lachrimae/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity
lix/src/libutil/util.cc

1844 lines
46 KiB
C++
Raw Normal View History

Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
#include "util.hh"
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
#include "sync.hh"
runProgram(): Distinguish between empty input and no input For example, if we call brotli with an empty input, it shouldn't read from the caller's stdin.
2017-03-15 13:40:47 +00:00
#include "finally.hh"
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
#include "serialise.hh"
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
Add missing include in util.cc
2021-09-08 10:20:08 +00:00
#include <array>
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
#include <cctype>
* Added some missing #includes.
2003-09-11 08:31:29 +00:00
#include <cerrno>
libutil: initialize the base64 decode array only once Previously, despite having a boolean that tracked initialization, the decode characters have been "calculated" every single time a base64 string was being decoded. With this change we only initialize the decode array once in a thread-safe manner.
2021-07-30 18:08:54 +00:00
#include <climits>
* Added some missing #includes.
2003-09-11 08:31:29 +00:00
#include <cstdio>
* GCC 4.3.0 (Fedora 9) compatibility fixes. Reported by Gour and Armijn Hemel.
2008-05-21 11:17:31 +00:00
#include <cstdlib>
* Use strsignal if available to give better error messages for builders that fail due to a signal.
2007-12-14 14:49:35 +00:00
#include <cstring>
libutil: initialize the base64 decode array only once Previously, despite having a boolean that tracked initialization, the decode characters have been "calculated" every single time a base64 string was being decoded. With this change we only initialize the decode array once in a thread-safe manner.
2021-07-30 18:08:54 +00:00
#include <future>
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
#include <iostream>
libutil: initialize the base64 decode array only once Previously, despite having a boolean that tracked initialization, the decode characters have been "calculated" every single time a base64 string was being decoded. With this change we only initialize the decode array once in a thread-safe manner.
2021-07-30 18:08:54 +00:00
#include <mutex>
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
#include <sstream>
#include <thread>
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 13:33:38 +00:00
* Remove most of the old setuid code. * Much simpler setuid code for the worker in slave mode.
2006-12-02 15:45:51 +00:00
#include <fcntl.h>
runProgram: support gid, uid, chdir
2019-05-11 20:35:53 +00:00
#include <grp.h>
Figure out the user's home directory if $HOME is not set
2017-05-05 14:40:12 +00:00
#include <pwd.h>
Handle SIGWINCH
2017-08-25 13:57:49 +00:00
#include <sys/ioctl.h>
Figure out the user's home directory if $HOME is not set
2017-05-05 14:40:12 +00:00
#include <sys/types.h>
Move Unix domain socket creation to libutil Also drop multithread-unfriendly hacks like doing a temporary chmod/umask.
2018-09-25 10:36:11 +00:00
#include <sys/socket.h>
Figure out the user's home directory if $HOME is not set
2017-05-05 14:40:12 +00:00
#include <sys/wait.h>
Get last commit time of github flakes
2019-05-28 20:35:41 +00:00
#include <sys/time.h>
Move Unix domain socket creation to libutil Also drop multithread-unfriendly hacks like doing a temporary chmod/umask.
2018-09-25 10:36:11 +00:00
#include <sys/un.h>
Figure out the user's home directory if $HOME is not set
2017-05-05 14:40:12 +00:00
#include <unistd.h>
* Fix setuid builds.
2006-09-27 21:04:07 +00:00
killUser: Don't let the child kill itself on Apple The kill(2) in Apple's libc follows POSIX semantics, which means that kill(-1, SIGKILL) will kill the calling process too. Since nix has no way to distinguish between the process successfully killing everything and the process being killed by a rogue builder in that case, it can't safely conclude that killUser was successful. Luckily, the actual kill syscall takes a parameter that determines whether POSIX semantics are followed, so we can call that syscall directly and avoid the issue on Apple. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-18 15:13:53 +00:00
#ifdef __APPLE__
#include <sys/syscall.h>
#endif
Use PR_SET_PDEATHSIG to ensure child cleanup
2014-08-21 13:31:43 +00:00
#ifdef __linux__
#include <sys/prctl.h>
Restore stack size in child processes Fixes #4673.
2021-04-07 11:40:13 +00:00
#include <sys/resource.h>
Use PR_SET_PDEATHSIG to ensure child cleanup
2014-08-21 13:31:43 +00:00
#endif
* Some refactoring.
2003-05-26 13:45:00 +00:00
appended ' __attribute__((weak)); ' to 'extern char * * environ '
2020-06-17 02:19:15 +00:00
extern char * * environ __attribute__((weak));
* Move setuidCleanup() to libutil.
2006-12-07 16:40:41 +00:00
* Use a proper namespace. * Optimise header file usage a bit. * Compile the parser as C++.
2006-09-04 21:06:23 +00:00
namespace nix {
getEnv(): Return std::optional This allows distinguishing between an empty value and no value.
2019-11-22 15:06:44 +00:00
std::optional<std::string> getEnv(const std::string & key)
* An quick and dirty hack to support distributed builds.
2004-05-12 09:35:51 +00:00
{
char * value = getenv(key.c_str());
getEnv(): Return std::optional This allows distinguishing between an empty value and no value.
2019-11-22 15:06:44 +00:00
if (!value) return {};
return std::string(value);
* An quick and dirty hack to support distributed builds.
2004-05-12 09:35:51 +00:00
}
nix-shell: Fix $PATH handling in the impure case We were passing "p=$PATH" rather than "p=$PATH;", resulting in some invalid shell code. Also, construct a separate environment for the child rather than overwriting the parent's.
2016-09-20 13:39:08 +00:00
std::map<std::string, std::string> getEnv()
{
std::map<std::string, std::string> env;
for (size_t i = 0; environ[i]; ++i) {
auto s = environ[i];
auto eq = strchr(s, '=');
if (!eq)
// invalid env, just keep going
continue;
env.emplace(std::string(s, eq), std::string(eq + 1));
}
return env;
}
nix run: Fix segfault on macOS Note that clearenv() is not available on macOS. Fixes #1907.
2018-02-26 17:29:40 +00:00
void clearEnv()
{
for (auto & name : getEnv())
unsetenv(name.first.c_str());
}
Add a post-build-hook Passing `--post-build-hook /foo/bar` to a nix-* command will cause `/foo/bar` to be executed after each build with the following environment variables set: DRV_PATH=/nix/store/drv-that-has-been-built.drv OUT_PATHS=/nix/store/...build /nix/store/...build-bin /nix/store/...build-dev This can be useful in particular to upload all the builded artifacts to the cache (including the ones that don't appear in the runtime closure of the final derivation or are built because of IFD). This new feature prints the stderr/stdout output to the `nix-build` and `nix build` client, and the output is printed in a Nix 2 compatible format: [nix]$ ./inst/bin/nix-build ./test.nix these derivations will be built: /nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv building '/nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv'... hello! bye! running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'... post-build-hook: + sleep 1 post-build-hook: + echo 'Signing paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Signing paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + echo 'Uploading paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Uploading paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + printf 'very important stuff' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation [nix-shell:~/projects/github.com/NixOS/nix]$ ./inst/bin/nix build -L -f ./test.nix my-example-derivation> hello! my-example-derivation> bye! my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Signing paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Signing paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Uploading paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Uploading paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + printf 'very important stuff' [1 built, 0.0 MiB DL] Co-authored-by: Graham Christensen <graham@grahamc.com> Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2019-07-11 18:23:03 +00:00
void replaceEnv(std::map<std::string, std::string> newEnv)
{
clearEnv();
for (auto newEnvVar : newEnv)
{
setenv(newEnvVar.first.c_str(), newEnvVar.second.c_str(), 1);
}
}
nix run: Fix segfault on macOS Note that clearenv() is not available on macOS. Fixes #1907.
2018-02-26 17:29:40 +00:00
Pluggable fetchers Flakes are now fetched using an extensible mechanism. Also lots of other flake cleanups.
2020-01-21 15:27:53 +00:00
Path absPath(Path path, std::optional<Path> dir, bool resolveSymlinks)
* Some refactoring.
2003-05-26 13:45:00 +00:00
{
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 13:33:38 +00:00
if (path[0] != '/') {
absPath(): Use std::optional (cherry picked from commit 1bf9eb21b75f0d93d9c1633ea2e6fdf840047e79)
2020-01-08 14:34:06 +00:00
if (!dir) {
Don't rely on `PATH_MAX' on GNU.
2010-02-10 15:55:50 +00:00
#ifdef __GNU__
/* GNU (aka. GNU/Hurd) doesn't have any limitation on path
lengths and doesn't define `PATH_MAX'. */
char *buf = getcwd(NULL, 0);
if (buf == NULL)
#else
* Some refactoring.
2003-05-26 13:45:00 +00:00
char buf[PATH_MAX];
if (!getcwd(buf, sizeof(buf)))
Don't rely on `PATH_MAX' on GNU.
2010-02-10 15:55:50 +00:00
#endif
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 13:33:38 +00:00
throw SysError("cannot get cwd");
* Some refactoring.
2003-05-26 13:45:00 +00:00
dir = buf;
Don't rely on `PATH_MAX' on GNU.
2010-02-10 15:55:50 +00:00
#ifdef __GNU__
free(buf);
#endif
* Some refactoring.
2003-05-26 13:45:00 +00:00
}
absPath(): Use std::optional (cherry picked from commit 1bf9eb21b75f0d93d9c1633ea2e6fdf840047e79)
2020-01-08 14:34:06 +00:00
path = *dir + "/" + path;
* Some refactoring.
2003-05-26 13:45:00 +00:00
}
Pluggable fetchers Flakes are now fetched using an extensible mechanism. Also lots of other flake cleanups.
2020-01-21 15:27:53 +00:00
return canonPath(path, resolveSymlinks);
* Make dbRefs a mapping from Hash to [Path].
2003-07-07 09:25:26 +00:00
}
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
Path canonPath(PathView path, bool resolveSymlinks)
* Make dbRefs a mapping from Hash to [Path].
2003-07-07 09:25:26 +00:00
{
canonPath(): Check against empty paths
2017-04-13 13:32:43 +00:00
assert(path != "");
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
string s;
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
s.reserve(256);
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
if (path[0] != '/')
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw Error("not an absolute path: '%1%'", path);
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
* Resolve all symlink components in the location of the temporary build directory (TMPDIR, i.e., /tmp). Fixes NIX-26.
2006-01-08 17:16:03 +00:00
string temp;
/* Count the number of times we follow a symlink and stop at some
arbitrary (but high) limit to prevent infinite loops. */
unsigned int followCount = 0, maxFollow = 1024;
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
while (1) {
/* Skip slashes. */
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
while (!path.empty() && path[0] == '/') path.remove_prefix(1);
if (path.empty()) break;
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
/* Ignore `.'. */
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
if (path == "." || path.substr(0, 2) == "./")
path.remove_prefix(1);
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
/* If `..', delete the last component. */
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
else if (path == ".." || path.substr(0, 3) == "../")
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
{
if (!s.empty()) s.erase(s.rfind('/'));
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
path.remove_prefix(2);
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
}
/* Normal component; copy it. */
else {
s += '/';
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
if (const auto slash = path.find('/'); slash == string::npos) {
s += path;
path = {};
} else {
s += path.substr(0, slash);
path = path.substr(slash + 1);
}
* Resolve all symlink components in the location of the temporary build directory (TMPDIR, i.e., /tmp). Fixes NIX-26.
2006-01-08 17:16:03 +00:00
canonPath in one pass
2021-03-31 02:20:41 +00:00
/* If s points to a symlink, resolve it and continue from there */
* Resolve all symlink components in the location of the temporary build directory (TMPDIR, i.e., /tmp). Fixes NIX-26.
2006-01-08 17:16:03 +00:00
if (resolveSymlinks && isLink(s)) {
* nix-env -e: support uninstalling by path, so that one can say $ nix-env -e $(which firefox) or $ nix-env -e /nix/store/nywzlygrkfcgz7dfmhm5xixlx1l0m60v-pan-0.132 * nix-env -i: if an argument contains a slash anywhere, treat it as a path and follow it through symlinks into the Nix store. This allows things like $ nix-build -A firefox $ nix-env -i ./result * nix-env -q/-i/-e: don't complain when the `*' selector doesn't match anything. In particular, `nix-env -q \*' doesn't fail anymore on an empty profile.
2007-11-29 16:18:24 +00:00
if (++followCount >= maxFollow)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw Error("infinite symlink recursion in path '%1%'", path);
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
temp = concatStrings(readLink(s), path);
path = temp;
canonPath in one pass
2021-03-31 02:20:41 +00:00
if (!temp.empty() && temp[0] == '/') {
s.clear(); /* restart for symlinks pointing to absolute path */
} else {
s = dirOf(s);
Fix extra slash in canonPath output When you have a symlink like: /tmp -> ./private/tmp you need to resolve ./private/tmp relative to /tmp’s dir: ‘/’. Unlike any other path output by dirOf, / ends with a slash. We don’t want trailing slashes here since we will append another slash in the next comoponent, so clear s like we would if it was a symlink to an absoute path. This should fix at least part of the issue in https://github.com/NixOS/nix/issues/4822, will need confirmation that it actually fixes the problem to close though. Introduced in f3f228700a52857fe6e8632df4e935551ea219ff.
2021-05-18 21:38:55 +00:00
if (s == "/") { // we dont want trailing slashes here, which dirOf only produces if s = /
s.clear();
}
canonPath in one pass
2021-03-31 02:20:41 +00:00
}
* Resolve all symlink components in the location of the temporary build directory (TMPDIR, i.e., /tmp). Fixes NIX-26.
2006-01-08 17:16:03 +00:00
}
* A path canonicaliser that doesn't depend on the existence of paths (i.e., it doesn't use realpath(3), which is broken in any case). Therefore it doesn't resolve symlinks.
2003-07-08 19:58:41 +00:00
}
}
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
return s.empty() ? "/" : std::move(s);
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 13:33:38 +00:00
}
* string -> Path.
2003-10-07 14:37:41 +00:00
Path dirOf(const Path & path)
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 13:33:38 +00:00
{
* 64-bit compatibility fixes (for problems revealed by building on an Athlon 64 running 64-bit SUSE). A patched ATerm library is required to run Nix succesfully.
2006-05-11 02:19:43 +00:00
Path::size_type pos = path.rfind('/');
* Caching of expression successors.
2003-07-04 12:18:06 +00:00
if (pos == string::npos)
dirOf: allow use on non-absolute paths
2018-08-13 09:27:35 +00:00
return ".";
* dirOf: return "/", not "", for paths in the root directory. Fixes NIX-26.
2006-01-09 14:52:46 +00:00
return pos == 0 ? "/" : Path(path, 0, pos);
* Some refactoring.
2003-05-26 13:45:00 +00:00
}
Make the Store API more type-safe Most functions now take a StorePath argument rather than a Path (which is just an alias for std::string). The StorePath constructor ensures that the path is syntactically correct (i.e. it looks like <store-dir>/<base32-hash>-<name>). Similarly, functions like buildPaths() now take a StorePathWithOutputs, rather than abusing Path by adding a '!<outputs>' suffix. Note that the StorePath type is implemented in Rust. This involves some hackery to allow Rust values to be used directly in C++, via a helper type whose destructor calls the Rust type's drop() function. The main issue is the dynamic nature of C++ move semantics: after we have moved a Rust value, we should not call the drop function on the original value. So when we move a value, we set the original value to bitwise zero, and the destructor only calls drop() if the value is not bitwise zero. This should be sufficient for most types. Also lots of minor cleanups to the C++ API to make it more modern (e.g. using std::optional and std::string_view in some places).
2019-12-05 18:11:09 +00:00
std::string_view baseNameOf(std::string_view path)
* Some refactoring.
2003-05-26 13:45:00 +00:00
{
baseNameOf: Enhance `basename` compatibility * If the path ends with a slash, drop it. * If the remaining path doesn’t contain slashes, just return it. Fixes #574.
2015-07-13 12:25:13 +00:00
if (path.empty())
Trivia
2016-01-27 16:18:31 +00:00
return "";
baseNameOf: Enhance `basename` compatibility * If the path ends with a slash, drop it. * If the remaining path doesn’t contain slashes, just return it. Fixes #574.
2015-07-13 12:25:13 +00:00
Make the Store API more type-safe Most functions now take a StorePath argument rather than a Path (which is just an alias for std::string). The StorePath constructor ensures that the path is syntactically correct (i.e. it looks like <store-dir>/<base32-hash>-<name>). Similarly, functions like buildPaths() now take a StorePathWithOutputs, rather than abusing Path by adding a '!<outputs>' suffix. Note that the StorePath type is implemented in Rust. This involves some hackery to allow Rust values to be used directly in C++, via a helper type whose destructor calls the Rust type's drop() function. The main issue is the dynamic nature of C++ move semantics: after we have moved a Rust value, we should not call the drop function on the original value. So when we move a value, we set the original value to bitwise zero, and the destructor only calls drop() if the value is not bitwise zero. This should be sufficient for most types. Also lots of minor cleanups to the C++ API to make it more modern (e.g. using std::optional and std::string_view in some places).
2019-12-05 18:11:09 +00:00
auto last = path.size() - 1;
baseNameOf: Enhance `basename` compatibility * If the path ends with a slash, drop it. * If the remaining path doesn’t contain slashes, just return it. Fixes #574.
2015-07-13 12:25:13 +00:00
if (path[last] == '/' && last > 0)
last -= 1;
Make the Store API more type-safe Most functions now take a StorePath argument rather than a Path (which is just an alias for std::string). The StorePath constructor ensures that the path is syntactically correct (i.e. it looks like <store-dir>/<base32-hash>-<name>). Similarly, functions like buildPaths() now take a StorePathWithOutputs, rather than abusing Path by adding a '!<outputs>' suffix. Note that the StorePath type is implemented in Rust. This involves some hackery to allow Rust values to be used directly in C++, via a helper type whose destructor calls the Rust type's drop() function. The main issue is the dynamic nature of C++ move semantics: after we have moved a Rust value, we should not call the drop function on the original value. So when we move a value, we set the original value to bitwise zero, and the destructor only calls drop() if the value is not bitwise zero. This should be sufficient for most types. Also lots of minor cleanups to the C++ API to make it more modern (e.g. using std::optional and std::string_view in some places).
2019-12-05 18:11:09 +00:00
auto pos = path.rfind('/', last);
* Caching of expression successors.
2003-07-04 12:18:06 +00:00
if (pos == string::npos)
baseNameOf: Enhance `basename` compatibility * If the path ends with a slash, drop it. * If the remaining path doesn’t contain slashes, just return it. Fixes #574.
2015-07-13 12:25:13 +00:00
pos = 0;
else
pos += 1;
Trivia
2016-01-27 16:18:31 +00:00
Make the Store API more type-safe Most functions now take a StorePath argument rather than a Path (which is just an alias for std::string). The StorePath constructor ensures that the path is syntactically correct (i.e. it looks like <store-dir>/<base32-hash>-<name>). Similarly, functions like buildPaths() now take a StorePathWithOutputs, rather than abusing Path by adding a '!<outputs>' suffix. Note that the StorePath type is implemented in Rust. This involves some hackery to allow Rust values to be used directly in C++, via a helper type whose destructor calls the Rust type's drop() function. The main issue is the dynamic nature of C++ move semantics: after we have moved a Rust value, we should not call the drop function on the original value. So when we move a value, we set the original value to bitwise zero, and the destructor only calls drop() if the value is not bitwise zero. This should be sufficient for most types. Also lots of minor cleanups to the C++ API to make it more modern (e.g. using std::optional and std::string_view in some places).
2019-12-05 18:11:09 +00:00
return path.substr(pos, last - pos + 1);
* Some refactoring.
