lix-project/lix
18
50
Fork 26
Code Issues 335 Code Review (Gerrit) Projects 1 Releases Wiki Activity

Generalize isFixedOutput in preparation for CA drvs

Browse source 
Today's fixed output derivations and regular derivations differ in a few
ways which are largely orthogonal. This replaces `isFixedOutput` with a
`type` that returns an enum of possible combinations.
This commit is contained in:
John Ericson 2020-03-15 02:23:17 -04:00
parent b79b81dd2d
commit 2be64efb02
4 changed files with 106 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
src/libstore/build.cc
View file

@ -795,8 +795,8 @@ private:
/* RAII object to delete the chroot directory. */ /* RAII object to delete the chroot directory. */
std::shared_ptr<AutoDelete> autoDelChroot; std::shared_ptr<AutoDelete> autoDelChroot;
/* Whether this is a fixed-output derivation. */ /* The sort of derivation we are building. */
bool fixedOutput; DerivationType derivationType;
/* Whether to run the build in a private network namespace. */ /* Whether to run the build in a private network namespace. */
bool privateNetwork = false; bool privateNetwork = false;
@ -1369,12 +1369,12 @@ void DerivationGoal::inputsRealised()
debug("added input paths %s", worker.store.showPaths(inputPaths)); debug("added input paths %s", worker.store.showPaths(inputPaths));
/* Is this a fixed-output derivation? */ /* What type of derivation are we building? */
fixedOutput = drv->isFixedOutput(); derivationType = drv->type();
/* Don't repeat fixed-output derivations since they're already /* Don't repeat fixed-output derivations since they're already
verified by their output hash.*/ verified by their output hash.*/
nrRounds = fixedOutput ? 1 : settings.buildRepeat + 1; nrRounds = DtAxisFixed & derivationType ? 1 : settings.buildRepeat + 1;
/* Okay, try to build. Note that here we don't wait for a build /* Okay, try to build. Note that here we don't wait for a build
slot to become available, since we don't need one if there is a slot to become available, since we don't need one if there is a
@ -1724,7 +1724,7 @@ void DerivationGoal::buildDone()
st = st =
dynamic_cast<NotDeterministic*>(&e) ? BuildResult::NotDeterministic : dynamic_cast<NotDeterministic*>(&e) ? BuildResult::NotDeterministic :
statusOk(status) ? BuildResult::OutputRejected : statusOk(status) ? BuildResult::OutputRejected :
fixedOutput || diskFull ? BuildResult::TransientFailure : DtAxisImpure & derivationType || diskFull ? BuildResult::TransientFailure :
BuildResult::PermanentFailure; BuildResult::PermanentFailure;
} }
@ -1930,7 +1930,7 @@ void DerivationGoal::startBuilder()
else if (settings.sandboxMode == smDisabled) else if (settings.sandboxMode == smDisabled)
useChroot = false; useChroot = false;
else if (settings.sandboxMode == smRelaxed) else if (settings.sandboxMode == smRelaxed)
useChroot = !fixedOutput && !noChroot; useChroot = !(DtAxisImpure & derivationType) && !noChroot;
} }
if (worker.store.storeDir != worker.store.realStoreDir) { if (worker.store.storeDir != worker.store.realStoreDir) {
@ -2112,7 +2112,7 @@ void DerivationGoal::startBuilder()
"nogroup:x:65534:\n") % sandboxGid).str()); "nogroup:x:65534:\n") % sandboxGid).str());
/* Create /etc/hosts with localhost entry. */ /* Create /etc/hosts with localhost entry. */
if (!fixedOutput) if (!(DtAxisImpure & derivationType))
writeFile(chrootRootDir + "/etc/hosts", "127.0.0.1 localhost\n::1 localhost\n"); writeFile(chrootRootDir + "/etc/hosts", "127.0.0.1 localhost\n::1 localhost\n");
/* Make the closure of the inputs available in the chroot, /* Make the closure of the inputs available in the chroot,
@ -2318,7 +2318,7 @@ void DerivationGoal::startBuilder()
us. us.
*/ */
if (!fixedOutput) if (!(DtAxisImpure & derivationType))
privateNetwork = true; privateNetwork = true;
userNamespaceSync.create(); userNamespaceSync.create();
@ -2519,7 +2519,7 @@ void DerivationGoal::initEnv()
derivation, tell the builder, so that for instance `fetchurl' derivation, tell the builder, so that for instance `fetchurl'
can skip checking the output. On older Nixes, this environment can skip checking the output. On older Nixes, this environment
variable won't be set, so `fetchurl' will do the check. */ variable won't be set, so `fetchurl' will do the check. */
if (fixedOutput) env["NIX_OUTPUT_CHECKED"] = "1"; if (DtAxisFixed & derivationType) env["NIX_OUTPUT_CHECKED"] = "1";
/* *Only* if this is a fixed-output derivation, propagate the /* *Only* if this is a fixed-output derivation, propagate the
values of the environment variables specified in the values of the environment variables specified in the
@ -2530,7 +2530,7 @@ void DerivationGoal::initEnv()
to the builder is generally impure, but the output of to the builder is generally impure, but the output of
fixed-output derivations is by definition pure (since we fixed-output derivations is by definition pure (since we
already know the cryptographic hash of the output). */ already know the cryptographic hash of the output). */
if (fixedOutput) { if (derivationType & DtAxisImpure) {
for (auto & i : parsedDrv->getStringsAttr("impureEnvVars").value_or(Strings())) for (auto & i : parsedDrv->getStringsAttr("impureEnvVars").value_or(Strings()))
env[i] = getEnv(i).value_or(""); env[i] = getEnv(i).value_or("");
} }
@ -3144,7 +3144,7 @@ void DerivationGoal::runChild()
/* Fixed-output derivations typically need to access the /* Fixed-output derivations typically need to access the
network, so give them access to /etc/resolv.conf and so network, so give them access to /etc/resolv.conf and so
on. */ on. */
if (fixedOutput) { if (DtAxisImpure & derivationType) {
ss.push_back("/etc/resolv.conf"); ss.push_back("/etc/resolv.conf");
// Only use nss functions to resolve hosts and // Only use nss functions to resolve hosts and
@ -3385,7 +3385,7 @@ void DerivationGoal::runChild()
sandboxProfile += "(import \"sandbox-defaults.sb\")\n"; sandboxProfile += "(import \"sandbox-defaults.sb\")\n";
if (fixedOutput) if (DtAxisImpure & derivationType)
sandboxProfile += "(import \"sandbox-network.sb\")\n"; sandboxProfile += "(import \"sandbox-network.sb\")\n";
/* Our rwx outputs */ /* Our rwx outputs */
@ -3644,10 +3644,10 @@ void DerivationGoal::registerOutputs()
hash). */ hash). */
std::string ca; std::string ca;
if (fixedOutput) { if (i.second.hashAlgo != "") {
bool recursive; Hash h; bool recursive; HashType ht;
i.second.parseHashInfo(recursive, h); i.second.parseHashType(recursive, ht);
if (!recursive) { if (!recursive) {
/* The output path should be a regular file without execute permission. */ /* The output path should be a regular file without execute permission. */
@ -3658,11 +3658,16 @@ void DerivationGoal::registerOutputs()
/* Check the hash. In hash mode, move the path produced by /* Check the hash. In hash mode, move the path produced by
the derivation to its content-addressed location. */ the derivation to its content-addressed location. */
Hash h2 = recursive ? hashPath(h.type, actualPath).first : hashFile(h.type, actualPath); Hash h2 = recursive ? hashPath(ht, actualPath).first : hashFile(ht, actualPath);
auto dest = worker.store.makeFixedOutputPath(recursive, h2, i.second.path.name()); auto dest = worker.store.makeFixedOutputPath(recursive, h2, i.second.path.name());
if (h != h2) { // true if ither floating CA, or incorrect fixed hash.
bool needsMove = true;
if (i.second.hash != "") {
Hash h = Hash(i.second.hash, ht);
if (h != h2) {
/* Throw an error after registering the path as /* Throw an error after registering the path as
valid. */ valid. */
@ -3670,7 +3675,13 @@ void DerivationGoal::registerOutputs()
delayedException = std::make_exception_ptr( delayedException = std::make_exception_ptr(
BuildError("hash mismatch in fixed-output derivation '%s':\n wanted: %s\n got: %s", BuildError("hash mismatch in fixed-output derivation '%s':\n wanted: %s\n got: %s",
worker.store.printStorePath(dest), h.to_string(SRI), h2.to_string(SRI))); worker.store.printStorePath(dest), h.to_string(SRI), h2.to_string(SRI)));
} else {
// matched the fixed hash, so no move needed.
needsMove = false;
}
}
if (needsMove) {
Path actualDest = worker.store.toRealPath(worker.store.printStorePath(dest)); Path actualDest = worker.store.toRealPath(worker.store.printStorePath(dest));
if (worker.store.isValidPath(dest)) if (worker.store.isValidPath(dest))

45
src/libstore/derivations.cc
View file

@ -8,8 +8,12 @@
namespace nix { namespace nix {
// Avoid shadow
HashType parseHashAlgo(const string & s) {
return parseHashType(s);
}
void DerivationOutput::parseHashInfo(bool & recursive, Hash & hash) const void DerivationOutput::parseHashType(bool & recursive, HashType & hashType) const
{ {
recursive = false; recursive = false;
string algo = hashAlgo; string algo = hashAlgo;
@ -19,10 +23,16 @@ void DerivationOutput::parseHashInfo(bool & recursive, Hash & hash) const
algo = string(algo, 2); algo = string(algo, 2);
} }
HashType hashType = parseHashType(algo); HashType hashType_loc = parseHashAlgo(algo);
if (hashType == htUnknown) if (hashType_loc == htUnknown)
throw Error("unknown hash algorithm '%s'", algo); throw Error("unknown hash algorithm '%s'", algo);
hashType = hashType_loc;
}
void DerivationOutput::parseHashInfo(bool & recursive, Hash & hash) const
{
HashType hashType;
parseHashType(recursive, hashType);
hash = Hash(this->hash, hashType); hash = Hash(this->hash, hashType);
} }
@ -328,11 +338,28 @@ bool isDerivation(const string & fileName)
} }
bool BasicDerivation::isFixedOutput() const DerivationType BasicDerivation::type() const
{ {
return outputs.size() == 1 && if (outputs.size() == 1 &&
outputs.begin()->first == "out" && outputs.begin()->first == "out" &&
outputs.begin()->second.hash != ""; outputs.begin()->second.hash != "")
{
return DtCAFixed;
}
auto const algo = outputs.begin()->second.hashAlgo;
if (algo != "") {
throw Error("Invalid mix of CA and regular outputs");
}
for (auto & i : outputs) {
if (i.second.hash != "") {
throw Error("Non-fixed-output derivation has fixed output");
}
if (i.second.hashAlgo != "") {
throw Error("Invalid mix of CA and regular outputs");
}
}
return DtRegular;
} }
@ -362,13 +389,17 @@ DrvHashes drvHashes;
Hash hashDerivationModulo(Store & store, const Derivation & drv, bool maskOutputs) Hash hashDerivationModulo(Store & store, const Derivation & drv, bool maskOutputs)
{ {
/* Return a fixed hash for fixed-output derivations. */ /* Return a fixed hash for fixed-output derivations. */
if (drv.isFixedOutput()) { switch (drv.type()) {
case DtCAFixed: {
DerivationOutputs::const_iterator i = drv.outputs.begin(); DerivationOutputs::const_iterator i = drv.outputs.begin();
return hashString(htSHA256, "fixed:out:" return hashString(htSHA256, "fixed:out:"
+ i->second.hashAlgo + ":" + i->second.hashAlgo + ":"
+ i->second.hash + ":" + i->second.hash + ":"
+ store.printStorePath(i->second.path)); + store.printStorePath(i->second.path));
} }
default:
break;
}
/* For other derivations, replace the inputs paths with recursive /* For other derivations, replace the inputs paths with recursive
calls to this function.*/ calls to this function.*/

