Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nix
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 0124d118ef67
Choose a base ref
...
head repository: NixOS/nix
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: a2d92bb20e82
Choose a head ref
  • 3 commits
  • 10 files changed
  • 1 contributor

Commits on May 15, 2017

  1. Make fmt() non-recursive

    @edolstra
    edolstra committed May 15, 2017

    Verified

    This commit was signed with the committer’s verified signature.
    edolstra Eelco Dolstra
    GPG key ID: 8170B4726D7198DE
    Verified
    Learn about vigilant mode
    Copy the full SHA
    2b761d5 View commit details

  2. Linux sandbox: Don't barf on invalid paths 

    This is useful when we're using a diverted store (e.g. "--store
local?root=/tmp/nix") in conjunction with a statically-linked sh from
the host store (e.g. "sandbox-paths =/bin/sh=/nix/store/.../bin/busybox").
    @edolstra
    edolstra committed May 15, 2017

    Verified

    This commit was signed with the committer’s verified signature.
    edolstra Eelco Dolstra
    GPG key ID: 8170B4726D7198DE
    Verified
    Learn about vigilant mode
    Copy the full SHA
    b30f578 View commit details

  3. Add --with-sandbox-shell configure flag 

    And add a 116 KiB ash shell from busybox to the release build. This
helps to make sandbox builds work out of the box on non-NixOS systems
and with diverted stores.
    @edolstra
    edolstra committed May 15, 2017
    6

    Verified

    This commit was signed with the committer’s verified signature.
    edolstra Eelco Dolstra
    GPG key ID: 8170B4726D7198DE
    Verified
    Learn about vigilant mode
    Copy the full SHA
    a2d92bb View commit details
Showing with 46 additions and 24 deletions.
  1. +1 −0 Makefile.config.in
  2. +6 −0 configure.ac
  3. +21 −0 release-common.nix
  4. +4 −5 release.nix
  5. +3 −4 shell.nix
  6. +1 −0 src/libstore/build.cc
  7. +2 −2 src/libstore/globals.cc
  8. +1 −1 src/libstore/local.mk
  9. +1 −1 src/libutil/logging.hh
  10. +6 −11 src/libutil/types.hh
1 change: 1 addition & 0 deletions Makefile.config.in
View file
Original file line number Diff line number Diff line change
@@ -28,6 +28,7 @@ localstatedir = @localstatedir@
mandir = @mandir@
pkglibdir = $(libdir)/$(PACKAGE_NAME)
prefix = @prefix@
sandbox_shell = @sandbox_shell@
storedir = @storedir@
sysconfdir = @sysconfdir@
doc_generate = @doc_generate@
6 changes: 6 additions & 0 deletions configure.ac
View file
Original file line number Diff line number Diff line change
@@ -240,6 +240,12 @@ fi
AC_SUBST(tarFlags)


AC_ARG_WITH(sandbox-shell, AC_HELP_STRING([--with-sandbox-shell=PATH],
[path of a statically-linked shell to use as /bin/sh in sandboxes]),
sandbox_shell=$withval)
AC_SUBST(sandbox_shell)


# Expand all variables in config.status.
test "$prefix" = NONE && prefix=$ac_default_prefix
test "$exec_prefix" = NONE && exec_prefix='${prefix}'
21 changes: 21 additions & 0 deletions release-common.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{ pkgs }:

rec {
sh = pkgs.busybox.override {
useMusl = true;
enableStatic = true;
enableMinimal = true;
extraConfig = ''
CONFIG_ASH y
CONFIG_ASH_BUILTIN_ECHO y
CONFIG_ASH_BUILTIN_TEST y
CONFIG_ASH_OPTIMIZE_FOR_SIZE y
'';
};

configureFlags =
[ "--disable-init-state"
"--enable-gc"
"--with-sandbox-shell=${sh}/bin/busybox"
];
}
9 changes: 4 additions & 5 deletions release.nix
View file
Original file line number Diff line number Diff line change
@@ -66,6 +66,8 @@ let

with import <nixpkgs> { inherit system; };

with import ./release-common.nix { inherit pkgs; };

releaseTools.nixBuild {
name = "nix";
src = tarball;
@@ -83,11 +85,8 @@ let
customMemoryManagement = false;
});

configureFlags = ''
--disable-init-state
--enable-gc
--sysconfdir=/etc
'';
configureFlags = configureFlags ++
[ "--sysconfdir=/etc" ];

enableParallelBuilding = true;

7 changes: 3 additions & 4 deletions shell.nix
View file
Original file line number Diff line number Diff line change
@@ -2,6 +2,8 @@

with import <nixpkgs> {};

with import ./release-common.nix { inherit pkgs; };

(if useClang then clangStdenv else stdenv).mkDerivation {
name = "nix";

@@ -22,10 +24,7 @@ with import <nixpkgs> {};
perlPackages.DBDSQLite
];

configureFlags =
[ "--disable-init-state"
"--enable-gc"
];
inherit configureFlags;

enableParallelBuilding = true;

1 change: 1 addition & 0 deletions src/libstore/build.cc
View file
Original file line number Diff line number Diff line change
@@ -1774,6 +1774,7 @@ void DerivationGoal::startBuilder()
try {
if (worker.store.isInStore(i.second.source))
worker.store.computeFSClosure(worker.store.toStorePath(i.second.source), closure);
} catch (InvalidPath & e) {
} catch (Error & e) {
throw Error(format("while processing ‘build-sandbox-paths’: %s") % e.what());
}
4 changes: 2 additions & 2 deletions src/libstore/globals.cc
View file
Original file line number Diff line number Diff line change
@@ -47,8 +47,8 @@ Settings::Settings()
auto s = getEnv("NIX_REMOTE_SYSTEMS");
if (s != "") builderFiles = tokenizeString<Strings>(s, ":");

#if __linux__
sandboxPaths = tokenizeString<StringSet>("/bin/sh=" BASH_PATH);
#if defined(__linux__) && defined(SANDBOX_SHELL)
sandboxPaths = tokenizeString<StringSet>("/bin/sh=" SANDBOX_SHELL);
#endif

allowedImpureHostPrefixes = tokenizeString<StringSet>(DEFAULT_ALLOWED_IMPURE_PREFIXES);
2 changes: 1 addition & 1 deletion src/libstore/local.mk
View file
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ libstore_CXXFLAGS = \
-DNIX_CONF_DIR=\"$(sysconfdir)/nix\" \
-DNIX_LIBEXEC_DIR=\"$(libexecdir)\" \
-DNIX_BIN_DIR=\"$(bindir)\" \
-DBASH_PATH="\"$(bash)\"" \
-DSANDBOX_SHELL="\"$(sandbox_shell)\"" \
-DLSOF=\"$(lsof)\"

$(d)/local-store.cc: $(d)/schema.sql.hh
2 changes: 1 addition & 1 deletion src/libutil/logging.hh
View file
Original file line number Diff line number Diff line change
@@ -88,7 +88,7 @@ template<typename... Args>
inline void warn(const std::string & fs, Args... args)
{
boost::format f(fs);
formatHelper(f, args...);
nop{boost::io::detail::feed(f, args)...};
logger->warn(f.str());
}

17 changes: 6 additions & 11 deletions src/libutil/types.hh
View file
Original file line number Diff line number Diff line change
@@ -32,6 +32,11 @@ using std::vector;
using boost::format;


/* A variadic template that does nothing. Useful to call a function
for all variadic arguments but ignoring the result. */
struct nop { template<typename... T> nop(T...) {} };


struct FormatOrString
{
string s;
@@ -46,16 +51,6 @@ struct FormatOrString
... a_n’. However, ‘fmt(s)’ is equivalent to ‘s’ (so no %-expansion
takes place). */

inline void formatHelper(boost::format & f)
{
}

template<typename T, typename... Args>
inline void formatHelper(boost::format & f, T x, Args... args)
{
formatHelper(f % x, args...);
}

inline std::string fmt(const std::string & s)
{
return s;
@@ -75,7 +70,7 @@ template<typename... Args>
inline std::string fmt(const std::string & fs, Args... args)
{
boost::format f(fs);
formatHelper(f, args...);
nop{boost::io::detail::feed(f, args)...};
return f.str();
}