lix-project/lix
20
55
Fork 31
Code Issues 344 Code Review (Gerrit) Projects 3 Releases Wiki Activity
lix/src/libstore/store-api.cc

505 lines
14 KiB
C++
Raw Normal View History

Move signature support from NarInfo to ValidPathInfo
2016-03-24 10:41:00 +00:00
#include "crypto.hh"
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
#include "globals.hh"
Move signature support from NarInfo to ValidPathInfo
2016-03-24 10:41:00 +00:00
#include "store-api.hh"
* Skeleton of remote store implementation.
2006-11-30 18:35:36 +00:00
#include "util.hh"
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
#include "nar-info-disk-cache.hh"
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
namespace nix {
bool isInStore(const Path & path)
{
Garbage collector: Don't follow symlinks arbitrarily Only indirect roots (symlinks to symlinks to the Nix store) are now supported.
2013-07-12 12:01:25 +00:00
return isInDir(path, settings.nixStore);
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
}
bool isStorePath(const Path & path)
{
return isInStore(path)
Fix test failures
2016-04-21 16:21:25 +00:00
&& path.size() >= settings.nixStore.size() + 1 + storePathHashLen
Refactor settings processing Put all Nix configuration flags in a Settings object.
2012-07-30 23:55:41 +00:00
&& path.find('/', settings.nixStore.size() + 1) == Path::npos;
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
}
void assertStorePath(const Path & path)
{
if (!isStorePath(path))
Use proper quotes everywhere
2014-08-20 15:00:17 +00:00
throw Error(format("path %1% is not in the Nix store") % path);
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
}
Path toStorePath(const Path & path)
{
if (!isInStore(path))
Use proper quotes everywhere
2014-08-20 15:00:17 +00:00
throw Error(format("path %1% is not in the Nix store") % path);
Refactor settings processing Put all Nix configuration flags in a Settings object.
2012-07-30 23:55:41 +00:00
Path::size_type slash = path.find('/', settings.nixStore.size() + 1);
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
if (slash == Path::npos)
return path;
else
return Path(path, 0, slash);
}
* nix-env -e: support uninstalling by path, so that one can say $ nix-env -e $(which firefox) or $ nix-env -e /nix/store/nywzlygrkfcgz7dfmhm5xixlx1l0m60v-pan-0.132 * nix-env -i: if an argument contains a slash anywhere, treat it as a path and follow it through symlinks into the Nix store. This allows things like $ nix-build -A firefox $ nix-env -i ./result * nix-env -q/-i/-e: don't complain when the `*' selector doesn't match anything. In particular, `nix-env -q \*' doesn't fail anymore on an empty profile.
2007-11-29 16:18:24 +00:00
Path followLinksToStore(const Path & _path)
{
Path path = absPath(_path);
while (!isInStore(path)) {
if (!isLink(path)) break;
string target = readLink(path);
path = absPath(target, dirOf(path));
}
if (!isInStore(path))
Use proper quotes everywhere
2014-08-20 15:00:17 +00:00
throw Error(format("path %1% is not in the Nix store") % path);
* nix-env -e: support uninstalling by path, so that one can say $ nix-env -e $(which firefox) or $ nix-env -e /nix/store/nywzlygrkfcgz7dfmhm5xixlx1l0m60v-pan-0.132 * nix-env -i: if an argument contains a slash anywhere, treat it as a path and follow it through symlinks into the Nix store. This allows things like $ nix-build -A firefox $ nix-env -i ./result * nix-env -q/-i/-e: don't complain when the `*' selector doesn't match anything. In particular, `nix-env -q \*' doesn't fail anymore on an empty profile.
2007-11-29 16:18:24 +00:00
return path;
}
Path followLinksToStorePath(const Path & path)
{
return toStorePath(followLinksToStore(path));
}
* Fix a huuuuge security hole in the Nix daemon. It didn't check that derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-20 18:10:47 +00:00
string storePathToName(const Path & path)
{
assertStorePath(path);
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
auto l = settings.nixStore.size() + 1 + storePathHashLen;
assert(path.size() >= l);
return path.size() == l ? "" : string(path, l + 1);
Add function to extract hash part of a store path
2016-02-15 11:49:01 +00:00
}
string storePathToHash(const Path & path)
{
assertStorePath(path);
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
assert(path.size() >= settings.nixStore.size() + 1 + storePathHashLen);
Add function to extract hash part of a store path
2016-02-15 11:49:01 +00:00
return string(path, settings.nixStore.size() + 1, storePathHashLen);
* Fix a huuuuge security hole in the Nix daemon. It didn't check that derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-20 18:10:47 +00:00
}
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
void checkStoreName(const string & name)
{
string validChars = "+-._?=";
/* Disallow names starting with a dot for possible security
reasons (e.g., "." and ".."). */
if (string(name, 0, 1) == ".")
Use proper quotes everywhere
2014-08-20 15:00:17 +00:00
throw Error(format("illegal name: %1%") % name);
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
for (auto & i : name)
if (!((i >= 'A' && i <= 'Z') ||
(i >= 'a' && i <= 'z') ||
(i >= '0' && i <= '9') ||
validChars.find(i) != string::npos))
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
{
Use proper quotes everywhere
2014-08-20 15:00:17 +00:00
throw Error(format("invalid character %1% in name %2%")
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
% i % name);
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
}
}
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
/* Store paths have the following form:
<store>/<h>-<name>
where
<store> = the location of the Nix store, usually /nix/store
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
<name> = a human readable name for the path, typically obtained
from the name attribute of the derivation, or the name of the
* Fix a huuuuge security hole in the Nix daemon. It didn't check that derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-20 18:10:47 +00:00
source file from which the store path is created. For derivation
outputs other than the default "out" output, the string "-<id>"
is suffixed to <name>.
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
<h> = base-32 representation of the first 160 bits of a SHA-256
hash of <s>; the hash part of the store name
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
<s> = the string "<type>:sha256:<h2>:<store>:<name>";
note that it includes the location of the store as well as the
name to make sure that changes to either of those are reflected
in the hash (e.g. you won't get /nix/store/<h>-name1 and
/nix/store/<h>-name2 with equal hash parts).
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
<type> = one of:
"text:<r1>:<r2>:...<rN>"
for plain text files written to the store using
addTextToStore(); <r1> ... <rN> are the references of the
path.
"source"
for paths copied to the store using addToStore() when recursive
= true and hashAlgo = "sha256"
* Fix a huuuuge security hole in the Nix daemon. It didn't check that derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-20 18:10:47 +00:00
"output:<id>"
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
for either the outputs created by derivations, OR paths copied
to the store using addToStore() with recursive != true or
hashAlgo != "sha256" (in that case "source" is used; it's
* Fix a huuuuge security hole in the Nix daemon. It didn't check that derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-20 18:10:47 +00:00
silly, but it's done that way for compatibility). <id> is the
name of the output (usually, "out").
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
<h2> = base-16 representation of a SHA-256 hash of:
if <type> = "text:...":
the string written to the resulting store path
if <type> = "source":
the serialisation of the path from which this store path is
copied, as returned by hashPath()
Typos
2016-03-24 10:27:58 +00:00
if <type> = "output:<id>":
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
for non-fixed derivation outputs:
the derivation (see hashDerivationModulo() in
primops.cc)
for paths copied by addToStore() or produced by fixed-output
derivations:
the string "fixed:out:<rec><algo>:<hash>:", where
Typos
2016-03-24 10:27:58 +00:00
<rec> = "r:" for recursive (path) hashes, or "" for flat
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
(file) hashes
<algo> = "md5", "sha1" or "sha256"
<hash> = base-16 representation of the path or flat hash of
the contents of the path (or expected contents of the
path for fixed-output derivations)
It would have been nicer to handle fixed-output derivations under
"source", e.g. have something like "source:<rec><algo>", but we're
stuck with this for now...
The main reason for this way of computing names is to prevent name
collisions (for security). For instance, it shouldn't be feasible
to come up with a derivation whose output path collides with the
path for a copied source. The former would have a <s> starting with
"output:out:", while the latter would have a <2> starting with
"source:".
*/
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
Path makeStorePath(const string & type,
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
const Hash & hash, const string & name)
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
{
/* e.g., "source:sha256:1abc...:/nix/store:foo.tar.gz" */
string s = type + ":sha256:" + printHash(hash) + ":"
Refactor settings processing Put all Nix configuration flags in a Settings object.
2012-07-30 23:55:41 +00:00
+ settings.nixStore + ":" + name;
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
checkStoreName(name);
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
Refactor settings processing Put all Nix configuration flags in a Settings object.
2012-07-30 23:55:41 +00:00
return settings.nixStore + "/"
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
+ printHash32(compressHash(hashString(htSHA256, s), 20))
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
+ "-" + name;
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
}
* Fix a huuuuge security hole in the Nix daemon. It didn't check that derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-20 18:10:47 +00:00
Path makeOutputPath(const string & id,
const Hash & hash, const string & name)
{
return makeStorePath("output:" + id, hash,
name + (id == "out" ? "" : "-" + id));
}
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
Path makeFixedOutputPath(bool recursive,
* Pass HashType values instead of strings.
2008-12-03 16:10:17 +00:00
HashType hashAlgo, Hash hash, string name)
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
{
* Pass HashType values instead of strings.
2008-12-03 16:10:17 +00:00
return hashAlgo == htSHA256 && recursive
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
? makeStorePath("source", hash, name)
: makeStorePath("output:out", hashString(htSHA256,
* Pass HashType values instead of strings.
2008-12-03 16:10:17 +00:00
"fixed:out:" + (recursive ? (string) "r:" : "") +
printHashType(hashAlgo) + ":" + printHash(hash) + ":"),
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
name);
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
}
* More operations. * addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-12-01 18:00:01 +00:00
* Merge addToStore and addToStoreFixed. * addToStore now adds unconditionally, it doesn't use readOnlyMode. Read-only operation is up to the caller (who can call computeStorePathForPath).
2006-12-01 20:51:18 +00:00
std::pair<Path, Hash> computeStorePathForPath(const Path & srcPath,
* Pass HashType values instead of strings.
2008-12-03 16:10:17 +00:00
bool recursive, HashType hashAlgo, PathFilter & filter)
* More operations. * addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-12-01 18:00:01 +00:00
{
* Pass HashType values instead of strings.
2008-12-03 16:10:17 +00:00
HashType ht(hashAlgo);
* Store the size of a store path in the database (to be precise, the size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-11-16 17:11:46 +00:00
Hash h = recursive ? hashPath(ht, srcPath, filter).first : hashFile(ht, srcPath);
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
string name = baseNameOf(srcPath);
Path dstPath = makeFixedOutputPath(recursive, hashAlgo, h, name);
* More operations. * addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-12-01 18:00:01 +00:00
return std::pair<Path, Hash>(dstPath, h);
}
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
Path computeStorePathForText(const string & name, const string & s,
* computeStorePathForText: take the references into account when computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile).
2007-01-29 15:51:37 +00:00
const PathSet & references)
* More operations. * addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-12-01 18:00:01 +00:00
{
Hash hash = hashString(htSHA256, s);
* computeStorePathForText: take the references into account when computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile).
2007-01-29 15:51:37 +00:00
/* Stuff the references (if any) into the type. This is a bit
hacky, but we can't put them in `s' since that would be
ambiguous. */
string type = "text";
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
for (auto & i : references) {
* computeStorePathForText: take the references into account when computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile).
2007-01-29 15:51:37 +00:00
type += ":";
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
type += i;
* computeStorePathForText: take the references into account when computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile).
2007-01-29 15:51:37 +00:00
}
* Unify the treatment of sources copied to the store, and recursive SHA-256 outputs of fixed-output derivations. I.e. they now produce the same store path: $ nix-store --add x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x $ nix-store --add-fixed --recursive sha256 x /nix/store/j2fq9qxvvxgqymvpszhs773ncci45xsj-x the latter being the same as the path that a derivation derivation { name = "x"; outputHashAlgo = "sha256"; outputHashMode = "recursive"; outputHash = "..."; ... }; produces. This does change the output path for such fixed-output derivations. Fortunately they are quite rare. The most common use is fetchsvn calls with SHA-256 hashes. (There are a handful of those is Nixpkgs, mostly unstable development packages.) * Documented the computation of store paths (in store-api.cc).