18
src/libstore/derivations.hh
View file

@ -22,6 +22,7 @@ struct DerivationOutput
, hashAlgo(std::move(hashAlgo)) , hashAlgo(std::move(hashAlgo))
, hash(std::move(hash)) , hash(std::move(hash))
{ } { }
void parseHashType(bool & recursive, HashType & hashType) const;
void parseHashInfo(bool & recursive, Hash & hash) const; void parseHashInfo(bool & recursive, Hash & hash) const;
}; };
@ -33,6 +34,21 @@ typedef std::map<StorePath, StringSet> DerivationInputs;
typedef std::map<string, string> StringPairs; typedef std::map<string, string> StringPairs;
// Bit:
// 7: regular vs ca
// 6: floating vs fixed hash if ca, regular always floating
// 5: pure vs impure if ca, regular always pure
// _: Unassigned
enum DerivationTypeAxis : uint8_t {
DtAxisCA = 0b10000000,
DtAxisFixed = 0b01000000,
DtAxisImpure = 0b00100000,
};
enum DerivationType : uint8_t {
DtRegular = 0b0000000,
DtCAFixed = 0b11100000,
};
struct BasicDerivation struct BasicDerivation
{ {
DerivationOutputs outputs; /* keyed on symbolic IDs */ DerivationOutputs outputs; /* keyed on symbolic IDs */
@ -53,7 +69,7 @@ struct BasicDerivation
bool isBuiltin() const; bool isBuiltin() const;
/* Return true iff this is a fixed-output derivation. */ /* Return true iff this is a fixed-output derivation. */
bool isFixedOutput() const; DerivationType type() const;
/* Return the output paths of a derivation. */ /* Return the output paths of a derivation. */
StorePathSet outputPaths() const; StorePathSet outputPaths() const;

36
src/libstore/local-store.cc
View file

@ -559,21 +559,29 @@ void LocalStore::checkDerivationOutputs(const StorePath & drvPath, const Derivat
}; };
if (drv.isFixedOutput()) { // Don't need the answer, but do this anways to assert is proper
DerivationOutputs::const_iterator out = drv.outputs.find("out"); // combination. The code below is more general and naturally allows
if (out == drv.outputs.end()) // combinations that currently prohibited.
throw Error("derivation '%s' does not have an output named 'out'", printStorePath(drvPath)); drv.type();
bool recursive; Hash h; std::optional<Hash> h;
out->second.parseHashInfo(recursive, h); for (auto & i : drv.outputs) {
if (i.second.hashAlgo == "") {
check(makeFixedOutputPath(recursive, h, drvName), out->second.path, "out"); if (!h) {
} // somewhat expensive so we do lazily
h = hashDerivationModulo(*this, drv, true);
else { }
Hash h = hashDerivationModulo(*this, drv, true); StorePath path = makeOutputPath(i.first, *h, drvName);
for (auto & i : drv.outputs) check(path, i.second.path, i.first);
check(makeOutputPath(i.first, h, drvName), i.second.path, i.first); } else {
if (i.second.hash == "") {
throw Error("Fixed output derivation needs hash");
}
bool recursive; Hash h;
i.second.parseHashInfo(recursive, h);
StorePath path = makeFixedOutputPath(recursive, h, drvName);
check(path, i.second.path, i.first);
}
} }
} }