picnoir/Nix
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Rename a few configuration options

Browse source 
In particular, drop the "build-" and "gc-" prefixes which are
pointless. So now you can say

  nix build --no-sandbox

instead of

  nix build --no-build-use-sandbox
This commit is contained in:
Eelco Dolstra 2017-08-31 14:28:25 +02:00
parent 7d4a7136db
commit c2154d4c84
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
16 changed files with 113 additions and 104 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
doc/manual/command-ref/conf-file.xml
View file

@ -45,13 +45,12 @@ Comments start with a <literal>#</literal> character. Here is an
example configuration file:</para> example configuration file:</para>
<programlisting> <programlisting>
gc-keep-outputs = true # Nice for developers keep-outputs = true # Nice for developers
gc-keep-derivations = true # Idem keep-derivations = true # Idem
env-keep-derivations = false
</programlisting> </programlisting>
<para>You can override settings on the command line using the <para>You can override settings on the command line using the
<option>--option</option> flag, e.g. <literal>--option gc-keep-outputs <option>--option</option> flag, e.g. <literal>--option keep-outputs
false</literal>.</para> false</literal>.</para>
<para>The following settings are currently available: <para>The following settings are currently available:
@ -59,7 +58,7 @@ false</literal>.</para>
<variablelist> <variablelist>
<varlistentry xml:id="conf-gc-keep-outputs"><term><literal>gc-keep-outputs</literal></term> <varlistentry xml:id="conf-keep-outputs"><term><literal>keep-outputs</literal></term>
<listitem><para>If <literal>true</literal>, the garbage collector <listitem><para>If <literal>true</literal>, the garbage collector
will keep the outputs of non-garbage derivations. If will keep the outputs of non-garbage derivations. If
@ -76,7 +75,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-gc-keep-derivations"><term><literal>gc-keep-derivations</literal></term> <varlistentry xml:id="conf-keep-derivations"><term><literal>keep-derivations</literal></term>
<listitem><para>If <literal>true</literal> (default), the garbage <listitem><para>If <literal>true</literal> (default), the garbage
collector will keep the derivations from which non-garbage store collector will keep the derivations from which non-garbage store
@ -88,12 +87,12 @@ false</literal>.</para>
traceability (e.g., it allows you to ask with what dependencies or traceability (e.g., it allows you to ask with what dependencies or
options a store path was built), so by default this option is on. options a store path was built), so by default this option is on.
Turn it off to save a bit of disk space (or a lot if Turn it off to save a bit of disk space (or a lot if
<literal>gc-keep-outputs</literal> is also turned on).</para></listitem> <literal>keep-outputs</literal> is also turned on).</para></listitem>
</varlistentry> </varlistentry>
<varlistentry><term><literal>env-keep-derivations</literal></term> <varlistentry><term><literal>keep-env-derivations</literal></term>
<listitem><para>If <literal>false</literal> (default), derivations <listitem><para>If <literal>false</literal> (default), derivations
are not stored in Nix user environments. That is, the derivation are not stored in Nix user environments. That is, the derivation
@ -105,19 +104,19 @@ false</literal>.</para>
garbage-collected until the user environment generation is deleted garbage-collected until the user environment generation is deleted
(<command>nix-env --delete-generations</command>). To prevent (<command>nix-env --delete-generations</command>). To prevent
build-time-only dependencies from being collected, you should also build-time-only dependencies from being collected, you should also
turn on <literal>gc-keep-outputs</literal>.</para> turn on <literal>keep-outputs</literal>.</para>
<para>The difference between this option and <para>The difference between this option and
<literal>gc-keep-derivations</literal> is that this one is <literal>keep-derivations</literal> is that this one is
“sticky”: it applies to any user environment created while this “sticky”: it applies to any user environment created while this
option was enabled, while <literal>gc-keep-derivations</literal> option was enabled, while <literal>keep-derivations</literal>
only applies at the moment the garbage collector is only applies at the moment the garbage collector is
run.</para></listitem> run.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-build-max-jobs"><term><literal>build-max-jobs</literal></term> <varlistentry xml:id="conf-max-jobs"><term><literal>max-jobs</literal></term>
<listitem><para>This option defines the maximum number of jobs <listitem><para>This option defines the maximum number of jobs
that Nix will try to build in parallel. The default is that Nix will try to build in parallel. The default is
@ -130,7 +129,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-build-cores"><term><literal>build-cores</literal></term> <varlistentry xml:id="conf-cores"><term><literal>cores</literal></term>
<listitem><para>Sets the value of the <listitem><para>Sets the value of the
<envar>NIX_BUILD_CORES</envar> environment variable in the <envar>NIX_BUILD_CORES</envar> environment variable in the
@ -149,7 +148,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-build-max-silent-time"><term><literal>build-max-silent-time</literal></term> <varlistentry xml:id="conf-max-silent-time"><term><literal>max-silent-time</literal></term>
<listitem> <listitem>
@ -170,7 +169,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-build-timeout"><term><literal>build-timeout</literal></term> <varlistentry xml:id="conf-timeout"><term><literal>timeout</literal></term>
<listitem> <listitem>
@ -190,7 +189,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-build-max-log-size"><term><literal>build-max-log-size</literal></term> <varlistentry xml:id="conf-max-build-log-size"><term><literal>max-build-log-size</literal></term>
<listitem> <listitem>
