aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
AgeCommit message (Collapse)Author
2022-06-23Fix typoEelco Dolstra
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2022-06-23Automatically use a chroot store if /nix doesn't existEelco Dolstra
Specifically, if we're not root and the daemon socket does not exist, then we use ~/.local/share/nix/root as a chroot store. This enables non-root users to download nix-static and have it work out of the box, e.g. ubuntu@ip-10-13-1-146:~$ ~/nix run nixpkgs#hello warning: '/nix' does not exists, so Nix will use '/home/ubuntu/.local/share/nix/root' as a chroot store Hello, world!
2022-06-23Merge pull request #6710 from edolstra/embedded-sandbox-shellEelco Dolstra
Embed the sandbox shell into the statically linked 'nix' binary
2022-06-23Fix typoEelco Dolstra
2022-06-23Merge pull request #6673 from asymmetric/warnThéophane Hufschmitt
libstore: improve warning message on missing sig
2022-06-23Embed the sandbox shell into the statically linked 'nix' binaryEelco Dolstra
With this, Nix will write a copy of the sandbox shell to /bin/sh in the sandbox rather than bind-mounting it from the host filesystem. This makes /bin/sh work out of the box with nix-static, i.e. you no longer get /nix/store/qa36xhc5gpf42l3z1a8m1lysi40l9p7s-bootstrap-stage4-stdenv-linux/setup: ./configure: /bin/sh: bad interpreter: No such file or directory
2022-06-23Remove NIX_LIBEXEC_DIREelco Dolstra
2022-06-23Fix build-remote in nix-staticEelco Dolstra
'build-remote' is now executed via /proc/self/exe so it always works.
2022-06-22nar-info-disk-cache: refresh nix-cache-info weeklyLinus Heckemann
This allows changes to nix-cache-info to be picked up by existing clients. Previously, the only way for this to happen would be for clients to delete binary-cache-v6.sqlite, which is quite awkward for users. On the other hand, updates to nix-cache-info should be pretty rare, hence the choice of a fairly long TTL. Configurability is probably not useful enough to warrant implementing it.
2022-06-15libstore: improve warning message on missing sigLorenzo Manacorda
Clarifies that the substitute will be ignored/skipped.
2022-06-13Merge pull request #6619 from Jonpez2/patch-1Eelco Dolstra
Add security.csm to ignored-acls
2022-06-13Merge pull request #6634 from lovesegfault/fix-getgrouplistEelco Dolstra
fix(libstore/lock): support users that belong to more than 10 groups
2022-06-10Add missing rethrows in conditional exception handlersAnders Kaseorg
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-06-08fix(libstore/lock): support users that belong to more than 10 groupsBernardo Meurer
The manpage for `getgrouplist` says: > If the number of groups of which user is a member is less than or > equal to *ngroups, then the value *ngroups is returned. > > If the user is a member of more than *ngroups groups, then > getgrouplist() returns -1. In this case, the value returned in > *ngroups can be used to resize the buffer passed to a further > call getgrouplist(). In our original code, however, we allocated a list of size `10` and, if `getgrouplist` returned `-1` threw an exception. In practice, this caused the code to fail for any user belonging to more than 10 groups. While unusual for single-user systems, large companies commonly have a huge number of POSIX groups users belong to, causing this issue to crop up and make multi-user Nix unusable in such settings. The fix is relatively simple, when `getgrouplist` fails, it stores the real number of GIDs in `ngroups`, so we must resize our list and retry. Only then, if it errors once more, we can raise an exception. This should be backported to, at least, 2.9.x.
2022-06-08Rewrite the CA paths when moving them between storeThéophane Hufschmitt
Bring back the possibility to copy CA paths with no reference (like the outputs of FO derivations or stuff imported at eval time) between stores that have a different prefix.
2022-06-08Restore the "low-latency" ssh copyingThéophane Hufschmitt
2022-06-08Add security.csm to the default ignore listJonpez2
2022-06-03Make nix copy parallel againThéophane Hufschmitt
FILLME
2022-06-03Merge pull request #6600 from asymmetric/hash-commentEelco Dolstra
schema.sql: add comment about hash being in base16
2022-06-02Merge remote-tracking branch 'upstream/master' into indexed-store-path-outputsJohn Ericson
2022-06-01Merge branch 'master' into ltoThéophane Hufschmitt
2022-06-01schema.sql: add comment about hash being in base16Lorenzo Manacorda
2022-05-30RemoteStore::queryRealisationUncached(): Fix potential noexcept violationEelco Dolstra
2022-05-30HttpBinaryCacheStore::getFile(): Don't throw an exceptionEelco Dolstra
This violates the noexcept specification. Fixes #6445.
