Merge remote-tracking branch 'origin/master' into flakes

2025-11-14 22:42:41 +01:00 · 2019-05-08 14:30:27 +02:00 · 2019-05-08 14:30:27 +02:00 · 2bc55aba1e
commit 2bc55aba1e
parent a887892eb6 7c6391ddc7
23 changed files with 167 additions and 28 deletions
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@ -1820,6 +1820,7 @@ void EvalState::printStats()
            gc.attr("totalBytes", totalBytes);
        }
 #endif
+
        if (countCalls) {
            {
                auto obj = topObj.object("primops");
@ -1855,6 +1856,11 @@ void EvalState::printStats()
                }
            }
        }
+
+        if (getEnv("NIX_SHOW_SYMBOLS", "0") != "0") {
+            auto list = topObj.list("symbols");
+            symbols.dump([&](const std::string & s) { list.elem(s); });
+        }
    }
 }

--- a/src/libexpr/primops.cc
+++ b/src/libexpr/primops.cc
@ -923,6 +923,20 @@ static void prim_findFile(EvalState & state, const Pos & pos, Value * * args, Va
    mkPath(v, state.checkSourcePath(state.findFile(searchPath, path, pos)).c_str());
 }

+/* Return the cryptographic hash of a file in base-16. */
+static void prim_hashFile(EvalState & state, const Pos & pos, Value * * args, Value & v)
+{
+    string type = state.forceStringNoCtx(*args[0], pos);
+    HashType ht = parseHashType(type);
+    if (ht == htUnknown)
+      throw Error(format("unknown hash type '%1%', at %2%") % type % pos);
+
+    PathSet context; // discarded
+    Path p = state.coerceToPath(pos, *args[1], context);
+
+    mkString(v, hashFile(ht, state.checkSourcePath(p)).to_string(Base16, false), context);
+}
+
 /* Read a directory (without . or ..) */
 static void prim_readDir(EvalState & state, const Pos & pos, Value * * args, Value & v)
 {
@ -2202,6 +2216,7 @@ void EvalState::createBaseEnv()
    addPrimOp("__readFile", 1, prim_readFile);
    addPrimOp("__readDir", 1, prim_readDir);
    addPrimOp("__findFile", 2, prim_findFile);
+    addPrimOp("__hashFile", 2, prim_hashFile);

    // Creating files
    addPrimOp("__toXML", 1, prim_toXML);
--- a/src/libexpr/symbol-table.hh
+++ b/src/libexpr/symbol-table.hh
@ -75,6 +75,13 @@ public:
    }

    size_t totalSize() const;
+
+    template<typename T>
+    void dump(T callback)
+    {
+        for (auto & s : symbols)
+            callback(s);
+    }
 };

 }
--- a/src/libstore/build.cc
+++ b/src/libstore/build.cc
@ -803,6 +803,9 @@ private:
    /* Whether we're currently doing a chroot build. */
    bool useChroot = false;

+    /* Whether we need to perform hash rewriting if there are valid output paths. */
+    bool needsHashRewrite;
+
    Path chrootRootDir;

    /* RAII object to delete the chroot directory. */
@ -994,6 +997,13 @@ DerivationGoal::DerivationGoal(const Path & drvPath, const StringSet & wantedOut
    , wantedOutputs(wantedOutputs)
    , buildMode(buildMode)
 {
+#if __linux__
+    needsHashRewrite = !useChroot;
+#else
+    /* Darwin requires hash rewriting even when sandboxing is enabled. */
+    needsHashRewrite = true;
+#endif
+
    state = &DerivationGoal::getDerivation;
    name = (format("building of '%1%'") % drvPath).str();
    trace("created");
@ -2073,7 +2083,7 @@ void DerivationGoal::startBuilder()
 #endif
    }

-    else {
+    if (needsHashRewrite) {

        if (pathExists(homeDir))
            throw Error(format("directory '%1%' exists; please remove it") % homeDir);
@ -2500,17 +2510,17 @@ void setupSeccomp()
        seccomp_release(ctx);
    });

-    if (settings.thisSystem == "x86_64-linux" &&
+    if (nativeSystem == "x86_64-linux" &&
        seccomp_arch_add(ctx, SCMP_ARCH_X86) != 0)
        throw SysError("unable to add 32-bit seccomp architecture");

-    if (settings.thisSystem == "x86_64-linux" &&
+    if (nativeSystem == "x86_64-linux" &&
        seccomp_arch_add(ctx, SCMP_ARCH_X32) != 0)
        throw SysError("unable to add X32 seccomp architecture");

-    if (settings.thisSystem == "aarch64-linux" &&
+    if (nativeSystem == "aarch64-linux" &&
        seccomp_arch_add(ctx, SCMP_ARCH_ARM) != 0)
-        printError("unsable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes.");
+        printError("unable to add ARM seccomp architecture; this may result in spurious build failures if running 32-bit ARM processes");

    /* Prevent builders from creating setuid/setgid binaries. */
    for (int perm : { S_ISUID, S_ISGID }) {
@ -2873,6 +2883,10 @@ void DerivationGoal::runChild()
                for (auto & i : missingPaths) {
                    sandboxProfile += (format("\t(subpath \"%1%\")\n") % i.c_str()).str();
                }
+                /* Also add redirected outputs to the chroot */
+                for (auto & i : redirectedOutputs) {
+                    sandboxProfile += (format("\t(subpath \"%1%\")\n") % i.second.c_str()).str();
+                }
                sandboxProfile += ")\n";

                /* Our inputs (transitive dependencies and any impurities computed above)
@ -3051,7 +3065,9 @@ void DerivationGoal::registerOutputs()
                        throw SysError(format("moving build output '%1%' from the sandbox to the Nix store") % path);
            }
            if (buildMode != bmCheck) actualPath = worker.store.toRealPath(path);
-        } else {
+        }
+
+        if (needsHashRewrite) {
            Path redirected = redirectedOutputs[path];
            if (buildMode == bmRepair
                && redirectedBadOutputs.find(path) != redirectedBadOutputs.end()
--- a/src/libstore/gc.cc
+++ b/src/libstore/gc.cc
@ -326,10 +326,9 @@ void LocalStore::findRootsNoTemp(Roots & roots, bool censor)
    findRoots(stateDir + "/" + gcRootsDir, DT_UNKNOWN, roots);
    findRoots(stateDir + "/profiles", DT_UNKNOWN, roots);

-    /* Add additional roots returned by the program specified by the
-       NIX_ROOT_FINDER environment variable.  This is typically used
-       to add running programs to the set of roots (to prevent them
-       from being garbage collected). */
+    /* Add additional roots returned by different platforms-specific
+       heuristics.  This is typically used to add running programs to
+       the set of roots (to prevent them from being garbage collected). */
    findRuntimeRoots(roots, censor);
 }

--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@ -38,6 +38,9 @@ extern char * * environ;
 namespace nix {


+const std::string nativeSystem = SYSTEM;
+
+
 BaseError & BaseError::addPrefix(const FormatOrString & fs)
 {
    prefix_ = fs.s + prefix_;
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@ -30,6 +30,10 @@ struct Sink;
 struct Source;


+/* The system for which Nix is compiled. */
+extern const std::string nativeSystem;
+
+
 /* Return an environment variable. */
 string getEnv(const string & key, const string & def = "");

--- a/src/nix-build/nix-build.cc
+++ b/src/nix-build/nix-build.cc
@ -274,19 +274,21 @@ static void _main(int argc, char * * argv)
        exprs = {state->parseStdin()};
    else
        for (auto i : left) {
-            auto absolute = i;
-            try {
-                absolute = canonPath(absPath(i), true);
-            } catch (Error e) {};
            if (fromArgs)
                exprs.push_back(state->parseExprFromString(i, absPath(".")));
-            else if (store->isStorePath(absolute) && std::regex_match(absolute, std::regex(".*\\.drv(!.*)?")))
+            else {
+                auto absolute = i;
+                try {
+                    absolute = canonPath(absPath(i), true);
+                } catch (Error e) {};
+                if (store->isStorePath(absolute) && std::regex_match(absolute, std::regex(".*\\.drv(!.*)?")))
                drvs.push_back(DrvInfo(*state, store, absolute));
            else
                /* If we're in a #! script, interpret filenames
                   relative to the script. */
                exprs.push_back(state->parseExprFromFile(resolveExprPath(state->checkSourcePath(lookupFileArg(*state,
                    inShebang && !packages ? absPath(i, absPath(dirOf(script))) : i)))));
+            }
        }

    /* Evaluate them into derivations. */
--- a/src/nix/repl.cc
+++ b/src/nix/repl.cc
@ -192,6 +192,14 @@ static int listPossibleCallback(char *s, char ***avp) {
  return ac;
 }

+namespace {
+    // Used to communicate to NixRepl::getLine whether a signal occurred in ::readline.
+    volatile sig_atomic_t g_signal_received = 0;
+
+    void sigintHandler(int signo) {
+        g_signal_received = signo;
+    }
+}

 void NixRepl::mainLoop(const std::vector<std::string> & files)
 {
@ -251,8 +259,40 @@ void NixRepl::mainLoop(const std::vector<std::string> & files)

 bool NixRepl::getLine(string & input, const std::string &prompt)
 {
+    struct sigaction act, old;
+    sigset_t savedSignalMask, set;
+
+    auto setupSignals = [&]() {
+        act.sa_handler = sigintHandler;
+        sigfillset(&act.sa_mask);
+        act.sa_flags = 0;
+        if (sigaction(SIGINT, &act, &old))
+            throw SysError("installing handler for SIGINT");
+
+        sigemptyset(&set);
+        sigaddset(&set, SIGINT);
+        if (sigprocmask(SIG_UNBLOCK, &set, &savedSignalMask))
+            throw SysError("unblocking SIGINT");
+    };
+    auto restoreSignals = [&]() {
+        if (sigprocmask(SIG_SETMASK, &savedSignalMask, nullptr))
+            throw SysError("restoring signals");
+
+        if (sigaction(SIGINT, &old, 0))
+            throw SysError("restoring handler for SIGINT");
+    };
+
+    setupSignals();
    char * s = readline(prompt.c_str());
    Finally doFree([&]() { free(s); });
+    restoreSignals();
+
+    if (g_signal_received) {
+        g_signal_received = 0;
+        input.clear();
+        return true;
+    }
+
    if (!s)
      return false;
    input += s;