forked from lix-project/lix
Rename a few configuration options
In particular, drop the "build-" and "gc-" prefixes which are pointless. So now you can say nix build --no-sandbox instead of nix build --no-build-use-sandbox
This commit is contained in:
parent
7d4a7136db
commit
c2154d4c84
16 changed files with 113 additions and 104 deletions
|
@ -45,13 +45,12 @@ Comments start with a <literal>#</literal> character. Here is an
|
|||
example configuration file:</para>
|
||||
|
||||
<programlisting>
|
||||
gc-keep-outputs = true # Nice for developers
|
||||
gc-keep-derivations = true # Idem
|
||||
env-keep-derivations = false
|
||||
keep-outputs = true # Nice for developers
|
||||
keep-derivations = true # Idem
|
||||
</programlisting>
|
||||
|
||||
<para>You can override settings on the command line using the
|
||||
<option>--option</option> flag, e.g. <literal>--option gc-keep-outputs
|
||||
<option>--option</option> flag, e.g. <literal>--option keep-outputs
|
||||
false</literal>.</para>
|
||||
|
||||
<para>The following settings are currently available:
|
||||
|
@ -59,7 +58,7 @@ false</literal>.</para>
|
|||
<variablelist>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-gc-keep-outputs"><term><literal>gc-keep-outputs</literal></term>
|
||||
<varlistentry xml:id="conf-keep-outputs"><term><literal>keep-outputs</literal></term>
|
||||
|
||||
<listitem><para>If <literal>true</literal>, the garbage collector
|
||||
will keep the outputs of non-garbage derivations. If
|
||||
|
@ -76,7 +75,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-gc-keep-derivations"><term><literal>gc-keep-derivations</literal></term>
|
||||
<varlistentry xml:id="conf-keep-derivations"><term><literal>keep-derivations</literal></term>
|
||||
|
||||
<listitem><para>If <literal>true</literal> (default), the garbage
|
||||
collector will keep the derivations from which non-garbage store
|
||||
|
@ -88,12 +87,12 @@ false</literal>.</para>
|
|||
traceability (e.g., it allows you to ask with what dependencies or
|
||||
options a store path was built), so by default this option is on.
|
||||
Turn it off to save a bit of disk space (or a lot if
|
||||
<literal>gc-keep-outputs</literal> is also turned on).</para></listitem>
|
||||
<literal>keep-outputs</literal> is also turned on).</para></listitem>
|
||||
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>env-keep-derivations</literal></term>
|
||||
<varlistentry><term><literal>keep-env-derivations</literal></term>
|
||||
|
||||
<listitem><para>If <literal>false</literal> (default), derivations
|
||||
are not stored in Nix user environments. That is, the derivation
|
||||
|
@ -105,19 +104,19 @@ false</literal>.</para>
|
|||
garbage-collected until the user environment generation is deleted
|
||||
(<command>nix-env --delete-generations</command>). To prevent
|
||||
build-time-only dependencies from being collected, you should also
|
||||
turn on <literal>gc-keep-outputs</literal>.</para>
|
||||
turn on <literal>keep-outputs</literal>.</para>
|
||||
|
||||
<para>The difference between this option and
|
||||
<literal>gc-keep-derivations</literal> is that this one is
|
||||
<literal>keep-derivations</literal> is that this one is
|
||||
“sticky”: it applies to any user environment created while this
|
||||
option was enabled, while <literal>gc-keep-derivations</literal>
|
||||
option was enabled, while <literal>keep-derivations</literal>
|
||||
only applies at the moment the garbage collector is
|
||||
run.</para></listitem>
|
||||
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-build-max-jobs"><term><literal>build-max-jobs</literal></term>
|
||||
<varlistentry xml:id="conf-max-jobs"><term><literal>max-jobs</literal></term>
|
||||
|
||||
