hydra-queue-runner: Support running in a NixOS container

In a NixOS container, cmdBuildDerivation doesn't work because we're not privileged. But we also don't need it because the store already has the derivation. Also, don't copy from/to the store since this gives errors about missing signatures.
2019-09-25 17:26:03 +02:00 · 2019-09-25 17:26:03 +02:00 · d4b4255dd2
parent 554bb7d9ce
commit d4b4255dd2
2 changed files with 17 additions and 7 deletions
--- a/src/hydra-queue-runner/build-remote.cc
+++ b/src/hydra-queue-runner/build-remote.cc
@ -48,7 +48,7 @@ static void openConnection(Machine::ptr machine, Path tmpDir, int stderrFD, Chil
            throw SysError("cannot dup stderr");
        Strings argv;
-        if (machine->sshName == "localhost") {
+        if (machine->isLocalhost()) {
            pgmName = "nix-store";
            argv = {"nix-store", "--serve", "--write"};
        }
@ -190,7 +190,11 @@ void State::buildRemote(ref<Store> destStore,
            remoteVersion = readInt(from);
            if (GET_PROTOCOL_MAJOR(remoteVersion) != 0x200)
                throw Error(format("unsupported ‘nix-store --serve’ protocol version on ‘%1%’") % machine->sshName);
-            if (GET_PROTOCOL_MINOR(remoteVersion) >= 1)
+            // Always send the derivation to localhost, since it's a
            // no-op anyway but we might not be privileged to use
            // cmdBuildDerivation (e.g. if we're running in a NixOS
            // container).
            if (GET_PROTOCOL_MINOR(remoteVersion) >= 1 && !machine->isLocalhost())
                sendDerivation = false;
            if (GET_PROTOCOL_MINOR(remoteVersion) < 3 && repeats > 0)
                throw Error("machine ‘%1%’ does not support repeating a build; please upgrade it to Nix 1.12", machine->sshName);
@ -236,10 +240,11 @@ void State::buildRemote(ref<Store> destStore,
           a no-op for regular stores, but for the binary cache store,
           this will copy the inputs to the binary cache from the local
           store. */
-        copyClosure(ref<Store>(localStore), destStore, step->drv.inputSrcs, NoRepair, NoCheckSigs);
+        if (localStore != std::shared_ptr<Store>(destStore))
            copyClosure(ref<Store>(localStore), destStore, step->drv.inputSrcs, NoRepair, NoCheckSigs);
        /* Copy the input closure. */
-        if (/* machine->sshName != "localhost" */ true) {
+        if (!machine->isLocalhost()) {
            auto mc1 = std::make_shared<MaintainCount<counter>>(nrStepsWaiting);
            mc1.reset();
            MaintainCount<counter> mc2(nrStepsCopyingTo);
@ -381,7 +386,9 @@ void State::buildRemote(ref<Store> destStore,
        }
        /* Copy the output paths. */
-        if (/* machine->sshName != "localhost" */ true) {
+        result.accessor = destStore->getFSAccessor();
        if (!machine->isLocalhost() || localStore != std::shared_ptr<Store>(destStore)) {
            updateStep(ssReceivingOutputs);
            MaintainCount<counter> mc(nrStepsCopyingFrom);
@ -427,8 +434,6 @@ void State::buildRemote(ref<Store> destStore,
                printMsg(lvlError, format("warning: had to wait %d ms for %d memory tokens for %s")
                    % resMs % totalNarSize % step->drvPath);
            result.accessor = destStore->getFSAccessor();
            to << cmdExportPaths << 0 << outputs;
            to.flush();
            destStore->importPaths(from, result.accessor, NoCheckSigs);
--- a/src/hydra-queue-runner/state.hh
+++ b/src/hydra-queue-runner/state.hh
@ -274,6 +274,11 @@ struct Machine
        return true;
    }
    bool isLocalhost()
    {
        return sshName == "localhost";
    }
 };