picnoir/nix-gh
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
nix-gh/src/libstore/store.cc

491 lines
12 KiB
C++
Raw Normal View History

* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
#include <iostream>
* GCC 2.95 compatibility.
2003-12-22 17:40:46 +01:00
#include <algorithm>
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
#include <sys/wait.h>
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
#include <unistd.h>
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
* Refactoring on the file names.
2003-07-07 09:43:58 +02:00
#include "store.hh"
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 15:33:38 +02:00
#include "globals.hh"
#include "db.hh"
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
#include "archive.hh"
* Path locking in addToStore() and expandPath().
2003-08-04 09:09:36 +02:00
#include "pathlocks.hh"
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
/* Nix database. */
static Database nixDB;
/* Database tables. */
/* dbValidPaths :: Path -> ()
The existence of a key $p$ indicates that path $p$ is valid (that
is, produced by a succesful build). */
* Allow certain operations to succeed even if we don't have write permission to the Nix store or database. E.g., `nix-env -qa' will work, but `nix-env -qas' won't (the latter needs DB access). The option `--readonly-mode' forces this mode; otherwise, it's only activated when the database cannot be opened.
2004-10-25 16:38:23 +02:00
static TableId dbValidPaths = 0;
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
/* dbReferences :: Path -> [Path]
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
This table lists the outgoing file system references for each
output path that has been built by a Nix derivation. These are
found by scanning the path for the hash components of input
paths. */
static TableId dbReferences = 0;
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
/* dbReferers :: Path -> [Path]
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
This table is just the reverse mapping of dbReferences. */
static TableId dbReferers = 0;
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Simplify the substitute mechanism: - Drop the store expression. So now a substitute is just a command-line invocation (a program name + arguments). If you register a substitute you are responsible for registering the expression that built it (if any) as a root of the garbage collector. - Drop the substitutes-rev DB table.
2004-12-20 14:43:32 +01:00
/* dbSubstitutes :: Path -> [[Path]]
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
Each pair $(p, subs)$ tells Nix that it can use any of the
* Simplify the substitute mechanism: - Drop the store expression. So now a substitute is just a command-line invocation (a program name + arguments). If you register a substitute you are responsible for registering the expression that built it (if any) as a root of the garbage collector. - Drop the substitutes-rev DB table.
2004-12-20 14:43:32 +01:00
substitutes in $subs$ to build path $p$. Each substitute defines a
command-line invocation of a program (i.e., the first list element
is the full path to the program, the remaining elements are
arguments).
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
The main purpose of this is for distributed caching of derivates.
One system can compute a derivate and put it on a website (as a Nix
archive), for instance, and then another system can register a
substitute for that derivate. The substitute in this case might be
a Nix expression that fetches the Nix archive.
*/
* Allow certain operations to succeed even if we don't have write permission to the Nix store or database. E.g., `nix-env -qa' will work, but `nix-env -qas' won't (the latter needs DB access). The option `--readonly-mode' forces this mode; otherwise, it's only activated when the database cannot be opened.
2004-10-25 16:38:23 +02:00
static TableId dbSubstitutes = 0;
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
bool Substitute::operator == (const Substitute & sub)
{
* Simplify the substitute mechanism: - Drop the store expression. So now a substitute is just a command-line invocation (a program name + arguments). If you register a substitute you are responsible for registering the expression that built it (if any) as a root of the garbage collector. - Drop the substitutes-rev DB table.
2004-12-20 14:43:32 +01:00
return program == sub.program
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
&& args == sub.args;
}
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
void openDB()
{
* Allow certain operations to succeed even if we don't have write permission to the Nix store or database. E.g., `nix-env -qa' will work, but `nix-env -qas' won't (the latter needs DB access). The option `--readonly-mode' forces this mode; otherwise, it's only activated when the database cannot be opened.
2004-10-25 16:38:23 +02:00
if (readOnlyMode) return;
try {
nixDB.open(nixDBPath);
} catch (DbNoPermission & e) {
printMsg(lvlTalkative, "cannot access Nix database; continuing anyway");
readOnlyMode = true;
return;
}
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
dbValidPaths = nixDB.openTable("validpaths");
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
dbReferences = nixDB.openTable("references");
dbReferers = nixDB.openTable("referers");
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
dbSubstitutes = nixDB.openTable("substitutes");
}
void initDB()
{
}
void createStoreTransaction(Transaction & txn)
{
Transaction txn2(nixDB);
txn2.moveTo(txn);
}
/* Path copying. */
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
struct CopySink : DumpSink
{
int fd;
virtual void operator () (const unsigned char * data, unsigned int len)
{
* Argh, another short-write problem. Added wrappers around read()/write() to fix this once and for all.
2003-07-20 23:11:43 +02:00
writeFull(fd, data, len);
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
}
};
struct CopySource : RestoreSource
{
int fd;
* Argh, another short-write problem. Added wrappers around read()/write() to fix this once and for all.
2003-07-20 23:11:43 +02:00
virtual void operator () (unsigned char * data, unsigned int len)
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
{
* Argh, another short-write problem. Added wrappers around read()/write() to fix this once and for all.