@ -245,7 +244,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry><term><literal>build-use-sandbox</literal></term> <varlistentry><term><literal>sandbox</literal></term>
<listitem><para>If set to <literal>true</literal>, builds will be <listitem><para>If set to <literal>true</literal>, builds will be
performed in a <emphasis>sandboxed environment</emphasis>, i.e., performed in a <emphasis>sandboxed environment</emphasis>, i.e.,
@ -254,7 +253,7 @@ false</literal>.</para>
directory, private versions of <filename>/proc</filename>, directory, private versions of <filename>/proc</filename>,
<filename>/dev</filename>, <filename>/dev/shm</filename> and <filename>/dev</filename>, <filename>/dev/shm</filename> and
<filename>/dev/pts</filename> (on Linux), and the paths configured with the <filename>/dev/pts</filename> (on Linux), and the paths configured with the
<link linkend='conf-build-sandbox-paths'><literal>build-sandbox-paths</literal> <link linkend='conf-sandbox-paths'><literal>sandbox-paths</literal>
option</link>. This is useful to prevent undeclared dependencies option</link>. This is useful to prevent undeclared dependencies
on files in directories such as <filename>/usr/bin</filename>. In on files in directories such as <filename>/usr/bin</filename>. In
addition, on Linux, builds run in private PID, mount, network, IPC addition, on Linux, builds run in private PID, mount, network, IPC
@ -280,8 +279,8 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-build-sandbox-paths"> <varlistentry xml:id="conf-sandbox-paths">
<term><literal>build-sandbox-paths</literal></term> <term><literal>sandbox-paths</literal></term>
<listitem><para>A list of paths bind-mounted into Nix sandbox <listitem><para>A list of paths bind-mounted into Nix sandbox
environments. You can use the syntax environments. You can use the syntax
@ -303,17 +302,17 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-build-extra-sandbox-paths"> <varlistentry xml:id="conf-extra-sandbox-paths">
<term><literal>build-extra-sandbox-paths</literal></term> <term><literal>build-extra-sandbox-paths</literal></term>
<listitem><para>A list of additional paths appended to <listitem><para>A list of additional paths appended to
<option>build-sandbox-paths</option>. Useful if you want to extend <option>sandbox-paths</option>. Useful if you want to extend
its default value.</para></listitem> its default value.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry><term><literal>build-use-substitutes</literal></term> <varlistentry><term><literal>use-substitutes</literal></term>
<listitem><para>If set to <literal>true</literal> (default), Nix <listitem><para>If set to <literal>true</literal> (default), Nix
will use binary substitutes if available. This option can be will use binary substitutes if available. This option can be
@ -322,7 +321,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry><term><literal>build-fallback</literal></term> <varlistentry><term><literal>fallback</literal></term>
<listitem><para>If set to <literal>true</literal>, Nix will fall <listitem><para>If set to <literal>true</literal>, Nix will fall
back to building from source if a binary substitute fails. This back to building from source if a binary substitute fails. This
@ -332,7 +331,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry><term><literal>build-keep-log</literal></term> <varlistentry><term><literal>keep-build-log</literal></term>
<listitem><para>If set to <literal>true</literal> (the default), <listitem><para>If set to <literal>true</literal> (the default),
Nix will write the build log of a derivation (i.e. the standard Nix will write the build log of a derivation (i.e. the standard
@ -344,7 +343,7 @@ false</literal>.</para>
</varlistentry> </varlistentry>
<varlistentry><term><literal>build-compress-log</literal></term> <varlistentry><term><literal>compress-build-log</literal></term>
<listitem><para>If set to <literal>true</literal> (the default), <listitem><para>If set to <literal>true</literal> (the default),
build logs written to <filename>/nix/var/log/nix/drvs</filename> build logs written to <filename>/nix/var/log/nix/drvs</filename>
@ -597,7 +596,7 @@ password <replaceable>my-password</replaceable>
<para>Pass a list of files and directories to be included in the <para>Pass a list of files and directories to be included in the
sandbox for this build. One entry per line, terminated by an empty sandbox for this build. One entry per line, terminated by an empty
line. Entries have the same format as line. Entries have the same format as
<literal>build-sandbox-paths</literal>.</para> <literal>sandbox-paths</literal>.</para>
</listitem> </listitem>
@ -608,7 +607,7 @@ password <replaceable>my-password</replaceable>
</varlistentry> </varlistentry>
<varlistentry xml:id="conf-build-repeat"><term><literal>build-repeat</literal></term> <varlistentry xml:id="conf-repeat"><term><literal>repeat</literal></term>
<listitem><para>How many times to repeat builds to check whether <listitem><para>How many times to repeat builds to check whether
they are deterministic. The default value is 0. If the value is they are deterministic. The default value is 0. If the value is
@ -651,7 +650,7 @@ password <replaceable>my-password</replaceable>
as <command>sudo</command> or <command>ping</command> will as <command>sudo</command> or <command>ping</command> will
fail. (Note that in sandbox builds, no such programs are available fail. (Note that in sandbox builds, no such programs are available
unless you bind-mount them into the sandbox via the unless you bind-mount them into the sandbox via the
<option>build-sandbox-paths</option> option.) You can allow the <option>sandbox-paths</option> option.) You can allow the
use of such programs by enabling this option. This is impure and use of such programs by enabling this option. This is impure and
usually undesirable, but may be useful in certain scenarios usually undesirable, but may be useful in certain scenarios
(e.g. to spin up containers or set up userspace network interfaces (e.g. to spin up containers or set up userspace network interfaces