2003-05-26 13:45:00 +00:00
}
isInDir() / isDirOrInDir(): Use std::string_view
2021-12-02 13:16:05 +00:00
bool isInDir(std::string_view path, std::string_view dir)
Garbage collector: Don't follow symlinks arbitrarily Only indirect roots (symlinks to symlinks to the Nix store) are now supported.
2013-07-12 12:01:25 +00:00
{
isInDir() / isDirOrInDir(): Use std::string_view
2021-12-02 13:16:05 +00:00
return path.substr(0, 1) == "/"
&& path.substr(0, dir.size()) == dir
revert libutil change
2015-10-21 21:40:35 +00:00
&& path.size() >= dir.size() + 2
&& path[dir.size()] == '/';
Garbage collector: Don't follow symlinks arbitrarily Only indirect roots (symlinks to symlinks to the Nix store) are now supported.
2013-07-12 12:01:25 +00:00
}
isInDir() / isDirOrInDir(): Use std::string_view
2021-12-02 13:16:05 +00:00
bool isDirOrInDir(std::string_view path, std::string_view dir)
Add pure evaluation mode In this mode, the following restrictions apply: * The builtins currentTime, currentSystem and storePath throw an error. * $NIX_PATH and -I are ignored. * fetchGit and fetchMercurial require a revision hash. * fetchurl and fetchTarball require a sha256 attribute. * No file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is not allowed. Thus, the evaluation result is completely reproducible from the command line arguments. E.g. nix build --pure-eval '( let nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; }; nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; }; in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux )' The goal is to enable completely reproducible and traceable evaluation. For example, a NixOS configuration could be fully described by a single Git commit hash. 'nixos-rebuild' would do something like nix build --pure-eval '( (import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system ') where the Git repository /my-nixos-config would use further fetchGit calls or Git externals to fetch Nixpkgs and whatever other dependencies it has. Either way, the commit hash would uniquely identify the NixOS configuration and allow it to reproduced.
2018-01-16 17:50:38 +00:00
{
probably typo ...at least MSVC unable to compile this
2018-12-13 02:45:50 +00:00
return path == dir || isInDir(path, dir);
Add pure evaluation mode In this mode, the following restrictions apply: * The builtins currentTime, currentSystem and storePath throw an error. * $NIX_PATH and -I are ignored. * fetchGit and fetchMercurial require a revision hash. * fetchurl and fetchTarball require a sha256 attribute. * No file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is not allowed. Thus, the evaluation result is completely reproducible from the command line arguments. E.g. nix build --pure-eval '( let nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; }; nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; }; in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux )' The goal is to enable completely reproducible and traceable evaluation. For example, a NixOS configuration could be fully described by a single Git commit hash. 'nixos-rebuild' would do something like nix build --pure-eval '( (import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system ') where the Git repository /my-nixos-config would use further fetchGit calls or Git externals to fetch Nixpkgs and whatever other dependencies it has. Either way, the commit hash would uniquely identify the NixOS configuration and allow it to reproduced.
2018-01-16 17:50:38 +00:00
}
* createDirs(path): if path already exists, make sure it's a directory. * Provide a C++ wrapper around lstat().
2010-12-13 13:32:58 +00:00
struct stat lstat(const Path & path)
{
struct stat st;
if (lstat(path.c_str(), &st))
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("getting status of '%1%'", path);
* createDirs(path): if path already exists, make sure it's a directory. * Provide a C++ wrapper around lstat().
2010-12-13 13:32:58 +00:00
return st;
}
* string -> Path.
2003-10-07 14:37:41 +00:00
bool pathExists(const Path & path)
* A command to query the paths referenced by an fstate expression. * Use a temporary directory for build actions.
2003-07-08 13:22:08 +00:00
{
int res;
struct stat st;
* Use the profile pointed to by ~/.nix-profile if no --profile argument is specified.
2004-02-06 10:59:06 +00:00
res = lstat(path.c_str(), &st);
* A command to query the paths referenced by an fstate expression. * Use a temporary directory for build actions.
2003-07-08 13:22:08 +00:00
if (!res) return true;
* Creating a file nix-support/no-scan in the output path of a derivation disables scanning for dependencies. Use at your own risk. This is a quick hack to speed up UML image generation (image are very big, say 1 GB). It would be better if the scanner were faster, and didn't read the whole file into memory.
2004-08-04 09:25:21 +00:00
if (errno != ENOENT && errno != ENOTDIR)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("getting status of %1%", path);
* A command to query the paths referenced by an fstate expression. * Use a temporary directory for build actions.
2003-07-08 13:22:08 +00:00
return false;
}
* Implemented Eelco V.'s `nix-env -I' command to specify the default path of the Nix expression to be used with the import, upgrade, and query commands. For instance, $ nix-env -I ~/nixpkgs/pkgs/system/i686-linux.nix $ nix-env --query --available [aka -qa] sylpheed-0.9.7 bison-1.875 pango-1.2.5 subversion-0.35.1 ... $ nix-env -i sylpheed $ nix-env -u subversion There can be only one default at a time. * If the path to a Nix expression is a symlink, follow the symlink prior to resolving relative path references in the expression.
2004-01-05 16:26:43 +00:00
Path readLink(const Path & path)
{
* nix-env: allow ~/.nix-defexpr to be a directory. If it is, then the Nix expressions in that directory are combined into an attribute set {file1 = import file1; file2 = import file2; ...}, i.e. each Nix expression is an attribute with the file name as the attribute name. Also recurses into directories. * nix-env: removed the "--import" (-I) option which set the ~/.nix-defexpr symlink. * nix-channel: don't use "nix-env --import", instead symlink ~/.nix-defexpr/channels. So finally nix-channel --update doesn't override any default Nix expressions but combines with them. This means that you can have (say) a local Nixpkgs SVN tree and use it as a default for nix-env: $ ln -s .../path-to-nixpkgs-tree ~/.nix-defexpr/nixpkgs_svn and be subscribed to channels (including Nixpkgs) at the same time. (If there is any ambiguity, the -A flag can be used to disambiguate, e.g. "nix-env -i -A nixpkgs_svn.pan".)
2007-09-17 16:08:24 +00:00
checkInterrupt();
don't allocate large buffers on the stack
2018-03-01 21:00:58 +00:00
std::vector<char> buf;
Fix (highly unlikely) race condition in readLink Used to determine symlink size with stat and value with readlink. This could technically result in garbage if symlink changed between calls. Also gets around the broken stat implementation in our network filesystem (returns size + 1 giving a byte of garbage).
2017-10-27 16:15:31 +00:00
for (ssize_t bufSize = PATH_MAX/4; true; bufSize += bufSize/2) {
don't allocate large buffers on the stack
2018-03-01 21:00:58 +00:00
buf.resize(bufSize);
ssize_t rlSize = readlink(path.c_str(), buf.data(), bufSize);
Fix (highly unlikely) race condition in readLink Used to determine symlink size with stat and value with readlink. This could technically result in garbage if symlink changed between calls. Also gets around the broken stat implementation in our network filesystem (returns size + 1 giving a byte of garbage).
2017-10-27 16:15:31 +00:00
if (rlSize == -1)
if (errno == EINVAL)
Cleanup
2017-11-20 16:32:58 +00:00
throw Error("'%1%' is not a symlink", path);
Fix (highly unlikely) race condition in readLink Used to determine symlink size with stat and value with readlink. This could technically result in garbage if symlink changed between calls. Also gets around the broken stat implementation in our network filesystem (returns size + 1 giving a byte of garbage).
2017-10-27 16:15:31 +00:00
else
Cleanup
2017-11-20 16:32:58 +00:00
throw SysError("reading symbolic link '%1%'", path);
Fix (highly unlikely) race condition in readLink Used to determine symlink size with stat and value with readlink. This could technically result in garbage if symlink changed between calls. Also gets around the broken stat implementation in our network filesystem (returns size + 1 giving a byte of garbage).
2017-10-27 16:15:31 +00:00
else if (rlSize < bufSize)
don't allocate large buffers on the stack
2018-03-01 21:00:58 +00:00
return string(buf.data(), rlSize);
Fix (highly unlikely) race condition in readLink Used to determine symlink size with stat and value with readlink. This could technically result in garbage if symlink changed between calls. Also gets around the broken stat implementation in our network filesystem (returns size + 1 giving a byte of garbage).
2017-10-27 16:15:31 +00:00
}
* Implemented Eelco V.'s `nix-env -I' command to specify the default path of the Nix expression to be used with the import, upgrade, and query commands. For instance, $ nix-env -I ~/nixpkgs/pkgs/system/i686-linux.nix $ nix-env --query --available [aka -qa] sylpheed-0.9.7 bison-1.875 pango-1.2.5 subversion-0.35.1 ... $ nix-env -i sylpheed $ nix-env -u subversion There can be only one default at a time. * If the path to a Nix expression is a symlink, follow the symlink prior to resolving relative path references in the expression.
2004-01-05 16:26:43 +00:00
}
* nix-build: use an indirection scheme to make it easier for users to get rid of GC roots. Nix-build places a symlink `result' in the current directory. Previously, removing that symlink would not remove the store path being linked to as a GC root. Now, the GC root created by nix-build is actually a symlink in `/nix/var/nix/gcroots/auto' to `result'. So if that symlink is removed the GC root automatically becomes invalid (since it can no longer be resolved). The root itself is not automatically removed - the garbage collector should delete dangling roots.
2005-02-01 13:48:46 +00:00
bool isLink(const Path & path)
{
* createDirs(path): if path already exists, make sure it's a directory. * Provide a C++ wrapper around lstat().
2010-12-13 13:32:58 +00:00
struct stat st = lstat(path);
* nix-build: use an indirection scheme to make it easier for users to get rid of GC roots. Nix-build places a symlink `result' in the current directory. Previously, removing that symlink would not remove the store path being linked to as a GC root. Now, the GC root created by nix-build is actually a symlink in `/nix/var/nix/gcroots/auto' to `result'. So if that symlink is removed the GC root automatically becomes invalid (since it can no longer be resolved). The root itself is not automatically removed - the garbage collector should delete dangling roots.
2005-02-01 13:48:46 +00:00
return S_ISLNK(st.st_mode);
}
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
DirEntries readDirectory(DIR *dir, const Path & path)
* nix-env: a tool to manage user environments. * Replace all directory reading code by a generic readDirectory() function.
2003-11-19 17:27:16 +00:00
{
Make readDirectory() return inode / file type
2014-08-01 14:37:47 +00:00
DirEntries entries;
entries.reserve(64);
* nix-env: a tool to manage user environments. * Replace all directory reading code by a generic readDirectory() function.
2003-11-19 17:27:16 +00:00
struct dirent * dirent;
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
while (errno = 0, dirent = readdir(dir)) { /* sic */
* Catch SIGINT to terminate cleanly when the user tries to interrupt Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-15 20:23:55 +00:00
checkInterrupt();
* nix-env: a tool to manage user environments. * Replace all directory reading code by a generic readDirectory() function.
2003-11-19 17:27:16 +00:00
string name = dirent->d_name;
if (name == "." || name == "..") continue;
Fix compilation
2016-01-05 13:05:11 +00:00
entries.emplace_back(name, dirent->d_ino,
#ifdef HAVE_STRUCT_DIRENT_D_TYPE
dirent->d_type
#else
DT_UNKNOWN
#endif
);
* nix-env: a tool to manage user environments. * Replace all directory reading code by a generic readDirectory() function.
2003-11-19 17:27:16 +00:00
}
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
if (errno) throw SysError("reading directory '%1%'", path);
* nix-env: a tool to manage user environments. * Replace all directory reading code by a generic readDirectory() function.
2003-11-19 17:27:16 +00:00
Make readDirectory() return inode / file type
2014-08-01 14:37:47 +00:00
return entries;
* nix-env: a tool to manage user environments. * Replace all directory reading code by a generic readDirectory() function.
2003-11-19 17:27:16 +00:00
}
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
DirEntries readDirectory(const Path & path)
{
AutoCloseDir dir(opendir(path.c_str()));
fixes to merged code
2020-05-11 21:52:15 +00:00
if (!dir) throw SysError("opening directory '%1%'", path);
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
return readDirectory(dir.get(), path);
}
* nix-env: a tool to manage user environments. * Replace all directory reading code by a generic readDirectory() function.
2003-11-19 17:27:16 +00:00
Remove some duplicate code
2014-10-03 20:37:51 +00:00
unsigned char getFileType(const Path & path)
{
struct stat st = lstat(path);
if (S_ISDIR(st.st_mode)) return DT_DIR;
if (S_ISLNK(st.st_mode)) return DT_LNK;
if (S_ISREG(st.st_mode)) return DT_REG;
return DT_UNKNOWN;
}
* A GC setting `gc-keep-outputs' to specify whether output paths of derivations should be kept.
2005-02-01 22:07:48 +00:00
string readFile(int fd)
{
StringSink pre allocate When used with `readFile`, we have a pretty good heuristic of the file size, so `reserve` this in the `string`. This will save some allocation / copy when the string is growing.
2020-04-29 16:44:01 +00:00
struct stat st;
if (fstat(fd, &st) == -1)
throw SysError("statting file");
return drainFD(fd, true, st.st_size);
* A GC setting `gc-keep-outputs' to specify whether output paths of derivations should be kept.
2005-02-01 22:07:48 +00:00
}
Remove the `drain` argument from `readFile` Now it is always `drain` (see previous commit).
2020-04-29 16:42:19 +00:00
string readFile(const Path & path)
* A GC setting `gc-keep-outputs' to specify whether output paths of derivations should be kept.
2005-02-01 22:07:48 +00:00
{
Use O_CLOEXEC in most places
2016-06-09 14:15:58 +00:00
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
Modernize AutoCloseFD
2016-07-11 19:44:44 +00:00
if (!fd)
fixes to merged code
2020-05-11 21:52:15 +00:00
throw SysError("opening file '%1%'", path);
Remove the `drain` argument from `readFile` Now it is always `drain` (see previous commit).
2020-04-29 16:42:19 +00:00
return readFile(fd.get());
* A GC setting `gc-keep-outputs' to specify whether output paths of derivations should be kept.
2005-02-01 22:07:48 +00:00
}
Make LocalBinaryCacheStore::narFromPath() run in constant memory This reduces memory consumption of nix copy --from file://... --to ~/my-nix /nix/store/95cwv4q54dc6giaqv6q6p4r02ia2km35-blender-2.79 from 514 MiB to 18 MiB for an uncompressed binary cache, and from 192 MiB to 53 MiB for a bzipped binary cache. It may also be faster because fetching can happen concurrently with decompression/writing. Continuation of 48662d151bdf4a38670897beacea9d1bd750376a. Issue https://github.com/NixOS/nix/issues/1681.
2018-03-27 21:12:31 +00:00
void readFile(const Path & path, Sink & sink)
{
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
Remove trailing whitespace
2020-06-15 12:12:39 +00:00
if (!fd)
implement SysError errno handling
2020-05-06 20:07:20 +00:00
throw SysError("opening file '%s'", path);
Make LocalBinaryCacheStore::narFromPath() run in constant memory This reduces memory consumption of nix copy --from file://... --to ~/my-nix /nix/store/95cwv4q54dc6giaqv6q6p4r02ia2km35-blender-2.79 from 514 MiB to 18 MiB for an uncompressed binary cache, and from 192 MiB to 53 MiB for a bzipped binary cache. It may also be faster because fetching can happen concurrently with decompression/writing. Continuation of 48662d151bdf4a38670897beacea9d1bd750376a. Issue https://github.com/NixOS/nix/issues/1681.
2018-03-27 21:12:31 +00:00
drainFD(fd.get(), sink);
}
writeFull/writeFile: Use std::string_view
2020-12-02 11:43:52 +00:00
void writeFile(const Path & path, std::string_view s, mode_t mode)
* Automatically upgrade <= 0.7 Nix stores to the new schema (so that existing user environments continue to work). * `nix-store --verify': detect incomplete closures.
2005-02-09 09:50:29 +00:00
{
Support netrc in <nix/fetchurl.nix> This allows <nix/fetchurl.nix> to fetch private Git/Mercurial repositories, e.g. import <nix/fetchurl.nix> { url = https://edolstra@bitbucket.org/edolstra/my-private-repo/get/80a14018daed.tar.bz2; sha256 = "1mgqzn7biqkq3hf2697b0jc4wabkqhmzq2srdymjfa6sb9zb6qs7"; } where /etc/nix/netrc contains: machine bitbucket.org login edolstra password blabla... This works even when sandboxing is enabled. To do: add unpacking support (i.e. fetchzip functionality).
2017-02-16 14:42:49 +00:00
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
Modernize AutoCloseFD
2016-07-11 19:44:44 +00:00
if (!fd)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("opening file '%1%'", path);
writeFile(): Add error context to writeFull() failure Issue #4092.
2020-10-09 14:02:53 +00:00
try {
writeFull(fd.get(), s);
} catch (Error & e) {
e.addTrace({}, "writing file '%1%'", path);
throw;
}
* Automatically upgrade <= 0.7 Nix stores to the new schema (so that existing user environments continue to work). * `nix-store --verify': detect incomplete closures.
2005-02-09 09:50:29 +00:00
}
Make <nix/fetchurl.nix> run in constant memory E.g. nix-build --store ~/my-nix/ -E 'import <nix/fetchurl.nix> { url = https://cache.nixos.org/nar/0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv.nar.xz; sha256 = "0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv"; }' now runs in 17 MiB (was 70 MiB), while nix-build --store ~/my-nix/ -E 'import <nix/fetchurl.nix> { url = https://cache.nixos.org/nar/0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv.nar.xz; sha256 = "0d2fxljdih3nc5dqx41hjzic3141ajil94m8kdbpryq569dpsbvb"; unpack = true; }' runs in 17 MiB (was 346 MiB).
2018-03-28 11:32:44 +00:00
void writeFile(const Path & path, Source & source, mode_t mode)
{
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, mode);
if (!fd)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("opening file '%1%'", path);
Make <nix/fetchurl.nix> run in constant memory E.g. nix-build --store ~/my-nix/ -E 'import <nix/fetchurl.nix> { url = https://cache.nixos.org/nar/0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv.nar.xz; sha256 = "0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv"; }' now runs in 17 MiB (was 70 MiB), while nix-build --store ~/my-nix/ -E 'import <nix/fetchurl.nix> { url = https://cache.nixos.org/nar/0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv.nar.xz; sha256 = "0d2fxljdih3nc5dqx41hjzic3141ajil94m8kdbpryq569dpsbvb"; unpack = true; }' runs in 17 MiB (was 346 MiB).
2018-03-28 11:32:44 +00:00
read(): Use char * instead of unsigned char * This gets rid of some pointless casts.
2020-12-02 13:10:56 +00:00
std::vector<char> buf(64 * 1024);
Make <nix/fetchurl.nix> run in constant memory E.g. nix-build --store ~/my-nix/ -E 'import <nix/fetchurl.nix> { url = https://cache.nixos.org/nar/0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv.nar.xz; sha256 = "0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv"; }' now runs in 17 MiB (was 70 MiB), while nix-build --store ~/my-nix/ -E 'import <nix/fetchurl.nix> { url = https://cache.nixos.org/nar/0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv.nar.xz; sha256 = "0d2fxljdih3nc5dqx41hjzic3141ajil94m8kdbpryq569dpsbvb"; unpack = true; }' runs in 17 MiB (was 346 MiB).
2018-03-28 11:32:44 +00:00
writeFile(): Add error context to writeFull() failure Issue #4092.
2020-10-09 14:02:53 +00:00
try {
while (true) {
try {
auto n = source.read(buf.data(), buf.size());
read(): Use char * instead of unsigned char * This gets rid of some pointless casts.
