about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2014-08-04 Make chroot builds easier to set upEelco Dolstra1-0/+3
By default, we now include /bin/sh as a bind-mount of bash.
2014-08-01 Remove ugly hack for detecting build environment setup errorsEelco Dolstra1-13/+10
2014-08-01 Call commonChildInit() before doing chroot initEelco Dolstra2-12/+16
This ensures that daemon clients see error messages from the chroot setup.
2014-08-01 Eliminate redundant copyEelco Dolstra2-1/+3
2014-08-01 findRoots(): Prevent a call to lstat()Eelco Dolstra1-9/+14
This means that getting the roots from /nix/var/nix/.../hydra-roots doesn't need any I/O other than reading the directory.
2014-08-01 Make readDirectory() return inode / file typeEelco Dolstra7-46/+48
2014-08-01 Allow regular files as GC rootsEelco Dolstra1-0/+6
If a root is a regular file, then its name must denote a store path. For instance, the existence of the file /nix/var/nix/gcroots/per-user/eelco/hydra-roots/wzc3cy1wwwd6d0dgxpa77ijr1yp50s6v-libxml2-2.7.7 would cause /nix/store/wzc3cy1wwwd6d0dgxpa77ijr1yp50s6v-libxml2-2.7.7 to be a root. This is useful because it involves less I/O (no need for a readlink() call) and takes up less disk space (the symlink target typically takes up a full disk block, while directory entries are packed more efficiently). This is particularly important for hydra.nixos.org, which has hundreds of thousands of roots, and where reading the roots can take 25 minutes.
2014-07-31 Restore default SIGPIPE handler before invoking ‘man’Eelco Dolstra4-15/+17
Fixes NixOS/nixpkgs#3410.
2014-07-30 Rename nixPath to __nixPathEelco Dolstra2-3/+3
The name ‘nixPath’ breaks existing code.
2014-07-25 nix-daemon: Pass on the user's $SSH_AUTH_SOCK to the SSH substituterEelco Dolstra4-0/+17
2014-07-25 Change the default for use-ssh-substituter to ‘true’Eelco Dolstra1-2/+2
Now you only have to pass ‘--option ssh-substituter-hosts nix-ssh@bla’ to enable SSH substitution.
2014-07-24 nix-copy-closure: Drop --bzip2, --xz, --show-progressEelco Dolstra1-32/+1
These are too difficult to implement via nix-store --serve. ‘--show-progress’ could be re-implemented fairly easily via a sink/source wrapper class.
2014-07-24 Implement nix-copy-closure --from via nix-store --serveEelco Dolstra2-1/+13
2014-07-24 build-remote.pl: Be less verbose on failing buildsEelco Dolstra1-4/+4
2014-07-24 nix-store --serve: Only monitor stdin during buildsEelco Dolstra1-2/+2
Other operations cannot hang indefinitely (except when we're reading from stdin, in which case we'll notice a client disconnect). But monitoring works badly during compressed imports, since there the client can close the connection before we've sent an ack. http://hydra.nixos.org/build/12711638
2014-07-24 Use pthread_cancel instead of a signalEelco Dolstra1-5/+2
Signal handlers are process-wide, so sending SIGINT to the monitor thread will cause the normal SIGINT handler to run. This sets the isInterrupted flag, which is not what we want. So use pthread_cancel instead.
2014-07-24 Fix bogus pass by referenceEelco Dolstra1-6/+1
http://hydra.nixos.org/build/12711659
2014-07-24 More debuggingEelco Dolstra1-0/+1
2014-07-24 Add some assertionsEelco Dolstra1-0/+6
2014-07-24 Remove some dead codeEelco Dolstra2-10/+0
2014-07-23 Remove some obsolete filesEelco Dolstra1-141/+0
2014-07-23 Pass -pthread only for programs that need itEelco Dolstra2-1/+3
2014-07-23 nix-daemon: Less verbosityEelco Dolstra1-1/+1
2014-07-23 nix-daemon: Simplify stderr handlingEelco Dolstra2-7/+2
2014-07-23 nix-store --serve: Monitor for client disconnectsEelco Dolstra1-0/+3
This is necessary because build-remote.pl now builds via ‘nix-store --serve’. So if a build hangs without writing to stdout/stderr, and the client disconnects, then we need to detect that.
2014-07-23 nix-daemon: Use a thread instead of SIGPOLL to catch client disconnectsEelco Dolstra2-146/+50
The thread calls poll() to wait until a HUP (or other error event) happens on the client connection. If so, it sends SIGINT to the main thread, which is then cleaned up normally. This is much nicer than messing around with SIGPOLL.
