forked from lix-project/lix
Prevent config.h from being clobbered
This commit is contained in:
parent
8057a192e3
commit
28bba8c44f
|
@ -1,6 +1,6 @@
|
||||||
with import <nix/config.nix>;
|
with import <nix/config.nix>;
|
||||||
|
|
||||||
{system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? "", executable ? false}:
|
{system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? ""}:
|
||||||
|
|
||||||
assert (outputHash != "" && outputHashAlgo != "")
|
assert (outputHash != "" && outputHashAlgo != "")
|
||||||
|| md5 != "" || sha1 != "" || sha256 != "";
|
|| md5 != "" || sha1 != "" || sha256 != "";
|
||||||
|
@ -8,10 +8,10 @@ assert (outputHash != "" && outputHashAlgo != "")
|
||||||
let
|
let
|
||||||
|
|
||||||
builder = builtins.toFile "fetchurl.sh"
|
builder = builtins.toFile "fetchurl.sh"
|
||||||
(''
|
''
|
||||||
echo "downloading $url into $out"
|
echo "downloading $url into $out"
|
||||||
${curl} --fail --location --max-redirs 20 --insecure "$url" > "$out"
|
${curl} --fail --location --max-redirs 20 --insecure "$url" > "$out"
|
||||||
'' + (if executable then "${coreutils}/chmod +x $out" else ""));
|
'';
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
|
@ -25,7 +25,6 @@ derivation {
|
||||||
if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5";
|
if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5";
|
||||||
outputHash = if outputHash != "" then outputHash else
|
outputHash = if outputHash != "" then outputHash else
|
||||||
if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5;
|
if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5;
|
||||||
outputHashMode = if executable then "recursive" else "flat";
|
|
||||||
|
|
||||||
inherit system url;
|
inherit system url;
|
||||||
|
|
||||||
|
|
33
doc/dev/release-procedures.txt
Normal file
33
doc/dev/release-procedures.txt
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
To produce a `stable' release from the trunk:
|
||||||
|
|
||||||
|
-1. Update the release notes; make sure that the release date is
|
||||||
|
correct.
|
||||||
|
|
||||||
|
0. Make sure that the trunk builds in the release supervisor.
|
||||||
|
|
||||||
|
1. Branch the trunk, e.g., `svn cp .../trunk
|
||||||
|
.../branches/0.5-release'.
|
||||||
|
|
||||||
|
2. Switch to the branch, e.g., `svn switch .../branches/0.5-release'.
|
||||||
|
|
||||||
|
3. In `configure.ac', change `STABLE=0' into `STABLE=1' and commit.
|
||||||
|
|
||||||
|
4. In the release supervisor, add a one-time job to build
|
||||||
|
`.../branches/0.5-release'.
|
||||||
|
|
||||||
|
5. Make sure that the release succeeds.
|
||||||
|
|
||||||
|
6. Move the branch to a tag, e.g., `svn mv .../branches/0.5-release
|
||||||
|
.../tags/0.5'.
|
||||||
|
|
||||||
|
Note that the branch should not be used for maintenance; it should
|
||||||
|
be deleted after the release has been created. A maintenance
|
||||||
|
branch (e.g., `.../branches/0.5') should be created from the
|
||||||
|
original revision of the trunk (since maintenance releases should
|
||||||
|
also be tested first; hence, we cannot have `STABLE=1'). The same
|
||||||
|
procedure can then be followed to produce maintenance releases;
|
||||||
|
just substitute `.../branches/VERSION' for the trunk.
|
||||||
|
|
||||||
|
7. Switch back to the trunk.
|
||||||
|
|
||||||
|
8. Bump the version number in `configure.ac' (in AC_INIT).
|
|
@ -302,18 +302,6 @@ stdenv.mkDerivation {
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|
||||||
<varlistentry><term><function>builtins.hashString</function>
|
|
||||||
<replaceable>type</replaceable> <replaceable>s</replaceable></term>
|
|
||||||
|
|
||||||
<listitem><para>Return a base-16 representation of the
|
|
||||||
cryptographic hash of string <replaceable>s</replaceable>. The
|
|
||||||
hash algorithm specified by <replaceable>type</replaceable> must
|
|
||||||
be one of <literal>"md5"</literal>, <literal>"sha1"</literal> or
|
|
||||||
<literal>"sha256"</literal>.</para></listitem>
|
|
||||||
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
|
|
||||||
<varlistentry><term><function>builtins.head</function>
|
<varlistentry><term><function>builtins.head</function>
|
||||||
<replaceable>list</replaceable></term>
|
<replaceable>list</replaceable></term>
|
||||||
|
|
||||||
|
|
|
@ -343,11 +343,10 @@
|
||||||
|
|
||||||
<varlistentry><term><option>-I</option> <replaceable>path</replaceable></term>
|
<varlistentry><term><option>-I</option> <replaceable>path</replaceable></term>
|
||||||
|
|
||||||
<listitem><para>Add a path to the Nix expression search path. This
|
<listitem><para>Add a path to the Nix expression search path. See
|
||||||
option may be given multiple times. See the <envar>NIX_PATH</envar>
|
the <envar>NIX_PATH</envar> environment variable for details. Paths
|
||||||
environment variable for information on the semantics of the Nix
|
added through <option>-I</option> take precedence over
|
||||||
search path. Paths added through <option>-I</option> take
|
<envar>NIX_PATH</envar>.</para></listitem>
|
||||||
