aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/local-store.cc
AgeCommit message (Collapse)Author
2019-11-26SimplifyEelco Dolstra
2019-11-26Merge branch 'repair-bad-links' of https://github.com/chkno/nixEelco Dolstra
2019-11-26Disallow empty store path namesEelco Dolstra
Fixes #3239.
2019-11-26DohEelco Dolstra
2019-11-15Check for and repair bad .links entriesChuck
A corrupt entry in .links prevents adding a fixed version of that file to the store in any path. The user experience is that corruption present in the store 'spreads' to new paths added to the store: (With store optimisation enabled) 1. A file in the store gets corrupted somehow (eg: filesystem bug). 2. The user tries to add a thing to the store which contains a good copy of the corrupted file. 3. The file being added to the store is hashed, found to match the bad .links entry, and is replaced by a link to the bad .links entry. (The .links entry's hash is not verified during add -- this would impose a substantial performance burden.) 4. The user observes that the thing in the store that is supposed to be a copy of what they were trying to add is not a correct copy -- some files have different contents! Running "nix-store --verify --check-contents --repair" does not fix the problem. This change makes "nix-store --verify --check-contents --repair" fix this problem. Bad .links entries are simply removed, allowing future attempts to insert a good copy of the file to succeed.
2019-10-31Minor updates to inline commentsBenjamin Hipple
Add missing docstring on InstallableCommand. Also, some of these were wrapped when they're right next to a line longer than the unwrapped line, so we can just unwrap them to save vertical space.
2019-10-29queryPathInfoUncached(): Return const ValidPathInfoEelco Dolstra
2019-10-21Mark content-addressable paths with references as experimentalEelco Dolstra
2019-10-21Allow content-addressable paths to have referencesEelco Dolstra
This adds a command 'nix make-content-addressable' that rewrites the specified store paths into content-addressable paths. The advantage of such paths is that 1) they can be imported without signatures; 2) they can enable deduplication in cases where derivation changes do not cause output changes (apart from store path hashes). For example, $ nix make-content-addressable -r nixpkgs.cowsay rewrote '/nix/store/g1g31ah55xdia1jdqabv1imf6mcw0nb1-glibc-2.25-49' to '/nix/store/48jfj7bg78a8n4f2nhg269rgw1936vj4-glibc-2.25-49' ... rewrote '/nix/store/qbi6rzpk0bxjw8lw6azn2mc7ynnn455q-cowsay-3.03+dfsg1-16' to '/nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16' We can then copy the resulting closure to another store without signatures: $ nix copy --trusted-public-keys '' ---to ~/my-nix /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 In order to support self-references in content-addressable paths, these paths are hashed "modulo" self-references, meaning that self-references are zeroed out during hashing. Somewhat annoyingly, this means that the NAR hash stored in the Nix database is no longer necessarily equal to the output of "nix hash-path"; for content-addressable paths, you need to pass the --modulo flag: $ nix path-info --json /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 | jq -r .[].narHash sha256:0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 1ggznh07khq0hz6id09pqws3a8q9pn03ya3c03nwck1kwq8rclzs $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 --modulo iq6g2x4q62xp7y7493bibx0qn5w7xz67 0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw
2019-10-10DohEelco Dolstra
https://hydra.nixos.org/build/102803044
2019-10-09Force per-user group to a known valueEelco Dolstra
2019-10-09Go back to 755 permission on per-user directoriesEelco Dolstra
700 is pointless since the store is world-readable anyway. And per-user/root/channels must be world-readable.
2019-10-09nix-env: Create ~/.nix-profile automaticallyEelco Dolstra
2019-10-09Remove world-writability from per-user directoriesEelco Dolstra
'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127.
2019-10-09OCD performance fix: {find,count}+insert => insertEelco Dolstra
2019-09-22Don't catch exceptions by valueEelco Dolstra
(cherry picked from commit 893be6f5e36abb58bbaa9c49055a5218114dd514)
2019-09-03Add some noexceptsEelco Dolstra
This is to assert that callback functions should never throw (since the context in which they're called may not be able to handle the exception).
2019-08-02nix-store --verify: Don't repair while holding the GC lockEelco Dolstra
2019-02-05Revert "Restore parent mount namespace before executing a child process"Eelco Dolstra
This reverts commit a0ef21262f4d5652bfb65cfacaec01d89c475a93. This doesn't work in 'nix run' and nix-shell because setns() fails in multithreaded programs, and Boehm GC mark threads are uncancellable. Fixes #2646.
2018-12-12libstore: improve hash mismatch error messageszimbatm
Use the same output ordering and format everywhere. This is such a common issue that we trade the single-line error message for more readability. Old message: ``` fixed-output derivation produced path '/nix/store/d4nw9x2sy9q3r32f3g5l5h1k833c01vq-example.com' with sha256 hash '08y4734bm2zahw75b16bcmcg587vvyvh0n11gwiyir70divwp1rm' instead of the expected hash '1xzwnipjd54wl8g93vpw6hxnpmdabq0wqywriiwmh7x8k0lvpq5m' ``` New message: ``` hash mismatch in fixed-output derivation '/nix/store/d4nw9x2sy9q3r32f3g5l5h1k833c01vq-example.com': wanted: sha256:1xzwnipjd54wl8g93vpw6hxnpmdabq0wqywriiwmh7x8k0lvpq5m got: sha256:08y4734bm2zahw75b16bcmcg587vvyvh0n11gwiyir70divwp1rm ```
2018-11-13Restore parent mount namespace before executing a child processEelco Dolstra
This ensures that they can't write to /nix/store. Fixes #2535.
2018-10-27Merge branch 'nix-doctor' of https://github.com/LnL7/nixEelco Dolstra
2018-09-07If fallback is enabled, temporarily disable substituters after a failureEelco Dolstra
Otherwise, we just keep asking the substituter for other .narinfo files, which can take a very long time due to retries/timeouts.
