build: only skip hash rewriting for sandboxing on linux

The sandbox on darwin, and possibly other future platforms, doesn't have
enough isolation to redirect outputs without hash rewriting.
This commit is contained in:
Daiderd Jordan 2019-04-17 21:42:41 +02:00
parent 5112a33fb1
commit b614e0e53d
No known key found for this signature in database
GPG key ID: D02435D05B810C96

View file

@ -803,6 +803,9 @@ private:
/* Whether we're currently doing a chroot build. */ /* Whether we're currently doing a chroot build. */
bool useChroot = false; bool useChroot = false;
/* Whether we need to perform hash rewriting if there are valid output paths. */
bool needsHashRewrite;
Path chrootRootDir; Path chrootRootDir;
/* RAII object to delete the chroot directory. */ /* RAII object to delete the chroot directory. */
@ -994,6 +997,13 @@ DerivationGoal::DerivationGoal(const Path & drvPath, const StringSet & wantedOut
, wantedOutputs(wantedOutputs) , wantedOutputs(wantedOutputs)
, buildMode(buildMode) , buildMode(buildMode)
{ {
#if __linux__
needsHashRewrite = !useChroot;
#else
/* Darwin requires hash rewriting even when sandboxing is enabled. */
needsHashRewrite = true;
#endif
state = &DerivationGoal::getDerivation; state = &DerivationGoal::getDerivation;
name = (format("building of '%1%'") % drvPath).str(); name = (format("building of '%1%'") % drvPath).str();
trace("created"); trace("created");
@ -2073,7 +2083,7 @@ void DerivationGoal::startBuilder()
#endif #endif
} }
else { if (needsHashRewrite) {
if (pathExists(homeDir)) if (pathExists(homeDir))
throw Error(format("directory '%1%' exists; please remove it") % homeDir); throw Error(format("directory '%1%' exists; please remove it") % homeDir);
@ -2873,6 +2883,10 @@ void DerivationGoal::runChild()
for (auto & i : missingPaths) { for (auto & i : missingPaths) {
sandboxProfile += (format("\t(subpath \"%1%\")\n") % i.c_str()).str(); sandboxProfile += (format("\t(subpath \"%1%\")\n") % i.c_str()).str();
} }
/* Also add redirected outputs to the chroot */
for (auto & i : redirectedOutputs) {
sandboxProfile += (format("\t(subpath \"%1%\")\n") % i.second.c_str()).str();
}
sandboxProfile += ")\n"; sandboxProfile += ")\n";
/* Our inputs (transitive dependencies and any impurities computed above) /* Our inputs (transitive dependencies and any impurities computed above)
@ -3051,7 +3065,9 @@ void DerivationGoal::registerOutputs()
throw SysError(format("moving build output '%1%' from the sandbox to the Nix store") % path); throw SysError(format("moving build output '%1%' from the sandbox to the Nix store") % path);
} }
if (buildMode != bmCheck) actualPath = worker.store.toRealPath(path); if (buildMode != bmCheck) actualPath = worker.store.toRealPath(path);
} else { }
if (needsHashRewrite) {
Path redirected = redirectedOutputs[path]; Path redirected = redirectedOutputs[path];
if (buildMode == bmRepair if (buildMode == bmRepair
&& redirectedBadOutputs.find(path) != redirectedBadOutputs.end() && redirectedBadOutputs.find(path) != redirectedBadOutputs.end()