4
doc/manual/command-ref/nix-store.xml
View file

@ -397,9 +397,9 @@ options control what gets deleted and in what order:
</para> </para>
<para>The behaviour of the collector is also influenced by the <link <para>The behaviour of the collector is also influenced by the <link
linkend="conf-gc-keep-outputs"><literal>gc-keep-outputs</literal></link> linkend="conf-keep-outputs"><literal>keep-outputs</literal></link>
and <link and <link
linkend="conf-gc-keep-derivations"><literal>gc-keep-derivations</literal></link> linkend="conf-keep-derivations"><literal>keep-derivations</literal></link>
variables in the Nix configuration file.</para> variables in the Nix configuration file.</para>
<para>With <option>--delete</option>, the collector prints the total <para>With <option>--delete</option>, the collector prints the total

8
doc/manual/command-ref/opt-common.xml
View file

@ -94,7 +94,7 @@
perform in parallel to the specified number. Specify perform in parallel to the specified number. Specify
<literal>auto</literal> to use the number of CPUs in the system. <literal>auto</literal> to use the number of CPUs in the system.
The default is specified by the <link The default is specified by the <link
linkend='conf-build-max-jobs'><literal>build-max-jobs</literal></link> linkend='conf-max-jobs'><literal>max-jobs</literal></link>
configuration setting, which itself defaults to configuration setting, which itself defaults to
<literal>1</literal>. A higher value is useful on SMP systems or to <literal>1</literal>. A higher value is useful on SMP systems or to
exploit I/O latency.</para></listitem> exploit I/O latency.</para></listitem>
@ -112,7 +112,7 @@
<literal>true</literal>, the builder passes the <literal>true</literal>, the builder passes the
<option>-j<replaceable>N</replaceable></option> flag to GNU Make. <option>-j<replaceable>N</replaceable></option> flag to GNU Make.
It defaults to the value of the <link It defaults to the value of the <link
linkend='conf-build-cores'><literal>build-cores</literal></link> linkend='conf-cores'><literal>cores</literal></link>
configuration setting, if set, or <literal>1</literal> otherwise. configuration setting, if set, or <literal>1</literal> otherwise.
The value <literal>0</literal> means that the builder should use all The value <literal>0</literal> means that the builder should use all
available CPU cores in the system.</para></listitem> available CPU cores in the system.</para></listitem>
@ -125,7 +125,7 @@
<listitem><para>Sets the maximum number of seconds that a builder <listitem><para>Sets the maximum number of seconds that a builder
can go without producing any data on standard output or standard can go without producing any data on standard output or standard
error. The default is specified by the <link error. The default is specified by the <link
linkend='conf-build-max-silent-time'><literal>build-max-silent-time</literal></link> linkend='conf-max-silent-time'><literal>max-silent-time</literal></link>
configuration setting. <literal>0</literal> means no configuration setting. <literal>0</literal> means no
time-out.</para></listitem> time-out.</para></listitem>
@ -135,7 +135,7 @@
<listitem><para>Sets the maximum number of seconds that a builder <listitem><para>Sets the maximum number of seconds that a builder
can run. The default is specified by the <link can run. The default is specified by the <link
linkend='conf-build-timeout'><literal>build-timeout</literal></link> linkend='conf-timeout'><literal>timeout</literal></link>
configuration setting. <literal>0</literal> means no configuration setting. <literal>0</literal> means no
timeout.</para></listitem> timeout.</para></listitem>

6
scripts/install-darwin-multi-user.sh
View file

@ -744,9 +744,9 @@ place_nix_configuration() {
cat <<EOF > "$SCRATCH/nix.conf" cat <<EOF > "$SCRATCH/nix.conf"
build-users-group = $NIX_BUILD_GROUP_NAME build-users-group = $NIX_BUILD_GROUP_NAME
build-max-jobs = $NIX_USER_COUNT max-jobs = $NIX_USER_COUNT
build-cores = 1 cores = 1
build-use-sandbox = false sandbox = false
binary-caches = https://cache.nixos.org/ binary-caches = https://cache.nixos.org/
trusted-binary-caches = trusted-binary-caches =

8
src/libmain/shared.cc
View file

@ -171,7 +171,7 @@ struct LegacyArgs : public MixCommonArgs
}); });
mkFlag1('j', "max-jobs", "jobs", "maximum number of parallel builds", [=](std::string s) { mkFlag1('j', "max-jobs", "jobs", "maximum number of parallel builds", [=](std::string s) {
settings.set("build-max-jobs", s); settings.set("max-jobs", s);
}); });
auto intSettingAlias = [&](char shortName, const std::string & longName, auto intSettingAlias = [&](char shortName, const std::string & longName,
@ -181,9 +181,9 @@ struct LegacyArgs : public MixCommonArgs
}); });
}; };
intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "build-cores"); intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "cores");
intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "build-max-silent-time"); intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "max-silent-time");
intSettingAlias(0, "timeout", "number of seconds before a build is killed", "build-timeout"); intSettingAlias(0, "timeout", "number of seconds before a build is killed", "timeout");
mkFlag(0, "readonly-mode", "do not write to the Nix store", mkFlag(0, "readonly-mode", "do not write to the Nix store",
&settings.readOnlyMode); &settings.readOnlyMode);

6
src/libstore/build.cc
View file

@ -1740,11 +1740,11 @@ void DerivationGoal::startBuilder()
if (settings.sandboxMode == smEnabled) { if (settings.sandboxMode == smEnabled) {
if (get(drv->env, "__noChroot") == "1") if (get(drv->env, "__noChroot") == "1")
throw Error(format("derivation '%1%' has '__noChroot' set, " throw Error(format("derivation '%1%' has '__noChroot' set, "
"but that's not allowed when 'build-use-sandbox' is 'true'") % drvPath); "but that's not allowed when 'sandbox' is 'true'") % drvPath);
#if __APPLE__ #if __APPLE__
if (additionalSandboxProfile != "") if (additionalSandboxProfile != "")
throw Error(format("derivation '%1%' specifies a sandbox profile, " throw Error(format("derivation '%1%' specifies a sandbox profile, "
"but this is only allowed when 'build-use-sandbox' is 'relaxed'") % drvPath); "but this is only allowed when 'sandbox' is 'relaxed'") % drvPath);
#endif #endif
useChroot = true; useChroot = true;
} }
@ -1832,7 +1832,7 @@ void DerivationGoal::startBuilder()
worker.store.computeFSClosure(worker.store.toStorePath(i.second.source), closure); worker.store.computeFSClosure(worker.store.toStorePath(i.second.source), closure);
} catch (InvalidPath & e) { } catch (InvalidPath & e) {
} catch (Error & e) { } catch (Error & e) {
throw Error(format("while processing 'build-sandbox-paths': %s") % e.what()); throw Error(format("while processing 'sandbox-paths': %s") % e.what());
} }
for (auto & i : closure) for (auto & i : closure)
dirsInChroot[i] = i; dirsInChroot[i] = i;

