2012-07-18 21:59:03 +03:00
|
|
|
#pragma once
|
2003-06-16 16:33:38 +03:00
|
|
|
|
2010-05-13 01:13:09 +03:00
|
|
|
#include "types.hh"
|
2011-07-20 21:10:47 +03:00
|
|
|
#include "hash.hh"
|
2017-06-28 19:11:01 +03:00
|
|
|
#include "store-api.hh"
|
2010-05-13 01:13:09 +03:00
|
|
|
|
2012-09-11 21:45:42 +03:00
|
|
|
#include <map>
|
|
|
|
|
2006-09-05 00:06:23 +03:00
|
|
|
|
|
|
|
namespace nix {
|
2003-06-16 16:33:38 +03:00
|
|
|
|
|
|
|
|
2005-01-19 16:36:00 +02:00
|
|
|
/* Extension of derivations in the Nix store. */
|
|
|
|
const string drvExtension = ".drv";
|
2003-06-27 12:55:31 +03:00
|
|
|
|
2003-06-16 16:33:38 +03:00
|
|
|
|
2005-01-19 16:36:00 +02:00
|
|
|
/* Abstract syntax of derivations. */
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 18:55:19 +02:00
|
|
|
|
|
|
|
struct DerivationOutput
|
|
|
|
{
|
|
|
|
Path path;
|
|
|
|
string hashAlgo; /* hash used for expected hash computation */
|
|
|
|
string hash; /* expected hash, may be null */
|
|
|
|
DerivationOutput()
|
|
|
|
{
|
|
|
|
}
|
|
|
|
DerivationOutput(Path path, string hashAlgo, string hash)
|
|
|
|
{
|
|
|
|
this->path = path;
|
|
|
|
this->hashAlgo = hashAlgo;
|
|
|
|
this->hash = hash;
|
|
|
|
}
|
2016-07-26 22:25:52 +03:00
|
|
|
void parseHashInfo(bool & recursive, Hash & hash) const;
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 18:55:19 +02:00
|
|
|
};
|
|
|
|
|
2006-09-05 00:06:23 +03:00
|
|
|
typedef std::map<string, DerivationOutput> DerivationOutputs;
|
2005-01-20 16:10:19 +02:00
|
|
|
|
|
|
|
/* For inputs that are sub-derivations, we specify exactly which
|
|
|
|
output IDs we are interested in. */
|
2006-09-05 00:06:23 +03:00
|
|
|
typedef std::map<Path, StringSet> DerivationInputs;
|
2005-01-20 16:10:19 +02:00
|
|
|
|
2006-09-05 00:06:23 +03:00
|
|
|
typedef std::map<string, string> StringPairs;
|
2003-07-20 22:29:38 +03:00
|
|
|
|
Allow remote builds without sending the derivation closure
Previously, to build a derivation remotely, we had to copy the entire
closure of the .drv file to the remote machine, even though we only
need the top-level derivation. This is very wasteful: the closure can
contain thousands of store paths, and in some Hydra use cases, include
source paths that are very large (e.g. Git/Mercurial checkouts).
So now there is a new operation, StoreAPI::buildDerivation(), that
performs a build from an in-memory representation of a derivation
(BasicDerivation) rather than from a on-disk .drv file. The only files
that need to be in the Nix store are the sources of the derivation
(drv.inputSrcs), and the needed output paths of the dependencies (as
described by drv.inputDrvs). "nix-store --serve" exposes this
interface.
Note that this is a privileged operation, because you can construct a
derivation that builds any store path whatsoever. Fixing this will
require changing the hashing scheme (i.e., the output paths should be
computed from the other fields in BasicDerivation, allowing them to be
verified without access to other derivations). However, this would be
quite nice because it would allow .drv-free building (e.g. "nix-env
-i" wouldn't have to write any .drv files to disk).
Fixes #173.
2015-07-17 18:57:40 +03:00
|
|
|
struct BasicDerivation
|
2003-07-20 22:29:38 +03:00
|
|
|
{
|
* Removed the `id' attribute hack.
* Formalise the notion of fixed-output derivations, i.e., derivations
for which a cryptographic hash of the output is known in advance.