2020-12-02 13:10:56 +00:00
writeFull(fd.get(), {buf.data(), n});
writeFile(): Add error context to writeFull() failure Issue #4092.
2020-10-09 14:02:53 +00:00
} catch (EndOfFile &) { break; }
}
} catch (Error & e) {
e.addTrace({}, "writing file '%1%'", path);
throw;
Make <nix/fetchurl.nix> run in constant memory E.g. nix-build --store ~/my-nix/ -E 'import <nix/fetchurl.nix> { url = https://cache.nixos.org/nar/0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv.nar.xz; sha256 = "0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv"; }' now runs in 17 MiB (was 70 MiB), while nix-build --store ~/my-nix/ -E 'import <nix/fetchurl.nix> { url = https://cache.nixos.org/nar/0nwi996rgq4b914qyx0mv2wq4k80hjac7xilikavagw7kxmn2iiv.nar.xz; sha256 = "0d2fxljdih3nc5dqx41hjzic3141ajil94m8kdbpryq569dpsbvb"; unpack = true; }' runs in 17 MiB (was 346 MiB).
2018-03-28 11:32:44 +00:00
}
}
* Simplify communication with the hook a bit (don't use file descriptors 3/4, just use stdin/stderr).
2009-03-28 19:29:55 +00:00
string readLine(int fd)
{
string s;
while (1) {
checkInterrupt();
char ch;
Use /proc/self/fd to efficiently close all FDs on Linux Issue #1506.
2017-08-09 14:22:05 +00:00
// FIXME: inefficient
* Simplify communication with the hook a bit (don't use file descriptors 3/4, just use stdin/stderr).
2009-03-28 19:29:55 +00:00
ssize_t rd = read(fd, &ch, 1);
if (rd == -1) {
if (errno != EINTR)
throw SysError("reading a line");
} else if (rd == 0)
Report substituter errors to clients of the Nix daemon
2012-08-01 15:19:24 +00:00
throw EndOfFile("unexpected EOF reading a line");
* Simplify communication with the hook a bit (don't use file descriptors 3/4, just use stdin/stderr).
2009-03-28 19:29:55 +00:00
else {
if (ch == '\n') return s;
s += ch;
}
}
}
void writeLine(int fd, string s)
{
s += '\n';
Ensure we're writing to stderr in the builder http://hydra.nixos.org/build/17862041
2014-12-12 13:35:44 +00:00
writeFull(fd, s);
* Simplify communication with the hook a bit (don't use file descriptors 3/4, just use stdin/stderr).
2009-03-28 19:29:55 +00:00
}
unsigned long long -> uint64_t
2020-07-30 11:10:49 +00:00
static void _deletePath(int parentfd, const Path & path, uint64_t & bytesFreed)
* `nix --delete' command.
2003-06-23 14:40:49 +00:00
{
* Catch SIGINT to terminate cleanly when the user tries to interrupt Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-15 20:23:55 +00:00
checkInterrupt();
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
string name(baseNameOf(path));
deletePath(): Succeed if path doesn't exist Also makes it robust against concurrent deletions.
2016-02-24 16:44:12 +00:00
struct stat st;
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
if (fstatat(parentfd, name.c_str(), &st, AT_SYMLINK_NOFOLLOW) == -1) {
deletePath(): Succeed if path doesn't exist Also makes it robust against concurrent deletions.
2016-02-24 16:44:12 +00:00
if (errno == ENOENT) return;
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("getting status of '%1%'", path);
deletePath(): Succeed if path doesn't exist Also makes it robust against concurrent deletions.
2016-02-24 16:44:12 +00:00
}
* `nix --delete' command.
2003-06-23 14:40:49 +00:00
Drop the block count in the garbage collector
2012-08-02 02:34:46 +00:00
if (!S_ISDIR(st.st_mode) && st.st_nlink == 1)
Don't rely on st_blocks It doesn't seem very reliable on ZFS.
2019-08-29 12:49:58 +00:00
bytesFreed += st.st_size;
* `nix-store --gc' prints out the number of bytes freed on stdout (even when it is interrupted by a signal).
2005-12-15 21:11:39 +00:00
* `nix --delete' command.
2003-06-23 14:40:49 +00:00
if (S_ISDIR(st.st_mode)) {
override rx directory permissions in deletePath() This fixes instantiation of pythonPackages.pytest that produces a directory with less permissions during one of it's tests that leads to a nix error like: error: opening directory ‘/tmp/nix-build-python2.7-pytest-2.9.2.drv-0/pytest-of-user/pytest-0/testdir/test_cache_failure_warns0/.cache’: Permission denied
2016-07-25 22:00:08 +00:00
/* Make the directory accessible. */
const auto PERM_MASK = S_IRUSR | S_IWUSR | S_IXUSR;
if ((st.st_mode & PERM_MASK) != PERM_MASK) {
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
if (fchmodat(parentfd, name.c_str(), st.st_mode | PERM_MASK, 0) == -1)
fixes to merged code
2020-05-11 21:52:15 +00:00
throw SysError("chmod '%1%'", path);
Remove tabs
2013-01-03 12:00:46 +00:00
}
* Remove write permission from output paths after they have been built. * Point $HOME to a non-existing path when building to prevent certain tools (such as wget) from falling back on /etc/passwd to locate the home directory (which we don't want them to look at since it's not declared as an input).
2003-08-22 20:12:44 +00:00
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
int fd = openat(parentfd, path.c_str(), O_RDONLY);
deletePath(): Return ENFILE instead of EBADF when out of file descriptors Also remove an erroneous comment.
2021-07-20 18:59:45 +00:00
if (fd == -1)
fixes to merged code
2020-05-11 21:52:15 +00:00
throw SysError("opening directory '%1%'", path);
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
AutoCloseDir dir(fdopendir(fd));
if (!dir)
fixes to merged code
2020-05-11 21:52:15 +00:00
throw SysError("opening directory '%1%'", path);
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
for (auto & i : readDirectory(dir.get(), path))
_deletePath(dirfd(dir.get()), path + "/" + i.name, bytesFreed);
* `nix --delete' command.
2003-06-23 14:40:49 +00:00
}
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
int flags = S_ISDIR(st.st_mode) ? AT_REMOVEDIR : 0;
if (unlinkat(parentfd, name.c_str(), flags) == -1) {
deletePath(): Succeed if path doesn't exist Also makes it robust against concurrent deletions.
2016-02-24 16:44:12 +00:00
if (errno == ENOENT) return;
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("cannot unlink '%1%'", path);
deletePath(): Succeed if path doesn't exist Also makes it robust against concurrent deletions.
2016-02-24 16:44:12 +00:00
}
* Remove write permission from output paths after they have been built. * Point $HOME to a non-existing path when building to prevent certain tools (such as wget) from falling back on /etc/passwd to locate the home directory (which we don't want them to look at since it's not declared as an input).
2003-08-22 20:12:44 +00:00
}
unsigned long long -> uint64_t
2020-07-30 11:10:49 +00:00
static void _deletePath(const Path & path, uint64_t & bytesFreed)
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
{
Path dir = dirOf(path);
if (dir == "")
dir = "/";
libutil: use uniform initialization in _deletePath Otherwise I get a compiler error when building for NetBSD: src/libutil/util.cc: In function 'void nix::_deletePath(const Path&, uint64_t&)': src/libutil/util.cc:438:17: error: base operand of '->' is not a pointer 438 | AutoCloseFD dirfd(open(dir.c_str(), O_RDONLY)); | ^~~~~ src/libutil/util.cc:439:10: error: 'dirfd' was not declared in this scope 439 | if (!dirfd) { | ^~~~~ src/libutil/util.cc:444:17: error: 'dirfd' was not declared in this scope 444 | _deletePath(dirfd.get(), path, bytesFreed); | ^~~~~
2021-07-24 09:19:48 +00:00
AutoCloseFD dirfd{open(dir.c_str(), O_RDONLY)};
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
if (!dirfd) {
if (errno == ENOENT) return;
fixes to merged code
2020-05-11 21:52:15 +00:00
throw SysError("opening directory '%1%'", path);
Fix long paths permanently breaking GC Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a, long enough that everything after "/nix/store/" is longer than 4096 (MAX_PATH) bytes. Nix will happily allow such a path to be inserted into the store, because it doesn't look at all the nested structure. It just cares about the /nix/store/[hash]-[name] part. But, when the path is deleted, we encounter a problem. Nix will move the path to /nix/store/trash, but then when it's trying to recursively delete the trash directory, it will at some point try to unlink /nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a. This will fail, because the path is too long. After this has failed, any store deletion operation will never work again, because Nix needs to delete the trash directory before recreating it to move new things to it. (I assume this is because otherwise a path being deleted could already exist in the trash, and then moving it would fail.) This means that if I can trick somebody into just fetching a tarball containing a path of the right length, they won't be able to delete store paths or garbage collect ever again, until the offending path is manually removed from /nix/store/trash. (And even fixing this manually is quite difficult if you don't understand the issue, because the absolute path that Nix says it failed to remove is also too long for rm(1).) This patch fixes the issue by making Nix's recursive delete operation use unlinkat(2). This function takes a relative path and a directory file descriptor. We ensure that the relative path is always just the name of the directory entry, and therefore its length will never exceed 255 bytes. This means that it will never even come close to AX_PATH, and Nix will therefore be able to handle removing arbitrarily deep directory hierachies. Since the directory file descriptor is used for recursion after being used in readDirectory, I made a variant of readDirectory that takes an already open directory stream, to avoid the directory being opened multiple times. As we have seen from this issue, the less we have to interact with paths, the better, and so it's good to reuse file descriptors where possible. I left _deletePath as succeeding even if the parent directory doesn't exist, even though that feels wrong to me, because without that early return, the linux-sandbox test failed. Reported-by: Alyssa Ross <hi@alyssa.is> Thanks-to: Puck Meerburg <puck@puckipedia.com> Tested-by: Puck Meerburg <puck@puckipedia.com> Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 14:15:15 +00:00
}
_deletePath(dirfd.get(), path, bytesFreed);
}
* Remove write permission from output paths after they have been built. * Point $HOME to a non-existing path when building to prevent certain tools (such as wget) from falling back on /etc/passwd to locate the home directory (which we don't want them to look at since it's not declared as an input).
2003-08-22 20:12:44 +00:00
* Some more nesting.
2004-03-22 21:42:28 +00:00
void deletePath(const Path & path)
* `nix-store --gc' prints out the number of bytes freed on stdout (even when it is interrupted by a signal).
2005-12-15 21:11:39 +00:00
{
unsigned long long -> uint64_t
2020-07-30 11:10:49 +00:00
uint64_t dummy;
Drop the block count in the garbage collector
2012-08-02 02:34:46 +00:00
deletePath(path, dummy);
* `nix-store --gc' prints out the number of bytes freed on stdout (even when it is interrupted by a signal).
2005-12-15 21:11:39 +00:00
}
unsigned long long -> uint64_t
2020-07-30 11:10:49 +00:00
void deletePath(const Path & path, uint64_t & bytesFreed)
* Some more nesting.
2004-03-22 21:42:28 +00:00
{
Replace Unicode quotes in user-facing strings by ASCII Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-30 11:27:57 +00:00
//Activity act(*logger, lvlDebug, format("recursively deleting path '%1%'") % path);
* `nix-store --gc' prints out the number of bytes freed on stdout (even when it is interrupted by a signal).
2005-12-15 21:11:39 +00:00
bytesFreed = 0;
Drop the block count in the garbage collector
2012-08-02 02:34:46 +00:00
_deletePath(path, bytesFreed);
* Some more nesting.
2004-03-22 21:42:28 +00:00
}
* Use /tmp/nix-build-<drvpath>-<counter> instead of /tmp/nix-<pid>-<counter> for temporary build directories. This increases purity a bit: many packages store the temporary build path in their output, causing (generally unimportant) binary differences.
2008-03-27 13:45:17 +00:00
static Path tempName(Path tmpRoot, const Path & prefix, bool includePid,
int & counter)
* Nix now respects $TMPDIR for the creation of temporary build directories. * Retry creation of a temporary directory (with a different name) in the case of EEXIST.
2003-10-02 11:55:38 +00:00
{
getEnv(): Return std::optional This allows distinguishing between an empty value and no value.
2019-11-22 15:06:44 +00:00
tmpRoot = canonPath(tmpRoot.empty() ? getEnv("TMPDIR").value_or("/tmp") : tmpRoot, true);
* Use /tmp/nix-build-<drvpath>-<counter> instead of /tmp/nix-<pid>-<counter> for temporary build directories. This increases purity a bit: many packages store the temporary build path in their output, causing (generally unimportant) binary differences.
2008-03-27 13:45:17 +00:00
if (includePid)
return (format("%1%/%2%-%3%-%4%") % tmpRoot % prefix % getpid() % counter++).str();
else
return (format("%1%/%2%-%3%") % tmpRoot % prefix % counter++).str();
* Nix now respects $TMPDIR for the creation of temporary build directories. * Retry creation of a temporary directory (with a different name) in the case of EEXIST.
2003-10-02 11:55:38 +00:00
}
* Use /tmp/nix-build-<drvpath>-<counter> instead of /tmp/nix-<pid>-<counter> for temporary build directories. This increases purity a bit: many packages store the temporary build path in their output, causing (generally unimportant) binary differences.
2008-03-27 13:45:17 +00:00
Path createTempDir(const Path & tmpRoot, const Path & prefix,
Set permissions on temporary build directories to 0700 Fixes #39.
2012-07-26 19:04:40 +00:00
bool includePid, bool useGlobalCounter, mode_t mode)
* Nix now respects $TMPDIR for the creation of temporary build directories. * Retry creation of a temporary directory (with a different name) in the case of EEXIST.
2003-10-02 11:55:38 +00:00
{
* Use /tmp/nix-build-<drvpath>-<counter> instead of /tmp/nix-<pid>-<counter> for temporary build directories. This increases purity a bit: many packages store the temporary build path in their output, causing (generally unimportant) binary differences.
2008-03-27 13:45:17 +00:00
static int globalCounter = 0;
int localCounter = 0;
int & counter(useGlobalCounter ? globalCounter : localCounter);
Remove tabs
2013-01-03 12:00:46 +00:00
* Nix now respects $TMPDIR for the creation of temporary build directories. * Retry creation of a temporary directory (with a different name) in the case of EEXIST.
2003-10-02 11:55:38 +00:00
while (1) {
* Catch SIGINT to terminate cleanly when the user tries to interrupt Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-15 20:23:55 +00:00
checkInterrupt();
Remove tabs
2013-01-03 12:00:46 +00:00
Path tmpDir = tempName(tmpRoot, prefix, includePid, counter);
if (mkdir(tmpDir.c_str(), mode) == 0) {
createTempDir(): Don't do a chown on Linux It's not needed and can cause problems in a user namespace.
2016-06-02 16:17:30 +00:00
#if __FreeBSD__
Remove tabs
2013-01-03 12:00:46 +00:00
/* Explicitly set the group of the directory. This is to
work around around problems caused by BSD's group
ownership semantics (directories inherit the group of
the parent). For instance, the group of /tmp on
FreeBSD is "wheel", so all directories created in /tmp
will be owned by "wheel"; but if the user is not in
"wheel", then "tar" will fail to unpack archives that
have the setgid bit set on directories. */
if (chown(tmpDir.c_str(), (uid_t) -1, getegid()) != 0)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("setting group of directory '%1%'", tmpDir);
createTempDir(): Don't do a chown on Linux It's not needed and can cause problems in a user namespace.
2016-06-02 16:17:30 +00:00
#endif
Remove tabs
2013-01-03 12:00:46 +00:00
return tmpDir;
}
if (errno != EEXIST)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("creating directory '%1%'", tmpDir);
* Nix now respects $TMPDIR for the creation of temporary build directories. * Retry creation of a temporary directory (with a different name) in the case of EEXIST.
2003-10-02 11:55:38 +00:00
}
}
Backport 'nix dev-shell' from the flakes branch This also adds a '--profile' option to 'nix build' (replacing 'nix-env --set').
2020-03-30 17:14:17 +00:00
std::pair<AutoCloseFD, Path> createTempFile(const Path & prefix)
{
Path tmpl(getEnv("TMPDIR").value_or("/tmp") + "/" + prefix + ".XXXXXX");
// Strictly speaking, this is UB, but who cares...
Delete compressed NARs Fixes #3891.
2020-08-03 16:33:39 +00:00
// FIXME: use O_TMPFILE.
Backport 'nix dev-shell' from the flakes branch This also adds a '--profile' option to 'nix build' (replacing 'nix-env --set').
2020-03-30 17:14:17 +00:00
AutoCloseFD fd(mkstemp((char *) tmpl.c_str()));
if (!fd)
throw SysError("creating temporary file '%s'", tmpl);
createTempFile(): Mark file as CLOEEXEC Fixes #5674.
2021-11-29 10:20:50 +00:00
closeOnExec(fd.get());
Backport 'nix dev-shell' from the flakes branch This also adds a '--profile' option to 'nix build' (replacing 'nix-env --set').
2020-03-30 17:14:17 +00:00
return {std::move(fd), tmpl};
}
nix-env: Create ~/.nix-profile automatically
2019-10-09 17:21:07 +00:00
std::string getUserName()
{
auto pw = getpwuid(geteuid());
getEnv(): Return std::optional This allows distinguishing between an empty value and no value.
2019-11-22 15:06:44 +00:00
std::string name = pw ? pw->pw_name : getEnv("USER").value_or("");
nix-env: Create ~/.nix-profile automatically
2019-10-09 17:21:07 +00:00
if (name.empty())
throw Error("cannot figure out user name");
return name;
}
Remove Lazy This fixes a crash during startup when compiling Nix as a single compilation unit.
2020-10-09 15:54:59 +00:00
Path getHome()
{
static Path homeDir = []()
{
auto homeDir = getEnv("HOME");
if (!homeDir) {
std::vector<char> buf(16384);
struct passwd pwbuf;
struct passwd * pw;
if (getpwuid_r(geteuid(), &pwbuf, buf.data(), buf.size(), &pw) != 0
|| !pw || !pw->pw_dir || !pw->pw_dir[0])
throw Error("cannot determine user's home directory");
homeDir = pw->pw_dir;
}
return *homeDir;
}();
return homeDir;
}
Figure out the user's home directory if $HOME is not set
2017-05-05 14:40:12 +00:00
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
Path getCacheDir()
{
getEnv(): Return std::optional This allows distinguishing between an empty value and no value.
2019-11-22 15:06:44 +00:00
auto cacheDir = getEnv("XDG_CACHE_HOME");
return cacheDir ? *cacheDir : getHome() + "/.cache";
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
}
Read per-user settings from ~/.config/nix/nix.conf
2017-04-20 12:58:16 +00:00
Path getConfigDir()
{
getEnv(): Return std::optional This allows distinguishing between an empty value and no value.
2019-11-22 15:06:44 +00:00
auto configDir = getEnv("XDG_CONFIG_HOME");
return configDir ? *configDir : getHome() + "/.config";
Read per-user settings from ~/.config/nix/nix.conf
2017-04-20 12:58:16 +00:00
}
config: use all of XDG_CONFIG_DIRS Previously, config would only be read from XDG_CONFIG_HOME. This change allows reading config from additional directories, which enables e.g. per-project binary caches or chroot stores with the help of direnv.
2018-10-25 11:00:21 +00:00
std::vector<Path> getConfigDirs()
{
Path configHome = getConfigDir();
Fix XDG_CONFIG_DIRS fallback According to XDG Base Directory Specification, it should fall back to /etc/xdg when the env var is not present.
