Eelco Dolstra
c68e5913c7
Run builds in a user namespace
...
This way, all builds appear to have a uid/gid of 0 inside the
chroot. In the future, this may allow using programs like
systemd-nspawn inside builds, but that will require assigning a larger
UID/GID map to the build.
Issue #625 .
2016-06-09 18:30:39 +02:00
Eelco Dolstra
202683a4fc
Use O_CLOEXEC in most places
2016-06-09 16:37:08 +02:00
Eelco Dolstra
9bdd949cfd
Fix "creating statement: table ValidPaths has no column named ultimate"
2016-06-03 16:06:42 +02:00
Eelco Dolstra
5e51ffb1c2
Support sandbox builds by non-root users
...
This allows an unprivileged user to perform builds on a diverted store
(i.e. where the physical store location differs from the logical
location).
Example:
$ NIX_LOG_DIR=/tmp/log NIX_REMOTE="local?real=/tmp/store&state=/tmp/var" nix-build -E \
'with import <nixpkgs> {}; runCommand "foo" { buildInputs = [procps nettools]; } "id; ps; ifconfig; echo $out > $out"'
will do a build in the Nix store physically in /tmp/store but
logically in /nix/store (and thus using substituters for the latter).
2016-06-03 15:59:28 +02:00
Eelco Dolstra
2f8b0e557b
Consistent quotes
2016-06-03 14:03:09 +02:00
Eelco Dolstra
080d607975
Don't call shared_from_this() from a destructor
2016-06-03 14:02:44 +02:00
Eelco Dolstra
30c8c3ba2d
Fix some more references to storeDir
2016-06-03 14:02:44 +02:00
Eelco Dolstra
a8dfdc52b8
Merge pull request #925 from abbradar/master
...
Show both cycle ends
2016-06-03 13:58:51 +02:00
Nikolay Amiantov
c87a56f4d0
Show both cycle ends
2016-06-03 14:25:37 +03:00
Eelco Dolstra
75361b6dce
Fix narrowing conversion from int64_t to bool
...
http://hydra.nixos.org/build/36613774
2016-06-03 13:20:46 +02:00
Eelco Dolstra
f8a8b4d8f8
nix run: Set a reasonable uid/gid
2016-06-02 19:04:09 +02:00
Eelco Dolstra
d64e0c1b64
Make derivationFromPath work on diverted stores
2016-06-02 18:43:36 +02:00
Eelco Dolstra
eda2aaae92
nix run: Handle the case where the /nix/store mount point doesn't exist
2016-06-02 18:24:51 +02:00
Eelco Dolstra
a424ab0444
createTempDir(): Don't do a chown on Linux
...
It's not needed and can cause problems in a user namespace.
2016-06-02 18:17:30 +02:00
Eelco Dolstra
a24f2c9b84
nix run: Mount the Nix store in a private namespace
...
This is a convenience command to allow users who are not privileged to
create /nix/store to use Nix with regular binary caches. For example,
$ NIX_REMOTE="local?state=$HOME/nix/var&real=/$HOME/nix/store" nix run firefox bashInteractive
will download Firefox and bash from cache.nixos.org, then start a
shell in which $HOME/nix/store is mounted on /nix/store.
2016-06-02 16:51:43 +02:00
Eelco Dolstra
6f2d51287c
Add basic "nix run" command
2016-06-02 16:29:49 +02:00
Eelco Dolstra
4494000e04
LocalStore: Allow the physical and logical store directories to differ
...
This is primarily to subsume the functionality of the
copy-from-other-stores substituter. For example, in the NixOS
installer, we can now do (assuming we're in the target chroot, and the
Nix store of the installation CD is bind-mounted on /tmp/nix):
$ nix-build ... --option substituters 'local?state=/tmp/nix/var&real=/tmp/nix/store'
However, unlike copy-from-other-stores, this also allows write access
to such a store. One application might be fetching substitutes for
/nix/store in a situation where the user doesn't have sufficient
privileges to create /nix, e.g.:
$ NIX_REMOTE="local?state=/home/alice/nix/var&real=/home/alice/nix/store" nix-build ...
2016-06-02 16:02:48 +02:00
Eelco Dolstra
064816ab98
Respect build-use-substitutes
2016-06-02 16:02:48 +02:00
Eelco Dolstra
812c0dfbe2
Allow setting the state directory as a store parameter
...
E.g. "local?store=/tmp/store&state=/tmp/var".
2016-06-02 16:02:48 +02:00
Eelco Dolstra
f2682e6e18
<nix/fetchurl.nix>: Use tarballs.nixos.org
...
This ensures that the disappearance of upstream bootstrap tarballs
(e.g. https://github.com/NixOS/nixpkgs-channels/pull/1 ) doesn't break
stdenv rebuilds.
