2012-07-18 20:59:03 +02:00
|
|
|
#pragma once
|
2003-06-16 15:33:38 +02:00
|
|
|
|
2006-09-04 23:06:23 +02:00
|
|
|
#include "types.hh"
|
2017-04-13 20:53:23 +02:00
|
|
|
#include "config.hh"
|
2017-10-23 19:34:49 +02:00
|
|
|
#include "util.hh"
|
2006-09-04 23:06:23 +02:00
|
|
|
|
2012-07-31 01:55:41 +02:00
|
|
|
#include <map>
|
2017-09-05 20:43:42 +02:00
|
|
|
#include <limits>
|
2012-07-31 01:55:41 +02:00
|
|
|
|
2017-09-05 20:43:42 +02:00
|
|
|
#include <sys/types.h>
|
2006-09-04 23:06:23 +02:00
|
|
|
|
|
|
|
namespace nix {
|
2003-06-16 15:33:38 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
typedef enum { smEnabled, smRelaxed, smDisabled } SandboxMode;
|
2003-06-16 15:33:38 +02:00
|
|
|
|
2017-04-20 16:52:53 +02:00
|
|
|
struct MaxBuildJobsSetting : public BaseSetting<unsigned int>
|
|
|
|
{
|
|
|
|
MaxBuildJobsSetting(Config * options,
|
|
|
|
unsigned int def,
|
|
|
|
const std::string & name,
|
|
|
|
const std::string & description,
|
|
|
|
const std::set<std::string> & aliases = {})
|
|
|
|
: BaseSetting<unsigned int>(def, name, description, aliases)
|
|
|
|
{
|
|
|
|
options->addSetting(this);
|
|
|
|
}
|
|
|
|
|
|
|
|
void set(const std::string & str) override;
|
|
|
|
};
|
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
class Settings : public Config {
|
2012-08-01 00:19:44 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
unsigned int getDefaultCores();
|
2012-07-31 01:55:41 +02:00
|
|
|
|
2018-09-28 15:57:27 +02:00
|
|
|
StringSet getDefaultSystemFeatures();
|
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
public:
|
2012-07-31 01:55:41 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Settings();
|
2012-07-31 01:55:41 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Path nixPrefix;
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2012-07-31 01:55:41 +02:00
|
|
|
/* The directory where we store sources and derived files. */
|
|
|
|
Path nixStore;
|
|
|
|
|
|
|
|
Path nixDataDir; /* !!! fix */
|
|
|
|
|
|
|
|
/* The directory where we log various operations. */
|
|
|
|
Path nixLogDir;
|
|
|
|
|
|
|
|
/* The directory where state is stored. */
|
|
|
|
Path nixStateDir;
|
|
|
|
|
|
|
|
/* The directory where configuration files are stored. */
|
|
|
|
Path nixConfDir;
|
|
|
|
|
|
|
|
/* The directory where internal helper programs are stored. */
|
|
|
|
Path nixLibexecDir;
|
|
|
|
|
|
|
|
/* The directory where the main programs are stored. */
|
|
|
|
Path nixBinDir;
|
|
|
|
|
2018-02-14 23:05:55 +01:00
|
|
|
/* The directory where the man pages are stored. */
|
|
|
|
Path nixManDir;
|
|
|
|
|
2013-03-08 01:24:59 +01:00
|
|
|
/* File name of the socket the daemon listens to. */
|
|
|
|
Path nixDaemonSocketFile;
|
|
|
|
|
2017-10-23 19:34:49 +02:00
|
|
|
Setting<std::string> storeUri{this, getEnv("NIX_REMOTE", "auto"), "store",
|
|
|
|
"The default Nix store to use."};
|
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> keepFailed{this, false, "keep-failed",
|
|
|
|
"Whether to keep temporary directories of failed builds."};
|
2012-07-31 01:55:41 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> keepGoing{this, false, "keep-going",
|
|
|
|
"Whether to keep building derivations when another build fails."};
|
2012-07-31 01:55:41 +02:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<bool> tryFallback{this, false, "fallback",
|
|
|
|
"Whether to fall back to building when substitution fails.",
|
|
|
|
{"build-fallback"}};
|
2012-07-31 01:55:41 +02:00
|
|
|
|
2016-04-25 16:47:46 +02:00
|
|
|
/* Whether to show build log output in real time. */
|
|
|
|
bool verboseBuild = true;
|
|
|
|
|
2018-10-22 12:14:02 +02:00
|
|
|
Setting<size_t> logLines{this, 10, "log-lines",
|
|
|
|
"If verbose-build is false, the number of lines of the tail of "
|
|
|
|
"the log to show if a build fails."};
|
2003-06-16 15:33:38 +02:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
MaxBuildJobsSetting maxBuildJobs{this, 1, "max-jobs",
|
|
|
|
"Maximum number of parallel build jobs. \"auto\" means use number of cores.",
|
|
|
|
{"build-max-jobs"}};
|
2003-06-16 15:33:38 +02:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<unsigned int> buildCores{this, getDefaultCores(), "cores",
|
2017-04-13 20:53:23 +02:00
|
|
|
"Number of CPU cores to utilize in parallel within a build, "
|
|
|
|
"i.e. by passing this number to Make via '-j'. 0 means that the "
|
|
|
|
"number of actual CPU cores on the local host ought to be "
|
2017-08-31 14:28:25 +02:00
|
|
|
"auto-detected.", {"build-cores"}};
|
2003-07-10 15:41:28 +02:00
|
|
|
|
2012-07-31 01:55:41 +02:00
|
|
|
/* Read-only mode. Don't copy stuff to the store, don't change
|
|
|
|
the database. */
|
2017-04-13 20:53:23 +02:00
|
|
|
bool readOnlyMode = false;
|
2003-07-31 15:47:13 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<std::string> thisSystem{this, SYSTEM, "system",
|
|
|
|
"The canonical Nix system name."};
|
2005-02-01 23:07:48 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<time_t> maxSilentTime{this, 0, "max-silent-time",
|
2017-04-13 20:53:23 +02:00
|
|
|
"The maximum time in seconds that a builer can go without "
|
|
|
|
"producing any output on stdout/stderr before it is killed. "
|
2017-08-31 14:28:25 +02:00
|
|
|
"0 means infinity.",
|
|
|
|
{"build-max-silent-time"}};
|
2006-12-04 14:09:16 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<time_t> buildTimeout{this, 0, "timeout",
|
2017-04-13 20:53:23 +02:00
|
|
|
"The maximum duration in seconds that a builder can run. "
|
2017-08-31 14:28:25 +02:00
|
|
|
"0 means infinity.", {"build-timeout"}};
|
2004-06-25 17:36:09 +02:00
|
|
|
|
2017-05-01 15:46:47 +02:00
|
|
|
PathSetting buildHook{this, true, nixLibexecDir + "/nix/build-remote", "build-hook",
|
|
|
|
"The path of the helper program that executes builds to remote machines."};
|
|
|
|
|
2017-10-24 10:52:34 +02:00
|
|
|
Setting<std::string> builders{this, "@" + nixConfDir + "/machines", "builders",
|
2017-05-02 13:44:10 +02:00
|
|
|
"A semicolon-separated list of build machines, in the format of nix.machines."};
|
|
|
|
|
2018-01-09 22:40:07 +01:00
|
|
|
Setting<bool> buildersUseSubstitutes{this, false, "builders-use-substitutes",
|
|
|
|
"Whether build machines should use their own substitutes for obtaining "
|
|
|
|
"build dependencies if possible, rather than waiting for this host to "
|
|
|
|
"upload them."};
|
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<off_t> reservedSize{this, 8 * 1024 * 1024, "gc-reserved-space",
|
|
|
|
"Amount of reserved disk space for the garbage collector."};
|
2004-01-13 17:35:43 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> fsyncMetadata{this, true, "fsync-metadata",
|
|
|
|
"Whether SQLite should use fsync()."};
|
2004-05-12 16:20:32 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> useSQLiteWAL{this, true, "use-sqlite-wal",
|
|
|
|
"Whether SQLite should use WAL mode."};
|
2010-06-23 16:34:08 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> syncBeforeRegistering{this, false, "sync-before-registering",
|
|