10
src/libstore/gc.cc
View file

@ -580,7 +580,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p
/* Don't delete this path if any of its referrers are alive. */ /* Don't delete this path if any of its referrers are alive. */
queryReferrers(path, incoming); queryReferrers(path, incoming);
/* If gc-keep-derivations is set and this is a derivation, then /* If keep-derivations is set and this is a derivation, then
don't delete the derivation if any of the outputs are alive. */ don't delete the derivation if any of the outputs are alive. */
if (state.gcKeepDerivations && isDerivation(path)) { if (state.gcKeepDerivations && isDerivation(path)) {
PathSet outputs = queryDerivationOutputs(path); PathSet outputs = queryDerivationOutputs(path);
@ -589,7 +589,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p
incoming.insert(i); incoming.insert(i);
} }
/* If gc-keep-outputs is set, then don't delete this path if there /* If keep-outputs is set, then don't delete this path if there
are derivers of this path that are not garbage. */ are derivers of this path that are not garbage. */
if (state.gcKeepOutputs) { if (state.gcKeepOutputs) {
PathSet derivers = queryValidDerivers(path); PathSet derivers = queryValidDerivers(path);
@ -704,9 +704,9 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results)
state.gcKeepDerivations = settings.gcKeepDerivations; state.gcKeepDerivations = settings.gcKeepDerivations;
/* Using `--ignore-liveness' with `--delete' can have unintended /* Using `--ignore-liveness' with `--delete' can have unintended
consequences if `gc-keep-outputs' or `gc-keep-derivations' are consequences if `keep-outputs' or `keep-derivations' are true
true (the garbage collector will recurse into deleting the (the garbage collector will recurse into deleting the outputs
outputs or derivers, respectively). So disable them. */ or derivers, respectively). So disable them. */
if (options.action == GCOptions::gcDeleteSpecific && options.ignoreLiveness) { if (options.action == GCOptions::gcDeleteSpecific && options.ignoreLiveness) {
state.gcKeepOutputs = false; state.gcKeepOutputs = false;
state.gcKeepDerivations = false; state.gcKeepDerivations = false;

