Commit graph

7929 commits

Author SHA1 Message Date
Eelco Dolstra 7349f257da Only mount /sys in uid-range builds
Maybe this should be a separate system feature... /sys exposes a lot
of impure info about the host system.
2020-07-06 13:50:33 +02:00
Eelco Dolstra 8c4cce553c Fix macOS build 2020-07-06 13:50:33 +02:00
Eelco Dolstra ba50c3efa3 Add "uid-range" and "systemd-cgroup" system features
"uid-range" provides 65536 UIDs to a build and runs the build as root
in its user namespace. "systemd-cgroup" allows the build to mount the
systemd cgroup controller (needed for running systemd-nspawn and NixOS
containers).

Also, add a configuration option "auto-allocate-uids" which is needed
to enable these features, and some experimental feature gates.

So to enable support for containers you need the following in
nix.conf:

  experimental-features = auto-allocate-uids systemd-cgroup
  auto-allocate-uids = true
  system-features = uid-range systemd-cgroup
2020-07-06 13:50:33 +02:00
Eelco Dolstra 570c443f56 Simplify cgroup creation 2020-07-06 13:50:33 +02:00
Eelco Dolstra 7bdcf43b40 Destroy the cgroup prior to building 2020-07-06 13:50:33 +02:00
Eelco Dolstra ca2f64bcda Reduce # of UIDs per build to 65536
2^18 was overkill. The idea was to enable multiple containers to run
inside a build. However, those containers can use the same UID range -
we don't really care about perfect isolation between containers inside
a build.
2020-07-06 13:50:33 +02:00
Eelco Dolstra f5fa3de759 Run builds in their own cgroup
Also, run builds in a cgroup namespace (ensuring /proc/self/cgroup
doesn't leak information about the outside world) and mount /sys. This
enables running systemd-nspawn and thus NixOS containers in a Nix
build.
2020-07-06 13:50:33 +02:00
Eelco Dolstra c3e0a68c7e canonicalisePathMetaData(): Support a UID range 2020-07-06 13:50:33 +02:00
Eelco Dolstra 836573a9a2 Dynamically allocate UIDs
Rather than rely on a nixbld group, we now allocate UIDs/GIDs
dynamically starting at a configurable ID (872415232 by default).

Also, we allocate 2^18 UIDs and GIDs per build, and run the build as
root in its UID namespace. (This should not be the default since it
breaks some builds. We probably should enable this conditional on a
requiredSystemFeature.) The goal is to be able to run (NixOS)
containers in a build. However, this will also require some cgroup
initialisation.

The 2^18 UIDs/GIDs is intended to provide enough ID space to run
multiple containers per build, e.g. for distributed NixOS tests.
2020-07-06 13:50:33 +02:00
Eelco Dolstra 14227aeb32 Merge branch 'add-trace' of https://github.com/bburdette/nix 2020-07-03 16:27:39 +02:00
Ben Burdette b29a4ea1dc Merge branch 'master' into add-trace 2020-07-03 07:57:36 -06:00
Eelco Dolstra c3c7aedbb5 nix develop: Fix bad regex
This was accepted by libstdc++ but not libc++.