2003-07-20 23:11:43 +02:00
readFull(fd, data, len);
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
}
};
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 15:33:38 +02:00
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
void copyPath(const Path & src, const Path & dst)
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 15:33:38 +02:00
{
* Enclose most operations that update the database in transactions. * Open all database tables (Db objects) at initialisation time, not every time they are used. This is necessary because tables have to outlive all transactions that refer to them.
2003-07-31 18:05:35 +02:00
debug(format("copying `%1%' to `%2%'") % src % dst);
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
/* Unfortunately C++ doesn't support coprocedures, so we have no
nice way to chain CopySink and CopySource together. Instead we
fork off a child to run the sink. (Fork-less platforms should
use a thread). */
/* Create a pipe. */
* Wrapper class around pids.
2004-06-22 11:51:44 +02:00
Pipe pipe;
pipe.create();
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
/* Fork. */
* Wrapper class around pids.
2004-06-22 11:51:44 +02:00
Pid pid;
pid = fork();
switch (pid) {
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
case -1:
throw SysError("unable to fork");
case 0: /* child */
try {
* Wrapper class around pids.
2004-06-22 11:51:44 +02:00
pipe.writeSide.close();
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
CopySource source;
* Wrapper class around pids.
2004-06-22 11:51:44 +02:00
source.fd = pipe.readSide;
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
restorePath(dst, source);
_exit(0);
* Catch SIGINT to terminate cleanly when the user tries to interrupt Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-15 21:23:55 +01:00
} catch (exception & e) {
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
cerr << "error: " << e.what() << endl;
}
_exit(1);
}
/* Parent. */
* Wrapper class around pids.
2004-06-22 11:51:44 +02:00
pipe.readSide.close();
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
CopySink sink;
* Wrapper class around pids.
2004-06-22 11:51:44 +02:00
sink.fd = pipe.writeSide;
* A very dirty hack to make setuid installations a bit nicer to use. Previously there was the problem that all files read by nix-env etc. should be reachable and readable by the Nix user. So for instance building a Nix expression in your home directory meant that the home directory should have at least g+x or o+x permission so that the Nix user could reach the Nix expression. Now we just switch back to the original user just prior to reading sources and the like. The places where this happens are somewhat arbitrary, however. Any scope that has a live SwitchToOriginalUser object in it is executed as the original user. * Back out r1385. setreuid() sets the saved uid to the new real/effective uid, which prevents us from switching back to the original uid. setresuid() doesn't have this problem (although the manpage has a bug: specifying -1 for the saved uid doesn't leave it unchanged; an explicit value must be specified).
2004-09-09 23:12:53 +02:00
{
SwitchToOriginalUser sw;
dumpPath(src, sink);
}
* A function to restore from a Nix archive. * addValue() can now import any dumpable FS object.
2003-06-23 15:27:59 +02:00
/* Wait for the child to finish. */
* Wrapper class around pids.
2004-06-22 11:51:44 +02:00
int status = pid.wait(true);
* Put WEXITSTATUS stuff somewhere else.
2004-06-22 13:03:41 +02:00
if (!statusOk(status))
* Refactoring.
2004-06-22 10:50:25 +02:00
throw Error(format("cannot copy `%1% to `%2%': child %3%")
% src % dst % statusToString(status));
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 15:33:38 +02:00
}
* The environment variable NIX_ROOT can now be set to execute Nix in a chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-14 22:44:18 +01:00
static bool isInStore(const Path & path)
{
return path[0] == '/'
* Be stricter in verifying store paths.
2004-04-14 10:08:55 +02:00
&& path.compare(0, nixStore.size(), nixStore) == 0
&& path.size() >= nixStore.size() + 2
&& path[nixStore.size()] == '/'
&& path.find('/', nixStore.size() + 1) == Path::npos;
* The environment variable NIX_ROOT can now be set to execute Nix in a chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-14 22:44:18 +01:00
}
* Be stricter in verifying store paths.
2004-04-14 10:08:55 +02:00
void assertStorePath(const Path & path)
* The environment variable NIX_ROOT can now be set to execute Nix in a chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-14 22:44:18 +01:00
{
if (!isInStore(path))
throw Error(format("path `%1%' is not in the Nix store") % path);
}
* Allow successors that don't exist but have a substitute. * Integrity: check in successor / substitute registration whether the target path exists or has a substitute.
2003-12-05 12:05:19 +01:00
static bool isValidPathTxn(const Path & path, const Transaction & txn)
{
string s;
return nixDB.queryString(txn, dbValidPaths, path, s);
}
bool isValidPath(const Path & path)
{
return isValidPathTxn(path, noTxn);
}
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
void setReferences(const Transaction & txn, const Path & storePath,
const PathSet & references)
* Reverse mappings for the successor and substitute mappings.
2003-10-10 16:46:28 +02:00
{
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
nixDB.setStrings(txn, dbReferences, storePath,
Paths(references.begin(), references.end()));
* Allow successors that don't exist but have a substitute. * Integrity: check in successor / substitute registration whether the target path exists or has a substitute.
2003-12-05 12:05:19 +01:00
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
/* Update the referers mappings of all referenced paths. */
for (PathSet::const_iterator i = references.begin();
i != references.end(); ++i)
* Reverse mappings for the successor and substitute mappings.