2021-11-17 13:28:43 +00:00
string configDirs = getEnv("XDG_CONFIG_DIRS").value_or("/etc/xdg");
config: use all of XDG_CONFIG_DIRS Previously, config would only be read from XDG_CONFIG_HOME. This change allows reading config from additional directories, which enables e.g. per-project binary caches or chroot stores with the help of direnv.
2018-10-25 11:00:21 +00:00
std::vector<Path> result = tokenizeString<std::vector<string>>(configDirs, ":");
result.insert(result.begin(), configHome);
return result;
}
Read per-user settings from ~/.config/nix/nix.conf
2017-04-20 12:58:16 +00:00
nix repl: Use $XDG_DATA_HOME for the readline history
2017-04-25 16:56:29 +00:00
Path getDataDir()
{
getEnv(): Return std::optional This allows distinguishing between an empty value and no value.
2019-11-22 15:06:44 +00:00
auto dataDir = getEnv("XDG_DATA_HOME");
return dataDir ? *dataDir : getHome() + "/.local/share";
nix repl: Use $XDG_DATA_HOME for the readline history
2017-04-25 16:56:29 +00:00
}
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
Paths createDirs(const Path & path)
* Create missing log and temproots directories automatically (reported by Rob).
2005-03-24 17:46:38 +00:00
{
* Merged the no-bdb branch (-r10900:HEAD https://svn.nixos.org/repos/nix/nix/branches/no-bdb).
2008-06-09 13:52:45 +00:00
Paths created;
if (path == "/") return created;
* createDirs(path): if path already exists, make sure it's a directory. * Provide a C++ wrapper around lstat().
2010-12-13 13:32:58 +00:00
struct stat st;
if (lstat(path.c_str(), &st) == -1) {
* Merged the no-bdb branch (-r10900:HEAD https://svn.nixos.org/repos/nix/nix/branches/no-bdb).
2008-06-09 13:52:45 +00:00
created = createDirs(dirOf(path));
* createDirs(path): if path already exists, make sure it's a directory. * Provide a C++ wrapper around lstat().
2010-12-13 13:32:58 +00:00
if (mkdir(path.c_str(), 0777) == -1 && errno != EEXIST)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("creating directory '%1%'", path);
* createDirs(path): if path already exists, make sure it's a directory. * Provide a C++ wrapper around lstat().
2010-12-13 13:32:58 +00:00
st = lstat(path);
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
created.push_back(path);
}
* createDirs(path): if path already exists, make sure it's a directory. * Provide a C++ wrapper around lstat().
2010-12-13 13:32:58 +00:00
createDirs(): Handle ‘path’ being a symlink In particular, this fixes "nix-build -o /tmp/result" on Mac OS X (where /tmp is a symlink).
2014-10-03 14:53:28 +00:00
if (S_ISLNK(st.st_mode) && stat(path.c_str(), &st) == -1)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("statting symlink '%1%'", path);
createDirs(): Handle ‘path’ being a symlink In particular, this fixes "nix-build -o /tmp/result" on Mac OS X (where /tmp is a symlink).
2014-10-03 14:53:28 +00:00
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
if (!S_ISDIR(st.st_mode)) throw Error("'%1%' is not a directory", path);
Remove tabs
2013-01-03 12:00:46 +00:00
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
return created;
* Create missing log and temproots directories automatically (reported by Rob).
2005-03-24 17:46:38 +00:00
}
Get last commit time of github flakes
2019-05-28 20:35:41 +00:00
void createSymlink(const Path & target, const Path & link,
std::optional<time_t> mtime)
Set up a minimal /dev in chroots Not bind-mounting the /dev from the host also solves the problem with /dev/shm being a symlink to something not in the chroot.
2014-02-27 22:17:53 +00:00
{
if (symlink(target.c_str(), link.c_str()))
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("creating symlink from '%1%' to '%2%'", link, target);
Get last commit time of github flakes
2019-05-28 20:35:41 +00:00
if (mtime) {
struct timeval times[2];
times[0].tv_sec = *mtime;
times[0].tv_usec = 0;
times[1].tv_sec = *mtime;
times[1].tv_usec = 0;
if (lutimes(link.c_str(), times))
throw SysError("setting time of symlink '%s'", link);
}
Set up a minimal /dev in chroots Not bind-mounting the /dev from the host also solves the problem with /dev/shm being a symlink to something not in the chroot.
2014-02-27 22:17:53 +00:00
}
Get last commit time of github flakes
2019-05-28 20:35:41 +00:00
void replaceSymlink(const Path & target, const Path & link,
std::optional<time_t> mtime)
Implement caching of fetchurl/fetchTarball results ETags are used to prevent redownloading unchanged files.
2015-04-09 09:42:04 +00:00
{
replaceSymlink(): Handle the case where the temporary file already exists Not really necessary anymore for #849, but still nice to have.
2017-07-11 21:20:01 +00:00
for (unsigned int n = 0; true; n++) {
Path tmp = canonPath(fmt("%s/.%d_%s", dirOf(link), n, baseNameOf(link)));
try {
Get last commit time of github flakes
2019-05-28 20:35:41 +00:00
createSymlink(target, tmp, mtime);
replaceSymlink(): Handle the case where the temporary file already exists Not really necessary anymore for #849, but still nice to have.
2017-07-11 21:20:01 +00:00
} catch (SysError & e) {
if (e.errNo == EEXIST) continue;
throw;
}
Implement caching of fetchurl/fetchTarball results ETags are used to prevent redownloading unchanged files.
2015-04-09 09:42:04 +00:00
replaceSymlink(): Handle the case where the temporary file already exists Not really necessary anymore for #849, but still nice to have.
2017-07-11 21:20:01 +00:00
if (rename(tmp.c_str(), link.c_str()) != 0)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("renaming '%1%' to '%2%'", tmp, link);
Implement caching of fetchurl/fetchTarball results ETags are used to prevent redownloading unchanged files.
2015-04-09 09:42:04 +00:00
replaceSymlink(): Handle the case where the temporary file already exists Not really necessary anymore for #849, but still nice to have.
2017-07-11 21:20:01 +00:00
break;
}
Implement caching of fetchurl/fetchTarball results ETags are used to prevent redownloading unchanged files.
2015-04-09 09:42:04 +00:00
}
read(): Use char * instead of unsigned char * This gets rid of some pointless casts.
2020-12-02 13:10:56 +00:00
void readFull(int fd, char * buf, size_t count)
* Argh, another short-write problem. Added wrappers around read()/write() to fix this once and for all.
2003-07-20 21:11:43 +00:00
{
while (count) {
* Catch SIGINT to terminate cleanly when the user tries to interrupt Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-15 20:23:55 +00:00
checkInterrupt();
read(): Use char * instead of unsigned char * This gets rid of some pointless casts.
2020-12-02 13:10:56 +00:00
ssize_t res = read(fd, buf, count);
* Ignore interrupt signals while handling an exception. * Ignore EINTR in reads and writes.
2004-05-11 13:48:25 +00:00
if (res == -1) {
if (errno == EINTR) continue;
throw SysError("reading from file");
}
* Daemon mode (`nix-worker --daemon'). Clients connect to the server via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes.
2006-12-04 17:17:13 +00:00
if (res == 0) throw EndOfFile("unexpected end-of-file");
* Argh, another short-write problem. Added wrappers around read()/write() to fix this once and for all.
2003-07-20 21:11:43 +00:00
count -= res;
buf += res;
}
}
Sink: Use std::string_view
2020-12-02 13:00:43 +00:00
void writeFull(int fd, std::string_view s, bool allowInterrupts)
* Argh, another short-write problem. Added wrappers around read()/write() to fix this once and for all.
2003-07-20 21:11:43 +00:00
{
Sink: Use std::string_view
2020-12-02 13:00:43 +00:00
while (!s.empty()) {
Fix bogus "unexpected Nix daemon error: interrupted by the user"
2017-04-06 15:18:56 +00:00
if (allowInterrupts) checkInterrupt();
Sink: Use std::string_view
2020-12-02 13:00:43 +00:00
ssize_t res = write(fd, s.data(), s.size());
printMsg(): Don't check for interrupts Having the logger function potentially throw exceptions is Heisenbuggy.
2016-09-16 16:52:42 +00:00
if (res == -1 && errno != EINTR)
* Ignore interrupt signals while handling an exception. * Ignore EINTR in reads and writes.
2004-05-11 13:48:25 +00:00
throw SysError("writing to file");
Sink: Use std::string_view
2020-12-02 13:00:43 +00:00
if (res > 0)
s.remove_prefix(res);
* Argh, another short-write problem. Added wrappers around read()/write() to fix this once and for all.
2003-07-20 21:11:43 +00:00
}
}
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
StringSink pre allocate When used with `readFile`, we have a pretty good heuristic of the file size, so `reserve` this in the `string`. This will save some allocation / copy when the string is growing.
2020-04-29 16:44:01 +00:00
string drainFD(int fd, bool block, const size_t reserveSize)
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
{
avoid copies of parser input data when given a string yacc will copy the entire input to a newly allocated location so that it can add a second terminating NUL byte. since the parser is a very internal thing to EvalState we can ensure that having two terminating NUL bytes is always possible without copying, and have the parser itself merely check that the expected NULs are present. # before Benchmark 1: nix search --offline nixpkgs hello Time (mean ± σ): 572.4 ms ± 2.3 ms [User: 563.4 ms, System: 8.6 ms] Range (min … max): 566.9 ms … 579.1 ms 50 runs Benchmark 2: nix eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix Time (mean ± σ): 381.7 ms ± 1.0 ms [User: 348.3 ms, System: 33.1 ms] Range (min … max): 380.2 ms … 387.7 ms 50 runs Benchmark 3: nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.936 s ± 0.005 s [User: 2.715 s, System: 0.221 s] Range (min … max): 2.923 s … 2.946 s 50 runs # after Benchmark 1: nix search --offline nixpkgs hello Time (mean ± σ): 571.7 ms ± 2.4 ms [User: 563.3 ms, System: 8.0 ms] Range (min … max): 566.7 ms … 579.7 ms 50 runs Benchmark 2: nix eval -f ../nixpkgs/pkgs/development/haskell-modules/hackage-packages.nix Time (mean ± σ): 376.6 ms ± 1.0 ms [User: 345.8 ms, System: 30.5 ms] Range (min … max): 374.5 ms … 379.1 ms 50 runs Benchmark 3: nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.922 s ± 0.006 s [User: 2.707 s, System: 0.215 s] Range (min … max): 2.906 s … 2.934 s 50 runs
2021-12-21 12:56:57 +00:00
// the parser needs two extra bytes to append terminating characters, other users will
// not care very much about the extra memory.
StringSink sink(reserveSize + 2);
Hack to get SSH error messages from build-remote E.g. cannot build on 'ssh://mac1': cannot connect to 'mac1': bash: nix-store: command not found cannot build on 'ssh://mac2': cannot connect to 'mac2': Host key verification failed. cannot build on 'ssh://mac3': cannot connect to 'mac3': Received disconnect from 213... port 6001:2: Too many authentication failures Authentication failed.
2018-03-20 14:17:59 +00:00
drainFD(fd, sink, block);
Get rid of std::shared_ptr<std::string> and ref<std::string> These were needed back in the pre-C++11 era because we didn't have move semantics. But now we do.
2022-01-17 21:20:05 +00:00
return std::move(sink.s);
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
}
Hack to get SSH error messages from build-remote E.g. cannot build on 'ssh://mac1': cannot connect to 'mac1': bash: nix-store: command not found cannot build on 'ssh://mac2': cannot connect to 'mac2': Host key verification failed. cannot build on 'ssh://mac3': cannot connect to 'mac3': Received disconnect from 213... port 6001:2: Too many authentication failures Authentication failed.
2018-03-20 14:17:59 +00:00
void drainFD(int fd, Sink & sink, bool block)
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
{
Hack to get SSH error messages from build-remote E.g. cannot build on 'ssh://mac1': cannot connect to 'mac1': bash: nix-store: command not found cannot build on 'ssh://mac2': cannot connect to 'mac2': Host key verification failed. cannot build on 'ssh://mac3': cannot connect to 'mac3': Received disconnect from 213... port 6001:2: Too many authentication failures Authentication failed.
2018-03-20 14:17:59 +00:00
int saved;
Finally finally([&]() {
if (!block) {
if (fcntl(fd, F_SETFL, saved) == -1)
throw SysError("making file descriptor blocking");
}
});
if (!block) {
saved = fcntl(fd, F_GETFL);
if (fcntl(fd, F_SETFL, saved | O_NONBLOCK) == -1)
throw SysError("making file descriptor non-blocking");
}
Make LocalBinaryCacheStore::narFromPath() run in constant memory This reduces memory consumption of nix copy --from file://... --to ~/my-nix /nix/store/95cwv4q54dc6giaqv6q6p4r02ia2km35-blender-2.79 from 514 MiB to 18 MiB for an uncompressed binary cache, and from 192 MiB to 53 MiB for a bzipped binary cache. It may also be faster because fetching can happen concurrently with decompression/writing. Continuation of 48662d151bdf4a38670897beacea9d1bd750376a. Issue https://github.com/NixOS/nix/issues/1681.
2018-03-27 21:12:31 +00:00
std::vector<unsigned char> buf(64 * 1024);
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
while (1) {
* Get rid of the substitutes database table (NIX-47). Instead, if we need any info on substitutable paths, we just call the substituters (such as download-using-manifests.pl) directly. This means that it's no longer necessary for nix-pull to register substitutes or for nix-channel to clear them, which makes those operations much faster (NIX-95). Also, we don't have to worry about keeping nix-pull manifests (in /nix/var/nix/manifests) and the database in sync with each other. The downside is that there is some overhead in calling an external program to get the substitutes info. For instance, "nix-env -qas" takes a bit longer. Abolishing the substitutes table also makes the logic in local-store.cc simpler, as we don't need to store info for invalid paths. On the downside, you cannot do things like "nix-store -qR" on a substitutable but invalid path (but nobody did that anyway). * Never catch interrupts (the Interrupted exception).
2007-08-12 00:29:28 +00:00
checkInterrupt();
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
ssize_t rd = read(fd, buf.data(), buf.size());
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
if (rd == -1) {
Hack to get SSH error messages from build-remote E.g. cannot build on 'ssh://mac1': cannot connect to 'mac1': bash: nix-store: command not found cannot build on 'ssh://mac2': cannot connect to 'mac2': Host key verification failed. cannot build on 'ssh://mac3': cannot connect to 'mac3': Received disconnect from 213... port 6001:2: Too many authentication failures Authentication failed.
2018-03-20 14:17:59 +00:00
if (!block && (errno == EAGAIN || errno == EWOULDBLOCK))
break;
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
if (errno != EINTR)
throw SysError("reading from file");
}
else if (rd == 0) break;
Sink: Use std::string_view
2020-12-02 13:00:43 +00:00
else sink({(char *) buf.data(), (size_t) rd});
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
}
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
//////////////////////////////////////////////////////////////////////
AutoDelete: Add default constructor with deletion disabled
2015-11-16 10:53:10 +00:00
AutoDelete::AutoDelete() : del{false} {}
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
AutoDelete::AutoDelete(const string & p, bool recursive) : path(p)
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
{
del = true;
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
this->recursive = recursive;
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
}
AutoDelete::~AutoDelete()
{
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
try {
* GCC 4.3.0 (Fedora 9) compatibility fixes. Reported by Gour and Armijn Hemel.
2008-05-21 11:17:31 +00:00
if (del) {
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
if (recursive)
deletePath(path);
else {
if (remove(path.c_str()) == -1)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("cannot unlink '%1%'", path);
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
}
* GCC 4.3.0 (Fedora 9) compatibility fixes. Reported by Gour and Armijn Hemel.
2008-05-21 11:17:31 +00:00
}
* Support for doing builds in a chroot under Linux. The builder is executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-10-27 00:46:59 +00:00
} catch (...) {
ignoreException();
}
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
}
void AutoDelete::cancel()
{
del = false;
}
Default arguments belong at declaration, not definition
2015-11-16 10:55:55 +00:00
void AutoDelete::reset(const Path & p, bool recursive) {
Fix copy-paste error
2015-11-16 10:54:34 +00:00
path = p;
AutoDelete: Add default constructor with deletion disabled
2015-11-16 10:53:10 +00:00
this->recursive = recursive;
del = true;
}
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
//////////////////////////////////////////////////////////////////////
Modernize AutoCloseFD
2016-07-11 19:44:44 +00:00
AutoCloseFD::AutoCloseFD() : fd{-1} {}
AutoCloseFD::AutoCloseFD(int fd) : fd{fd} {}
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
PathSubstitutionGoal: Clean up pipe If there were many top-level goals (which are not destroyed until the very end), commands like $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \ /run/current-system --no-check-sigs --substitute-on-destination could fail with "Too many open files". So now we do some explicit cleanup from amDone(). It would be cleaner to separate goals from their temporary internal state, but that would be a bigger refactor.
2021-04-07 10:21:31 +00:00
AutoCloseFD::AutoCloseFD(AutoCloseFD && that) : fd{that.fd}
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
{
Modernize AutoCloseFD
2016-07-11 19:44:44 +00:00
that.fd = -1;
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
PathSubstitutionGoal: Clean up pipe If there were many top-level goals (which are not destroyed until the very end), commands like $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \ /run/current-system --no-check-sigs --substitute-on-destination could fail with "Too many open files". So now we do some explicit cleanup from amDone(). It would be cleaner to separate goals from their temporary internal state, but that would be a bigger refactor.
2021-04-07 10:21:31 +00:00
AutoCloseFD & AutoCloseFD::operator =(AutoCloseFD && that)
* Start of concurrent garbage collection. Processes write temporary roots to a per-process temporary file in /nix/var/nix/temproots while holding a write lock on that file. The garbage collector acquires read locks on all those files, thus blocking further progress in other Nix processes, and reads the sets of temporary roots.
2005-01-31 10:27:25 +00:00
{
Modernize AutoCloseFD
2016-07-11 19:44:44 +00:00
close();
fd = that.fd;
that.fd = -1;
return *this;
* Start of concurrent garbage collection. Processes write temporary roots to a per-process temporary file in /nix/var/nix/temproots while holding a write lock on that file. The garbage collector acquires read locks on all those files, thus blocking further progress in other Nix processes, and reads the sets of temporary roots.
2005-01-31 10:27:25 +00:00
}
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
AutoCloseFD::~AutoCloseFD()
{
* Refactoring.
2004-06-15 13:49:42 +00:00
try {
close();
* Set a terminate() handler to ensure that we leave the BDB environment cleanly even when an exception is thrown from a destructor. We still crash, but we don't take all other Nix processes with us.
2007-05-01 15:16:17 +00:00
} catch (...) {
ignoreException();
* Refactoring.
2004-06-15 13:49:42 +00:00
}
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
Modernize AutoCloseFD
2016-07-11 19:44:44 +00:00
int AutoCloseFD::get() const
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
{
return fd;
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
* Refactoring.
2004-06-15 13:49:42 +00:00
void AutoCloseFD::close()
{
if (fd != -1) {
if (::close(fd) == -1)
/* This should never happen. */
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("closing file descriptor %1%", fd);
PathSubstitutionGoal: Clean up pipe If there were many top-level goals (which are not destroyed until the very end), commands like $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \ /run/current-system --no-check-sigs --substitute-on-destination could fail with "Too many open files". So now we do some explicit cleanup from amDone(). It would be cleaner to separate goals from their temporary internal state, but that would be a bigger refactor.
2021-04-07 10:21:31 +00:00
fd = -1;
* Refactoring.
2004-06-15 13:49:42 +00:00
}
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
Modernize AutoCloseFD
2016-07-11 19:44:44 +00:00
AutoCloseFD::operator bool() const
* Refactoring.
