Add external builders

These are helper programs that execute derivations for specified system types (e.g. using QEMU to emulate another system type). To use, set `external-builders`: external-builders = [{"systems": ["aarch64-linux"], "program": "/path/to/external-builder.py"}] The external builder gets one command line argument, the path to a JSON file containing all necessary information about the derivation: { "args": [...], "builder": "/nix/store/kwcyvgdg98n98hqapaz8sw92pc2s78x6-bash-5.2p37/bin/bash", "env": { "HOME": "/homeless-shelter", ... }, "realStoreDir": "/tmp/nix/nix/store", "storeDir": "/nix/store", "tmpDir": "/tmp/nix-shell.dzQ2hE/nix-build-patchelf-0.14.3.drv-46/build", "tmpDirInSandbox": "/build" } Co-authored-by: Cole Helbling <cole.helbling@determinate.systems>
2025-11-16 15:32:43 +01:00 · 2025-10-03 14:34:13 +02:00 · 2025-10-03 14:34:13 +02:00 · 584ef0ffd3
commit 584ef0ffd3
parent 76ac3758d7
6 changed files with 274 additions and 18 deletions
--- a/src/libstore/unix/build/derivation-builder.cc
+++ b/src/libstore/unix/build/derivation-builder.cc
@ -229,6 +229,12 @@ protected:
        return acquireUserLock(1, false);
    }

+    /**
+     * Throw an exception if we can't do this derivation because of
+     * missing system features.
+     */
+    virtual void checkSystem();
+
    /**
     * Return the paths that should be made available in the sandbox.
     * This includes:
@ -666,21 +672,8 @@ static bool checkNotWorldWritable(std::filesystem::path path)
    return true;
 }

-std::optional<Descriptor> DerivationBuilderImpl::startBuild()
+void DerivationBuilderImpl::checkSystem()
 {
-    if (useBuildUsers()) {
-        if (!buildUser)
-            buildUser = getBuildUser();
-
-        if (!buildUser)
-            return std::nullopt;
-    }
-
-    /* Make sure that no other processes are executing under the
-       sandbox uids. This must be done before any chownToBuilder()
-       calls. */
-    prepareUser();
-
    /* Right platform? */
    if (!drvOptions.canBuildLocally(store, drv)) {
        auto msg =
@ -704,6 +697,24 @@ std::optional<Descriptor> DerivationBuilderImpl::startBuild()

        throw BuildError(BuildResult::Failure::InputRejected, msg);
    }
+}
+
+std::optional<Descriptor> DerivationBuilderImpl::startBuild()
+{
+    if (useBuildUsers()) {
+        if (!buildUser)
+            buildUser = getBuildUser();
+
+        if (!buildUser)
+            return std::nullopt;
+    }
+
+    checkSystem();
+
+    /* Make sure that no other processes are executing under the
+       sandbox uids. This must be done before any chownToBuilder()
+       calls. */
+    prepareUser();

    auto buildDir = store.config->getBuildDir();

@ -1909,12 +1920,16 @@ StorePath DerivationBuilderImpl::makeFallbackPath(const StorePath & path)
 #include "chroot-derivation-builder.cc"
 #include "linux-derivation-builder.cc"
 #include "darwin-derivation-builder.cc"
+#include "external-derivation-builder.cc"

 namespace nix {

 std::unique_ptr<DerivationBuilder> makeDerivationBuilder(
    LocalStore & store, std::unique_ptr<DerivationBuilderCallbacks> miscMethods, DerivationBuilderParams params)
 {
+    if (auto builder = ExternalDerivationBuilder::newIfSupported(store, miscMethods, params))
+        return builder;
+
    bool useSandbox = false;

    /* Are we doing a sandboxed build? */