2008-12-03 15:06:30 +00:00
return makeStorePath(type, hash, name);
* More operations. * addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-12-01 18:00:01 +00:00
}
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
std::string Store::getUri()
{
return "";
}
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
bool Store::isValidPath(const Path & storePath)
Expose the export magic value and move LocalStore::queryReferences to Store
2016-02-15 13:48:38 +00:00
{
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
auto hashPart = storePathToHash(storePath);
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
{
auto state_(state.lock());
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
auto res = state_->pathInfoCache.get(hashPart);
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
if (res) {
stats.narInfoReadAverted++;
return *res != 0;
}
}
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
if (diskCache) {
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
auto res = diskCache->lookupNarInfo(getUri(), hashPart);
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
if (res.first != NarInfoDiskCache::oUnknown) {
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
stats.narInfoReadAverted++;
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
auto state_(state.lock());
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
state_->pathInfoCache.upsert(hashPart,
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
res.first == NarInfoDiskCache::oInvalid ? 0 : res.second);
return res.first == NarInfoDiskCache::oValid;
}
}
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
return isValidPathUncached(storePath);
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
// FIXME: insert result into NARExistence table of diskCache.
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
}
ref<const ValidPathInfo> Store::queryPathInfo(const Path & storePath)
{
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
auto hashPart = storePathToHash(storePath);
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
{
auto state_(state.lock());
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
auto res = state_->pathInfoCache.get(hashPart);
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
if (res) {
stats.narInfoReadAverted++;
if (!*res)
throw InvalidPath(format("path %s is not valid") % storePath);
return ref<ValidPathInfo>(*res);
}
}
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
if (diskCache) {
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
auto res = diskCache->lookupNarInfo(getUri(), hashPart);
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
if (res.first != NarInfoDiskCache::oUnknown) {
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
stats.narInfoReadAverted++;
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
auto state_(state.lock());
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
state_->pathInfoCache.upsert(hashPart,
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
res.first == NarInfoDiskCache::oInvalid ? 0 : res.second);
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
if (res.first == NarInfoDiskCache::oInvalid ||
(res.second->path != storePath && storePathToName(storePath) != ""))
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
throw InvalidPath(format("path %s is not valid") % storePath);
return ref<ValidPathInfo>(res.second);
}
}
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
auto info = queryPathInfoUncached(storePath);
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
if (diskCache && info)
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
diskCache->upsertNarInfo(getUri(), hashPart, info);
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
{
auto state_(state.lock());
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
state_->pathInfoCache.upsert(hashPart, info);
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
}
Implement S3BinaryCacheStore::queryAllValidPaths() This allows commands like "nix verify --all" or "nix path-info --all" to work on S3 caches. Unfortunately, this requires some ugly hackery: when querying the contents of the bucket, we don't want to have to read every .narinfo file. But the S3 bucket keys only include the hash part of each store path, not the name part. So as a special exception queryAllValidPaths() can now return store paths *without* the name part, and queryPathInfo() accepts such store paths (returning a ValidPathInfo object containing the full name).
2016-04-21 15:53:47 +00:00
if (!info
|| (info->path != storePath && storePathToName(storePath) != ""))
{
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
stats.narInfoMissing++;
throw InvalidPath(format("path %s is not valid") % storePath);
}
return ref<ValidPathInfo>(info);
Expose the export magic value and move LocalStore::queryReferences to Store
2016-02-15 13:48:38 +00:00
}
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
/* Return a string accepted by decodeValidPathInfo() that
registers the specified paths as valid. Note: it's the
responsibility of the caller to provide a closure. */
StoreAPI -> Store Calling a class an API is a bit redundant...
