max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-05 13:58:05 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
13784 commits 7 branches 0 tags 62 MiB
Commit graph

13784 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eelco Dolstra
54712aaf8a Merge remote-tracking branch 'origin/master' into flakes 2020-07-06 16:40:10 +02:00
Eelco Dolstra
7349f257da Only mount /sys in uid-range builds 
Maybe this should be a separate system feature... /sys exposes a lot
of impure info about the host system.
 2020-07-06 13:50:33 +02:00
Eelco Dolstra
8c4cce553c Fix macOS build 2020-07-06 13:50:33 +02:00
Eelco Dolstra
ba50c3efa3 Add "uid-range" and "systemd-cgroup" system features 
"uid-range" provides 65536 UIDs to a build and runs the build as root
in its user namespace. "systemd-cgroup" allows the build to mount the
systemd cgroup controller (needed for running systemd-nspawn and NixOS
containers).

Also, add a configuration option "auto-allocate-uids" which is needed
to enable these features, and some experimental feature gates.

So to enable support for containers you need the following in
nix.conf:

  experimental-features = auto-allocate-uids systemd-cgroup
  auto-allocate-uids = true
  system-features = uid-range systemd-cgroup
 2020-07-06 13:50:33 +02:00
Eelco Dolstra
570c443f56 Simplify cgroup creation 2020-07-06 13:50:33 +02:00
Eelco Dolstra
7bdcf43b40 Destroy the cgroup prior to building 2020-07-06 13:50:33 +02:00
Eelco Dolstra
ca2f64bcda Reduce # of UIDs per build to 65536 
2^18 was overkill. The idea was to enable multiple containers to run
inside a build. However, those containers can use the same UID range -
we don't really care about perfect isolation between containers inside
a build.
 2020-07-06 13:50:33 +02:00
Eelco Dolstra
f5fa3de759 Run builds in their own cgroup 
Also, run builds in a cgroup namespace (ensuring /proc/self/cgroup
doesn't leak information about the outside world) and mount /sys. This
enables running systemd-nspawn and thus NixOS containers in a Nix
build.
 2020-07-06 13:50:33 +02:00
Eelco Dolstra
c3e0a68c7e canonicalisePathMetaData(): Support a UID range 2020-07-06 13:50:33 +02:00
Eelco Dolstra
836573a9a2 Dynamically allocate UIDs 
Rather than rely on a nixbld group, we now allocate UIDs/GIDs
dynamically starting at a configurable ID (872415232 by default).

Also, we allocate 2^18 UIDs and GIDs per build, and run the build as
root in its UID namespace. (This should not be the default since it
breaks some builds. We probably should enable this conditional on a
requiredSystemFeature.) The goal is to be able to run (NixOS)
containers in a build. However, this will also require some cgroup
initialisation.

The 2^18 UIDs/GIDs is intended to provide enough ID space to run
multiple containers per build, e.g. for distributed NixOS tests.
 2020-07-06 13:50:33 +02:00
John Ericson
f1c7746eb4 See if setting -std=c++17 for perl bindings helps 2020-07-05 21:50:27 +00:00
John Ericson
a38ab99d57 Merge remote-tracking branch 'upstream/master' into derivation-header-include-order 2020-07-05 21:49:01 +00:00
Ben Burdette
a168224464 spacing 2020-07-04 18:30:49 -06:00
John Ericson
465daa9396 Merge remote-tracking branch 'upstream/master' into add-body-to-network-errors 2020-07-03 17:08:39 +00:00
John Ericson
d4250fef23 Fix Perl, again... 2020-07-03 15:17:20 +00:00
John Ericson
d291be444b Fix Perl 2020-07-03 14:49:22 +00:00
Eelco Dolstra
14227aeb32 Merge branch 'add-trace' of https://github.com/bburdette/nix 2020-07-03 16:27:39 +02:00
John Ericson
3134db1a83 Merge branch 'hash-always-has-type' of github.com:obsidiansystems/nix into better-ca-parse-errors 2020-07-03 14:12:38 +00:00
John Ericson
dbffd309fe Merge branch 'master' of github.com:NixOS/nix into hash-always-has-type 2020-07-03 14:11:38 +00:00
Ben Burdette
b29a4ea1dc Merge branch 'master' into add-trace 2020-07-03 07:57:36 -06:00
Eelco Dolstra
c3c7aedbb5 nix develop: Fix bad regex 
This was accepted by libstdc++ but not libc++.

