Commit graph

5084 commits

Author SHA1 Message Date
Eelco Dolstra
8063fc497a Use deterministic $TMPDIR in sandbox
Rather than using $<host-TMPDIR>/nix-build-<drvname>-<number>, the
temporary directory is now always /tmp/nix-build-<drvname>-0. This
improves bitwise-exact reproducibility for builds that store $TMPDIR
in their build output. (Of course, those should still be fixed...)
2015-12-02 15:04:00 +01:00
Danny Wilson
69b9d8fdbd Use DT_UNKNOWN when dirent d_type extension is not supported.
edolstra:
“…since callers of readDirectory have to handle the possibility of
 DT_UNKNOWN anyway, and we don't want to do a stat call for every
 directory entry unless it's really needed.”
2015-11-25 21:57:19 +01:00
Shea Levy
f327970129 Merge branch 'auto-call-functor'
autoCallFunction now auto-calls functors
2015-11-25 11:57:31 -05:00
Shea Levy
9533532ce2 autoCallFunction: Auto-call functors 2015-11-25 11:56:14 -05:00
Eelco Dolstra
bfb6c4876a Merge pull request #617 from Preston4tw/patch-1
Update nix.spec.in
2015-11-25 17:21:16 +01:00
Eelco Dolstra
c0d4173263 Set default binary-caches-parallel-connections to 25
Some benchmarking suggested this as a good value. Running

  $ benchmark -f ... -t 25 -- sh -c 'rm -f /nix/var/nix/binary-cache*; nix-store -r /nix/store/x5z8a2yvz8h6ccmhwrwrp9igg03575jg-nixos-15.09.git.5fd87e1M.drv --dry-run --option binary-caches-parallel-connections <N>'

gave the following mean elapsed times for these values of N:

N=10:  3.3541
N=20:  2.9320
N=25:  2.6690
N=30:  2.9417
N=50:  3.2021
N=100: 3.5718
N=150: 4.2079

Memory usage is also reduced (N=150 used 186 MB, N=25 only 68 MB).

Closes #708.
2015-11-25 17:13:11 +01:00
Eelco Dolstra
efd6a8c9f6 Fix Ubuntu/Debian/Fedora builds 2015-11-25 16:12:30 +01:00
Eelco Dolstra
0ab4d905e7 Merge branch 'p/sandbox-rename-minimal' of https://github.com/vcunat/nix 2015-11-25 14:53:42 +01:00
Eelco Dolstra
27d6ed5c68 Remove sandboxProfile from release.nix
There is really no conceivable reason why building Nix would need
access to the host's nix.conf. If it does, it's a bug, and we should
fix that instead.
2015-11-25 14:45:27 +01:00
Eelco Dolstra
a0f0733413 Fix build failure introduced by #704
Also, make the FreeBSD checks conditional on FreeBSD.
2015-11-25 14:41:19 +01:00
Eelco Dolstra
afef347157 Merge pull request #712 from pSub/print-meta-license
Print license information on '--xml --meta'
2015-11-25 14:00:52 +01:00
Eelco Dolstra
4c1c7e5812 Merge pull request #716 from ebzzry/master
Fixed typo.
2015-11-24 19:31:10 +01:00
Eelco Dolstra
cad40adce5 Merge pull request #704 from ysangkok/freebsd-support
FreeBSD support with knowledge about Linux emulation
2015-11-24 19:24:21 +01:00
Rommel M. Martinez
cf141abfe9 Fixed typo. 2015-11-23 15:59:57 +08:00
Shea Levy
6c10bd7c5e Merge branch 'host-deps' of git://github.com/pikajude/nix
Reintroduces the functionality that allows the baked-in pre-build-hook to find framework dependencies
2015-11-21 20:28:13 -05:00
Jude Taylor
279fa8f618 reintroduce host deps in tandem with sandbox profiles 2015-11-21 15:57:06 -08:00
Shea Levy
e0bd114e09 Revert "remove sandbox-defaults.sb"
As discussed in NixOS/nixpkgs#11001, we still need some of the old
sandbox mechanism.