2004-06-15 13:49:42 +00:00
{
return fd != -1;
}
Modernize AutoCloseFD
2016-07-11 19:44:44 +00:00
int AutoCloseFD::release()
* Make lock removal safe by signalling to blocked processes that the lock they are waiting on has become stale (we do this by writing a meaningless token to the unlinked file).
2005-01-27 12:19:25 +00:00
{
int oldFD = fd;
fd = -1;
return oldFD;
}
* Refactoring.
2004-06-15 13:49:42 +00:00
void Pipe::create()
{
int fds[2];
Use O_CLOEXEC in most places
2016-06-09 14:15:58 +00:00
#if HAVE_PIPE2
if (pipe2(fds, O_CLOEXEC) != 0) throw SysError("creating pipe");
#else
* Refactoring.
2004-06-15 13:49:42 +00:00
if (pipe(fds) != 0) throw SysError("creating pipe");
Use O_CLOEXEC in most places
2016-06-09 14:15:58 +00:00
closeOnExec(fds[0]);
closeOnExec(fds[1]);
#endif
* Refactoring.
2004-06-15 13:49:42 +00:00
readSide = fds[0];
writeSide = fds[1];
}
* Some wrapper classes to ensure that file descriptors / directory handles are closed when they go out of scope.
2003-10-22 10:48:22 +00:00
PathSubstitutionGoal: Clean up pipe If there were many top-level goals (which are not destroyed until the very end), commands like $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \ /run/current-system --no-check-sigs --substitute-on-destination could fail with "Too many open files". So now we do some explicit cleanup from amDone(). It would be cleaner to separate goals from their temporary internal state, but that would be a bigger refactor.
2021-04-07 10:21:31 +00:00
void Pipe::close()
{
readSide.close();
writeSide.close();
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
//////////////////////////////////////////////////////////////////////
Pid::Pid()
{
}
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
Pid::Pid(pid_t pid)
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
: pid(pid)
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
{
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
Pid::~Pid()
{
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
if (pid != -1) kill();
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
}
void Pid::operator =(pid_t pid)
{
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
if (this->pid != -1 && this->pid != pid) kill();
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
this->pid = pid;
* Terminate build hooks and substitutes with a TERM signal, not a KILL signal. This is necessary because those processes may have joined the BDB environment, so they have to be given a chance to clean up. (NIX-85)
2007-03-19 12:48:45 +00:00
killSignal = SIGKILL; // reset signal to default
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
}
Pid::operator pid_t()
{
return pid;
}
Remove "killing process <pid>" messages They convey no useful information.
2017-03-16 09:52:28 +00:00
int Pid::kill()
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
{
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
assert(pid != -1);
Use vfork() instead of fork() if available Hopefully this reduces the chance of hitting ‘unable to fork: Cannot allocate memory’ errors. vfork() is used for everything except starting builders.
2012-11-09 17:00:33 +00:00
fixes to merged code
2020-05-11 21:52:15 +00:00
debug("killing process %1%", pid);
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
* Terminate build hooks and substitutes with a TERM signal, not a KILL signal. This is necessary because those processes may have joined the BDB environment, so they have to be given a chance to clean up. (NIX-85)
2007-03-19 12:48:45 +00:00
/* Send the requested signal to the child. If it has its own
process group, send the signal to every process in the child
process group (which hopefully includes *all* its children). */
Suppress spurious "killing process N: Operation not permitted" on macOS
2017-06-12 16:34:48 +00:00
if (::kill(separatePG ? -pid : pid, killSignal) != 0) {
/* On BSDs, killing a process group will return EPERM if all
processes in the group are zombies (or something like
that). So try to detect and ignore that situation. */
#if __FreeBSD__ || __APPLE__
if (errno != EPERM || ::kill(pid, 0) != 0)
#endif
change status messages to info level
2020-05-13 15:52:36 +00:00
logError(SysError("killing process %d", pid).info());
Suppress spurious "killing process N: Operation not permitted" on macOS
2017-06-12 16:34:48 +00:00
}
* A flag `--keep-going / -k' to keep building goals if one fails, as much as possible. (This is similar to GNU Make's `-k' flag.) * Refactoring to implement this: previously we just bombed out when a build failed, but now we have to clean up. In particular this means that goals must be freed quickly --- they shouldn't hang around until the worker exits. So the worker now maintains weak pointers in order not to prevent garbage collection. * Documented the `-k' and `-j' flags.
2004-06-25 15:36:09 +00:00
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
return wait();
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
}
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
int Pid::wait()
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
{
Don't keep "disabled" substituters running For instance, it's pointless to keep copy-from-other-stores running if there are no other stores, or download-using-manifests if there are no manifests. This also speeds things up because we don't send queries to those substituters.
2013-06-20 09:55:15 +00:00
assert(pid != -1);
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
while (1) {
int status;
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
int res = waitpid(pid, &status, 0);
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
if (res == pid) {
pid = -1;
return status;
}
if (errno != EINTR)
Show failing PID
2021-10-05 10:26:04 +00:00
throw SysError("cannot get exit status of PID %d", pid);
* Daemon mode (`nix-worker --daemon'). Clients connect to the server via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes.
2006-12-04 17:17:13 +00:00
checkInterrupt();
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
}
}
void Pid::setSeparatePG(bool separatePG)
{
this->separatePG = separatePG;
}
* Terminate build hooks and substitutes with a TERM signal, not a KILL signal. This is necessary because those processes may have joined the BDB environment, so they have to be given a chance to clean up. (NIX-85)
2007-03-19 12:48:45 +00:00
void Pid::setKillSignal(int signal)
{
this->killSignal = signal;
}
Add some functions needed by hydra
2016-10-12 13:49:37 +00:00
pid_t Pid::release()
{
pid_t p = pid;
pid = -1;
return p;
}
* Move killUser() to libutil so that the setuid helper can use it.
2006-12-07 00:16:07 +00:00
void killUser(uid_t uid)
{
fixes to merged code
2020-05-11 21:52:15 +00:00
debug("killing all processes running under uid '%1%'", uid);
* Move killUser() to libutil so that the setuid helper can use it.
2006-12-07 00:16:07 +00:00
assert(uid != 0); /* just to be safe... */
/* The system call kill(-1, sig) sends the signal `sig' to all
users to which the current process can send signals. So we
fork a process, switch to uid, and send a mass kill. */
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
Pid pid = startProcess([&]() {
* Move killUser() to libutil so that the setuid helper can use it.
2006-12-07 00:16:07 +00:00
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
if (setuid(uid) == -1)
throw SysError("setting uid");
* Move killUser() to libutil so that the setuid helper can use it.
2006-12-07 00:16:07 +00:00
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
while (true) {
killUser: Don't let the child kill itself on Apple The kill(2) in Apple's libc follows POSIX semantics, which means that kill(-1, SIGKILL) will kill the calling process too. Since nix has no way to distinguish between the process successfully killing everything and the process being killed by a rogue builder in that case, it can't safely conclude that killUser was successful. Luckily, the actual kill syscall takes a parameter that determines whether POSIX semantics are followed, so we can call that syscall directly and avoid the issue on Apple. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-18 15:13:53 +00:00
#ifdef __APPLE__
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
/* OSX's kill syscall takes a third parameter that, among
other things, determines if kill(-1, signo) affects the
calling process. In the OSX libc, it's set to true,
which means "follow POSIX", which we don't want here
killUser: Don't let the child kill itself on Apple The kill(2) in Apple's libc follows POSIX semantics, which means that kill(-1, SIGKILL) will kill the calling process too. Since nix has no way to distinguish between the process successfully killing everything and the process being killed by a rogue builder in that case, it can't safely conclude that killUser was successful. Luckily, the actual kill syscall takes a parameter that determines whether POSIX semantics are followed, so we can call that syscall directly and avoid the issue on Apple. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-18 15:13:53 +00:00
*/
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
if (syscall(SYS_kill, -1, SIGKILL, false) == 0) break;
killUser: Don't let the child kill itself on Apple The kill(2) in Apple's libc follows POSIX semantics, which means that kill(-1, SIGKILL) will kill the calling process too. Since nix has no way to distinguish between the process successfully killing everything and the process being killed by a rogue builder in that case, it can't safely conclude that killUser was successful. Luckily, the actual kill syscall takes a parameter that determines whether POSIX semantics are followed, so we can call that syscall directly and avoid the issue on Apple. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-18 15:13:53 +00:00
#else
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
if (kill(-1, SIGKILL) == 0) break;
killUser: Don't let the child kill itself on Apple The kill(2) in Apple's libc follows POSIX semantics, which means that kill(-1, SIGKILL) will kill the calling process too. Since nix has no way to distinguish between the process successfully killing everything and the process being killed by a rogue builder in that case, it can't safely conclude that killUser was successful. Luckily, the actual kill syscall takes a parameter that determines whether POSIX semantics are followed, so we can call that syscall directly and avoid the issue on Apple. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-18 15:13:53 +00:00
#endif
libutil: EPERM from kill(-1, ...) is fine I tested a trivial program that called kill(-1, SIGKILL), which was run as the only process for an unpriveleged user, on Linux and FreeBSD. On Linux, kill reported success, while on FreeBSD it failed with EPERM. POSIX says: > If pid is -1, sig shall be sent to all processes (excluding an > unspecified set of system processes) for which the process has > permission to send that signal. and > The kill() function is successful if the process has permission to > send sig to any of the processes specified by pid. If kill() fails, > no signal shall be sent. and > [EPERM] > The process does not have permission to send the signal to any > receiving process. My reading of this is that kill(-1, ...) may fail with EPERM when there are no other processes to kill (since the current process is ignored). Since kill(-1, ...) only attempts to kill processes the user has permission to kill, it can't mean that we tried to do something we didn't have permission to kill, so it should be fine to interpret EPERM the same as success here for any POSIX-compliant system. This fixes an issue that Mic92 encountered[1] when he tried to review a Nixpkgs PR on FreeBSD. [1]: https://github.com/NixOS/nixpkgs/pull/81459#issuecomment-606073668
2021-02-07 13:56:50 +00:00
if (errno == ESRCH || errno == EPERM) break; /* no more processes */
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
if (errno != EINTR)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw SysError("cannot kill processes for uid '%1%'", uid);
* Move killUser() to libutil so that the setuid helper can use it.
2006-12-07 00:16:07 +00:00
}
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
Remove the quickExit function
2012-11-09 15:42:10 +00:00
_exit(0);
Don't reset the logger in a vfork 9c766a40cbbd3a350a9582d0fd8201e3361a63b2 broke logging from the daemon, because commonChildInit is called when starting the build hook in a vfork, so it ends up resetting the parent's logger. So don't vfork. It might be best to get rid of vfork altogether, but that may cause problems, e.g. when we call an external program like git from the evaluator.
2021-10-06 11:54:59 +00:00
});
Remove tabs
2013-01-03 12:00:46 +00:00
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
int status = pid.wait();
* Clean up error messages in killUser().
2010-03-19 11:36:34 +00:00
if (status != 0)
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
throw Error("cannot kill processes for uid '%1%': %2%", uid, statusToString(status));
* Move killUser() to libutil so that the setuid helper can use it.
2006-12-07 00:16:07 +00:00
/* !!! We should really do some check to make sure that there are
no processes left running under `uid', but there is no portable
way to do so (I think). The most reliable way may be `ps -eo
uid | grep -q $uid'. */
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
//////////////////////////////////////////////////////////////////////
Use vfork
2014-12-10 15:35:42 +00:00
/* Wrapper around vfork to prevent the child process from clobbering
the caller's stack frame in the parent. */
runProgram: support gid, uid, chdir
2019-05-11 20:35:53 +00:00
static pid_t doFork(bool allowVfork, std::function<void()> fun) __attribute__((noinline));
static pid_t doFork(bool allowVfork, std::function<void()> fun)
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
{
Use vfork
2014-12-10 15:35:42 +00:00
#ifdef __linux__
pid_t pid = allowVfork ? vfork() : fork();
#else
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
pid_t pid = fork();
Use vfork
2014-12-10 15:35:42 +00:00
#endif
if (pid != 0) return pid;
fun();
abort();
}
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
Use vfork
2014-12-10 15:35:42 +00:00
pid_t startProcess(std::function<void()> fun, const ProcessOptions & options)
{
auto wrapper = [&]() {
Improved logging abstraction This also gets rid of --log-type, since the nested log type isn't useful in a multi-threaded situation, and nobody cares about the "pretty" log type.
2016-04-25 13:26:07 +00:00
if (!options.allowVfork)
Make the logger customisable Add a new `--log-format` cli argument to change the format of the logs. The possible values are - raw (the default one for old-style commands) - bar (the default one for new-style commands) - bar-with-logs (equivalent to `--print-build-logs`) - internal-json (the internal machine-readable json format)
2020-06-05 15:01:02 +00:00
logger = makeSimpleLogger();
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
try {
Use PR_SET_PDEATHSIG to ensure child cleanup
2014-08-21 13:31:43 +00:00
#if __linux__
Use vfork
2014-12-10 15:35:42 +00:00
if (options.dieWithParent && prctl(PR_SET_PDEATHSIG, SIGKILL) == -1)
Use PR_SET_PDEATHSIG to ensure child cleanup
2014-08-21 13:31:43 +00:00
throw SysError("setting death signal");
#endif
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
fun();
} catch (std::exception & e) {
startProcess: Make writing error messages from the child more robust
2014-07-23 17:11:26 +00:00
try {
Use vfork
2014-12-10 15:35:42 +00:00
std::cerr << options.errorPrefix << e.what() << "\n";
startProcess: Make writing error messages from the child more robust
2014-07-23 17:11:26 +00:00
} catch (...) { }
} catch (...) { }
Use vfork
2014-12-10 15:35:42 +00:00
if (options.runExitHandlers)
nix-daemon: Call exit(), not _exit() This was preventing destructors from running. In particular, it was preventing the deletion of the temproot file for each worker process. It may also have been responsible for the excessive WAL growth on Hydra (due to the SQLite database not being closed properly). Apparently broken by accident in 8e9140cfdef9dbd1eb61e4c75c91d452ab5e4a74.
2014-11-19 16:09:27 +00:00
exit(1);
else
_exit(1);
Use vfork
2014-12-10 15:35:42 +00:00
};
pid_t pid = doFork(options.allowVfork, wrapper);
if (pid == -1) throw SysError("unable to fork");
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
return pid;
}
Use std::vector::data()
2015-06-09 08:50:55 +00:00
std::vector<char *> stringsToCharPtrs(const Strings & ss)
Fix some memory leaks
2014-12-12 14:01:16 +00:00
{
Use std::vector::data()
2015-06-09 08:50:55 +00:00
std::vector<char *> res;
for (auto & s : ss) res.push_back((char *) s.c_str());
Fix some memory leaks
2014-12-12 14:01:16 +00:00
res.push_back(0);
return res;
}
Use libsodium instead of OpenSSL for binary cache signing Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2015-02-04 15:43:32 +00:00
string runProgram(Path program, bool searchPath, const Strings & args,
experimental/optional -> optional
2019-02-12 12:43:32 +00:00
const std::optional<std::string> & input)
fetchMercurial: Don't fetch hashes we already have
2017-11-01 17:43:11 +00:00
{
Fix macOS build
2021-09-14 06:19:41 +00:00
auto res = runProgram(RunOptions {.program = program, .searchPath = searchPath, .args = args, .input = input});
fetchMercurial: Don't fetch hashes we already have
2017-11-01 17:43:11 +00:00
if (!statusOk(res.first))
throw ExecError(res.first, fmt("program '%1%' %2%", program, statusToString(res.first)));
return res.second;
}
Add command `flake clone`
2019-03-21 08:30:16 +00:00
// Output = error code + "standard out" output stream
RunOptions: Use designated initializers Also get rid of _killStderr because it wasn't actually checked anywhere.
2021-09-13 21:22:09 +00:00
std::pair<int, std::string> runProgram(RunOptions && options)
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
{
StringSink sink;
util: rename stdout/stdin members to avoid conflicts w/standard macro (cherry picked from commit c389a7fb617ed7bcd617efa68c6a48c00405310d)
2018-03-19 16:09:52 +00:00
options.standardOut = &sink;
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
int status = 0;
try {
runProgram2(options);
} catch (ExecError & e) {
status = e.status;
}
Get rid of std::shared_ptr<std::string> and ref<std::string> These were needed back in the pre-C++11 era because we didn't have move semantics. But now we do.
2022-01-17 21:20:05 +00:00
return {status, std::move(sink.s)};
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
}
void runProgram2(const RunOptions & options)
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
{
* Get rid of the substitutes database table (NIX-47). Instead, if we need any info on substitutable paths, we just call the substituters (such as download-using-manifests.pl) directly. This means that it's no longer necessary for nix-pull to register substitutes or for nix-channel to clear them, which makes those operations much faster (NIX-95). Also, we don't have to worry about keeping nix-pull manifests (in /nix/var/nix/manifests) and the database in sync with each other. The downside is that there is some overhead in calling an external program to get the substitutes info. For instance, "nix-env -qas" takes a bit longer. Abolishing the substitutes table also makes the logic in local-store.cc simpler, as we don't need to store info for invalid paths. On the downside, you cannot do things like "nix-store -qR" on a substitutable but invalid path (but nobody did that anyway). * Never catch interrupts (the Interrupted exception).
2007-08-12 00:29:28 +00:00
checkInterrupt();
Remove some redundant close() calls They are unnecessary because we set the close-on-exec flag.
2012-11-09 15:58:51 +00:00
util: rename stdout/stdin members to avoid conflicts w/standard macro (cherry picked from commit c389a7fb617ed7bcd617efa68c6a48c00405310d)
2018-03-19 16:09:52 +00:00
assert(!(options.standardIn && options.input));
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
std::unique_ptr<Source> source_;
util: rename stdout/stdin members to avoid conflicts w/standard macro (cherry picked from commit c389a7fb617ed7bcd617efa68c6a48c00405310d)
2018-03-19 16:09:52 +00:00
Source * source = options.standardIn;
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
if (options.input) {
source_ = std::make_unique<StringSource>(*options.input);
source = source_.get();
}
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
/* Create a pipe. */
cygwin: looks like stdout/stdin are reserved words
2015-05-13 07:37:56 +00:00
Pipe out, in;
util: rename stdout/stdin members to avoid conflicts w/standard macro (cherry picked from commit c389a7fb617ed7bcd617efa68c6a48c00405310d)
2018-03-19 16:09:52 +00:00
if (options.standardOut) out.create();
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
if (source) in.create();
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
Add a post-build-hook Passing `--post-build-hook /foo/bar` to a nix-* command will cause `/foo/bar` to be executed after each build with the following environment variables set: DRV_PATH=/nix/store/drv-that-has-been-built.drv OUT_PATHS=/nix/store/...build /nix/store/...build-bin /nix/store/...build-dev This can be useful in particular to upload all the builded artifacts to the cache (including the ones that don't appear in the runtime closure of the final derivation or are built because of IFD). This new feature prints the stderr/stdout output to the `nix-build` and `nix build` client, and the output is printed in a Nix 2 compatible format: [nix]$ ./inst/bin/nix-build ./test.nix these derivations will be built: /nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv building '/nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv'... hello! bye! running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'... post-build-hook: + sleep 1 post-build-hook: + echo 'Signing paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Signing paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + echo 'Uploading paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Uploading paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + printf 'very important stuff' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation [nix-shell:~/projects/github.com/NixOS/nix]$ ./inst/bin/nix build -L -f ./test.nix my-example-derivation> hello! my-example-derivation> bye! my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Signing paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Signing paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Uploading paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Uploading paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + printf 'very important stuff' [1 built, 0.0 MiB DL] Co-authored-by: Graham Christensen <graham@grahamc.com> Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2019-07-11 18:23:03 +00:00
ProcessOptions processOptions;
// vfork implies that the environment of the main process and the fork will
// be shared (technically this is undefined, but in practice that's the
// case), so we can't use it if we alter the environment
Don't reset the logger in a vfork 9c766a40cbbd3a350a9582d0fd8201e3361a63b2 broke logging from the daemon, because commonChildInit is called when starting the build hook in a vfork, so it ends up resetting the parent's logger. So don't vfork. It might be best to get rid of vfork altogether, but that may cause problems, e.g. when we call an external program like git from the evaluator.
