Commit graph

3715 commits

Author SHA1 Message Date
Eelco Dolstra df716c98d2 In chroot builds, use a private network namespace
On Linux it's possible to run a process in its own network namespace,
meaning that it gets its own set of network interfaces, disjunct from
the rest of the system.  We use this to completely remove network
access to chroot builds, except that they get a private loopback
interface.  This means that:

- Builders cannot connect to the outside network or to other processes
  on the same machine, except processes within the same build.

- Vice versa, other processes cannot connect to processes in a chroot
  build, and open ports/connections do not show up in "netstat".

- If two concurrent builders try to listen on the same port (e.g. as
  part of a test), they no longer conflict with each other.

This was inspired by the "PrivateNetwork" flag in systemd.
2012-06-23 00:28:35 -04:00
Eelco Dolstra 2f3f413e91 Support socket-based, on-demand activation of the Nix daemon with systemd
Systemd can start the Nix daemon on demand when the Nix daemon socket
is first accessed.  This is signalled through the LISTEN_FDS
environment variable, so all we need to do is check for that and then
use file descriptor 3 as the listen socket instead of creating one
ourselves.
2012-06-18 23:01:46 -04:00
Eelco Dolstra 02fb6323e0 Add Emacs to the disk image 2012-05-31 09:50:58 -04:00
Michel Alexandre Salim 221626e715 fixes to nix-worker systemd service descriptor: - remove commented-out lines - register the file for distribution in Makefile.am 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim a7ed1f67ee On systems with SystemD, install the service descriptor for nix-worker, and enable and start it 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim 8922346305 Major spec update: - Fix license field - Split into subpackages - Update build dependencies - Configure users and groups for multi-user mode - Fix installation location of Perl modules 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim 6a214f3e06 Update nix profile: - incorporate NixOS's configuration so that nix is usable by normal users - install as a data file, not a program file 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim d0308073c3 - only enable deprecated spec sections when building on systems with older RPM versions - move tests to dedicated %check section - use standard build macros 2012-05-31 08:59:36 -04:00
Michel Alexandre Salim e545a7f9a8 - replace %define with %global 2012-05-31 08:59:36 -04:00
Eelco Dolstra f5398d374b Compress build logs on the fly using bzip2 2012-05-30 10:12:29 -04:00
Eelco Dolstra 881beb170d "nix-store -l": support compressed logs 2012-05-30 00:00:02 -04:00
Eelco Dolstra 4bc4da331a Reserve some disk space for the garbage collector
We can't open a SQLite database if the disk is full.  Since this
prevents the garbage collector from running when it's most needed, we
reserve some dummy space that we can free just before doing a garbage
collection.  This actually revives some old code from the Berkeley DB
days.

Fixes #27.
2012-05-29 22:59:12 -04:00
Eelco Dolstra 2c26985835 Add option ‘build-keep-log’ to enable/disable writing of build logs
Fixes #26.
2012-05-29 16:42:05 -04:00
Eelco Dolstra 8058dab26e Clean up the installation section; document the generic binary tarballs 2012-05-24 12:04:07 -04:00
Eelco Dolstra 0301525e6c Fix owner/group in tar invocation 2012-05-22 19:40:40 -04:00
Eelco Dolstra 6814b1dfa1 Generate binary tarballs for installing Nix
For several platforms we don't currently have "native" Nix packages
(e.g. Mac OS X and FreeBSD).  This provides the next best thing: a
tarball containing the closure of Nix, plus a simple script
"nix-finish-install" that initialises the Nix database, registers the
paths in the closure as valid, and runs "nix-env -i /path/to/nix" to
initialise the user profile.

The tarball must be unpacked in the root directory.  It creates
/nix/store/... and /usr/bin/nix-finish-install.  Typical installation
is as follows:

  $ cd /
  $ tar xvf /path/to/nix-1.1pre1234_abcdef-x86_64-linux.tar.bz2
  $ nix-finish-install
  (if necessary add ~/.nix-profile/etc/profile.d/nix.sh to the shell
  login scripts)

After this, /usr/bin/nix-finish-install can be deleted, if desired.