This reverts commit d760c2638c.
2015-11-21 16:40:24 -05:00
Pascal Wittmann
4921223160 Print license information on '--xml --meta'
The nixpkgs manual prescribes the use of values from stdenv.lib.licenses
for the meta.license attribute. Those values are attribute sets and
currently skipped when running nix-env with '--xml --meta'. This has the
consequence that also nixpkgs-lint will report missing licenses.

With this commit nix-env with '--xml --meta' will print all attributes
of an attribute set that are of type tString. For example the output for
the package nixpkgs.hello is

    <meta name="license" type="strings">
      <string type="url" value="http://spdx.org/licenses/GPL-3.0+" />
      <string type="shortName" value="gpl3Plus" />
      <string type="fullName" value="GNU General Public License v3.0 or later" />
      <string type="spdxId" value="GPL-3.0+" />
    </meta>

This commit fixes nixpkgs-lint, too.
2015-11-21 11:43:44 +01:00
Jude Taylor
b9b7bb1806 re-fix permissions for GHC 2015-11-19 16:06:21 -08:00
Shea Levy
5deb7fbdfb Merge branch 'sandbox-profiles' of git://github.com/pikajude/nix
Temporarily allow derivations to describe their full sandbox profile.
This will be eventually scaled back to a more secure setup, see the
discussion at #695
2015-11-19 17:44:11 -05:00
Eelco Dolstra
33f2fbcb62 Merge pull request #707 from peti/master
src/libstore/build.cc: clarify error message for hash mismatches
2015-11-19 13:49:57 +01:00
Peter Simons
6ad10591ce src/libstore/build.cc: clarify error message for hash mismatches
Nix reports a hash mismatch saying:

  output path ‘foo’ should have sha256 hash ‘abc’, instead has ‘xyz’

That message is slightly ambiguous and some people read that statement
to mean the exact opposite of what it is supposed to mean. After this
patch, the message will be:

