/store/gmsnh9i7x4mb7pyd2ns7n3c9l90jfsi1-nix’ with sha256 hash ‘1188xb621diw89n25rifqg9lxnzpz7nj5bfh4i1y3dnis0dmc0zp’ (Having to specify a fake sha256 hash is a bit annoying...)
2016-01-28 printMissing(): Propagate store argumentEelco Dolstra1-1/+1
2015-12-22 Don't ignore sodium_init() return valueEelco Dolstra1-1/+2
2015-10-29 int2String() -> std::to_string()Eelco Dolstra1-2/+2
2015-10-06 nix-store --serve: Implement log size limitEelco Dolstra1-1/+3
2015-07-23 --version: Print some config infoEelco Dolstra1-1/+7
Such as whether Nix is built with signed binary cache support, and the location of the configuration file.
2015-07-20 More cleanupEelco Dolstra1-16/+11
2015-07-17 OCD: foreach -> C++11 ranged forEelco Dolstra1-148/+142
2015-07-17 Allow remote builds without sending the derivation closureEelco Dolstra1-9/+31
Previously, to build a derivation remotely, we had to copy the entire closure of the .drv file to the remote machine, even though we only need the top-level derivation. This is very wasteful: the closure can contain thousands of store paths, and in some Hydra use cases, include source paths that are very large (e.g. Git/Mercurial checkouts). So now there is a new operation, StoreAPI::buildDerivation(), that performs a build from an in-memory representation of a derivation (BasicDerivation) rather than from a on-disk .drv file. The only files that need to be in the Nix store are the sources of the derivation (drv.inputSrcs), and the needed output paths of the dependencies (as described by drv.inputDrvs). "nix-store --serve" exposes this interface. Note that this is a privileged operation, because you can construct a derivation that builds any store path whatsoever. Fixing this will require changing the hashing scheme (i.e., the output paths should be computed from the other fields in BasicDerivation, allowing them to be verified without access to other derivations). However, this would be quite nice because it would allow .drv-free building (e.g. "nix-env -i" wouldn't have to write any .drv files to disk). Fixes #173.
2015-06-02 Use StoreAPI::verifyStore()Eelco Dolstra1-1/+1
2015-05-21 nix-collect-garbage: Call collectGarbage() internallyEelco Dolstra1-22/+0
2015-05-13 Fix "error: deriver of path ‘’ is not known"Eelco Dolstra1-6/+5
2015-03-25 addToStore(): Take explicit name argumentEelco Dolstra1-4/+4
2015-03-04 Add option to hide display of missing pathsEelco Dolstra1-1/+2
2015-02-18 nix-store --generate-binary-cache-key: Write key to diskEelco Dolstra1-4/+8
This ensures proper permissions for the secret key.
2015-02-10 Make libsodium an optional dependencyEelco Dolstra1-0/+6
2015-02-10 Add base64 encoder/decoderEelco Dolstra1-8/+2
2015-02-04 Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra1-2/+32
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2014-12-12 Ensure we're writing to stderr in the builderEelco Dolstra1-1/+1
http://hydra.nixos.org/build/17862041
2014-10-14 nix-store -q: Check for conflicting flagsEelco Dolstra1-4/+12
Fixes #364.
2014-09-01 Add an 'optimiseStore' remote procedure call.Ludovic Courtès1-19/+1
2014-08-20 Use pager for more commandsEelco Dolstra1-0/+2
2014-08-20 Use proper quotes everywhereEelco Dolstra1-25/+25
2014-08-20 nix-store -l: Automatically pipe output into $PAGEREelco Dolstra1-0/+2
2014-08-13 Refactor option handlingEelco Dolstra1-93/+92
2014-07-24 nix-copy-closure: Drop --bzip2, --xz, --show-progressEelco Dolstra1-32/+1
These are too difficult to implement via nix-store --serve. ‘--show-progress’ could be re-implemented fairly easily via a sink/source wrapper class.
2014-07-24 Implement nix-copy-closure --from via nix-store --serveEelco Dolstra1-1/+12
2014-07-24 build-remote.pl: Be less verbose on failing buildsEelco Dolstra1-4/+4
2014-07-24 nix-store --serve: Only monitor stdin during buildsEelco Dolstra1-2/+2
Other operations cannot hang indefinitely (except when we're reading from stdin, in which case we'll notice a client disconnect). But monitoring works badly during compressed imports, since there the client can close the connection before we've sent an ack. http://hydra.nixos.org/build/12711638
2014-07-23 nix-store --serve: Monitor for client disconnectsEelco Dolstra1-0/+3
This is necessary because build-remote.pl now builds via ‘nix-store --serve’. So if a build hangs without writing to stdout/stderr, and the client disconnects, then we need to detect that.
2014-07-14 build-remote.pl: Fix building multiple output derivationsEelco Dolstra1-1/+3
We were importing paths without sorting them topologically, leading to "path is not valid" errors. See e.g. http://hydra.nixos.org/build/12451761
2014-07-11 build-remote.pl: Use ‘nix-store --serve’ on the remote sideEelco Dolstra1-5/+32
This makes things more efficient (we don't need to use an SSH master connection, and we only start a single remote process) and gets rid of locking issues (the remote nix-store process will keep inputs and outputs locked as long as they're needed). It also makes it more or less secure to connect directly to the root account on the build machine, using a forced command (e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix daemon and is therefore more efficient. Also, don't call nix-store to import the output paths.
2014-07-10 nix-copy-closure -s: Do substitutions via ‘nix-store --serve’Eelco Dolstra1-0/+29
This means we no longer need an SSH master connection, since we only execute a single command on the remote host.
2014-07-10 Refactoring: Move all fork handling into a higher-order functionEelco Dolstra1-21/+8
C++11 lambdas ftw.
2014-07-10 nix-copy-closure: Restore compression and the progress viewerEelco Dolstra1-2/+47
2014-07-10 nix-copy-closure: Fix race conditionEelco Dolstra1-43/+53
There is a long-standing race condition when copying a closure to a remote machine, particularly affecting build-remote.pl: the client first asks the remote machine which paths it already has, then copies over the missing paths. If the garbage collector kicks in on the remote machine between the first and second step, the already-present paths may be deleted. The missing paths may then refer to deleted paths, causing nix-copy-closure to fail. The client now performs both steps using a single remote Nix call (using ‘nix-store --serve’), locking all paths in the closure while querying. I changed the --serve protocol a bit (getting rid of QueryCommand), so this breaks the SSH substituter from older versions. But it was marked experimental anyway. Fixes #141.
2014-07-10 Fix security hole in ‘nix-store --serve’Eelco Dolstra1-1/+1
Since it didn't check that the path received from the client is a store path, the client could dump any path in the file system.
2014-05-21 nix-store -l: Fetch build logs from the InternetEelco Dolstra1-3/+26
If a build log is not available locally, then ‘nix-store -l’ will now try to download it from the servers listed in the ‘log-servers’ option in nix.conf. For instance, if you have: log-servers = http://hydra.nixos.org/log then it will try to get logs from http://hydra.nixos.org/log/<base name of the store path>. So you can do things like: $ nix-store -l $(which xterm) and get a log even if xterm wasn't built locally.
2014-05-15 nix-store --optimise: Remove bogus statisticsEelco Dolstra1-4/+2
2014-02-26 nix-store -r: Respect --add-root for non-derivationsEelco Dolstra1-1/+9
Fixes #68. Fixes #117.
2014-02-18 Add a flag ‘--check’ to verify build determinismEelco Dolstra1-3/+4
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.