Changes to such derivations should not propagate upwards through the
dependency graph. Previously this was done by specifying the hash
component of the output path through the `id' attribute, but this is
insecure since you can lie about it (i.e., you can specify any hash
and then produce a completely different output). Now the
responsibility for checking the output is moved from the builder to
Nix itself.
A fixed-output derivation can be created by specifying the
`outputHash' and `outputHashAlgo' attributes, the latter taking
values `md5', `sha1', and `sha256', and the former specifying the
actual hash in hexadecimal or in base-32 (auto-detected by looking
at the length of the attribute value). MD5 is included for
compatibility but should be considered deprecated.
* Removed the `drvPath' pseudo-attribute in derivation results. It's
no longer necessary.
* Cleaned up the support for multiple output paths in derivation store
expressions. Each output now has a unique identifier (e.g., `out',
`devel', `docs'). Previously there was no way to tell output paths
apart at the store expression level.
* `nix-hash' now has a flag `--base32' to specify that the hash should
be printed in base-32 notation.
* `fetchurl' accepts parameters `sha256' and `sha1' in addition to
`md5'.
* `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a
flag to specify the hash.)
2005-01-17 18:55:19 +02:00
|
|
|
DerivationOutputs outputs; /* keyed on symbolic IDs */
|
2005-01-19 13:16:11 +02:00
|
|
|
PathSet inputSrcs; /* inputs that are sources */
|
2003-07-20 22:29:38 +03:00
|
|
|
string platform;
|
2003-10-08 18:06:59 +03:00
|
|
|
Path builder;
|
2003-08-15 15:32:37 +03:00
|
|
|
Strings args;
|
2003-07-20 22:29:38 +03:00
|
|
|
StringPairs env;
|
Allow remote builds without sending the derivation closure
Previously, to build a derivation remotely, we had to copy the entire
closure of the .drv file to the remote machine, even though we only
need the top-level derivation. This is very wasteful: the closure can
contain thousands of store paths, and in some Hydra use cases, include
source paths that are very large (e.g. Git/Mercurial checkouts).
So now there is a new operation, StoreAPI::buildDerivation(), that
performs a build from an in-memory representation of a derivation
(BasicDerivation) rather than from a on-disk .drv file. The only files
that need to be in the Nix store are the sources of the derivation
(drv.inputSrcs), and the needed output paths of the dependencies (as
described by drv.inputDrvs). "nix-store --serve" exposes this
interface.
Note that this is a privileged operation, because you can construct a
derivation that builds any store path whatsoever. Fixing this will
require changing the hashing scheme (i.e., the output paths should be
computed from the other fields in BasicDerivation, allowing them to be
verified without access to other derivations). However, this would be
quite nice because it would allow .drv-free building (e.g. "nix-env
-i" wouldn't have to write any .drv files to disk).
Fixes #173.
2015-07-17 18:57:40 +03:00
|
|
|
|
|
|
|
virtual ~BasicDerivation() { };
|
Eliminate the "store" global variable
Also, move a few free-standing functions into StoreAPI and Derivation.
Also, introduce a non-nullable smart pointer, ref<T>, which is just a
wrapper around std::shared_ptr ensuring that the pointer is never
null. (For reference-counted values, this is better than passing a
"T&", because the latter doesn't maintain the refcount. Usually, the
caller will have a shared_ptr keeping the value alive, but that's not
always the case, e.g., when passing a reference to a std::thread via
std::bind.)
2016-02-04 15:28:26 +02:00
|
|
|
|
|
|
|
/* Return the path corresponding to the output identifier `id' in
|
|
|
|
the given derivation. */
|
|
|
|
Path findOutput(const string & id) const;
|
|
|
|
|
|
|
|
bool willBuildLocally() const;
|
|
|
|
|
|
|
|
bool substitutesAllowed() const;
|
|
|
|
|
|
|
|
bool isBuiltin() const;
|
|
|
|
|
|
|
|
bool canBuildLocally() const;
|
|
|
|
|
|
|
|
/* Return true iff this is a fixed-output derivation. */
|
|
|
|
bool isFixedOutput() const;
|
|
|
|
|
|
|
|
/* Return the output paths of a derivation. */
|
|
|
|
PathSet outputPaths() const;
|
|
|
|
|
Allow remote builds without sending the derivation closure
Previously, to build a derivation remotely, we had to copy the entire
closure of the .drv file to the remote machine, even though we only
need the top-level derivation. This is very wasteful: the closure can
contain thousands of store paths, and in some Hydra use cases, include
source paths that are very large (e.g. Git/Mercurial checkouts).