  Nix expects output path ‘foo’ to have sha256 hash ‘abc’, instead it has ‘xyz’
2015-11-19 12:42:37 +01:00
Jude Taylor
36f7fcc157 Merge pull request #1 from shlevy/sandbox-profiles
Use AutoDelete for sandbox profile file
2015-11-17 10:08:47 -08:00
janus
8a74a125bc FreeBSD can build Linux 32-bit binaries 2015-11-17 14:16:08 +00:00
Shea Levy
1d3529e93a Default arguments belong at declaration, not definition 2015-11-16 05:55:55 -05:00
Shea Levy
9b4cd20752 Fix copy-paste error 2015-11-16 05:54:34 -05:00
Shea Levy
58d2fac91d AutoDelete: Add default constructor with deletion disabled 2015-11-16 05:53:10 -05:00
Shea Levy
4390142315 Use AutoDelete for sandbox profile file 2015-11-15 06:08:50 -05:00
Jude Taylor
bd09a4c967 simplify build.cc using modern C++ features 2015-11-14 14:11:03 -08:00
Jude Taylor
4876bb012e simplify build permissions 2015-11-14 14:11:03 -08:00
Jude Taylor
d760c2638c remove sandbox-defaults.sb 2015-11-14 14:11:03 -08:00
Jude Taylor
22dfd023fa update sandbox profiles within nix 2015-11-14 14:11:03 -08:00
Jude Taylor
8a7f0dfd68 use per-derivation sandbox profiles 2015-11-14 14:10:43 -08:00
Vladimír Čunát
b39622a487 rename chroot to sandbox (fixes #656, close #682)
- rename options but leav old names as lower-priority aliases,
  also "-dirs" -> "-paths" to get closer to the meaning
- update docs to reflect the new names (old aliases are not documented),
  including a new file with release notes
- tests need an update after corresponding changes to nixpkgs
- __noChroot is left as it is (after discussion on the PR)
2015-11-10 22:32:51 +01:00
Eelco Dolstra
9ee15abe30 Fix bad characters in "copying 7 missing paths from ..." 2015-11-10 16:12:26 +01:00
Eelco Dolstra
8fdd156a65 Add option to verify build determinism
Passing "--option build-repeat <N>" will cause every build to be
repeated N times. If the build output differs between any round, the
build is rejected, and the output paths are not registered as
valid. This is primarily useful to verify build determinism. (We
already had a --check option to repeat a previously succeeded
build. However, with --check, non-deterministic builds are registered
in the DB. Preventing that is useful for Hydra to ensure that
non-deterministic builds don't end up getting published at all.)
2015-11-09 23:16:24 +01:00
Eelco Dolstra
96c2ebf004 Revert "Allow using /bin and /usr/bin as impure prefixes on non-darwin by default"
This reverts commit 79ca503332. Ouch,
never noticed this. We definitely don't want to allow builds to have
arbitrary access to /bin and /usr/bin, because then they can (for
instance) bring in a bunch of setuid programs. Also, we shouldn't be
encouraging the use of impurities in the default configuration.
2015-11-09 21:28:38 +01:00
Eelco Dolstra
4384bbd2e1 optimizePath(): Detect some .links corruption
If automatic store optimisation is enabled, and a hard-linked file in
the store gets corrupted, then the corresponding .links entry will
also be corrupted. In that case, trying to repair with --repair or
--repair-path won't work, because the new "good" file will be replaced
by a hard link to the corrupted file. We can catch most of these cases
by doing a sanity-check on the file sizes.
2015-11-09 21:28:25 +01:00
Eelco Dolstra
7759a56bed Fix namespace issue 2015-11-09 21:28:25 +01:00
Shea Levy
8a2a3b6579 Merge branch 'libsystem-darwin-only'
Only require libsystem on darwin
2015-11-08 14:39:50 -05:00
Shea Levy
8a76bc9fb0 Only require libsystem on darwin
Fixes #688
2015-11-08 14:18:15 -05:00
Danny Wilson
cdb346c65e Fix build on Solaris
d_type is not part of the POSIX spec unfortunately.
2015-11-07 04:51:33 +01:00
Shea Levy
5bc12454fd Merge branch 'master' of https://github.com/pikajude/nix
> I made this change for two reasons:

> 1. Darwin's locale data doesn't appear to be open source
> 2. Privileged processes will always use /usr/share/locale regardless of environment variables
2015-11-04 17:27:19 -05:00
Eelco Dolstra
6f1743b1a5 Support SHA-512 hashes
Fixes #679.

Note: on x86_64, SHA-512 is considerably faster than SHA-256 (198 MB/s
versus 131 MB/s).
2015-11-04 16:37:49 +01:00
Eelco Dolstra
a6ca68a70c Require OpenSSL 2015-11-04 16:37:49 +01:00
Jude Taylor
c10ef2d134 fix syntax error 2015-11-03 09:03:32 -08:00
Jude Taylor
3b52e54e31 darwin: allow reading system locale and zoneinfo 2015-11-03 08:43:09 -08:00
Shea Levy
85aeedb9bc Merge https://github.com/pikajude/nix
> As far as I can tell, the CoreFoundation function CFNumberFormatterCopyProperty segfaults if the
> directory added in this pull request is not readable. This change allows openjdk-darwin to build in
> the sandbox.
2015-11-01 01:21:09 -04:00
Jude Taylor
d6bd51ffbe allow reading ICU data 2015-10-31 02:52:42 -07:00
Shea Levy
9a963c8adc Merge branch 'master' of git://github.com/pikajude/nix
@pikajude: "This is required for perlPackages.IOTty and, by extension, mosh"
2015-10-31 02:44:58 -04:00