84
src/libstore/globals.hh
View file

@ -89,8 +89,9 @@ public:
Setting<bool> keepGoing{this, false, "keep-going", Setting<bool> keepGoing{this, false, "keep-going",
"Whether to keep building derivations when another build fails."}; "Whether to keep building derivations when another build fails."};
Setting<bool> tryFallback{this, false, "build-fallback", Setting<bool> tryFallback{this, false, "fallback",
"Whether to fall back to building when substitution fails."}; "Whether to fall back to building when substitution fails.",
{"build-fallback"}};
/* Whether to show build log output in real time. */ /* Whether to show build log output in real time. */
bool verboseBuild = true; bool verboseBuild = true;
@ -99,14 +100,15 @@ public:
the log to show if a build fails. */ the log to show if a build fails. */
size_t logLines = 10; size_t logLines = 10;
MaxBuildJobsSetting maxBuildJobs{this, 1, "build-max-jobs", MaxBuildJobsSetting maxBuildJobs{this, 1, "max-jobs",
"Maximum number of parallel build jobs. \"auto\" means use number of cores."}; "Maximum number of parallel build jobs. \"auto\" means use number of cores.",
{"build-max-jobs"}};
Setting<unsigned int> buildCores{this, getDefaultCores(), "build-cores", Setting<unsigned int> buildCores{this, getDefaultCores(), "cores",
"Number of CPU cores to utilize in parallel within a build, " "Number of CPU cores to utilize in parallel within a build, "
"i.e. by passing this number to Make via '-j'. 0 means that the " "i.e. by passing this number to Make via '-j'. 0 means that the "
"number of actual CPU cores on the local host ought to be " "number of actual CPU cores on the local host ought to be "
"auto-detected."}; "auto-detected.", {"build-cores"}};
/* Read-only mode. Don't copy stuff to the store, don't change /* Read-only mode. Don't copy stuff to the store, don't change
the database. */ the database. */
@ -115,14 +117,15 @@ public:
Setting<std::string> thisSystem{this, SYSTEM, "system", Setting<std::string> thisSystem{this, SYSTEM, "system",
"The canonical Nix system name."}; "The canonical Nix system name."};
Setting<time_t> maxSilentTime{this, 0, "build-max-silent-time", Setting<time_t> maxSilentTime{this, 0, "max-silent-time",
"The maximum time in seconds that a builer can go without " "The maximum time in seconds that a builer can go without "
"producing any output on stdout/stderr before it is killed. " "producing any output on stdout/stderr before it is killed. "
"0 means infinity."}; "0 means infinity.",
{"build-max-silent-time"}};
Setting<time_t> buildTimeout{this, 0, "build-timeout", Setting<time_t> buildTimeout{this, 0, "timeout",
"The maximum duration in seconds that a builder can run. " "The maximum duration in seconds that a builder can run. "
"0 means infinity."}; "0 means infinity.", {"build-timeout"}};
Setting<bool> useBuildHook{this, true, "remote-builds", Setting<bool> useBuildHook{this, true, "remote-builds",
"Whether to use build hooks (for distributed builds)."}; "Whether to use build hooks (for distributed builds)."};
@ -149,27 +152,32 @@ public:
Setting<bool> syncBeforeRegistering{this, false, "sync-before-registering", Setting<bool> syncBeforeRegistering{this, false, "sync-before-registering",
"Whether to call sync() before registering a path as valid."}; "Whether to call sync() before registering a path as valid."};
Setting<bool> useSubstitutes{this, true, "build-use-substitutes", Setting<bool> useSubstitutes{this, true, "use-substitutes",
"Whether to use substitutes."}; "Whether to use substitutes.",
{"build-use-substitutes"}};
Setting<std::string> buildUsersGroup{this, "", "build-users-group", Setting<std::string> buildUsersGroup{this, "", "build-users-group",
"The Unix group that contains the build users."}; "The Unix group that contains the build users."};
Setting<bool> impersonateLinux26{this, false, "build-impersonate-linux-26", Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",
"Whether to impersonate a Linux 2.6 machine on newer kernels."}; "Whether to impersonate a Linux 2.6 machine on newer kernels.",
{"build-impersonate-linux-26"}};
Setting<bool> keepLog{this, true, "build-keep-log", Setting<bool> keepLog{this, true, "keep-build-log",
"Whether to store build logs."}; "Whether to store build logs.",
{"build-keep-log"}};
Setting<bool> compressLog{this, true, "build-compress-log", Setting<bool> compressLog{this, true, "compress-build-log",
"Whether to compress logs."}; "Whether to compress logs.",
{"build-compress-log"}};
Setting<unsigned long> maxLogSize{this, 0, "build-max-log-size", Setting<unsigned long> maxLogSize{this, 0, "max-build-log-size",
"Maximum number of bytes a builder can write to stdout/stderr " "Maximum number of bytes a builder can write to stdout/stderr "
"before being killed (0 means no limit)."}; "before being killed (0 means no limit).",
{"build-max-log-size"}};
/* When build-repeat > 0 and verboseBuild == true, whether to /* When buildRepeat > 0 and verboseBuild == true, whether to print
print repeated builds (i.e. builds other than the first one) to repeated builds (i.e. builds other than the first one) to
stderr. Hack to prevent Hydra logs from being polluted. */ stderr. Hack to prevent Hydra logs from being polluted. */
bool printRepeatedBuilds = true; bool printRepeatedBuilds = true;
@ -180,18 +188,21 @@ public:
"Whether to check if new GC roots can in fact be found by the " "Whether to check if new GC roots can in fact be found by the "
"garbage collector."}; "garbage collector."};
Setting<bool> gcKeepOutputs{this, false, "gc-keep-outputs", Setting<bool> gcKeepOutputs{this, false, "keep-outputs",
"Whether the garbage collector should keep outputs of live derivations."}; "Whether the garbage collector should keep outputs of live derivations.",
{"gc-keep-outputs"}};
Setting<bool> gcKeepDerivations{this, true, "gc-keep-derivations", Setting<bool> gcKeepDerivations{this, true, "keep-derivations",
"Whether the garbage collector should keep derivers of live paths."}; "Whether the garbage collector should keep derivers of live paths.",
{"gc-keep-derivations"}};
Setting<bool> autoOptimiseStore{this, false, "auto-optimise-store", Setting<bool> autoOptimiseStore{this, false, "auto-optimise-store",
"Whether to automatically replace files with identical contents with hard links."}; "Whether to automatically replace files with identical contents with hard links."};
Setting<bool> envKeepDerivations{this, false, "env-keep-derivations", Setting<bool> envKeepDerivations{this, false, "keep-env-derivations",
"Whether to add derivations as a dependency of user environments " "Whether to add derivations as a dependency of user environments "
"(to prevent them from being GCed)."}; "(to prevent them from being GCed).",
{"env-keep-derivations"}};
/* Whether to lock the Nix client and worker to the same CPU. */ /* Whether to lock the Nix client and worker to the same CPU. */
bool lockCPU; bool lockCPU;
@ -202,24 +213,25 @@ public:
Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation", Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
"Whether builtin functions that allow executing native code should be enabled."}; "Whether builtin functions that allow executing native code should be enabled."};
Setting<SandboxMode> sandboxMode{this, smDisabled, "build-use-sandbox", Setting<SandboxMode> sandboxMode{this, smDisabled, "sandbox",
"Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".", "Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
{"build-use-chroot"}}; {"build-use-chroot", "build-use-sandbox"}};
Setting<PathSet> sandboxPaths{this, {}, "build-sandbox-paths", Setting<PathSet> sandboxPaths{this, {}, "sandbox-paths",
"The paths to make available inside the build sandbox.", "The paths to make available inside the build sandbox.",
{"build-chroot-dirs"}}; {"build-chroot-dirs", "build-sandbox-paths"}};
Setting<PathSet> extraSandboxPaths{this, {}, "build-extra-sandbox-paths", Setting<PathSet> extraSandboxPaths{this, {}, "extra-sandbox-paths",
"Additional paths to make available inside the build sandbox.", "Additional paths to make available inside the build sandbox.",
{"build-extra-chroot-dirs"}}; {"build-extra-chroot-dirs", "build-extra-sandbox-paths"}};
Setting<bool> restrictEval{this, false, "restrict-eval", Setting<bool> restrictEval{this, false, "restrict-eval",
"Whether to restrict file system access to paths in $NIX_PATH, " "Whether to restrict file system access to paths in $NIX_PATH, "
"and to disallow fetching files from the network."}; "and to disallow fetching files from the network."};
Setting<size_t> buildRepeat{this, 0, "build-repeat", Setting<size_t> buildRepeat{this, 0, "repeat",
"The number of times to repeat a build in order to verify determinism."}; "The number of times to repeat a build in order to verify determinism.",
{"build-repeat"}};
#if __linux__ #if __linux__
Setting<std::string> sandboxShmSize{this, "50%", "sandbox-dev-shm-size", Setting<std::string> sandboxShmSize{this, "50%", "sandbox-dev-shm-size",