2016-06-01 17:11:51 +02:00
Eelco Dolstra
dead8189ac
Typo
2016-06-01 16:56:22 +02:00
Eelco Dolstra
e24e2caaaf
Skip substituters with an incompatible store directory
2016-06-01 16:40:49 +02:00
Eelco Dolstra
cf198952d0
HttpBinaryCacheStore: Fix caching of WantMassQuery
...
Also, test HttpBinaryCacheStore in addition to LocalBinaryCacheStore.
2016-06-01 16:24:17 +02:00
Eelco Dolstra
7850d3d279
Make the store directory a member variable of Store
2016-06-01 16:24:17 +02:00
Eelco Dolstra
1b5b654fe2
Fix OOM in the installer test
...
http://hydra.nixos.org/build/36462209
2016-05-31 15:16:21 +02:00
Eelco Dolstra
33664f0e8d
Fix reference to $NIX_LINK
2016-05-31 15:14:24 +02:00
Eelco Dolstra
0a9d627e50
Doh
2016-05-31 13:38:36 +02:00
Eelco Dolstra
88b79cd55c
Fix Debian 8 build
...
http://hydra.nixos.org/build/36462150
2016-05-31 13:37:33 +02:00
Eelco Dolstra
a9fa5e050a
Shut up some clang warnings
2016-05-31 13:31:04 +02:00
Eelco Dolstra
10f3a2e5f2
Fix clang build failure
...
Apparently opinion is divided on whether [[noreturn]] is allowed on a
lambda: http://stackoverflow.com/questions/26888805/how-to-declare-a-lambdas-operator-as-noreturn
http://hydra.nixos.org/build/36462100
2016-05-31 13:23:54 +02:00
Eelco Dolstra
759ac27f28
Fix nix-profile test in a chroot
...
http://hydra.nixos.org/build/36462078
2016-05-31 13:07:24 +02:00
Eelco Dolstra
c9ff3747db
nix-profile.sh: Don't pollute the environment
2016-05-31 13:07:10 +02:00
Eelco Dolstra
c2d27d30cf
nix-copy-closure / build-remote.pl: Disable signature checking
...
This restores the Nix 1.11 behaviour.
2016-05-31 11:48:05 +02:00
Eelco Dolstra
e4f0ba55ac
Disable the SSH substituter test for now
2016-05-31 11:48:05 +02:00
Eelco Dolstra
b5ac83f3a3
nix-copy-closure: Drop Nix <= 1.7 compat
2016-05-31 11:48:05 +02:00
Eelco Dolstra
8e74d1badb
Merge pull request #919 from veprbl/lzma_fix
...
use $(LIBLZMA_LIBS) instead of -llzma
2016-05-31 10:26:58 +02:00
Dmitry Kalinkin
78b00bbd8a
use $(LIBLZMA_LIBS) instead of -llzma
...
This is needed in case of non-standard lzma installation path that will
be specified in pkgconfig manifest as extra -L option for LDFLAGS.
2016-05-31 03:20:11 -04:00
Domen Kožar
5339ae4437
Merge pull request #576 from qknight/args_explanation
...
extended args@ explanation
2016-05-30 23:40:17 +01:00
Joachim Schiele
6766041b84
Update language-constructs.xml
2016-05-30 23:58:45 +02:00
Joachim Schiele
659a3e399b
Update language-constructs.xml
2016-05-30 23:58:13 +02:00
Eelco Dolstra
f7be7324b4
Forgot to commit
2016-05-30 20:24:14 +02:00
Domen Kožar
f53b3ef693
fix tarball job
2016-05-30 15:31:32 +01:00
Domen Kožar
040c40d3fc
convert README to markdown #825
2016-05-30 15:17:51 +01:00
Eelco Dolstra
cd35f0280c
Fix build
2016-05-30 16:12:50 +02:00
Eelco Dolstra
57d33013ce
Check signatures before downloading the substitute
2016-05-30 15:18:12 +02:00
Eelco Dolstra
42ae8d95aa
Test trying the next substitute after a bad signature
2016-05-30 15:18:12 +02:00
Eelco Dolstra
bac123ddd9
Test the NAR info cache
2016-05-30 15:18:12 +02:00
Eelco Dolstra
3593c8285d
Re-implement binary cache signature checking
...
This is now done in LocalStore::addToStore(), rather than in the
binary cache substituter (which no longer exists).
2016-05-30 15:18:12 +02:00
Eelco Dolstra
12ddbad458
LocalStore::addToStore: Verify hash of the imported path
2016-05-30 15:18:12 +02:00
Eelco Dolstra
e222484401
Re-implement the WantMassQuery property of binary caches
2016-05-30 15:18:12 +02:00