aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstore')
-rw-r--r--src/libstore/build.cc11
-rw-r--r--src/libstore/crypto.cc4
-rw-r--r--src/libstore/download.cc2
-rw-r--r--src/libstore/globals.cc317
-rw-r--r--src/libstore/globals.hh312
-rw-r--r--src/libstore/local-store.cc4
-rw-r--r--src/libstore/remote-store.cc4
-rw-r--r--src/libstore/store-api.cc9
8 files changed, 205 insertions, 458 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc
index b23447fa0..33c9e3704 100644
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@@ -462,7 +462,7 @@ UserLock::UserLock()
assert(settings.buildUsersGroup != "");
/* Get the members of the build-users-group. */
- struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
+ struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
if (!gr)
throw Error(format("the group ‘%1%’ specified in ‘build-users-group’ does not exist")
% settings.buildUsersGroup);
@@ -1690,10 +1690,7 @@ void DerivationGoal::startBuilder()
/* Are we doing a chroot build? */
{
- string x = settings.useSandbox;
- if (x != "true" && x != "false" && x != "relaxed")
- throw Error("option ‘build-use-sandbox’ must be set to one of ‘true’, ‘false’ or ‘relaxed’");
- if (x == "true") {
+ if (settings.sandboxMode == smEnabled) {
if (get(drv->env, "__noChroot") == "1")
throw Error(format("derivation ‘%1%’ has ‘__noChroot’ set, "
"but that's not allowed when ‘build-use-sandbox’ is ‘true’") % drvPath);
@@ -1704,9 +1701,9 @@ void DerivationGoal::startBuilder()
#endif
useChroot = true;
}
- else if (x == "false")
+ else if (settings.sandboxMode == smDisabled)
useChroot = false;
- else if (x == "relaxed")
+ else if (settings.sandboxMode == smRelaxed)
useChroot = !fixedOutput && get(drv->env, "__noChroot") != "1";
}
diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc
index 9692dd83b..f56a6adab 100644
--- a/src/libstore/crypto.cc
+++ b/src/libstore/crypto.cc
@@ -105,12 +105,12 @@ PublicKeys getDefaultPublicKeys()
// FIXME: filter duplicates
- for (auto s : settings.binaryCachePublicKeys) {
+ for (auto s : settings.binaryCachePublicKeys.get()) {
PublicKey key(s);
publicKeys.emplace(key.name, key);
}
- for (auto secretKeyFile : settings.secretKeyFiles) {
+ for (auto secretKeyFile : settings.secretKeyFiles.get()) {
try {
SecretKey secretKey(readFile(secretKeyFile));
publicKeys.emplace(secretKey.name, secretKey.toPublicKey());
diff --git a/src/libstore/download.cc b/src/libstore/download.cc
index 95e6f7bac..d073e870b 100644
--- a/src/libstore/download.cc
+++ b/src/libstore/download.cc
@@ -251,7 +251,7 @@ struct CurlDownloader : public Downloader
/* If no file exist in the specified path, curl continues to work
anyway as if netrc support was disabled. */
- curl_easy_setopt(req, CURLOPT_NETRC_FILE, settings.netrcFile.c_str());
+ curl_easy_setopt(req, CURLOPT_NETRC_FILE, settings.netrcFile.get().c_str());
curl_easy_setopt(req, CURLOPT_NETRC, CURL_NETRC_OPTIONAL);
result.data = std::make_shared<std::string>();
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index b9f4fada5..bb61daa51 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -1,6 +1,7 @@
#include "globals.hh"
#include "util.hh"
#include "archive.hh"
+#include "args.hh"
#include <algorithm>
#include <map>
@@ -26,329 +27,89 @@ namespace nix {
Settings settings;
-
Settings::Settings()
+ : Config({})
+ , nixPrefix(NIX_PREFIX)
+ , nixStore(canonPath(getEnv("NIX_STORE_DIR", getEnv("NIX_STORE", NIX_STORE_DIR))))
+ , nixDataDir(canonPath(getEnv("NIX_DATA_DIR", NIX_DATA_DIR)))
+ , nixLogDir(canonPath(getEnv("NIX_LOG_DIR", NIX_LOG_DIR)))
+ , nixStateDir(canonPath(getEnv("NIX_STATE_DIR", NIX_STATE_DIR)))
+ , nixConfDir(canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR)))
+ , nixLibexecDir(canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR)))
+ , nixBinDir(canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR)))
+ , nixDaemonSocketFile(canonPath(nixStateDir + DEFAULT_SOCKET_PATH))
{
- deprecatedOptions = StringSet({
- "build-use-chroot", "build-chroot-dirs", "build-extra-chroot-dirs",
- "this-option-never-existed-but-who-will-know"
- });
-
- nixPrefix = NIX_PREFIX;
- nixStore = canonPath(getEnv("NIX_STORE_DIR", getEnv("NIX_STORE", NIX_STORE_DIR)));