2
tests/build-remote.sh
View file

@ -13,7 +13,7 @@ rm -rf $TEST_ROOT/store0 $TEST_ROOT/store1
export NIX_CONF_DIR=$TEST_ROOT/etc2 export NIX_CONF_DIR=$TEST_ROOT/etc2
mkdir -p $NIX_CONF_DIR mkdir -p $NIX_CONF_DIR
echo " echo "
build-sandbox-paths = /nix/store sandbox-paths = /nix/store
sandbox-build-dir = /build-tmp sandbox-build-dir = /build-tmp
" > $NIX_CONF_DIR/nix.conf " > $NIX_CONF_DIR/nix.conf

4
tests/init.sh
View file

@ -15,9 +15,7 @@ mkdir "$NIX_CONF_DIR"
cat > "$NIX_CONF_DIR"/nix.conf <<EOF cat > "$NIX_CONF_DIR"/nix.conf <<EOF
build-users-group = build-users-group =
gc-keep-outputs = false keep-derivations = false
gc-keep-derivations = false
env-keep-derivations = false
fsync-metadata = false fsync-metadata = false
EOF EOF

2
tests/linux-sandbox.sh
View file

@ -16,7 +16,7 @@ rm -rf $TEST_ROOT/store0
export NIX_STORE_DIR=/my/store export NIX_STORE_DIR=/my/store
export NIX_REMOTE="local?root=$TEST_ROOT/store0" export NIX_REMOTE="local?root=$TEST_ROOT/store0"
outPath=$(nix-build dependencies.nix --no-out-link --option build-sandbox-paths /nix/store) outPath=$(nix-build dependencies.nix --no-out-link --option sandbox-paths /nix/store)
[[ $outPath =~ /my/store/.*-dependencies ]] [[ $outPath =~ /my/store/.*-dependencies ]]

2
tests/logging.sh
View file

@ -11,5 +11,5 @@ path=$(nix-build dependencies.nix --no-out-link)
clearStore clearStore
rm -rf $NIX_LOG_DIR rm -rf $NIX_LOG_DIR
(! nix-store -l $path) (! nix-store -l $path)
nix-build dependencies.nix --no-out-link --option build-compress-log true nix-build dependencies.nix --no-out-link --option compress-build-log true
[ "$(nix-store -l $path)" = FOO ] [ "$(nix-store -l $path)" = FOO ]

2
tests/multiple-outputs.sh
View file

@ -59,5 +59,5 @@ fi
echo "collecting garbage..." echo "collecting garbage..."
rm $TEST_ROOT/result* rm $TEST_ROOT/result*
nix-store --gc --option gc-keep-derivations true --option gc-keep-outputs true nix-store --gc --option keep-derivations true --option keep-outputs true
nix-store --gc --print-roots nix-store --gc --print-roots

16
tests/setuid.nix
View file

@ -20,7 +20,7 @@ makeTest {
startAll; startAll;
# Copying to /tmp should succeed. # Copying to /tmp should succeed.
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} " $machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
mkdir -p $out mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
")\' '); ")\' ');
@ -30,7 +30,7 @@ makeTest {
$machine->succeed("rm /tmp/id"); $machine->succeed("rm /tmp/id");
# Creating a setuid binary should fail. # Creating a setuid binary should fail.
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} " $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
mkdir -p $out mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
chmod 4755 /tmp/id chmod 4755 /tmp/id
@ -41,7 +41,7 @@ makeTest {
$machine->succeed("rm /tmp/id"); $machine->succeed("rm /tmp/id");
# Creating a setgid binary should fail. # Creating a setgid binary should fail.
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} " $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
mkdir -p $out mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
chmod 2755 /tmp/id chmod 2755 /tmp/id
@ -52,7 +52,7 @@ makeTest {
$machine->succeed("rm /tmp/id"); $machine->succeed("rm /tmp/id");
# The checks should also work on 32-bit binaries. # The checks should also work on 32-bit binaries.
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} " $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
mkdir -p $out mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
chmod 2755 /tmp/id chmod 2755 /tmp/id
@ -63,7 +63,7 @@ makeTest {
$machine->succeed("rm /tmp/id"); $machine->succeed("rm /tmp/id");
# The tests above use fchmodat(). Test chmod() as well. # The tests above use fchmodat(). Test chmod() as well.
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } " $machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
mkdir -p $out mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
perl -e \"chmod 0666, qw(/tmp/id) or die\" perl -e \"chmod 0666, qw(/tmp/id) or die\"
@ -73,7 +73,7 @@ makeTest {
$machine->succeed("rm /tmp/id"); $machine->succeed("rm /tmp/id");
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } " $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
mkdir -p $out mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
perl -e \"chmod 04755, qw(/tmp/id) or die\" perl -e \"chmod 04755, qw(/tmp/id) or die\"
@ -84,7 +84,7 @@ makeTest {
$machine->succeed("rm /tmp/id"); $machine->succeed("rm /tmp/id");
# And test fchmod(). # And test fchmod().
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } " $machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
mkdir -p $out mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\" perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\"
@ -94,7 +94,7 @@ makeTest {
$machine->succeed("rm /tmp/id"); $machine->succeed("rm /tmp/id");
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } " $machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
mkdir -p $out mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id cp ${pkgs.coreutils}/bin/id /tmp/id
perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\" perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\"

2
tests/shell.shebang.sh
View file

@ -1,4 +1,4 @@
#! @ENV_PROG@ nix-shell #! @ENV_PROG@ nix-shell
#! nix-shell -I nixpkgs=shell.nix --option build-use-substitutes false #! nix-shell -I nixpkgs=shell.nix --option use-substitutes false
#! nix-shell --pure -i bash -p foo bar #! nix-shell --pure -i bash -p foo bar
echo "$(foo) $(bar) $@" echo "$(foo) $(bar) $@"

4
tests/timeout.sh
View file

@ -15,7 +15,7 @@ if ! echo "$messages" | grep -q "timed out"; then
exit 1 exit 1
fi fi
if nix-build -Q timeout.nix -A infiniteLoop --option build-max-log-size 100; then if nix-build -Q timeout.nix -A infiniteLoop --option max-build-log-size 100; then
echo "build should have failed" echo "build should have failed"
exit 1 exit 1
fi fi
@ -30,7 +30,7 @@ if nix-build timeout.nix -A closeLog; then
exit 1 exit 1
fi fi
if nix build -f timeout.nix silent --option build-max-silent-time 2; then if nix build -f timeout.nix silent --max-silent-time 2; then
echo "build should have failed" echo "build should have failed"
exit 1 exit 1
fi fi