2021-10-06 11:54:59 +00:00
processOptions.allowVfork = !options.environment;
Add a post-build-hook Passing `--post-build-hook /foo/bar` to a nix-* command will cause `/foo/bar` to be executed after each build with the following environment variables set: DRV_PATH=/nix/store/drv-that-has-been-built.drv OUT_PATHS=/nix/store/...build /nix/store/...build-bin /nix/store/...build-dev This can be useful in particular to upload all the builded artifacts to the cache (including the ones that don't appear in the runtime closure of the final derivation or are built because of IFD). This new feature prints the stderr/stdout output to the `nix-build` and `nix build` client, and the output is printed in a Nix 2 compatible format: [nix]$ ./inst/bin/nix-build ./test.nix these derivations will be built: /nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv building '/nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv'... hello! bye! running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'... post-build-hook: + sleep 1 post-build-hook: + echo 'Signing paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Signing paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + echo 'Uploading paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Uploading paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + printf 'very important stuff' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation [nix-shell:~/projects/github.com/NixOS/nix]$ ./inst/bin/nix build -L -f ./test.nix my-example-derivation> hello! my-example-derivation> bye! my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Signing paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Signing paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Uploading paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Uploading paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + printf 'very important stuff' [1 built, 0.0 MiB DL] Co-authored-by: Graham Christensen <graham@grahamc.com> Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2019-07-11 18:23:03 +00:00
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
/* Fork. */
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
Pid pid = startProcess([&]() {
Add a post-build-hook Passing `--post-build-hook /foo/bar` to a nix-* command will cause `/foo/bar` to be executed after each build with the following environment variables set: DRV_PATH=/nix/store/drv-that-has-been-built.drv OUT_PATHS=/nix/store/...build /nix/store/...build-bin /nix/store/...build-dev This can be useful in particular to upload all the builded artifacts to the cache (including the ones that don't appear in the runtime closure of the final derivation or are built because of IFD). This new feature prints the stderr/stdout output to the `nix-build` and `nix build` client, and the output is printed in a Nix 2 compatible format: [nix]$ ./inst/bin/nix-build ./test.nix these derivations will be built: /nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv building '/nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv'... hello! bye! running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'... post-build-hook: + sleep 1 post-build-hook: + echo 'Signing paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Signing paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + echo 'Uploading paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Uploading paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + printf 'very important stuff' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation [nix-shell:~/projects/github.com/NixOS/nix]$ ./inst/bin/nix build -L -f ./test.nix my-example-derivation> hello! my-example-derivation> bye! my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Signing paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Signing paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Uploading paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Uploading paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + printf 'very important stuff' [1 built, 0.0 MiB DL] Co-authored-by: Graham Christensen <graham@grahamc.com> Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2019-07-11 18:23:03 +00:00
if (options.environment)
replaceEnv(*options.environment);
util: rename stdout/stdin members to avoid conflicts w/standard macro (cherry picked from commit c389a7fb617ed7bcd617efa68c6a48c00405310d)
2018-03-19 16:09:52 +00:00
if (options.standardOut && dup2(out.writeSide.get(), STDOUT_FILENO) == -1)
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
throw SysError("dupping stdout");
Add a post-build-hook Passing `--post-build-hook /foo/bar` to a nix-* command will cause `/foo/bar` to be executed after each build with the following environment variables set: DRV_PATH=/nix/store/drv-that-has-been-built.drv OUT_PATHS=/nix/store/...build /nix/store/...build-bin /nix/store/...build-dev This can be useful in particular to upload all the builded artifacts to the cache (including the ones that don't appear in the runtime closure of the final derivation or are built because of IFD). This new feature prints the stderr/stdout output to the `nix-build` and `nix build` client, and the output is printed in a Nix 2 compatible format: [nix]$ ./inst/bin/nix-build ./test.nix these derivations will be built: /nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv building '/nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv'... hello! bye! running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'... post-build-hook: + sleep 1 post-build-hook: + echo 'Signing paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Signing paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + echo 'Uploading paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Uploading paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + printf 'very important stuff' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation [nix-shell:~/projects/github.com/NixOS/nix]$ ./inst/bin/nix build -L -f ./test.nix my-example-derivation> hello! my-example-derivation> bye! my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Signing paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Signing paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Uploading paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Uploading paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + printf 'very important stuff' [1 built, 0.0 MiB DL] Co-authored-by: Graham Christensen <graham@grahamc.com> Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2019-07-11 18:23:03 +00:00
if (options.mergeStderrToStdout)
if (dup2(STDOUT_FILENO, STDERR_FILENO) == -1)
throw SysError("cannot dup stdout into stderr");
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
if (source && dup2(in.readSide.get(), STDIN_FILENO) == -1)
runProgram(): Distinguish between empty input and no input For example, if we call brotli with an empty input, it shouldn't read from the caller's stdin.
2017-03-15 13:40:47 +00:00
throw SysError("dupping stdin");
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
runProgram: Uncomment chdir support
2019-05-12 21:03:01 +00:00
if (options.chdir && chdir((*options.chdir).c_str()) == -1)
throw SysError("chdir failed");
runProgram: support gid, uid, chdir
2019-05-11 20:35:53 +00:00
if (options.gid && setgid(*options.gid) == -1)
throw SysError("setgid failed");
/* Drop all other groups if we're setgid. */
if (options.gid && setgroups(0, 0) == -1)
throw SysError("setgroups failed");
if (options.uid && setuid(*options.uid) == -1)
throw SysError("setuid failed");
fetchMercurial: Don't fetch hashes we already have
2017-11-01 17:43:11 +00:00
Strings args_(options.args);
args_.push_front(options.program);
Fix some memory leaks
2014-12-12 14:01:16 +00:00
restoreSignals() + restoreAffinity() -> restoreProcessContext()
2021-04-07 11:10:02 +00:00
restoreProcessContext();
Restore default signal handling in child processes In particular, this fixes Ctrl-C in nix-shell sessions.
2017-02-01 12:00:21 +00:00
fetchMercurial: Don't fetch hashes we already have
2017-11-01 17:43:11 +00:00
if (options.searchPath)
execvp(options.program.c_str(), stringsToCharPtrs(args_).data());
Add command `flake clone`
2019-03-21 08:30:16 +00:00
// This allows you to refer to a program with a pathname relative
// to the PATH variable.
Refactoring: Move all fork handling into a higher-order function C++11 lambdas ftw.
2014-07-10 14:50:51 +00:00
else
fetchMercurial: Don't fetch hashes we already have
2017-11-01 17:43:11 +00:00
execv(options.program.c_str(), stringsToCharPtrs(args_).data());
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
fetchMercurial: Don't fetch hashes we already have
2017-11-01 17:43:11 +00:00
throw SysError("executing '%1%'", options.program);
Add a post-build-hook Passing `--post-build-hook /foo/bar` to a nix-* command will cause `/foo/bar` to be executed after each build with the following environment variables set: DRV_PATH=/nix/store/drv-that-has-been-built.drv OUT_PATHS=/nix/store/...build /nix/store/...build-bin /nix/store/...build-dev This can be useful in particular to upload all the builded artifacts to the cache (including the ones that don't appear in the runtime closure of the final derivation or are built because of IFD). This new feature prints the stderr/stdout output to the `nix-build` and `nix build` client, and the output is printed in a Nix 2 compatible format: [nix]$ ./inst/bin/nix-build ./test.nix these derivations will be built: /nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv building '/nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv'... hello! bye! running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'... post-build-hook: + sleep 1 post-build-hook: + echo 'Signing paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Signing paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + echo 'Uploading paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Uploading paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + printf 'very important stuff' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation [nix-shell:~/projects/github.com/NixOS/nix]$ ./inst/bin/nix build -L -f ./test.nix my-example-derivation> hello! my-example-derivation> bye! my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Signing paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Signing paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Uploading paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Uploading paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + printf 'very important stuff' [1 built, 0.0 MiB DL] Co-authored-by: Graham Christensen <graham@grahamc.com> Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2019-07-11 18:23:03 +00:00
}, processOptions);
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
PathSubstitutionGoal: Clean up pipe If there were many top-level goals (which are not destroyed until the very end), commands like $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \ /run/current-system --no-check-sigs --substitute-on-destination could fail with "Too many open files". So now we do some explicit cleanup from amDone(). It would be cleaner to separate goals from their temporary internal state, but that would be a bigger refactor.
2021-04-07 10:21:31 +00:00
out.writeSide.close();
Use libsodium instead of OpenSSL for binary cache signing Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2015-02-04 15:43:32 +00:00
Fix deadlock in runProgram() when input is larger than the pipe buffer size
2017-03-13 13:56:33 +00:00
std::thread writerThread;
runProgram(): Distinguish between empty input and no input For example, if we call brotli with an empty input, it shouldn't read from the caller's stdin.
2017-03-15 13:40:47 +00:00
std::promise<void> promise;
Finally doJoin([&]() {
if (writerThread.joinable())
writerThread.join();
});
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
if (source) {
PathSubstitutionGoal: Clean up pipe If there were many top-level goals (which are not destroyed until the very end), commands like $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \ /run/current-system --no-check-sigs --substitute-on-destination could fail with "Too many open files". So now we do some explicit cleanup from amDone(). It would be cleaner to separate goals from their temporary internal state, but that would be a bigger refactor.
2021-04-07 10:21:31 +00:00
in.readSide.close();
Fix deadlock in runProgram() when input is larger than the pipe buffer size
2017-03-13 13:56:33 +00:00
writerThread = std::thread([&]() {
runProgram(): Distinguish between empty input and no input For example, if we call brotli with an empty input, it shouldn't read from the caller's stdin.
2017-03-15 13:40:47 +00:00
try {
read(): Use char * instead of unsigned char * This gets rid of some pointless casts.
2020-12-02 13:10:56 +00:00
std::vector<char> buf(8 * 1024);
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
while (true) {
size_t n;
try {
n = source->read(buf.data(), buf.size());
} catch (EndOfFile &) {
break;
}
read(): Use char * instead of unsigned char * This gets rid of some pointless casts.
2020-12-02 13:10:56 +00:00
writeFull(in.writeSide.get(), {buf.data(), n});
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
}
runProgram(): Distinguish between empty input and no input For example, if we call brotli with an empty input, it shouldn't read from the caller's stdin.
2017-03-15 13:40:47 +00:00
promise.set_value();
} catch (...) {
promise.set_exception(std::current_exception());
}
PathSubstitutionGoal: Clean up pipe If there were many top-level goals (which are not destroyed until the very end), commands like $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \ /run/current-system --no-check-sigs --substitute-on-destination could fail with "Too many open files". So now we do some explicit cleanup from amDone(). It would be cleaner to separate goals from their temporary internal state, but that would be a bigger refactor.
2021-04-07 10:21:31 +00:00
in.writeSide.close();
Fix deadlock in runProgram() when input is larger than the pipe buffer size
2017-03-13 13:56:33 +00:00
});
Use libsodium instead of OpenSSL for binary cache signing Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2015-02-04 15:43:32 +00:00
}
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
util: rename stdout/stdin members to avoid conflicts w/standard macro (cherry picked from commit c389a7fb617ed7bcd617efa68c6a48c00405310d)
2018-03-19 16:09:52 +00:00
if (options.standardOut)
drainFD(out.readSide.get(), *options.standardOut);
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
/* Wait for the child to finish. */
Kill builds when we get EOF on the log FD This closes a long-time bug that allowed builds to hang Nix indefinitely (regardless of timeouts) simply by doing exec > /dev/null 2>&1; while true; do true; done Now, on EOF, we just send SIGKILL to the child to make sure it's really gone.
2017-01-19 15:58:39 +00:00
int status = pid.wait();
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
runProgram(): Distinguish between empty input and no input For example, if we call brotli with an empty input, it shouldn't read from the caller's stdin.
2017-03-15 13:40:47 +00:00
/* Wait for the writer thread to finish. */
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
if (source) promise.get_future().get();
Fix deadlock in runProgram() when input is larger than the pipe buffer size
2017-03-13 13:56:33 +00:00
decompress(): Use a Source and Sink This allows decompression to happen in O(1) memory.
2018-03-16 15:59:31 +00:00
if (status)
throw ExecError(status, fmt("program '%1%' %2%", options.program, statusToString(status)));
* Call find-runtime-roots.pl from the garbage collector to prevent running applications etc. from being garbage collected.
2006-07-20 12:17:25 +00:00
}
* Make nix-env --dry-run print the paths to be substituted correctly again. (After the previous substituter mechanism refactoring I didn't update the code that obtains the references of substitutable paths.) This required some refactoring: the substituter programs are now kept running and receive/respond to info requests via stdin/stdout.
2008-08-02 12:54:35 +00:00
void closeMostFDs(const set<int> & exceptions)
{
Use /proc/self/fd to efficiently close all FDs on Linux Issue #1506.
2017-08-09 14:22:05 +00:00
#if __linux__
try {
for (auto & s : readDirectory("/proc/self/fd")) {
auto fd = std::stoi(s.name);
if (!exceptions.count(fd)) {
debug("closing leaked FD %d", fd);
close(fd);
}
}
return;
} catch (SysError &) {
}
#endif
* Make nix-env --dry-run print the paths to be substituted correctly again. (After the previous substituter mechanism refactoring I didn't update the code that obtains the references of substitutable paths.) This required some refactoring: the substituter programs are now kept running and receive/respond to info requests via stdin/stdout.
2008-08-02 12:54:35 +00:00
int maxFD = 0;
maxFD = sysconf(_SC_OPEN_MAX);
for (int fd = 0; fd < maxFD; ++fd)
Use /proc/self/fd to efficiently close all FDs on Linux Issue #1506.
2017-08-09 14:22:05 +00:00
if (!exceptions.count(fd))
* Make nix-env --dry-run print the paths to be substituted correctly again. (After the previous substituter mechanism refactoring I didn't update the code that obtains the references of substitutable paths.) This required some refactoring: the substituter programs are now kept running and receive/respond to info requests via stdin/stdout.
2008-08-02 12:54:35 +00:00
close(fd); /* ignore result */
}
Set the close-on-exec flag on file descriptors
2012-03-05 19:29:00 +00:00
void closeOnExec(int fd)
{
int prev;
if ((prev = fcntl(fd, F_GETFD, 0)) == -1 ||
fcntl(fd, F_SETFD, prev | FD_CLOEXEC) == -1)
throw SysError("setting close-on-exec flag");
}
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
//////////////////////////////////////////////////////////////////////
Fix a minor data race with _isInterrupted
2021-11-24 13:50:08 +00:00
std::atomic<bool> _isInterrupted = false;
* Catch SIGINT to terminate cleanly when the user tries to interrupt Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-15 20:23:55 +00:00
add helper function to set 'interruptThrown' this fixes a linker failure on cygwin 64 due to some bad interaction between tls and shared libraries. see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64697
2017-04-21 14:28:10 +00:00
static thread_local bool interruptThrown = false;
ThreadPool: On exception, interrupt the other worker threads
2017-09-08 13:31:24 +00:00
thread_local std::function<bool()> interruptCheck;
add helper function to set 'interruptThrown' this fixes a linker failure on cygwin 64 due to some bad interaction between tls and shared libraries. see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64697
2017-04-21 14:28:10 +00:00
void setInterruptThrown()
{
interruptThrown = true;
}
Improve SIGINT handling in multi-threaded programs The flag remembering whether an Interrupted exception was thrown is now thread-local. Thus, all threads will (eventually) throw Interrupted. Previously, one thread would throw Interrupted, and then the other threads wouldn't see that they were supposed to quit.
2016-03-29 13:08:24 +00:00
* Catch SIGINT to terminate cleanly when the user tries to interrupt Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-15 20:23:55 +00:00
void _interrupted()
{
* Ignore interrupt signals while handling an exception. * Ignore EINTR in reads and writes.
2004-05-11 13:48:25 +00:00
/* Block user interrupts while an exception is being handled.
Throwing an exception while another exception is being handled
kills the program! */
replaced uncaught_exception with uncaught_exceptions
2020-06-17 02:15:47 +00:00
if (!interruptThrown && !std::uncaught_exceptions()) {
Improve SIGINT handling in multi-threaded programs The flag remembering whether an Interrupted exception was thrown is now thread-local. Thus, all threads will (eventually) throw Interrupted. Previously, one thread would throw Interrupted, and then the other threads wouldn't see that they were supposed to quit.
2016-03-29 13:08:24 +00:00
interruptThrown = true;
* Daemon mode (`nix-worker --daemon'). Clients connect to the server via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes.
2006-12-04 17:17:13 +00:00
throw Interrupted("interrupted by the user");
* Ignore interrupt signals while handling an exception. * Ignore EINTR in reads and writes.
2004-05-11 13:48:25 +00:00
}
* Catch SIGINT to terminate cleanly when the user tries to interrupt Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-15 20:23:55 +00:00
}
* Refactoring.
2004-06-20 13:37:51 +00:00
* Wrapper class around pids.
2004-06-22 09:51:44 +00:00
//////////////////////////////////////////////////////////////////////
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
template<class C> C tokenizeString(std::string_view s, std::string_view separators)
* Parse multi-valued options.
2005-09-22 15:43:22 +00:00
{
Templatise tokenizeString()
2012-09-19 19:43:23 +00:00
C result;
* Parse multi-valued options.
2005-09-22 15:43:22 +00:00
string::size_type pos = s.find_first_not_of(separators, 0);
while (pos != string::npos) {
string::size_type end = s.find_first_of(separators, pos + 1);
if (end == string::npos) end = s.size();
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
result.insert(result.end(), string(s, pos, end - pos));
* Parse multi-valued options.
2005-09-22 15:43:22 +00:00
pos = s.find_first_not_of(separators, end);
}
return result;
}
use more string_view in utils there's a couple places that can be easily converted from using strings to using string_views instead. gives a slight (~1%) boost to system eval. # before nix eval --raw --impure --expr 'with import <nixpkgs/nixos> {}; system' Time (mean ± σ): 2.946 s ± 0.026 s [User: 2.655 s, System: 0.209 s] Range (min … max): 2.905 s … 2.995 s 20 runs # after Time (mean ± σ): 2.928 s ± 0.024 s [User: 2.638 s, System: 0.211 s] Range (min … max): 2.893 s … 2.970 s 20 runs
2022-01-12 15:02:29 +00:00
template Strings tokenizeString(std::string_view s, std::string_view separators);
template StringSet tokenizeString(std::string_view s, std::string_view separators);
template vector<string> tokenizeString(std::string_view s, std::string_view separators);
Templatise tokenizeString()
2012-09-19 19:43:23 +00:00
* Parse multi-valued options.
2005-09-22 15:43:22 +00:00
Remove trailing whitespace
2021-01-20 23:49:29 +00:00
string chomp(std::string_view s)
Report substituter errors to clients of the Nix daemon
2012-08-01 15:19:24 +00:00
{
size_t i = s.find_last_not_of(" \n\r\t");
Doh
2012-08-01 21:21:47 +00:00
return i == string::npos ? "" : string(s, 0, i + 1);
Report substituter errors to clients of the Nix daemon
2012-08-01 15:19:24 +00:00
}
Implement caching of fetchurl/fetchTarball results ETags are used to prevent redownloading unchanged files.