- nixDataDir = canonPath(getEnv("NIX_DATA_DIR", NIX_DATA_DIR));
- nixLogDir = canonPath(getEnv("NIX_LOG_DIR", NIX_LOG_DIR));
- nixStateDir = canonPath(getEnv("NIX_STATE_DIR", NIX_STATE_DIR));
- nixConfDir = canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR));
- nixLibexecDir = canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR));
- nixBinDir = canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR));
- nixDaemonSocketFile = canonPath(nixStateDir + DEFAULT_SOCKET_PATH);
-
- // should be set with the other config options, but depends on nixLibexecDir
-#ifdef __APPLE__
- preBuildHook = nixLibexecDir + "/nix/resolve-system-dependencies";
-#endif
-
- keepFailed = false;
- keepGoing = false;
- tryFallback = false;
- maxBuildJobs = 1;
- buildCores = std::max(1U, std::thread::hardware_concurrency());
- readOnlyMode = false;
- thisSystem = SYSTEM;
- maxSilentTime = 0;
- buildTimeout = 0;
- useBuildHook = true;
- reservedSize = 8 * 1024 * 1024;
- fsyncMetadata = true;
- useSQLiteWAL = true;
- syncBeforeRegistering = false;
- useSubstitutes = true;
buildUsersGroup = getuid() == 0 ? "nixbld" : "";
- useSshSubstituter = true;
- impersonateLinux26 = false;
- keepLog = true;
- compressLog = true;
- maxLogSize = 0;
- pollInterval = 5;
- checkRootReachability = false;
- gcKeepOutputs = false;
- gcKeepDerivations = true;
- autoOptimiseStore = false;
- envKeepDerivations = false;
lockCPU = getEnv("NIX_AFFINITY_HACK", "1") == "1";
- showTrace = false;
- enableNativeCode = false;
- netrcFile = fmt("%s/%s", nixConfDir, "netrc");
caFile = getEnv("NIX_SSL_CERT_FILE", getEnv("SSL_CERT_FILE", "/etc/ssl/certs/ca-certificates.crt"));
- enableImportFromDerivation = true;
- useSandbox = "false"; // TODO: make into an enum
#if __linux__
sandboxPaths = tokenizeString<StringSet>("/bin/sh=" BASH_PATH);
#endif
- restrictEval = false;
- buildRepeat = 0;
allowedImpureHostPrefixes = tokenizeString<StringSet>(DEFAULT_ALLOWED_IMPURE_PREFIXES);
- sandboxShmSize = "50%";
- darwinLogSandboxViolations = false;
- runDiffHook = false;
- diffHook = "";
- enforceDeterminism = true;
- binaryCachePublicKeys = Strings{"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="};
- secretKeyFiles = Strings();
- binaryCachesParallelConnections = 25;
- enableHttp2 = true;
- tarballTtl = 60 * 60;
- signedBinaryCaches = "";
- substituters = Strings();
- binaryCaches = nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings();
- extraBinaryCaches = Strings();
- trustedUsers = Strings({"root"});
- allowedUsers = Strings({"*"});
- printMissing = true;
}
-
void Settings::loadConfFile()
{
- Path settingsFile = (format("%1%/%2%") % nixConfDir % "nix.conf").str();
- if (!pathExists(settingsFile)) return;
- string contents = readFile(settingsFile);
-
- unsigned int pos = 0;
-
- while (pos < contents.size()) {
- string line;
- while (pos < contents.size() && contents[pos] != '\n')
- line += contents[pos++];
- pos++;
-
- string::size_type hash = line.find('#');
- if (hash != string::npos)
- line = string(line, 0, hash);
-
- vector<string> tokens = tokenizeString<vector<string> >(line);
- if (tokens.empty()) continue;
-
- if (tokens.size() < 2 || tokens[1] != "=")
- throw Error(format("illegal configuration line ‘%1%’ in ‘%2%’") % line % settingsFile);
-
- string name = tokens[0];
-
- vector<string>::iterator i = tokens.begin();
- advance(i, 2);
- settings[name] = concatStringsSep(" ", Strings(i, tokens.end())); // FIXME: slow
- };
+ applyConfigFile(nixConfDir + "/nix.conf");
}
-
void Settings::set(const string & name, const string & value)
{
- settings[name] = value;
overrides[name] = value;
+ Config::set(name, value);
}
-void Settings::update()
-{
- _get(tryFallback, "build-fallback");
-
- std::string s = "1";
- _get(s, "build-max-jobs");
- if (s == "auto")
- maxBuildJobs = std::max(1U, std::thread::hardware_concurrency());
- else
- if (!string2Int(s, maxBuildJobs))
- throw Error("configuration setting ‘build-max-jobs’ should be ‘auto’ or an integer");
-
- _get(buildCores, "build-cores");
- _get(thisSystem, "system");
- _get(maxSilentTime, "build-max-silent-time");
