Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This reverts commit 2980d1fba97069805c3649c5d99d0356bce6c303. It
causes a regression in NixOS evaluation:
string `/nix/store/ya3s5gmj3b28170fpbjhgsk8wzymkpa1-pommed-1.39/etc/pommed.conf' cannot refer to other paths
|
|
vfork() is just too weird. For instance, in this build:
http://hydra.nixos.org/build/3330487
the value fromHook.writeSide becomes corrupted in the parent, even
though the child only reads from it. At -O0 the problem goes away.
Probably the child is overriding some spilled temporary variable.
If I get bored I may implement using posix_spawn() instead.
|
|
Slightly scared of using std::cerr in a vforked process...
|
|
|
|
Hopefully this reduces the chance of hitting ‘unable to fork: Cannot
allocate memory’ errors. vfork() is used for everything except
starting builders.
|
|
|
|
They are unnecessary because we set the close-on-exec flag.
|
|
|
|
|
|
Since the called function can return its argument attribute set
(e.g. "a"), the latter should not be allocated on the stack.
Reported by Shea.
|
|
Slight optimisation.
|
|
We have close-on-exec on all FDs now, and there is no security risk in
passing open FDs to substituters anyway.
|
|
|
|
Fixes #57.
|
|
|
|
|
|
Ignoring assertion failures makes some sense for nix-env -qa, but not
for nix-instantiate/nix-build or hydra-eval-jobs.
|
|
This is useful for hydra-eval-jobs.
|
|
|
|
http://hydra.nixos.org/build/3123177
|
|
|
|
AFAIK nobody uses this, setuid binaries are evil, and there is no good
reason why people can't just run the daemon.
|
|
|
|
I.e. do what git does. I'm too lazy to keep the builtin help text up
to date :-)
Also add ‘--help’ to various commands that lacked it
(e.g. nix-collect-garbage).
|
|
|
|
This allows repairing corrupted derivations and other source files.
|
|
|
|
If we find a corrupted path in the output closure, we rebuild the
derivation that produced that particular path.
|
|
With this flag, if any valid derivation output is missing or corrupt,
it will be recreated by using a substitute if available, or by
rebuilding the derivation. The latter may use hash rewriting if
chroots are not available.
|
|
|
|
missing/corrupt paths
Also, return a non-zero exit code if errors remain after
verifying/repairing.
|
|
This operation allows fixing corrupted or accidentally deleted store
paths by redownloading them using substituters, if available.
Since the corrupted path cannot be replaced atomically, there is a
very small time window (one system call) during which neither the old
(corrupted) nor the new (repaired) contents are available. So
repairing should be used with some care on critical packages like
Glibc.
|
|
|
|
|
|
In Nixpkgs, the attribute in all-packages.nix corresponding to a
package is usually equal to the package name. However, this doesn't
work if the package contains a dash, which is fairly common. The
convention is to replace the dash with an underscore (e.g. "dbus-lib"
becomes "dbus_glib"), but that's annoying. So now dashes are valid in
variable / attribute names, allowing you to write:
dbus-glib = callPackage ../development/libraries/dbus-glib { };
and
buildInputs = [ dbus-glib ];
Since we don't have a negation or subtraction operation in Nix, this
is unambiguous.
|
|
|
|
|
|
Reported by "gio" on IRC.
|
|
Using the immutable bit is problematic, especially in conjunction with
store optimisation. For instance, if the garbage collector deletes a
file, it has to clear its immutable bit, but if the file has
additional hard links, we can't set the bit afterwards because we
don't know the remaining paths.
So now that we support having the entire Nix store as a read-only
mount, we may as well drop the immutable bit. Unfortunately, we have
to keep the code to clear the immutable bit for backwards
compatibility.
|
|
It turns out that the immutable bit doesn't work all that well. A
better way is to make the entire Nix store a read-only bind mount,
i.e. by doing
$ mount --bind /nix/store /nix/store
$ mount -o remount,ro,bind /nix/store
(This would typically done in an early boot script, before anything
from /nix/store is used.)
Since Nix needs to be able to write to the Nix store, it now detects
if /nix/store is a read-only bind mount and then makes it writable in
a private mount namespace.
|
|
|
|
Fixes issue #123 in Nixpkgs.
|
|
Fixes #43.
|
|
This ensures that "nix-build --run-env" doesn't keep a connection to
the worker open, preventing it from exiting.
|
|
|
|
The outputs of a derivation can refer to each other (even though they
cannot have cycles), so they have to be deleted in the right order.
http://hydra.nixos.org/build/3026118
|
|
I've seen operations like "nix-store --import" take much longer on one
system. So default to off until I've investigated this a bit further.
|
|
|
|
If the options gc-keep-outputs and gc-keep-derivations are both
enabled, you can get a cycle in the liveness graph. There was a hack
to handle this, but it didn't work with multiple-output derivations,
causing the garbage collector to fail with errors like ‘error: cannot
delete path `...' because it is in use by `...'’. The garbage
collector now handles strongly connected components in the liveness
graph as a unit and decides whether to delete all or none of the paths
in an SCC.
|