aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
AgeCommit message (Collapse)Author
2022-11-21Rename derivedPathsWithHintsToJSON -> builtPathsToJSONEelco Dolstra
2022-11-18Use cgroup.kill to quickly kill cgroupsEelco Dolstra
2022-11-18Get CPU stats from the cgroupEelco Dolstra
2022-11-18Separate cgroup support from auto-uid-allocationEelco Dolstra
The new experimental feature 'cgroups' enables the use of cgroups for all builds. This allows better containment and enables setting resource limits and getting some build stats.
2022-11-17Fix segfault in unprivileged modeEelco Dolstra
2022-11-10Remove the SystemdCgroup featureEelco Dolstra
2022-11-08Fix build on macOSEelco Dolstra
2022-11-08Split auto UID allocation from cgroupsEelco Dolstra
Cgroups are now only used for derivations that require the uid-range range feature. This allows auto UID allocation even on systems that don't have cgroups (like macOS). Also, make things work on modern systems that use cgroups v2 (where there is a single hierarchy and no "systemd" controller).
2022-11-03Merge remote-tracking branch 'origin/master' into auto-uid-allocationEelco Dolstra
2022-10-27Pass the right argv when calling the build hookThéophane Hufschmitt
Call it as `['nix', '__build-remote', ... ]` rather than the previous `["__build-remote", "nix __build-remote", ... ]` which seemed to have been most likely unintended
2022-10-22Defer to SSH config files for ForwardAgent optionAustin Kiekintveld
Currently, Nix passes `-a` when it runs commands on a remote machine via SSH, which disables agent forwarding. This causes issues when the `ForwardAgent` option is set in SSH config files, as the command line operation always overrides those. In particular, this causes issues if the command being run is `sudo` and the remote machine is configured with the equivalent of NixOS's `security.pam.enableSSHAgentAuth` option. Not allowing SSH agent forwarding can cause authentication to fail unexpectedly. This can currently be worked around by setting `NIX_SSHOPTS="-A"`, but we should defer to the options in the SSH config files to be least surprising for users.
2022-10-18Implement BinaryCacheStore::queryPathFromHashPart()Eelco Dolstra
2022-10-14Merge pull request #7168 from NixOS/rosetta-testEelco Dolstra
Improve Rosetta detection
2022-10-14Remove useless debug statementsEelco Dolstra
We haven't parsed the '-v' command line flags yet when this code executes, so we can't actually get debug output here.
2022-10-14Use /usr/bin/trueEelco Dolstra
2022-10-13Fix error display if execve() in the builder failsEelco Dolstra
After we've send "\2\n" to the parent, we can't send a serialized exception anymore. It will show up garbled like $ nix-build --store /tmp/nix --expr 'derivation { name = "foo"; system = "x86_64-linux"; builder = "/foo/bar"; }' this derivation will be built: /nix/store/xmdip0z5x1zqpp6gnxld3vqng7zbpapp-foo.drv building '/nix/store/xmdip0z5x1zqpp6gnxld3vqng7zbpapp-foo.drv'... ErrorErrorEexecuting '/foo/bar': No such file or directory error: builder for '/nix/store/xmdip0z5x1zqpp6gnxld3vqng7zbpapp-foo.drv' failed with exit code 1
2022-10-13Improve Rosetta detectionEelco Dolstra
Turns out that one of those *.plist files can exist even if Rosetta is not installed. So let's just try to run an x86_64-darwin binary directly.
2022-10-12Make warning about chroot store location more accurateSteam Deck User
While trying to use an alternate directory for my Nix installation, I noticed that nix's output didn't reflect the updated state directory. This patch corrects that and now prints the warning before attempting to create the directory (if the directory creation fails, it wouldn't have been obvious why nix was attempting to create the directory in the first place). With this patch, I now get the following warning: warning: '/home/deck/.var/app/org.nixos.nix/var/nix' does not exist, so Nix will use '/home/deck/.local/share/nix/root' as a chroot store
2022-10-05Merge pull request #6870 from ↵Valentin Gagarin
amjoseph-nixpkgs/pr/doc/explain-local-remote-binary-substituter
2022-09-30Merge pull request #7080 from squalus/nar-close-fileEelco Dolstra
archive: check close errors when extracting nars
2022-09-24Merge pull request #7078 from obsidiansystems/trustworthy-signatureThéophane Hufschmitt
"valid signature" -> "signature by a trusted key"
2022-09-24Merge pull request #7079 from matthewbauer/allow-untrusted-settingsThéophane Hufschmitt
Allow pass max-silent-time and build-poll-interval to daemon untrusted
2022-09-24Merge pull request #7059 from NixOS/remove-useless-ca-file-messageEelco Dolstra
Remove a useless debug message in filetransfer.cc
2022-09-23Apply suggestions from code reviewJohn Ericson
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Rune K. Svendsen <runesvend@gmail.com>
2022-09-22archive: check close errors when extracting narssqualus
2022-09-22Allow pass max-silent-time and build-poll-interval to daemon untrustedMatthew Bauer
These settings seem harmless, they control the same polling functionality that timeout does, but with different behavior. Should be safe for untrusted users to pass in.
