Commit | Line | Data |
---|---|---|
36457566 LC |
1 | #include "config.h" |
2 | ||
3 | #include "references.hh" | |
4 | #include "pathlocks.hh" | |
5 | #include "misc.hh" | |
6 | #include "globals.hh" | |
7 | #include "local-store.hh" | |
8 | #include "util.hh" | |
9 | #include "archive.hh" | |
10 | #include "affinity.hh" | |
11 | ||
12 | #include <map> | |
13 | #include <sstream> | |
14 | #include <algorithm> | |
15 | ||
15ddeff5 | 16 | #include <limits.h> |
36457566 LC |
17 | #include <time.h> |
18 | #include <sys/time.h> | |
19 | #include <sys/wait.h> | |
20 | #include <sys/types.h> | |
21 | #include <sys/stat.h> | |
22 | #include <sys/utsname.h> | |
23 | #include <fcntl.h> | |
24 | #include <unistd.h> | |
25 | #include <errno.h> | |
26 | #include <stdio.h> | |
27 | #include <cstring> | |
28 | ||
29 | #include <pwd.h> | |
30 | #include <grp.h> | |
31 | ||
32 | #include <bzlib.h> | |
33 | ||
34 | /* Includes required for chroot support. */ | |
35 | #if HAVE_SYS_PARAM_H | |
36 | #include <sys/param.h> | |
37 | #endif | |
38 | #if HAVE_SYS_MOUNT_H | |
39 | #include <sys/mount.h> | |
40 | #endif | |
54c260e6 LC |
41 | #if HAVE_SYS_SYSCALL_H |
42 | #include <sys/syscall.h> | |
43 | #endif | |
36457566 LC |
44 | #if HAVE_SCHED_H |
45 | #include <sched.h> | |
46 | #endif | |
47 | ||
48 | /* In GNU libc 2.11, <sys/mount.h> does not define `MS_PRIVATE', but | |
49 | <linux/fs.h> does. */ | |
50 | #if !defined MS_PRIVATE && defined HAVE_LINUX_FS_H | |
51 | #include <linux/fs.h> | |
52 | #endif | |
53 | ||
54c260e6 | 54 | #define CHROOT_ENABLED HAVE_CHROOT && HAVE_UNSHARE && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_PRIVATE) && defined(CLONE_NEWNS) && defined(SYS_pivot_root) |
36457566 LC |
55 | |
56 | #if CHROOT_ENABLED | |
57 | #include <sys/socket.h> | |
58 | #include <sys/ioctl.h> | |
59 | #include <net/if.h> | |
60 | #include <netinet/ip.h> | |
61 | #endif | |
62 | ||
2bb04905 | 63 | #if __linux__ |
36457566 | 64 | #include <sys/personality.h> |
36457566 LC |
65 | #endif |
66 | ||
67 | #if HAVE_STATVFS | |
68 | #include <sys/statvfs.h> | |
69 | #endif | |
70 | ||
71 | ||
72 | namespace nix { | |
73 | ||
74 | using std::map; | |
75 | ||
76 | ||
77 | static string pathNullDevice = "/dev/null"; | |
78 | ||
79 | ||
80 | /* Forward definition. */ | |
81 | class Worker; | |
82 | struct HookInstance; | |
83 | ||
84 | ||
85 | /* A pointer to a goal. */ | |
86 | class Goal; | |
87 | typedef std::shared_ptr<Goal> GoalPtr; | |
88 | typedef std::weak_ptr<Goal> WeakGoalPtr; | |
89 | ||
2bb04905 LC |
90 | struct CompareGoalPtrs { |
91 | bool operator() (const GoalPtr & a, const GoalPtr & b); | |
92 | }; | |
93 | ||
36457566 | 94 | /* Set of goals. */ |
2bb04905 | 95 | typedef set<GoalPtr, CompareGoalPtrs> Goals; |
36457566 LC |
96 | typedef list<WeakGoalPtr> WeakGoals; |
97 | ||
98 | /* A map of paths to goals (and the other way around). */ | |
99 | typedef map<Path, WeakGoalPtr> WeakGoalMap; | |
100 | ||
101 | ||
102 | ||
103 | class Goal : public std::enable_shared_from_this<Goal> | |
104 | { | |
105 | public: | |
106 | typedef enum {ecBusy, ecSuccess, ecFailed, ecNoSubstituters, ecIncompleteClosure} ExitCode; | |
107 | ||
108 | protected: | |
109 | ||
110 | /* Backlink to the worker. */ | |
111 | Worker & worker; | |
112 | ||
113 | /* Goals that this goal is waiting for. */ | |
114 | Goals waitees; | |
115 | ||
116 | /* Goals waiting for this one to finish. Must use weak pointers | |
117 | here to prevent cycles. */ | |
118 | WeakGoals waiters; | |
119 | ||
120 | /* Number of goals we are/were waiting for that have failed. */ | |
121 | unsigned int nrFailed; | |
122 | ||
123 | /* Number of substitution goals we are/were waiting for that | |
124 | failed because there are no substituters. */ | |
125 | unsigned int nrNoSubstituters; | |
126 | ||
127 | /* Number of substitution goals we are/were waiting for that | |
128 | failed because othey had unsubstitutable references. */ | |
129 | unsigned int nrIncompleteClosure; | |
130 | ||
131 | /* Name of this goal for debugging purposes. */ | |
132 | string name; | |
133 | ||
134 | /* Whether the goal is finished. */ | |
135 | ExitCode exitCode; | |
136 | ||
137 | Goal(Worker & worker) : worker(worker) | |
138 | { | |
139 | nrFailed = nrNoSubstituters = nrIncompleteClosure = 0; | |
140 | exitCode = ecBusy; | |
141 | } | |
142 | ||
143 | virtual ~Goal() | |
144 | { | |
145 | trace("goal destroyed"); | |
146 | } | |
147 | ||
148 | public: | |
149 | virtual void work() = 0; | |
150 | ||
151 | void addWaitee(GoalPtr waitee); | |
152 | ||
153 | virtual void waiteeDone(GoalPtr waitee, ExitCode result); | |
154 | ||
155 | virtual void handleChildOutput(int fd, const string & data) | |
156 | { | |
157 | abort(); | |
158 | } | |
159 | ||
160 | virtual void handleEOF(int fd) | |
161 | { | |
162 | abort(); | |
163 | } | |
164 | ||
165 | void trace(const format & f); | |
166 | ||
167 | string getName() | |
168 | { | |
169 | return name; | |
170 | } | |
171 | ||
172 | ExitCode getExitCode() | |
173 | { | |
174 | return exitCode; | |
175 | } | |
176 | ||
177 | /* Cancel the goal. It should wake up its waiters, get rid of any | |
178 | running child processes that are being monitored by the worker | |
179 | (important!), etc. */ | |
180 | virtual void cancel(bool timeout) = 0; | |
181 | ||
2bb04905 LC |
182 | virtual string key() = 0; |
183 | ||
36457566 LC |
184 | protected: |
185 | void amDone(ExitCode result); | |
186 | }; | |
187 | ||
188 | ||
2bb04905 LC |
189 | bool CompareGoalPtrs::operator() (const GoalPtr & a, const GoalPtr & b) { |
190 | string s1 = a->key(); | |
191 | string s2 = b->key(); | |
192 | return s1 < s2; | |
193 | } | |
194 | ||
195 | ||
36457566 LC |
196 | /* A mapping used to remember for each child process to what goal it |
197 | belongs, and file descriptors for receiving log data and output | |
198 | path creation commands. */ | |
199 | struct Child | |
200 | { | |
201 | WeakGoalPtr goal; | |
202 | set<int> fds; | |
203 | bool respectTimeouts; | |
204 | bool inBuildSlot; | |
205 | time_t lastOutput; /* time we last got output on stdout/stderr */ | |
206 | time_t timeStarted; | |
207 | }; | |
208 | ||
209 | typedef map<pid_t, Child> Children; | |
210 | ||
211 | ||
212 | /* The worker class. */ | |
213 | class Worker | |
214 | { | |
215 | private: | |
216 | ||
217 | /* Note: the worker should only have strong pointers to the | |
218 | top-level goals. */ | |
219 | ||
220 | /* The top-level goals of the worker. */ | |
221 | Goals topGoals; | |
222 | ||
223 | /* Goals that are ready to do some work. */ | |
224 | WeakGoals awake; | |
225 | ||
226 | /* Goals waiting for a build slot. */ | |
227 | WeakGoals wantingToBuild; | |
228 | ||
229 | /* Child processes currently running. */ | |
230 | Children children; | |
231 | ||
232 | /* Number of build slots occupied. This includes local builds and | |
233 | substitutions but not remote builds via the build hook. */ | |
234 | unsigned int nrLocalBuilds; | |
235 | ||
236 | /* Maps used to prevent multiple instantiations of a goal for the | |
237 | same derivation / path. */ | |
238 | WeakGoalMap derivationGoals; | |
239 | WeakGoalMap substitutionGoals; | |
240 | ||
241 | /* Goals waiting for busy paths to be unlocked. */ | |
242 | WeakGoals waitingForAnyGoal; | |
243 | ||
244 | /* Goals sleeping for a few seconds (polling a lock). */ | |
245 | WeakGoals waitingForAWhile; | |
246 | ||
247 | /* Last time the goals in `waitingForAWhile' where woken up. */ | |
248 | time_t lastWokenUp; | |
249 | ||
250 | public: | |
251 | ||
252 | /* Set if at least one derivation had a BuildError (i.e. permanent | |
