mirror of
https://github.com/NixOS/nix.git
synced 2025-11-27 20:51:00 +01:00
Tagging release 2.28.1
-----BEGIN PGP SIGNATURE----- iQFHBAABCAAxFiEEtUHVUwEnDgvPFcpdgXC0cm1xmN4FAmfzku8THGVkb2xzdHJh QGdtYWlsLmNvbQAKCRCBcLRybXGY3ngWB/0e5vMSgZtARQXjuyexyJyy2m8JIQzJ Stw7dP0/oAvWYWuytez3jX4KC9xztMELblgZzXQhO72wIfzpa/CmxWQXVSaHm6Kq zYAWhxXz2HKGEPd8bS6eCFCZcrmChso7UN2WjrROYwB+1HO5S1rtOJtv2K1zvy5C xRMoOpSfKVfn63FoODhenW3UWbfeck5Dmb6eirPxvIMUIcDi2FeX5MVlklgNhxum 351/Ymo5dxyK1pGmm8NrvB/3RSk7rVRUR+R4257lCmrN0g4gvM0G4MvxGm+XHMmC d/tmeU+JKPiXKFDSWmuTCmwCenu/q95QRadKST+Wls+qc4gHQLCaXfgn =hcKx -----END PGP SIGNATURE----- Merge tag '2.28.1' into sync-2.28.0 Tagging release 2.28.1
This commit is contained in:
Eelco Dolstra
commit
59d1634aab
41 changed files with 208 additions and 208 deletions
|
|
@ -41,7 +41,7 @@
|
|||
#endif
|
||||
|
||||
/* Includes required for chroot support. */
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
# include "nix/store/fchmodat2-compat.hh"
|
||||
# include <sys/ioctl.h>
|
||||
# include <net/if.h>
|
||||
|
|
@ -60,7 +60,7 @@
|
|||
# include "nix/store/personality.hh"
|
||||
#endif
|
||||
|
||||
#if __APPLE__
|
||||
#ifdef __APPLE__
|
||||
#include <spawn.h>
|
||||
#include <sys/sysctl.h>
|
||||
#include <sandbox.h>
|
||||
|
|
@ -76,6 +76,8 @@ extern "C" int sandbox_init_with_parameters(const char *profile, uint64_t flags,
|
|||
#include "nix/util/strings.hh"
|
||||
#include "nix/util/signals.hh"
|
||||
|
||||
#include "store-config-private.hh"
|
||||
|
||||
namespace nix {
|
||||
|
||||
void handleDiffHook(
|
||||
|
|
@ -127,7 +129,7 @@ LocalDerivationGoal::~LocalDerivationGoal()
|
|||
|
||||
inline bool LocalDerivationGoal::needsHashRewrite()
|
||||
{
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
return !useChroot;
|
||||
#else
|
||||
/* Darwin requires hash rewriting even when sandboxing is enabled. */
|
||||
|
|
@ -168,7 +170,7 @@ void LocalDerivationGoal::killChild()
|
|||
void LocalDerivationGoal::killSandbox(bool getStats)
|
||||
{
|
||||
if (cgroup) {
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
auto stats = destroyCgroup(*cgroup);
|
||||
if (getStats) {
|
||||
buildResult.cpuUser = stats.cpuUser;
|
||||
|
|
@ -205,7 +207,7 @@ Goal::Co LocalDerivationGoal::tryLocalBuild()
|
|||
if (drvOptions->noChroot)
|
||||
throw Error("derivation '%s' has '__noChroot' set, "
|
||||
"but that's not allowed when 'sandbox' is 'true'", worker.store.printStorePath(drvPath));
|
||||
#if __APPLE__
|
||||
#ifdef __APPLE__
|
||||
if (drvOptions->additionalSandboxProfile != "")
|
||||
throw Error("derivation '%s' specifies a sandbox profile, "
|
||||
"but this is only allowed when 'sandbox' is 'relaxed'", worker.store.printStorePath(drvPath));
|
||||
|
|
@ -220,14 +222,14 @@ Goal::Co LocalDerivationGoal::tryLocalBuild()
|
|||
|
||||
auto & localStore = getLocalStore();
|
||||
if (localStore.storeDir != localStore.realStoreDir.get()) {
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
useChroot = true;
|
||||
#else
|
||||
throw Error("building using a diverted store is not supported on this platform");
|
||||
#endif
|
||||
}
|
||||
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
if (useChroot) {
|
||||
if (!mountAndPidNamespacesSupported()) {
|
||||
if (!settings.sandboxFallback)
|
||||
|
|
@ -403,7 +405,7 @@ void LocalDerivationGoal::cleanupPostOutputsRegisteredModeNonCheck()
|
|||
cleanupPostOutputsRegisteredModeCheck();
|
||||
}
|
||||
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
static void doBind(const Path & source, const Path & target, bool optional = false) {
|
||||
debug("bind mounting '%1%' to '%2%'", source, target);
|
||||
|
||||
|
|
@ -476,12 +478,12 @@ static void handleChildException(bool sendException)
|
|||
void LocalDerivationGoal::startBuilder()
|
||||
{
|
||||
if ((buildUser && buildUser->getUIDCount() != 1)
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
|| settings.useCgroups
|
||||
#endif
|
||||
)
|
||||
{
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
experimentalFeatureSettings.require(Xp::Cgroups);
|
||||
|
||||
/* If we're running from the daemon, then this will return the
|
||||
|
|
@ -548,7 +550,7 @@ void LocalDerivationGoal::startBuilder()
|
|||
/* Create a temporary directory where the build will take
|
||||
place. */
|
||||
topTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
|
||||
#if __APPLE__
|
||||
#ifdef __APPLE__
|
||||
if (false) {
|
||||
#else
|
||||
if (useChroot) {
|
||||
|
|
@ -727,7 +729,7 @@ void LocalDerivationGoal::startBuilder()
|
|||
pathsInChroot[i] = {i, true};
|
||||
}
|
||||
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
/* Create a temporary directory in which we set up the chroot
|
||||
environment using bind-mounts. We put it in the Nix store
|
||||
so that the build outputs can be moved efficiently from the
|
||||
|
|
@ -826,7 +828,7 @@ void LocalDerivationGoal::startBuilder()
|
|||
#else
|
||||
if (drvOptions->useUidRange(*drv))
|
||||
throw Error("feature 'uid-range' is not supported on this platform");
|
||||
#if __APPLE__
|
||||
#ifdef __APPLE__
|
||||
/* We don't really have any parent prep work to do (yet?)
|
||||
All work happens in the child, instead. */
|
||||
#else
|
||||
|
|
@ -906,7 +908,7 @@ void LocalDerivationGoal::startBuilder()
|
|||
if (chown(slaveName.c_str(), buildUser->getUID(), 0))
|
||||
throw SysError("changing owner of pseudoterminal slave");
|
||||
}
|
||||
#if __APPLE__
|
||||
#ifdef __APPLE__
|
||||
else {
|
||||
if (grantpt(builderOut.get()))
|
||||
throw SysError("granting access to pseudoterminal slave");
|
||||
|
|
@ -941,7 +943,7 @@ void LocalDerivationGoal::startBuilder()
|
|||
|
||||
/* Fork a child to build the package. */
|
||||
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
if (useChroot) {
|
||||
/* Set up private namespaces for the build:
|
||||
|
||||
|
|
@ -1141,7 +1143,7 @@ void LocalDerivationGoal::initTmpDir()
|
|||
{
|
||||
/* In a sandbox, for determinism, always use the same temporary
|
||||
directory. */
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
tmpDirInSandbox = useChroot ? settings.sandboxBuildDir : tmpDir;
|
||||
#else
|
||||
tmpDirInSandbox = tmpDir;
|
||||
|
|
@ -1644,7 +1646,7 @@ void LocalDerivationGoal::addDependency(const StorePath & path)
|
|||
|
||||
debug("materialising '%s' in the sandbox", worker.store.printStorePath(path));
|
||||
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
|
||||
Path source = worker.store.Store::toRealPath(path);
|
||||
Path target = chrootRootDir + worker.store.printStorePath(path);
|
||||
|
|
@ -1694,7 +1696,7 @@ void LocalDerivationGoal::chownToBuilder(const Path & path)
|
|||
|
||||
void setupSeccomp()
|
||||
{
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
if (!settings.filterSyscalls) return;
|
||||
#if HAVE_SECCOMP
|
||||
scmp_filter_ctx ctx;
|
||||
|
|
@ -1814,7 +1816,7 @@ void LocalDerivationGoal::runChild()
|
|||
} catch (SystemError &) { }
|
||||
}
|
||||
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
if (useChroot) {
|
||||
|
||||
userNamespaceSync.writeSide = -1;
|
||||
|
|
@ -2048,7 +2050,7 @@ void LocalDerivationGoal::runChild()
|
|||
/* Close all other file descriptors. */
|
||||
unix::closeExtraFDs();
|
||||
|
||||
#if __linux__
|
||||
#ifdef __linux__
|
||||
linux::setPersonality(drv->platform);
|
||||
#endif
|
||||
|
||||
|
|
@ -2087,7 +2089,7 @@ void LocalDerivationGoal::runChild()
|
|||
throw SysError("setuid failed");
|
||||
}
|
||||
|
||||
#if __APPLE__
|
||||
#ifdef __APPLE__
|
||||
/* This has to appear before import statements. */
|
||||
std::string sandboxProfile = "(version 1)\n";
|
||||
|
||||
|
|
@ -2258,7 +2260,7 @@ void LocalDerivationGoal::runChild()
|
|||
for (auto & i : drv->args)
|
||||
args.push_back(rewriteStrings(i, inputRewrites));
|
||||
|
||||
#if __APPLE__
|
||||
#ifdef __APPLE__
|
||||
posix_spawnattr_t attrp;
|
||||
|
||||
if (posix_spawnattr_init(&attrp))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue