aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/derivations.cc
AgeCommit message (Collapse)Author
2020-02-02Add convenience overload for toRealPath()Eelco Dolstra
2020-01-21Fix derivation computation with __structuredAttrs and multiple outputsEelco Dolstra
Fixes error: derivation '/nix/store/klivma7r7h5lndb99f7xxmlh5whyayvg-zlib-1.2.11.drv' has incorrect output '/nix/store/fv98nnx5ykgbq8sqabilkgkbc4169q05-zlib-1.2.11-dev', should be '/nix/store/adm7pilzlj3z5k249s8b4wv3scprhzi1-zlib-1.2.11-dev'
2019-12-16nix-store -r: Handle symlinks to store pathsEelco Dolstra
Fixes #3270.
2019-12-10Make the Store API more type-safeEelco Dolstra
Most functions now take a StorePath argument rather than a Path (which is just an alias for std::string). The StorePath constructor ensures that the path is syntactically correct (i.e. it looks like <store-dir>/<base32-hash>-<name>). Similarly, functions like buildPaths() now take a StorePathWithOutputs, rather than abusing Path by adding a '!<outputs>' suffix. Note that the StorePath type is implemented in Rust. This involves some hackery to allow Rust values to be used directly in C++, via a helper type whose destructor calls the Rust type's drop() function. The main issue is the dynamic nature of C++ move semantics: after we have moved a Rust value, we should not call the drop function on the original value. So when we move a value, we set the original value to bitwise zero, and the destructor only calls drop() if the value is not bitwise zero. This should be sufficient for most types. Also lots of minor cleanups to the C++ API to make it more modern (e.g. using std::optional and std::string_view in some places).
2019-09-03Support allowSubstitutes attribute in structured attribute derivationsEelco Dolstra
Hopefully fixes #3081 (didn't test).
2018-09-28Move structured attrs handling into a separate classEelco Dolstra
This is primarily because Derivation::{can,will}BuildLocally() depends on attributes like preferLocalBuild and requiredSystemFeatures, but it can't handle them properly because it doesn't have access to the structured attributes.
2018-06-13hashDerivationModulo(): Handle chroot storesEelco Dolstra
This makes 'nix copy --to /mnt /nix/store/bla.drv' work.
2018-02-27Add build-extra-platforms settingLinus Heckemann
This allows specifying additional systems that a machine is able to build for. This may apply on some armv7-capable aarch64 processors, or on systems using qemu-user with binfmt-misc to support transparent execution of foreign-arch programs. This removes the previous hard-coded assumptions about which systems are ABI-compatible with which other systems, and instead relies on the user to specify any additional platforms that they have ensured compatibility for and wish to build for locally. NixOS should probably add i686-linux on x86_64-linux systems for this setting by default.
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-04Support base-64 hashesEelco Dolstra
Also simplify the Hash API. Fixes #1437.
2017-07-03Replace a few bool flags with enumsEelco Dolstra
Functions like copyClosure() had 3 bool arguments, which creates a severe risk of mixing up arguments. Also, implement copyClosure() using copyPaths().
2017-03-21Move istringstream_nocopy to a separate fileEelco Dolstra
2017-03-06istringstream_nocopy: Implement in a standards-compliant way.Shea Levy
Fixes the problem mentioned in e6a61b8da788efbbbb0eb690c49434b6b5fc9741 See #1135
2017-03-01Handle importing NARs containing files greater than 4 GiBEelco Dolstra
Also templatize readInt() to work for various integer types.
2016-11-10build-remote: Implement in C++Shea Levy
2016-09-16armv5tel can be built by armv6l and armv7l (#1063)Eric Litak
2016-09-14Move some .drv parsing functions out of utilEelco Dolstra
2016-08-17Add a mechanism for derivation attributes to reference the derivation's outputsEelco Dolstra
For example, you can now say: configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev"}"; The strings returned by the ‘placeholder’ builtin are replaced at build time by the actual store paths corresponding to the specified outputs. Previously, you had to work around the inability to self-reference by doing stuff like: preConfigure = '' configureFlags+=" --prefix $out --includedir=$dev" ''; or rely on ad-hoc variable interpolation semantics in Autoconf or Make (e.g. --prefix=\$(out)), which doesn't always work.
2016-07-26makeFixedOutputPath(): Drop superfluous HashType argumentEelco Dolstra
2016-06-02Make derivationFromPath work on diverted storesEelco Dolstra
2016-06-01Make the store directory a member variable of StoreEelco Dolstra
2016-04-20Cache path info lookups in SQLiteEelco Dolstra
This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-02-04StoreAPI -> StoreEelco Dolstra
Calling a class an API is a bit redundant...
2016-02-04Eliminate the "store" global variableEelco Dolstra
Also, move a few free-standing functions into StoreAPI and Derivation. Also, introduce a non-nullable smart pointer, ref<T>, which is just a wrapper around std::shared_ptr ensuring that the pointer is never null. (For reference-counted values, this is better than passing a "T&", because the latter doesn't maintain the refcount. Usually, the caller will have a shared_ptr keeping the value alive, but that's not always the case, e.g., when passing a reference to a std::thread via std::bind.)
