aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
AgeCommit message (Collapse)Author
2017-12-09Fix for builds with system libcurl < 7.30Benjamin Hipple
CentOS 7.4 and RHEL 7.4 ship with libcurl-devel-7.29.0-42.el7.x86_64; this flag was added in 7.30.0 https://curl.haxx.se/libcurl/c/CURLMOPT_MAX_TOTAL_CONNECTIONS.html
2017-12-07Provide random access to cached NARsEelco Dolstra
E.g. $ time nix cat-store --store https://cache.nixos.org?local-nar-cache=/tmp/nars \ /nix/store/b0w2hafndl09h64fhb86kw6bmhbmnpm1-blender-2.79/share/icons/hicolor/scalable/apps/blender.svg > /dev/null real 0m4.139s $ time nix cat-store --store https://cache.nixos.org?local-nar-cache=/tmp/nars \ /nix/store/b0w2hafndl09h64fhb86kw6bmhbmnpm1-blender-2.79/share/icons/hicolor/scalable/apps/blender.svg > /dev/null real 0m0.024s (Before, the second call took ~0.220s.) This will use a NAR listing in /tmp/nars/b0w2hafndl09h64fhb86kw6bmhbmnpm1.ls containing all metadata, including the offsets of regular files inside the NAR. Thus, we don't need to read the entire NAR. (We do read the entire listing, but that's generally pretty small. We could use a SQLite DB by borrowing some more code from nixos-channel-scripts/file-cache.hh.) This is primarily useful when Hydra is serving files from an S3 binary cache, in particular when you have giant NARs. E.g. we had some 12 GiB NARs, so accessing individuals files was pretty slow.
2017-12-07nix ls-{nar,store}: Return offset of files in the NAR if knownEelco Dolstra
E.g. $ nix ls-store --json --recursive --store https://cache.nixos.org /nix/store/b0w2hafndl09h64fhb86kw6bmhbmnpm1-blender-2.79 \ | jq .entries.bin.entries.blender.narOffset 400
2017-12-06ssh-store: fix length when writing narDaiderd Jordan
This fixes nix copy and other things that use copyStorePath.
2017-11-28Show log tail when a remote build failsEelco Dolstra
2017-11-24nix path-info: Show URL of NARs in binary cachesEelco Dolstra
2017-11-21Propagate flags like --sandbox to the daemon properlyEelco Dolstra
2017-11-20signed-binary-caches -> require-sigsEelco Dolstra
Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true.
2017-11-20binary-cache-public-keys -> trusted-public-keysEelco Dolstra
The name had become a misnomer since it's not only for substitution from binary caches, but when adding/copying any (non-content-addressed) path to a store.
2017-11-20nix copy: Abbreviate "daemon"Eelco Dolstra
2017-11-15Add a "profile" option to S3BinaryCacheStoreEelco Dolstra
This allows specifying the AWS configuration profile to use. E.g. nix copy --from s3://my-cache?profile=aws-dev-account /nix/store/cf3isrlqavvd5w7rpky1fa8j9lcnlggm-...
2017-11-14nix sign-paths: Support binary cachesEelco Dolstra
2017-11-14nix ls-{nar,store}: Don't abort on missing filesEelco Dolstra
2017-11-14nix ls-{nar,store} --json: Respect -REelco Dolstra
2017-11-14nix ls-{store,nar}: Add --json flagEelco Dolstra
2017-11-08Remove extraneous commentEelco Dolstra
2017-11-08Merge pull request #1650 from copumpkin/darwin-sandbox-unix-socketEelco Dolstra
Always allow builds to use unix domain sockets in Darwin sandbox
2017-11-06Merge pull request #1632 from AmineChikhaoui/sigint-copyEelco Dolstra
run query paths in parallel during nix copy and handle SIGINT
2017-11-03Merge pull request #1651 from LnL7/darwin-sandbox-getpwuidEelco Dolstra
Allow getpwuid in the darwin sandbox
2017-11-03Allow getpwuid in the darwin sandbox.Daiderd Jordan
2017-11-03Don't freak out if we get a 403 from S3Daniel Peebles
As far as we're concerned, not being able to access a file just means the file is missing. Plus, AWS explicitly goes out of its way to return a 403 if the file is missing and the requester doesn't have permission to list the bucket. Also getting rid of an old hack that Eelco said was only relevant to an older AWS SDK.