So now there is a new operation, StoreAPI::buildDerivation(), that
performs a build from an in-memory representation of a derivation
(BasicDerivation) rather than from a on-disk .drv file. The only files
that need to be in the Nix store are the sources of the derivation
(drv.inputSrcs), and the needed output paths of the dependencies (as
described by drv.inputDrvs). "nix-store --serve" exposes this
interface.
Note that this is a privileged operation, because you can construct a
derivation that builds any store path whatsoever. Fixing this will
require changing the hashing scheme (i.e., the output paths should be
computed from the other fields in BasicDerivation, allowing them to be
verified without access to other derivations). However, this would be
quite nice because it would allow .drv-free building (e.g. "nix-env
-i" wouldn't have to write any .drv files to disk).
Fixes #173.
2015-07-17 18:57:40 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
struct Derivation : BasicDerivation
|
|
|
|
{
|
|
|
|
DerivationInputs inputDrvs; /* inputs that are sub-derivations */
|
Eliminate the "store" global variable
Also, move a few free-standing functions into StoreAPI and Derivation.
Also, introduce a non-nullable smart pointer, ref<T>, which is just a
wrapper around std::shared_ptr ensuring that the pointer is never
null. (For reference-counted values, this is better than passing a
"T&", because the latter doesn't maintain the refcount. Usually, the
caller will have a shared_ptr keeping the value alive, but that's not
always the case, e.g., when passing a reference to a std::thread via
std::bind.)
2016-02-04 15:28:26 +02:00
|
|
|
|
|
|
|
/* Print a derivation. */
|
|
|
|
std::string unparse() const;
|
2003-07-20 22:29:38 +03:00
|
|
|
};
|
|
|
|
|
2003-07-15 19:28:54 +03:00
|
|
|
|
2016-02-04 15:48:42 +02:00
|
|
|
class Store;
|
2011-09-01 00:11:50 +03:00
|
|
|
|
|
|
|
|
2005-01-19 16:36:00 +02:00
|
|
|
/* Write a derivation to the Nix store, and return its path. */
|
2016-02-04 15:48:42 +02:00
|
|
|
Path writeDerivation(ref<Store> store,
|
2017-06-28 19:11:01 +03:00
|
|
|
const Derivation & drv, const string & name, RepairFlag repair = NoRepair);
|
2003-07-10 21:48:11 +03:00
|
|
|
|
2014-04-08 20:24:29 +03:00
|
|
|
/* Read a derivation from a file. */
|
|
|
|
Derivation readDerivation(const Path & drvPath);
|
2003-07-16 14:05:59 +03:00
|
|
|
|
Eliminate the "store" global variable
Also, move a few free-standing functions into StoreAPI and Derivation.
Also, introduce a non-nullable smart pointer, ref<T>, which is just a
wrapper around std::shared_ptr ensuring that the pointer is never
null. (For reference-counted values, this is better than passing a
"T&", because the latter doesn't maintain the refcount. Usually, the
caller will have a shared_ptr keeping the value alive, but that's not
always the case, e.g., when passing a reference to a std::thread via
std::bind.)
2016-02-04 15:28:26 +02:00
|
|
|
/* Check whether a file name ends with the extension for
|
2005-01-19 16:36:00 +02:00
|
|
|
derivations. */
|
|
|
|
bool isDerivation(const string & fileName);
|
|
|
|
|
2016-02-04 15:48:42 +02:00
|
|
|
Hash hashDerivationModulo(Store & store, Derivation drv);
|
2011-07-20 21:10:47 +03:00
|
|
|
|
|
|
|
/* Memoisation of hashDerivationModulo(). */
|
|
|
|
typedef std::map<Path, Hash> DrvHashes;
|
|
|
|
|
Eliminate the "store" global variable
Also, move a few free-standing functions into StoreAPI and Derivation.