<listitem><para>This option defines the maximum number of jobs
|
||||
that Nix will try to build in parallel. The default is
|
||||
|
@ -130,7 +129,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-build-cores"><term><literal>build-cores</literal></term>
|
||||
<varlistentry xml:id="conf-cores"><term><literal>cores</literal></term>
|
||||
|
||||
<listitem><para>Sets the value of the
|
||||
<envar>NIX_BUILD_CORES</envar> environment variable in the
|
||||
|
@ -149,7 +148,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-build-max-silent-time"><term><literal>build-max-silent-time</literal></term>
|
||||
<varlistentry xml:id="conf-max-silent-time"><term><literal>max-silent-time</literal></term>
|
||||
|
||||
<listitem>
|
||||
|
||||
|
@ -170,7 +169,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-build-timeout"><term><literal>build-timeout</literal></term>
|
||||
<varlistentry xml:id="conf-timeout"><term><literal>timeout</literal></term>
|
||||
|
||||
<listitem>
|
||||
|
||||
|
@ -190,7 +189,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-build-max-log-size"><term><literal>build-max-log-size</literal></term>
|
||||
<varlistentry xml:id="conf-max-build-log-size"><term><literal>max-build-log-size</literal></term>
|
||||
|
||||
<listitem>
|
||||
|
||||
|
@ -245,7 +244,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>build-use-sandbox</literal></term>
|
||||
<varlistentry><term><literal>sandbox</literal></term>
|
||||
|
||||
<listitem><para>If set to <literal>true</literal>, builds will be
|
||||
performed in a <emphasis>sandboxed environment</emphasis>, i.e.,
|
||||
|
@ -254,7 +253,7 @@ false</literal>.</para>
|
|||
directory, private versions of <filename>/proc</filename>,
|
||||
<filename>/dev</filename>, <filename>/dev/shm</filename> and
|
||||
<filename>/dev/pts</filename> (on Linux), and the paths configured with the
|
||||
<link linkend='conf-build-sandbox-paths'><literal>build-sandbox-paths</literal>
|
||||
<link linkend='conf-sandbox-paths'><literal>sandbox-paths</literal>
|
||||
option</link>. This is useful to prevent undeclared dependencies
|
||||
on files in directories such as <filename>/usr/bin</filename>. In
|
||||
addition, on Linux, builds run in private PID, mount, network, IPC
|
||||
|
@ -280,8 +279,8 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-build-sandbox-paths">
|
||||
<term><literal>build-sandbox-paths</literal></term>
|
||||
<varlistentry xml:id="conf-sandbox-paths">
|
||||
<term><literal>sandbox-paths</literal></term>
|
||||
|
||||
<listitem><para>A list of paths bind-mounted into Nix sandbox
|
||||
environments. You can use the syntax
|
||||
|
@ -303,17 +302,17 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-build-extra-sandbox-paths">
|
||||
<varlistentry xml:id="conf-extra-sandbox-paths">
|
||||
<term><literal>build-extra-sandbox-paths</literal></term>
|
||||
|
||||
<listitem><para>A list of additional paths appended to
|
||||
<option>build-sandbox-paths</option>. Useful if you want to extend
|
||||
<option>sandbox-paths</option>. Useful if you want to extend
|
||||
its default value.</para></listitem>
|
||||
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>build-use-substitutes</literal></term>
|
||||
<varlistentry><term><literal>use-substitutes</literal></term>
|
||||
|
||||
<listitem><para>If set to <literal>true</literal> (default), Nix
|
||||
will use binary substitutes if available. This option can be
|
||||
|
@ -322,7 +321,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>build-fallback</literal></term>
|
||||
<varlistentry><term><literal>fallback</literal></term>
|
||||
|
||||
<listitem><para>If set to <literal>true</literal>, Nix will fall
|
||||
back to building from source if a binary substitute fails. This
|
||||
|