https://hydra.nixos.org/build/123569154
2020-07-03 14:58:58 +02:00
Eelco Dolstra 6f8fd3a3f2 Shut up a clang warning 2020-07-03 14:50:07 +02:00
Eelco Dolstra dfaad374ff
Merge pull request #3778 from tweag/parallel-tests
Parallel tests fixes
2020-07-03 13:17:10 +02:00
Eelco Dolstra 017efae01f Hopefully fix macOS test failure 2020-07-03 13:16:22 +02:00
regnat 223fbe644a Shorten the path to the test root
Fix a socket length failure on the OSX builders
2020-07-03 09:20:01 +02:00
regnat 5101ed18bc Fix the test dependencies
Reuse the pre-existing list rather than the one written as part of #3777
2020-07-03 09:20:01 +02:00
Eelco Dolstra 5596f879b4 Add test for nix develop 2020-07-02 18:32:45 +02:00
Eelco Dolstra b5e4253697 Fix abort in 'nix develop' 2020-07-02 18:24:11 +02:00
Ben Burdette 5818271c6e spacing 2020-07-02 09:41:54 -06:00
Ben Burdette bf2788e4c1 move showTrace to new loggerSettings 2020-07-02 09:04:31 -06:00
Eelco Dolstra a5b6e870fe Set gc-reserved-space to 0 in tests
This reduces the amount of disk space needed to run the tests from
half a gigabyte to 10 megabytes.
2020-07-02 16:38:42 +02:00
Eelco Dolstra ec5d7cb8e2 Merge branch 'parallel-tests' of https://github.com/tweag/nix 2020-07-02 16:38:38 +02:00
regnat 11ba4ec795 Make the gc-auto test more reliable
Use a fifo pipe to handle the synchronisation between the different
threads rather than relying on delays
2020-07-02 16:13:36 +02:00
regnat c762385457 Make the gc-concurrent test more reliable
Use a fifo pipe to handle the synchronisation between the different
threads rather than relying on delays
2020-07-02 16:13:36 +02:00
regnat 1b5aa60767 Run the tests in parallel
Cause the time needed to run the testsuite to drop from ~4mins to ~40s
2020-07-02 16:13:36 +02:00
Ben Burdette 5ae498872a assert for invalid fileorigin 2020-07-02 07:14:40 -06:00
Ben Burdette 8497891b99 spacing 2020-07-01 13:50:18 -06:00
Ben Burdette a295b2ea96 if no errLoc, no Loc. 2020-07-01 12:02:02 -06:00
Ben Burdette 3629b0585a don't include errpos for addErrorContext 2020-07-01 11:49:01 -06:00
Ben Burdette 2a39c083dc non-pos trace test 2020-07-01 10:37:31 -06:00
Eelco Dolstra 38ccf2e241 Cleanup 2020-07-01 15:31:34 +02:00
Eelco Dolstra 86a4aba6c4 Merge branch 'remote-query-outputs' of https://github.com/tweag/nix 2020-07-01 15:10:29 +02:00
Ben Burdette a7d5d26443 fix tests with the 'from string' change 2020-06-30 22:05:21 -06:00
Ben Burdette dabbb4538f 'from string' 2020-06-30 16:43:01 -06:00
Ben Burdette 9159dfe3d8 comments and cleanup 2020-06-30 16:31:55 -06:00
Ben Burdette 70bcb39d3f double addtrace for 'called from' 2020-06-30 15:44:19 -06:00
Ben Burdette ddb81ca126 Merge branch 'master' into add-trace 2020-06-30 12:21:45 -06:00
Eelco Dolstra ee1582494e
Merge pull request #3767 from bburdette/pos-null-check
Pos null check
2020-06-30 19:52:22 +02:00
Ben Burdette a0705e0dd1 invalid pos check 2020-06-30 11:01:46 -06:00
Ben Burdette e72a16a339 check for a null symbol 2020-06-30 11:00:51 -06:00
Ben Burdette c484a67914 trace formatting 2020-06-29 15:46:21 -06:00
Eelco Dolstra 2b834d48aa NAR parser: Fix missing name field check
Discovered by @Kloenk.
2020-06-29 22:45:41 +02:00
Ben Burdette 8f81fae116 showTrace flag in loggers 2020-06-29 10:20:51 -06:00
Eelco Dolstra 58bc3b6578
Merge pull request #3729 from obsidiansystems/simpler-hased-mirror
hashed-mirrors: Use parsed derivation output rather than reconstructing it
2020-06-29 14:04:12 +02:00
Eelco Dolstra 64232f3ea6
Merge pull request #3749 from rodarima/master
Fall back to copyPath if link fails with EPERM
2020-06-29 13:31:24 +02:00
Domen Kožar 3fcbe30eea
Merge pull request #3758 from NixOS/dependabot/github_actions/cachix/install-nix-action-v10
Bump cachix/install-nix-action from v8 to v10
2020-06-28 08:16:01 +02:00
dependabot[bot] 9937f4ed37
Bump cachix/install-nix-action from v8 to v10
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from v8 to v10.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v8...63cf434de4e4292c6960639d56c5dd550e789d77)

Signed-off-by: dependabot[bot] <support@github.com>
2020-06-28 06:02:57 +00:00
Domen Kožar b7795a3496
Merge pull request #3757 from Mic92/dependabot
dependabot: automatically keep github actions up-to-date
2020-06-28 08:02:24 +02:00
Jörg Thalheim 7af734bac1
dependabot: automatically keep github actions up-to-date 2020-06-27 20:37:05 +01:00