2016-02-04 13:48:42 +00:00
string Store::makeValidityRegistration(const PathSet & paths,
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
bool showDerivers, bool showHash)
{
string s = "";
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
for (auto & i : paths) {
s += i + "\n";
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
auto info = queryPathInfo(i);
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
* Store the size of a store path in the database (to be precise, the size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-11-16 17:11:46 +00:00
if (showHash) {
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
s += printHash(info->narHash) + "\n";
s += (format("%1%\n") % info->narSize).str();
* Store the size of a store path in the database (to be precise, the size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-11-16 17:11:46 +00:00
}
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
Path deriver = showDerivers ? info->deriver : "";
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
s += deriver + "\n";
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
s += (format("%1%\n") % info->references.size()).str();
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
for (auto & j : info->references)
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
s += j + "\n";
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
}
return s;
}
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
const Store::Stats & Store::getStats()
{
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
{
auto state_(state.lock());
stats.pathInfoCacheSize = state_->pathInfoCache.size();
}
Move path info caching from BinaryCacheStore to Store Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-19 16:50:15 +00:00
return stats;
}
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
ValidPathInfo decodeValidPathInfo(std::istream & str, bool hashGiven)
* Get rid of the substitutes database table (NIX-47). Instead, if we need any info on substitutable paths, we just call the substituters (such as download-using-manifests.pl) directly. This means that it's no longer necessary for nix-pull to register substitutes or for nix-channel to clear them, which makes those operations much faster (NIX-95). Also, we don't have to worry about keeping nix-pull manifests (in /nix/var/nix/manifests) and the database in sync with each other. The downside is that there is some overhead in calling an external program to get the substitutes info. For instance, "nix-env -qas" takes a bit longer. Abolishing the substitutes table also makes the logic in local-store.cc simpler, as we don't need to store info for invalid paths. On the downside, you cannot do things like "nix-store -qR" on a substitutable but invalid path (but nobody did that anyway). * Never catch interrupts (the Interrupted exception).
2007-08-12 00:29:28 +00:00
{
ValidPathInfo info;
getline(str, info.path);
if (str.eof()) { info.path = ""; return info; }
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
if (hashGiven) {
string s;
getline(str, s);
Rename ValidPathInfo::hash -> narHash for consistency
2016-02-16 10:49:12 +00:00
info.narHash = parseHash(htSHA256, s);
* Store the size of a store path in the database (to be precise, the size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-11-16 17:11:46 +00:00
getline(str, s);
if (!string2Int(s, info.narSize)) throw Error("number expected");
* nix-store --dump-db / --load-db to dump/load the Nix DB. * nix-store --register-validity: option to supply the content hash of each path. * Removed compatibility with Nix <= 0.7 stores.
2008-01-29 18:17:36 +00:00
}
* Get rid of the substitutes database table (NIX-47). Instead, if we need any info on substitutable paths, we just call the substituters (such as download-using-manifests.pl) directly. This means that it's no longer necessary for nix-pull to register substitutes or for nix-channel to clear them, which makes those operations much faster (NIX-95). Also, we don't have to worry about keeping nix-pull manifests (in /nix/var/nix/manifests) and the database in sync with each other. The downside is that there is some overhead in calling an external program to get the substitutes info. For instance, "nix-env -qas" takes a bit longer. Abolishing the substitutes table also makes the logic in local-store.cc simpler, as we don't need to store info for invalid paths. On the downside, you cannot do things like "nix-store -qR" on a substitutable but invalid path (but nobody did that anyway). * Never catch interrupts (the Interrupted exception).
2007-08-12 00:29:28 +00:00
getline(str, info.deriver);
string s; int n;
getline(str, s);
if (!string2Int(s, n)) throw Error("number expected");
while (n--) {
getline(str, s);
info.references.insert(s);
}
if (!str || str.eof()) throw Error("missing input");
return info;
}
* Merged the no-bdb branch (-r10900:HEAD https://svn.nixos.org/repos/nix/nix/branches/no-bdb).
2008-06-09 13:52:45 +00:00
string showPaths(const PathSet & paths)
{
string s;
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
for (auto & i : paths) {
* Merged the no-bdb branch (-r10900:HEAD https://svn.nixos.org/repos/nix/nix/branches/no-bdb).
