Commit graph

2791 commits

Author SHA1 Message Date
Eelco Dolstra eae802459d Pass --insecure to curl so that https works 2012-07-09 15:49:20 -04:00
Eelco Dolstra 2dd3117c27 Inline fetchurl.sh 2012-07-09 15:48:55 -04:00
Eelco Dolstra 51f9f9924b Add a test for the fetchurl function 2012-07-09 15:41:43 -04:00
Shea Levy 035aa11403 Remove obsolete comment 2012-07-09 15:29:49 -04:00
Shea Levy a2865f6b3d corepkgs/fetchurl: Build locally and outside of the chroot 2012-07-09 15:29:49 -04:00
Shea Levy 53f52c2111 corepkgs/fetchurl: the 'system' argument can be optional 2012-07-09 15:29:49 -04:00
Shea Levy 543bf742c9 corepkgs: distribute fetchurl files 2012-07-09 15:29:49 -04:00
Shea Levy f863673a90 corepkgs/fetchurl: Call the shell directly instead of using the shebang 2012-07-09 15:29:49 -04:00
Shea Levy a994eb92a4 corepkgs/fetchurl.sh: Use config.nix's curl 2012-07-09 15:29:49 -04:00
Shea Levy 9d94a28bed The fetchurl builder is now fetchurl.sh 2012-07-09 15:29:49 -04:00
Shea Levy fd2630e1f7 Remove old fetchurl makefile 2012-07-09 15:29:49 -04:00
Shea Levy 6450f5699f Move fetchurl files out of their subdirectory 2012-07-09 15:29:49 -04:00
Shea Levy 40c01ec467 corepkgs/config.nix.in: We'll need curl 2012-07-09 15:29:49 -04:00
Shea Levy c4df747267 Resurrect old corepkgs fetchurl 2012-07-09 15:29:49 -04:00
Eelco Dolstra 27f0c34390 Really fix RPM builds 2012-07-09 13:16:09 -04:00
Eelco Dolstra a560124cdf Fix RPM builds
http://hydra.nixos.org/build/2784908
2012-07-09 11:58:12 -04:00
Eelco Dolstra 087dee6e1b Get rid of nix.conf.example
No need to duplicate the nix.conf manpage.
2012-07-09 11:56:55 -04:00
Eelco Dolstra 5755a5c354 Install a nix.conf manpage 2012-07-09 11:33:38 -04:00
Eelco Dolstra 1aba0bf0fa nix-store -r: do substitutions in parallel
I.e. when multiple non-derivation arguments are passed to ‘nix-store
-r’ to be substituted, do them in parallel.
2012-06-27 16:58:15 -04:00
Eelco Dolstra 42f5a2fc29 Mount an empty /dev/shm tmpfs in the chroot
This ensures that whatever the builder writes in /dev/shm is
automatically cleaned up.
2012-06-27 09:52:27 -04:00
Eelco Dolstra 3ee208516f Check the return code of the clone() call 2012-06-27 09:52:06 -04:00
Eelco Dolstra 1db38ae81b When using chroots, use a private PID namespace
In a private PID namespace, processes have PIDs that are separate from
the rest of the system.  The initial child gets PID 1.  Processes in
the chroot cannot see processes outside of the chroot.  This improves
isolation between builds.  However, processes on the outside can see
processes in the chroot and send signals to them (if they have
appropriate rights).

Since the builder gets PID 1, it serves as the reaper for zombies in
the chroot.  This might turn out to be a problem.  In that case we'll
need to have a small PID 1 process that sits in a loop calling wait().
2012-06-25 15:45:16 -04:00
Eelco Dolstra 5489086456 Use a private UTS namespace to provide a deterministic host/domain name to builders
In chroot builds, set the host name to "localhost" and the domain name
to "(none)" (the latter being the kernel's default).  This improves
determinism a bit further.

P.S. I have to idea what UTS stands for.
2012-06-25 14:12:17 -04:00
Eelco Dolstra 8da6772ed4 Update release notes 2012-06-23 14:59:13 -04:00
Eelco Dolstra 723a68c826 Improve error message 2012-06-23 00:57:14 -04:00
Eelco Dolstra 7ffa523fd1 In chroot builds, use a private SysV IPC namespace
This improves isolation a bit further, and it's just one extra flag in
the unshare() call.

P.S. It would be very cool to use CLONE_NEWPID (to put the builder in
a private PID namespace) as well, but that's slightly more risky since
having a builder start as PID 1 may cause problems.
2012-06-23 00:51:40 -04:00
Eelco Dolstra df716c98d2 In chroot builds, use a private network namespace
On Linux it's possible to run a process in its own network namespace,
meaning that it gets its own set of network interfaces, disjunct from
the rest of the system.  We use this to completely remove network
access to chroot builds, except that they get a private loopback
interface.  This means that:

- Builders cannot connect to the outside network or to other processes
  on the same machine, except processes within the same build.