|
|
"Whether to call sync() before registering a path as valid."};
|
2004-10-25 16:38:23 +02:00
|
|
|
|
2018-01-04 16:57:25 +01:00
|
|
|
Setting<bool> useSubstitutes{this, true, "substitute",
|
2017-08-31 14:28:25 +02:00
|
|
|
"Whether to use substitutes.",
|
|
|
|
{"build-use-substitutes"}};
|
2014-02-08 06:05:46 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<std::string> buildUsersGroup{this, "", "build-users-group",
|
|
|
|
"The Unix group that contains the build users."};
|
2014-02-19 13:05:15 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",
|
|
|
|
"Whether to impersonate a Linux 2.6 machine on newer kernels.",
|
|
|
|
{"build-impersonate-linux-26"}};
|
2011-06-30 17:19:13 +02:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<bool> keepLog{this, true, "keep-build-log",
|
|
|
|
"Whether to store build logs.",
|
|
|
|
{"build-keep-log"}};
|
2007-08-12 02:29:28 +02:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<bool> compressLog{this, true, "compress-build-log",
|
|
|
|
"Whether to compress logs.",
|
|
|
|
{"build-compress-log"}};
|
2007-11-16 17:15:26 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<unsigned long> maxLogSize{this, 0, "max-build-log-size",
|
2017-04-13 20:53:23 +02:00
|
|
|
"Maximum number of bytes a builder can write to stdout/stderr "
|
2017-08-31 14:28:25 +02:00
|
|
|
"before being killed (0 means no limit).",
|
|
|
|
{"build-max-log-size"}};
|
2013-09-02 11:58:18 +02:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
/* When buildRepeat > 0 and verboseBuild == true, whether to print
|
|
|
|
repeated builds (i.e. builds other than the first one) to
|
2016-12-06 17:43:39 +01:00
|
|
|
stderr. Hack to prevent Hydra logs from being polluted. */
|
|
|
|
bool printRepeatedBuilds = true;
|
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<unsigned int> pollInterval{this, 5, "build-poll-interval",
|
|
|
|
"How often (in seconds) to poll for locks."};
|
2008-11-12 12:08:27 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> checkRootReachability{this, false, "gc-check-reachability",
|
|
|
|
"Whether to check if new GC roots can in fact be found by the "
|
|
|
|
"garbage collector."};
|
2008-11-12 12:08:27 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<bool> gcKeepOutputs{this, false, "keep-outputs",
|
|
|
|
"Whether the garbage collector should keep outputs of live derivations.",
|
|
|
|
{"gc-keep-outputs"}};
|
2003-08-19 11:04:47 +02:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<bool> gcKeepDerivations{this, true, "keep-derivations",
|
|
|
|
"Whether the garbage collector should keep derivers of live paths.",
|
|
|
|
{"gc-keep-derivations"}};
|
2005-02-01 23:07:48 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> autoOptimiseStore{this, false, "auto-optimise-store",
|
|
|
|
"Whether to automatically replace files with identical contents with hard links."};
|
2006-02-16 14:58:10 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<bool> envKeepDerivations{this, false, "keep-env-derivations",
|
2017-04-13 20:53:23 +02:00
|
|
|
"Whether to add derivations as a dependency of user environments "
|
2017-08-31 14:28:25 +02:00
|
|
|
"(to prevent them from being GCed).",
|
|
|
|
{"env-keep-derivations"}};
|
2005-02-14 14:07:09 +01:00
|
|
|
|
2013-09-06 16:36:56 +02:00
|
|
|
/* Whether to lock the Nix client and worker to the same CPU. */
|
|
|
|
bool lockCPU;
|
|
|
|
|
2013-11-12 12:51:59 +01:00
|
|
|
/* Whether to show a stack trace if Nix evaluation fails. */
|
2018-01-16 19:03:31 +01:00
|
|
|
Setting<bool> showTrace{this, false, "show-trace",
|
|
|
|
"Whether to show a stack trace on evaluation errors."};
|
2013-11-12 12:51:59 +01:00
|
|
|
|
2018-02-22 14:19:20 +01:00
|
|
|
Setting<SandboxMode> sandboxMode{this, smDisabled, "sandbox",
|
2017-04-13 20:53:23 +02:00
|
|
|
"Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
|
2017-08-31 14:28:25 +02:00
|
|
|
{"build-use-chroot", "build-use-sandbox"}};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<PathSet> sandboxPaths{this, {}, "sandbox-paths",
|
2017-04-13 20:53:23 +02:00
|
|
|
"The paths to make available inside the build sandbox.",
|
2017-08-31 14:28:25 +02:00
|
|
|
{"build-chroot-dirs", "build-sandbox-paths"}};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<PathSet> extraSandboxPaths{this, {}, "extra-sandbox-paths",
|
2017-04-13 20:53:23 +02:00
|
|
|
"Additional paths to make available inside the build sandbox.",
|
2017-08-31 14:28:25 +02:00
|
|
|
{"build-extra-chroot-dirs", "build-extra-sandbox-paths"}};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-08-31 14:28:25 +02:00
|
|
|
Setting<size_t> buildRepeat{this, 0, "repeat",
|
|
|
|
"The number of times to repeat a build in order to verify determinism.",
|
|
|
|
{"build-repeat"}};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
#if __linux__
|
|
|
|
Setting<std::string> sandboxShmSize{this, "50%", "sandbox-dev-shm-size",
|
|
|
|
"The size of /dev/shm in the build sandbox."};
|
2017-05-05 17:45:22 +02:00
|
|
|
|
|
|
|
Setting<Path> sandboxBuildDir{this, "/build", "sandbox-build-dir",
|
|
|
|
"The build directory inside the sandbox."};
|
2017-04-13 20:53:23 +02:00
|
|
|
#endif
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<PathSet> allowedImpureHostPrefixes{this, {}, "allowed-impure-host-deps",
|
|
|
|
"Which prefixes to allow derivations to ask for access to (primarily for Darwin)."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
#if __APPLE__
|
|
|
|
Setting<bool> darwinLogSandboxViolations{this, false, "darwin-log-sandbox-violations",
|
|
|
|
"Whether to log Darwin sandbox access violations to the system log."};
|
|
|
|
#endif
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> runDiffHook{this, false, "run-diff-hook",
|
|
|
|
"Whether to run the program specified by the diff-hook setting "
|
|
|
|
"repeated builds produce a different result. Typically used to "
|
|
|
|
"plug in diffoscope."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
PathSetting diffHook{this, true, "", "diff-hook",
|
|
|
|
"A program that prints out the differences between the two paths "
|
|
|
|
"specified on its command line."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> enforceDeterminism{this, true, "enforce-determinism",
|
|
|
|
"Whether to fail if repeated builds produce different output."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-11-20 17:29:54 +01:00
|
|
|
Setting<Strings> trustedPublicKeys{this,
|
2017-04-13 20:53:23 +02:00
|
|
|
{"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="},
|
2017-11-20 17:29:54 +01:00
|
|
|
"trusted-public-keys",
|
|
|
|
"Trusted public keys for secure substitution.",
|
|
|
|
{"binary-cache-public-keys"}};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<Strings> secretKeyFiles{this, {}, "secret-key-files",
|
|
|
|
"Secret keys with which to sign local builds."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl",
|
|
|
|
"How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2018-01-26 17:10:52 +01:00
|
|
|