2014-07-23 startProcess: Make writing error messages from the child more robustEelco Dolstra1-2/+4
2014-07-23 Remove dead codeEelco Dolstra2-3/+0
2014-07-19 Revert old useBuildHook behaviourEelco Dolstra3-3/+3
2014-07-18 Better fix for strcasecmp on DarwinEelco Dolstra1-3/+1
2014-07-17 Ugly hack to fix building on old DarwinEelco Dolstra1-0/+3
http://hydra.nixos.org/build/12580878
2014-07-17 nix-daemon: Add trusted-users and allowed-users optionsEelco Dolstra3-3/+48
‘trusted-users’ is a list of users and groups that have elevated rights, such as the ability to specify binary caches. It defaults to ‘root’. A typical value would be ‘@wheel’ to specify all users in the wheel group. ‘allowed-users’ is a list of users and groups that are allowed to connect to the daemon. It defaults to ‘*’. A typical value would be ‘@users’ to specify the ‘users’ group.
2014-07-17 nix-daemon: Show name of connecting userEelco Dolstra1-6/+7
2014-07-17 nix-daemon: Only print connection info if we have SO_PEERCREDEelco Dolstra1-9/+12
2014-07-17 nix-daemon: Fix compat with older clientsEelco Dolstra1-1/+1
2014-07-16 Get rid of a compiler warningEelco Dolstra1-1/+2
2014-07-16 Be more strict about file names in NARsEelco Dolstra1-1/+6
2014-07-16 Handle case collisions on case-insensitive systemsEelco Dolstra3-75/+102
When running NixOps under Mac OS X, we need to be able to import store paths built on Linux into the local Nix store. However, HFS+ is usually case-insensitive, so if there are directories with file names that differ only in case, then importing will fail. The solution is to add a suffix ("~nix~case~hack~<integer>") to colliding files. For instance, if we have a directory containing xt_CONNMARK.h and xt_connmark.h, then the latter will be renamed to "xt_connmark.h~nix~case~hack~1". If a store path is dumped as a NAR, the suffixes are removed. Thus, importing and exporting via a case-insensitive Nix store is round-tripping. So when NixOps calls nix-copy-closure to copy the path to a Linux machine, you get the original file names back. Closes #119.
2014-07-14 build-remote.pl: Fix building multiple output derivationsEelco Dolstra2-2/+3
We were importing paths without sorting them topologically, leading to "path is not valid" errors. See e.g. http://hydra.nixos.org/build/12451761
2014-07-11 build-remote.pl: Use ‘nix-store --serve’ on the remote sideEelco Dolstra3-5/+35
This makes things more efficient (we don't need to use an SSH master connection, and we only start a single remote process) and gets rid of locking issues (the remote nix-store process will keep inputs and outputs locked as long as they're needed). It also makes it more or less secure to connect directly to the root account on the build machine, using a forced command (e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix daemon and is therefore more efficient. Also, don't call nix-store to import the output paths.
2014-07-11 Allow $NIX_BUILD_HOOK to be relative to Nix libexec directoryEelco Dolstra2-3/+5
2014-07-10 Fix broken Pid constructorEelco Dolstra1-5/+2
2014-07-10 Replace message "importing path <...>" with "exporting path <...>"Eelco Dolstra1-2/+2
This causes nix-copy-closure to show what it's doing before rather than after.
2014-07-10 nix-copy-closure -s: Do substitutions via ‘nix-store --serve’Eelco Dolstra2-0/+30
This means we no longer need an SSH master connection, since we only execute a single command on the remote host.
2014-07-10 Remove tabsEelco Dolstra1-3/+3
2014-07-10 Refactoring: Move all fork handling into a higher-order functionEelco Dolstra7-206/+128
C++11 lambdas ftw.
2014-07-10 nix-copy-closure: Restore compression and the progress viewerEelco Dolstra1-2/+47
2014-07-10 Remove maybeVforkEelco Dolstra4-14/+4
2014-07-10 nix-copy-closure: Fix race conditionEelco Dolstra3-57/+62
There is a long-standing race condition when copying a closure to a remote machine, particularly affecting build-remote.pl: the client first asks the remote machine which paths it already has, then copies over the missing paths. If the garbage collector kicks in on the remote machine between the first and second step, the already-present paths may be deleted. The missing paths may then refer to deleted paths, causing nix-copy-closure to fail. The client now performs both steps using a single remote Nix call (using ‘nix-store --serve’), locking all paths in the closure while querying. I changed the --serve protocol a bit (getting rid of QueryCommand), so this breaks the SSH substituter from older versions. But it was marked experimental anyway. Fixes #141.
2014-07-10 Fix security hole in ‘nix-store --serve’Eelco Dolstra1-1/+1
Since it didn't check that the path received from the client is a store path, the client could dump any path in the file system.