precedence over <envar>NIX_PATH</envar>.</para></listitem>
|
|
||||||
|
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
|
|
@ -6,63 +6,6 @@
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<!--==================================================================-->
|
|
||||||
|
|
||||||
<section xml:id="ssec-relnotes-1.5.1"><title>Release 1.5.1 (February 28, 2013)</title>
|
|
||||||
|
|
||||||
<para>The bug fix to the bug fix had a bug itself, of course. But
|
|
||||||
this time it will work for sure!</para>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
|
|
||||||
|
|
||||||
<!--==================================================================-->
|
|
||||||
|
|
||||||
<section xml:id="ssec-relnotes-1.5"><title>Release 1.5 (February 27, 2013)</title>
|
|
||||||
|
|
||||||
<para>This is a brown paper bag release to fix a regression introduced
|
|
||||||
by the hard link security fix in 1.4.</para>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
|
|
||||||
|
|
||||||
<!--==================================================================-->
|
|
||||||
|
|
||||||
<section xml:id="ssec-relnotes-1.4"><title>Release 1.4 (February 26, 2013)</title>
|
|
||||||
|
|
||||||
<para>This release fixes a security bug in multi-user operation. It
|
|
||||||
was possible for derivations to cause the mode of files outside of the
|
|
||||||
Nix store to be changed to 444 (read-only but world-readable) by
|
|
||||||
creating hard links to those files (<link
|
|
||||||
xlink:href="https://github.com/NixOS/nix/commit/5526a282b5b44e9296e61e07d7d2626a79141ac4">details</link>).</para>
|
|
||||||
|
|
||||||
<para>There are also the following improvements:</para>
|
|
||||||
|
|
||||||
<itemizedlist>
|
|
||||||
|
|
||||||
<listitem><para>New built-in function:
|
|
||||||
<function>builtins.hashString</function>.</para></listitem>
|
|
||||||
|
|
||||||
<listitem><para>Build logs are now stored in
|
|
||||||
<filename>/nix/var/log/nix/drvs/<replaceable>XX</replaceable>/</filename>,
|
|
||||||
where <replaceable>XX</replaceable> is the first two characters of
|
|
||||||
the derivation. This is useful on machines that keep a lot of build
|
|
||||||
logs (such as Hydra servers).</para></listitem>
|
|
||||||
|
|
||||||
<listitem><para>The function <function>corepkgs/fetchurl</function>
|
|
||||||
can now make the downloaded file executable. This will allow
|
|
||||||
getting rid of all bootstrap binaries in the Nixpkgs source
|
|
||||||
tree.</para></listitem>
|
|
||||||
|
|
||||||
<listitem><para>Language change: The expression <literal>"${./path}
|
|
||||||
..."</literal> now evaluates to a string instead of a
|
|
||||||
path.</para></listitem>
|
|
||||||
|
|
||||||
</itemizedlist>
|
|
||||||
|
|
||||||
</section>
|
|
||||||
|
|
||||||
|
|
||||||
<!--==================================================================-->
|
<!--==================================================================-->
|
||||||
|
|
||||||
<section xml:id="ssec-relnotes-1.3"><title>Release 1.3 (January 4, 2013)</title>
|
<section xml:id="ssec-relnotes-1.3"><title>Release 1.3 (January 4, 2013)</title>
|
||||||
|
|
|
@ -238,10 +238,7 @@ SV * derivationFromPath(char * drvPath)
|
||||||
Derivation drv = derivationFromPath(*store, drvPath);
|
Derivation drv = derivationFromPath(*store, drvPath);
|
||||||
hash = newHV();
|
hash = newHV();
|
||||||
|
|
||||||
HV * outputs = newHV();
|
/* TODO: handle drv.outputs */
|
||||||
for (DerivationOutputs::iterator i = drv.outputs.begin(); i != drv.outputs.end(); ++i)
|
|
||||||
hv_store(outputs, i->first.c_str(), i->first.size(), newSVpv(i->second.path.c_str(), 0), 0);
|
|
||||||
hv_stores(hash, "outputs", newRV((SV *) outputs));
|
|
||||||
|
|
||||||
AV * inputDrvs = newAV();
|
AV * inputDrvs = newAV();
|
||||||
for (DerivationInputs::iterator i = drv.inputDrvs.begin(); i != drv.inputDrvs.end(); ++i)
|
for (DerivationInputs::iterator i = drv.inputDrvs.begin(); i != drv.inputDrvs.end(); ++i)
|
||||||
|
|
|
@ -258,9 +258,8 @@ close UPLOADLOCK;
|
||||||
|
|
||||||
# Perform the build.
|
# Perform the build.
|
||||||
my $buildFlags =
|
my $buildFlags =
|
||||||
"--max-silent-time $maxSilentTime --option build-timeout $buildTimeout"
|
"--max-silent-time $maxSilentTime --option build-timeout $buildTimeout "
|
||||||
. " --fallback --add-root $rootsDir/\$PPID.out --quiet"
|
. "--fallback --add-root $rootsDir/\$PPID.out --option verbosity 0";
|
||||||
. " --option build-keep-log false";
|
|
||||||
|
|
||||||
# We let the remote side kill its process group when the connection is
|
# We let the remote side kill its process group when the connection is
|
||||||
# closed unexpectedly. This is necessary to ensure that no processes
|
# closed unexpectedly. This is necessary to ensure that no processes
|
||||||
|
|
|
@ -966,7 +966,7 @@ void ExprConcatStrings::eval(EvalState & state, Env & env, Value & v)
|
||||||
since paths are copied when they are used in a derivation),
|
since paths are copied when they are used in a derivation),
|
||||||
and none of the strings are allowed to have contexts. */