- _get(buildTimeout, "build-timeout");
- _get(reservedSize, "gc-reserved-space");
- _get(fsyncMetadata, "fsync-metadata");
- _get(useSQLiteWAL, "use-sqlite-wal");
- _get(syncBeforeRegistering, "sync-before-registering");
- _get(useSubstitutes, "build-use-substitutes");
- _get(buildUsersGroup, "build-users-group");
- _get(impersonateLinux26, "build-impersonate-linux-26");
- _get(keepLog, "build-keep-log");
- _get(compressLog, "build-compress-log");
- _get(maxLogSize, "build-max-log-size");
- _get(pollInterval, "build-poll-interval");
- _get(checkRootReachability, "gc-check-reachability");
- _get(gcKeepOutputs, "gc-keep-outputs");
- _get(gcKeepDerivations, "gc-keep-derivations");
- _get(autoOptimiseStore, "auto-optimise-store");
- _get(envKeepDerivations, "env-keep-derivations");
- _get(sshSubstituterHosts, "ssh-substituter-hosts");
- _get(useSshSubstituter, "use-ssh-substituter");
- _get(enableNativeCode, "allow-unsafe-native-code-during-evaluation");
- _get(useCaseHack, "use-case-hack");
- _get(preBuildHook, "pre-build-hook");
- _get(keepGoing, "keep-going");
- _get(keepFailed, "keep-failed");
- _get(netrcFile, "netrc-file");
- _get(enableImportFromDerivation, "allow-import-from-derivation");
- _get(useSandbox, "build-use-sandbox", "build-use-chroot");
- _get(sandboxPaths, "build-sandbox-paths", "build-chroot-dirs");
- _get(extraSandboxPaths, "build-extra-sandbox-paths", "build-extra-chroot-dirs");
- _get(restrictEval, "restrict-eval");
- _get(buildRepeat, "build-repeat");
- _get(allowedImpureHostPrefixes, "allowed-impure-host-deps");
- _get(sandboxShmSize, "sandbox-dev-shm-size");
- _get(darwinLogSandboxViolations, "darwin-log-sandbox-violations");
- _get(runDiffHook, "run-diff-hook");
- _get(diffHook, "diff-hook");
- _get(enforceDeterminism, "enforce-determinism");
- _get(binaryCachePublicKeys, "binary-cache-public-keys");
- _get(secretKeyFiles, "secret-key-files");
- _get(binaryCachesParallelConnections, "binary-caches-parallel-connections");
- _get(enableHttp2, "enable-http2");
- _get(tarballTtl, "tarball-ttl");
- _get(signedBinaryCaches, "signed-binary-caches");
- _get(substituters, "substituters");
- _get(binaryCaches, "binary-caches");
- _get(extraBinaryCaches, "extra-binary-caches");
- _get(trustedUsers, "trusted-users");
- _get(allowedUsers, "allowed-users");
- _get(printMissing, "print-missing");
-
- /* Clear out any deprecated options that might be left, so users know we recognize the option
- but aren't processing it anymore */
- for (auto &i : deprecatedOptions) {
- if (settings.find(i) != settings.end()) {
- printError(format("warning: deprecated option '%1%' is no longer supported and will be ignored") % i);
- settings.erase(i);
- }
- }
-
- if (settings.size() != 0) {
- string bad;
- for (auto &i : settings)
- bad += "'" + i.first + "', ";
- bad.pop_back();
- bad.pop_back();
- throw Error(format("unrecognized options: %s") % bad);
- }
-}
-
-void Settings::checkDeprecated(const string & name)
+StringMap Settings::getOverrides()
{
- if (deprecatedOptions.find(name) != deprecatedOptions.end())
- printError(format("warning: deprecated option '%1%' will soon be unsupported") % name);
-}
-
-void Settings::_get(string & res, const string & name)
-{
- SettingsMap::iterator i = settings.find(name);
- if (i == settings.end()) return;
- checkDeprecated(i->first);
- settings.erase(i);
- res = i->second;
-}
-
-void Settings::_get(string & res, const string & name1, const string & name2)
-{
- SettingsMap::iterator i = settings.find(name1);
- if (i == settings.end()) i = settings.find(name2);
- if (i == settings.end()) return;
- checkDeprecated(i->first);
- settings.erase(i);
- res = i->second;
+ return overrides;
}
-
-void Settings::_get(bool & res, const string & name)
+unsigned int Settings::getDefaultCores()
{
- SettingsMap::iterator i = settings.find(name);
- if (i == settings.end()) return;
- checkDeprecated(i->first);
- settings.erase(i);
- if (i->second == "true") res = true;
- else if (i->second == "false") res = false;
- else throw Error(format("configuration option ‘%1%’ should be either ‘true’ or ‘false’, not ‘%2%’")
- % name % i->second);
+ return std::max(1U, std::thread::hardware_concurrency());