Setting<bool> requireSigs{this, true, "require-sigs",
|
2017-11-20 17:44:07 +01:00
|
|
|
"Whether to check that any non-content-addressed path added to the "
|
|
|
|
"Nix store has a valid signature (that is, one signed using a key "
|
|
|
|
"listed in 'trusted-public-keys'."};
|
|
|
|
|
2018-03-16 23:50:27 +01:00
|
|
|
Setting<StringSet> extraPlatforms{this,
|
2018-04-24 03:57:05 +02:00
|
|
|
std::string{SYSTEM} == "x86_64-linux" ? StringSet{"i686-linux"} : StringSet{},
|
2018-03-16 23:50:27 +01:00
|
|
|
"extra-platforms",
|
|
|
|
"Additional platforms that can be built on the local system. "
|
|
|
|
"These may be supported natively (e.g. armv7 on some aarch64 CPUs "
|
|
|
|
"or using hacks like qemu-user."};
|
2018-02-20 13:34:50 +01:00
|
|
|
|
2018-09-28 15:57:27 +02:00
|
|
|
Setting<StringSet> systemFeatures{this, getDefaultSystemFeatures(),
|
|
|
|
"system-features",
|
|
|
|
"Optional features that this system implements (like \"kvm\")."};
|
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<Strings> substituters{this,
|
|
|
|
nixStore == "/nix/store" ? Strings{"https://cache.nixos.org/"} : Strings(),
|
|
|
|
"substituters",
|
|
|
|
"The URIs of substituters (such as https://cache.nixos.org/).",
|
|
|
|
{"binary-caches"}};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
// FIXME: provide a way to add to option values.
|
|
|
|
Setting<Strings> extraSubstituters{this, {}, "extra-substituters",
|
|
|
|
"Additional URIs of substituters.",
|
|
|
|
{"extra-binary-caches"}};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-20 13:20:49 +02:00
|
|
|
Setting<StringSet> trustedSubstituters{this, {}, "trusted-substituters",
|
|
|
|
"Disabled substituters that may be enabled via the substituters option by untrusted users.",
|
|
|
|
{"trusted-binary-caches"}};
|
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<Strings> trustedUsers{this, {"root"}, "trusted-users",
|
|
|
|
"Which users or groups are trusted to ask the daemon to do unsafe things."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2018-04-06 12:05:15 +02:00
|
|
|
Setting<unsigned int> ttlNegativeNarInfoCache{this, 3600, "narinfo-cache-negative-ttl",
|
2018-04-02 18:41:49 +02:00
|
|
|
"The TTL in seconds for negative lookups in the disk cache i.e binary cache lookups that "
|
|
|
|
"return an invalid path result"};
|
|
|
|
|
2018-04-06 12:05:15 +02:00
|
|
|
Setting<unsigned int> ttlPositiveNarInfoCache{this, 30 * 24 * 3600, "narinfo-cache-positive-ttl",
|
2018-04-02 18:41:49 +02:00
|
|
|
"The TTL in seconds for positive lookups in the disk cache i.e binary cache lookups that "
|
|
|
|
"return a valid path result."};
|
|
|
|
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
/* ?Who we trust to use the daemon in safe ways */
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<Strings> allowedUsers{this, {"*"}, "allowed-users",
|
|
|
|
"Which users or groups are allowed to connect to the daemon."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<bool> printMissing{this, true, "print-missing",
|
|
|
|
"Whether to print what paths need to be built or downloaded."};
|
Explicitly model all settings and fail on unrecognized ones
Previously, the Settings class allowed other code to query for string
properties, which led to a proliferation of code all over the place making
up new options without any sort of central registry of valid options. This
commit pulls all those options back into the central Settings class and
removes the public get() methods, to discourage future abuses like that.