|
and none of the strings are allowed to have contexts. */
|
||||||
if (first) {
|
if (first) {
|
||||||
isPath = !forceString && vStr.type == tPath;
|
isPath = vStr.type == tPath;
|
||||||
first = false;
|
first = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -277,10 +277,8 @@ MakeBinOp(OpConcatLists, "++")
|
||||||
|
|
||||||
struct ExprConcatStrings : Expr
|
struct ExprConcatStrings : Expr
|
||||||
{
|
{
|
||||||
bool forceString;
|
|
||||||
vector<Expr *> * es;
|
vector<Expr *> * es;
|
||||||
ExprConcatStrings(bool forceString, vector<Expr *> * es)
|
ExprConcatStrings(vector<Expr *> * es) : es(es) { };
|
||||||
: forceString(forceString), es(es) { };
|
|
||||||
COMMON_METHODS
|
COMMON_METHODS
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -203,7 +203,7 @@ static Expr * stripIndentation(SymbolTable & symbols, vector<Expr *> & es)
|
||||||
es2->push_back(new ExprString(symbols.create(s2)));
|
es2->push_back(new ExprString(symbols.create(s2)));
|
||||||
}
|
}
|
||||||
|
|
||||||
return es2->size() == 1 ? (*es2)[0] : new ExprConcatStrings(true, es2);
|
return es2->size() == 1 ? (*es2)[0] : new ExprConcatStrings(es2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -318,7 +318,7 @@ expr_op
|
||||||
{ vector<Expr *> * l = new vector<Expr *>;
|
{ vector<Expr *> * l = new vector<Expr *>;
|
||||||
l->push_back($1);
|
l->push_back($1);
|
||||||
l->push_back($3);
|
l->push_back($3);
|
||||||
$$ = new ExprConcatStrings(false, l);
|
$$ = new ExprConcatStrings(l);
|
||||||
}
|
}
|
||||||
| expr_op CONCAT expr_op { $$ = new ExprOpConcatLists($1, $3); }
|
| expr_op CONCAT expr_op { $$ = new ExprOpConcatLists($1, $3); }
|
||||||
| expr_app
|
| expr_app
|
||||||
|
@ -349,7 +349,7 @@ expr_simple
|
||||||
/* For efficiency, and to simplify parse trees a bit. */
|
/* For efficiency, and to simplify parse trees a bit. */
|
||||||
if ($2->empty()) $$ = new ExprString(data->symbols.create(""));
|
if ($2->empty()) $$ = new ExprString(data->symbols.create(""));
|
||||||
else if ($2->size() == 1) $$ = $2->front();
|
else if ($2->size() == 1) $$ = $2->front();
|
||||||
else $$ = new ExprConcatStrings(true, $2);
|
else $$ = new ExprConcatStrings($2);
|
||||||
}
|
}
|
||||||
| IND_STRING_OPEN ind_string_parts IND_STRING_CLOSE {
|
| IND_STRING_OPEN ind_string_parts IND_STRING_CLOSE {
|
||||||
$$ = stripIndentation(data->symbols, *$2);
|
$$ = stripIndentation(data->symbols, *$2);
|
||||||
|
|
|
@ -1107,21 +1107,6 @@ static void prim_unsafeDiscardOutputDependency(EvalState & state, Value * * args
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Return the cryptographic hash of a string in base-16. */
|
|
||||||
static void prim_hashString(EvalState & state, Value * * args, Value & v)
|
|
||||||
{
|
|
||||||
string type = state.forceStringNoCtx(*args[0]);
|
|
||||||
HashType ht = parseHashType(type);
|
|
||||||
if (ht == htUnknown)
|
|
||||||
throw Error(format("unknown hash type `%1%'") % type);
|
|
||||||
|
|
||||||
PathSet context; // discarded
|
|
||||||
string s = state.forceString(*args[1], context);
|
|
||||||
|
|
||||||
mkString(v, printHash(hashString(ht, s)), context);
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
/*************************************************************
|
/*************************************************************
|
||||||
* Versions
|
* Versions
|
||||||
*************************************************************/
|
*************************************************************/
|
||||||
|
@ -1249,7 +1234,6 @@ void EvalState::createBaseEnv()
|
||||||
addPrimOp("__stringLength", 1, prim_stringLength);
|
addPrimOp("__stringLength", 1, prim_stringLength);
|
||||||
addPrimOp("__unsafeDiscardStringContext", 1, prim_unsafeDiscardStringContext);
|
addPrimOp("__unsafeDiscardStringContext", 1, prim_unsafeDiscardStringContext);
|
||||||
addPrimOp("__unsafeDiscardOutputDependency", 1, prim_unsafeDiscardOutputDependency);
|
addPrimOp("__unsafeDiscardOutputDependency", 1, prim_unsafeDiscardOutputDependency);
|
||||||
addPrimOp("__hashString", 2, prim_hashString);
|
|
||||||
|
|
||||||
// Versions
|
// Versions
|
||||||
addPrimOp("__parseDrvName", 1, prim_parseDrvName);
|
addPrimOp("__parseDrvName", 1, prim_parseDrvName);
|
||||||
|
|
|
@ -168,10 +168,11 @@ static void initAndRun(int argc, char * * argv)
|
||||||
remaining.clear();
|
remaining.clear();
|
||||||
|
|
||||||
/* Process default options. */
|
/* Process default options. */
|
||||||
|
int verbosityDelta = lvlInfo;
|
||||||
for (Strings::iterator i = args.begin(); i != args.end(); ++i) {
|
for (Strings::iterator i = args.begin(); i != args.end(); ++i) {
|
||||||
string arg = *i;
|
string arg = *i;
|
||||||
if (arg == "--verbose" || arg == "-v") verbosity = (Verbosity) (verbosity + 1);
|
if (arg == "--verbose" || arg == "-v") verbosityDelta++;
|
||||||
else if (arg == "--quiet") verbosity = verbosity > lvlError ? (Verbosity) (verbosity - 1) : lvlError;
|
else if (arg == "--quiet") verbosityDelta--;
|
||||||
else if (arg == "--log-type") {
|