Also, introduce a non-nullable smart pointer, ref<T>, which is just a
wrapper around std::shared_ptr ensuring that the pointer is never
null. (For reference-counted values, this is better than passing a
"T&", because the latter doesn't maintain the refcount. Usually, the
caller will have a shared_ptr keeping the value alive, but that's not
always the case, e.g., when passing a reference to a std::thread via
std::bind.)
2016-02-04 15:28:26 +02:00
|
|
|
extern DrvHashes drvHashes; // FIXME: global, not thread-safe
|
2011-07-20 21:10:47 +03:00
|
|
|
|
2012-11-26 16:39:10 +02:00
|
|
|
/* Split a string specifying a derivation and a set of outputs
|
|
|
|
(/nix/store/hash-foo!out1,out2,...) into the derivation path and
|
|
|
|
the outputs. */
|
|
|
|
typedef std::pair<string, std::set<string> > DrvPathWithOutputs;
|
|
|
|
DrvPathWithOutputs parseDrvPathWithOutputs(const string & s);
|
|
|
|
|
2012-11-26 18:15:09 +02:00
|
|
|
Path makeDrvPathWithOutputs(const Path & drvPath, const std::set<string> & outputs);
|
|
|
|
|
|
|
|
bool wantOutput(const string & output, const std::set<string> & wanted);
|
2012-11-26 16:39:10 +02:00
|
|
|
|
Allow remote builds without sending the derivation closure
Previously, to build a derivation remotely, we had to copy the entire
closure of the .drv file to the remote machine, even though we only
need the top-level derivation. This is very wasteful: the closure can
contain thousands of store paths, and in some Hydra use cases, include
source paths that are very large (e.g. Git/Mercurial checkouts).
So now there is a new operation, StoreAPI::buildDerivation(), that
performs a build from an in-memory representation of a derivation
(BasicDerivation) rather than from a on-disk .drv file. The only files
that need to be in the Nix store are the sources of the derivation
(drv.inputSrcs), and the needed output paths of the dependencies (as
described by drv.inputDrvs). "nix-store --serve" exposes this
interface.
Note that this is a privileged operation, because you can construct a
derivation that builds any store path whatsoever. Fixing this will
require changing the hashing scheme (i.e., the output paths should be
computed from the other fields in BasicDerivation, allowing them to be
verified without access to other derivations). However, this would be
quite nice because it would allow .drv-free building (e.g. "nix-env
-i" wouldn't have to write any .drv files to disk).
Fixes #173.
2015-07-17 18:57:40 +03:00
|
|
|
struct Source;
|
|
|
|
struct Sink;
|
|
|
|
|
2016-06-01 15:49:12 +03:00
|
|
|
Source & readDerivation(Source & in, Store & store, BasicDerivation & drv);
|
Allow remote builds without sending the derivation closure
Previously, to build a derivation remotely, we had to copy the entire
closure of the .drv file to the remote machine, even though we only
need the top-level derivation. This is very wasteful: the closure can
contain thousands of store paths, and in some Hydra use cases, include
source paths that are very large (e.g. Git/Mercurial checkouts).
So now there is a new operation, StoreAPI::buildDerivation(), that
performs a build from an in-memory representation of a derivation
(BasicDerivation) rather than from a on-disk .drv file. The only files
that need to be in the Nix store are the sources of the derivation
(drv.inputSrcs), and the needed output paths of the dependencies (as
described by drv.inputDrvs). "nix-store --serve" exposes this
interface.
Note that this is a privileged operation, because you can construct a
derivation that builds any store path whatsoever. Fixing this will
require changing the hashing scheme (i.e., the output paths should be
computed from the other fields in BasicDerivation, allowing them to be
verified without access to other derivations). However, this would be
quite nice because it would allow .drv-free building (e.g. "nix-env
-i" wouldn't have to write any .drv files to disk).
Fixes #173.
2015-07-17 18:57:40 +03:00
|
|
|
Sink & operator << (Sink & out, const BasicDerivation & drv);
|
2012-11-26 16:39:10 +02:00
|
|
|
|
2016-08-17 16:12:54 +03:00
|
|
|
std::string hashPlaceholder(const std::string & outputName);
|
|
|
|
|
2006-09-05 00:06:23 +03:00
|
|
|
}
|