253 | failure). */ | |
254 | bool permanentFailure; | |
255 | ||
2bb04905 LC |
256 | /* Set if at least one derivation had a timeout. */ |
257 | bool timedOut; | |
258 | ||
36457566 LC |
259 | LocalStore & store; |
260 | ||
261 | std::shared_ptr<HookInstance> hook; | |
262 | ||
263 | Worker(LocalStore & store); | |
264 | ~Worker(); | |
265 | ||
266 | /* Make a goal (with caching). */ | |
267 | GoalPtr makeDerivationGoal(const Path & drvPath, const StringSet & wantedOutputs, BuildMode buildMode = bmNormal); | |
268 | GoalPtr makeSubstitutionGoal(const Path & storePath, bool repair = false); | |
269 | ||
270 | /* Remove a dead goal. */ | |
271 | void removeGoal(GoalPtr goal); | |
272 | ||
273 | /* Wake up a goal (i.e., there is something for it to do). */ | |
274 | void wakeUp(GoalPtr goal); | |
275 | ||
276 | /* Return the number of local build and substitution processes | |
277 | currently running (but not remote builds via the build | |
278 | hook). */ | |
279 | unsigned int getNrLocalBuilds(); | |
280 | ||
281 | /* Registers a running child process. `inBuildSlot' means that | |
282 | the process counts towards the jobs limit. */ | |
283 | void childStarted(GoalPtr goal, pid_t pid, | |
284 | const set<int> & fds, bool inBuildSlot, bool respectTimeouts); | |
285 | ||
286 | /* Unregisters a running child process. `wakeSleepers' should be | |
287 | false if there is no sense in waking up goals that are sleeping | |
288 | because they can't run yet (e.g., there is no free build slot, | |
289 | or the hook would still say `postpone'). */ | |
290 | void childTerminated(pid_t pid, bool wakeSleepers = true); | |
291 | ||
292 | /* Put `goal' to sleep until a build slot becomes available (which | |
293 | might be right away). */ | |
294 | void waitForBuildSlot(GoalPtr goal); | |
295 | ||
296 | /* Wait for any goal to finish. Pretty indiscriminate way to | |
297 | wait for some resource that some other goal is holding. */ | |
298 | void waitForAnyGoal(GoalPtr goal); | |
299 | ||
300 | /* Wait for a few seconds and then retry this goal. Used when | |
301 | waiting for a lock held by another process. This kind of | |
302 | polling is inefficient, but POSIX doesn't really provide a way | |
303 | to wait for multiple locks in the main select() loop. */ | |
304 | void waitForAWhile(GoalPtr goal); | |
305 | ||
306 | /* Loop until the specified top-level goals have finished. */ | |
307 | void run(const Goals & topGoals); | |
308 | ||
309 | /* Wait for input to become available. */ | |
310 | void waitForInput(); | |
311 | ||
312 | unsigned int exitStatus(); | |
313 | }; | |
314 | ||
315 | ||
316 | ////////////////////////////////////////////////////////////////////// | |
317 | ||
318 | ||
319 | void addToWeakGoals(WeakGoals & goals, GoalPtr p) | |
320 | { | |
321 | // FIXME: necessary? | |
2bb04905 | 322 | // FIXME: O(n) |
36457566 LC |
323 | foreach (WeakGoals::iterator, i, goals) |
324 | if (i->lock() == p) return; | |
325 | goals.push_back(p); | |
326 | } | |
327 | ||
328 | ||
329 | void Goal::addWaitee(GoalPtr waitee) | |
330 | { | |
331 | waitees.insert(waitee); | |
332 | addToWeakGoals(waitee->waiters, shared_from_this()); | |
333 | } | |
334 | ||
335 | ||
336 | void Goal::waiteeDone(GoalPtr waitee, ExitCode result) | |
337 | { | |
338 | assert(waitees.find(waitee) != waitees.end()); | |
339 | waitees.erase(waitee); | |
340 | ||
341 | trace(format("waitee `%1%' done; %2% left") % | |
342 | waitee->name % waitees.size()); | |
343 | ||
344 | if (result == ecFailed || result == ecNoSubstituters || result == ecIncompleteClosure) ++nrFailed; | |
345 | ||
346 | if (result == ecNoSubstituters) ++nrNoSubstituters; | |
347 | ||
348 | if (result == ecIncompleteClosure) ++nrIncompleteClosure; | |
349 | ||
350 | if (waitees.empty() || (result == ecFailed && !settings.keepGoing)) { | |