}
+const string nixVersion = PACKAGE_VERSION;
-void Settings::_get(StringSet & res, const string & name)
+template<> void Setting<SandboxMode>::set(const std::string & str)
{
- SettingsMap::iterator i = settings.find(name);
- if (i == settings.end()) return;
- checkDeprecated(i->first);
- settings.erase(i);
- res.clear();
- Strings ss = tokenizeString<Strings>(i->second);
- res.insert(ss.begin(), ss.end());
+ if (str == "true") value = smEnabled;
+ else if (str == "relaxed") value = smRelaxed;
+ else if (str == "false") value = smDisabled;
+ else throw UsageError("option '%s' has invalid value '%s'", name, str);
}
-void Settings::_get(StringSet & res, const string & name1, const string & name2)
+template<> std::string Setting<SandboxMode>::to_string()
{
- SettingsMap::iterator i = settings.find(name1);
- if (i == settings.end()) i = settings.find(name2);
- if (i == settings.end()) return;
- checkDeprecated(i->first);
- settings.erase(i);
- res.clear();
- Strings ss = tokenizeString<Strings>(i->second);
- res.insert(ss.begin(), ss.end());
+ if (value == smEnabled) return "true";
+ else if (value == smRelaxed) return "relaxed";
+ else if (value == smDisabled) return "false";
+ else abort();
}
-void Settings::_get(Strings & res, const string & name)
+template<> void Setting<unsigned int, Settings::MaxBuildJobsTag>::set(const std::string & str)
{
- SettingsMap::iterator i = settings.find(name);
- if (i == settings.end()) return;
- checkDeprecated(i->first);
- settings.erase(i);
- res = tokenizeString<Strings>(i->second);
+ if (str == "auto") value = std::max(1U, std::thread::hardware_concurrency());
+ else if (!string2Int(str, value))
+ throw UsageError("configuration setting ‘%s’ should be ‘auto’ or an integer", name);
}
-
-template<class N> void Settings::_get(N & res, const string & name)
+template<> std::string Setting<unsigned int, Settings::MaxBuildJobsTag>::to_string()
{
- SettingsMap::iterator i = settings.find(name);
- if (i == settings.end()) return;
- checkDeprecated(i->first);
- settings.erase(i);
- if (!string2Int(i->second, res))
- throw Error(format("configuration setting ‘%1%’ should have an integer value") % name);
+ return std::to_string(value);
}
-
-string Settings::pack()
+template<> void Setting<bool, Settings::CaseHackTag>::set(const std::string & str)
{
- string s;
- for (auto & i : settings) {
- if (i.first.find('\n') != string::npos ||
- i.first.find('=') != string::npos ||
- i.second.find('\n') != string::npos)
- throw Error("illegal option name/value");
- s += i.first; s += '='; s += i.second; s += '\n';
- }
- return s;
+ value = parseBool(str);
+ nix::useCaseHack = true;
}
-
-void Settings::unpack(const string & pack) {
- Strings lines = tokenizeString<Strings>(pack, "\n");
- for (auto & i : lines) {
- string::size_type eq = i.find('=');
- if (eq == string::npos)
- throw Error("illegal option name/value");
- set(i.substr(0, eq), i.substr(eq + 1));
- }
-}
-
-
-Settings::SettingsMap Settings::getOverrides()
+template<> std::string Setting<bool, Settings::CaseHackTag>::to_string()
{
- return overrides;
+ return printBool(value);
}
-
-const string nixVersion = PACKAGE_VERSION;
-
-
}
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index d47fdb7c9..95c8859cf 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -1,7 +1,7 @@
#pragma once
#include "types.hh"
-#include "logging.hh"
+#include "config.hh"
#include <map>
#include <sys/types.h>
@@ -9,36 +9,33 @@
namespace nix {
+typedef enum { smEnabled, smRelaxed, smDisabled } SandboxMode;
-struct Settings {
+extern bool useCaseHack; // FIXME
- typedef std::map<string, string> SettingsMap;
+class Settings : public Config {
- Settings();
+ StringMap overrides;
- void loadConfFile();
+ unsigned int getDefaultCores();
- void set(const string & name, const string & value);
+public:
- void update();
+ Settings();
- string pack();
+ void loadConfFile();
- void unpack(const string & pack);
+ void set(const string & name, const string & value);
- SettingsMap getOverrides();
+ StringMap getOverrides();
- /* TODO: the comments below should be strings and exposed via a nice command-line UI or similar.