The downside to the binary tarball is that it's pretty big (~55 MiB
for x86_64-linux).
2012-05-22 18:36:54 -04:00
Eelco Dolstra 591aab7e21 Remove $FONTCONFIG_FILE hack from nix-profile.sh
It's no longer needed because Nixpkgs' fontconfig uses
/etc/fonts/fonts.conf as a default, just like other distributions.
2012-05-22 14:00:08 -04:00
Eelco Dolstra e071f87dc5 Add an experimental nix-make file
To use it, just do (e.g.) "nix-build build.nix -A nix_env".
2012-05-21 09:43:01 -04:00
Eelco Dolstra cac9eb39fe Bump version number 2012-05-12 00:07:08 -04:00
Eelco Dolstra dfc6a43b72 Fix the install check 2012-05-11 23:30:47 -04:00
Eelco Dolstra 587b408210 Set release date 2012-05-11 17:40:58 -04:00
Eelco Dolstra 8a08813d6c Manual updates 2012-05-11 17:39:06 -04:00
Eelco Dolstra 2b00e6990c CSS tweaks 2012-05-11 16:21:21 -04:00
Eelco Dolstra 58d1de08d9 Use perl.libPrefix to (hopefully) fix the Cygwin build
http://hydra.nixos.org/build/2602599
2012-05-11 09:41:39 -04:00
Eelco Dolstra 37fa47908b Build Ubuntu 12.04 packages 2012-05-10 22:12:20 -04:00
Eelco Dolstra 4d383f57f4 Document "nix-build --run-env" 2012-05-10 19:29:36 -04:00
Eelco Dolstra 4f7bab7db1 Support building with the Perl XS bindings disabled
Since the Perl bindings require shared libraries, this is required on
platforms such as Cygwin where we do a static build.
2012-05-10 19:03:23 -04:00
Eelco Dolstra 6a7b24a3f2 Document "nix-store --add" 2012-05-10 18:09:45 -04:00
Eelco Dolstra cda1fd8ec8 Remove an obsolete hack 2012-05-10 16:56:36 -04:00
Eelco Dolstra 663c06e8cd Disable building in chroot for Nix's corepkgs
The dependencies of the corepkgs are not necessarily in the chroot (or
in the Nix store), so don't build them in a chroot.
2012-05-09 22:14:36 -04:00
Eelco Dolstra cb1248d208 Document some nix-store subcommands 2012-05-09 19:06:39 -04:00
Eelco Dolstra 7a213ffc69 Document $NIX_PATH / -I 2012-05-09 19:06:13 -04:00
Eelco Dolstra a58efdb69b Update the release notes 2012-05-09 19:05:30 -04:00
Eelco Dolstra 0c4c8f7a9d Remove obsolete files (moved to release tree) 2012-05-08 15:43:54 -04:00
Eelco Dolstra afa7b8a479 nix-channel --update: allow updating only the specified channels 2012-05-07 17:55:56 -04:00
Eelco Dolstra 147f10157f Now *really* prevent accumulation of old manifests 2012-05-07 17:23:26 -04:00
Eelco Dolstra 464089365e Fix some 32-bit builds
Perl on some 32-bit systems needs -D_FILE_OFFSET_BITS=64.  See also commit
02f1363e19.
2012-05-04 21:40:56 -04:00
Eelco Dolstra c6acb219f9 Drop the Perl-specific CFLAGS
This fixes the Darwin build (http://hydra.nixos.org/build/2517380).
Hopefully it doesn't break other builds.
2012-05-04 18:50:34 -04:00
Eelco Dolstra 56c82f3d9d Don't build for old Debian/Ubuntu releases that don't have a sufficiently new SQLite 2012-05-04 17:45:21 -04:00
Eelco Dolstra 373e875ac2 Don't build for old Fedora releases that don't have a sufficiently new SQLite 2012-05-04 17:25:25 -04:00
Eelco Dolstra d03a295192 Require SQLite >= 3.6.19
Nix needs SQLite's foreign key constraint feature, which was
introduced in 3.6.19.  Without it, the database won't be cleaned up
correctly when paths are deleted.  See
e.g. http://hydra.nixos.org/build/2494142.
2012-05-04 17:21:43 -04:00
Eelco Dolstra e060c99447 Use mkpath instead of make_path
Perl <= 5.10 doesn't have make_path.  See
e.g. http://hydra.nixos.org/build/2493981.
2012-05-01 16:35:18 -04:00
Eelco Dolstra e19fb7ebed Do "make installcheck" for RPM builds 2012-05-01 16:31:56 -04:00
Eelco Dolstra e145ac30e3 Do "make installcheck" for Debian builds 2012-05-01 15:48:17 -04:00
Eelco Dolstra db5b86ef13 * Add an option ‘build-use-substitutes’, which can be set to ‘false’
to disable use of substitutes; i.e., force building from source.
  Fixes Nix/221.
2012-04-30 19:15:34 -04:00
Eelco Dolstra 59a26360c7 Support mandatory system features in the build hook
Mandatory features are features that MUST be present in a derivation's
requiredSystemFeatures attribute.  One application is performance
testing, where we have a dedicated machine to run performance tests
(and nothing else).  Then we would add the label "perf" to the
machine's mandatory features and to the performance testing
derivations.
2012-04-30 17:22:45 -04:00
Eelco Dolstra 82ae0e688c Update the documentation of build-remote.pl 2012-04-30 16:49:00 -04:00
Eelco Dolstra 46cdc6ad51 Handle EPERM when creating a hard link for the chroot
There is a race condition when doing parallel builds with chroots and
the immutable bit enabled.  One process may call makeImmutable()
before the other has called link(), in which case link() will fail
with EPERM.  We could retry or wrap the operation in a lock, but since
this condition is rare and I'm lazy, we just use the existing copy
fallback.

Fixes #9.
2012-04-30 10:58:04 -04:00
Eelco Dolstra c722193a91 Don't use the build hook for unpacking channels 2012-04-26 16:52:08 +02:00
Eelco Dolstra 6de5d53416 Fix a warning in the build hook about $progressViewer 2012-04-24 12:56:30 +02:00