From 53b24f351852498c52377c2f011617af04bc76fa Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 17 Jul 2012 09:40:12 -0400 Subject: Allow disabling log compression --- doc/manual/conf-file.xml | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'doc') diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml index 7fd104eb4ac8..1b19e56b5714 100644 --- a/doc/manual/conf-file.xml +++ b/doc/manual/conf-file.xml @@ -297,6 +297,16 @@ build-use-chroot = /dev /proc /bin + build-compress-log + + If set to true (the default), + build logs written to /nix/var/log/nix/drvs + will be compressed on the fly using bzip2. Otherwise, they will + not be compressed. + + + + system This option specifies the canonical Nix system -- cgit 1.4.1 From 6c01fb4d68a80f63c692492bb91c1aa2e17b5a8f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 17 Jul 2012 10:06:20 -0400 Subject: Update Nix 1.1 release notes --- doc/manual/release-notes.xml | 75 +++++++++++++++++++++++++++++++++++++++----- src/libstore/build.cc | 3 ++ 2 files changed, 70 insertions(+), 8 deletions(-) (limited to 'doc') diff --git a/doc/manual/release-notes.xml b/doc/manual/release-notes.xml index 66ced1c9c429..69ab0874b606 100644 --- a/doc/manual/release-notes.xml +++ b/doc/manual/release-notes.xml @@ -15,25 +15,84 @@ - Builds in chroots are now executed in a private network - namespace, meaning that they do not see any network interfaces - except a private loopback interface. This ensures that builds - cannot communicate with processes outside of the chroot, or clash - with other builds by listening on an identical port number. + On Linux, when doing a chroot build, Nix now uses various + namespace features provided by the Linux kernel to improve + build isolation. Namely: + + The private network namespace ensures that + builders cannot talk to the outside world (or vice versa): each + build only sees a private loopback interface. This also means + that two concurrent builds can listen on the same port (e.g. as + part of a test) without conflicting with each + other. + The PID namespace causes each build to start as + PID 1. Processes outside of the chroot are not visible to those + on the inside. On the other hand, processes inside the chroot + are visible from the outside (though with + different PIDs). + The IPC namespace prevents the builder from + communicating with outside processes using SysV IPC mechanisms + (shared memory, message queues, semaphores). It also ensures + that all IPC objects are destroyed when the builder + exits. + The UTS namespace ensures that builders see a + hostname of localhost rather than the actual + hostname. + The private mount namespace was already used by + Nix to ensure that the bind-mounts used to set up the chroot are + cleaned up automatically. + + Build logs are now compressed using bzip2. The command nix-store - -l decompresses them on the fly. + -l decompresses them on the fly. This can be disabled + by setting the option build-compress-log to + false. The creation of build logs in /nix/var/log/nix/drvs can be disabled by setting the new option build-keep-log to - false. - + false. This is useful, for instance, for Hydra + build machines. + + + + Nix now reserves some space in + /nix/var/nix/db/reserved to ensure that the + garbage collector can run successfully if the disk is full. This + is necessary because SQLite transactions fail if the disk is + full. + + + + Added a basic fetchurl function. This + is not intended to replace the fetchurl in + Nixpkgs, but is useful for bootstrapping; e.g., it will allow us + to get rid of the bootstrap binaries in the Nixpkgs source tree + and download them instead. You can use it by doing + import <nix/fetchurl.nix> { url = + url; sha256 = + "hash"; }. (Shea Levy) + + + + Improved RPM spec file. (Michel Alexandre Salim) + + + + Support for on-demand socket-based activation in the Nix + daemon with systemd. + + + + Added a manpage for + nix.conf5. + diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 8eb5dfa41bba..12940e268c74 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1796,6 +1796,9 @@ void DerivationGoal::startBuilder() with outside processes using SysV IPC mechanisms (shared memory, message queues, semaphores). It also ensures that all IPC objects are destroyed when the builder exits. + + - The UTS namespace ensures that builders see a hostname of + localhost rather than the actual hostname. */ #if CHROOT_ENABLED if (useChroot) { -- cgit 1.4.1 From 51d71ad3d7527596dc22d6dd9e9e70f2cd9faea9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 17 Jul 2012 11:49:47 -0400 Subject: Manual: Don't claim we support Cygwin --- doc/manual/introduction.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc') diff --git a/doc/manual/introduction.xml b/doc/manual/introduction.xml index 5641d110baba..21b1df1564e5 100644 --- a/doc/manual/introduction.xml +++ b/doc/manual/introduction.xml @@ -225,7 +225,7 @@ href="docs/papers.html#servicecm">SCM-12 paper. Portability Nix should run on most Unix systems, including Linux, FreeBSD and -Mac OS X. It is also supported on Windows using Cygwin. +Mac OS X. -- cgit 1.4.1