else if (arg == "--log-type") {
|
||||||
string s = getArg(arg, i, args.end());
|
string s = getArg(arg, i, args.end());
|
||||||
setLogType(s);
|
setLogType(s);
|
||||||
|
@ -218,6 +219,8 @@ static void initAndRun(int argc, char * * argv)
|
||||||
else remaining.push_back(arg);
|
else remaining.push_back(arg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
verbosity = (Verbosity) (verbosityDelta < 0 ? 0 : verbosityDelta);
|
||||||
|
|
||||||
settings.update();
|
settings.update();
|
||||||
|
|
||||||
run(remaining);
|
run(remaining);
|
||||||
|
|
|
@ -43,12 +43,6 @@
|
||||||
#include <sched.h>
|
#include <sched.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* In GNU libc 2.11, <sys/mount.h> does not define `MS_PRIVATE', but
|
|
||||||
<linux/fs.h> does. */
|
|
||||||
#if !defined MS_PRIVATE && defined HAVE_LINUX_FS_H
|
|
||||||
#include <linux/fs.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define CHROOT_ENABLED HAVE_CHROOT && HAVE_UNSHARE && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_PRIVATE) && defined(CLONE_NEWNS)
|
#define CHROOT_ENABLED HAVE_CHROOT && HAVE_UNSHARE && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_PRIVATE) && defined(CLONE_NEWNS)
|
||||||
|
|
||||||
#if CHROOT_ENABLED
|
#if CHROOT_ENABLED
|
||||||
|
@ -2287,7 +2281,7 @@ void DerivationGoal::computeClosure()
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Get rid of all weird permissions. */
|
/* Get rid of all weird permissions. */
|
||||||
canonicalisePathMetaData(path, buildUser.enabled() ? buildUser.getUID() : -1);
|
canonicalisePathMetaData(path);
|
||||||
|
|
||||||
/* For this output path, find the references to other paths
|
/* For this output path, find the references to other paths
|
||||||
contained in it. Compute the SHA-256 NAR hash at the same
|
contained in it. Compute the SHA-256 NAR hash at the same
|
||||||
|
@ -2349,15 +2343,13 @@ Path DerivationGoal::openLogFile()
|
||||||
{
|
{
|
||||||
if (!settings.keepLog) return "";
|
if (!settings.keepLog) return "";
|
||||||
|
|
||||||
string baseName = baseNameOf(drvPath);
|
|
||||||
|
|
||||||
/* Create a log file. */
|
/* Create a log file. */
|
||||||
Path dir = (format("%1%/%2%/%3%/") % settings.nixLogDir % drvsLogDir % string(baseName, 0, 2)).str();
|
Path dir = (format("%1%/%2%") % settings.nixLogDir % drvsLogDir).str();
|
||||||
createDirs(dir);
|
createDirs(dir);
|
||||||
|
|
||||||
if (settings.compressLog) {
|
if (settings.compressLog) {
|
||||||
|
|
||||||
Path logFileName = (format("%1%/%2%.bz2") % dir % string(baseName, 2)).str();
|
Path logFileName = (format("%1%/%2%.bz2") % dir % baseNameOf(drvPath)).str();
|
||||||
AutoCloseFD fd = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666);
|
AutoCloseFD fd = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666);
|
||||||
if (fd == -1) throw SysError(format("creating log file `%1%'") % logFileName);
|
if (fd == -1) throw SysError(format("creating log file `%1%'") % logFileName);
|
||||||
closeOnExec(fd);
|
closeOnExec(fd);
|
||||||
|
@ -2372,7 +2364,7 @@ Path DerivationGoal::openLogFile()
|
||||||
return logFileName;
|
return logFileName;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
Path logFileName = (format("%1%/%2%") % dir % string(baseName, 2)).str();
|
Path logFileName = (format("%1%/%2%") % dir % baseNameOf(drvPath)).str();
|
||||||
fdLogFile = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666);
|
fdLogFile = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666);
|
||||||
if (fdLogFile == -1) throw SysError(format("creating log file `%1%'") % logFileName);
|
if (fdLogFile == -1) throw SysError(format("creating log file `%1%'") % logFileName);
|
||||||
closeOnExec(fdLogFile);
|
closeOnExec(fdLogFile);
|
||||||
|
@ -2839,7 +2831,7 @@ void SubstitutionGoal::finished()
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
canonicalisePathMetaData(destPath, -1);
|
canonicalisePathMetaData(destPath);
|
||||||
|
|
||||||
worker.store.optimisePath(destPath); // FIXME: combine with hashPath()
|
worker.store.optimisePath(destPath); // FIXME: combine with hashPath()
|
||||||
|
|
||||||
|
|
|
@ -659,10 +659,7 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results)
|
||||||
increase, since we hold locks on everything. So everything
|
increase, since we hold locks on everything. So everything
|
||||||
that is not reachable from `roots'. */
|
that is not reachable from `roots'. */
|
||||||
|
|
||||||
if (state.shouldDelete) {
|
if (state.shouldDelete) createDirs(state.trashDir);
|
||||||
if (pathExists(state.trashDir)) deleteGarbage(state, state.trashDir);
|
|
||||||
createDirs(state.trashDir);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Now either delete all garbage paths, or just the specified
|
/* Now either delete all garbage paths, or just the specified
|
||||||
paths (for gcDeleteSpecific). */
|
paths (for gcDeleteSpecific). */
|
||||||
|
|
|
@ -10,14 +10,6 @@
|
||||||
namespace nix {
|
namespace nix {
|
||||||
|
|
||||||
|
|
||||||
/* The default location of the daemon socket, relative to nixStateDir.