@ -332,7 +331,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>build-keep-log</literal></term>
|
||||
<varlistentry><term><literal>keep-build-log</literal></term>
|
||||
|
||||
<listitem><para>If set to <literal>true</literal> (the default),
|
||||
Nix will write the build log of a derivation (i.e. the standard
|
||||
|
@ -344,7 +343,7 @@ false</literal>.</para>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry><term><literal>build-compress-log</literal></term>
|
||||
<varlistentry><term><literal>compress-build-log</literal></term>
|
||||
|
||||
<listitem><para>If set to <literal>true</literal> (the default),
|
||||
build logs written to <filename>/nix/var/log/nix/drvs</filename>
|
||||
|
@ -597,7 +596,7 @@ password <replaceable>my-password</replaceable>
|
|||
<para>Pass a list of files and directories to be included in the
|
||||
sandbox for this build. One entry per line, terminated by an empty
|
||||
line. Entries have the same format as
|
||||
<literal>build-sandbox-paths</literal>.</para>
|
||||
<literal>sandbox-paths</literal>.</para>
|
||||
|
||||
</listitem>
|
||||
|
||||
|
@ -608,7 +607,7 @@ password <replaceable>my-password</replaceable>
|
|||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="conf-build-repeat"><term><literal>build-repeat</literal></term>
|
||||
<varlistentry xml:id="conf-repeat"><term><literal>repeat</literal></term>
|
||||
|
||||
<listitem><para>How many times to repeat builds to check whether
|
||||
they are deterministic. The default value is 0. If the value is
|
||||
|
@ -651,7 +650,7 @@ password <replaceable>my-password</replaceable>
|
|||
as <command>sudo</command> or <command>ping</command> will
|
||||
fail. (Note that in sandbox builds, no such programs are available
|
||||
unless you bind-mount them into the sandbox via the
|
||||
<option>build-sandbox-paths</option> option.) You can allow the
|
||||
<option>sandbox-paths</option> option.) You can allow the
|
||||
use of such programs by enabling this option. This is impure and
|
||||
usually undesirable, but may be useful in certain scenarios
|
||||
(e.g. to spin up containers or set up userspace network interfaces
|
||||
|
|
|
@ -397,9 +397,9 @@ options control what gets deleted and in what order:
|
|||
</para>
|
||||
|
||||
<para>The behaviour of the collector is also influenced by the <link
|
||||
linkend="conf-gc-keep-outputs"><literal>gc-keep-outputs</literal></link>
|
||||
linkend="conf-keep-outputs"><literal>keep-outputs</literal></link>
|
||||
and <link
|
||||
linkend="conf-gc-keep-derivations"><literal>gc-keep-derivations</literal></link>
|
||||
linkend="conf-keep-derivations"><literal>keep-derivations</literal></link>
|
||||
variables in the Nix configuration file.</para>
|
||||
|
||||
<para>With <option>--delete</option>, the collector prints the total
|
||||
|
|
|
@ -94,7 +94,7 @@
|
|||
perform in parallel to the specified number. Specify
|
||||
<literal>auto</literal> to use the number of CPUs in the system.
|
||||
The default is specified by the <link
|
||||
linkend='conf-build-max-jobs'><literal>build-max-jobs</literal></link>
|
||||
linkend='conf-max-jobs'><literal>max-jobs</literal></link>
|
||||
configuration setting, which itself defaults to
|
||||
<literal>1</literal>. A higher value is useful on SMP systems or to
|
||||
exploit I/O latency.</para></listitem>
|
||||
|
@ -112,7 +112,7 @@
|
|||
<literal>true</literal>, the builder passes the
|
||||
<option>-j<replaceable>N</replaceable></option> flag to GNU Make.
|
||||
It defaults to the value of the <link
|
||||
linkend='conf-build-cores'><literal>build-cores</literal></link>
|
||||
linkend='conf-cores'><literal>cores</literal></link>
|
||||
configuration setting, if set, or <literal>1</literal> otherwise.
|
||||
The value <literal>0</literal> means that the builder should use all
|
||||
available CPU cores in the system.</para></listitem>
|
||||
|
@ -125,7 +125,7 @@
|
|||
<listitem><para>Sets the maximum number of seconds that a builder
|
||||
can go without producing any data on standard output or standard
|
||||
error. The default is specified by the <link
|
||||
linkend='conf-build-max-silent-time'><literal>build-max-silent-time</literal></link>
|
||||
linkend='conf-max-silent-time'><literal>max-silent-time</literal></link>
|
||||
configuration setting. <literal>0</literal> means no
|
||||
time-out.</para></listitem>
|
||||
|
||||
|
@ -135,7 +135,7 @@
|
|||
|
||||
<listitem><para>Sets the maximum number of seconds that a builder
|
||||
can run. The default is specified by the <link
|
||||
linkend='conf-build-timeout'><literal>build-timeout</literal></link>
|
||||
linkend='conf-timeout'><literal>timeout</literal></link>
|
||||
configuration setting. <literal>0</literal> means no
|
||||
timeout.</para></listitem>
|
||||
|
||||
|
|
|
@ -744,9 +744,9 @@ place_nix_configuration() {
|
|||
cat <<EOF > "$SCRATCH/nix.conf"
|
||||
build-users-group = $NIX_BUILD_GROUP_NAME
|
||||
|
||||
build-max-jobs = $NIX_USER_COUNT
|
||||
build-cores = 1
|
||||
build-use-sandbox = false
|
||||
max-jobs = $NIX_USER_COUNT
|
||||
cores = 1
|
||||
sandbox = false
|
||||
|
||||
binary-caches = https://cache.nixos.org/
|
||||
trusted-binary-caches =
|
||||
|
|
|
@ -171,7 +171,7 @@ struct LegacyArgs : public MixCommonArgs
|
|||
});
|
||||
|
||||
mkFlag1('j', "max-jobs", "jobs", "maximum number of parallel builds", [=](std::string s) {
|
||||
settings.set("build-max-jobs", s);
|
||||
settings.set("max-jobs", s);
|
||||
});
|
||||
|
||||
auto intSettingAlias = [&](char shortName, const std::string & longName,
|
||||
|
@ -181,9 +181,9 @@ struct LegacyArgs : public MixCommonArgs
|
|||
});
|
||||
};
|
||||
|
||||
intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "build-cores");
|
||||
intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "build-max-silent-time");
|
||||
intSettingAlias(0, "timeout", "number of seconds before a build is killed", "build-timeout");
|
||||
intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "cores");
|
||||
intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "max-silent-time");
|
||||
intSettingAlias(0, "timeout", "number of seconds before a build is killed", "timeout");
|
||||
|
||||
mkFlag(0, "readonly-mode", "do not write to the Nix store",
|
||||
&settings.readOnlyMode);
|
||||
|
|
|
@ -1740,11 +1740,11 @@ void DerivationGoal::startBuilder()
|
|||
if (settings.sandboxMode == smEnabled) {
|
||||
if (get(drv->env, "__noChroot") == "1")
|
||||
throw Error(format("derivation '%1%' has '__noChroot' set, "
|
||||
"but that's not allowed when 'build-use-sandbox' is 'true'") % drvPath);
|
||||
"but that's not allowed when 'sandbox' is 'true'") % drvPath);
|
||||
#if __APPLE__
|
||||
if (additionalSandboxProfile != "")
|
||||
throw Error(format("derivation '%1%' specifies a sandbox profile, "
|
||||
"but this is only allowed when 'build-use-sandbox' is 'relaxed'") % drvPath);
|
||||
"but this is only allowed when 'sandbox' is 'relaxed'") % drvPath);
|
||||
#endif
|
||||
useChroot = true;
|
||||
}
|
||||
|
@ -1832,7 +1832,7 @@ void DerivationGoal::startBuilder()
|
|||
worker.store.computeFSClosure(worker.store.toStorePath(i.second.source), closure);
|
||||
} catch (InvalidPath & e) {
|
||||
} catch (Error & e) {
|
||||
throw Error(format("while processing 'build-sandbox-paths': %s") % e.what());
|
||||
throw Error(format("while processing 'sandbox-paths': %s") % e.what());
|
||||
}
|
||||
