Eelco Dolstra
c2d27d30cf
nix-copy-closure / build-remote.pl: Disable signature checking
...
This restores the Nix 1.11 behaviour.
2016-05-31 11:48:05 +02:00
Eelco Dolstra
3593c8285d
Re-implement binary cache signature checking
...
This is now done in LocalStore::addToStore(), rather than in the
binary cache substituter (which no longer exists).
2016-05-30 15:18:12 +02:00
Eelco Dolstra
12ddbad458
LocalStore::addToStore: Verify hash of the imported path
2016-05-30 15:18:12 +02:00
Eelco Dolstra
e222484401
Re-implement the WantMassQuery property of binary caches
2016-05-30 15:18:12 +02:00
Eelco Dolstra
6c75cf69c3
Cleanup: Remove singleton()
2016-05-04 16:16:53 +02:00
Eelco Dolstra
538a64e8c3
Add a Store::addToStore() variant that accepts a NAR
...
As a side effect, this ensures that signatures are propagated when
copying paths between stores.
Also refactored import/export to make use of this.
2016-05-04 16:15:54 +02:00
Eelco Dolstra
f435f82475
Remove OpenSSL-based signing
2016-05-04 11:01:48 +02:00
Eelco Dolstra
95d20dfde9
Allow parameters in store URIs
...
This is to allow store-specific configuration,
e.g. s3://my-cache?compression=bzip2&secret-key=/path/to/key.
2016-04-29 16:26:16 +02:00
Eelco Dolstra
aa3bc3d5dc
Eliminate the substituter mechanism
...
Substitution is now simply a Store -> Store copy operation, most
typically from BinaryCacheStore to LocalStore.
2016-04-29 13:57:08 +02:00
Eelco Dolstra
7d14f5c331
Implement S3BinaryCacheStore::queryAllValidPaths()
...
This allows commands like "nix verify --all" or "nix path-info --all"
to work on S3 caches.
Unfortunately, this requires some ugly hackery: when querying the
contents of the bucket, we don't want to have to read every .narinfo
file. But the S3 bucket keys only include the hash part of each store
path, not the name part. So as a special exception
queryAllValidPaths() can now return store paths *without* the name
part, and queryPathInfo() accepts such store paths (returning a
ValidPathInfo object containing the full name).
2016-04-21 17:53:47 +02:00
Eelco Dolstra
451ebf24ce
Cache path info lookups in SQLite
...
This re-implements the binary cache database in C++, allowing it to be
used by other Store backends, in particular the S3 backend.
2016-04-20 14:12:38 +02:00
Eelco Dolstra
e0204f8d46
Move path info caching from BinaryCacheStore to Store
...
Caching path info is generally useful. For instance, it speeds up "nix
path-info -rS /run/current-system" (i.e. showing the closure sizes of
all paths in the closure of the current system) from 5.6s to 0.15s.
This also eliminates some APIs like Store::queryDeriver() and
Store::queryReferences().
2016-04-19 18:52:53 +02:00
Eelco Dolstra
96515b0c0d
Fix std::atomic_flag build failure
...
http://hydra.nixos.org/build/34453794
2016-04-14 12:50:01 +02:00
Eelco Dolstra
8cffec8485
Remove failed build caching
...
This feature was implemented for Hydra, but Hydra no longer uses it.
2016-04-08 18:19:04 +02:00
Eelco Dolstra
f398949b40
Make LocalStore thread-safe
...
Necessary for multi-threaded commands like "nix verify-paths".
2016-04-08 18:07:13 +02:00
Eelco Dolstra
e39999ed48
Sign locally-built paths
...
Locally-built paths are now signed automatically using the secret keys
specified by the ‘secret-key-files’ option.
2016-04-07 15:16:57 +02:00
Eelco Dolstra
d0f5719c2a
Add "nix copy-sigs" command
...
This imports signatures from one store into another. E.g.
$ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/
imported 595 signatures
2016-04-05 16:39:23 +02:00
Eelco Dolstra
9cee600c88
LocalStore: Keep track of ultimately trusted paths
...
These are content-addressed paths or outputs of locally performed
builds. They are trusted even if they don't have signatures, so "nix
verify-paths" won't complain about them.
2016-03-30 17:35:48 +02:00
Eelco Dolstra
3d119f0a3b
Improve the SQLite wrapper API
...
In particular, this eliminates a bunch of boilerplate code.
2016-03-30 15:50:45 +02:00
Eelco Dolstra
d9c5e3bbf0
Factour out SQLite handling
2016-03-30 13:27:25 +02:00
Eelco Dolstra
2ae43ced9a
Turn retrying SQLite transactions into a higher-order function
2016-03-30 12:04:27 +02:00
Eelco Dolstra
bb1034316d
Don't overload dumpPath()
2016-03-22 14:21:45 +01:00
Eelco Dolstra
1c5f73f529
Add Store::dumpPath() method
...
This allows applying nix-store --verify-path to binary cache stores:
NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7...
2016-03-21 17:55:57 +01:00
Eelco Dolstra
87295b9844
Drop support for upgrading from Nix <= 0.12
2016-03-21 15:09:03 +01:00
Eelco Dolstra
42bc395b63
Eliminate some large string copying
2016-03-04 16:49:56 +01:00
Eelco Dolstra
bcc9943cee
importPaths(): Optionally add NARs to binary cache accessor
...
This enables an optimisation in hydra-queue-runner, preventing a
download of a NAR it just uploaded to the cache when reading files
like hydra-build-products.
2016-02-26 15:20:10 +01:00
Eelco Dolstra
152b1d6bf9
deletePath(): Succeed if path doesn't exist
...
Also makes it robust against concurrent deletions.
2016-02-24 17:44:55 +01:00
Eelco Dolstra
28e7e29abd
Eliminate reserveSpace flag
2016-02-24 17:44:55 +01:00
Eelco Dolstra
5a64e66268
LocalStore::addTextToStore(): Don't read the path we just wrote
...
This eliminates some unnecessary (presumably cached) I/O.
2016-02-24 17:11:31 +01:00
Eelco Dolstra
b49d323ce2
Fix build without sodium
...
http://hydra.nixos.org/build/32085949
2016-02-17 12:42:14 +01:00
Eelco Dolstra
5ac27053e9
Rename ValidPathInfo::hash -> narHash for consistency
2016-02-16 11:49:12 +01:00
Eelco Dolstra
c8f4d89a34
Expose the export magic value and move LocalStore::queryReferences to Store
2016-02-15 15:01:26 +01:00
Eelco Dolstra
d089372565
Add function to extract hash part of a store path
2016-02-15 15:01:26 +01:00
Eelco Dolstra
c10c61449f
Eliminate the "store" global variable
...
Also, move a few free-standing functions into StoreAPI and Derivation.
Also, introduce a non-nullable smart pointer, ref<T>, which is just a
wrapper around std::shared_ptr ensuring that the pointer is never
null. (For reference-counted values, this is better than passing a
"T&", because the latter doesn't maintain the refcount. Usually, the
caller will have a shared_ptr keeping the value alive, but that's not
always the case, e.g., when passing a reference to a std::thread via
std::bind.)
2016-02-04 14:28:26 +01:00
Eelco Dolstra
9e7c1a4bbd
Use the daemon when we don't have write access to the Nix database
2016-01-31 10:28:48 +01:00
Eelco Dolstra
8906eda2f9
Canonicalize gids to 0
...
Previously files in the Nix store were owned by root or by nixbld,
depending on whether they were created by a substituter or by a
builder. This doesn't matter much, but causes spurious diffoscope
differences. So use root everywhere.
2016-01-12 17:27:40 +01:00
Eelco Dolstra
8f67325a7c
Build sandbox support etc. unconditionally on Linux
...
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent
ambiguity.
2015-12-10 11:47:17 +01:00
Eelco Dolstra
ccf31dbc25
nix-copy-closure: Add -v flag
...
And make exportPath() less spammy by default.
2015-07-20 01:52:07 +02:00
Eelco Dolstra
b3491c781c
More cleanup
2015-07-20 01:16:16 +02:00
Eelco Dolstra
6bd2c7bb38
OCD: foreach -> C++11 ranged for
2015-07-17 20:13:56 +02:00
Eelco Dolstra
2bc9c84327
Use posix_fallocate to create /nix/var/nix/db/reserved
2015-06-22 15:54:55 +02:00
Rok Garbas
000de699e9
cygwin: explicitly include required c headers
2015-05-13 09:37:12 +02:00
Eelco Dolstra
1711679ea5
Revert /nix/store permission back to 01775
...
This broke NixOS VM tests.
Mostly reverts 27b7b94923
,
5ce50cd99e
,
afa433e58c
.
2015-04-07 13:21:26 +02:00
Eelco Dolstra
7ea6ecf855
addToStore(): Take explicit name argument
2015-03-25 17:06:12 +01:00
Eelco Dolstra
57d64d24aa
Doh^2
2015-01-08 16:59:22 +01:00
Eelco Dolstra
57b82256b0
Doh
2015-01-08 16:49:31 +01:00
Eelco Dolstra
27b7b94923
Set /nix/store permission to 1737
...
I.e., not readable to the nixbld group. This improves purity a bit for
non-chroot builds, because it prevents a builder from enumerating
store paths (i.e. it can only access paths it knows about).
2015-01-08 16:39:07 +01:00
Shea Levy
3d97b8d1e7
LocalStore initialization: Don't die if build-users-group doesn't exist
...
See NixOS/nixpkgs@9245516
2014-12-29 14:40:13 +01:00
Eelco Dolstra
46f3eb6fdd
Shut up a Valgrind warning
2014-12-12 15:10:02 +01:00
Eelco Dolstra
e529823635
Don't wait for PID -1
...
The pid field can be -1 if forking the substituter process failed.
2014-12-10 13:53:04 +01:00