- We should probably replace it with some sort of magic template or macro to minimize the amount
- of duplication and pain here. */
+ Path nixPrefix;
/* The directory where we store sources and derived files. */
Path nixStore;
Path nixDataDir; /* !!! fix */
- Path nixPrefix;
-
/* The directory where we log various operations. */
Path nixLogDir;
@@ -57,17 +54,14 @@ struct Settings {
/* File name of the socket the daemon listens to. */
Path nixDaemonSocketFile;
- /* Whether to keep temporary directories of failed builds. */
- bool keepFailed;
+ Setting<bool> keepFailed{this, false, "keep-failed",
+ "Whether to keep temporary directories of failed builds."};
- /* Whether to keep building subgoals when a sibling (another
- subgoal of the same goal) fails. */
- bool keepGoing;
+ Setting<bool> keepGoing{this, false, "keep-going",
+ "Whether to keep building derivations when another build fails."};
- /* Whether, if we cannot realise the known closure corresponding
- to a derivation, we should try to normalise the derivation
- instead. */
- bool tryFallback;
+ Setting<bool> tryFallback{this, tryFallback, "build-fallback",
+ "Whether to fall back to building when substitution fails."};
/* Whether to show build log output in real time. */
bool verboseBuild = true;
@@ -76,206 +70,206 @@ struct Settings {
the log to show if a build fails. */
size_t logLines = 10;
- /* Maximum number of parallel build jobs. 0 means unlimited. */
- unsigned int maxBuildJobs;
+ struct MaxBuildJobsTag { };
+ Setting<unsigned int, MaxBuildJobsTag> maxBuildJobs{this, 1, "build-max-jobs",
+ "Maximum number of parallel build jobs. \"auto\" means use number of cores."};
- /* Number of CPU cores to utilize in parallel within a build,
- i.e. by passing this number to Make via '-j'. 0 means that the
- number of actual CPU cores on the local host ought to be
- auto-detected. */
- unsigned int buildCores;
+ Setting<unsigned int> buildCores{this, getDefaultCores(), "build-cores",
+ "Number of CPU cores to utilize in parallel within a build, "
+ "i.e. by passing this number to Make via '-j'. 0 means that the "
+ "number of actual CPU cores on the local host ought to be "
+ "auto-detected."};
/* Read-only mode. Don't copy stuff to the store, don't change
the database. */
- bool readOnlyMode;
-
- /* The canonical system name, as returned by config.guess. */
- string thisSystem;
-
- /* The maximum time in seconds that a builer can go without
- producing any output on stdout/stderr before it is killed. 0
- means infinity. */
- time_t maxSilentTime;
+ bool readOnlyMode = false;
- /* The maximum duration in seconds that a builder can run. 0
- means infinity. */
- time_t buildTimeout;
+ Setting<std::string> thisSystem{this, SYSTEM, "system",
+ "The canonical Nix system name."};
- /* Whether to use build hooks (for distributed builds). Sometimes
- users want to disable this from the command-line. */
- bool useBuildHook;
+ Setting<time_t> maxSilentTime{this, 0, "build-max-silent-time",
+ "The maximum time in seconds that a builer can go without "
+ "producing any output on stdout/stderr before it is killed. "
+ "0 means infinity."};
- /* Amount of reserved space for the garbage collector
- (/nix/var/nix/db/reserved). */
- off_t reservedSize;
+ Setting<time_t> buildTimeout{this, 0, "build-timeout",
+ "The maximum duration in seconds that a builder can run. "
+ "0 means infinity."};
- /* Whether SQLite should use fsync. */
- bool fsyncMetadata;
+ Setting<bool> useBuildHook{this, true, "remote-builds",
+ "Whether to use build hooks (for distributed builds)."};
- /* Whether SQLite should use WAL mode. */
- bool useSQLiteWAL;
+ Setting<off_t> reservedSize{this, 8 * 1024 * 1024, "gc-reserved-space",
+ "Amount of reserved disk space for the garbage collector."};
- /* Whether to call sync() before registering a path as valid. */
- bool syncBeforeRegistering;
+ Setting<bool> fsyncMetadata{this, true, "fsync-metadata",
+ "Whether SQLite should use fsync()."};
- /* Whether to use substitutes. */
- bool useSubstitutes;
