aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
AgeCommit message (Collapse)Author
2022-06-10Add missing rethrows in conditional exception handlersAnders Kaseorg
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-06-08fix(libstore/lock): support users that belong to more than 10 groupsBernardo Meurer
The manpage for `getgrouplist` says: > If the number of groups of which user is a member is less than or > equal to *ngroups, then the value *ngroups is returned. > > If the user is a member of more than *ngroups groups, then > getgrouplist() returns -1. In this case, the value returned in > *ngroups can be used to resize the buffer passed to a further > call getgrouplist(). In our original code, however, we allocated a list of size `10` and, if `getgrouplist` returned `-1` threw an exception. In practice, this caused the code to fail for any user belonging to more than 10 groups. While unusual for single-user systems, large companies commonly have a huge number of POSIX groups users belong to, causing this issue to crop up and make multi-user Nix unusable in such settings. The fix is relatively simple, when `getgrouplist` fails, it stores the real number of GIDs in `ngroups`, so we must resize our list and retry. Only then, if it errors once more, we can raise an exception. This should be backported to, at least, 2.9.x.
2022-06-08Rewrite the CA paths when moving them between storeThéophane Hufschmitt
Bring back the possibility to copy CA paths with no reference (like the outputs of FO derivations or stuff imported at eval time) between stores that have a different prefix.
2022-06-08Restore the "low-latency" ssh copyingThéophane Hufschmitt
2022-06-08Add security.csm to the default ignore listJonpez2
2022-06-03Make nix copy parallel againThéophane Hufschmitt
FILLME
2022-06-03Merge pull request #6600 from asymmetric/hash-commentEelco Dolstra
schema.sql: add comment about hash being in base16
2022-06-01Merge branch 'master' into ltoThéophane Hufschmitt
2022-06-01schema.sql: add comment about hash being in base16Lorenzo Manacorda
2022-05-30RemoteStore::queryRealisationUncached(): Fix potential noexcept violationEelco Dolstra
2022-05-30HttpBinaryCacheStore::getFile(): Don't throw an exceptionEelco Dolstra
This violates the noexcept specification. Fixes #6445.
2022-05-25Merge branch 'master' into ltopennae
2022-05-16change priority conflict messageEli Kogan-Wang
2022-05-13Integrate review changesEli Kogan-Wang
2022-05-11Add priority for nix profile installEli Kogan-Wang
2022-05-04Fix compiler warningEelco Dolstra
2022-05-04Move json stuff out of util.ccEelco Dolstra
2022-05-04Get rid of most `.at` calls (#6393)Alain Zscheile
Use one of `get` or `getOr` instead which will either return a null-pointer (with a nicer error message) or a default value when the key is missing.
2022-05-03nix profile: Support overriding outputsEelco Dolstra
2022-05-03Allow selecting derivation outputs using 'installable!outputs'Eelco Dolstra
E.g. 'nixpkgs#glibc^dev,static' or 'nixpkgs#glibc^*'.
2022-04-28Fix libcxx buildEelco Dolstra
Fixes #6458.
2022-04-28Fix passing $OUT_PATHS to the post-build hookEelco Dolstra
Fixes #6446.
2022-04-25Merge branch 'master' into ltopennae
2022-04-21Merge pull request #6431 from NixOS/unbreak-my-buildEelco Dolstra
Make the default SQLiteError constructor public
2022-04-21ca: add sqlite index on `RealisationsRefs(realisationReference)`Sergei Trofimovich
Without the change any CA deletion triggers linear scan on large RealisationsRefs table: sqlite>.eqp full sqlite> delete from RealisationsRefs where realisationReference IN ( select id from Realisations where outputPath = 1234567890 ); QUERY PLAN |--SCAN RealisationsRefs `--LIST SUBQUERY 1 `--SEARCH Realisations USING COVERING INDEX IndexRealisationsRefsOnOutputPath (outputPath=?) With the change it gets turned into a lookup: sqlite> CREATE INDEX IndexRealisationsRefsRealisationReference on RealisationsRefs(realisationReference); sqlite> delete from RealisationsRefs where realisationReference IN ( select id from Realisations where outputPath = 1234567890 ); QUERY PLAN |--SEARCH RealisationsRefs USING INDEX IndexRealisationsRefsRealisationReference (realisationReference=?) `--LIST SUBQUERY 1 `--SEARCH Realisations USING COVERING INDEX IndexRealisationsRefsOnOutputPath (outputPath=?)