|
|
||||||
The socket is in a directory to allow you to control access to the
|
|
||||||
Nix daemon by setting the mode/ownership of the directory
|
|
||||||
appropriately. (This wouldn't work on the socket itself since it
|
|
||||||
must be deleted and recreated on startup.) */
|
|
||||||
#define DEFAULT_SOCKET_PATH "/daemon-socket/socket"
|
|
||||||
|
|
||||||
|
|
||||||
Settings settings;
|
Settings settings;
|
||||||
|
|
||||||
|
|
||||||
|
@ -66,7 +58,6 @@ void Settings::processEnvironment()
|
||||||
nixConfDir = canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR));
|
nixConfDir = canonPath(getEnv("NIX_CONF_DIR", NIX_CONF_DIR));
|
||||||
nixLibexecDir = canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR));
|
nixLibexecDir = canonPath(getEnv("NIX_LIBEXEC_DIR", NIX_LIBEXEC_DIR));
|
||||||
nixBinDir = canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR));
|
nixBinDir = canonPath(getEnv("NIX_BIN_DIR", NIX_BIN_DIR));
|
||||||
nixDaemonSocketFile = canonPath(nixStateDir + DEFAULT_SOCKET_PATH);
|
|
||||||
|
|
||||||
string subs = getEnv("NIX_SUBSTITUTERS", "default");
|
string subs = getEnv("NIX_SUBSTITUTERS", "default");
|
||||||
if (subs == "default") {
|
if (subs == "default") {
|
||||||
|
|
|
@ -50,9 +50,6 @@ struct Settings {
|
||||||
/* The directory where the main programs are stored. */
|
/* The directory where the main programs are stored. */
|
||||||
Path nixBinDir;
|
Path nixBinDir;
|
||||||
|
|
||||||
/* File name of the socket the daemon listens to. */
|
|
||||||
Path nixDaemonSocketFile;
|
|
||||||
|
|
||||||
/* Whether to keep temporary directories of failed builds. */
|
/* Whether to keep temporary directories of failed builds. */
|
||||||
bool keepFailed;
|
bool keepFailed;
|
||||||
|
|
||||||
|
|
|
@ -47,11 +47,7 @@ static void throwSQLiteError(sqlite3 * db, const format & f)
|
||||||
{
|
{
|
||||||
int err = sqlite3_errcode(db);
|
int err = sqlite3_errcode(db);
|
||||||
if (err == SQLITE_BUSY) {
|
if (err == SQLITE_BUSY) {
|
||||||
static bool warned = false;
|
|
||||||
if (!warned) {
|
|
||||||
printMsg(lvlError, "warning: SQLite database is busy");
|
printMsg(lvlError, "warning: SQLite database is busy");
|
||||||
warned = true;
|
|
||||||
}
|
|
||||||
/* Sleep for a while since retrying the transaction right away
|
/* Sleep for a while since retrying the transaction right away
|
||||||
is likely to fail again. */
|
is likely to fail again. */
|
||||||
#if HAVE_NANOSLEEP
|
#if HAVE_NANOSLEEP
|
||||||
|
@ -465,8 +461,36 @@ void LocalStore::makeStoreWritable()
|
||||||
const time_t mtimeStore = 1; /* 1 second into the epoch */
|
const time_t mtimeStore = 1; /* 1 second into the epoch */
|
||||||
|
|
||||||
|
|
||||||
static void canonicaliseTimestampAndPermissions(const Path & path, const struct stat & st)
|
void canonicalisePathMetaData(const Path & path, bool recurse)
|
||||||
{
|
{
|
||||||
|
checkInterrupt();
|
||||||
|
|
||||||
|
struct stat st;
|
||||||
|
if (lstat(path.c_str(), &st))
|
||||||
|
throw SysError(format("getting attributes of path `%1%'") % path);
|
||||||
|
|
||||||
|
/* Really make sure that the path is of a supported type. This
|
||||||
|
has already been checked in dumpPath(). */
|
||||||
|
assert(S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode));
|
||||||
|
|
||||||
|
/* Change ownership to the current uid. If it's a symlink, use
|
||||||
|
lchown if available, otherwise don't bother. Wrong ownership
|
||||||
|
of a symlink doesn't matter, since the owning user can't change
|
||||||
|
the symlink and can't delete it because the directory is not
|
||||||
|
writable. The only exception is top-level paths in the Nix
|
||||||
|
store (since that directory is group-writable for the Nix build
|
||||||
|
users group); we check for this case below. */
|
||||||
|
if (st.st_uid != geteuid()) {
|
||||||
|
#if HAVE_LCHOWN
|
||||||
|
if (lchown(path.c_str(), geteuid(), (gid_t) -1) == -1)
|
||||||
|
#else
|
||||||
|
if (!S_ISLNK(st.st_mode) &&
|
||||||
|
chown(path.c_str(), geteuid(), (gid_t) -1) == -1)
|
||||||
|
#endif
|
||||||
|
throw SysError(format("changing owner of `%1%' to %2%")
|
||||||
|
% path % geteuid());
|
||||||
|
}
|
||||||
|
|
||||||
if (!S_ISLNK(st.st_mode)) {
|
if (!S_ISLNK(st.st_mode)) {
|
||||||
|
|
||||||
/* Mask out all type related bits. */
|
/* Mask out all type related bits. */
|
||||||
|
@ -497,84 +521,18 @@ static void canonicaliseTimestampAndPermissions(const Path & path, const struct
|
||||||
#endif
|
#endif
|
||||||
throw SysError(format("changing modification time of `%1%'") % path);
|
throw SysError(format("changing modification time of `%1%'") % path);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
if (recurse && S_ISDIR(st.st_mode)) {
|
||||||
void canonicaliseTimestampAndPermissions(const Path & path)
|
|
||||||
{
|
|
||||||
struct stat st;
|
|
||||||
if (lstat(path.c_str(), &st))
|
|
||||||
throw SysError(format("getting attributes of path `%1%'") % path);
|
|
||||||
canonicaliseTimestampAndPermissions(path, st);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
typedef std::pair<dev_t, ino_t> Inode;
|
|
||||||
typedef set<Inode> InodesSeen;
|
|
||||||
|
|
||||||
|
|
||||||
static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSeen & inodesSeen)
|
|
||||||
{
|
|
||||||
checkInterrupt();
|
|
||||||
|
|
||||||
struct stat st;
|
|
||||||
if (lstat(path.c_str(), &st))
|
|
||||||
throw SysError(format("getting attributes of path `%1%'") % path);
|
|
||||||
|
|
||||||
/* Really make sure that the path is of a supported type. This
|
|
||||||
has already been checked in dumpPath(). */
|
|
||||||
assert(S_ISREG(st.st_mode) || S_ISDIR(st.st_mode) || S_ISLNK(st.st_mode));
|
|
||||||
|
|
||||||
/* Fail if the file is not owned by the build user. This prevents
|
|
||||||
us from messing up the ownership/permissions of files
|
|
||||||
hard-linked into the output (e.g. "ln /etc/shadow $out/foo").