351 | ||
352 | /* If we failed and keepGoing is not set, we remove all | |
353 | remaining waitees. */ | |
354 | foreach (Goals::iterator, i, waitees) { | |
355 | GoalPtr goal = *i; | |
356 | WeakGoals waiters2; | |
357 | foreach (WeakGoals::iterator, j, goal->waiters) | |
358 | if (j->lock() != shared_from_this()) waiters2.push_back(*j); | |
359 | goal->waiters = waiters2; | |
360 | } | |
361 | waitees.clear(); | |
362 | ||
363 | worker.wakeUp(shared_from_this()); | |
364 | } | |
365 | } | |
366 | ||
367 | ||
368 | void Goal::amDone(ExitCode result) | |
369 | { | |
370 | trace("done"); | |
371 | assert(exitCode == ecBusy); | |
372 | assert(result == ecSuccess || result == ecFailed || result == ecNoSubstituters || result == ecIncompleteClosure); | |
373 | exitCode = result; | |
374 | foreach (WeakGoals::iterator, i, waiters) { | |
375 | GoalPtr goal = i->lock(); | |
376 | if (goal) goal->waiteeDone(shared_from_this(), result); | |
377 | } | |
378 | waiters.clear(); | |
379 | worker.removeGoal(shared_from_this()); | |
380 | } | |
381 | ||
382 | ||
383 | void Goal::trace(const format & f) | |
384 | { | |
385 | debug(format("%1%: %2%") % name % f); | |
386 | } | |
387 | ||
388 | ||
389 | ||
390 | ////////////////////////////////////////////////////////////////////// | |
391 | ||
392 | ||
393 | /* Common initialisation performed in child processes. */ | |
394 | static void commonChildInit(Pipe & logPipe) | |
395 | { | |
36457566 LC |
396 | /* Put the child in a separate session (and thus a separate |
397 | process group) so that it has no controlling terminal (meaning | |
398 | that e.g. ssh cannot open /dev/tty) and it doesn't receive | |
399 | terminal signals. */ | |
400 | if (setsid() == -1) | |
401 | throw SysError(format("creating a new session")); | |
402 | ||
403 | /* Dup the write side of the logger pipe into stderr. */ | |
404 | if (dup2(logPipe.writeSide, STDERR_FILENO) == -1) | |
405 | throw SysError("cannot pipe standard error into log file"); | |
406 | ||
407 | /* Dup stderr to stdout. */ | |
408 | if (dup2(STDERR_FILENO, STDOUT_FILENO) == -1) | |
409 | throw SysError("cannot dup stderr into stdout"); | |
410 | ||
411 | /* Reroute stdin to /dev/null. */ | |
412 | int fdDevNull = open(pathNullDevice.c_str(), O_RDWR); | |
413 | if (fdDevNull == -1) | |
414 | throw SysError(format("cannot open `%1%'") % pathNullDevice); | |
415 | if (dup2(fdDevNull, STDIN_FILENO) == -1) | |
416 | throw SysError("cannot dup null device into stdin"); | |
417 | close(fdDevNull); | |
418 | } | |
419 | ||
36457566 LC |
420 | /* Restore default handling of SIGPIPE, otherwise some programs will |
421 | randomly say "Broken pipe". */ | |
422 | static void restoreSIGPIPE() | |
423 | { | |
424 | struct sigaction act, oact; | |
425 | act.sa_handler = SIG_DFL; | |
426 | act.sa_flags = 0; | |
427 | sigemptyset(&act.sa_mask); | |
428 | if (sigaction(SIGPIPE, &act, &oact)) throw SysError("resetting SIGPIPE"); | |
429 | } | |
430 | ||
431 | ||
432 | ////////////////////////////////////////////////////////////////////// | |
433 | ||
434 | ||
435 | class UserLock | |
436 | { | |
437 | private: | |
438 | /* POSIX locks suck. If we have a lock on a file, and we open and | |
439 | close that file again (without closing the original file | |
440 | descriptor), we lose the lock. So we have to be *very* careful | |
441 | not to open a lock file on which we are holding a lock. */ | |
442 | static PathSet lockedPaths; /* !!! not thread-safe */ | |
443 | ||
444 | Path fnUserLock; | |
445 | AutoCloseFD fdUserLock; | |
446 | ||
447 | string user; | |
448 | uid_t uid; | |
449 | gid_t gid; | |
322eeb87 | 450 | std::vector<gid_t> supplementaryGIDs; |
36457566 LC |
451 | |
452 | public: | |
453 | UserLock(); | |
454 | ~UserLock(); | |
455 | ||
456 | void acquire(); | |
457 | void release(); | |