2022-05-25Merge branch 'master' into ltopennae
2022-05-16change priority conflict messageEli Kogan-Wang
2022-05-13Integrate review changesEli Kogan-Wang
2022-05-12Use `^` not `!` in indexed store derivations installable syntaxJohn Ericson
Match the other syntax that was recently added
2022-05-11Add priority for nix profile installEli Kogan-Wang
2022-05-04Fix compiler warningEelco Dolstra
2022-05-04Move json stuff out of util.ccEelco Dolstra
2022-05-04Get rid of most `.at` calls (#6393)Alain Zscheile
Use one of `get` or `getOr` instead which will either return a null-pointer (with a nicer error message) or a default value when the key is missing.
2022-05-03nix profile: Support overriding outputsEelco Dolstra
2022-05-03Allow selecting derivation outputs using 'installable!outputs'Eelco Dolstra
E.g. 'nixpkgs#glibc^dev,static' or 'nixpkgs#glibc^*'.
2022-04-28Fix libcxx buildEelco Dolstra
Fixes #6458.
2022-04-28Fix passing $OUT_PATHS to the post-build hookEelco Dolstra
Fixes #6446.
2022-04-27local-derivation-goal.cc: seccomp filters for MIPS secondary arch/abiAdam Joseph
A mips64el Linux MIPS kernel can execute userspace code using any of three ABIs: mips64el-linux-*abin64 mips64el-linux-*abin32 mipsel-linux-* The first of these is the native 64-bit ABI, and the only ABI with 64-bit pointers; this is sometimes called "n64". The last of these is the old legacy 32-bit ABI, whose binaries can execute natively on 32-bit MIPS hardware; this is sometimes called "o32". The second ABI, "n32" is essentially the 64-bit ABI with 32-bit pointers and address space. Hardware 64-bit integer/floating arithmetic is still allowed, as well as the much larger mips64 register set and more-efficient calling convention. Let's enable seccomp filters for all of these. Likewise for big endian (mips64-linux-*).
2022-04-25Merge branch 'master' into ltopennae
2022-04-21Merge pull request #6431 from NixOS/unbreak-my-buildEelco Dolstra
Make the default SQLiteError constructor public
2022-04-21ca: add sqlite index on `RealisationsRefs(realisationReference)`Sergei Trofimovich
Without the change any CA deletion triggers linear scan on large RealisationsRefs table: sqlite>.eqp full sqlite> delete from RealisationsRefs where realisationReference IN ( select id from Realisations where outputPath = 1234567890 ); QUERY PLAN |--SCAN RealisationsRefs `--LIST SUBQUERY 1 `--SEARCH Realisations USING COVERING INDEX IndexRealisationsRefsOnOutputPath (outputPath=?) With the change it gets turned into a lookup: sqlite> CREATE INDEX IndexRealisationsRefsRealisationReference on RealisationsRefs(realisationReference); sqlite> delete from RealisationsRefs where realisationReference IN ( select id from Realisations where outputPath = 1234567890 ); QUERY PLAN |--SEARCH RealisationsRefs USING INDEX IndexRealisationsRefsRealisationReference (realisationReference=?) `--LIST SUBQUERY 1 `--SEARCH Realisations USING COVERING INDEX IndexRealisationsRefsOnOutputPath (outputPath=?)
2022-04-21Make sure to delete all the realisation refsregnat
Deleting just one will only work in the test cases where I didn’t bother creating too many of them :p
2022-04-21Fix the gc with indirect self-references via the realisationsregnat
If the derivation `foo` depends on `bar`, and they both have the same output path (because they are CA derivations), then this output path will depend both on the realisation of `foo` and of `bar`, which themselves depend on each other. This confuses SQLite which isn’t able to automatically solve this diamond dependency scheme. Help it by adding a trigger to delete all the references between the relevant realisations. Fix #5320
2022-04-21Make the default SQLiteError constructor publicThéophane Hufschmitt
Otherwise the clang builds fail because the constructor of `SQLiteBusy` inherits it, `SQLiteError::_throw` tries to call it, which fails. Strangely, gcc works fine with it. Not sure what the correct behavior is and who is buggy here, but either way, making it public is at the worst a reasonable workaround
2022-04-20Actually, solve this in a lighter-weight wayJohn Ericson
The templating is very superficial
2022-04-20Move templated functions to `sqlite-impl.hh`John Ericson
This ensures that use-sites properly trigger new monomorphisations on one hand, and on the other hand keeps the main `sqlite.hh` clean and interface-only. I think that is good practice in general, but in this situation in particular we do indeed have `sqlite.hh` users that don't need the `throw_` function.
2022-04-20Merge remote-tracking branch 'upstream/master' into fix-url-formatJohn Ericson
2022-04-19Avoid `fmt` when constructor already does itJohn Ericson
There is a correctnes issue here, but #3724 will fix that. This is just a cleanup for brevity's sake.
2022-04-17doc: rephrase connect-timeout help messageAlex Ameen
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2022-04-17doc: document nix.conf connect-timeout defaultAlex Ameen
2022-04-10Log builder args and environment variablesSebastian Blunt
Previously it only logged the builder's path, this changes it to log the arguments at the same log level, and the environment variables at the vomit level. This helped me debug https://github.com/svanderburg/node2nix/issues/75