aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2024-08-02libstore: return finishedness from Goal methodseldritch horrors
this is the first step towards removing all result-related mutation of Goal state from goal implementations themselves, and into Worker state instead. once that is done we can treat all non-const Goal fields like private state of the goal itself, and make threading of goals possible Change-Id: I69ff7d02a6fd91a65887c6640bfc4f5fb785b45c
2024-08-02libstore: encapsulate worker build hook stateeldritch horrors
once goals run on multiple threads these fields must by synchronized as one, or we try to run build hooks to often (or worse, not often enough) Change-Id: I47860e46fe5c6db41755b2a3a1d9dbb5701c4ca4
2024-08-02libutil: make RunningProgram::wait more resilienteldritch horrors
this will usually be used either directly (which is always fine) or in Finally blocks (where it must never throw execptions). make sure that, exceptions being handled or not, the calling wait() in Finally doesn't cause crashes due to the Finally no-nested-exceptions-thrown assertion Change-Id: Ib83a5d9483b1fe83b9a957dcefeefce5d088f06d
2024-08-02Merge "nix flake show: add the description if it exists" into mainIsabel
2024-08-02Merge "Reapply "libfetchers: make attribute / URL query handling ↵Maximilian Bosch
consistent"" into main
2024-08-01Reapply "libfetchers: make attribute / URL query handling consistent"Maximilian Bosch
The original attempt at this introduced a regression; this commit reverts the revert and fixes the regression. This reverts commit 3e151d4d77b5296b9da8c3ad209932d1dfa44c68. Fix to the regression: flakeref: fix handling of `?dir=` param for flakes in subdirs As reported in #419[1], accessing a flake in a subdir of a Git repository fails with the previous commit[2] applied with the error error: unsupported Git input attribute 'dir' The problem is that the `dir`-param is inserted into the parsed URL if a flake is fetched from the subdir of a Git repository. However, for the fetching part this isn't even needed. The fix is to just pass `subdir` as second argument to `FlakeRef` (which needs a `basedir` that can be empty) and leave the parsedURL as-is. Added a regression test to make sure we don't run into this again. [1] https://git.lix.systems/lix-project/lix/issues/419 [2] e22172aaf6b6a366cecd3c025590e68fa2b91bcc, originally 3e151d4d77b5296b9da8c3ad209932d1dfa44c68 Change-Id: I2c72d5a32e406a7ca308e271730bd0af01c5d18b
2024-08-01Merge changes Icc4747ae,Id4717b5b,Ie3ddb3d0,Ic4d93a08,I00d9ff70 into mainQyriad
* changes: remove unused headers in installable-attr-path libexpr: include the type of the non-derivation value in the type error libexpr: mild cleanup to getDerivations libexpr: DrvInfo: remove unused bad-citizen constructor cleanup and slightly refactor DrvInfo::queryOutputs
2024-08-01Merge changes from topic "undefined-behaviour" into mainjade
* changes: releng: move officialRelease to version.json Add -Werror CI job ci: add a asan+ubsan test run on x86_64-linux tree-wide: add support for asan!
2024-08-01remove unused headers in installable-attr-pathQyriad
Change-Id: Icc4747aed195e3855b128c73df82e202405af6a8
2024-08-01libexpr: include the type of the non-derivation value in the type errorQyriad
Change-Id: Id4717b5b0df7c09b0dbf17e642d8713a0a3efbae
2024-08-01libexpr: mild cleanup to getDerivationsQyriad
Shuffled the logic around a bit so the shorter code paths are early returns, added comments, etc. Should be NFC. Change-Id: Ie3ddb3d0eddd614d6f8c37bf9a4d5a50282084ea
2024-08-01libexpr: DrvInfo: remove unused bad-citizen constructorQyriad
DrvInfo's constructor that only takes `EvalState` leaves everything else empty; a DrvInfo which has no iota of information about the derivation it represents is not useful, and was not used anywhere. Change-Id: Ic4d93a08cb2748b8cef9a61e41e70404834b23f9
2024-08-01cleanup and slightly refactor DrvInfo::queryOutputsQyriad
Change-Id: I00d9ff707fe61995737b86af6d2eaa1e4d8116ff
2024-07-31tree-wide: add support for asan!Jade Lovelace
What if you could find memory bugs in Lix without really trying very hard? I've had variously scuffed patches to do this, but this is blocked on boost coroutines removal at this point tbh. Change-Id: Id762af076aa06ad51e77a6c17ed10275929ed578
2024-07-31libexpr: implement actual constructors for nix::ValueQyriad
Change-Id: Iebc2bb4e4ea5e93045afe47677df756de4ec4d05
2024-07-30libstore: move Goal::getBuildResult to BuildResulteldritch horrors
there are no other uses for this yet, but asking for just a subset of outputs does seem at least somewhat useful to have as a generic thing Change-Id: I30ff5055a666c351b1b086b8d05b9d7c9fb1c77a
2024-07-30Merge "src/libcmd/repl.cc: avoid unneeded reload after :e" into mainMax Siling
2024-07-30src/libcmd/repl.cc: avoid unneeded reload after :eGoldstein
If `:edit`ing a store path, don't reload repl afterwards to avoid losing local variables: store is immutable, so "editing" a store path is always just viewing it. Resolves: https://git.lix.systems/lix-project/lix/issues/341 Change-Id: I3747f75ce26e0595e953069c39ddc3ee80699718
2024-07-30libstore: count all substitutions toward the same limiteldritch horrors
limiting CA substitutions was a rather recent addition, and it used a dedicated counter to not interfere with regular substitutions. though this works fine it somewhat contradicts the documentation; job limits should apply to all kinds of substitutions, or be one limit for each. Change-Id: I1505105b14260ecc1784039b2cc4b7afcf9115c8
2024-07-30libstore: always wake up goals on EOFeldritch horrors
all goals do this. it makes no sense to not notify a goal of EOF conditions because this is the universal signal for "child done" Change-Id: Ic3980de312547e616739c57c6248a8e81308b5ee
2024-07-30libstore: simplify substitution handleEOFeldritch horrors
both substitution goals add only this single fd to their wait set. Change-Id: Ibf921f5bb3919106208a0871523b32c8f67fb3d3
2024-07-29libstore: remove Worker::updateProgresseldritch horrors
just update progress every time a goal has returned from work(). there seem to be no performance penalties, and the code is much simpler now. Change-Id: I288ee568b764ee61f40a498d986afda49987cb50
2024-07-26Merge changes I45d3895f,I541be3ea,Ibe51416d into mainalois31
* changes: libstore/build: block io_uring libstore/build: use an allowlist approach to syscall filtering libstore/build: always treat seccomp setup failures as fatal
2024-07-25Merge "libutil: Support getSelfExe on FreeBSD" into mainArtemis Tosini
2024-07-25Merge changes Ic0dfcfe2,Ibe73851f,Ia7a8df1c,I400b2031 into mainjade
* changes: package.nix: remove dead code diff-closures: remove gratuitous copy tree-wide: NULL -> nullptr libutil: rip out GNU Hurd support code
2024-07-25libstore/build: block io_uringAlois Wohlschlager
Unfortunately, io_uring is totally opaque to seccomp, and while currently there are no dangerous operations implemented, there is no guarantee that it remains this way. This means that io_uring should be blocked entirely to ensure that the sandbox is future-proof. This has not been observed to cause issues in practice. Change-Id: I45d3895f95abe1bc103a63969f444c334dbbf50d
2024-07-25libstore/build: use an allowlist approach to syscall filteringAlois Wohlschlager