458 | ||
459 | void kill(); | |
460 | ||
461 | string getUser() { return user; } | |
462 | uid_t getUID() { return uid; } | |
463 | uid_t getGID() { return gid; } | |
322eeb87 | 464 | std::vector<gid_t> getSupplementaryGIDs() { return supplementaryGIDs; } |
36457566 LC |
465 | |
466 | bool enabled() { return uid != 0; } | |
467 | ||
468 | }; | |
469 | ||
470 | ||
471 | PathSet UserLock::lockedPaths; | |
472 | ||
473 | ||
474 | UserLock::UserLock() | |
475 | { | |
476 | uid = gid = 0; | |
477 | } | |
478 | ||
479 | ||
480 | UserLock::~UserLock() | |
481 | { | |
482 | release(); | |
483 | } | |
484 | ||
485 | ||
486 | void UserLock::acquire() | |
487 | { | |
488 | assert(uid == 0); | |
489 | ||
490 | assert(settings.buildUsersGroup != ""); | |
491 | ||
492 | /* Get the members of the build-users-group. */ | |
493 | struct group * gr = getgrnam(settings.buildUsersGroup.c_str()); | |
494 | if (!gr) | |
495 | throw Error(format("the group `%1%' specified in `build-users-group' does not exist") | |
496 | % settings.buildUsersGroup); | |
497 | gid = gr->gr_gid; | |
498 | ||
499 | /* Copy the result of getgrnam. */ | |
500 | Strings users; | |
501 | for (char * * p = gr->gr_mem; *p; ++p) { | |
502 | debug(format("found build user `%1%'") % *p); | |
503 | users.push_back(*p); | |
504 | } | |
505 | ||
506 | if (users.empty()) | |
507 | throw Error(format("the build users group `%1%' has no members") | |
508 | % settings.buildUsersGroup); | |
509 | ||
510 | /* Find a user account that isn't currently in use for another | |
511 | build. */ | |
512 | foreach (Strings::iterator, i, users) { | |
513 | debug(format("trying user `%1%'") % *i); | |
514 | ||
515 | struct passwd * pw = getpwnam(i->c_str()); | |
516 | if (!pw) | |
517 | throw Error(format("the user `%1%' in the group `%2%' does not exist") | |
518 | % *i % settings.buildUsersGroup); | |
519 | ||
520 | createDirs(settings.nixStateDir + "/userpool"); | |
521 | ||
522 | fnUserLock = (format("%1%/userpool/%2%") % settings.nixStateDir % pw->pw_uid).str(); | |
523 | ||
524 | if (lockedPaths.find(fnUserLock) != lockedPaths.end()) | |
525 | /* We already have a lock on this one. */ | |
526 | continue; | |
527 | ||
528 | AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT, 0600); | |
529 | if (fd == -1) | |
530 | throw SysError(format("opening user lock `%1%'") % fnUserLock); | |
531 | closeOnExec(fd); | |
532 | ||
533 | if (lockFile(fd, ltWrite, false)) { | |
534 | fdUserLock = fd.borrow(); | |
535 | lockedPaths.insert(fnUserLock); | |
536 | user = *i; | |
537 | uid = pw->pw_uid; | |
538 | ||
539 | /* Sanity check... */ | |
540 | if (uid == getuid() || uid == geteuid()) | |
541 | throw Error(format("the Nix user should not be a member of `%1%'") | |
542 | % settings.buildUsersGroup); | |
543 | ||
322eeb87 LC |
544 | /* Get the list of supplementary groups of this build user. This |
545 | is usually either empty or contains a group such as "kvm". */ | |
546 | supplementaryGIDs.resize(10); | |
547 | int ngroups = supplementaryGIDs.size(); | |
548 | int err = getgrouplist(pw->pw_name, pw->pw_gid, | |
549 | supplementaryGIDs.data(), &ngroups); | |
550 | if (err == -1) | |
551 | throw Error(format("failed to get list of supplementary groups for ‘%1%’") % pw->pw_name); | |
552 | ||
553 | supplementaryGIDs.resize(ngroups); | |
554 | ||
36457566 LC |
555 | return; |
556 | } | |
557 | } | |
558 | ||
559 | throw Error(format("all build users are currently in use; " | |
560 | "consider creating additional users and adding them to the `%1%' group") | |
561 | % settings.buildUsersGroup); | |
562 | } | |
563 | ||
564 | ||
565 | void UserLock::release() | |
566 | { | |
567 | if (uid == 0) return; | |
568 | fdUserLock.close(); /* releases lock */ | |
569 | assert(lockedPaths.find(fnUserLock) != lockedPaths.end()); | |