- Vice versa, other processes cannot connect to processes in a chroot
  build, and open ports/connections do not show up in "netstat".

- If two concurrent builders try to listen on the same port (e.g. as
  part of a test), they no longer conflict with each other.

This was inspired by the "PrivateNetwork" flag in systemd.
2012-06-23 00:28:35 -04:00
Eelco Dolstra 2f3f413e91 Support socket-based, on-demand activation of the Nix daemon with systemd
Systemd can start the Nix daemon on demand when the Nix daemon socket
is first accessed.  This is signalled through the LISTEN_FDS
environment variable, so all we need to do is check for that and then
use file descriptor 3 as the listen socket instead of creating one
ourselves.
2012-06-18 23:01:46 -04:00
Eelco Dolstra 02fb6323e0 Add Emacs to the disk image 2012-05-31 09:50:58 -04:00
Michel Alexandre Salim 221626e715 fixes to nix-worker systemd service descriptor: - remove commented-out lines - register the file for distribution in Makefile.am 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim a7ed1f67ee On systems with SystemD, install the service descriptor for nix-worker, and enable and start it 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim 8922346305 Major spec update: - Fix license field - Split into subpackages - Update build dependencies - Configure users and groups for multi-user mode - Fix installation location of Perl modules 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim 6a214f3e06 Update nix profile: - incorporate NixOS's configuration so that nix is usable by normal users - install as a data file, not a program file 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim d0308073c3 - only enable deprecated spec sections when building on systems with older RPM versions - move tests to dedicated %check section - use standard build macros 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim e545a7f9a8 - replace %define with %global 2012-05-31 08:59:36 -04:00
Eelco Dolstra f5398d374b Compress build logs on the fly using bzip2 2012-05-30 10:12:29 -04:00
Eelco Dolstra 881beb170d "nix-store -l": support compressed logs 2012-05-30 00:00:02 -04:00
Eelco Dolstra 4bc4da331a Reserve some disk space for the garbage collector
We can't open a SQLite database if the disk is full.  Since this
prevents the garbage collector from running when it's most needed, we
reserve some dummy space that we can free just before doing a garbage
collection.  This actually revives some old code from the Berkeley DB
days.

Fixes #27.
2012-05-29 22:59:12 -04:00
Eelco Dolstra 2c26985835 Add option ‘build-keep-log’ to enable/disable writing of build logs
Fixes #26.
2012-05-29 16:42:05 -04:00
Eelco Dolstra 8058dab26e Clean up the installation section; document the generic binary tarballs 2012-05-24 12:04:07 -04:00
Eelco Dolstra 0301525e6c Fix owner/group in tar invocation 2012-05-22 19:40:40 -04:00
Eelco Dolstra 6814b1dfa1 Generate binary tarballs for installing Nix
For several platforms we don't currently have "native" Nix packages
(e.g. Mac OS X and FreeBSD).  This provides the next best thing: a
tarball containing the closure of Nix, plus a simple script
"nix-finish-install" that initialises the Nix database, registers the
paths in the closure as valid, and runs "nix-env -i /path/to/nix" to
initialise the user profile.

The tarball must be unpacked in the root directory.  It creates
/nix/store/... and /usr/bin/nix-finish-install.  Typical installation
is as follows:

  $ cd /
  $ tar xvf /path/to/nix-1.1pre1234_abcdef-x86_64-linux.tar.bz2
  $ nix-finish-install
  (if necessary add ~/.nix-profile/etc/profile.d/nix.sh to the shell
  login scripts)

After this, /usr/bin/nix-finish-install can be deleted, if desired.

The downside to the binary tarball is that it's pretty big (~55 MiB
for x86_64-linux).
2012-05-22 18:36:54 -04:00
Eelco Dolstra 591aab7e21 Remove $FONTCONFIG_FILE hack from nix-profile.sh
It's no longer needed because Nixpkgs' fontconfig uses
/etc/fonts/fonts.conf as a default, just like other distributions.
2012-05-22 14:00:08 -04:00
Eelco Dolstra e071f87dc5 Add an experimental nix-make file
To use it, just do (e.g.) "nix-build build.nix -A nix_env".
2012-05-21 09:43:01 -04:00
Eelco Dolstra cac9eb39fe Bump version number 2012-05-12 00:07:08 -04:00
Eelco Dolstra dfc6a43b72 Fix the install check 2012-05-11 23:30:47 -04:00
Eelco Dolstra 587b408210 Set release date 2012-05-11 17:40:58 -04:00
Eelco Dolstra 8a08813d6c Manual updates 2012-05-11 17:39:06 -04:00
Eelco Dolstra 2b00e6990c CSS tweaks 2012-05-11 16:21:21 -04:00
Eelco Dolstra 58d1de08d9 Use perl.libPrefix to (hopefully) fix the Cygwin build
http://hydra.nixos.org/build/2602599
2012-05-11 09:41:39 -04:00