Previously, system call filtering (to prevent builders from storing files with setuid/setgid permission bits or extended attributes) was performed using a blocklist. While this looks simple at first, it actually carries significant security and maintainability risks: after all, the kernel may add new syscalls to achieve the same functionality one is trying to block, and it can even be hard to actually add the syscall to the blocklist when building against a C library that doesn't know about it yet. For a recent demonstration of this happening in practice to Nix, see the introduction of fchmodat2 [0] [1]. The allowlist approach does not share the same drawback. While it does require a rather large list of harmless syscalls to be maintained in the codebase, failing to update this list (and roll out the update to all users) in time has rather benign effects; at worst, very recent programs that already rely on new syscalls will fail with an error the same way they would on a slightly older kernel that doesn't support them yet. Most importantly, no unintended new ways of performing dangerous operations will be silently allowed. Another possible drawback is reduced system call performance due to the larger filter created by the allowlist requiring more computation [2]. However, this issue has not convincingly been demonstrated yet in practice, for example in systemd or various browsers. To the contrary, it has been measured that the the actual filter constructed here has approximately the same overhead as a very simple filter blocking only one system call. This commit tries to keep the behavior as close to unchanged as possible. The system call list is in line with libseccomp 2.5.5 and glibc 2.39, which are the latest versions at the point of writing. Since libseccomp 2.5.5 is already a requirement and the distributions shipping this together with older versions of glibc are mostly not a thing any more, this should not lead to more build failures any more. [0] https://github.com/NixOS/nixpkgs/issues/300635 [1] https://github.com/NixOS/nix/issues/10424 [2] https://github.com/flatpak/flatpak/pull/4462#issuecomment-1061690607 Change-Id: I541be3ea9b249bcceddfed6a5a13ac10b11e16ad
2024-07-25libstore/build: always treat seccomp setup failures as fatalAlois Wohlschlager
In f047e4357b4f7ad66c2e476506bf35cab82e441e, I missed the behavior that if building without a dedicated build user (i.e. in single-user setups), seccomp setup failures are silently ignored. This was introduced without explanation 7 years ago (ff6becafa8efc2f7e6f2b9b889ba4adf20b8d524). Hopefully the only use-case nowadays is causing spurious test suite successes when messing up the seccomp filter during development. Let's try removing it. Change-Id: Ibe51416d9c7a6dd635c2282990224861adf1ceab
2024-07-24fix building with Musl, fixing static buildsQyriad
Musl stdout macro expands¹ to something that isn't a valid identifier, so we get syntax errors when compiling usage of a method called stdout with Musl's stdio.h. [1]: https://git.musl-libc.org/cgit/musl/tree/include/stdio.h?id=ab31e9d6a0fa7c5c408856c89df2dfb12c344039#n67 Change-Id: I10e6f6a49504399bf8edd59c5d9e4e62449469e8
2024-07-24libutil: Support getSelfExe on FreeBSDArtemis Tosini
getSelfExe is used in a few places re-execute nix. Current code in this file uses ifdefs to support several platforms, just keep doing that Change-Id: Iecc2ada0101aea0c30524e3a1218594f919d74bf
2024-07-23diff-closures: remove gratuitous copyJade Lovelace
This was done originally because std::smatch does not accept `const char *` as iterators. However, this was because we should have been using std::cmatch instead. Change-Id: Ibe73851fd39755e883df2d33d22fed72ac0a04ae
2024-07-23tree-wide: NULL -> nullptrJade Lovelace
This is slightly more type safe and is more in line with modern C++. Change-Id: Ia7a8df1c7788085020d1bdc941d6f9cee356144e
2024-07-23libutil: rip out GNU Hurd support codeJade Lovelace
Nobody has stepped up to add further support for Hurd since this code appeared in 2010 or 2014. We don't need it. Change-Id: I400b2031a225551ea3c71a3ef3ea9fdb599dfba3
2024-07-23libstore: Add FreeBSD findPlatformRootsArtemis Tosini
Use libprocstat to find garbage collector roots on FreeBSD. Tested working on a FreeBSD machine, although there is no CI yet Change-Id: Id36bac8c3de6cc4de94e2d76e9663dd4b76068a9
2024-07-23nix flake show: add the description if it existsisabel