https://hydra.nixos.org/build/123569154
 2020-07-03 14:58:58 +02:00
Eelco Dolstra
6f8fd3a3f2 Shut up a clang warning 2020-07-03 14:50:07 +02:00
Eelco Dolstra
dfaad374ff
Merge pull request #3778 from tweag/parallel-tests 
Parallel tests fixes
 2020-07-03 13:17:10 +02:00
Eelco Dolstra
017efae01f Hopefully fix macOS test failure 2020-07-03 13:16:22 +02:00
regnat
223fbe644a Shorten the path to the test root 
Fix a socket length failure on the OSX builders
 2020-07-03 09:20:01 +02:00
regnat
5101ed18bc Fix the test dependencies 
Reuse the pre-existing list rather than the one written as part of #3777
 2020-07-03 09:20:01 +02:00
John Ericson
13796be78d Have splitPrefix and splitPrefixTo parser helpers 2020-07-02 23:18:22 +00:00
John Ericson
a7cd7425d9 Move getParsedTypeAndSRI to a more suitable location 
Also mark it static
 2020-07-02 23:10:11 +00:00
John Ericson
2f93d9f2ba Merge branch 'hash-always-has-type' into HEAD 2020-07-02 21:47:51 +00:00
John Ericson
1be279af26 Fix Narinfo corruption detection bug 
The aim of this check was just to ensure each key occurs once.
 2020-07-02 21:46:10 +00:00
Eelco Dolstra
5596f879b4 Add test for nix develop 2020-07-02 18:32:45 +02:00
Eelco Dolstra
b5e4253697 Fix abort in 'nix develop' 2020-07-02 18:24:11 +02:00
Carlo Nucera
1fc835aa22 Tighten parsing for drv files and pathinfo 2020-07-02 11:57:21 -04:00
Ben Burdette
5818271c6e spacing 2020-07-02 09:41:54 -06:00
Carlo Nucera
b6b10b1d4c Write the implementation for parseNonSRIUnprefixed 2020-07-02 11:34:40 -04:00
Carlo Nucera
ea48e3a5b5 Abstract common parsing functionality 2020-07-02 11:29:33 -04:00
Carlo Nucera
36cbc74689 Inline and simplify in parseAnyPrefixed 2020-07-02 11:21:00 -04:00
Matthew Bauer
fc2ab42e86 Merge remote-tracking branch 'origin/master' into substitute-other-storedir 2020-07-02 11:14:04 -04:00
Matthew Bauer
d2e8b9ff0e Store subPath in SubstitutionGoal 2020-07-02 11:12:05 -04:00
Carlo Nucera
9462d8a50b Rename fromSRI to parseSRI for constistency 2020-07-02 11:11:18 -04:00
Carlo Nucera
f61bc45d19 Get rid of the std::pair 2020-07-02 11:09:04 -04:00
Ben Burdette
bf2788e4c1 move showTrace to new loggerSettings 2020-07-02 09:04:31 -06:00
Carlo Nucera
27c8029573 Inline newFunction 2020-07-02 11:01:10 -04:00
Matthew Bauer
1f9cb06db2 Try next when no ca exists and have different store dirs 2020-07-02 10:59:24 -04:00
Carlo Nucera
343d1569b1 Fix test suite 2020-07-02 10:48:47 -04:00
Eelco Dolstra
a5b6e870fe Set gc-reserved-space to 0 in tests 
This reduces the amount of disk space needed to run the tests from
half a gigabyte to 10 megabytes.
 2020-07-02 16:38:42 +02:00
Eelco Dolstra
ec5d7cb8e2 Merge branch 'parallel-tests' of https://github.com/tweag/nix 2020-07-02 16:38:38 +02:00
regnat
11ba4ec795 Make the gc-auto test more reliable 
Use a fifo pipe to handle the synchronisation between the different
threads rather than relying on delays
 2020-07-02 16:13:36 +02:00
regnat
c762385457 Make the gc-concurrent test more reliable 
Use a fifo pipe to handle the synchronisation between the different
threads rather than relying on delays
 2020-07-02 16:13:36 +02:00
regnat
1b5aa60767 Run the tests in parallel 
Cause the time needed to run the testsuite to drop from ~4mins to ~40s
 2020-07-02 16:13:36 +02:00