2022-04-21Make sure to delete all the realisation refsregnat
Deleting just one will only work in the test cases where I didn’t bother creating too many of them :p
2022-04-21Fix the gc with indirect self-references via the realisationsregnat
If the derivation `foo` depends on `bar`, and they both have the same output path (because they are CA derivations), then this output path will depend both on the realisation of `foo` and of `bar`, which themselves depend on each other. This confuses SQLite which isn’t able to automatically solve this diamond dependency scheme. Help it by adding a trigger to delete all the references between the relevant realisations. Fix #5320
2022-04-21Make the default SQLiteError constructor publicThéophane Hufschmitt
Otherwise the clang builds fail because the constructor of `SQLiteBusy` inherits it, `SQLiteError::_throw` tries to call it, which fails. Strangely, gcc works fine with it. Not sure what the correct behavior is and who is buggy here, but either way, making it public is at the worst a reasonable workaround
2022-04-20Actually, solve this in a lighter-weight wayJohn Ericson
The templating is very superficial
2022-04-20Move templated functions to `sqlite-impl.hh`John Ericson
This ensures that use-sites properly trigger new monomorphisations on one hand, and on the other hand keeps the main `sqlite.hh` clean and interface-only. I think that is good practice in general, but in this situation in particular we do indeed have `sqlite.hh` users that don't need the `throw_` function.
2022-04-20Merge remote-tracking branch 'upstream/master' into fix-url-formatJohn Ericson
2022-04-19Avoid `fmt` when constructor already does itJohn Ericson
There is a correctnes issue here, but #3724 will fix that. This is just a cleanup for brevity's sake.
2022-04-17doc: rephrase connect-timeout help messageAlex Ameen
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2022-04-17doc: document nix.conf connect-timeout defaultAlex Ameen
2022-04-10Log builder args and environment variablesSebastian Blunt
Previously it only logged the builder's path, this changes it to log the arguments at the same log level, and the environment variables at the vomit level. This helped me debug https://github.com/svanderburg/node2nix/issues/75
2022-04-08Remove duplicate "error:"Eelco Dolstra
2022-04-08Error: Remove unused sname() methodEelco Dolstra
2022-04-08Remove unused Error.name fieldEelco Dolstra
2022-04-06Fix empty 'nix copy' error messageEelco Dolstra
This was caused by SubstitutionGoal not setting the errorMsg field in its BuildResult. We now get a more descriptive message than in 2.7.0, e.g. error: path '/nix/store/13mh...' is required, but there is no substituter that can build it instead of the misleading (since there was no build) error: build of '/nix/store/13mh...' failed Fixes #6295.
2022-04-04Add missing #includeEelco Dolstra
2022-03-31Fix macOS buildEelco Dolstra
2022-03-31Rename 'pure' -> 'sandboxed' for consistencyEelco Dolstra
2022-03-31needsNetworkAccess() -> isSandboxed()Eelco Dolstra
2022-03-31Document isPure()Eelco Dolstra
2022-03-31Fix macOS buildEelco Dolstra
2022-03-31Support fixed-output derivations depending on impure derivationsEelco Dolstra
2022-03-31Add support for impure derivationsEelco Dolstra
Impure derivations are derivations that can produce a different result every time they're built. Example: stdenv.mkDerivation { name = "impure"; __impure = true; # marks this derivation as impure outputHashAlgo = "sha256"; outputHashMode = "recursive"; buildCommand = "date > $out"; }; Some important characteristics: * This requires the 'impure-derivations' experimental feature. * Impure derivations are not "cached". Thus, running "nix-build" on the example above multiple times will cause a rebuild every time. * They are implemented similar to CA derivations, i.e. the output is moved to a content-addressed path in the store. The difference is that we don't register a realisation in the Nix database. * Pure derivations are not allowed to depend on impure derivations. In the future fixed-output derivations will be allowed to depend on impure derivations, thus forming an "impurity barrier" in the dependency graph. * When sandboxing is enabled, impure derivations can access the network in the same way as fixed-output derivations. In relaxed sandboxing mode, they can access the local filesystem.
2022-03-29Simplify the handling of the hash moduloThéophane Hufschmitt
Rather than having four different but very similar types of hashes, make only one, with a tag indicating whether it corresponds to a regular of deferred derivation. This implies a slight logical change: The original Nix+multiple-outputs model assumed only one hash-modulo per derivation. Adding multiple-outputs CA derivations changed this as these have one hash-modulo per output. This change is now treating each derivation as having one hash modulo per output. This obviously means that we internally loose the guaranty that all the outputs of input-addressed derivations have the same hash modulo. But it turns out that it doesn’t matter because there’s nothing in the code taking advantage of that fact (and it probably shouldn’t anyways). The upside is that it is now much easier to work with these hashes, and we can get rid of a lot of useless `std::visit{ overloaded`. Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2022-03-28nix profile install: Don't use queryDerivationOutputMap()Eelco Dolstra
Instead get the outputs from Installable::build(). This will also allow 'nix profile install' to support impure derivations. Fixes #6286.
2022-03-25Use wantOutputEelco Dolstra
Co-authored-by: John Ericson <git@JohnEricson.me>