2008-06-09 13:52:45 +00:00
if (s.size() != 0) s += ", ";
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
s += "" + i + "";
* Merged the no-bdb branch (-r10900:HEAD https://svn.nixos.org/repos/nix/nix/branches/no-bdb).
2008-06-09 13:52:45 +00:00
}
return s;
}
StoreAPI -> Store Calling a class an API is a bit redundant...
2016-02-04 13:48:42 +00:00
void Store::exportPaths(const Paths & paths,
* Add an API function exportPaths() that provides the functionality of ‘nix-store --export’. * Add a Perl module that provides the functionality of ‘nix-copy-closure --to’. This is used by build-remote.pl so it no longer needs to start a separate nix-copy-closure process. Also, it uses the Perl API to do the export, so it doesn't need to start a separate nix-store process either. As a result, nix-copy-closure and build-remote.pl should no longer fail on very large closures due to an "Argument list too long" error. (Note that having very many dependencies in a single derivation can still fail because the environment can become too large. Can't be helped though.)
2011-11-23 15:13:37 +00:00
bool sign, Sink & sink)
{
OCD: foreach -> C++11 ranged for
2015-07-17 17:24:28 +00:00
for (auto & i : paths) {
More cleanup
2015-07-19 23:16:16 +00:00
sink << 1;
Eliminate the "store" global variable Also, move a few free-standing functions into StoreAPI and Derivation. Also, introduce a non-nullable smart pointer, ref<T>, which is just a wrapper around std::shared_ptr ensuring that the pointer is never null. (For reference-counted values, this is better than passing a "T&", because the latter doesn't maintain the refcount. Usually, the caller will have a shared_ptr keeping the value alive, but that's not always the case, e.g., when passing a reference to a std::thread via std::bind.)
2016-02-04 13:28:26 +00:00
exportPath(i, sign, sink);
* Add an API function exportPaths() that provides the functionality of ‘nix-store --export’. * Add a Perl module that provides the functionality of ‘nix-copy-closure --to’. This is used by build-remote.pl so it no longer needs to start a separate nix-copy-closure process. Also, it uses the Perl API to do the export, so it doesn't need to start a separate nix-store process either. As a result, nix-copy-closure and build-remote.pl should no longer fail on very large closures due to an "Argument list too long" error. (Note that having very many dependencies in a single derivation can still fail because the environment can become too large. Can't be helped though.)
2011-11-23 15:13:37 +00:00
}
More cleanup
2015-07-19 23:16:16 +00:00
sink << 0;
* Add an API function exportPaths() that provides the functionality of ‘nix-store --export’. * Add a Perl module that provides the functionality of ‘nix-copy-closure --to’. This is used by build-remote.pl so it no longer needs to start a separate nix-copy-closure process. Also, it uses the Perl API to do the export, so it doesn't need to start a separate nix-store process either. As a result, nix-copy-closure and build-remote.pl should no longer fail on very large closures due to an "Argument list too long" error. (Note that having very many dependencies in a single derivation can still fail because the environment can become too large. Can't be helped though.)
2011-11-23 15:13:37 +00:00
}
Move signature support from NarInfo to ValidPathInfo
2016-03-24 10:41:00 +00:00
std::string ValidPathInfo::fingerprint() const
{
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
if (narSize == 0 || !narHash)
Add "nix sign-paths" command E.g. $ nix sign-paths -k ./secret -r $(type -p geeqie) signs geeqie and all its dependencies using the key in ./secret.
2016-04-05 14:39:29 +00:00
throw Error(format("cannot calculate fingerprint of path %s because its size/hash is not known")
% path);
Move signature support from NarInfo to ValidPathInfo
2016-03-24 10:41:00 +00:00
return
"1;" + path + ";"
+ printHashType(narHash.type) + ":" + printHash32(narHash) + ";"
+ std::to_string(narSize) + ";"
+ concatStringsSep(",", references);
}
void ValidPathInfo::sign(const SecretKey & secretKey)
{
sigs.insert(secretKey.signDetached(fingerprint()));
}
unsigned int ValidPathInfo::checkSignatures(const PublicKeys & publicKeys) const
{
unsigned int good = 0;
for (auto & sig : sigs)
nix verify-paths: Add ‘--sigs-needed <N>’ flag This specifies the number of distinct signatures required to consider each path "trusted". Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables verifying whether a path is trusted (since a path can also be trusted if it has no signatures, but was built locally).