2015-07-17OCD: foreach -> C++11 ranged forEelco Dolstra
2015-07-17Allow remote builds without sending the derivation closureEelco Dolstra
Previously, to build a derivation remotely, we had to copy the entire closure of the .drv file to the remote machine, even though we only need the top-level derivation. This is very wasteful: the closure can contain thousands of store paths, and in some Hydra use cases, include source paths that are very large (e.g. Git/Mercurial checkouts). So now there is a new operation, StoreAPI::buildDerivation(), that performs a build from an in-memory representation of a derivation (BasicDerivation) rather than from a on-disk .drv file. The only files that need to be in the Nix store are the sources of the derivation (drv.inputSrcs), and the needed output paths of the dependencies (as described by drv.inputDrvs). "nix-store --serve" exposes this interface. Note that this is a privileged operation, because you can construct a derivation that builds any store path whatsoever. Fixing this will require changing the hashing scheme (i.e., the output paths should be computed from the other fields in BasicDerivation, allowing them to be verified without access to other derivations). However, this would be quite nice because it would allow .drv-free building (e.g. "nix-env -i" wouldn't have to write any .drv files to disk). Fixes #173.
2015-06-10Export outputPaths functionEelco Dolstra
This is useful for the new hydra-queue-runner.
2014-08-20Use proper quotes everywhereEelco Dolstra
2014-04-08If a .drv cannot be parsed, show its pathEelco Dolstra
Otherwise you just get ‘expected string `Derive(['’ which isn't very helpful.
2012-11-26Only substitute wanted outputs of a derivationEelco Dolstra
If a derivation has multiple outputs, then we only want to download those outputs that are actuallty needed. So if we do "nix-build -A openssl.man", then only the "man" output should be downloaded. Likewise if another package depends on ${openssl.man}. The tricky part is that different derivations can depend on different outputs of a given derivation, so we may need to restart the corresponding derivation goal if that happens.
2012-11-26Make "nix-build -A <derivation>.<output>" do the right thingEelco Dolstra
For example, given a derivation with outputs "out", "man" and "bin": $ nix-build -A pkg produces ./result pointing to the "out" output; $ nix-build -A pkg.man produces ./result-man pointing to the "man" output; $ nix-build -A pkg.all produces ./result, ./result-man and ./result-bin; $ nix-build -A pkg.all -A pkg2 produces ./result, ./result-man, ./result-bin and ./result-2.
2012-10-03Add a ‘--repair’ flag to nix-instantiateEelco Dolstra
This allows repairing corrupted derivations and other source files.
2012-07-30Refactor settings processingEelco Dolstra
Put all Nix configuration flags in a Settings object.
2011-09-12* Ouch. A store upgrade could cause a substituter to be triggered,Eelco Dolstra
causing a deadlock.
2011-08-31* Eliminate all uses of the global variable ‘store’ from libstore.Eelco Dolstra
This should also fix: nix-instantiate: ./../boost/shared_ptr.hpp:254: T* boost::shared_ptr<T>::operator->() const [with T = nix::StoreAPI]: Assertion `px != 0' failed. which was caused by hashDerivationModulo() calling the ‘store’ object (during store upgrades) before openStore() assigned it.
2011-07-20* Fix a huuuuge security hole in the Nix daemon. It didn't check thatEelco Dolstra
derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2010-04-21* Don't use an ostringstream in unparseDerivation(), because it'sEelco Dolstra
slow. A `nix-env -qa --drv-path \*' on Nixpkgs was spending 40% of its time in unparseDerivation() because of this (now 11%).
2010-04-19* Don't use the ATerm library for parsing/printing .drv files.Eelco Dolstra
2009-04-21* Use foreach in a lot of places.Eelco Dolstra
2008-08-25* Strip off the `.nix' suffix from the attribute name for files inEelco Dolstra
~/.nix-defexpr, otherwise the attribute cannot be selected with the `-A' option. Useful if you want to stick a Nix expression directly in ~/.nix-defexpr.
2007-01-29* computeStorePathForText: take the references into account whenEelco Dolstra
computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile).
2006-12-01* Replace read-only calls to addTextToStore.Eelco Dolstra
2006-11-30* Refactoring. There is now an abstract interface class StoreAPIEelco Dolstra
containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-10-16* Big cleanup of the semantics of paths, strings, contexts, stringEelco Dolstra
concatenation and string coercion. This was a big mess (see e.g. NIX-67). Contexts are now folded into strings, so that they don't cause evaluation errors when they're not expected. The semantics of paths has been clarified (see nixexpr-ast.def). toString() and coerceToString() have been merged. Semantic change: paths are now copied to the store when they're in a concatenation (and in most other situations - that's the formalisation of the meaning of a path). So "foo " + ./bla evaluates to "foo /nix/store/hash...-bla", not "foo /path/to/current-dir/bla". This prevents accidental impurities, and is more consistent with the treatment of derivation outputs, e.g., `"foo " + bla' where `bla' is a derivation. (Here `bla' would be replaced by the output path of `bla'.)
2006-09-04* Remove unnecessary inclusions of aterm2.h.Eelco Dolstra
2006-09-04* Use a proper namespace.Eelco Dolstra
* Optimise header file usage a bit. * Compile the parser as C++.
2006-05-02* Removed a bunch of ATreverses.Eelco Dolstra
2005-01-25* Maintain the references/referers relation also for derivations.Eelco Dolstra
This simplifies garbage collection and `nix-store --query --requisites' since we no longer need to treat derivations specially. * Better maintaining of the invariants, e.g., setReferences() can only be called on a valid/substitutable path.
2005-01-20* Terminology fixes.Eelco Dolstra
2005-01-20* Another change to low-level derivations. The last one this year, IEelco Dolstra
promise :-) This allows derivations to specify on *what* output paths of input derivations they are dependent. This helps to prevent unnecessary downloads. For instance, a build might be dependent on the `devel' and `lib' outputs of some library component, but not the `docs' output.