2015-04-09 09:42:04 +00:00
string trim(const string & s, const string & whitespace)
{
auto i = s.find_first_not_of(whitespace);
if (i == string::npos) return "";
auto j = s.find_last_not_of(whitespace);
return string(s, i, j == string::npos ? j : j - i + 1);
}
replaceStrings(): Use std::string_view
2020-11-10 13:59:03 +00:00
string replaceStrings(std::string_view s,
Support URLs in $NIX_PATH This didn't work (despite claims in the manual), because the colon in "http://" was parsed as a element separator. So handle "://" specially.
2015-06-17 14:20:11 +00:00
const std::string & from, const std::string & to)
{
replaceStrings(): Use std::string_view
2020-11-10 13:59:03 +00:00
string res(s);
if (from.empty()) return res;
Support URLs in $NIX_PATH This didn't work (despite claims in the manual), because the colon in "http://" was parsed as a element separator. So handle "://" specially.
2015-06-17 14:20:11 +00:00
size_t pos = 0;
while ((pos = res.find(from, pos)) != std::string::npos) {
res.replace(pos, from.size(), to);
pos += to.size();
}
return res;
}
Allow content-addressable paths to have references This adds a command 'nix make-content-addressable' that rewrites the specified store paths into content-addressable paths. The advantage of such paths is that 1) they can be imported without signatures; 2) they can enable deduplication in cases where derivation changes do not cause output changes (apart from store path hashes). For example, $ nix make-content-addressable -r nixpkgs.cowsay rewrote '/nix/store/g1g31ah55xdia1jdqabv1imf6mcw0nb1-glibc-2.25-49' to '/nix/store/48jfj7bg78a8n4f2nhg269rgw1936vj4-glibc-2.25-49' ... rewrote '/nix/store/qbi6rzpk0bxjw8lw6azn2mc7ynnn455q-cowsay-3.03+dfsg1-16' to '/nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16' We can then copy the resulting closure to another store without signatures: $ nix copy --trusted-public-keys '' ---to ~/my-nix /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 In order to support self-references in content-addressable paths, these paths are hashed "modulo" self-references, meaning that self-references are zeroed out during hashing. Somewhat annoyingly, this means that the NAR hash stored in the Nix database is no longer necessarily equal to the output of "nix hash-path"; for content-addressable paths, you need to pass the --modulo flag: $ nix path-info --json /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 | jq -r .[].narHash sha256:0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 1ggznh07khq0hz6id09pqws3a8q9pn03ya3c03nwck1kwq8rclzs $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 --modulo iq6g2x4q62xp7y7493bibx0qn5w7xz67 0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw
2018-03-29 22:56:13 +00:00
std::string rewriteStrings(const std::string & _s, const StringMap & rewrites)
{
auto s = _s;
for (auto & i : rewrites) {
if (i.first == i.second) continue;
size_t j = 0;
while ((j = s.find(i.first, j)) != string::npos)
s.replace(j, i.first.size(), i.second);
}
return s;
}
* Refactoring.
2004-06-22 08:50:25 +00:00
string statusToString(int status)
{
if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
if (WIFEXITED(status))
* Some more diagnostics changes.
2004-06-22 17:04:10 +00:00
return (format("failed with exit code %1%") % WEXITSTATUS(status)).str();
* Use strsignal if available to give better error messages for builders that fail due to a signal.
2007-12-14 14:49:35 +00:00
else if (WIFSIGNALED(status)) {
Remove tabs
2013-01-03 12:00:46 +00:00
int sig = WTERMSIG(status);
* Use strsignal if available to give better error messages for builders that fail due to a signal.
2007-12-14 14:49:35 +00:00
#if HAVE_STRSIGNAL
const char * description = strsignal(sig);
return (format("failed due to signal %1% (%2%)") % sig % description).str();
#else
return (format("failed due to signal %1%") % sig).str();
#endif
Remove tabs
2013-01-03 12:00:46 +00:00
}
* Refactoring.
2004-06-22 08:50:25 +00:00
else
return "died abnormally";
} else return "succeeded";
}
* Put WEXITSTATUS stuff somewhere else.
2004-06-22 11:03:41 +00:00
bool statusOk(int status)
{
return WIFEXITED(status) && WEXITSTATUS(status) == 0;
}
* Operation `--delete-generations' to delete generations of a profile. Arguments are either generation number, or `old' to delete all non-current generations. Typical use: $ nix-env --delete-generations old $ nix-collect-garbage * istringstream -> string2Int.
2004-09-10 13:32:08 +00:00
Use `std::string_view` in a few more places
2020-06-12 21:12:36 +00:00
bool hasPrefix(std::string_view s, std::string_view prefix)
Support Git repos in the Nix path E.g. $ nix-build -I nixpkgs=git://github.com/NixOS/nixpkgs '<nixpkgs>' -A hello This is not extremely useful yet because you can't specify a branch/revision.
2016-04-29 19:04:40 +00:00
{
Minor cleanup
2017-05-01 15:28:19 +00:00
return s.compare(0, prefix.size(), prefix) == 0;
Support Git repos in the Nix path E.g. $ nix-build -I nixpkgs=git://github.com/NixOS/nixpkgs '<nixpkgs>' -A hello This is not extremely useful yet because you can't specify a branch/revision.
2016-04-29 19:04:40 +00:00
}
Make the Store API more type-safe Most functions now take a StorePath argument rather than a Path (which is just an alias for std::string). The StorePath constructor ensures that the path is syntactically correct (i.e. it looks like <store-dir>/<base32-hash>-<name>). Similarly, functions like buildPaths() now take a StorePathWithOutputs, rather than abusing Path by adding a '!<outputs>' suffix. Note that the StorePath type is implemented in Rust. This involves some hackery to allow Rust values to be used directly in C++, via a helper type whose destructor calls the Rust type's drop() function. The main issue is the dynamic nature of C++ move semantics: after we have moved a Rust value, we should not call the drop function on the original value. So when we move a value, we set the original value to bitwise zero, and the destructor only calls drop() if the value is not bitwise zero. This should be sufficient for most types. Also lots of minor cleanups to the C++ API to make it more modern (e.g. using std::optional and std::string_view in some places).
2019-12-05 18:11:09 +00:00
bool hasSuffix(std::string_view s, std::string_view suffix)
* Strip off the `.nix' suffix from the attribute name for files in ~/.nix-defexpr, otherwise the attribute cannot be selected with the `-A' option. Useful if you want to stick a Nix expression directly in ~/.nix-defexpr.
2008-08-25 13:31:57 +00:00
{
Make the Store API more type-safe Most functions now take a StorePath argument rather than a Path (which is just an alias for std::string). The StorePath constructor ensures that the path is syntactically correct (i.e. it looks like <store-dir>/<base32-hash>-<name>). Similarly, functions like buildPaths() now take a StorePathWithOutputs, rather than abusing Path by adding a '!<outputs>' suffix. Note that the StorePath type is implemented in Rust. This involves some hackery to allow Rust values to be used directly in C++, via a helper type whose destructor calls the Rust type's drop() function. The main issue is the dynamic nature of C++ move semantics: after we have moved a Rust value, we should not call the drop function on the original value. So when we move a value, we set the original value to bitwise zero, and the destructor only calls drop() if the value is not bitwise zero. This should be sufficient for most types. Also lots of minor cleanups to the C++ API to make it more modern (e.g. using std::optional and std::string_view in some places).
2019-12-05 18:11:09 +00:00
return s.size() >= suffix.size()
&& s.substr(s.size() - suffix.size()) == suffix;
* Strip off the `.nix' suffix from the attribute name for files in ~/.nix-defexpr, otherwise the attribute cannot be selected with the `-A' option. Useful if you want to stick a Nix expression directly in ~/.nix-defexpr.
2008-08-25 13:31:57 +00:00
}
Add a toLower utility function
2016-09-14 12:42:15 +00:00
std::string toLower(const std::string & s)
{
std::string r(s);
for (auto & c : r)
c = std::tolower(c);
return r;
}
Pass lists/attrsets to bash as (associative) arrays
2017-10-25 11:01:50 +00:00
std::string shellEscape(const std::string & s)
{
std::string r = "'";
for (auto & i : s)
if (i == '\'') r += "'\\''"; else r += i;
r += '\'';
return r;
}
* Set a terminate() handler to ensure that we leave the BDB environment cleanly even when an exception is thrown from a destructor. We still crash, but we don't take all other Nix processes with us.
2007-05-01 15:16:17 +00:00
void ignoreException()
{
try {
throw;
} catch (std::exception & e) {
remove 'format' from Error constructor calls
2020-04-21 23:07:07 +00:00
printError("error (ignored): %1%", e.what());
* Set a terminate() handler to ensure that we leave the BDB environment cleanly even when an exception is thrown from a destructor. We still crash, but we don't take all other Nix processes with us.
2007-05-01 15:16:17 +00:00
}
}
Respect TERM=dumb more consistently
2021-07-02 00:19:01 +00:00
bool shouldANSI()
{
Add $NO_COLOR check to ANSI escape conditions
2021-07-02 15:33:54 +00:00
return isatty(STDERR_FILENO)
&& getEnv("TERM").value_or("dumb") != "dumb"
&& !getEnv("NO_COLOR").has_value();
Respect TERM=dumb more consistently
2021-07-02 00:19:01 +00:00
}
Don't use std::cerr in a few places Slightly scared of using std::cerr in a vforked process...
2012-11-15 14:01:02 +00:00
Filter ANSI colors when not writing to a terminal Fixes https://github.com/NixOS/nixpkgs/issues/37114.
2018-03-15 15:08:07 +00:00
std::string filterANSIEscapes(const std::string & s, bool filterAll, unsigned int width)
Improve filtering of ANSI escape sequences in build logs All ANSI sequences except color setting are now filtered out. In particular, terminal resets (such as from NixOS VM tests) are filtered out. Also, fix the completely broken tab character handling.
2018-02-07 14:19:10 +00:00
{
std::string t, e;
size_t w = 0;
auto i = s.begin();
while (w < (size_t) width && i != s.end()) {
if (*i == '\e') {
std::string e;
e += *i++;
char last = 0;
if (i != s.end() && *i == '[') {
e += *i++;
// eat parameter bytes
while (i != s.end() && *i >= 0x30 && *i <= 0x3f) e += *i++;
// eat intermediate bytes
while (i != s.end() && *i >= 0x20 && *i <= 0x2f) e += *i++;
// eat final byte
if (i != s.end() && *i >= 0x40 && *i <= 0x7e) e += last = *i++;
} else {
if (i != s.end() && *i >= 0x40 && *i <= 0x5f) e += *i++;
Add some color
2014-08-20 14:01:16 +00:00
}
Improve filtering of ANSI escape sequences in build logs All ANSI sequences except color setting are now filtered out. In particular, terminal resets (such as from NixOS VM tests) are filtered out. Also, fix the completely broken tab character handling.
2018-02-07 14:19:10 +00:00
Filter ANSI colors when not writing to a terminal Fixes https://github.com/NixOS/nixpkgs/issues/37114.
2018-03-15 15:08:07 +00:00
if (!filterAll && last == 'm')
Improve filtering of ANSI escape sequences in build logs All ANSI sequences except color setting are now filtered out. In particular, terminal resets (such as from NixOS VM tests) are filtered out. Also, fix the completely broken tab character handling.
2018-02-07 14:19:10 +00:00
t += e;
}
else if (*i == '\t') {
i++; t += ' '; w++;
while (w < (size_t) width && w % 8) {
t += ' '; w++;
Add some color
2014-08-20 14:01:16 +00:00
}
}
Improve filtering of ANSI escape sequences in build logs All ANSI sequences except color setting are now filtered out. In particular, terminal resets (such as from NixOS VM tests) are filtered out. Also, fix the completely broken tab character handling.
2018-02-07 14:19:10 +00:00
else if (*i == '\r')
// do nothing for now
libutil: Fix infinite loop in filterANSIEscapes on '\r' E.g. nix-instantiate --eval -E 'abort "\r"' hangs. Found by afl-fuzz.
2018-02-19 15:32:11 +00:00
i++;
Improve filtering of ANSI escape sequences in build logs All ANSI sequences except color setting are now filtered out. In particular, terminal resets (such as from NixOS VM tests) are filtered out. Also, fix the completely broken tab character handling.
2018-02-07 14:19:10 +00:00
else {
filterANSIEscapes(): Handle UTF-8 characters
2020-11-16 15:26:29 +00:00
w++;
// Copy one UTF-8 character.
if ((*i & 0xe0) == 0xc0) {
t += *i++;
if (i != s.end() && ((*i & 0xc0) == 0x80)) t += *i++;
} else if ((*i & 0xf0) == 0xe0) {
t += *i++;
if (i != s.end() && ((*i & 0xc0) == 0x80)) {
t += *i++;
if (i != s.end() && ((*i & 0xc0) == 0x80)) t += *i++;
}
} else if ((*i & 0xf8) == 0xf0) {
t += *i++;
if (i != s.end() && ((*i & 0xc0) == 0x80)) {
t += *i++;
if (i != s.end() && ((*i & 0xc0) == 0x80)) {
t += *i++;
if (i != s.end() && ((*i & 0xc0) == 0x80)) t += *i++;
}
}
} else
t += *i++;
Improve filtering of ANSI escape sequences in build logs All ANSI sequences except color setting are now filtered out. In particular, terminal resets (such as from NixOS VM tests) are filtered out. Also, fix the completely broken tab character handling.
2018-02-07 14:19:10 +00:00
}
Add some color
2014-08-20 14:01:16 +00:00
}
Improve filtering of ANSI escape sequences in build logs All ANSI sequences except color setting are now filtered out. In particular, terminal resets (such as from NixOS VM tests) are filtered out. Also, fix the completely broken tab character handling.
2018-02-07 14:19:10 +00:00
Add some color
2014-08-20 14:01:16 +00:00
return t;
}
Fix error detection in 'base64Decode()' Fixed a bug in initialization of 'base64DecodeChars' variable. Currently decoder do not fail on invalid Base64 strings. Added test-case to verify the fix. Also have made 'base64DecodeChars' to be computed at compile time. And added a test case to encode/decode string with non-printable charactes.
2021-10-17 07:51:33 +00:00
constexpr char base64Chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
Add base64 encoder/decoder
2015-02-09 14:09:39 +00:00
Use `std::string_view` in a few more places
2020-06-12 21:12:36 +00:00
string base64Encode(std::string_view s)
Add base64 encoder/decoder
2015-02-09 14:09:39 +00:00
{
string res;
int data = 0, nbits = 0;
for (char c : s) {
data = data << 8 | (unsigned char) c;
nbits += 8;
while (nbits >= 6) {
nbits -= 6;
res.push_back(base64Chars[data >> nbits & 0x3f]);
}
}
if (nbits) res.push_back(base64Chars[data << (6 - nbits) & 0x3f]);
while (res.size() % 4) res.push_back('=');
return res;
}
Use `std::string_view` in a few more places
2020-06-12 21:12:36 +00:00
string base64Decode(std::string_view s)
Add base64 encoder/decoder
2015-02-09 14:09:39 +00:00
{
Fix error detection in 'base64Decode()' Fixed a bug in initialization of 'base64DecodeChars' variable. Currently decoder do not fail on invalid Base64 strings. Added test-case to verify the fix. Also have made 'base64DecodeChars' to be computed at compile time. And added a test case to encode/decode string with non-printable charactes.
2021-10-17 07:51:33 +00:00
constexpr char npos = -1;
constexpr std::array<char, 256> base64DecodeChars = [&]() {
std::array<char, 256> result{};
for (auto& c : result)
c = npos;
Add base64 encoder/decoder
2015-02-09 14:09:39 +00:00
for (int i = 0; i < 64; i++)
Fix error detection in 'base64Decode()' Fixed a bug in initialization of 'base64DecodeChars' variable. Currently decoder do not fail on invalid Base64 strings. Added test-case to verify the fix. Also have made 'base64DecodeChars' to be computed at compile time. And added a test case to encode/decode string with non-printable charactes.
2021-10-17 07:51:33 +00:00
result[base64Chars[i]] = i;
return result;
}();
Add base64 encoder/decoder
2015-02-09 14:09:39 +00:00
string res;
unsigned int d = 0, bits = 0;
for (char c : s) {
if (c == '=') break;
if (c == '\n') continue;
libutil: initialize the base64 decode array only once Previously, despite having a boolean that tracked initialization, the decode characters have been "calculated" every single time a base64 string was being decoded. With this change we only initialize the decode array once in a thread-safe manner.
2021-07-30 18:08:54 +00:00
char digit = base64DecodeChars[(unsigned char) c];
Fix error detection in 'base64Decode()' Fixed a bug in initialization of 'base64DecodeChars' variable. Currently decoder do not fail on invalid Base64 strings. Added test-case to verify the fix. Also have made 'base64DecodeChars' to be computed at compile time. And added a test case to encode/decode string with non-printable charactes.
2021-10-17 07:51:33 +00:00
if (digit == npos)
Fixed build, we still have test errors
2020-07-01 21:32:06 +00:00
throw Error("invalid character in Base64 string: '%c'", c);
Add base64 encoder/decoder
2015-02-09 14:09:39 +00:00
bits += 6;
d = d << 6 | digit;
if (bits >= 8) {
res.push_back(d >> (bits - 8) & 0xff);
bits -= 8;
}
}
return res;
}
Allow 'nix' subcommands to provide docs in Markdown format
2020-08-20 10:21:46 +00:00
std::string stripIndentation(std::string_view s)
{
size_t minIndent = 10000;
size_t curIndent = 0;
bool atStartOfLine = true;
for (auto & c : s) {
if (atStartOfLine && c == ' ')
curIndent++;
else if (c == '\n') {
if (atStartOfLine)
minIndent = std::max(minIndent, curIndent);
curIndent = 0;
atStartOfLine = true;
} else {
if (atStartOfLine) {
minIndent = std::min(minIndent, curIndent);
atStartOfLine = false;
}
}
}
std::string res;
size_t pos = 0;
while (pos < s.size()) {
auto eol = s.find('\n', pos);
if (eol == s.npos) eol = s.size();
if (eol - pos > minIndent)
res.append(s.substr(pos + minIndent, eol - pos - minIndent));
res.push_back('\n');
pos = eol + 1;
}
return res;
}
//////////////////////////////////////////////////////////////////////
Handle SIGWINCH
2017-08-25 13:57:49 +00:00
static Sync<std::pair<unsigned short, unsigned short>> windowSize{{0, 0}};
static void updateWindowSize()
{
struct winsize ws;
Fix progress bar when nix-prefetch-url is piped. The intent of the code was that if the window size cannot be determined, it would be treated as having the maximum possible size. Because of a missing assignment, it was actually treated as having a width of 0. The reason the width could not be determined was because it was obtained from stdout, not stderr, even though the printing was done to stderr. This commit addresses both issues.
2019-11-03 21:46:59 +00:00
if (ioctl(2, TIOCGWINSZ, &ws) == 0) {
Handle SIGWINCH
2017-08-25 13:57:49 +00:00
auto windowSize_(windowSize.lock());
windowSize_->first = ws.ws_row;
windowSize_->second = ws.ws_col;
}
}
std::pair<unsigned short, unsigned short> getWindowSize()
{
return *windowSize.lock();
}
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
static Sync<std::list<std::function<void()>>> _interruptCallbacks;
static void signalHandlerThread(sigset_t set)
{
while (true) {
int signal = 0;
sigwait(&set, &signal);
Fix interrupt handling
2017-01-25 12:37:02 +00:00
if (signal == SIGINT || signal == SIGTERM || signal == SIGHUP)
triggerInterrupt();
Handle SIGWINCH
2017-08-25 13:57:49 +00:00
else if (signal == SIGWINCH) {
updateWindowSize();
}
Fix interrupt handling
2017-01-25 12:37:02 +00:00
}
}
void triggerInterrupt()
{
Fix bogus "unexpected Nix daemon error: interrupted by the user"
2017-04-06 15:18:56 +00:00
_isInterrupted = true;
Fix interrupt handling
2017-01-25 12:37:02 +00:00
{
auto interruptCallbacks(_interruptCallbacks.lock());
for (auto & callback : *interruptCallbacks) {
try {
callback();
} catch (...) {
ignoreException();
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
}
}
}
}
Restore default signal handling in child processes In particular, this fixes Ctrl-C in nix-shell sessions.