|
|
||||||
However, ignore files that we chown'ed ourselves previously to
|
|
||||||
ensure that we don't fail on hard links within the same build
|
|
||||||
(i.e. "touch $out/foo; ln $out/foo $out/bar"). */
|
|
||||||
if (fromUid != (uid_t) -1 && st.st_uid != fromUid) {
|
|
||||||
assert(!S_ISDIR(st.st_mode));
|
|
||||||
if (inodesSeen.find(Inode(st.st_dev, st.st_ino)) == inodesSeen.end())
|
|
||||||
throw BuildError(format("invalid ownership on file `%1%'") % path);
|
|
||||||
mode_t mode = st.st_mode & ~S_IFMT;
|
|
||||||
assert(S_ISLNK(st.st_mode) || (st.st_uid == geteuid() && (mode == 0444 || mode == 0555) && st.st_mtime == mtimeStore));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
inodesSeen.insert(Inode(st.st_dev, st.st_ino));
|
|
||||||
|
|
||||||
canonicaliseTimestampAndPermissions(path, st);
|
|
||||||
|
|
||||||
/* Change ownership to the current uid. If it's a symlink, use
|
|
||||||
lchown if available, otherwise don't bother. Wrong ownership
|
|
||||||
of a symlink doesn't matter, since the owning user can't change
|
|
||||||
the symlink and can't delete it because the directory is not
|
|
||||||
writable. The only exception is top-level paths in the Nix
|
|
||||||
store (since that directory is group-writable for the Nix build
|
|
||||||
users group); we check for this case below. */
|
|
||||||
if (st.st_uid != geteuid()) {
|
|
||||||
#if HAVE_LCHOWN
|
|
||||||
if (lchown(path.c_str(), geteuid(), (gid_t) -1) == -1)
|
|
||||||
#else
|
|
||||||
if (!S_ISLNK(st.st_mode) &&
|
|
||||||
chown(path.c_str(), geteuid(), (gid_t) -1) == -1)
|
|
||||||
#endif
|
|
||||||
throw SysError(format("changing owner of `%1%' to %2%")
|
|
||||||
% path % geteuid());
|
|
||||||
}
|
|
||||||
|
|
||||||
if (S_ISDIR(st.st_mode)) {
|
|
||||||
Strings names = readDirectory(path);
|
Strings names = readDirectory(path);
|
||||||
foreach (Strings::iterator, i, names)
|
foreach (Strings::iterator, i, names)
|
||||||
canonicalisePathMetaData_(path + "/" + *i, fromUid, inodesSeen);
|
canonicalisePathMetaData(path + "/" + *i, true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void canonicalisePathMetaData(const Path & path, uid_t fromUid)
|
void canonicalisePathMetaData(const Path & path)
|
||||||
{
|
{
|
||||||
InodesSeen inodesSeen;
|
canonicalisePathMetaData(path, true);
|
||||||
|
|
||||||
canonicalisePathMetaData_(path, fromUid, inodesSeen);
|
|
||||||
|
|
||||||
/* On platforms that don't have lchown(), the top-level path can't
|
/* On platforms that don't have lchown(), the top-level path can't
|
||||||
be a symlink, since we can't change its ownership. */
|
be a symlink, since we can't change its ownership. */
|
||||||
|
@ -1236,7 +1194,7 @@ Path LocalStore::addToStoreFromDump(const string & dump, const string & name,
|
||||||
} else
|
} else
|
||||||
writeFile(dstPath, dump);
|
writeFile(dstPath, dump);
|
||||||
|
|
||||||
canonicalisePathMetaData(dstPath, -1);
|
canonicalisePathMetaData(dstPath);
|
||||||
|
|
||||||
/* Register the SHA-256 hash of the NAR serialisation of
|
/* Register the SHA-256 hash of the NAR serialisation of
|
||||||
the path in the database. We may just have computed it
|
the path in the database. We may just have computed it
|
||||||
|
@ -1301,7 +1259,7 @@ Path LocalStore::addTextToStore(const string & name, const string & s,
|
||||||
|
|
||||||
writeFile(dstPath, s);
|
writeFile(dstPath, s);
|
||||||
|
|
||||||
canonicalisePathMetaData(dstPath, -1);
|
canonicalisePathMetaData(dstPath);
|
||||||
|
|
||||||
HashResult hash = hashPath(htSHA256, dstPath);
|
HashResult hash = hashPath(htSHA256, dstPath);
|
||||||
|
|
||||||
|
@ -1536,7 +1494,7 @@ Path LocalStore::importPath(bool requireSignature, Source & source)
|
||||||
throw SysError(format("cannot move `%1%' to `%2%'")
|
throw SysError(format("cannot move `%1%' to `%2%'")
|
||||||
% unpacked % dstPath);
|
% unpacked % dstPath);
|
||||||
|
|
||||||
canonicalisePathMetaData(dstPath, -1);
|
canonicalisePathMetaData(dstPath);
|
||||||
|
|
||||||
/* !!! if we were clever, we could prevent the hashPath()
|
/* !!! if we were clever, we could prevent the hashPath()
|
||||||
here. */
|
here. */
|
||||||
|
|
|
@ -307,9 +307,9 @@ private:
|
||||||
without execute permission; setuid bits etc. are cleared)
|
without execute permission; setuid bits etc. are cleared)
|
||||||
- the owner and group are set to the Nix user and group, if we're
|
- the owner and group are set to the Nix user and group, if we're
|
||||||
in a setuid Nix installation. */
|
in a setuid Nix installation. */
|
||||||
void canonicalisePathMetaData(const Path & path, uid_t fromUid);
|
void canonicalisePathMetaData(const Path & path);
|
||||||
|
|
||||||
void canonicaliseTimestampAndPermissions(const Path & path);
|
void canonicalisePathMetaData(const Path & path, bool recurse);
|
||||||
|
|
||||||
MakeError(PathInUse, Error);
|
MakeError(PathInUse, Error);
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@ struct MakeReadOnly
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
/* This will make the path read-only. */
|
/* This will make the path read-only. */
|
||||||
if (path != "") canonicaliseTimestampAndPermissions(path);
|
if (path != "") canonicalisePathMetaData(path, false);
|
||||||
} catch (...) {
|
} catch (...) {
|
||||||
ignoreException();
|
ignoreException();
|
||||||
}
|
}
|
||||||
|
|
|
@ -91,7 +91,7 @@ void RemoteStore::connectToDaemon()
|
||||||
throw SysError("cannot create Unix domain socket");
|
throw SysError("cannot create Unix domain socket");
|
||||||
closeOnExec(fdSocket);
|
closeOnExec(fdSocket);
|
||||||
|
|
||||||
string socketPath = settings.nixDaemonSocketFile;
|
string socketPath = settings.nixStateDir + DEFAULT_SOCKET_PATH;
|
||||||
|
|
||||||
/* Urgh, sockaddr_un allows path names of only 108 characters. So
|
/* Urgh, sockaddr_un allows path names of only 108 characters. So
|
||||||
chdir to the socket directory so that we can pass a relative
|
chdir to the socket directory so that we can pass a relative
|
||||||
|
|
|
@ -53,6 +53,14 @@ typedef enum {
|
||||||
#define STDERR_ERROR 0x63787470
|
#define STDERR_ERROR 0x63787470
|
||||||
|
|
||||||
|
|
||||||
|
/* The default location of the daemon socket, relative to nixStateDir.
