aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/globals.hh
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstore/globals.hh')
-rw-r--r--src/libstore/globals.hh335
1 files changed, 225 insertions, 110 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index ccec300f7..af37ec61d 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -1,7 +1,7 @@
#pragma once
#include "types.hh"
-#include "logging.hh"
+#include "config.hh"
#include <map>
#include <sys/types.h>
@@ -9,10 +9,48 @@
namespace nix {
+typedef enum { smEnabled, smRelaxed, smDisabled } SandboxMode;
+
+extern bool useCaseHack; // FIXME
+
+struct CaseHackSetting : public BaseSetting<bool>
+{
+ CaseHackSetting(Config * options,
+ const std::string & name,
+ const std::string & description,
+ const std::set<std::string> & aliases = {})
+ : BaseSetting<bool>(useCaseHack, name, description, aliases)
+ {
+ options->addSetting(this);
+ }
+
+ void set(const std::string & str) override
+ {
+ BaseSetting<bool>::set(str);
+ nix::useCaseHack = true;
+ }
+};
+
+struct MaxBuildJobsSetting : public BaseSetting<unsigned int>
+{
+ MaxBuildJobsSetting(Config * options,
+ unsigned int def,
+ const std::string & name,
+ const std::string & description,
+ const std::set<std::string> & aliases = {})
+ : BaseSetting<unsigned int>(def, name, description, aliases)
+ {
+ options->addSetting(this);
+ }
+
+ void set(const std::string & str) override;
+};
-struct Settings {
+class Settings : public Config {
- typedef std::map<string, string> SettingsMap;
+ unsigned int getDefaultCores();
+
+public:
Settings();
@@ -20,29 +58,13 @@ struct Settings {
void set(const string & name, const string & value);
- string get(const string & name, const string & def);
-
- Strings get(const string & name, const Strings & def);
-
- bool get(const string & name, bool def);
-
- int get(const string & name, int def);
-
- void update();
-
- string pack();
-
- void unpack(const string & pack);
-
- SettingsMap getOverrides();
+ Path nixPrefix;
/* The directory where we store sources and derived files. */
Path nixStore;
Path nixDataDir; /* !!! fix */
- Path nixPrefix;
-
/* The directory where we log various operations. */
Path nixLogDir;
@@ -61,17 +83,14 @@ struct Settings {
/* File name of the socket the daemon listens to. */
Path nixDaemonSocketFile;
- /* Whether to keep temporary directories of failed builds. */
- bool keepFailed;
+ Setting<bool> keepFailed{this, false, "keep-failed",
+ "Whether to keep temporary directories of failed builds."};
- /* Whether to keep building subgoals when a sibling (another
- subgoal of the same goal) fails. */
- bool keepGoing;
+ Setting<bool> keepGoing{this, false, "keep-going",
+ "Whether to keep building derivations when another build fails."};
- /* Whether, if we cannot realise the known closure corresponding
- to a derivation, we should try to normalise the derivation
- instead. */
- bool tryFallback;
+ Setting<bool> tryFallback{this, false, "build-fallback",
+ "Whether to fall back to building when substitution fails."};
/* Whether to show build log output in real time. */
bool verboseBuild = true;
@@ -80,132 +99,228 @@ struct Settings {
the log to show if a build fails. */
size_t logLines = 10;
- /* Maximum number of parallel build jobs. 0 means unlimited. */
- unsigned int maxBuildJobs;
+ MaxBuildJobsSetting maxBuildJobs{this, 1, "build-max-jobs",
+ "Maximum number of parallel build jobs. \"auto\" means use number of cores."};
- /* Number of CPU cores to utilize in parallel within a build,
- i.e. by passing this number to Make via '-j'. 0 means that the
- number of actual CPU cores on the local host ought to be
- auto-detected. */
- unsigned int buildCores;
+ Setting<unsigned int> buildCores{this, getDefaultCores(), "build-cores",
+ "Number of CPU cores to utilize in parallel within a build, "
+ "i.e. by passing this number to Make via '-j'. 0 means that the "
+ "number of actual CPU cores on the local host ought to be "
+ "auto-detected."};
/* Read-only mode. Don't copy stuff to the store, don't change
the database. */
- bool readOnlyMode;
+ bool readOnlyMode = false;
+
+ Setting<std::string> thisSystem{this, SYSTEM, "system",
+ "The canonical Nix system name."};
- /* The canonical system name, as returned by config.guess. */
- string thisSystem;
+ Setting<time_t> maxSilentTime{this, 0, "build-max-silent-time",
+ "The maximum time in seconds that a builer can go without "
+ "producing any output on stdout/stderr before it is killed. "
+ "0 means infinity."};
- /* The maximum time in seconds that a builer can go without
- producing any output on stdout/stderr before it is killed. 0
- means infinity. */
- time_t maxSilentTime;
+ Setting<time_t> buildTimeout{this, 0, "build-timeout",
+ "The maximum duration in seconds that a builder can run. "
+ "0 means infinity."};
- /* The maximum duration in seconds that a builder can run. 0
- means infinity. */
- time_t buildTimeout;
+ Setting<bool> useBuildHook{this, true, "remote-builds",
+ "Whether to use build hooks (for distributed builds)."};
- /* Whether to use build hooks (for distributed builds). Sometimes
- users want to disable this from the command-line. */
- bool useBuildHook;
+ PathSetting buildHook{this, true, nixLibexecDir + "/nix/build-remote", "build-hook",
+ "The path of the helper program that executes builds to remote machines."};
- /* Amount of reserved space for the garbage collector
- (/nix/var/nix/db/reserved). */
- off_t reservedSize;
+ Setting<std::string> builders{this, "", "builders",
+ "A semicolon-separated list of build machines, in the format of nix.machines."};
- /* Whether SQLite should use fsync. */
- bool fsyncMetadata;
+ Setting<Strings> builderFiles{this,
+ {nixConfDir + "/machines"}, "builder-files",
+ "A list of files specifying build machines."};
- /* Whether SQLite should use WAL mode. */
- bool useSQLiteWAL;
+ Setting<off_t> reservedSize{this, 8 * 1024 * 1024, "gc-reserved-space",
+ "Amount of reserved disk space for the garbage collector."};
- /* Whether to call sync() before registering a path as valid. */
- bool syncBeforeRegistering;
+ Setting<bool> fsyncMetadata{this, true, "fsync-metadata",
+ "Whether SQLite should use fsync()."};
- /* Whether to use substitutes. */
- bool useSubstitutes;
+ Setting<bool> useSQLiteWAL{this, true, "use-sqlite-wal",
+ "Whether SQLite should use WAL mode."};
- /* The Unix group that contains the build users. */
- string buildUsersGroup;
+ Setting<bool> syncBeforeRegistering{this, false, "sync-before-registering",
+ "Whether to call sync() before registering a path as valid."};
- /* Set of ssh connection strings for the ssh substituter */
- Strings sshSubstituterHosts;
+ Setting<bool> useSubstitutes{this, true, "build-use-substitutes",
+ "Whether to use substitutes."};
- /* Whether to use the ssh substituter at all */
- bool useSshSubstituter;
+ Setting<std::string> buildUsersGroup{this, "", "build-users-group",
+ "The Unix group that contains the build users."};
- /* Whether to impersonate a Linux 2.6 machine on newer kernels. */
- bool impersonateLinux26;
+ Setting<bool> impersonateLinux26{this, false, "build-impersonate-linux-26",
+ "Whether to impersonate a Linux 2.6 machine on newer kernels."};
- /* Whether to store build logs. */
- bool keepLog;
+ Setting<bool> keepLog{this, true, "build-keep-log",
+ "Whether to store build logs."};
- /* Whether to compress logs. */
- bool compressLog;
+ Setting<bool> compressLog{this, true, "build-compress-log",
+ "Whether to compress logs."};
- /* Maximum number of bytes a builder can write to stdout/stderr
- before being killed (0 means no limit). */
- unsigned long maxLogSize;
+ Setting<unsigned long> maxLogSize{this, 0, "build-max-log-size",
+ "Maximum number of bytes a builder can write to stdout/stderr "
+ "before being killed (0 means no limit)."};
/* When build-repeat > 0 and verboseBuild == true, whether to
print repeated builds (i.e. builds other than the first one) to
stderr. Hack to prevent Hydra logs from being polluted. */
bool printRepeatedBuilds = true;
- /* How often (in seconds) to poll for locks. */
- unsigned int pollInterval;
+ Setting<unsigned int> pollInterval{this, 5, "build-poll-interval",
+ "How often (in seconds) to poll for locks."};
- /* Whether to check if new GC roots can in fact be found by the
- garbage collector. */
- bool checkRootReachability;
+ Setting<bool> checkRootReachability{this, false, "gc-check-reachability",
+ "Whether to check if new GC roots can in fact be found by the "
+ "garbage collector."};
- /* Whether the garbage collector should keep outputs of live
- derivations. */
- bool gcKeepOutputs;
+ Setting<bool> gcKeepOutputs{this, false, "gc-keep-outputs",
+ "Whether the garbage collector should keep outputs of live derivations."};
- /* Whether the garbage collector should keep derivers of live
- paths. */
- bool gcKeepDerivations;
+ Setting<bool> gcKeepDerivations{this, true, "gc-keep-derivations",
+ "Whether the garbage collector should keep derivers of live paths."};
- /* Whether to automatically replace files with identical contents
- with hard links. */
- bool autoOptimiseStore;
+ Setting<bool> autoOptimiseStore{this, false, "auto-optimise-store",
+ "Whether to automatically replace files with identical contents with hard links."};
- /* Whether to add derivations as a dependency of user environments
- (to prevent them from being GCed). */
- bool envKeepDerivations;
+ Setting<bool> envKeepDerivations{this, false, "env-keep-derivations",
+ "Whether to add derivations as a dependency of user environments "
+ "(to prevent them from being GCed)."};
/* Whether to lock the Nix client and worker to the same CPU. */
bool lockCPU;
/* Whether to show a stack trace if Nix evaluation fails. */
- bool showTrace;
+ bool showTrace = false;
+
+ Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
+ "Whether builtin functions that allow executing native code should be enabled."};
+
+ Setting<SandboxMode> sandboxMode{this, smDisabled, "build-use-sandbox",
+ "Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
+ {"build-use-chroot"}};
+
+ Setting<PathSet> sandboxPaths{this, {}, "build-sandbox-paths",
+ "The paths to make available inside the build sandbox.",
+ {"build-chroot-dirs"}};
+
+ Setting<PathSet> extraSandboxPaths{this, {}, "build-extra-sandbox-paths",
+ "Additional paths to make available inside the build sandbox.",
+ {"build-extra-chroot-dirs"}};
+
+ Setting<bool> restrictEval{this, false, "restrict-eval",
+ "Whether to restrict file system access to paths in $NIX_PATH, "
+ "and to disallow fetching files from the network."};
- /* Whether native-code enabling primops should be enabled */
- bool enableNativeCode;
+ Setting<size_t> buildRepeat{this, 0, "build-repeat",
+ "The number of times to repeat a build in order to verify determinism."};
- /* The hook to run just before a build to set derivation-specific
- build settings */
- Path preBuildHook;
+#if __linux__
+ Setting<std::string> sandboxShmSize{this, "50%", "sandbox-dev-shm-size",
+ "The size of /dev/shm in the build sandbox."};
- /* Path to the netrc file used to obtain usernames/passwords for
- downloads. */
- Path netrcFile;
+ Setting<Path> sandboxBuildDir{this, "/build", "sandbox-build-dir",
+ "The build directory inside the sandbox."};
+#endif
+
+ Setting<PathSet> allowedImpureHostPrefixes{this, {}, "allowed-impure-host-deps",
+ "Which prefixes to allow derivations to ask for access to (primarily for Darwin)."};
+
+#if __APPLE__
+ Setting<bool> darwinLogSandboxViolations{this, false, "darwin-log-sandbox-violations",
+ "Whether to log Darwin sandbox access violations to the system log."};
+#endif
+
+ Setting<bool> runDiffHook{this, false, "run-diff-hook",
+ "Whether to run the program specified by the diff-hook setting "
+ "repeated builds produce a different result. Typically used to "
+ "plug in diffoscope."};
+
+ PathSetting diffHook{this, true, "", "diff-hook",
+ "A program that prints out the differences between the two paths "
+ "specified on its command line."};
+
+ Setting<bool> enforceDeterminism{this, true, "enforce-determinism",
+ "Whether to fail if repeated builds produce different output."};
+
+ Setting<Strings> binaryCachePublicKeys{this,
+ {"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="},
+ "binary-cache-public-keys",
+ "Trusted public keys for secure substitution."};
+
+ Setting<Strings> secretKeyFiles{this, {}, "secret-key-files",
+ "Secret keys with which to sign local builds."};
+
+ Setting<size_t> binaryCachesParallelConnections{this, 25, "http-connections",
+ "Number of parallel HTTP connections.",
+ {"binary-caches-parallel-connections"}};
+
+ Setting<bool> enableHttp2{this, true, "enable-http2",
+ "Whether to enable HTTP/2 support."};
+
+ Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl",
+ "How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."};
+
+ Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches",
+ "Obsolete."};
+
+ Setting<Strings> substituters{this,
+ nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings(),
+ "substituters",
+ "The URIs of substituters (such as https://cache.nixos.org/).",
+ {"binary-caches"}};
+
+ // FIXME: provide a way to add to option values.
+ Setting<Strings> extraSubstituters{this, {}, "extra-substituters",
+ "Additional URIs of substituters.",
+ {"extra-binary-caches"}};
+
+ Setting<StringSet> trustedSubstituters{this, {}, "trusted-substituters",
+ "Disabled substituters that may be enabled via the substituters option by untrusted users.",
+ {"trusted-binary-caches"}};
+
+ Setting<Strings> trustedUsers{this, {"root"}, "trusted-users",
+ "Which users or groups are trusted to ask the daemon to do unsafe things."};
+
+ /* ?Who we trust to use the daemon in safe ways */
+ Setting<Strings> allowedUsers{this, {"*"}, "allowed-users",
+ "Which users or groups are allowed to connect to the daemon."};
+
+ Setting<bool> printMissing{this, true, "print-missing",
+ "Whether to print what paths need to be built or downloaded."};
+
+ Setting<std::string> preBuildHook{this,
+#if __APPLE__
+ nixLibexecDir + "/nix/resolve-system-dependencies",
+#else
+ "",
+#endif
+ "pre-build-hook",
+ "A program to run just before a build to set derivation-specific build settings."};
+
+ Setting<std::string> netrcFile{this, fmt("%s/%s", nixConfDir, "netrc"), "netrc-file",
+ "Path to the netrc file used to obtain usernames/passwords for downloads."};
/* Path to the SSL CA file used */
Path caFile;
- /* Whether we allow import-from-derivation */
- bool enableImportFromDerivation;
+ Setting<bool> enableImportFromDerivation{this, true, "allow-import-from-derivation",
+ "Whether the evaluator allows importing the result of a derivation."};
+
+ CaseHackSetting useCaseHack{this, "use-case-hack",
+ "Whether to enable a Darwin-specific hack for dealing with file name collisions."};
-private:
- SettingsMap settings, overrides;
+ Setting<unsigned long> connectTimeout{this, 0, "connect-timeout",
+ "Timeout for connecting to servers during downloads. 0 means use curl's builtin default."};
- void _get(string & res, const string & name);
- void _get(bool & res, const string & name);
- void _get(StringSet & res, const string & name);
- void _get(Strings & res, const string & name);
- template<class N> void _get(N & res, const string & name);
+ Setting<std::string> userAgentSuffix{this, "", "user-agent-suffix",
+ "String appended to the user agent in HTTP requests."};
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 16:44:28 +0000