+ Setting<bool> useSQLiteWAL{this, true, "use-sqlite-wal",
+ "Whether SQLite should use WAL mode."};
- /* The Unix group that contains the build users. */
- string buildUsersGroup;
+ Setting<bool> syncBeforeRegistering{this, false, "sync-before-registering",
+ "Whether to call sync() before registering a path as valid."};
- /* Set of ssh connection strings for the ssh substituter */
- Strings sshSubstituterHosts;
+ Setting<bool> useSubstitutes{this, true, "build-use-substitutes",
+ "Whether to use substitutes."};
- /* Whether to use the ssh substituter at all */
- bool useSshSubstituter;
+ Setting<std::string> buildUsersGroup{this, "", "build-users-group",
+ "The Unix group that contains the build users."};
- /* Whether to impersonate a Linux 2.6 machine on newer kernels. */
- bool impersonateLinux26;
+ Setting<bool> impersonateLinux26{this, false, "build-impersonate-linux-26",
+ "Whether to impersonate a Linux 2.6 machine on newer kernels."};
- /* Whether to store build logs. */
- bool keepLog;
+ Setting<bool> keepLog{this, true, "build-keep-log",
+ "Whether to store build logs."};
- /* Whether to compress logs. */
- bool compressLog;
+ Setting<bool> compressLog{this, true, "build-compress-log",
+ "Whether to compress logs."};
- /* Maximum number of bytes a builder can write to stdout/stderr
- before being killed (0 means no limit). */
- unsigned long maxLogSize;
+ Setting<unsigned long> maxLogSize{this, 0, "build-max-log-size",
+ "Maximum number of bytes a builder can write to stdout/stderr "
+ "before being killed (0 means no limit)."};
/* When build-repeat > 0 and verboseBuild == true, whether to
print repeated builds (i.e. builds other than the first one) to
stderr. Hack to prevent Hydra logs from being polluted. */
bool printRepeatedBuilds = true;
- /* How often (in seconds) to poll for locks. */
- unsigned int pollInterval;
+ Setting<unsigned int> pollInterval{this, 5, "build-poll-interval",
+ "How often (in seconds) to poll for locks."};
- /* Whether to check if new GC roots can in fact be found by the
- garbage collector. */
- bool checkRootReachability;
+ Setting<bool> checkRootReachability{this, false, "gc-check-reachability",
+ "Whether to check if new GC roots can in fact be found by the "
+ "garbage collector."};
- /* Whether the garbage collector should keep outputs of live
- derivations. */
- bool gcKeepOutputs;
+ Setting<bool> gcKeepOutputs{this, false, "gc-keep-outputs",
+ "Whether the garbage collector should keep outputs of live derivations."};
- /* Whether the garbage collector should keep derivers of live
- paths. */
- bool gcKeepDerivations;
+ Setting<bool> gcKeepDerivations{this, true, "gc-keep-derivations",
+ "Whether the garbage collector should keep derivers of live paths."};
- /* Whether to automatically replace files with identical contents
- with hard links. */
- bool autoOptimiseStore;
+ Setting<bool> autoOptimiseStore{this, false, "auto-optimise-store",
+ "Whether to automatically replace files with identical contents with hard links."};
- /* Whether to add derivations as a dependency of user environments
- (to prevent them from being GCed). */
- bool envKeepDerivations;
+ Setting<bool> envKeepDerivations{this, false, "env-keep-derivations",
+ "Whether to add derivations as a dependency of user environments "
+ "(to prevent them from being GCed)."};
/* Whether to lock the Nix client and worker to the same CPU. */
bool lockCPU;
/* Whether to show a stack trace if Nix evaluation fails. */
- bool showTrace;
+ bool showTrace = false;
- /* Whether native-code enabling primops should be enabled */
- bool enableNativeCode;
+ Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
+ "Whether builtin functions that allow executing native code should be enabled."};
- /* Whether to enable sandboxed builds (string until we get an enum for true/false/relaxed) */
- string useSandbox;
+ Setting<SandboxMode> sandboxMode{this, smDisabled, "build-use-sandbox",
+ "Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
+ {"build-use-chroot"}};
- /* The basic set of paths to expose in a sandbox */