2017-11-01Add fetchMercurial primopEelco Dolstra
E.g. $ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)' { branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; } $ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })' { branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; } $ nix eval '(fetchMercurial /tmp/unclean-hg-tree)' { branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
2017-10-31Always allow builds to use unix domain sockets in Darwin sandboxDan Peebles
2017-10-30Merge pull request #1646 from copumpkin/optional-sandbox-local-networkEelco Dolstra
Allow optional localhost network access to sandboxed derivations
2017-10-30Allow optional localhost network access to sandboxed derivationsDan Peebles
This will allow bind and connect to 127.0.0.1, which can reduce purity/ security (if you're running a vulnerable service on localhost) but is also needed for a ton of test suites, so I'm leaving it turned off by default but allowing certain derivations to turn it on as needed. It also allows DNS resolution of arbitrary hostnames but I haven't found a way to avoid that. In principle I'd just want to allow resolving localhost but that doesn't seem to be possible. I don't think this belongs under `build-use-sandbox = relaxed` because we want it on Hydra and I don't think it's the end of the world.
2017-10-30Add option allowed-urisEelco Dolstra
This allows network access in restricted eval mode.
2017-10-30enable-http2 -> http2Eelco Dolstra
2017-10-30fetchurl/fetchTarball: Respect name changesEelco Dolstra
The computation of urlHash didn't take the name into account, so subsequent fetchurl calls with the same URL but a different name would resolve to the same cached store path.
2017-10-25respect SIGINT in nix copy during the paths queries #1629AmineChikhaoui
2017-10-25Merge branch 'master' of github.com:NixOS/nix into sigint-copyAmineChikhaoui
2017-10-25Fix building on clangEelco Dolstra
https://hydra.nixos.org/build/62945761
2017-10-25attempt to fix #1630: make the queries of store paths run in parallel using ↵AmineChikhaoui
a thread pool
2017-10-25exportReferencesGraph: Allow exporting a list of store pathsEelco Dolstra
2017-10-25Fix exportReferencesGraph in the structured attrs caseEelco Dolstra
2017-10-25Pass lists/attrsets to bash as (associative) arraysEelco Dolstra
2017-10-24Allow shorter syntax for chroot storesEelco Dolstra
You can now say '--store /tmp/nix' instead of '--store local?root=/tmp/nix'.
2017-10-24More progress indicator improvementsEelco Dolstra
In particular, don't show superfluous "fetching path" and "building path(s)" messages, and show the current round (with --repeat).
2017-10-24More progress indicator improvementsEelco Dolstra
Fixes #1599.
2017-10-24Progress indicator: Show on what machine we're buildingEelco Dolstra
E.g. $ nix build nixpkgs.hello --builders 'root@wendy' [1/0/1 built] building hello-2.10 on ssh://root@wendy: checking for minix/config.h... no
2017-10-24Handle log messages from build-remoteEelco Dolstra
This makes the progress indicator show statuses like "connecting to 'root@machine'".
2017-10-24nix: Respect -I, --arg, --argstrEelco Dolstra
Also, random cleanup to argument handling.
2017-10-24Remove the remote-builds optionEelco Dolstra
This is superfluous since you can now just set "builders" to empty, e.g. "--builders ''".
2017-10-24Remove the builder-files optionEelco Dolstra
You can now include files via the "builders" option, using the syntax "@<filename>". Having only one option makes it easier to override builders completely. For backward compatibility, the default is "@/etc/nix/machines", or "@<filename>" for each file name in NIX_REMOTE_SYSTEMS.
2017-10-23Pass all settings to build-remoteEelco Dolstra
This ensures that command line flags such as --builders get passed correctly.
2017-10-23Turn $NIX_REMOTE into a configuration optionEelco Dolstra
2017-10-20Merge pull request #1616 from copumpkin/separate-darwin-sandboxEelco Dolstra
Shift Darwin sandbox to separate installed files
2017-10-19Revert "Let's not populate the NAR cache from hydra-queue-runner for now"Eelco Dolstra
This reverts commit 908590dc6cfcca3a98755b194d93b2da39aee95c. Since hydra-server can have a different store URI from hydra-queue-runner now, we don't really need this.
2017-10-18Let's not populate the NAR cache from hydra-queue-runner for nowEelco Dolstra
2017-10-18Errors writing to the NAR cache should not be fatalEelco Dolstra
2017-10-18Suppress "copying 0 paths" messageEelco Dolstra