Furthermore, because we know the full set of options ahead of time, we
now fail loudly if someone enters an unrecognized option, thus preventing
subtle typos. With some template fun, we could probably also dump the full
set of options (with documentation, defaults, etc.) to the command line,
but I'm not doing that yet here.
2017-02-22 04:50:18 +01:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<std::string> preBuildHook{this,
|
|
|
|
#if __APPLE__
|
|
|
|
nixLibexecDir + "/nix/resolve-system-dependencies",
|
|
|
|
#else
|
|
|
|
"",
|
|
|
|
#endif
|
|
|
|
"pre-build-hook",
|
|
|
|
"A program to run just before a build to set derivation-specific build settings."};
|
2015-04-18 22:56:02 +02:00
|
|
|
|
2017-04-13 20:53:23 +02:00
|
|
|
Setting<std::string> netrcFile{this, fmt("%s/%s", nixConfDir, "netrc"), "netrc-file",
|
|
|
|
"Path to the netrc file used to obtain usernames/passwords for downloads."};
|
2017-02-16 14:46:36 +01:00
|
|
|
|
2017-03-06 20:30:35 +01:00
|
|
|
/* Path to the SSL CA file used */
|
|
|
|
Path caFile;
|
|
|
|
|
2017-07-04 15:43:06 +02:00
|
|
|
#if __linux__
|
2017-10-12 18:21:55 +02:00
|
|
|
Setting<bool> filterSyscalls{this, true, "filter-syscalls",
|
|
|
|
"Whether to prevent certain dangerous system calls, such as "
|
|
|
|
"creation of setuid/setgid files or adding ACLs or extended "
|
|
|
|
"attributes. Only disable this if you're aware of the "
|
|
|
|
"security implications."};
|
|
|
|
|
2017-07-04 15:43:06 +02:00
|
|
|
Setting<bool> allowNewPrivileges{this, false, "allow-new-privileges",
|
|
|
|
"Whether builders can acquire new privileges by calling programs with "
|
|
|
|
"setuid/setgid bits or with file capabilities."};
|
|
|
|
#endif
|
2017-07-17 13:07:08 +02:00
|
|
|
|
|
|
|
Setting<Strings> hashedMirrors{this, {"http://tarballs.nixos.org/"}, "hashed-mirrors",
|
|
|
|
"A list of servers used by builtins.fetchurl to fetch files by hash."};
|
2017-09-05 20:43:42 +02:00
|
|
|
|
|
|
|
Setting<uint64_t> minFree{this, 0, "min-free",
|
|
|
|
"Automatically run the garbage collector when free disk space drops below the specified amount."};
|
|
|
|
|
|
|
|
Setting<uint64_t> maxFree{this, std::numeric_limits<uint64_t>::max(), "max-free",
|
|
|
|
"Stop deleting garbage when free disk space is above the specified amount."};
|
|
|
|
|
2018-02-08 17:26:18 +01:00
|
|
|
Setting<Paths> pluginFiles{this, {}, "plugin-files",
|
|
|
|
"Plugins to dynamically load at nix initialization time."};
|
2012-07-31 01:55:41 +02:00
|
|
|
};
|
2008-11-20 13:25:11 +01:00
|
|
|
|
2011-11-22 18:28:41 +01:00
|
|
|
|
2012-07-31 01:55:41 +02:00
|
|
|
// FIXME: don't use a global variable.
|
|
|
|
extern Settings settings;
|
2012-07-30 22:09:54 +02:00
|
|
|
|
2018-02-08 17:26:18 +01:00
|
|
|
/* This should be called after settings are initialized, but before
|
|
|
|
anything else */
|
|
|
|
void initPlugins();
|
|
|
|
|
2018-03-27 18:41:31 +02:00
|
|
|
void loadConfFile();
|
2011-11-22 18:28:41 +01:00
|
|
|
|
2012-11-27 13:29:55 +01:00
|
|
|
extern const string nixVersion;
|
|
|
|
|
2006-09-04 23:06:23 +02:00
|
|
|
}
|