2018-09-07Handle queryPathInfo() failure from substituters when fallback is enabledEelco Dolstra
Fixes #1990.
2018-09-02Store: expose the protocol version used by a storeDaiderd Jordan
2018-08-13ignore when listxattr fails with ENODATASymphorien Gibol
This happens on CIFS and means the remote filesystem has no extended attributes.
2018-05-30Simplify the callback mechanismEelco Dolstra
2018-05-30LocalStore::addToStore: Throw an exception if no hash is givenEelco Dolstra
2018-05-03LocalStore::addValidPath(): Throw error when the CA assertion is wrongEelco Dolstra
Closes #2133.
2018-04-13Fix #1921Eelco Dolstra
2018-03-16Reduce substitution memory consumptionEelco Dolstra
copyStorePath() now pipes the output of srcStore->narFromPath() directly into dstStore->addToStore(). The sink used by the former is converted into a source usable by the latter using boost::coroutine2. This is based on [1]. This reduces the maximum resident size of $ nix build --store ~/my-nix/ /nix/store/b0zlxla7dmy1iwc3g459rjznx59797xy-binutils-2.28.1 --substituters file:///tmp/binary-cache-xz/ --no-require-sigs from 418592 KiB to 53416 KiB. (The previous commit also reduced the runtime from ~4.2s to ~3.4s, not sure why.) A further improvement will be to download files into a Sink. [1] https://github.com/NixOS/nix/compare/master...Mathnerd314:dump-fix-coroutine#diff-dcbcac55a634031f9cc73707da6e4b18 Issue #1969.
2018-03-07Fix #1957Eelco Dolstra
2018-02-12Fix hang in build-remoteEelco Dolstra
2018-02-12Fix 'deadlock: trying to re-acquire self-held lock'Eelco Dolstra
This was caused by derivations with 'allowSubstitutes = false'. Such derivations will be built locally. However, if there is another SubstitionGoal that has the output of the first derivation in its closure, then the path will be simultaneously built and substituted. There was a check to catch this situation (via pathIsLockedByMe()), but it no longer worked reliably because substitutions are now done in another thread. (Thus the comment 'It can't happen between here and the lockPaths() call below because we're not allowing multi-threading' was no longer valid.) The fix is to handle the path already being locked in both SubstitutionGoal and DerivationGoal.
2017-09-05Add automatic garbage collectionEelco Dolstra
Nix can now automatically run the garbage collector during builds or while adding paths to the store. The option "min-free = <bytes>" specifies that Nix should run the garbage collector whenever free space in the Nix store drops below <bytes>. It will then delete garbage until "max-free" bytes are available. Garbage collection during builds is asynchronous; running builds are not paused and new builds are not blocked. However, there also is a synchronous GC run prior to the first build/substitution. Currently, no old GC roots are deleted (as in "nix-collect-garbage -d").
2017-09-05GC: Don't delete own temproots fileEelco Dolstra
Since file locks are per-process rather than per-file-descriptor, the garbage collector would always acquire a lock on its own temproots file and conclude that it's stale.
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-04Support base-64 hashesEelco Dolstra
Also simplify the Hash API. Fixes #1437.
2017-07-03Replace a few bool flags with enumsEelco Dolstra
Functions like copyClosure() had 3 bool arguments, which creates a severe risk of mixing up arguments. Also, implement copyClosure() using copyPaths().
2017-06-20Call SetDllDirectory("") after sqlite3 init on cygwinDavid McFarland
Cygwin sqlite3 is patched to call SetDllDirectory("/usr/bin") on init, which affects the current process and is inherited by child processes. It causes DLLs to be loaded from /usr/bin/ before $PATH, which breaks all sorts of things. A typical failures would be header/lib version mismatches (e.g. openssl when running checkPhase on openssh). We'll just set it back to the default value. Note that this is a problem with the cygwin version of sqlite3 (currently 3.18.0). nixpkgs doesn't have the problematic patch.
2017-06-19macOS: Remove flagsEelco Dolstra
In particular, UF_IMMUTABLE (uchg) needs to be cleared to allow the path to be garbage-collected or optimised. See https://github.com/NixOS/nixpkgs/issues/25819. + the file from being garbage-collected.
2017-06-14canonicalisePathMetaData(): Ignore security.selinux attributeEelco Dolstra
Untested, hopefully fixes #1406.
2017-05-31Remove listxattr assertionEelco Dolstra
It appears that sometimes, listxattr() returns a different value for the query case (i.e. when the buffer size is 0).
2017-05-30Darwin sandbox: Use sandbox-defaults.sbEelco Dolstra
Issue #759. Also, remove nix.conf from the sandbox since I don't really see a legitimate reason for builders to access the Nix configuration.
2017-05-30canonicalisePathMetaData(): Remove extended attributes / ACLsEelco Dolstra
EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an ACL allows a builder to create writable files in the Nix store. So get rid of them. Closes #185.
2017-05-29Fix typoEelco Dolstra
2017-05-11Change the meaning of info.ultimateEelco Dolstra
It now means "paths that were built locally". It no longer includes paths that were added locally. For those we don't need info.ultimate, since we have the content-addressability assertion (info.ca).
2017-05-11LocalStore::addToStore(): Check info.narSizeEelco Dolstra
It allowed the client to specify bogus narSize values. In particular, Downloader::downloadCached wasn't setting narSize at all.
2017-05-01build-remote: Don't require signaturesEelco Dolstra
This restores the old behaviour.
2017-04-13Convert Settings to the new config systemEelco Dolstra
This makes all config options self-documenting. Unknown or unparseable config settings and --option flags now cause a warning.