2003-10-10 16:46:28 +02:00
{
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
Paths referers;
nixDB.queryStrings(txn, dbReferers, *i, referers);
PathSet referers2(referers.begin(), referers.end());
referers2.insert(storePath);
nixDB.setStrings(txn, dbReferers, *i,
Paths(referers2.begin(), referers2.end()));
* Added a switch `--fallback'. From the manual: Whenever Nix attempts to realise a derivation for which a closure is already known, but this closure cannot be realised, fall back on normalising the derivation. The most common scenario in which this is useful is when we have registered substitutes in order to perform binary distribution from, say, a network repository. If the repository is down, the realisation of the derivation will fail. When this option is specified, Nix will build the derivation instead. Thus, binary installation falls back on a source installation. This option is not the default since it is generally not desirable for a transient failure in obtaining the substitutes to lead to a full build from source (with the related consumption of resources).
2004-06-28 12:42:57 +02:00
}
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
}
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
void queryReferences(const Path & storePath, PathSet & references)
* New query `nix --query --predecessors' to print the predecessors of a Nix expression.
2003-10-10 17:25:21 +02:00
{
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
Paths references2;
* Change extension `.store' to `.drv'. * Re-enable `nix-store --query --requisites'.
2005-01-19 15:36:00 +01:00
if (!isValidPath(storePath))
throw Error(format("path `%1%' is not valid") % storePath);
* Started removing closure store expressions, i.e., the explicit representation of closures as ATerms in the Nix store. Instead, the file system pointer graph is now stored in the Nix database. This has many advantages: - It greatly simplifies the implementation (we can drop the notion of `successors', and so on). - It makes registering roots for the garbage collector much easier. Instead of specifying the closure expression as a root, you can simply specify the store path that must be retained as a root. This could not be done previously, since there was no way to find the closure store expression containing a given store path. - Better traceability: it is now possible to query what paths are referenced by a path, and what paths refer to a path.
2005-01-19 12:16:11 +01:00
nixDB.queryStrings(noTxn, dbReferences, storePath, references2);
references.insert(references2.begin(), references2.end());
* New query `nix --query --predecessors' to print the predecessors of a Nix expression.
2003-10-10 17:25:21 +02:00
}
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
static Substitutes readSubstitutes(const Transaction & txn,
const Path & srcPath)
* The policy-free derivate sharing now *almost* works. :-) For any hash for which no local expansion is available, Nix can execute a `substitute' which should produce a path with such a hash. This is policy-free since Nix does not in any way specify how the substitute should work, i.e., it's an arbitrary (unnormalised) fstate expression. For example, `nix-pull' registers substitutes that fetch Nix archives from the network (through `wget') and unpack them, but any other method is possible as well. This is an improvement over the old Nix sharing scheme, which had a policy (fetching through `wget') built in. The sharing scheme doesn't work completely yet because successors from fstate rewriting have to be registered on the receiving side. Probably the whole successor stuff can be folded up into the substitute mechanism; this would be a nice simplification.
2003-07-10 17:11:48 +02:00
{
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
Strings ss;
nixDB.queryStrings(txn, dbSubstitutes, srcPath, ss);
Substitutes subs;
* The environment variable NIX_ROOT can now be set to execute Nix in a chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-14 22:44:18 +01:00
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
for (Strings::iterator i = ss.begin(); i != ss.end(); ++i) {
if (i->size() < 4 || (*i)[3] != 0) {
/* Old-style substitute. !!! remove this code
eventually? */
break;
}
Strings ss2 = unpackStrings(*i);
* Simplify the substitute mechanism: - Drop the store expression. So now a substitute is just a command-line invocation (a program name + arguments). If you register a substitute you are responsible for registering the expression that built it (if any) as a root of the garbage collector. - Drop the substitutes-rev DB table.
2004-12-20 14:43:32 +01:00
if (ss2.size() == 3) {
/* Another old-style substitute. */
continue;
}
if (ss2.size() != 2) throw Error("malformed substitute");
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
Strings::iterator j = ss2.begin();
Substitute sub;
sub.program = *j++;
sub.args = unpackStrings(*j++);
subs.push_back(sub);
}
return subs;
}
static void writeSubstitutes(const Transaction & txn,
const Path & srcPath, const Substitutes & subs)
{
Strings ss;
for (Substitutes::const_iterator i = subs.begin();
i != subs.end(); ++i)
{
Strings ss2;
ss2.push_back(i->program);
ss2.push_back(packStrings(i->args));
ss.push_back(packStrings(ss2));
}
* Allow successors that don't exist but have a substitute. * Integrity: check in successor / substitute registration whether the target path exists or has a substitute.
2003-12-05 12:05:19 +01:00
* Added a switch `--fallback'. From the manual: Whenever Nix attempts to realise a derivation for which a closure is already known, but this closure cannot be realised, fall back on normalising the derivation. The most common scenario in which this is useful is when we have registered substitutes in order to perform binary distribution from, say, a network repository. If the repository is down, the realisation of the derivation will fail. When this option is specified, Nix will build the derivation instead. Thus, binary installation falls back on a source installation. This option is not the default since it is generally not desirable for a transient failure in obtaining the substitutes to lead to a full build from source (with the related consumption of resources).
2004-06-28 12:42:57 +02:00
nixDB.setStrings(txn, dbSubstitutes, srcPath, ss);
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
}
* Main the `substitutes-rev' table again, but now in a way that doesn't take \Theta(n^2) space/time complexity.
2004-08-31 18:13:10 +02:00
void registerSubstitutes(const Transaction & txn,
const SubstitutePairs & subPairs)
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
{
* Main the `substitutes-rev' table again, but now in a way that doesn't take \Theta(n^2) space/time complexity.
2004-08-31 18:13:10 +02:00
for (SubstitutePairs::const_iterator i = subPairs.begin();
i != subPairs.end(); ++i)
{
const Path & srcPath(i->first);
const Substitute & sub(i->second);
* Reverse mappings for the successor and substitute mappings.
2003-10-10 16:46:28 +02:00
* Main the `substitutes-rev' table again, but now in a way that doesn't take \Theta(n^2) space/time complexity.
2004-08-31 18:13:10 +02:00
assertStorePath(srcPath);
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
* Main the `substitutes-rev' table again, but now in a way that doesn't take \Theta(n^2) space/time complexity.
2004-08-31 18:13:10 +02:00
Substitutes subs = readSubstitutes(txn, srcPath);
/* New substitutes take precedence over old ones. If the
substitute is already present, it's moved to the front. */
remove(subs.begin(), subs.end(), sub);
subs.push_front(sub);
writeSubstitutes(txn, srcPath, subs);
}
* The policy-free derivate sharing now *almost* works. :-) For any hash for which no local expansion is available, Nix can execute a `substitute' which should produce a path with such a hash. This is policy-free since Nix does not in any way specify how the substitute should work, i.e., it's an arbitrary (unnormalised) fstate expression. For example, `nix-pull' registers substitutes that fetch Nix archives from the network (through `wget') and unpack them, but any other method is possible as well. This is an improvement over the old Nix sharing scheme, which had a policy (fetching through `wget') built in. The sharing scheme doesn't work completely yet because successors from fstate rewriting have to be registered on the receiving side. Probably the whole successor stuff can be folded up into the substitute mechanism; this would be a nice simplification.
2003-07-10 17:11:48 +02:00
}
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
Substitutes querySubstitutes(const Path & srcPath)
* Substitutes and nix-pull now work again. * Fixed a segfault caused by the buffering of stderr. * Fix now allows the specification of the full output path. This should be used with great care, since it by-passes the normal hash generation. * Incremented the version number to 0.4 (prerelease).
2003-10-16 18:29:57 +02:00
{
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
return readSubstitutes(noTxn, srcPath);
* Substitutes and nix-pull now work again. * Fixed a segfault caused by the buffering of stderr. * Fix now allows the specification of the full output path. This should be used with great care, since it by-passes the normal hash generation. * Incremented the version number to 0.4 (prerelease).
2003-10-16 18:29:57 +02:00
}
* Simplify the substitute mechanism: - Drop the store expression. So now a substitute is just a command-line invocation (a program name + arguments). If you register a substitute you are responsible for registering the expression that built it (if any) as a root of the garbage collector. - Drop the substitutes-rev DB table.
2004-12-20 14:43:32 +01:00
void clearSubstitutes()
{
* An operation `nix-store --clear-substitutes' to remove all registered substitute mappings.
2004-12-20 15:16:55 +01:00
Transaction txn(nixDB);
* Simplify the substitute mechanism: - Drop the store expression. So now a substitute is just a command-line invocation (a program name + arguments). If you register a substitute you are responsible for registering the expression that built it (if any) as a root of the garbage collector. - Drop the substitutes-rev DB table.
2004-12-20 14:43:32 +01:00
* An operation `nix-store --clear-substitutes' to remove all registered substitute mappings.
2004-12-20 15:16:55 +01:00
/* Iterate over all paths for which there are substitutes. */
Paths subKeys;
nixDB.enumTable(txn, dbSubstitutes, subKeys);
for (Paths::iterator i = subKeys.begin(); i != subKeys.end(); ++i) {
/* Delete all substitutes for path *i. */
nixDB.delPair(txn, dbSubstitutes, *i);
}
txn.commit();
* Simplify the substitute mechanism: - Drop the store expression. So now a substitute is just a command-line invocation (a program name + arguments). If you register a substitute you are responsible for registering the expression that built it (if any) as a root of the garbage collector. - Drop the substitutes-rev DB table.
2004-12-20 14:43:32 +01:00
}
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
void registerValidPath(const Transaction & txn, const Path & _path)
* Make dbRefs a mapping from Hash to [Path].
2003-07-07 11:25:26 +02:00
{
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
Path path(canonPath(_path));
* The environment variable NIX_ROOT can now be set to execute Nix in a chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-14 22:44:18 +01:00
assertStorePath(path);
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
debug(format("registering path `%1%'") % path);
nixDB.setString(txn, dbValidPaths, path, "");
}
* Make dbRefs a mapping from Hash to [Path].
2003-07-07 11:25:26 +02:00
* Enclose most operations that update the database in transactions. * Open all database tables (Db objects) at initialisation time, not every time they are used. This is necessary because tables have to outlive all transactions that refer to them.
2003-07-31 18:05:35 +02:00
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes.
2003-11-22 19:45:56 +01:00
static void invalidatePath(const Path & path, Transaction & txn)
* deletePath() now removes the path from the hash2paths mapping.
2003-07-08 11:54:47 +02:00
{
* Enclose most operations that update the database in transactions. * Open all database tables (Db objects) at initialisation time, not every time they are used. This is necessary because tables have to outlive all transactions that refer to them.
2003-07-31 18:05:35 +02:00
debug(format("unregistering path `%1%'") % path);
* deletePath() now removes the path from the hash2paths mapping.
2003-07-08 11:54:47 +02:00
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
nixDB.delPair(txn, dbValidPaths, path);
* deletePath() now removes the path from the hash2paths mapping.
2003-07-08 11:54:47 +02:00
}
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
Path makeStorePath(const string & type,
* Removed the `id' attribute hack. * Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.)
2005-01-17 17:55:19 +01:00
const Hash & hash, const string & suffix)
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
{
/* e.g., "source:sha256:1abc...:/nix/store:foo.tar.gz" */
* Shorten SHA-256 hashes used in store path name generation to 160 bits, then encode them in a radix-32 representation (using digits and letters except e, o, u, and t). This produces store paths like /nix/store/4i0zb0z7f88mwghjirkz702a71dcfivn-aterm-2.3.1. The nice thing about this is that the hash part of the file name is still 32 characters, as before with MD5. (Of course, shortening SHA-256 to 160 bits makes it no better than SHA-160 in theory, but hopefully it's a bit more resistant to attacks; it's certainly a lot slower.)
2005-01-14 17:04:03 +01:00
string s = type + ":sha256:" + printHash(hash) + ":"
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
+ nixStore + ":" + suffix;
* Shorten SHA-256 hashes used in store path name generation to 160 bits, then encode them in a radix-32 representation (using digits and letters except e, o, u, and t). This produces store paths like /nix/store/4i0zb0z7f88mwghjirkz702a71dcfivn-aterm-2.3.1. The nice thing about this is that the hash part of the file name is still 32 characters, as before with MD5. (Of course, shortening SHA-256 to 160 bits makes it no better than SHA-160 in theory, but hopefully it's a bit more resistant to attacks; it's certainly a lot slower.)
2005-01-14 17:04:03 +01:00
return nixStore + "/"
* Removed the `id' attribute hack. * Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.)
2005-01-17 17:55:19 +01:00
+ printHash32(compressHash(hashString(htSHA256, s), 20))
* Shorten SHA-256 hashes used in store path name generation to 160 bits, then encode them in a radix-32 representation (using digits and letters except e, o, u, and t). This produces store paths like /nix/store/4i0zb0z7f88mwghjirkz702a71dcfivn-aterm-2.3.1. The nice thing about this is that the hash part of the file name is still 32 characters, as before with MD5. (Of course, shortening SHA-256 to 160 bits makes it no better than SHA-160 in theory, but hopefully it's a bit more resistant to attacks; it's certainly a lot slower.)
2005-01-14 17:04:03 +01:00
+ "-" + suffix;
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
}
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
Path addToStore(const Path & _srcPath)
* Make dbRefs a mapping from Hash to [Path].
2003-07-07 11:25:26 +02:00
{
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
Path srcPath(absPath(_srcPath));
debug(format("adding `%1%' to the store") % srcPath);
* Make dbRefs a mapping from Hash to [Path].
2003-07-07 11:25:26 +02:00
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
Hash h(htSHA256);
* A very dirty hack to make setuid installations a bit nicer to use. Previously there was the problem that all files read by nix-env etc. should be reachable and readable by the Nix user. So for instance building a Nix expression in your home directory meant that the home directory should have at least g+x or o+x permission so that the Nix user could reach the Nix expression. Now we just switch back to the original user just prior to reading sources and the like. The places where this happens are somewhat arbitrary, however. Any scope that has a live SwitchToOriginalUser object in it is executed as the original user. * Back out r1385. setreuid() sets the saved uid to the new real/effective uid, which prevents us from switching back to the original uid. setresuid() doesn't have this problem (although the manpage has a bug: specifying -1 for the saved uid doesn't leave it unchanged; an explicit value must be specified).
2004-09-09 23:12:53 +02:00
{
SwitchToOriginalUser sw;
* Removed the `id' attribute hack. * Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.)
2005-01-17 17:55:19 +01:00
h = hashPath(htSHA256, srcPath);
* A very dirty hack to make setuid installations a bit nicer to use. Previously there was the problem that all files read by nix-env etc. should be reachable and readable by the Nix user. So for instance building a Nix expression in your home directory meant that the home directory should have at least g+x or o+x permission so that the Nix user could reach the Nix expression. Now we just switch back to the original user just prior to reading sources and the like. The places where this happens are somewhat arbitrary, however. Any scope that has a live SwitchToOriginalUser object in it is executed as the original user. * Back out r1385. setreuid() sets the saved uid to the new real/effective uid, which prevents us from switching back to the original uid. setresuid() doesn't have this problem (although the manpage has a bug: specifying -1 for the saved uid doesn't leave it unchanged; an explicit value must be specified).
2004-09-09 23:12:53 +02:00
}
* The policy-free derivate sharing now *almost* works. :-) For any hash for which no local expansion is available, Nix can execute a `substitute' which should produce a path with such a hash. This is policy-free since Nix does not in any way specify how the substitute should work, i.e., it's an arbitrary (unnormalised) fstate expression. For example, `nix-pull' registers substitutes that fetch Nix archives from the network (through `wget') and unpack them, but any other method is possible as well. This is an improvement over the old Nix sharing scheme, which had a policy (fetching through `wget') built in. The sharing scheme doesn't work completely yet because successors from fstate rewriting have to be registered on the receiving side. Probably the whole successor stuff can be folded up into the substitute mechanism; this would be a nice simplification.
2003-07-10 17:11:48 +02:00
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
string baseName = baseNameOf(srcPath);
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
Path dstPath = makeStorePath("source", h, baseName);
* The policy-free derivate sharing now *almost* works. :-) For any hash for which no local expansion is available, Nix can execute a `substitute' which should produce a path with such a hash. This is policy-free since Nix does not in any way specify how the substitute should work, i.e., it's an arbitrary (unnormalised) fstate expression. For example, `nix-pull' registers substitutes that fetch Nix archives from the network (through `wget') and unpack them, but any other method is possible as well. This is an improvement over the old Nix sharing scheme, which had a policy (fetching through `wget') built in. The sharing scheme doesn't work completely yet because successors from fstate rewriting have to be registered on the receiving side. Probably the whole successor stuff can be folded up into the substitute mechanism; this would be a nice simplification.
2003-07-10 17:11:48 +02:00
* Allow certain operations to succeed even if we don't have write permission to the Nix store or database. E.g., `nix-env -qa' will work, but `nix-env -qas' won't (the latter needs DB access). The option `--readonly-mode' forces this mode; otherwise, it's only activated when the database cannot be opened.
2004-10-25 16:38:23 +02:00
if (!readOnlyMode && !isValidPath(dstPath)) {
* The policy-free derivate sharing now *almost* works. :-) For any hash for which no local expansion is available, Nix can execute a `substitute' which should produce a path with such a hash. This is policy-free since Nix does not in any way specify how the substitute should work, i.e., it's an arbitrary (unnormalised) fstate expression. For example, `nix-pull' registers substitutes that fetch Nix archives from the network (through `wget') and unpack them, but any other method is possible as well. This is an improvement over the old Nix sharing scheme, which had a policy (fetching through `wget') built in. The sharing scheme doesn't work completely yet because successors from fstate rewriting have to be registered on the receiving side. Probably the whole successor stuff can be folded up into the substitute mechanism; this would be a nice simplification.
2003-07-10 17:11:48 +02:00
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
/* The first check above is an optimisation to prevent
unnecessary lock acquisition. */
* Substitutes now should produce a path with the same id as they are substituting for (obvious, really). * For greater efficiency, nix-pull/unnar will place the output in a path that is probably the same as what is actually needed, thus preventing a path copy. * Even if a output id is given in a Fix package expression, ensure that the resulting Nix derive expression has a different id. This is because Nix expressions that are semantically equivalent (i.e., build the same result) might be different w.r.t. efficiency or divergence. It is absolutely vital for the substitute mechanism that such expressions are not used interchangeably.
2003-07-22 17:15:15 +02:00
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
PathSet lockPaths;
lockPaths.insert(dstPath);
PathLocks outputLock(lockPaths);
* Substitutes now should produce a path with the same id as they are substituting for (obvious, really). * For greater efficiency, nix-pull/unnar will place the output in a path that is probably the same as what is actually needed, thus preventing a path copy. * Even if a output id is given in a Fix package expression, ensure that the resulting Nix derive expression has a different id. This is because Nix expressions that are semantically equivalent (i.e., build the same result) might be different w.r.t. efficiency or divergence. It is absolutely vital for the substitute mechanism that such expressions are not used interchangeably.
2003-07-22 17:15:15 +02:00
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
if (!isValidPath(dstPath)) {
* Remove obstructing invalid store paths add[Text]ToStore().
2004-06-21 09:46:02 +02:00
if (pathExists(dstPath)) deletePath(dstPath);
* Allow certain operations to succeed even if we don't have write permission to the Nix store or database. E.g., `nix-env -qa' will work, but `nix-env -qas' won't (the latter needs DB access). The option `--readonly-mode' forces this mode; otherwise, it's only activated when the database cannot be opened.
2004-10-25 16:38:23 +02:00
/* !!! race: srcPath might change between hashPath() and
here! */
* Remove obstructing invalid store paths add[Text]ToStore().
2004-06-21 09:46:02 +02:00
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
copyPath(srcPath, dstPath);
* Don't use substitutes in addToStore().
2003-08-01 11:01:51 +02:00
* Removed the `id' attribute hack. * Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.)
2005-01-17 17:55:19 +01:00
Hash h2 = hashPath(htSHA256, dstPath);
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
if (h != h2)
throw Error(format("contents of `%1%' changed while copying it to `%2%' (%3% -> %4%)")
* Shorten SHA-256 hashes used in store path name generation to 160 bits, then encode them in a radix-32 representation (using digits and letters except e, o, u, and t). This produces store paths like /nix/store/4i0zb0z7f88mwghjirkz702a71dcfivn-aterm-2.3.1. The nice thing about this is that the hash part of the file name is still 32 characters, as before with MD5. (Of course, shortening SHA-256 to 160 bits makes it no better than SHA-160 in theory, but hopefully it's a bit more resistant to attacks; it's certainly a lot slower.)
2005-01-14 17:04:03 +01:00
% srcPath % dstPath % printHash(h) % printHash(h2));
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
* Remove write permission from store objects after they have been added to the store. Bug reported by Martin.
2004-09-09 23:19:20 +02:00
makePathReadOnly(dstPath);
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
Transaction txn(nixDB);
registerValidPath(txn, dstPath);
txn.commit();
* Don't use substitutes in addToStore().
2003-08-01 11:01:51 +02:00
}
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes.
2003-11-22 19:45:56 +01:00
outputLock.setDeletion(true);
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 15:33:38 +02:00
}
* Path locking in addToStore() and expandPath().
2003-08-04 09:09:36 +02:00
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
return dstPath;
* Started implementing the new evaluation model. * Lots of refactorings. * Unit tests.
2003-06-16 15:33:38 +02:00
}
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
Path addTextToStore(const string & suffix, const string & s)
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
{
* Removed the `id' attribute hack. * Formalise the notion of fixed-output derivations, i.e., derivations for which a cryptographic hash of the output is known in advance. Changes to such derivations should not propagate upwards through the dependency graph. Previously this was done by specifying the hash component of the output path through the `id' attribute, but this is insecure since you can lie about it (i.e., you can specify any hash and then produce a completely different output). Now the responsibility for checking the output is moved from the builder to Nix itself. A fixed-output derivation can be created by specifying the `outputHash' and `outputHashAlgo' attributes, the latter taking values `md5', `sha1', and `sha256', and the former specifying the actual hash in hexadecimal or in base-32 (auto-detected by looking at the length of the attribute value). MD5 is included for compatibility but should be considered deprecated. * Removed the `drvPath' pseudo-attribute in derivation results. It's no longer necessary. * Cleaned up the support for multiple output paths in derivation store expressions. Each output now has a unique identifier (e.g., `out', `devel', `docs'). Previously there was no way to tell output paths apart at the store expression level. * `nix-hash' now has a flag `--base32' to specify that the hash should be printed in base-32 notation. * `fetchurl' accepts parameters `sha256' and `sha1' in addition to `md5'. * `nix-prefetch-url' now prints out a SHA-1 hash in base-32. (TODO: a flag to specify the hash.)
2005-01-17 17:55:19 +01:00
Hash hash = hashString(htSHA256, s);
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
Path dstPath = makeStorePath("text", hash, suffix);
* The environment variable NIX_ROOT can now be set to execute Nix in a chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-14 22:44:18 +01:00
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
if (!readOnlyMode && !isValidPath(dstPath)) {
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Fix a race condition in addTextToStore().
2003-10-23 12:51:55 +02:00
PathSet lockPaths;
lockPaths.insert(dstPath);
PathLocks outputLock(lockPaths);
if (!isValidPath(dstPath)) {
* Remove obstructing invalid store paths add[Text]ToStore().
2004-06-21 09:46:02 +02:00
if (pathExists(dstPath)) deletePath(dstPath);
* Fix the garbage collector.
2003-11-22 16:58:34 +01:00
writeStringToFile(dstPath, s);
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
* Remove write permission from store objects after they have been added to the store. Bug reported by Martin.
2004-09-09 23:19:20 +02:00
makePathReadOnly(dstPath);
* Fix a race condition in addTextToStore().
2003-10-23 12:51:55 +02:00
Transaction txn(nixDB);
registerValidPath(txn, dstPath);
txn.commit();
}
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes.
2003-11-22 19:45:56 +01:00
outputLock.setDeletion(true);
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
}
* Start move towards SHA-256 hashes instead of MD5. * Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2005-01-14 14:51:38 +01:00
return dstPath;
* Refactoring: move all database manipulation into store.cc. * Removed `--query --generators'.
2003-10-15 14:42:39 +02:00
}
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
void deleteFromStore(const Path & _path)
* `nix --delete' command.
2003-06-23 16:40:49 +02:00
{
* Get rid of identifiers since they are redundant now. This greatly simplifies stuff. * The format of Nix expressions and the database schema changed because of this, so it's best to delete old Nix installations.
2003-10-08 17:06:59 +02:00
Path path(canonPath(_path));
* The environment variable NIX_ROOT can now be set to execute Nix in a chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-14 22:44:18 +01:00
assertStorePath(path);
* deletePath() now removes the path from the hash2paths mapping.
2003-07-08 11:54:47 +02:00
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes.
2003-11-22 19:45:56 +01:00
Transaction txn(nixDB);
invalidatePath(path, txn);
txn.commit();
* deletePath() now removes the path from the hash2paths mapping.
2003-07-08 11:54:47 +02:00
* Realisation of Derive(...) expressions.
2003-06-27 16:56:12 +02:00
deletePath(path);
* `nix --delete' command.
2003-06-23 16:40:49 +02:00
}
* For debugging: `nix --verify' to check the consistency of the database and store.
2003-07-17 14:27:55 +02:00
void verifyStore()
{
* Put the database verifier in a transaction.
2003-07-31 21:49:11 +02:00
Transaction txn(nixDB);
* `nix --verify': check and repair reverse mapping for successors.
2003-10-10 17:14:29 +02:00
Paths paths;
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes.
2003-11-22 19:45:56 +01:00
PathSet validPaths;
* `nix --verify': check and repair reverse mapping for successors.
2003-10-10 17:14:29 +02:00
nixDB.enumTable(txn, dbValidPaths, paths);
* For debugging: `nix --verify' to check the consistency of the database and store.
2003-07-17 14:27:55 +02:00
* Allow successors that don't exist but have a substitute. * Integrity: check in successor / substitute registration whether the target path exists or has a substitute.
2003-12-05 12:05:19 +01:00
for (Paths::iterator i = paths.begin(); i != paths.end(); ++i) {
* `nix --verify': check and repair reverse mapping for successors.
2003-10-10 17:14:29 +02:00
Path path = *i;
* For debugging: `nix --verify' to check the consistency of the database and store.
2003-07-17 14:27:55 +02:00
if (!pathExists(path)) {
* Print error messages, not debug messages.
2004-01-13 12:53:12 +01:00
printMsg(lvlError, format("path `%1%' disappeared") % path);
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes.
2003-11-22 19:45:56 +01:00
invalidatePath(path, txn);
* The environment variable NIX_ROOT can now be set to execute Nix in a chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-14 22:44:18 +01:00
} else if (!isInStore(path)) {
printMsg(lvlError, format("path `%1%' is not in the Nix store") % path);
invalidatePath(path, txn);
* Maintain integrity of the substitute and successor mappings when deleting a path in the store. * Allow absolute paths in Nix expressions. * Get nix-prefetch-url to work again. * Various other fixes.
2003-11-22 19:45:56 +01:00
} else
validPaths.insert(path);
* For debugging: `nix --verify' to check the consistency of the database and store.
2003-07-17 14:27:55 +02:00
}
* Allow successors that don't exist but have a substitute. * Integrity: check in successor / substitute registration whether the target path exists or has a substitute.
2003-12-05 12:05:19 +01:00
/* !!! the code below does not allow transitive substitutes.
I.e., if B is a substitute of A, then B must be a valid path.
B cannot itself be invalid but have a substitute. */
* For debugging: `nix --verify' to check the consistency of the database and store.
2003-07-17 14:27:55 +02:00
* Allow successors that don't exist but have a substitute. * Integrity: check in successor / substitute registration whether the target path exists or has a substitute.
2003-12-05 12:05:19 +01:00
/* "Usable" paths are those that are valid or have a substitute.
These are the paths that are allowed to appear in the
right-hand side of a sute mapping. */
PathSet usablePaths(validPaths);
* For debugging: `nix --verify' to check the consistency of the database and store.
2003-07-17 14:27:55 +02:00
* Bug fix in path invalidation. * More consistency checks.
2003-11-24 10:24:52 +01:00
/* Check that the values of the substitute mappings are valid
paths. */
* Re-enable support for substitutes in the normaliser. * A better substitute mechanism. Instead of generating a store expression for each store path for which we have a substitute, we can have a single store expression that builds a generic program that is invoked to build the desired store path, which is passed as an argument. This means that operations like `nix-pull' only produce O(1) files instead of O(N) files in the store when registering N substitutes. (It consumes O(N) database storage, of course, but that's not a performance problem). * Added a test for the substitute mechanism. * `nix-store --substitute' reads the substitutes from standard input, instead of from the command line. This prevents us from running into the kernel's limit on command line length.
2004-06-20 21:17:54 +02:00
Paths subKeys;
nixDB.enumTable(txn, dbSubstitutes, subKeys);
for (Paths::iterator i = subKeys.begin(); i != subKeys.end(); ++i) {
* Simplify the substitute mechanism: - Drop the store expression. So now a substitute is just a command-line invocation (a program name + arguments). If you register a substitute you are responsible for registering the expression that built it (if any) as a root of the garbage collector. - Drop the substitutes-rev DB table.
2004-12-20 14:43:32 +01:00
Substitutes subs = readSubstitutes(txn, *i);
if (subs.size() > 0)
* Allow successors that don't exist but have a substitute. * Integrity: check in successor / substitute registration whether the target path exists or has a substitute.
2003-12-05 12:05:19 +01:00
usablePaths.insert(*i);
* An operation `nix-store --clear-substitutes' to remove all registered substitute mappings.
2004-12-20 15:16:55 +01:00
else
nixDB.delPair(txn, dbSubstitutes, *i);
* Bug fix in path invalidation. * More consistency checks.
2003-11-24 10:24:52 +01:00
}
* `nix --verify': check and repair reverse mapping for successors.
2003-10-10 17:14:29 +02:00
* Put the database verifier in a transaction.
2003-07-31 21:49:11 +02:00
txn.commit();
* For debugging: `nix --verify' to check the consistency of the database and store.
2003-07-17 14:27:55 +02:00
}
Reference in a new issue Copy permalink