(cherry picked from commit 8cd1d02f90eb9915e640c5d370d919fad9833c65) nix flake show: Only print up to the first new line if it exists. (cherry picked from commit 5281a44927bdb51bfe6e5de12262d815c98f6fe7) add tests (cherry picked from commit 74ae0fbdc70a5079a527fe143c4832d1357011f7) Handle long strings, embedded new lines and empty descriptions (cherry picked from commit 2ca7b3afdbbd983173a17fa0a822cf7623601367) Account for total length of 80 (cherry picked from commit 1cc808c18cbaaf26aaae42bb1d7f7223f25dd364) docs: add nix flake show description release note fix: remove white space nix flake show: trim length based on terminal size test: account for terminal size docs(flake-description): before and after commands; add myself to credits Upstream-PR: https://github.com/NixOS/nix/pull/10980 Change-Id: Ie1c667dc816b3dd81e65a1f5395e57ea48ee0362
2024-07-22Merge "libexpr/gc-alloc: fix compilation with !HAVE_BOEHMGC" into mainPierre Bourdon
2024-07-23libexpr/gc-alloc: fix compilation with !HAVE_BOEHMGCPierre Bourdon
Fixes: 72ee25b4025257fdaab7b8e8d5d1ccc83858fdab Change-Id: Ib59386af1415a8ed4b53af24ec22a4ffa5e5877d
2024-07-22libstore: keep Goal errors as unique_ptrseldritch horrors
Error is pretty large, and most goals do not fail. this alone more than halves the size of Goal on x86_64-linux, from 720 bytes down to 344. in derived classes the difference is not as dramatic, but even the largest derived class (`LocalDerivationGoal`) loses almost 20% of its footprint Change-Id: Ifda8f94c81b6566eeb3e52d55d9796ec40c7bce8
2024-07-22libstore: remove an always-defaulted argumenteldritch horrors
Change-Id: I3c7f17d5492a16bb54480fa1aa384b96fba72d61
2024-07-22libstore: use std::async instead of Goal threadseldritch horrors
the goals are either already using std::async and merely forgot to remove std::thread vestiges or they emulate async with threads and promises. we can simply use async directly everywhere for clarity. Change-Id: I3f05098310a25984f10fff1e68c573329002b500
2024-07-22libstore: remove addToWeakGoalseldritch horrors
under owner_less it's equivalent to insert(), only sometimes a little bit faster because it does not construct a weak_ptr if the goal is in the set already. this small difference in performance does not matter here and c++23 will make insert transparent anyway, so we can drop it Change-Id: I7cbd7d6e0daa95d67145ec58183162f6c4743b15
2024-07-22libstore: remove Goal::ecBusyeldritch horrors
this should be an optional. "busy" is not an *exit* code! Change-Id: Ic231cb27b022312b1a7a7b9602f32845b7a9c934
2024-07-22libstore: remove unused Worker::waitForAnyGoaleldritch horrors
Change-Id: Ia3ebd434b17052b6760ce74d8e20025a72148613
2024-07-22enable -Werror=suggest-overrideeldritch horrors
*accidentally* overriding a function is almost guaranteed to be an error. overriding a function without labeling it as such is merely bad style, but bad style that makes the code harder to understand. Change-Id: Ic0594f3d1604ab6b3c1a75cb5facc246effe45f0
2024-07-22libexpr: fix -Wunused-const-variable warningeldritch horrors
Change-Id: Ib986ece0ab2eff83e7abd7f1f915cd8f761827ad
2024-07-21libutil/logging: fix build without precompiled headerAlois Wohlschlager
Commit 0109368c3faf5516aeddde45e8dc3c33e7163838 missed to include a required header, which is not noticed when the precompiled header is enabled because it's included in that. Also include it in the file so that the build without precompiled header works too. Change-Id: Id7a7979684b64f937f7f8191612952d73c113015
2024-07-21Merge "libstore/binary-cache-store: use correct buffer size for NAR ↵alois31
decompression" into main
2024-07-21Merge "gc: refactor the gc server thread out into a class without changing ↵jade
it" into main
2024-07-21libstore/binary-cache-store: use correct buffer size for NAR decompressionAlois Wohlschlager
Due to a leftover from a previous version where the buffer was allocated on the stack, the change introduced in commit 4ec87742a196d8ed8f41b41ef039706ce791448d accidentally passes the size of a pointer as the size of the buffer to the decompressor. Since the former is much smaller (usually 8 bytes instead of 64 kilobytes), this is safe, but leads to considerable overhead; most notably, due to excessive progress reports, which happen for each chunk. Pass the proper buffer size instead. Change-Id: If4bf472d33e21587acb5235a2d99e3cb10914633
2024-07-20Merge "Fix namespace warning being emitted if sandbox is disabled" into mainWinter Cute