2022-09-22Dodge "trusted" vs "trustworthy" by being explicit John Ericson
Hopefully this is best!
2022-09-22"valid signature" -> "trustworthy signature"John Ericson
I just had a colleague get confused by the previous phrase for good reason. "valid" sounds like an *objective* criterion, e.g. and *invalid signature* would be one that would be trusted by no one, e.g. because it misformatted or something. What is actually going is that there might be a signature which is perfectly valid to *someone else*, but not to the user, because they don't trust the corresponding public key. This is a *subjective* criterion, because it depends on the arbitrary and personal choice of which public keys to trust. I therefore think "trustworthy" is a better adjective to use. Whether something is worthy of trust is clearly subjective, and then "trust" within that word nicely evokes `trusted-public-keys` and friends.
2022-09-19Improve durability of schema version file writessqualus
- call close explicitly in writeFile to prevent the close exception from being ignored - fsync after writing schema file to flush data to disk - fsync schema file parent to flush metadata to disk https://github.com/NixOS/nix/issues/7064
2022-09-19Remove a useless debug message in filetransfer.ccThéophane Hufschmitt
Remove the `verify TLS: Nix CA file = 'blah'` message that Nix used to print when fetching anything as it's both useless (`libcurl` prints the same info in its logs) and misleading (gives the impression that a new TLS connection is being established which might not be the case because of multiplexing. See #7011 )
2022-09-13Merge pull request #6994 from agbrooks/masterThéophane Hufschmitt
Prevent tempdir from being GC-ed before addToStoreFromDump completes
2022-09-12Address PR feedback on #6694Andrew Brooks
2022-09-06Keep created temp dirs inside store, but protect from GCAndrew Brooks
Implements the approach suggested by feedback on PR #6994, where tempdir paths are created in the store (now with an exclusive lock). As part of this work, the currently-broken and unused `createTempDirInStore` function is updated to create an exclusive lock on the temp directory in the store. The GC now makes a non-blocking attempt to lock any store directories that "look like" the temp directories created by this function, and if it can't acquire one, ignores the directory.
2022-09-02Prevent tempdir from being GC-ed before addToStoreFromDump has renamed itAndrew Brooks
This fixes issue 6823 by placing the tempdir used in LocalStore::addToStoreFromDump outside the Nix store, where automatic GC is no longer a concern.
2022-09-02Don’t readDerivation if impure derivations feature is disabledMatthew Bauer
readDerivation is pretty slow, and while it may not be significant for some use cases, on things like ghc-nix where we have thousands of derivations is really slows things down. So, this just doesn’t do the impure derivation check if the impure derivation experimental feature is disabled. Perhaps we could cache the result of isPure() and keep the check, but this is a quick fix to for the slowdown introduced with impure derivations features in 2.8.0.
2022-09-01linkify mention of other optionsAdam Joseph
2022-09-01move substituter signature-checking conditions to configuration file ↵Adam Joseph
documentation
2022-08-26Merge pull request #6954 from winterqt/darwin-sandbox-trustdEelco Dolstra
fix(libstore): allow access to trustd on macOS
2022-08-24fix(libstore): allow access to trustd on macOSWinter
2022-08-24Remove redundant FinallyEelco Dolstra
2022-08-24Fix macOS buildEelco Dolstra
2022-08-23Fix a hang in nix-copy-ssh.shEelco Dolstra
This hang for some reason didn't trigger in the Nix build, but did running 'make installcheck' interactively. What happened: * Store::addMultipleToStore() calls a SinkToSource object to copy a path, which in turn calls LegacySSHStore::narFromPath(), which acquires a connection. * The SinkToSource object is not destroyed after the last bytes has been read, so the coroutine's stack is still alive and its destructors are not run. So the connection is not released. * Then when the next path is copied, because max-connections = 1, LegacySSHStore::narFromPath() hangs forever waiting for a connection to be released. The fix is to make sure that the source object is destroyed when we're done with it.
2022-08-22IndentationEelco Dolstra
2022-08-22Merge remote-tracking branch 'origin/master' into parallel-nix-copyEelco Dolstra
2022-08-22Merge pull request #6926 from rapenne-s/download_limitEelco Dolstra
add a nix.conf option to set a download speed limit
2022-08-22SpellingEelco Dolstra
2022-08-20Better documentation wordingSolène Rapenne
Co-authored-by: Anderson Torres <torres.anderson.85@protonmail.com>
2022-08-19add a nix.conf option to set a download speed limitSolene Rapenne
2022-08-19don't read outputs into memory for output rewritingpennae
RewritingSink can handle being fed input where a reference crosses a chunk boundary. we don't need to load the whole source into memory, and in fact *not* loading the whole source lets nix build FODs that do not fit into memory (eg fetchurl'ing data files larger than system memory).
2022-08-17Remove warnLargeDump()Eelco Dolstra
This message was unhelpful (#1184) and probably misleading since memory is O(1) in most cases now.