|
||||||
|
The socket is in a directory to allow you to control access to the
|
||||||
|
Nix daemon by setting the mode/ownership of the directory
|
||||||
|
appropriately. (This wouldn't work on the socket itself since it
|
||||||
|
must be deleted and recreated on startup.) */
|
||||||
|
#define DEFAULT_SOCKET_PATH "/daemon-socket/socket"
|
||||||
|
|
||||||
|
|
||||||
Path readStorePath(Source & from);
|
Path readStorePath(Source & from);
|
||||||
template<class T> T readStorePaths(Source & from);
|
template<class T> T readStorePaths(Source & from);
|
||||||
|
|
||||||
|
|
|
@ -774,7 +774,7 @@ static void daemonLoop()
|
||||||
if (fdSocket == -1)
|
if (fdSocket == -1)
|
||||||
throw SysError("cannot create Unix domain socket");
|
throw SysError("cannot create Unix domain socket");
|
||||||
|
|
||||||
string socketPath = settings.nixDaemonSocketFile;
|
string socketPath = settings.nixStateDir + DEFAULT_SOCKET_PATH;
|
||||||
|
|
||||||
createDirs(dirOf(socketPath));
|
createDirs(dirOf(socketPath));
|
||||||
|
|
||||||
|
|
|
@ -238,6 +238,12 @@ static void printTree(const Path & path,
|
||||||
PathSet references;
|
PathSet references;
|
||||||
store->queryReferences(path, references);
|
store->queryReferences(path, references);
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
for (PathSet::iterator i = drv.inputSrcs.begin();
|
||||||
|
i != drv.inputSrcs.end(); ++i)
|
||||||
|
cout << format("%1%%2%\n") % (tailPad + treeConn) % *i;
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Topologically sort under the relation A < B iff A \in
|
/* Topologically sort under the relation A < B iff A \in
|
||||||
closure(B). That is, if derivation A is an (possibly indirect)
|
closure(B). That is, if derivation A is an (possibly indirect)
|
||||||
input of B, then A is printed first. This has the effect of
|
input of B, then A is printed first. This has the effect of
|
||||||
|
@ -245,7 +251,7 @@ static void printTree(const Path & path,
|
||||||
Paths sorted = topoSortPaths(*store, references);
|
Paths sorted = topoSortPaths(*store, references);
|
||||||
reverse(sorted.begin(), sorted.end());
|
reverse(sorted.begin(), sorted.end());
|
||||||
|
|
||||||
foreach (Paths::iterator, i, sorted) {
|
for (Paths::iterator i = sorted.begin(); i != sorted.end(); ++i) {
|
||||||
Paths::iterator j = i; ++j;
|
Paths::iterator j = i; ++j;
|
||||||
printTree(*i, tailPad + treeConn,
|
printTree(*i, tailPad + treeConn,
|
||||||
j == sorted.end() ? tailPad + treeNull : tailPad + treeLine,
|
j == sorted.end() ? tailPad + treeNull : tailPad + treeLine,
|
||||||
|
@ -287,7 +293,7 @@ static void opQuery(Strings opFlags, Strings opArgs)
|
||||||
else if (*i == "--resolve") query = qResolve;
|
else if (*i == "--resolve") query = qResolve;
|
||||||
else if (*i == "--roots") query = qRoots;
|
else if (*i == "--roots") query = qRoots;
|
||||||
else if (*i == "--use-output" || *i == "-u") useOutput = true;
|
else if (*i == "--use-output" || *i == "-u") useOutput = true;
|
||||||
else if (*i == "--force-realise" || *i == "--force-realize" || *i == "-f") forceRealise = true;
|
else if (*i == "--force-realise" || *i == "-f") forceRealise = true;
|
||||||
else if (*i == "--include-outputs") includeOutputs = true;
|
else if (*i == "--include-outputs") includeOutputs = true;
|
||||||
else throw UsageError(format("unknown flag `%1%'") % *i);
|
else throw UsageError(format("unknown flag `%1%'") % *i);
|
||||||
|
|
||||||
|
@ -454,21 +460,14 @@ static void opReadLog(Strings opFlags, Strings opArgs)
|
||||||
foreach (Strings::iterator, i, opArgs) {
|
foreach (Strings::iterator, i, opArgs) {
|
||||||
Path path = useDeriver(followLinksToStorePath(*i));
|
Path path = useDeriver(followLinksToStorePath(*i));
|
||||||
|
|
||||||
for (int j = 0; j <= 2; j++) {
|
Path logPath = (format("%1%/%2%/%3%") %
|
||||||
if (j == 2) throw Error(format("build log of derivation `%1%' is not available") % path);
|
settings.nixLogDir % drvsLogDir % baseNameOf(path)).str();
|
||||||
|
|
||||||
string baseName = baseNameOf(path);
|
|
||||||
Path logPath =
|
|
||||||
j == 0
|
|
||||||
? (format("%1%/%2%/%3%/%4%") % settings.nixLogDir % drvsLogDir % string(baseName, 0, 2) % string(baseName, 2)).str()
|
|
||||||
: (format("%1%/%2%/%3%") % settings.nixLogDir % drvsLogDir % baseName).str();
|
|
||||||
Path logBz2Path = logPath + ".bz2";
|
Path logBz2Path = logPath + ".bz2";
|
||||||
|
|
||||||
if (pathExists(logPath)) {
|
if (pathExists(logPath)) {
|
||||||
/* !!! Make this run in O(1) memory. */
|
/* !!! Make this run in O(1) memory. */
|
||||||
string log = readFile(logPath);
|