- PathSet sandboxPaths;
+ Setting<PathSet> sandboxPaths{this, {}, "build-sandbox-paths",
+ "The paths to make available inside the build sandbox.",
+ {"build-chroot-dirs"}};
- /* Any extra sandbox paths to expose */
- PathSet extraSandboxPaths;
+ Setting<PathSet> extraSandboxPaths{this, {}, "build-extra-sandbox-paths",
+ "Additional paths to make available inside the build sandbox.",
+ {"build-extra-chroot-dirs"}};
- /* Whether to allow certain questionable operations (like fetching) during evaluation */
- bool restrictEval;
+ Setting<bool> restrictEval{this, false, "restrict-eval",
+ "Whether to restrict file system access to paths in $NIX_PATH, "
+ "and to disallow fetching files from the network."};
- /* The number of times to repeat a build to check for determinism */
- int buildRepeat;
+ Setting<size_t> buildRepeat{this, 0, "build-repeat",
+ "The number of times to repeat a build in order to verify determinism."};
- /* Which prefixes to allow derivations to ask for access to (primarily for Darwin) */
- PathSet allowedImpureHostPrefixes;
+#if __linux__
+ Setting<std::string> sandboxShmSize{this, "50%", "sandbox-dev-shm-size",
+ "The size of /dev/shm in the build sandbox."};
+#endif
- /* The size of /dev/shm in the build sandbox (for Linux) */
- string sandboxShmSize;
+ Setting<PathSet> allowedImpureHostPrefixes{this, {}, "allowed-impure-host-deps",
+ "Which prefixes to allow derivations to ask for access to (primarily for Darwin)."};
- /* Whether to log Darwin sandbox access violations to the system log */
- bool darwinLogSandboxViolations;
+#if __APPLE__
+ Setting<bool> darwinLogSandboxViolations{this, false, "darwin-log-sandbox-violations",
+ "Whether to log Darwin sandbox access violations to the system log."};
+#endif
- /* ??? */
- bool runDiffHook;
+ Setting<bool> runDiffHook{this, false, "run-diff-hook",
+ "Whether to run the program specified by the diff-hook setting "
+ "repeated builds produce a different result. Typically used to "
+ "plug in diffoscope."};
- /* ??? */
- string diffHook;
+ PathSetting diffHook{this, true, "", "diff-hook",
+ "A program that prints out the differences between the two paths "
+ "specified on its command line."};
- /* Whether to fail if repeated builds produce different output */
- bool enforceDeterminism;
+ Setting<bool> enforceDeterminism{this, true, "enforce-determinism",
+ "Whether to fail if repeated builds produce different output."};
- /* The known public keys for a binary cache */
- Strings binaryCachePublicKeys;
+ Setting<Strings> binaryCachePublicKeys{this,
+ {"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="},
+ "binary-cache-public-keys",
+ "Trusted public keys for secure substitution."};
- /* Secret keys to use for build output signing */
- Strings secretKeyFiles;
+ Setting<Strings> secretKeyFiles{this, {}, "secret-key-files",
+ "Secret keys with which to sign local builds."};
- /* Number of parallel connections to hit a binary cache with when finding out if it contains hashes */
- int binaryCachesParallelConnections;
+ Setting<size_t> binaryCachesParallelConnections{this, 25, "binary-caches-parallel-connections",
+ "Number of parallel connections to binary caches."};
- /* Whether to enable HTTP2 */
- bool enableHttp2;
+ Setting<bool> enableHttp2{this, true, "enable-http2",
+ "Whether to enable HTTP/2 support."};
- /* How soon to expire tarballs like builtins.fetchTarball and (ugh, bad name) builtins.fetchurl */
- int tarballTtl;
+ Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl",
+ "How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."};
- /* ??? */
- string signedBinaryCaches;
+ Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches",
+ "Obsolete."};
- /* ??? */
- Strings substituters;
+ Setting<Strings> substituters{this,
+ nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings(),
+ "substituters",
+ "The URIs of substituters (such as https://cache.nixos.org/).",
+ {"binary-caches"}};
- /* ??? */
- Strings binaryCaches;
+ // FIXME: provide a way to add to option values.
+ Setting<Strings> extraSubstituters{this, {}, "extra-substituters",
+ "Additional URIs of substituters.",
+ {"extra-binary-caches"}};
- /* ??? */
- Strings extraBinaryCaches;
-
- /* Who we trust to ask the daemon to do unsafe things */
- Strings trustedUsers;
+ Setting<Strings> trustedUsers{this, {"root"}, "trusted-users",
+ "Which users or groups are trusted to ask the daemon to do unsafe things."};
/* ?Who we trust to use the daemon in safe ways */
- Strings allowedUsers;
+ Setting<Strings> allowedUsers{this, {"*"}, "allowed-users",
+ "Which users or groups are allowed to connect to the daemon."};
- /* ??? */
- bool printMissing;
+ Setting<bool> printMissing{this, true, "print-missing",
+ "Whether to print what paths need to be built or downloaded."};
- /* The hook to run just before a build to set derivation-specific
- build settings */
- Path preBuildHook;
+ Setting<std::string> preBuildHook{this,
+#if __APPLE__
+ nixLibexecDir + "/nix/resolve-system-dependencies",
+#else
+ "",
+#endif
+ "pre-build-hook",
+ "A program to run just before a build to set derivation-specific build settings."};
- /* Path to the netrc file used to obtain usernames/passwords for
- downloads. */
- Path netrcFile;
+ Setting<std::string> netrcFile{this, fmt("%s/%s", nixConfDir, "netrc"), "netrc-file",
+ "Path to the netrc file used to obtain usernames/passwords for downloads."};
/* Path to the SSL CA file used */
Path caFile;
- /* Whether we allow import-from-derivation */
- bool enableImportFromDerivation;
-
-private:
- StringSet deprecatedOptions;
- SettingsMap settings, overrides;
-
- void checkDeprecated(const string & name);
+ Setting<bool> enableImportFromDerivation{this, true, "allow-import-from-derivation",
+ "Whether the evaluator allows importing the result of a derivation."};
- void _get(string & res, const string & name);
- void _get(string & res, const string & name1, const string & name2);
- void _get(bool & res, const string & name);
- void _get(StringSet & res, const string & name);
- void _get(StringSet & res, const string & name1, const string & name2);
- void _get(Strings & res, const string & name);
- template<class N> void _get(N & res, const string & name);
+ struct CaseHackTag { };
+ Setting<bool, CaseHackTag> useCaseHack{this, nix::useCaseHack, "use-case-hack",
+ "Whether to enable a Darwin-specific hack for dealing with file name collisions."};
};
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc
index 9111a45f8..5a98454ab 100644
--- a/src/libstore/local-store.cc
+++ b/src/libstore/local-store.cc
@@ -75,7 +75,7 @@ LocalStore::LocalStore(const Params & params)
mode_t perm = 01775;
- struct group * gr = getgrnam(settings.buildUsersGroup.c_str());
+ struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
if (!gr)
printError(format("warning: the group ‘%1%’ specified in ‘build-users-group’ does not exist")
% settings.buildUsersGroup);
@@ -1335,7 +1335,7 @@ void LocalStore::signPathInfo(ValidPathInfo & info)
auto secretKeyFiles = settings.secretKeyFiles;
- for (auto & secretKeyFile : secretKeyFiles) {
+ for (auto & secretKeyFile : secretKeyFiles.get()) {
SecretKey secretKey(readFile(secretKeyFile));
info.sign(secretKey);
}
diff --git a/src/libstore/remote-store.cc b/src/libstore/remote-store.cc
index e1df137e4..da3c8eb8d 100644
--- a/src/libstore/remote-store.cc
+++ b/src/libstore/remote-store.cc
@@ -166,9 +166,7 @@ void RemoteStore::setOptions(Connection & conn)
<< settings.useSubstitutes;
if (GET_PROTOCOL_MINOR(conn.daemonVersion) >= 12) {
- Settings::SettingsMap overrides = settings.getOverrides();
- if (overrides["ssh-auth-sock"] == "")
- overrides["ssh-auth-sock"] = getEnv("SSH_AUTH_SOCK");
+ StringMap overrides = settings.getOverrides();
conn.to << overrides.size();
for (auto & i : overrides)
conn.to << i.first << i.second;
diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc
index 514d1c2ff..835bbb90e 100644
--- a/src/libstore/store-api.cc
+++ b/src/libstore/store-api.cc
@@ -719,7 +719,7 @@ ref<Store> openStore(const std::string & uri, const Store::Params & params)
for (auto fun : *RegisterStoreImplementation::implementations) {
auto store = fun(uri, params);
if (store) {
- store->warnUnused();
+ store->warnUnknownSettings();
return ref<Store>(store);
}
}
@@ -782,13 +782,10 @@ std::list<ref<Store>> getDefaultSubstituters()
state->stores.push_back(openStore(uri));
};
- for (auto uri : settings.substituters)
+ for (auto uri : settings.substituters.get())
addStore(uri);
- for (auto uri : settings.binaryCaches)
- addStore(uri);
-
- for (auto uri : settings.extraBinaryCaches)
+ for (auto uri : settings.extraSubstituters.get())
addStore(uri);
state->done = true;