for (auto & i : closure)
|
||||
dirsInChroot[i] = i;
|
||||
|
|
|
@ -580,7 +580,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p
|
|||
/* Don't delete this path if any of its referrers are alive. */
|
||||
queryReferrers(path, incoming);
|
||||
|
||||
/* If gc-keep-derivations is set and this is a derivation, then
|
||||
/* If keep-derivations is set and this is a derivation, then
|
||||
don't delete the derivation if any of the outputs are alive. */
|
||||
if (state.gcKeepDerivations && isDerivation(path)) {
|
||||
PathSet outputs = queryDerivationOutputs(path);
|
||||
|
@ -589,7 +589,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p
|
|||
incoming.insert(i);
|
||||
}
|
||||
|
||||
/* If gc-keep-outputs is set, then don't delete this path if there
|
||||
/* If keep-outputs is set, then don't delete this path if there
|
||||
are derivers of this path that are not garbage. */
|
||||
if (state.gcKeepOutputs) {
|
||||
PathSet derivers = queryValidDerivers(path);
|
||||
|
@ -704,9 +704,9 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results)
|
|||
state.gcKeepDerivations = settings.gcKeepDerivations;
|
||||
|
||||
/* Using `--ignore-liveness' with `--delete' can have unintended
|
||||
consequences if `gc-keep-outputs' or `gc-keep-derivations' are
|
||||
true (the garbage collector will recurse into deleting the
|
||||
outputs or derivers, respectively). So disable them. */
|
||||
consequences if `keep-outputs' or `keep-derivations' are true
|
||||
(the garbage collector will recurse into deleting the outputs
|
||||
or derivers, respectively). So disable them. */
|
||||
if (options.action == GCOptions::gcDeleteSpecific && options.ignoreLiveness) {
|
||||
state.gcKeepOutputs = false;
|
||||
state.gcKeepDerivations = false;
|
||||
|
|
|
@ -89,8 +89,9 @@ public:
|
|||
Setting<bool> keepGoing{this, false, "keep-going",
|
||||
"Whether to keep building derivations when another build fails."};
|
||||
|
||||
Setting<bool> tryFallback{this, false, "build-fallback",
|
||||
"Whether to fall back to building when substitution fails."};
|
||||
Setting<bool> tryFallback{this, false, "fallback",
|
||||
"Whether to fall back to building when substitution fails.",
|
||||
{"build-fallback"}};
|
||||
|
||||
/* Whether to show build log output in real time. */
|
||||
bool verboseBuild = true;
|
||||
|
@ -99,14 +100,15 @@ public:
|
|||
the log to show if a build fails. */
|
||||
size_t logLines = 10;
|
||||
|
||||
MaxBuildJobsSetting maxBuildJobs{this, 1, "build-max-jobs",
|
||||
"Maximum number of parallel build jobs. \"auto\" means use number of cores."};
|
||||
MaxBuildJobsSetting maxBuildJobs{this, 1, "max-jobs",
|
||||
"Maximum number of parallel build jobs. \"auto\" means use number of cores.",
|
||||
{"build-max-jobs"}};
|
||||
|
||||
Setting<unsigned int> buildCores{this, getDefaultCores(), "build-cores",
|
||||
Setting<unsigned int> buildCores{this, getDefaultCores(), "cores",
|
||||
"Number of CPU cores to utilize in parallel within a build, "
|
||||
"i.e. by passing this number to Make via '-j'. 0 means that the "
|
||||
"number of actual CPU cores on the local host ought to be "
|
||||
"auto-detected."};
|
||||
"auto-detected.", {"build-cores"}};
|
||||
|
||||
/* Read-only mode. Don't copy stuff to the store, don't change
|
||||
the database. */
|
||||
|
@ -115,14 +117,15 @@ public:
|
|||
Setting<std::string> thisSystem{this, SYSTEM, "system",
|
||||
"The canonical Nix system name."};
|
||||
|
||||
Setting<time_t> maxSilentTime{this, 0, "build-max-silent-time",
|
||||
Setting<time_t> maxSilentTime{this, 0, "max-silent-time",
|
||||
"The maximum time in seconds that a builer can go without "
|
||||
"producing any output on stdout/stderr before it is killed. "
|
||||
"0 means infinity."};
|
||||
"0 means infinity.",
|
||||
{"build-max-silent-time"}};
|
||||
|
||||
Setting<time_t> buildTimeout{this, 0, "build-timeout",
|
||||
Setting<time_t> buildTimeout{this, 0, "timeout",
|
||||
"The maximum duration in seconds that a builder can run. "
|
||||
"0 means infinity."};
|
||||
"0 means infinity.", {"build-timeout"}};
|
||||
|
||||
Setting<bool> useBuildHook{this, true, "remote-builds",
|
||||
"Whether to use build hooks (for distributed builds)."};
|
||||
|
@ -149,27 +152,32 @@ public:
|
|||
Setting<bool> syncBeforeRegistering{this, false, "sync-before-registering",
|
||||
"Whether to call sync() before registering a path as valid."};
|
||||
|
||||
Setting<bool> useSubstitutes{this, true, "build-use-substitutes",
|
||||
"Whether to use substitutes."};
|
||||
Setting<bool> useSubstitutes{this, true, "use-substitutes",
|
||||
"Whether to use substitutes.",
|
||||
{"build-use-substitutes"}};
|
||||
|
||||
Setting<std::string> buildUsersGroup{this, "", "build-users-group",
|
||||
"The Unix group that contains the build users."};
|
||||
|
||||
Setting<bool> impersonateLinux26{this, false, "build-impersonate-linux-26",
|
||||
"Whether to impersonate a Linux 2.6 machine on newer kernels."};
|
||||
Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",
|
||||
"Whether to impersonate a Linux 2.6 machine on newer kernels.",
|
||||
{"build-impersonate-linux-26"}};
|
||||
|
||||
Setting<bool> keepLog{this, true, "build-keep-log",
|
||||
"Whether to store build logs."};
|
||||
Setting<bool> keepLog{this, true, "keep-build-log",
|
||||
"Whether to store build logs.",
|
||||
{"build-keep-log"}};
|
||||
|
||||
Setting<bool> compressLog{this, true, "build-compress-log",
|
||||
"Whether to compress logs."};
|
||||
Setting<bool> compressLog{this, true, "compress-build-log",
|
||||
"Whether to compress logs.",
|
||||
{"build-compress-log"}};
|
||||
|
||||
Setting<unsigned long> maxLogSize{this, 0, "build-max-log-size",
|
||||
Setting<unsigned long> maxLogSize{this, 0, "max-build-log-size",
|
||||
"Maximum number of bytes a builder can write to stdout/stderr "
|
||||
"before being killed (0 means no limit)."};
|
||||
"before being killed (0 means no limit).",
|
||||
{"build-max-log-size"}};
|
||||
|
||||
/* When build-repeat > 0 and verboseBuild == true, whether to
|
||||
print repeated builds (i.e. builds other than the first one) to
|
||||
/* When buildRepeat > 0 and verboseBuild == true, whether to print
|
||||
repeated builds (i.e. builds other than the first one) to
|
||||
stderr. Hack to prevent Hydra logs from being polluted. */
|
||||
bool printRepeatedBuilds = true;
|
||||
|
||||
|
@ -180,18 +188,21 @@ public:
|
|||
"Whether to check if new GC roots can in fact be found by the "
|
||||
"garbage collector."};
|
||||
|
||||
Setting<bool> gcKeepOutputs{this, false, "gc-keep-outputs",
|
||||
"Whether the garbage collector should keep outputs of live derivations."};
|
||||
Setting<bool> gcKeepOutputs{this, false, "keep-outputs",
|
||||
"Whether the garbage collector should keep outputs of live derivations.",
|
||||
{"gc-keep-outputs"}};
|
||||
|
||||
Setting<bool> gcKeepDerivations{this, true, "gc-keep-derivations",
|
||||
"Whether the garbage collector should keep derivers of live paths."};
|
||||
Setting<bool> gcKeepDerivations{this, true, "keep-derivations",
|
||||
"Whether the garbage collector should keep derivers of live paths.",
|
||||
{"gc-keep-derivations"}};
|
||||
|
||||
Setting<bool> autoOptimiseStore{this, false, "auto-optimise-store",
|
||||
"Whether to automatically replace files with identical contents with hard links."};
|
||||
|
||||
Setting<bool> envKeepDerivations{this, false, "env-keep-derivations",
|
||||
Setting<bool> envKeepDerivations{this, false, "keep-env-derivations",
|
||||
"Whether to add derivations as a dependency of user environments "
|
||||
"(to prevent them from being GCed)."};
|
||||
"(to prevent them from being GCed).",
|
||||
{"env-keep-derivations"}};
|
||||
|
||||
/* Whether to lock the Nix client and worker to the same CPU. */
|
||||
bool lockCPU;
|
||||
|
@ -202,24 +213,25 @@ public:
|
|||
Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
|
||||
"Whether builtin functions that allow executing native code should be enabled."};
|
||||
|
||||
Setting<SandboxMode> sandboxMode{this, smDisabled, "build-use-sandbox",
|
||||
Setting<SandboxMode> sandboxMode{this, smDisabled, "sandbox",
|
||||
"Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
|
||||
{"build-use-chroot"}};
|
||||
{"build-use-chroot", "build-use-sandbox"}};
|
||||
|
||||
Setting<PathSet> sandboxPaths{this, {}, "build-sandbox-paths",
|
||||
Setting<PathSet> sandboxPaths{this, {}, "sandbox-paths",
|
||||
"The paths to make available inside the build sandbox.",
|
||||
{"build-chroot-dirs"}};
|
||||
{"build-chroot-dirs", "build-sandbox-paths"}};
|
||||
|
||||
Setting<PathSet> extraSandboxPaths{this, {}, "build-extra-sandbox-paths",
|
||||
Setting<PathSet> extraSandboxPaths{this, {}, "extra-sandbox-paths",
|
||||
"Additional paths to make available inside the build sandbox.",
|
||||
{"build-extra-chroot-dirs"}};
|
||||
{"build-extra-chroot-dirs", "build-extra-sandbox-paths"}};
|
||||
|
||||
Setting<bool> restrictEval{this, false, "restrict-eval",
|
||||
"Whether to restrict file system access to paths in $NIX_PATH, "
|
||||
"and to disallow fetching files from the network."};
|
||||
|
||||
Setting<size_t> buildRepeat{this, 0, "build-repeat",
|
||||
"The number of times to repeat a build in order to verify determinism."};
|
||||
Setting<size_t> buildRepeat{this, 0, "repeat",
|
||||
"The number of times to repeat a build in order to verify determinism.",
|
||||
{"build-repeat"}};
|
||||
|
||||
#if __linux__
|
||||
Setting<std::string> sandboxShmSize{this, "50%", "sandbox-dev-shm-size",
|
||||
|
|
|
@ -13,7 +13,7 @@ rm -rf $TEST_ROOT/store0 $TEST_ROOT/store1
|
|||
export NIX_CONF_DIR=$TEST_ROOT/etc2
|
||||
mkdir -p $NIX_CONF_DIR
|
||||
echo "
|
||||
build-sandbox-paths = /nix/store
|
||||
sandbox-paths = /nix/store
|
||||
sandbox-build-dir = /build-tmp
|
||||
" > $NIX_CONF_DIR/nix.conf
|
||||
|
||||
|
|
|
@ -15,9 +15,7 @@ mkdir "$NIX_CONF_DIR"
|
|||
|
||||
cat > "$NIX_CONF_DIR"/nix.conf <<EOF
|
||||
build-users-group =
|
||||
gc-keep-outputs = false
|
||||
gc-keep-derivations = false
|
||||
env-keep-derivations = false
|
||||
keep-derivations = false
|
||||
fsync-metadata = false
|
||||
EOF
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ rm -rf $TEST_ROOT/store0
|
|||
export NIX_STORE_DIR=/my/store
|
||||
export NIX_REMOTE="local?root=$TEST_ROOT/store0"
|
||||
|
||||
outPath=$(nix-build dependencies.nix --no-out-link --option build-sandbox-paths /nix/store)
|
||||
outPath=$(nix-build dependencies.nix --no-out-link --option sandbox-paths /nix/store)
|
||||
|
||||
[[ $outPath =~ /my/store/.*-dependencies ]]
|
||||
|
||||
|
|
|
@ -11,5 +11,5 @@ path=$(nix-build dependencies.nix --no-out-link)
|
|||
clearStore
|
||||
rm -rf $NIX_LOG_DIR
|
||||
(! nix-store -l $path)
|
||||
nix-build dependencies.nix --no-out-link --option build-compress-log true
|
||||
nix-build dependencies.nix --no-out-link --option compress-build-log true
|
||||
[ "$(nix-store -l $path)" = FOO ]
|
||||
|
|
|
@ -59,5 +59,5 @@ fi
|
|||
|
||||
echo "collecting garbage..."
