diff --git a/doc/manual/command-ref/conf-file.xml b/doc/manual/command-ref/conf-file.xml index 47ceff262..6b90083f0 100644 --- a/doc/manual/command-ref/conf-file.xml +++ b/doc/manual/command-ref/conf-file.xml @@ -45,13 +45,12 @@ Comments start with a # character. Here is an example configuration file: -gc-keep-outputs = true # Nice for developers -gc-keep-derivations = true # Idem -env-keep-derivations = false +keep-outputs = true # Nice for developers +keep-derivations = true # Idem You can override settings on the command line using the - flag, e.g. --option gc-keep-outputs + flag, e.g. --option keep-outputs false. The following settings are currently available: @@ -59,7 +58,7 @@ false. - gc-keep-outputs + keep-outputs If true, the garbage collector will keep the outputs of non-garbage derivations. If @@ -76,7 +75,7 @@ false. - gc-keep-derivations + keep-derivations If true (default), the garbage collector will keep the derivations from which non-garbage store @@ -88,12 +87,12 @@ false. traceability (e.g., it allows you to ask with what dependencies or options a store path was built), so by default this option is on. Turn it off to save a bit of disk space (or a lot if - gc-keep-outputs is also turned on). + keep-outputs is also turned on). - env-keep-derivations + keep-env-derivations If false (default), derivations are not stored in Nix user environments. That is, the derivation @@ -105,19 +104,19 @@ false. garbage-collected until the user environment generation is deleted (nix-env --delete-generations). To prevent build-time-only dependencies from being collected, you should also - turn on gc-keep-outputs. + turn on keep-outputs. The difference between this option and - gc-keep-derivations is that this one is + keep-derivations is that this one is “sticky”: it applies to any user environment created while this - option was enabled, while gc-keep-derivations + option was enabled, while keep-derivations only applies at the moment the garbage collector is run. - build-max-jobs + max-jobs This option defines the maximum number of jobs that Nix will try to build in parallel. The default is @@ -130,7 +129,7 @@ false. - build-cores + cores Sets the value of the NIX_BUILD_CORES environment variable in the @@ -149,7 +148,7 @@ false. - build-max-silent-time + max-silent-time @@ -170,7 +169,7 @@ false. - build-timeout + timeout @@ -190,7 +189,7 @@ false. - build-max-log-size + max-build-log-size @@ -245,7 +244,7 @@ false. - build-use-sandbox + sandbox If set to true, builds will be performed in a sandboxed environment, i.e., @@ -254,7 +253,7 @@ false. directory, private versions of /proc, /dev, /dev/shm and /dev/pts (on Linux), and the paths configured with the - build-sandbox-paths + sandbox-paths option. This is useful to prevent undeclared dependencies on files in directories such as /usr/bin. In addition, on Linux, builds run in private PID, mount, network, IPC @@ -280,8 +279,8 @@ false. - - build-sandbox-paths + + sandbox-paths A list of paths bind-mounted into Nix sandbox environments. You can use the syntax @@ -303,17 +302,17 @@ false. - + build-extra-sandbox-paths A list of additional paths appended to - . Useful if you want to extend + . Useful if you want to extend its default value. - build-use-substitutes + use-substitutes If set to true (default), Nix will use binary substitutes if available. This option can be @@ -322,7 +321,7 @@ false. - build-fallback + fallback If set to true, Nix will fall back to building from source if a binary substitute fails. This @@ -332,7 +331,7 @@ false. - build-keep-log + keep-build-log If set to true (the default), Nix will write the build log of a derivation (i.e. the standard @@ -344,7 +343,7 @@ false. - build-compress-log + compress-build-log If set to true (the default), build logs written to /nix/var/log/nix/drvs @@ -597,7 +596,7 @@ password my-password Pass a list of files and directories to be included in the sandbox for this build. One entry per line, terminated by an empty line. Entries have the same format as - build-sandbox-paths. + sandbox-paths. @@ -608,7 +607,7 @@ password my-password - build-repeat + repeat How many times to repeat builds to check whether they are deterministic. The default value is 0. If the value is @@ -651,7 +650,7 @@ password my-password as sudo or ping will fail. (Note that in sandbox builds, no such programs are available unless you bind-mount them into the sandbox via the - option.) You can allow the + option.) You can allow the use of such programs by enabling this option. This is impure and usually undesirable, but may be useful in certain scenarios (e.g. to spin up containers or set up userspace network interfaces diff --git a/doc/manual/command-ref/nix-store.xml b/doc/manual/command-ref/nix-store.xml index 19c99841a..a5f615b0c 100644 --- a/doc/manual/command-ref/nix-store.xml +++ b/doc/manual/command-ref/nix-store.xml @@ -397,9 +397,9 @@ options control what gets deleted and in what order: The behaviour of the collector is also influenced by the gc-keep-outputs +linkend="conf-keep-outputs">keep-outputs and gc-keep-derivations +linkend="conf-keep-derivations">keep-derivations variables in the Nix configuration file. With , the collector prints the total diff --git a/doc/manual/command-ref/opt-common.xml b/doc/manual/command-ref/opt-common.xml index a930b4a0d..32d53c753 100644 --- a/doc/manual/command-ref/opt-common.xml +++ b/doc/manual/command-ref/opt-common.xml @@ -94,7 +94,7 @@ perform in parallel to the specified number. Specify auto to use the number of CPUs in the system. The default is specified by the build-max-jobs + linkend='conf-max-jobs'>max-jobs configuration setting, which itself defaults to 1. A higher value is useful on SMP systems or to exploit I/O latency. @@ -112,7 +112,7 @@ true, the builder passes the flag to GNU Make. It defaults to the value of the build-cores + linkend='conf-cores'>cores configuration setting, if set, or 1 otherwise. The value 0 means that the builder should use all available CPU cores in the system. @@ -125,7 +125,7 @@ Sets the maximum number of seconds that a builder can go without producing any data on standard output or standard error. The default is specified by the build-max-silent-time + linkend='conf-max-silent-time'>max-silent-time configuration setting. 0 means no time-out. @@ -135,7 +135,7 @@ Sets the maximum number of seconds that a builder can run. The default is specified by the build-timeout + linkend='conf-timeout'>timeout configuration setting. 0 means no timeout. diff --git a/scripts/install-darwin-multi-user.sh b/scripts/install-darwin-multi-user.sh index a2e120bf8..5b466ac3c 100644 --- a/scripts/install-darwin-multi-user.sh +++ b/scripts/install-darwin-multi-user.sh @@ -744,9 +744,9 @@ place_nix_configuration() { cat < "$SCRATCH/nix.conf" build-users-group = $NIX_BUILD_GROUP_NAME -build-max-jobs = $NIX_USER_COUNT -build-cores = 1 -build-use-sandbox = false +max-jobs = $NIX_USER_COUNT +cores = 1 +sandbox = false binary-caches = https://cache.nixos.org/ trusted-binary-caches = diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index 67178b4a8..aa28ff2e5 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -171,7 +171,7 @@ struct LegacyArgs : public MixCommonArgs }); mkFlag1('j', "max-jobs", "jobs", "maximum number of parallel builds", [=](std::string s) { - settings.set("build-max-jobs", s); + settings.set("max-jobs", s); }); auto intSettingAlias = [&](char shortName, const std::string & longName, @@ -181,9 +181,9 @@ struct LegacyArgs : public MixCommonArgs }); }; - intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "build-cores"); - intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "build-max-silent-time"); - intSettingAlias(0, "timeout", "number of seconds before a build is killed", "build-timeout"); + intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "cores"); + intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "max-silent-time"); + intSettingAlias(0, "timeout", "number of seconds before a build is killed", "timeout"); mkFlag(0, "readonly-mode", "do not write to the Nix store", &settings.readOnlyMode); diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 02dcd4536..39f6128aa 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1740,11 +1740,11 @@ void DerivationGoal::startBuilder() if (settings.sandboxMode == smEnabled) { if (get(drv->env, "__noChroot") == "1") throw Error(format("derivation '%1%' has '__noChroot' set, " - "but that's not allowed when 'build-use-sandbox' is 'true'") % drvPath); + "but that's not allowed when 'sandbox' is 'true'") % drvPath); #if __APPLE__ if (additionalSandboxProfile != "") throw Error(format("derivation '%1%' specifies a sandbox profile, " - "but this is only allowed when 'build-use-sandbox' is 'relaxed'") % drvPath); + "but this is only allowed when 'sandbox' is 'relaxed'") % drvPath); #endif useChroot = true; } @@ -1832,7 +1832,7 @@ void DerivationGoal::startBuilder() worker.store.computeFSClosure(worker.store.toStorePath(i.second.source), closure); } catch (InvalidPath & e) { } catch (Error & e) { - throw Error(format("while processing 'build-sandbox-paths': %s") % e.what()); + throw Error(format("while processing 'sandbox-paths': %s") % e.what()); } for (auto & i : closure) dirsInChroot[i] = i; diff --git a/src/libstore/gc.cc b/src/libstore/gc.cc index bd335fbb4..5e3958ea5 100644 --- a/src/libstore/gc.cc +++ b/src/libstore/gc.cc @@ -580,7 +580,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p /* Don't delete this path if any of its referrers are alive. */ queryReferrers(path, incoming); - /* If gc-keep-derivations is set and this is a derivation, then + /* If keep-derivations is set and this is a derivation, then don't delete the derivation if any of the outputs are alive. */ if (state.gcKeepDerivations && isDerivation(path)) { PathSet outputs = queryDerivationOutputs(path); @@ -589,7 +589,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p incoming.insert(i); } - /* If gc-keep-outputs is set, then don't delete this path if there + /* If keep-outputs is set, then don't delete this path if there are derivers of this path that are not garbage. */ if (state.gcKeepOutputs) { PathSet derivers = queryValidDerivers(path); @@ -704,9 +704,9 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results) state.gcKeepDerivations = settings.gcKeepDerivations; /* Using `--ignore-liveness' with `--delete' can have unintended - consequences if `gc-keep-outputs' or `gc-keep-derivations' are - true (the garbage collector will recurse into deleting the - outputs or derivers, respectively). So disable them. */ + consequences if `keep-outputs' or `keep-derivations' are true + (the garbage collector will recurse into deleting the outputs + or derivers, respectively). So disable them. */ if (options.action == GCOptions::gcDeleteSpecific && options.ignoreLiveness) { state.gcKeepOutputs = false; state.gcKeepDerivations = false; diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index 9ebbf7b47..c20d147f5 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -89,8 +89,9 @@ public: Setting keepGoing{this, false, "keep-going", "Whether to keep building derivations when another build fails."