string log = readFile(logPath);
|
||||||
writeFull(STDOUT_FILENO, (const unsigned char *) log.data(), log.size());
|
writeFull(STDOUT_FILENO, (const unsigned char *) log.data(), log.size());
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
else if (pathExists(logBz2Path)) {
|
else if (pathExists(logBz2Path)) {
|
||||||
|
@ -487,9 +486,9 @@ static void opReadLog(Strings opFlags, Strings opArgs)
|
||||||
writeFull(STDOUT_FILENO, buf, n);
|
writeFull(STDOUT_FILENO, buf, n);
|
||||||
} while (err != BZ_STREAM_END);
|
} while (err != BZ_STREAM_END);
|
||||||
BZ2_bzReadClose(&err, bz);
|
BZ2_bzReadClose(&err, bz);
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
else throw Error(format("build log of derivation `%1%' is not available") % path);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -515,7 +514,7 @@ static void registerValidity(bool reregister, bool hashGiven, bool canonicalise)
|
||||||
if (!store->isValidPath(info.path) || reregister) {
|
if (!store->isValidPath(info.path) || reregister) {
|
||||||
/* !!! races */
|
/* !!! races */
|
||||||
if (canonicalise)
|
if (canonicalise)
|
||||||
canonicalisePathMetaData(info.path, -1);
|
canonicalisePathMetaData(info.path);
|
||||||
if (!hashGiven) {
|
if (!hashGiven) {
|
||||||
HashResult hash = hashPath(htSHA256, info.path);
|
HashResult hash = hashPath(htSHA256, info.path);
|
||||||
info.hash = hash.first;
|
info.hash = hash.first;
|
||||||
|
@ -843,7 +842,7 @@ void run(Strings args)
|
||||||
|
|
||||||
Operation oldOp = op;
|
Operation oldOp = op;
|
||||||
|
|
||||||
if (arg == "--realise" || arg == "--realize" || arg == "-r")
|
if (arg == "--realise" || arg == "-r")
|
||||||
op = opRealise;
|
op = opRealise;
|
||||||
else if (arg == "--add" || arg == "-A")
|
else if (arg == "--add" || arg == "-A")
|
||||||
op = opAdd;
|
op = opAdd;
|
||||||
|
@ -885,7 +884,7 @@ void run(Strings args)
|
||||||
op = opVerifyPath;
|
op = opVerifyPath;
|
||||||
else if (arg == "--repair-path")
|
else if (arg == "--repair-path")
|
||||||
op = opRepairPath;
|
op = opRepairPath;
|
||||||
else if (arg == "--optimise" || arg == "--optimize")
|
else if (arg == "--optimise")
|
||||||
op = opOptimise;
|
op = opOptimise;
|
||||||
else if (arg == "--query-failed-paths")
|
else if (arg == "--query-failed-paths")
|
||||||
op = opQueryFailedPaths;
|
op = opQueryFailedPaths;
|
||||||
|
|
|
@ -37,3 +37,6 @@
|
||||||
-e "s^@testPath\@^$(coreutils):$$(dirname $$(type -p expr))^g" \
|
-e "s^@testPath\@^$(coreutils):$$(dirname $$(type -p expr))^g" \
|
||||||
< $< > $@ || rm $@
|
< $< > $@ || rm $@
|
||||||
if test -x $<; then chmod +x $@; fi
|
if test -x $<; then chmod +x $@; fi
|
||||||
|
|
||||||
|
$(CONFIG_HEADER):
|
||||||
|
true
|
||||||
|
|
|
@ -36,8 +36,8 @@ makeTest ({ pkgs, ... }: let pkgA = pkgs.aterm; pkgB = pkgs.wget; in {
|
||||||
# Install the SSH key on the server.
|
# Install the SSH key on the server.
|
||||||
$server->succeed("mkdir -m 700 /root/.ssh");
|
$server->succeed("mkdir -m 700 /root/.ssh");
|
||||||
$server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
|
$server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
|
||||||
$server->waitForUnit("sshd");
|
$server->waitForJob("sshd");
|
||||||
$client->waitForUnit("network.target");
|
$client->waitForJob("network-interfaces");
|
||||||
$client->succeed("ssh -o StrictHostKeyChecking=no " . $server->name() . " 'echo hello world'");
|
$client->succeed("ssh -o StrictHostKeyChecking=no " . $server->name() . " 'echo hello world'");
|
||||||
|
|
||||||
# Copy the closure of package A from the client to the server.
|
# Copy the closure of package A from the client to the server.
|
||||||
|
|
|
@ -72,11 +72,11 @@ in
|
||||||
$client->succeed("chmod 600 /root/.ssh/id_dsa");
|
$client->succeed("chmod 600 /root/.ssh/id_dsa");
|
||||||
|
|
||||||
# Install the SSH key on the slaves.
|
# Install the SSH key on the slaves.
|
||||||
$client->waitForUnit("network.target");
|
$client->waitForJob("network-interfaces");
|
||||||
foreach my $slave ($slave1, $slave2) {
|
foreach my $slave ($slave1, $slave2) {
|
||||||
$slave->succeed("mkdir -m 700 /root/.ssh");
|
$slave->succeed("mkdir -m 700 /root/.ssh");
|
||||||
$slave->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
|
$slave->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
|
||||||
$slave->waitForUnit("sshd");
|
$slave->waitForJob("sshd");
|
||||||
$client->succeed("ssh -o StrictHostKeyChecking=no " . $slave->name() . " 'echo hello world'");
|
$client->succeed("ssh -o StrictHostKeyChecking=no " . $slave->name() . " 'echo hello world'");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue