Commit graph

13096 commits

Author SHA1 Message Date
Eelco Dolstra 67bcb99700 Add a setting for enabling cgroups 2022-11-28 21:54:02 +01:00
Eelco Dolstra ff12d1c1a1 Check that auto-allocated UIDs don't clash with existing accounts 2022-11-28 20:49:17 +01:00
Eelco Dolstra dbf78a7ada
Merge pull request #7313 from yorickvP/nlohmann-everywhere
Replace src/libutil/json.cc with nlohmann
2022-11-28 15:03:48 +01:00
Naïm Favier 9b35cc716b
use logger->cout
in order to avoid potential problems with the progress bar

Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2022-11-28 14:59:06 +01:00
Naïm Favier 04ec157517
repl: print a newline on ctrl-D 2022-11-28 10:38:23 +01:00
Eelco Dolstra fc14585610 Fix evaluation 2022-11-27 18:58:21 +01:00
Eelco Dolstra f1b5c6876b Add tests for auto-uid-allocation, uid-range and cgroups 2022-11-27 16:38:34 +01:00
Eelco Dolstra cc308ee93d
Merge pull request #7353 from edolstra/gc-shutdown
Fix random client failures during GC server shutdown
2022-11-27 13:30:26 +01:00
Eelco Dolstra 5b798f6cae Fix random client failures during GC server shutdown
We need to close the GC server socket before shutting down the active
GC client connections, otherwise a client may (re)connect and get
ECONNRESET. But also handle ECONNRESET for resilience.

Fixes random failures like

  GC socket disconnected
  connecting to '/tmp/nix-shell.y07M0H/nix-test/default/var/nix/gc-socket/socket'
  sending GC root '/tmp/nix-shell.y07M0H/nix-test/default/store/kb5yzija0f1x5xkqkgclrdzldxj6nnc6-non-blocking'
  reading GC root from client: error: unexpected EOF reading a line
  1 store paths deleted, 0.00 MiB freed
  error: reading from file: Connection reset by peer

in gc-non-blocking.sh.
2022-11-27 12:57:18 +01:00
Eelco Dolstra 534332c8a0
Merge pull request #7350 from edolstra/remove-strndup
Don't use GC_STRNDUP
2022-11-26 08:50:54 +01:00
Eelco Dolstra 0b4c4d7434 Don't use GC_STRNDUP
It calls strlen() on the input (rather than simply copying at most
`size` bytes), which can fail if the input is not zero-terminated and
is inefficient in any case.

Fixes #7347.
2022-11-25 22:30:56 +01:00
Valentin Gagarin d6318e1638 refactor rendering documentation of builtins
as in [1], make the document structure visible, like in a template

[1]: 4655563470
2022-11-24 14:15:43 +01:00
Valentin Gagarin 341a807444
the point is setting a default reviewer, not notifications 2022-11-24 11:33:59 +01:00
Théophane Hufschmitt bc9692a6b7
Merge pull request #7337 from Radvendii/why-depends-ca
Fix why-depends for CA derivations
2022-11-23 20:16:14 +01:00
Taeer Bar-Yam bd8571a5c3 add explanation and test 2022-11-23 12:06:47 -05:00
Taeer Bar-Yam b13fd4c58e Fix why-depends for CA derivations
why-depends assumed that we knew the output path of the second argument.
For CA derivations, we might not know until it's built. One way to solve
this would be to build the second installable to get the output path.

In this case we don't need to, though. If the first installable (A)
depends on the second (B), then getting the store path of A will
necessitate having the store path B. The contrapositive is, if the store
path of B is not known (i.e. it's a CA derivation which hasn't been
built), then A does not depend on B.
2022-11-23 11:39:50 -05:00
Eelco Dolstra 2aa3f2e810 Include UID in hex 2022-11-23 17:07:59 +01:00
Eelco Dolstra 989fc8a8b9 Add release notes 2022-11-23 15:24:50 +01:00
Eelco Dolstra 6292d5616e Merge remote-tracking branch 'origin/master' into auto-uid-allocation 2022-11-23 11:16:09 +01:00
Eelco Dolstra 05d0892443
Merge pull request #7328 from edolstra/nix-build-stats
nix build --json: Include build statistics
2022-11-22 14:41:15 +01:00
Eelco Dolstra 96a9511a9c
Merge pull request #7333 from fricklerhandwerk/language-overview
fix error in language overview
2022-11-22 11:18:53 +01:00
Valentin Gagarin 52f0c80917 fix error in language overview
it is not possible to antiquote numbers.
2022-11-22 10:36:21 +01:00
Eelco Dolstra 3d23b9d032 SimpleUserLock::getSupplementaryGIDs(): Filter out main gid
This avoids having the user's gid in the supplementary group list as
well.
2022-11-22 10:26:17 +01:00
Eelco Dolstra b37c2d84b6 Always call setgroups()
We shouldn't skip this if the supplementary group list is empty,
because then the sandbox won't drop the supplementary groups of the
parent (like "root").
2022-11-22 10:26:17 +01:00
Eelco Dolstra 02c02ee7c3
Merge pull request #6456 from amjoseph-nixpkgs/seccomp-mips
local-derivation-goal.cc: enable seccomp filters for mips{32,64}
2022-11-21 23:03:00 +01:00
Eelco Dolstra c776dfbb35
Use hex for startId
Co-authored-by: Linus Heckemann <git@sphalerite.org>
2022-11-21 18:46:55 +01:00
Valentin Gagarin 44dc5c6c13 reword 2022-11-21 15:13:19 +01:00
Valentin Gagarin a4af966d5d add maintainers' handbook
write down the process we have been developing and following so far.

Co-Authored-By: Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
Co-Authored-By: John Ericson <John.Ericson@Obsidian.Systems>
2022-11-21 14:35:01 +01:00
Eelco Dolstra 9d17ce07e8 AutoUserLock: If sandboxing is disabled, use the build users group
We have to use a gid that has write access to the Nix store.
2022-11-21 12:55:49 +01:00
Eelco Dolstra f0baa5c128 nix build --json: Include build statistics
Example:

  # nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
  [
    {
      "cpuSystem": 1.911431,
      "cpuUser": 1.214249,
      "drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
      "outputs": {
        "out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
      },
      "startTime": 1669024076,
      "stopTime": 1669024079
    }
  ]
2022-11-21 12:06:01 +01:00
Eelco Dolstra e7a5b76844 Rename derivedPathsWithHintsToJSON -> builtPathsToJSON 2022-11-21 11:56:20 +01:00
Eelco Dolstra 82d5cf2a76 Fix macOS build 2022-11-21 11:45:41 +01:00
Eelco Dolstra 653b32a78f Merge remote-tracking branch 'origin/master' into auto-uid-allocation 2022-11-21 11:33:23 +01:00
Eelco Dolstra ec45f4b82e Fix indentation 2022-11-21 11:12:45 +01:00
Eelco Dolstra 300753d594 nix build --json: Include build statistics
Example:

  # nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
  [
    {
      "cpuSystem": 1.911431,
      "cpuUser": 1.214249,
      "drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
      "outputs": {
        "out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
      },
      "startTime": 1669024076,
      "stopTime": 1669024079
    }
  ]
2022-11-21 10:49:01 +01:00
Eelco Dolstra f538ee4342 Rename derivedPathsWithHintsToJSON -> builtPathsToJSON 2022-11-21 09:38:08 +01:00
Eelco Dolstra e6b71f84a0 Use cgroup.kill to quickly kill cgroups 2022-11-18 16:59:36 +01:00
Eelco Dolstra fa68eb367e Get CPU stats from the cgroup 2022-11-18 13:40:59 +01:00
Eelco Dolstra 20f66c6889 Indentation 2022-11-18 13:40:48 +01:00
Eelco Dolstra 128910ba23 Separate cgroup support from auto-uid-allocation
The new experimental feature 'cgroups' enables the use of cgroups for
all builds. This allows better containment and enables setting
resource limits and getting some build stats.
2022-11-18 10:39:28 +01:00
Eelco Dolstra f1ab082ac4 createTempDir(): Use std::atomic 2022-11-18 09:37:11 +01:00
Eelco Dolstra f423d4425f Fix segfault in unprivileged mode 2022-11-17 11:56:45 +01:00
Yorick 09f00dd4d0
Replace src/libutil/json.cc with nlohmann json generation 2022-11-16 16:50:50 +01:00
Théophane Hufschmitt 62960f3291
Merge pull request #7134 from yorickvP/disable-dbg-on-complete
Temporarily disable the debugger during completion evaluation
2022-11-16 11:28:40 +01:00
Théophane Hufschmitt 60dea270d0
Swallow the error in a more idiomatic way 2022-11-16 10:34:32 +01:00
Théophane Hufschmitt 4bf70b74a7
Merge pull request #7294 from tobim/support-aws-sdk-1.10
libstore: link to aws-crt-cpp
2022-11-15 16:51:09 +01:00
Théophane Hufschmitt 3ade5f5d60
Merge pull request #7283 from hercules-ci/issue-6572
Fix #6572 `requires non-existent output`
2022-11-15 16:24:24 +01:00
Théophane Hufschmitt daf1423a4a
Merge pull request #7260 from ncfavier/readFile-scan-references
Restrict `readFile` context to references that appear in the string
2022-11-15 16:22:28 +01:00
Robert Hensing c279ddb18c tests: Reproduce #6572 2022-11-14 18:03:29 +01:00
Robert Hensing 7e162c69fe derivation-goal: Fix requires non-existing output error
It occurred when a output of the dependency was already available,
so it didn't need rebuilding and didn't get added to the
inputDrvOutputs.
This process-related info wasn't suitable for the purpose of finding
the actual input paths for the builder. It is better to do this in
absolute terms by querying the store.
2022-11-14 17:52:55 +01:00