}; - Setting tryFallback{this, false, "build-fallback", - "Whether to fall back to building when substitution fails."}; + Setting tryFallback{this, false, "fallback", + "Whether to fall back to building when substitution fails.", + {"build-fallback"}}; /* Whether to show build log output in real time. */ bool verboseBuild = true; @@ -99,14 +100,15 @@ public: the log to show if a build fails. */ size_t logLines = 10; - MaxBuildJobsSetting maxBuildJobs{this, 1, "build-max-jobs", - "Maximum number of parallel build jobs. \"auto\" means use number of cores."}; + MaxBuildJobsSetting maxBuildJobs{this, 1, "max-jobs", + "Maximum number of parallel build jobs. \"auto\" means use number of cores.", + {"build-max-jobs"}}; - Setting buildCores{this, getDefaultCores(), "build-cores", + Setting buildCores{this, getDefaultCores(), "cores", "Number of CPU cores to utilize in parallel within a build, " "i.e. by passing this number to Make via '-j'. 0 means that the " "number of actual CPU cores on the local host ought to be " - "auto-detected."}; + "auto-detected.", {"build-cores"}}; /* Read-only mode. Don't copy stuff to the store, don't change the database. */ @@ -115,14 +117,15 @@ public: Setting thisSystem{this, SYSTEM, "system", "The canonical Nix system name."}; - Setting maxSilentTime{this, 0, "build-max-silent-time", + Setting maxSilentTime{this, 0, "max-silent-time", "The maximum time in seconds that a builer can go without " "producing any output on stdout/stderr before it is killed. " - "0 means infinity."}; + "0 means infinity.", + {"build-max-silent-time"}}; - Setting buildTimeout{this, 0, "build-timeout", + Setting buildTimeout{this, 0, "timeout", "The maximum duration in seconds that a builder can run. " - "0 means infinity."}; + "0 means infinity.", {"build-timeout"}}; Setting useBuildHook{this, true, "remote-builds", "Whether to use build hooks (for distributed builds)."}; @@ -149,27 +152,32 @@ public: Setting syncBeforeRegistering{this, false, "sync-before-registering", "Whether to call sync() before registering a path as valid."}; - Setting useSubstitutes{this, true, "build-use-substitutes", - "Whether to use substitutes."}; + Setting useSubstitutes{this, true, "use-substitutes", + "Whether to use substitutes.", + {"build-use-substitutes"}}; Setting buildUsersGroup{this, "", "build-users-group", "The Unix group that contains the build users."}; - Setting impersonateLinux26{this, false, "build-impersonate-linux-26", - "Whether to impersonate a Linux 2.6 machine on newer kernels."}; + Setting impersonateLinux26{this, false, "impersonate-linux-26", + "Whether to impersonate a Linux 2.6 machine on newer kernels.", + {"build-impersonate-linux-26"}}; - Setting keepLog{this, true, "build-keep-log", - "Whether to store build logs."}; + Setting keepLog{this, true, "keep-build-log", + "Whether to store build logs.", + {"build-keep-log"}}; - Setting compressLog{this, true, "build-compress-log", - "Whether to compress logs."}; + Setting compressLog{this, true, "compress-build-log", + "Whether to compress logs.", + {"build-compress-log"}}; - Setting maxLogSize{this, 0, "build-max-log-size", + Setting maxLogSize{this, 0, "max-build-log-size", "Maximum number of bytes a builder can write to stdout/stderr " - "before being killed (0 means no limit)."}; + "before being killed (0 means no limit).", + {"build-max-log-size"}}; - /* When build-repeat > 0 and verboseBuild == true, whether to - print repeated builds (i.e. builds other than the first one) to + /* When buildRepeat > 0 and verboseBuild == true, whether to print + repeated builds (i.e. builds other than the first one) to stderr. Hack to prevent Hydra logs from being polluted. */ bool printRepeatedBuilds = true; @@ -180,18 +188,21 @@ public: "Whether to check if new GC roots can in fact be found by the " "garbage collector."}; - Setting gcKeepOutputs{this, false, "gc-keep-outputs", - "Whether the garbage collector should keep outputs of live derivations."}; + Setting gcKeepOutputs{this, false, "keep-outputs", + "Whether the garbage collector should keep outputs of live derivations.", + {"gc-keep-outputs"}}; - Setting gcKeepDerivations{this, true, "gc-keep-derivations", - "Whether the garbage collector should keep derivers of live paths."}; + Setting gcKeepDerivations{this, true, "keep-derivations", + "Whether the garbage collector should keep derivers of live paths.", + {"gc-keep-derivations"}}; Setting autoOptimiseStore{this, false, "auto-optimise-store", "Whether to automatically replace files with identical contents with hard links."}; - Setting envKeepDerivations{this, false, "env-keep-derivations", + Setting envKeepDerivations{this, false, "keep-env-derivations", "Whether to add derivations as a dependency of user environments " - "(to prevent them from being GCed)."}; + "(to prevent them from being GCed).", + {"env-keep-derivations"}}; /* Whether to lock the Nix client and worker to the same CPU. */ bool lockCPU; @@ -202,24 +213,25 @@ public: Setting enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation", "Whether builtin functions that allow executing native code should be enabled."}; - Setting sandboxMode{this, smDisabled, "build-use-sandbox", + Setting sandboxMode{this, smDisabled, "sandbox", "Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".", - {"build-use-chroot"}}; + {"build-use-chroot", "build-use-sandbox"}}; - Setting sandboxPaths{this, {}, "build-sandbox-paths", + Setting sandboxPaths{this, {}, "sandbox-paths", "The paths to make available inside the build sandbox.", - {"build-chroot-dirs"}}; + {"build-chroot-dirs", "build-sandbox-paths"}}; - Setting extraSandboxPaths{this, {}, "build-extra-sandbox-paths", + Setting extraSandboxPaths{this, {}, "extra-sandbox-paths", "Additional paths to make available inside the build sandbox.", - {"build-extra-chroot-dirs"}}; + {"build-extra-chroot-dirs", "build-extra-sandbox-paths"}}; Setting restrictEval{this, false, "restrict-eval", "Whether to restrict file system access to paths in $NIX_PATH, " "and to disallow fetching files from the network."}; - Setting buildRepeat{this, 0, "build-repeat", - "The number of times to repeat a build in order to verify determinism."}; + Setting buildRepeat{this, 0, "repeat", + "The number of times to repeat a build in order to verify determinism.", + {"build-repeat"}}; #if __linux__ Setting sandboxShmSize{this, "50%", "sandbox-dev-shm-size", diff --git a/tests/build-remote.sh b/tests/build-remote.sh index 927a217f3..e27ce7e25 100644 --- a/tests/build-remote.sh +++ b/tests/build-remote.sh @@ -13,7 +13,7 @@ rm -rf $TEST_ROOT/store0 $TEST_ROOT/store1 export NIX_CONF_DIR=$TEST_ROOT/etc2 mkdir -p $NIX_CONF_DIR echo " -build-sandbox-paths = /nix/store +sandbox-paths = /nix/store sandbox-build-dir = /build-tmp " > $NIX_CONF_DIR/nix.conf diff --git a/tests/init.sh b/tests/init.sh index 4571b75b8..41cca047d 100644 --- a/tests/init.sh +++ b/tests/init.sh @@ -15,9 +15,7 @@ mkdir "$NIX_CONF_DIR" cat > "$NIX_CONF_DIR"/nix.conf <succeed('nix-build --option build-use-sandbox false -E \'(with import {}; runCommand "foo" {} " + $machine->succeed('nix-build --option sandbox false -E \'(with import {}; runCommand "foo" {} " mkdir -p $out cp ${pkgs.coreutils}/bin/id /tmp/id ")\' '); @@ -30,7 +30,7 @@ makeTest { $machine->succeed("rm /tmp/id"); # Creating a setuid binary should fail. - $machine->fail('nix-build --option build-use-sandbox false -E \'(with import {}; runCommand "foo" {} " + $machine->fail('nix-build --option sandbox false -E \'(with import {}; runCommand "foo" {} " mkdir -p $out cp ${pkgs.coreutils}/bin/id /tmp/id chmod 4755 /tmp/id @@ -41,7 +41,7 @@ makeTest { $machine->succeed("rm /tmp/id"); # Creating a setgid binary should fail. - $machine->fail('nix-build --option build-use-sandbox false -E \'(with import {}; runCommand "foo" {} " + $machine->fail('nix-build --option sandbox false -E \'(with import {}; runCommand "foo" {} " mkdir -p $out cp ${pkgs.coreutils}/bin/id /tmp/id chmod 2755 /tmp/id @@ -52,7 +52,7 @@ makeTest { $machine->succeed("rm /tmp/id"); # The checks should also work on 32-bit binaries. - $machine->fail('nix-build --option build-use-sandbox false -E \'(with import { system = "i686-linux"; }; runCommand "foo" {} " + $machine->fail('nix-build --option sandbox false -E \'(with import { system = "i686-linux"; }; runCommand "foo" {} " mkdir -p $out cp ${pkgs.coreutils}/bin/id /tmp/id chmod 2755 /tmp/id @@ -63,7 +63,7 @@ makeTest { $machine->succeed("rm /tmp/id"); # The tests above use fchmodat(). Test chmod() as well. - $machine->succeed('nix-build --option build-use-sandbox false -E \'(with import {}; runCommand "foo" { buildInputs = [ perl ]; } " + $machine->succeed('nix-build --option sandbox false -E \'(with import {}; runCommand "foo" { buildInputs = [ perl ]; } " mkdir -p $out cp ${pkgs.coreutils}/bin/id /tmp/id perl -e \"chmod 0666, qw(/tmp/id) or die\" @@ -73,7 +73,7 @@ makeTest { $machine->succeed("rm /tmp/id"); - $machine->fail('nix-build --option build-use-sandbox false -E \'(with import {}; runCommand "foo" { buildInputs = [ perl ]; } " + $machine->fail('nix-build --option sandbox false -E \'(with import {}; runCommand "foo" { buildInputs = [ perl ]; } " mkdir -p $out cp ${pkgs.coreutils}/bin/id /tmp/id perl -e \"chmod 04755, qw(/tmp/id) or die\" @@ -84,7 +84,7 @@ makeTest { $machine->succeed("rm /tmp/id"); # And test fchmod(). - $machine->succeed('nix-build --option build-use-sandbox false -E \'(with import {}; runCommand "foo" { buildInputs = [ perl ]; } " + $machine->succeed('nix-build --option sandbox false -E \'(with import {}; runCommand "foo" { buildInputs = [ perl ]; } " mkdir -p $out cp ${pkgs.coreutils}/bin/id /tmp/id perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\" @@ -94,7 +94,7 @@ makeTest { $machine->succeed("rm /tmp/id"); - $machine->fail('nix-build --option build-use-sandbox false -E \'(with import {}; runCommand "foo" { buildInputs = [ perl ]; } " + $machine->fail('nix-build --option sandbox false -E \'(with import {}; runCommand "foo" { buildInputs = [ perl ]; } " mkdir -p $out cp ${pkgs.coreutils}/bin/id /tmp/id perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\" diff --git a/tests/shell.shebang.sh b/tests/shell.shebang.sh index c9a83aaf8..a6c4bc945 100755 --- a/tests/shell.shebang.sh +++ b/tests/shell.shebang.sh @@ -1,4 +1,4 @@ #! @ENV_PROG@ nix-shell -#! nix-shell -I nixpkgs=shell.nix --option build-use-substitutes false +#! nix-shell -I nixpkgs=shell.nix --option use-substitutes false #! nix-shell --pure -i bash -p foo bar echo "$(foo) $(bar) $@" diff --git a/tests/timeout.sh b/tests/timeout.sh index 2b864b86d..d3d85200f 100644 --- a/tests/timeout.sh +++ b/tests/timeout.sh @@ -15,7 +15,7 @@ if ! echo "$messages" | grep -q "timed out"; then exit 1 fi -if nix-build -Q timeout.nix -A infiniteLoop --option build-max-log-size 100; then +if nix-build -Q timeout.nix -A infiniteLoop --option max-build-log-size 100; then echo "build should have failed" exit 1 fi @@ -30,7 +30,7 @@ if nix-build timeout.nix -A closeLog; then exit 1 fi -if nix build -f timeout.nix silent --option build-max-silent-time 2; then +if nix build -f timeout.nix silent --max-silent-time 2; then echo "build should have failed" exit 1 fi