2016-04-07 13:14:12 +00:00
if (checkSignature(publicKeys, sig))
Move signature support from NarInfo to ValidPathInfo
2016-03-24 10:41:00 +00:00
good++;
return good;
}
nix verify-paths: Add ‘--sigs-needed <N>’ flag This specifies the number of distinct signatures required to consider each path "trusted". Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables verifying whether a path is trusted (since a path can also be trusted if it has no signatures, but was built locally).
2016-04-07 13:14:12 +00:00
bool ValidPathInfo::checkSignature(const PublicKeys & publicKeys, const std::string & sig) const
{
return verifyDetached(fingerprint(), sig, publicKeys);
}
Cache path info lookups in SQLite This re-implements the binary cache database in C++, allowing it to be used by other Store backends, in particular the S3 backend.
2016-04-20 12:12:38 +00:00
Strings ValidPathInfo::shortRefs() const
{
Strings refs;
for (auto & r : references)
refs.push_back(baseNameOf(r));
return refs;
}
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
}
#include "local-store.hh"
* Skeleton of remote store implementation.
2006-11-30 18:35:36 +00:00
#include "remote-store.hh"
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
namespace nix {
Make store implementations pluggable This for instance allows hydra-queue-runner to add the S3 backend at runtime.
2016-02-29 15:11:11 +00:00
RegisterStoreImplementation::Implementations * RegisterStoreImplementation::implementations = 0;
Eliminate reserveSpace flag
2016-02-24 16:33:53 +00:00
ref<Store> openStoreAt(const std::string & uri)
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
{
Make store implementations pluggable This for instance allows hydra-queue-runner to add the S3 backend at runtime.
2016-02-29 15:11:11 +00:00
for (auto fun : *RegisterStoreImplementation::implementations) {
auto store = fun(uri);
if (store) return ref<Store>(store);
Move BinaryCacheStore / LocalBinaryCacheStore from Hydra So you can now do: $ NIX_REMOTE=file:///tmp/binary-cache nix-store -qR /nix/store/...
2016-02-24 13:48:16 +00:00
}
Make store implementations pluggable This for instance allows hydra-queue-runner to add the S3 backend at runtime.
2016-02-29 15:11:11 +00:00
throw Error(format("don't know how to open Nix store %s") % uri);
}
ref<Store> openStore()
{
return openStoreAt(getEnv("NIX_REMOTE"));
}
static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> {
Use the daemon when we don't have write access to the Nix database
2016-01-31 09:19:14 +00:00
enum { mDaemon, mLocal, mAuto } mode;
Make store implementations pluggable This for instance allows hydra-queue-runner to add the S3 backend at runtime.
2016-02-29 15:11:11 +00:00
if (uri == "daemon") mode = mDaemon;
else if (uri == "local") mode = mLocal;
else if (uri == "") mode = mAuto;
else return 0;
Use the daemon when we don't have write access to the Nix database
2016-01-31 09:19:14 +00:00
if (mode == mAuto) {
if (LocalStore::haveWriteAccess())
mode = mLocal;
else if (pathExists(settings.nixDaemonSocketFile))
mode = mDaemon;
else
mode = mLocal;
}
return mode == mDaemon
Make store implementations pluggable This for instance allows hydra-queue-runner to add the S3 backend at runtime.
2016-02-29 15:11:11 +00:00
? std::shared_ptr<Store>(std::make_shared<RemoteStore>())
: std::shared_ptr<Store>(std::make_shared<LocalStore>());
});
Move BinaryCacheStore / LocalBinaryCacheStore from Hydra So you can now do: $ NIX_REMOTE=file:///tmp/binary-cache nix-store -qR /nix/store/...
2016-02-24 13:48:16 +00:00
* Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30 17:43:04 +00:00
}
Reference in a new issue Copy permalink