2017-02-01 12:00:21 +00:00
static sigset_t savedSignalMask;
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
void startSignalHandlerThread()
{
Handle SIGWINCH
2017-08-25 13:57:49 +00:00
updateWindowSize();
Restore default signal handling in child processes In particular, this fixes Ctrl-C in nix-shell sessions.
2017-02-01 12:00:21 +00:00
if (sigprocmask(SIG_BLOCK, nullptr, &savedSignalMask))
Fix some typos Fixes #4671.
2021-03-26 15:14:38 +00:00
throw SysError("querying signal mask");
Restore default signal handling in child processes In particular, this fixes Ctrl-C in nix-shell sessions.
2017-02-01 12:00:21 +00:00
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
sigset_t set;
sigemptyset(&set);
sigaddset(&set, SIGINT);
sigaddset(&set, SIGTERM);
sigaddset(&set, SIGHUP);
Restore default signal handling in child processes In particular, this fixes Ctrl-C in nix-shell sessions.
2017-02-01 12:00:21 +00:00
sigaddset(&set, SIGPIPE);
Handle SIGWINCH
2017-08-25 13:57:49 +00:00
sigaddset(&set, SIGWINCH);
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
if (pthread_sigmask(SIG_BLOCK, &set, nullptr))
throw SysError("blocking signals");
std::thread(signalHandlerThread, set).detach();
}
restoreSignals() + restoreAffinity() -> restoreProcessContext()
2021-04-07 11:10:02 +00:00
static void restoreSignals()
Restore default signal handling in child processes In particular, this fixes Ctrl-C in nix-shell sessions.
2017-02-01 12:00:21 +00:00
{
if (sigprocmask(SIG_SETMASK, &savedSignalMask, nullptr))
throw SysError("restoring signals");
}
Restore stack size in child processes Fixes #4673.
2021-04-07 11:40:13 +00:00
#if __linux__
rlim_t savedStackSize = 0;
#endif
void setStackSize(size_t stackSize)
{
#if __linux__
struct rlimit limit;
if (getrlimit(RLIMIT_STACK, &limit) == 0 && limit.rlim_cur < stackSize) {
savedStackSize = limit.rlim_cur;
limit.rlim_cur = stackSize;
setrlimit(RLIMIT_STACK, &limit);
}
#endif
}
Ignore errors unsharing/restoring the mount namespace This prevents Nix from barfing when run in a container where it doesn't have the appropriate privileges.
2021-11-16 13:23:05 +00:00
Restore parent mount namespace in restoreProcessContext This ensures any started processes can't write to /nix/store (except during builds). This partially reverts 01d07b1e, which happened because of #2646. The problem was only happening after nix downloads anything, causing me to suspect the download thread. The problem turns out to be: "A process can't join a new mount namespace if it is sharing filesystem-related attributes with another process", in this case this process is the curl thread. Ideally, we might kill it before spawning the shell process, but it's inside a static variable in the getFileTransfer() function. So instead, stop it from sharing FS state using unshare(). A strategy such as the one from #5057 (single-threaded chroot helper binary) is also very much on the table. Fixes #4337.
2021-10-15 14:25:49 +00:00
static AutoCloseFD fdSavedMountNamespace;
Restore stack size in child processes Fixes #4673.
2021-04-07 11:40:13 +00:00
Restore parent mount namespace in restoreProcessContext This ensures any started processes can't write to /nix/store (except during builds). This partially reverts 01d07b1e, which happened because of #2646. The problem was only happening after nix downloads anything, causing me to suspect the download thread. The problem turns out to be: "A process can't join a new mount namespace if it is sharing filesystem-related attributes with another process", in this case this process is the curl thread. Ideally, we might kill it before spawning the shell process, but it's inside a static variable in the getFileTransfer() function. So instead, stop it from sharing FS state using unshare(). A strategy such as the one from #5057 (single-threaded chroot helper binary) is also very much on the table. Fixes #4337.
2021-10-15 14:25:49 +00:00
void saveMountNamespace()
{
#if __linux__
static std::once_flag done;
std::call_once(done, []() {
Ignore errors unsharing/restoring the mount namespace This prevents Nix from barfing when run in a container where it doesn't have the appropriate privileges.
2021-11-16 13:23:05 +00:00
AutoCloseFD fd = open("/proc/self/ns/mnt", O_RDONLY);
if (!fd)
Restore parent mount namespace in restoreProcessContext This ensures any started processes can't write to /nix/store (except during builds). This partially reverts 01d07b1e, which happened because of #2646. The problem was only happening after nix downloads anything, causing me to suspect the download thread. The problem turns out to be: "A process can't join a new mount namespace if it is sharing filesystem-related attributes with another process", in this case this process is the curl thread. Ideally, we might kill it before spawning the shell process, but it's inside a static variable in the getFileTransfer() function. So instead, stop it from sharing FS state using unshare(). A strategy such as the one from #5057 (single-threaded chroot helper binary) is also very much on the table. Fixes #4337.
2021-10-15 14:25:49 +00:00
throw SysError("saving parent mount namespace");
Ignore errors unsharing/restoring the mount namespace This prevents Nix from barfing when run in a container where it doesn't have the appropriate privileges.
2021-11-16 13:23:05 +00:00
fdSavedMountNamespace = std::move(fd);
Restore parent mount namespace in restoreProcessContext This ensures any started processes can't write to /nix/store (except during builds). This partially reverts 01d07b1e, which happened because of #2646. The problem was only happening after nix downloads anything, causing me to suspect the download thread. The problem turns out to be: "A process can't join a new mount namespace if it is sharing filesystem-related attributes with another process", in this case this process is the curl thread. Ideally, we might kill it before spawning the shell process, but it's inside a static variable in the getFileTransfer() function. So instead, stop it from sharing FS state using unshare(). A strategy such as the one from #5057 (single-threaded chroot helper binary) is also very much on the table. Fixes #4337.
2021-10-15 14:25:49 +00:00
});
#endif
}
void restoreMountNamespace()
{
#if __linux__
Ignore errors unsharing/restoring the mount namespace This prevents Nix from barfing when run in a container where it doesn't have the appropriate privileges.
2021-11-16 13:23:05 +00:00
try {
if (fdSavedMountNamespace && setns(fdSavedMountNamespace.get(), CLONE_NEWNS) == -1)
throw SysError("restoring parent mount namespace");
} catch (Error & e) {
debug(e.msg());
}
Restore parent mount namespace in restoreProcessContext This ensures any started processes can't write to /nix/store (except during builds). This partially reverts 01d07b1e, which happened because of #2646. The problem was only happening after nix downloads anything, causing me to suspect the download thread. The problem turns out to be: "A process can't join a new mount namespace if it is sharing filesystem-related attributes with another process", in this case this process is the curl thread. Ideally, we might kill it before spawning the shell process, but it's inside a static variable in the getFileTransfer() function. So instead, stop it from sharing FS state using unshare(). A strategy such as the one from #5057 (single-threaded chroot helper binary) is also very much on the table. Fixes #4337.
2021-10-15 14:25:49 +00:00
#endif
}
Ignore EPERM when unsharing FS state On Docker (but not podman), unshare(CLONE_FS) fails with EPERM. So let's ignore it and hope nothing bad happens. Attempted fix for #5777.
2021-12-16 20:26:22 +00:00
void unshareFilesystem()
{
#ifdef __linux__
if (unshare(CLONE_FS) != 0 && errno != EPERM)
throw SysError("unsharing filesystem state in download thread");
#endif
}
Restore parent mount namespace in restoreProcessContext This ensures any started processes can't write to /nix/store (except during builds). This partially reverts 01d07b1e, which happened because of #2646. The problem was only happening after nix downloads anything, causing me to suspect the download thread. The problem turns out to be: "A process can't join a new mount namespace if it is sharing filesystem-related attributes with another process", in this case this process is the curl thread. Ideally, we might kill it before spawning the shell process, but it's inside a static variable in the getFileTransfer() function. So instead, stop it from sharing FS state using unshare(). A strategy such as the one from #5057 (single-threaded chroot helper binary) is also very much on the table. Fixes #4337.
2021-10-15 14:25:49 +00:00
void restoreProcessContext(bool restoreMounts)
restoreSignals() + restoreAffinity() -> restoreProcessContext()
2021-04-07 11:10:02 +00:00
{
restoreSignals();
Restore parent mount namespace in restoreProcessContext This ensures any started processes can't write to /nix/store (except during builds). This partially reverts 01d07b1e, which happened because of #2646. The problem was only happening after nix downloads anything, causing me to suspect the download thread. The problem turns out to be: "A process can't join a new mount namespace if it is sharing filesystem-related attributes with another process", in this case this process is the curl thread. Ideally, we might kill it before spawning the shell process, but it's inside a static variable in the getFileTransfer() function. So instead, stop it from sharing FS state using unshare(). A strategy such as the one from #5057 (single-threaded chroot helper binary) is also very much on the table. Fixes #4337.
2021-10-15 14:25:49 +00:00
if (restoreMounts) {
restoreMountNamespace();
}
restoreSignals() + restoreAffinity() -> restoreProcessContext()
2021-04-07 11:10:02 +00:00
Restore stack size in child processes Fixes #4673.
2021-04-07 11:40:13 +00:00
#if __linux__
if (savedStackSize) {
struct rlimit limit;
if (getrlimit(RLIMIT_STACK, &limit) == 0) {
limit.rlim_cur = savedStackSize;
setrlimit(RLIMIT_STACK, &limit);
}
}
#endif
restoreSignals() + restoreAffinity() -> restoreProcessContext()
2021-04-07 11:10:02 +00:00
}
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
/* RAII helper to automatically deregister a callback. */
struct InterruptCallbackImpl : InterruptCallback
{
std::list<std::function<void()>>::iterator it;
~InterruptCallbackImpl() override
{
_interruptCallbacks.lock()->erase(it);
}
};
std::unique_ptr<InterruptCallback> createInterruptCallback(std::function<void()> callback)
{
auto interruptCallbacks(_interruptCallbacks.lock());
interruptCallbacks->push_back(callback);
auto res = std::make_unique<InterruptCallbackImpl>();
res->it = interruptCallbacks->end();
res->it--;
Work around a bug in clang and older versions of gcc http://hydra.nixos.org/build/46597440 https://llvm.org/bugs/show_bug.cgi?id=28096
2017-01-24 09:55:28 +00:00
return std::unique_ptr<InterruptCallback>(res.release());
Handle SIGINT etc. via a sigwait() signal handler thread This allows other threads to install callbacks that run in a regular, non-signal context. In particular, we can use this to signal the downloader thread to quit. Closes #1183.
2017-01-17 17:21:02 +00:00
}
Move Unix domain socket creation to libutil Also drop multithread-unfriendly hacks like doing a temporary chmod/umask.
2018-09-25 10:36:11 +00:00
Non-blocking garbage collector The garbage collector no longer blocks other processes from adding/building store paths or adding GC roots. To prevent the collector from deleting store paths just added by another process, processes need to connect to the garbage collector via a Unix domain socket to register new temporary roots.
2021-08-16 18:03:32 +00:00
AutoCloseFD createUnixDomainSocket()
Move Unix domain socket creation to libutil Also drop multithread-unfriendly hacks like doing a temporary chmod/umask.
2018-09-25 10:36:11 +00:00
{
Don't use SOCK_CLOEXEC on macOS https://hydra.nixos.org/build/105428308
2019-11-05 09:25:09 +00:00
AutoCloseFD fdSocket = socket(PF_UNIX, SOCK_STREAM
#ifdef SOCK_CLOEXEC
| SOCK_CLOEXEC
#endif
, 0);
Move Unix domain socket creation to libutil Also drop multithread-unfriendly hacks like doing a temporary chmod/umask.
2018-09-25 10:36:11 +00:00
if (!fdSocket)
throw SysError("cannot create Unix domain socket");
closeOnExec(fdSocket.get());
Non-blocking garbage collector The garbage collector no longer blocks other processes from adding/building store paths or adding GC roots. To prevent the collector from deleting store paths just added by another process, processes need to connect to the garbage collector via a Unix domain socket to register new temporary roots.
2021-08-16 18:03:32 +00:00
return fdSocket;
}
AutoCloseFD createUnixDomainSocket(const Path & path, mode_t mode)
{
auto fdSocket = nix::createUnixDomainSocket();
Move Unix domain socket creation to libutil Also drop multithread-unfriendly hacks like doing a temporary chmod/umask.
2018-09-25 10:36:11 +00:00
Connect/bind Unix domain sockets in a child process In the child process, we can do a chdir() and avoid the problem of the path not fitting into sockaddr_un.
2021-08-24 11:52:55 +00:00
bind(fdSocket.get(), path);
Move Unix domain socket creation to libutil Also drop multithread-unfriendly hacks like doing a temporary chmod/umask.
2018-09-25 10:36:11 +00:00
if (chmod(path.c_str(), mode) == -1)
throw SysError("changing permissions on '%1%'", path);
if (listen(fdSocket.get(), 5) == -1)
throw SysError("cannot listen on socket '%1%'", path);
return fdSocket;
}
Factor out common showBytes()
2020-10-06 08:40:49 +00:00
Connect/bind Unix domain sockets in a child process In the child process, we can do a chdir() and avoid the problem of the path not fitting into sockaddr_un.
2021-08-24 11:52:55 +00:00
void bind(int fd, const std::string & path)
{
unlink(path.c_str());
struct sockaddr_un addr;
addr.sun_family = AF_UNIX;
if (path.size() + 1 >= sizeof(addr.sun_path)) {
Pid pid = startProcess([&]() {
auto dir = dirOf(path);
if (chdir(dir.c_str()) == -1)
throw SysError("chdir to '%s' failed", dir);
std::string base(baseNameOf(path));
if (base.size() + 1 >= sizeof(addr.sun_path))
throw Error("socket path '%s' is too long", base);
strcpy -> memcpy Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2021-09-17 07:10:36 +00:00
memcpy(addr.sun_path, base.c_str(), base.size() + 1);
Connect/bind Unix domain sockets in a child process In the child process, we can do a chdir() and avoid the problem of the path not fitting into sockaddr_un.
2021-08-24 11:52:55 +00:00
if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) == -1)
throw SysError("cannot bind to socket '%s'", path);
_exit(0);
});
int status = pid.wait();
if (status != 0)
throw Error("cannot bind to socket '%s'", path);
} else {
strcpy -> memcpy Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2021-09-17 07:10:36 +00:00
memcpy(addr.sun_path, path.c_str(), path.size() + 1);
Connect/bind Unix domain sockets in a child process In the child process, we can do a chdir() and avoid the problem of the path not fitting into sockaddr_un.
2021-08-24 11:52:55 +00:00
if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) == -1)
throw SysError("cannot bind to socket '%s'", path);
}
}
void connect(int fd, const std::string & path)
{
struct sockaddr_un addr;
addr.sun_family = AF_UNIX;
if (path.size() + 1 >= sizeof(addr.sun_path)) {
Pid pid = startProcess([&]() {
auto dir = dirOf(path);
if (chdir(dir.c_str()) == -1)
throw SysError("chdir to '%s' failed", dir);
std::string base(baseNameOf(path));
if (base.size() + 1 >= sizeof(addr.sun_path))
throw Error("socket path '%s' is too long", base);
strcpy -> memcpy Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2021-09-17 07:10:36 +00:00
memcpy(addr.sun_path, base.c_str(), base.size() + 1);
Connect/bind Unix domain sockets in a child process In the child process, we can do a chdir() and avoid the problem of the path not fitting into sockaddr_un.
2021-08-24 11:52:55 +00:00
if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) == -1)
throw SysError("cannot connect to socket at '%s'", path);
_exit(0);
});
int status = pid.wait();
if (status != 0)
Typo
2021-08-25 11:28:36 +00:00
throw Error("cannot connect to socket at '%s'", path);
Connect/bind Unix domain sockets in a child process In the child process, we can do a chdir() and avoid the problem of the path not fitting into sockaddr_un.
2021-08-24 11:52:55 +00:00
} else {
strcpy -> memcpy Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2021-09-17 07:10:36 +00:00
memcpy(addr.sun_path, path.c_str(), path.size() + 1);
Connect/bind Unix domain sockets in a child process In the child process, we can do a chdir() and avoid the problem of the path not fitting into sockaddr_un.
2021-08-24 11:52:55 +00:00
if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) == -1)
throw SysError("cannot connect to socket at '%s'", path);
}
}
Factor out common showBytes()
2020-10-06 08:40:49 +00:00
string showBytes(uint64_t bytes)
{
return fmt("%.2f MiB", bytes / (1024.0 * 1024.0));
}
restoreSignals() + restoreAffinity() -> restoreProcessContext()
2021-04-07 11:10:02 +00:00
// FIXME: move to libstore/build
Split out `commonChildInit`
2020-10-11 16:38:46 +00:00
void commonChildInit(Pipe & logPipe)
{
Fix 'error: reading a line: Input/output error' in startBuilder() With -vvvv, the ProgressBar was polluting the stderr of the child, messing up its \2 message to the parent.
2021-09-27 12:44:21 +00:00
logger = makeSimpleLogger();
Split out `commonChildInit`
2020-10-11 16:38:46 +00:00
const static string pathNullDevice = "/dev/null";
Restore parent mount namespace in restoreProcessContext This ensures any started processes can't write to /nix/store (except during builds). This partially reverts 01d07b1e, which happened because of #2646. The problem was only happening after nix downloads anything, causing me to suspect the download thread. The problem turns out to be: "A process can't join a new mount namespace if it is sharing filesystem-related attributes with another process", in this case this process is the curl thread. Ideally, we might kill it before spawning the shell process, but it's inside a static variable in the getFileTransfer() function. So instead, stop it from sharing FS state using unshare(). A strategy such as the one from #5057 (single-threaded chroot helper binary) is also very much on the table. Fixes #4337.
2021-10-15 14:25:49 +00:00
restoreProcessContext(false);
Split out `commonChildInit`
2020-10-11 16:38:46 +00:00
/* Put the child in a separate session (and thus a separate
process group) so that it has no controlling terminal (meaning
that e.g. ssh cannot open /dev/tty) and it doesn't receive
terminal signals. */
if (setsid() == -1)
throw SysError("creating a new session");
/* Dup the write side of the logger pipe into stderr. */
if (dup2(logPipe.writeSide.get(), STDERR_FILENO) == -1)
throw SysError("cannot pipe standard error into log file");
/* Dup stderr to stdout. */
if (dup2(STDERR_FILENO, STDOUT_FILENO) == -1)
throw SysError("cannot dup stderr into stdout");
/* Reroute stdin to /dev/null. */
int fdDevNull = open(pathNullDevice.c_str(), O_RDWR);
if (fdDevNull == -1)
throw SysError("cannot open '%1%'", pathNullDevice);
if (dup2(fdDevNull, STDIN_FILENO) == -1)
throw SysError("cannot dup null device into stdin");
close(fdDevNull);
}
* Use a proper namespace. * Optimise header file usage a bit. * Compile the parser as C++.
2006-09-04 21:06:23 +00:00
}
Copy permalink