|
||||
rm $TEST_ROOT/result*
|
||||
nix-store --gc --option gc-keep-derivations true --option gc-keep-outputs true
|
||||
nix-store --gc --option keep-derivations true --option keep-outputs true
|
||||
nix-store --gc --print-roots
|
||||
|
|
|
@ -20,7 +20,7 @@ makeTest {
|
|||
startAll;
|
||||
|
||||
# Copying to /tmp should succeed.
|
||||
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
|
||||
$machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
|
||||
mkdir -p $out
|
||||
cp ${pkgs.coreutils}/bin/id /tmp/id
|
||||
")\' ');
|
||||
|
@ -30,7 +30,7 @@ makeTest {
|
|||
$machine->succeed("rm /tmp/id");
|
||||
|
||||
# Creating a setuid binary should fail.
|
||||
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
|
||||
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
|
||||
mkdir -p $out
|
||||
cp ${pkgs.coreutils}/bin/id /tmp/id
|
||||
chmod 4755 /tmp/id
|
||||
|
@ -41,7 +41,7 @@ makeTest {
|
|||
$machine->succeed("rm /tmp/id");
|
||||
|
||||
# Creating a setgid binary should fail.
|
||||
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
|
||||
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
|
||||
mkdir -p $out
|
||||
cp ${pkgs.coreutils}/bin/id /tmp/id
|
||||
chmod 2755 /tmp/id
|
||||
|
@ -52,7 +52,7 @@ makeTest {
|
|||
$machine->succeed("rm /tmp/id");
|
||||
|
||||
# The checks should also work on 32-bit binaries.
|
||||
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
|
||||
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
|
||||
mkdir -p $out
|
||||
cp ${pkgs.coreutils}/bin/id /tmp/id
|
||||
chmod 2755 /tmp/id
|
||||
|
@ -63,7 +63,7 @@ makeTest {
|
|||
$machine->succeed("rm /tmp/id");
|
||||
|
||||
# The tests above use fchmodat(). Test chmod() as well.
|
||||
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
|
||||
$machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
|
||||
mkdir -p $out
|
||||
cp ${pkgs.coreutils}/bin/id /tmp/id
|
||||
perl -e \"chmod 0666, qw(/tmp/id) or die\"
|
||||
|
@ -73,7 +73,7 @@ makeTest {
|
|||
|
||||
$machine->succeed("rm /tmp/id");
|
||||
|
||||
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
|
||||
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
|
||||
mkdir -p $out
|
||||
cp ${pkgs.coreutils}/bin/id /tmp/id
|
||||
perl -e \"chmod 04755, qw(/tmp/id) or die\"
|
||||
|
@ -84,7 +84,7 @@ makeTest {
|
|||
$machine->succeed("rm /tmp/id");
|
||||
|
||||
# And test fchmod().
|
||||
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
|
||||
$machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
|
||||
mkdir -p $out
|
||||
cp ${pkgs.coreutils}/bin/id /tmp/id
|
||||
perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\"
|
||||
|
@ -94,7 +94,7 @@ makeTest {
|
|||
|
||||
$machine->succeed("rm /tmp/id");
|
||||
|
||||
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
|
||||
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
|
||||
mkdir -p $out
|
||||
cp ${pkgs.coreutils}/bin/id /tmp/id
|
||||
perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\"
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
#! @ENV_PROG@ nix-shell
|
||||
#! nix-shell -I nixpkgs=shell.nix --option build-use-substitutes false
|
||||
#! nix-shell -I nixpkgs=shell.nix --option use-substitutes false
|
||||
#! nix-shell --pure -i bash -p foo bar
|
||||
echo "$(foo) $(bar) $@"
|
||||
|
|
|
@ -15,7 +15,7 @@ if ! echo "$messages" | grep -q "timed out"; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
if nix-build -Q timeout.nix -A infiniteLoop --option build-max-log-size 100; then
|
||||
if nix-build -Q timeout.nix -A infiniteLoop --option max-build-log-size 100; then
|
||||
echo "build should have failed"
|
||||
exit 1
|
||||
fi
|
||||
|
@ -30,7 +30,7 @@ if nix-build timeout.nix -A closeLog; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
if nix build -f timeout.nix silent --option build-max-silent-time 2; then
|
||||
if nix build -f timeout.nix silent --max-silent-time 2; then
|
||||
echo "build should have failed"
|
||||
exit 1
|
||||
fi
|
||||
|
|
Loading…
Reference in a new issue