Classes | |
| struct | ChrootPath |
Public Types | |
| typedef map< Path, ChrootPath > | PathsInChroot |
| typedef map< std::string, std::string > | Environment |
| typedef map< StorePath, StorePath > | RedirectedOutputs |
| Public Types inherited from nix::DerivationGoal | |
| enum struct | NeedRestartForMoreOutputs { OutputsAddedDoNeed , BuildInProgressWillNotNeed } |
| enum | RetrySubstitution { NoNeed , YesNeed , AlreadyRetried } |
| Public Types inherited from nix::Goal | |
| enum | ExitCode { ecSuccess , ecFailed , ecNoSubstituters , ecIncompleteClosure } |
Public Member Functions | |
| LocalStore & | getLocalStore () |
| uid_t | sandboxUid () |
| gid_t | sandboxGid () |
| virtual bool | needsHashRewrite () |
| kj::Promise< Result< WorkResult > > | tryLocalBuild () noexcept override |
| kj::Promise< Result< void > > | startBuilder () |
| void | initEnv () |
| void | initTmpDir () |
| kj::Promise< Result< void > > | writeStructuredAttrs () |
| void | chownToBuilder (const Path &path) |
| void | chownToBuilder (const AutoCloseFD &fd) |
| int | getChildStatus () override |
| void | runChild () |
| kj::Promise< Result< SingleDrvOutputs > > | registerOutputs () override |
| void | signRealisation (Realisation &) override |
| kj::Promise< Result< void > > | checkOutputs (const std::map< std::string, ValidPathInfo > &outputs, const std::map< std::string, StorePath > &alreadyRegisteredOutputs) |
| void | closeReadPipes () override |
| void | cleanupHookFinally () override |
| void | cleanupPreChildKill () override |
| void | cleanupPostChildKill () override |
| bool | cleanupDecideWhetherDiskFull () override |
| void | cleanupPostOutputsRegisteredModeCheck () override |
| void | cleanupPostOutputsRegisteredModeNonCheck () override |
| void | finalizeTmpDir (bool force, bool duringDestruction=false) |
| void | killChild () override final |
| virtual void | killSandbox (bool getStats) |
| StorePath | makeFallbackPath (const StorePath &path) |
| StorePath | makeFallbackPath (OutputNameView outputName) |
| Public Member Functions inherited from nix::DerivationGoal | |
| DerivationGoal (const StorePath &drvPath, const OutputsSpec &wantedOutputs, Worker &worker, bool isDependency, BuildMode buildMode=bmNormal) | |
| DerivationGoal (DrvHasRoot, const StorePath &drvPath, const BasicDerivation &drv, const OutputsSpec &wantedOutputs, Worker &worker, bool isDependency, BuildMode buildMode=bmNormal) | |
| WorkResult | timedOut (Error &&ex) |
| kj::Promise< Result< WorkResult > > | workImpl () noexcept override |
| bool | addWantedOutputs (const OutputsSpec &outputs) |
| kj::Promise< Result< WorkResult > > | getDerivation () noexcept |
| kj::Promise< Result< WorkResult > > | loadDerivation () noexcept |
| kj::Promise< Result< WorkResult > > | haveDerivation () noexcept |
| kj::Promise< Result< WorkResult > > | outputsSubstitutionTried () noexcept |
| kj::Promise< Result< WorkResult > > | gaveUpOnSubstitution () noexcept |
| kj::Promise< Result< WorkResult > > | closureRepaired () noexcept |
| kj::Promise< Result< WorkResult > > | inputsRealised () noexcept |
| kj::Promise< Result< WorkResult > > | tryToBuild () noexcept |
| kj::Promise< Result< WorkResult > > | buildDone () noexcept |
| kj::Promise< Result< WorkResult > > | resolvedFinished () noexcept |
| HookReply | tryBuildHook () |
| Path | openLogFile () |
| void | closeLogFile () |
| kj::Promise< Result< std::map< std::string, std::optional< StorePath > > > > | queryPartialDerivationOutputMap () |
| kj::Promise< Result< OutputPathMap > > | queryDerivationOutputMap () |
| kj::Promise< Result< std::pair< bool, SingleDrvOutputs > > > | checkPathValidity () |
| kj::Promise< Result< SingleDrvOutputs > > | assertPathValidity () |
| kj::Promise< Result< WorkResult > > | repairClosure () noexcept |
| void | started () |
| WorkResult | done (BuildResult::Status status, SingleDrvOutputs builtOutputs={}, std::optional< Error > ex={}) |
| void | waiteeDone (GoalPtr waitee) override |
| StorePathSet | exportReferences (const StorePathSet &storePaths) |
| JobCategory | jobCategory () const override |
| Hint for the scheduler, which concurrency limit applies. | |
| Public Member Functions inherited from nix::Goal | |
| Goal (Worker &worker, bool isDependency) | |
| kj::Promise< Result< WorkResult > > | work () noexcept |
| void | trace (std::string_view s) |
| std::string | getName () const |
| virtual void | cleanup () |
Static Public Member Functions | |
| static std::unique_ptr< LocalDerivationGoal > | makeLocalDerivationGoal (const StorePath &drvPath, const OutputsSpec &wantedOutputs, Worker &worker, bool isDependency, BuildMode buildMode) |
| static std::unique_ptr< LocalDerivationGoal > | makeLocalDerivationGoal (DrvHasRoot drvRoot, const StorePath &drvPath, const BasicDerivation &drv, const OutputsSpec &wantedOutputs, Worker &worker, bool isDependency, BuildMode buildMode) |
Public Attributes | |
| std::unique_ptr< UserLock > | buildUser |
| Pid | pid |
| std::optional< Path > | cgroup |
| Path | tmpDirRoot |
| Path | tmpDir |
| AutoCloseFD | tmpDirRootFd |
| AutoCloseFD | tmpDirFd |
| Path | tmpDirInSandbox |
| AutoCloseFD | builderOutPTY |
| Pipe | userNamespaceSync |
| bool | usingUserNamespace = true |
| bool | useChroot = false |
| Path | chrootRootDir |
| std::shared_ptr< AutoDelete > | autoDelChroot |
| bool | privateNetwork = false |
| PathsInChroot | pathsInChroot |
| Environment | env |
| StringMap | inputRewrites |
| StringMap | outputRewrites |
| RedirectedOutputs | redirectedOutputs |
| OutputPathMap | scratchOutputs |
| std::map< Path, ValidPathInfo > | prevInfos |
| std::vector< std::thread > | daemonWorkerThreads |
| Public Attributes inherited from nix::DerivationGoal | |
| bool | isDone = false |
| bool | useDerivation |
| StorePath | drvPath |
| std::shared_ptr< DerivationGoal > | resolvedDrvGoal |
| OutputsSpec | wantedOutputs |
| std::map< std::pair< StorePath, std::string >, StorePath > | inputDrvOutputs |
| NeedRestartForMoreOutputs | needRestart = NeedRestartForMoreOutputs::OutputsUnmodifedDontNeed |
| bool | anyHashMismatchSeen = false |
| bool | anyCheckMismatchSeen = false |
| RetrySubstitution | retrySubstitution = RetrySubstitution::NoNeed |
| std::unique_ptr< Derivation > | drv |
| std::unique_ptr< ParsedDerivation > | parsedDrv |
| std::optional< PathLocks > | outputLocks |
| StorePathSet | inputPaths |
| std::map< std::string, InitialOutput > | initialOutputs |
| BuildResult | buildResult |
| AutoCloseFD | fdLogFile |
| std::shared_ptr< BufferedSink > | logFileSink |
| std::shared_ptr< BufferedSink > | logSink |
| unsigned long | logSize |
| std::list< std::string > | logTail |
| std::string | currentLogLine |
| size_t | currentLogLinePos = 0 |
| std::string | currentHookLine |
| std::unique_ptr< HookInstance > | hook |
| AutoCloseFD * | builderOutFD = nullptr |
| std::optional< DerivationType > | derivationType |
| BuildMode | buildMode |
| NotifyingCounter< uint64_t >::Bump | mcExpectedBuilds |
| NotifyingCounter< uint64_t >::Bump | mcRunningBuilds |
| std::unique_ptr< Activity > | act |
| std::unique_ptr< Activity > | actLock |
| std::map< ActivityId, Activity > | builderActivities |
| std::string | machineName |
| Public Attributes inherited from nix::Goal | |
| Worker & | worker |
| const bool | isDependency |
| size_t | nrFailed = 0 |
| size_t | nrNoSubstituters = 0 |
| size_t | nrIncompleteClosure = 0 |
| std::string | name |
Static Public Attributes | |
| static const Path | homeDir = "/homeless-shelter" |
Protected Member Functions | |
| virtual void | prepareSandbox () |
| virtual std::string | rewriteResolvConf (std::string fromHost) |
| virtual Pid | startChild (std::function< void()> openSlave) |
| virtual void | setupSyscallFilter () |
| virtual void | execBuilder (std::string builder, Strings args, Strings envStrs) |
| virtual bool | supportsUidRange () |
| virtual bool | respectsTimeouts () override |
| DerivationGoal (const StorePath &drvPath, const OutputsSpec &wantedOutputs, Worker &worker, bool isDependency, BuildMode buildMode=bmNormal) | |
| DerivationGoal (DrvHasRoot, const StorePath &drvPath, const BasicDerivation &drv, const OutputsSpec &wantedOutputs, Worker &worker, bool isDependency, BuildMode buildMode=bmNormal) | |
| Protected Member Functions inherited from nix::DerivationGoal | |
| kj::Promise< Outcome< void, WorkResult > > | handleChildOutput () noexcept |
| kj::Promise< Outcome< void, WorkResult > > | handleChildStreams (InputStream &builderIn, InputStream *hookIn) noexcept |
| kj::Promise< Outcome< void, WorkResult > > | handleBuilderOutput (InputStream &in) noexcept |
| kj::Promise< Outcome< void, WorkResult > > | handleHookOutput (InputStream &in) noexcept |
| kj::Promise< Outcome< void, WorkResult > > | monitorForSilence () noexcept |
| WorkResult | tooMuchLogs () |
| void | flushLine () |
| Protected Member Functions inherited from nix::Goal | |
| kj::Promise< void > | waitForAWhile () |
| kj::Promise< Result< void > > | waitForGoals (kj::Array< std::pair< GoalPtr, kj::Promise< Result< WorkResult > > > > dependencies) noexcept |
| template<std::derived_from< Goal >... G> | |
| kj::Promise< Result< void > > | waitForGoals (std::pair< std::shared_ptr< G >, kj::Promise< Result< WorkResult > > >... goals) noexcept |
| std::string | lixAsyncTaskContext () const |
Protected Attributes | |
| bool | runPasta = false |
| Protected Attributes inherited from nix::DerivationGoal | |
| kj::TimePoint | lastChildActivity = kj::minValue |
| Protected Attributes inherited from nix::Goal | |
| AsyncSemaphore::Token | slotToken |
Member Function Documentation
◆ checkOutputs()
| kj::Promise< Result< void > > nix::LocalDerivationGoal::checkOutputs | ( | const std::map< std::string, ValidPathInfo > & | outputs, |
| const std::map< std::string, StorePath > & | alreadyRegisteredOutputs ) |
Check that an output meets the requirements specified by the 'outputChecks' attribute (or the legacy '{allowed,disallowed}{References,Requisites}' attributes).
◆ chownToBuilder() [1/2]
| void nix::LocalDerivationGoal::chownToBuilder | ( | const AutoCloseFD & | fd | ) |
Make a file owned by the builder addressed by its file descriptor.
◆ chownToBuilder() [2/2]
| void nix::LocalDerivationGoal::chownToBuilder | ( | const Path & | path | ) |
Make a file owned by the builder addressed by its path.
SAFETY: this function is prone to TOCTOU as it receives a path and not a descriptor. It's only safe to call in a child of a directory only visible to the owner.
◆ cleanupDecideWhetherDiskFull()
|
overridevirtual |
Reimplemented from nix::DerivationGoal.
◆ cleanupHookFinally()
|
overridevirtual |
Cleanup hooks for buildDone()
Reimplemented from nix::DerivationGoal.
◆ cleanupPostChildKill()
|
overridevirtual |
Reimplemented from nix::DerivationGoal.
◆ cleanupPostOutputsRegisteredModeCheck()
|
overridevirtual |
Reimplemented from nix::DerivationGoal.
◆ cleanupPostOutputsRegisteredModeNonCheck()
|
overridevirtual |
Reimplemented from nix::DerivationGoal.
◆ cleanupPreChildKill()
|
overridevirtual |
Reimplemented from nix::DerivationGoal.
◆ closeReadPipes()
|
overridevirtual |
Close the read side of the logger pipe.
Reimplemented from nix::DerivationGoal.
◆ execBuilder()
|
protectedvirtual |
Execute the builder, replacing the current process. Generally this means an execve call.
◆ finalizeTmpDir()
| void nix::LocalDerivationGoal::finalizeTmpDir | ( | bool | force, |
| bool | duringDestruction = false ) |
Delete the temporary directory or make it visible to the user requesting this build, if a temporary directory was created at all. Temporary files of derivations using builtin builders are deleted even for keep-failed builds as otherwise we may expose secrets (e.g. from the system .netrc).
◆ getChildStatus()
|
overridevirtual |
Reimplemented from nix::DerivationGoal.
◆ initEnv()
| void nix::LocalDerivationGoal::initEnv | ( | ) |
Fill in the environment for the builder.
◆ initTmpDir()
| void nix::LocalDerivationGoal::initTmpDir | ( | ) |
Setup tmp dir location.
◆ killChild()
|
finaloverridevirtual |
Forcibly kill the child process, if any.
Called by destructor, can't be overridden
Reimplemented from nix::DerivationGoal.
◆ killSandbox()
|
virtual |
Kill any processes running under the build user UID or in the cgroup of the build.
◆ makeFallbackPath() [1/2]
Create alternative path calculated from but distinct from the input, so we can avoid overwriting outputs (or other store paths) that already exist.
◆ makeFallbackPath() [2/2]
| StorePath nix::LocalDerivationGoal::makeFallbackPath | ( | OutputNameView | outputName | ) |
Make a path to another based on the output name along with the derivation hash.
- Todo
- Add option to randomize, so we can audit whether our rewrites caught everything
◆ makeLocalDerivationGoal() [1/2]
|
static |
Create a LocalDerivationGoal without an on-disk .drv file, possibly a platform-specific subclass
◆ makeLocalDerivationGoal() [2/2]
|
static |
Create a LocalDerivationGoal for an on-disk .drv file, possibly a platform-specific subclass
◆ needsHashRewrite()
|
virtual |
Whether we need to perform hash rewriting if there are valid output paths.
◆ prepareSandbox()
|
inlineprotectedvirtual |
Setup dependencies outside the sandbox. Called in the parent nix process.
◆ registerOutputs()
|
overridevirtual |
Check that the derivation outputs all exist and register them as valid.
Reimplemented from nix::DerivationGoal.
◆ respectsTimeouts()
|
inlineoverrideprotectedvirtual |
Reimplemented from nix::DerivationGoal.
◆ rewriteResolvConf()
|
inlineprotectedvirtual |
Rewrite resolv.conf for use in the sandbox. Used in the linux platform to replace nameservers * when using pasta for fixed output derivations.
◆ runChild()
| void nix::LocalDerivationGoal::runChild | ( | ) |
Run the builder's process.
◆ setupSyscallFilter()
|
inlineprotectedvirtual |
Set up the system call filtering required for the sandbox. This currently only has an effect on Linux.
◆ signRealisation()
|
overridevirtual |
Sign the newly built realisation if the store allows it
Reimplemented from nix::DerivationGoal.
◆ startBuilder()
| kj::Promise< Result< void > > nix::LocalDerivationGoal::startBuilder | ( | ) |
Start building a derivation.
◆ startChild()
|
protectedvirtual |
Create a new process that runs openSlave and runChild On some platforms this process is created with sandboxing flags.
◆ supportsUidRange()
|
inlineprotectedvirtual |
Whether derivation can be built on current platform with uid-range feature
◆ tryLocalBuild()
|
overridevirtualnoexcept |
The additional states.
Reimplemented from nix::DerivationGoal.
◆ writeStructuredAttrs()
| kj::Promise< Result< void > > nix::LocalDerivationGoal::writeStructuredAttrs | ( | ) |
Write a JSON file containing the derivation attributes.
Member Data Documentation
◆ autoDelChroot
| std::shared_ptr<AutoDelete> nix::LocalDerivationGoal::autoDelChroot |
RAII object to delete the chroot directory.
◆ builderOutPTY
| AutoCloseFD nix::LocalDerivationGoal::builderOutPTY |
Master side of the pseudoterminal used for the builder's standard output/error.
◆ buildUser
| std::unique_ptr<UserLock> nix::LocalDerivationGoal::buildUser |
User selected for running the builder.
◆ cgroup
| std::optional<Path> nix::LocalDerivationGoal::cgroup |
The cgroup of the builder, if any.
◆ daemonWorkerThreads
| std::vector<std::thread> nix::LocalDerivationGoal::daemonWorkerThreads |
The daemon worker threads.
◆ inputRewrites
| StringMap nix::LocalDerivationGoal::inputRewrites |
Hash rewriting.
◆ pid
| Pid nix::LocalDerivationGoal::pid |
The process ID of the builder.
◆ prevInfos
| std::map<Path, ValidPathInfo> nix::LocalDerivationGoal::prevInfos |
Path registration info from the previous round, if we're building multiple times. Since this contains the hash, it allows us to compare whether two rounds produced the same result.
◆ privateNetwork
| bool nix::LocalDerivationGoal::privateNetwork = false |
Whether to run the build in a private network namespace.
◆ runPasta
|
protected |
Whether to run pasta for network-endowed derivations. Running pasta currently requires actively waiting for its net-ns setup to finish.
◆ scratchOutputs
| OutputPathMap nix::LocalDerivationGoal::scratchOutputs |
The outputs paths used during the build.
- Input-addressed derivations or fixed content-addressed outputs are sometimes built when some of their outputs already exist, and can not be hidden via sandboxing. We use temporary locations instead and rewrite after the build. Otherwise the regular predetermined paths are put here.
- Floating content-addressed derivations do not know their final build output paths until the outputs are hashed, so random locations are used, and then renamed. The randomness helps guard against hidden self-references.
◆ tmpDirInSandbox
| Path nix::LocalDerivationGoal::tmpDirInSandbox |
The path of the temporary directory in the sandbox.
◆ tmpDirRoot
| Path nix::LocalDerivationGoal::tmpDirRoot |
The temporary directory.
◆ tmpDirRootFd
| AutoCloseFD nix::LocalDerivationGoal::tmpDirRootFd |
The temporary directory file descriptor
◆ useChroot
| bool nix::LocalDerivationGoal::useChroot = false |
Whether we're currently doing a chroot build.
◆ userNamespaceSync
| Pipe nix::LocalDerivationGoal::userNamespaceSync |
Pipe for synchronising updates to the builder namespaces.
◆ usingUserNamespace
| bool nix::LocalDerivationGoal::usingUserNamespace = true |
On Linux, whether we're doing the build in its own user namespace.
The documentation for this struct was generated from the following files:
- lix/libstore/build/local-derivation-goal.hh
- lix/libstore/platform.cc
- lix/libstore/build/local-derivation-goal.cc