570 | lockedPaths.erase(fnUserLock); | |
571 | fnUserLock = ""; | |
572 | uid = 0; | |
573 | } | |
574 | ||
575 | ||
576 | void UserLock::kill() | |
577 | { | |
578 | assert(enabled()); | |
579 | killUser(uid); | |
580 | } | |
581 | ||
582 | ||
583 | ////////////////////////////////////////////////////////////////////// | |
584 | ||
585 | ||
586 | struct HookInstance | |
587 | { | |
588 | /* Pipes for talking to the build hook. */ | |
589 | Pipe toHook; | |
590 | ||
591 | /* Pipe for the hook's standard output/error. */ | |
592 | Pipe fromHook; | |
593 | ||
594 | /* Pipe for the builder's standard output/error. */ | |
595 | Pipe builderOut; | |
596 | ||
597 | /* The process ID of the hook. */ | |
598 | Pid pid; | |
599 | ||
600 | HookInstance(); | |
601 | ||
602 | ~HookInstance(); | |
603 | }; | |
604 | ||
605 | ||
606 | HookInstance::HookInstance() | |
607 | { | |
608 | debug("starting build hook"); | |
609 | ||
2bb04905 LC |
610 | Path buildHook = getEnv("NIX_BUILD_HOOK"); |
611 | if (string(buildHook, 0, 1) != "/") buildHook = settings.nixLibexecDir + "/nix/" + buildHook; | |
612 | buildHook = canonPath(buildHook); | |
36457566 LC |
613 | |
614 | /* Create a pipe to get the output of the child. */ | |
615 | fromHook.create(); | |
616 | ||
617 | /* Create the communication pipes. */ | |
618 | toHook.create(); | |
619 | ||
620 | /* Create a pipe to get the output of the builder. */ | |
621 | builderOut.create(); | |
622 | ||
623 | /* Fork the hook. */ | |
2bb04905 | 624 | pid = startProcess([&]() { |
36457566 | 625 | |
2bb04905 | 626 | commonChildInit(fromHook); |
36457566 | 627 | |
2bb04905 | 628 | if (chdir("/") == -1) throw SysError("changing into `/"); |
36457566 | 629 | |
2bb04905 LC |
630 | /* Dup the communication pipes. */ |
631 | if (dup2(toHook.readSide, STDIN_FILENO) == -1) | |
632 | throw SysError("dupping to-hook read side"); | |
36457566 | 633 | |
2bb04905 LC |
634 | /* Use fd 4 for the builder's stdout/stderr. */ |
635 | if (dup2(builderOut.writeSide, 4) == -1) | |
636 | throw SysError("dupping builder's stdout/stderr"); | |
36457566 | 637 | |
2bb04905 LC |
638 | execl(buildHook.c_str(), buildHook.c_str(), settings.thisSystem.c_str(), |
639 | (format("%1%") % settings.maxSilentTime).str().c_str(), | |
640 | (format("%1%") % settings.printBuildTrace).str().c_str(), | |
641 | (format("%1%") % settings.buildTimeout).str().c_str(), | |
642 | NULL); | |
36457566 | 643 | |
2bb04905 LC |
644 | throw SysError(format("executing `%1%'") % buildHook); |
645 | }); | |
36457566 | 646 | |
36457566 | 647 | pid.setSeparatePG(true); |
36457566 LC |
648 | fromHook.writeSide.close(); |
649 | toHook.readSide.close(); | |
650 | } | |
651 | ||
652 | ||
653 | HookInstance::~HookInstance() | |
654 | { | |
655 | try { | |
2bb04905 LC |
656 | toHook.writeSide.close(); |
657 | pid.kill(true); | |
36457566 LC |
658 | } catch (...) { |
659 | ignoreException(); | |
660 | } | |
661 | } | |
662 | ||
663 | ||
664 | ////////////////////////////////////////////////////////////////////// | |
665 | ||
666 | ||
667 | typedef map<string, string> HashRewrites; | |
668 | ||
669 | ||
670 | string rewriteHashes(string s, const HashRewrites & rewrites) | |
671 | { | |
672 | foreach (HashRewrites::const_iterator, i, rewrites) { | |
673 | assert(i->first.size() == i->second.size()); | |
674 | size_t j = 0; | |
675 | while ((j = s.find(i->first, j)) != string::npos) { | |
676 | debug(format("rewriting @ %1%") % j); | |
677 | s.replace(j, i->second.size(), i->second); | |
678 | } | |
679 | } | |
680 | return s; | |
681 | } | |
682 | ||
683 | ||
684 | ////////////////////////////////////////////////////////////////////// | |
685 | ||
686 | ||
687 | typedef enum {rpAccept, rpDecline, rpPostpone} HookReply; | |
688 | ||
689 | class SubstitutionGoal; | |
690 | ||
691 | class DerivationGoal : public Goal | |
692 | { | |
693 | private: | |
694 | /* The path of the derivation. */ | |
695 | Path drvPath; | |
696 | ||
697 | /* The specific outputs that we need to build. Empty means all of | |
698 | them. */ | |
699 | StringSet wantedOutputs; | |
700 | ||
701 | /* Whether additional wanted outputs have been added. */ | |
702 | bool needRestart; | |
703 | ||
704 | /* Whether to retry substituting the outputs after building the | |
705 | inputs. */ | |
706 | bool retrySubstitution; | |
707 | ||
708 | /* The derivation stored at drvPath. */ | |
709 | Derivation drv; | |
710 | ||
711 | /* The remainder is state held during the build. */ | |
712 | ||
713 | /* Locks on the output paths. */ | |
714 | PathLocks outputLocks; | |
715 | ||
716 | /* All input paths (that is, the union of FS closures of the | |
717 | immediate input paths). */ | |
718 | PathSet inputPaths; | |
719 | ||
720 | /* Referenceable paths (i.e., input and output paths). */ | |
721 | PathSet allPaths; | |
722 | ||
723 | /* Outputs that are already valid. If we're repairing, these are | |
724 | the outputs that are valid *and* not corrupt. */ | |
725 | PathSet validPaths; | |
726 | ||
727 | /* Outputs that are corrupt or not valid. */ | |
728 | PathSet missingPaths; | |
729 | ||
730 | /* User selected for running the builder. */ | |
731 | UserLock buildUser; | |
732 | ||
733 | /* The process ID of the builder. */ | |
734 | Pid pid; | |
735 | ||
736 | /* The temporary directory. */ | |
737 | Path tmpDir; | |
738 | ||
739 | /* File descriptor for the log file. */ | |
740 | FILE * fLogFile; | |
741 | BZFILE * bzLogFile; | |
742 | AutoCloseFD fdLogFile; | |
743 | ||
744 | /* Number of bytes received from the builder's stdout/stderr. */ | |
745 | unsigned long logSize; | |
746 | ||
747 | /* Pipe for the builder's standard output/error. */ | |
748 | Pipe builderOut; | |
749 | ||
750 | /* The build hook. */ | |
751 | std::shared_ptr<HookInstance> hook; | |
752 | ||
753 | /* Whether we're currently doing a chroot build. */ | |
754 | bool useChroot; | |
755 | ||
756 | Path chrootRootDir; | |
757 | ||
758 | /* RAII object to delete the chroot directory. */ | |
759 | std::shared_ptr<AutoDelete> autoDelChroot; | |
760 | ||
761 | /* All inputs that are regular files. */ | |
762 | PathSet regularInputPaths; | |
763 | ||
764 | /* Whether this is a fixed-output derivation. */ | |
765 | bool fixedOutput; | |
766 | ||
767 | typedef void (DerivationGoal::*GoalState)(); | |
768 | GoalState state; | |
769 | ||
54c260e6 | 770 | /* Stuff we need to pass to runChild(). */ |
36457566 LC |
771 | typedef map<Path, Path> DirsInChroot; // maps target path to source path |
772 | DirsInChroot dirsInChroot; | |
773 | typedef map<string, string> Environment; | |
774 | Environment env; | |
775 | ||
776 | /* Hash rewriting. */ | |
777 | HashRewrites rewritesToTmp, rewritesFromTmp; | |
778 | typedef map<Path, Path> RedirectedOutputs; | |
779 | RedirectedOutputs redirectedOutputs; | |
780 | ||
781 | BuildMode buildMode; | |
782 | ||
783 | /* If we're repairing without a chroot, there may be outputs that | |
784 | are valid but corrupt. So we redirect these outputs to | |
785 | temporary paths. */ | |
786 | PathSet redirectedBadOutputs; | |
787 | ||
788 | /* Set of inodes seen during calls to canonicalisePathMetaData() | |
789 | for this build's outputs. This needs to be shared between | |
790 | outputs to allow hard links between outputs. */ | |
791 | InodesSeen inodesSeen; | |
792 | ||
36457566 LC |
793 | public: |
794 | DerivationGoal(const Path & drvPath, const StringSet & wantedOutputs, Worker & worker, BuildMode buildMode = bmNormal); | |
795 | ~DerivationGoal(); | |
796 | ||
797 | void cancel(bool timeout); | |
798 | ||
2bb04905 LC |
799 | string key() |
800 | { | |
801 | /* Ensure that derivations get built in order of their name, | |
802 | i.e. a derivation named "aardvark" always comes before | |
803 | "baboon". And substitution goals always happen before | |
804 | derivation goals (due to "b$"). */ | |
805 | return "b$" + storePathToName(drvPath) + "$" + drvPath; | |
806 | } | |
807 | ||
36457566 LC |
808 | void work(); |
809 | ||
810 | Path getDrvPath() | |
811 | { | |
812 | return drvPath; | |
813 | } | |
814 | ||
815 | /* Add wanted outputs to an already existing derivation goal. */ | |
816 | void addWantedOutputs(const StringSet & outputs); | |
817 | ||
818 | private: | |
819 | /* The states. */ | |
820 | void init(); | |
821 | void haveDerivation(); | |
822 | void outputsSubstituted(); | |
823 | void closureRepaired(); | |
824 | void inputsRealised(); | |
825 | void tryToBuild(); | |
826 | void buildDone(); | |
827 | ||
828 | /* Is the build hook willing to perform the build? */ | |
829 | HookReply tryBuildHook(); | |
830 | ||
831 | /* Start building a derivation. */ | |
832 | void startBuilder(); | |
833 | ||
54c260e6 LC |
834 | /* Run the builder's process. */ |
835 | void runChild(); | |
36457566 LC |
836 | |
837 | friend int childEntry(void *); | |
838 | ||
839 | /* Check that the derivation outputs all exist and register them | |
840 | as valid. */ | |
841 | void registerOutputs(); | |
842 | ||
843 | /* Open a log file and a pipe to it. */ | |
844 | Path openLogFile(); | |
845 | ||
846 | /* Close the log file. */ | |
847 | void closeLogFile(); | |
848 | ||
849 | /* Delete the temporary directory, if we have one. */ | |
850 | void deleteTmpDir(bool force); | |
851 | ||
852 | /* Callback used by the worker to write to the log. */ | |
853 | void handleChildOutput(int fd, const string & data); | |
854 | void handleEOF(int fd); | |
855 | ||
856 | /* Return the set of (in)valid paths. */ | |
857 | PathSet checkPathValidity(bool returnValid, bool checkHash); | |
858 | ||
859 | /* Abort the goal if `path' failed to build. */ | |
860 | bool pathFailed(const Path & path); | |
861 | ||
862 | /* Forcibly kill the child process, if any. */ | |
863 | void killChild(); | |
864 | ||
865 | Path addHashRewrite(const Path & path); | |
866 | ||
867 | void repairClosure(); | |
868 | }; | |
869 | ||
870 | ||
871 | DerivationGoal::DerivationGoal(const Path & drvPath, const StringSet & wantedOutputs, Worker & worker, BuildMode buildMode) | |
872 | : Goal(worker) | |
873 | , wantedOutputs(wantedOutputs) | |
874 | , needRestart(false) | |
875 | , retrySubstitution(false) | |
876 | , fLogFile(0) | |
877 | , bzLogFile(0) | |
878 | , useChroot(false) | |
879 | , buildMode(buildMode) | |
880 | { | |
881 | this->drvPath = drvPath; | |
882 | state = &DerivationGoal::init; | |
883 | name = (format("building of `%1%'") % drvPath).str(); | |
884 | trace("created"); | |
885 | } | |
886 | ||
887 | ||
888 | DerivationGoal::~DerivationGoal() | |
889 | { | |
890 | /* Careful: we should never ever throw an exception from a | |
891 | destructor. */ | |
2bb04905 LC |
892 | try { killChild(); } catch (...) { ignoreException(); } |
893 | try { deleteTmpDir(false); } catch (...) { ignoreException(); } | |
894 | try { closeLogFile(); } catch (...) { ignoreException(); } | |
36457566 LC |
895 | } |
896 | ||
897 | ||
898 | void DerivationGoal::killChild() | |
899 | { | |
900 | if (pid != -1) { | |
901 | worker.childTerminated(pid); | |
902 | ||
903 | if (buildUser.enabled()) { | |
904 | /* If we're using a build user, then there is a tricky | |
905 | race condition: if we kill the build user before the | |
906 | child has done its setuid() to the build user uid, then | |
907 | it won't be killed, and we'll potentially lock up in | |
908 | pid.wait(). So also send a conventional kill to the | |
909 | child. */ | |
910 | ::kill(-pid, SIGKILL); /* ignore the result */ | |
911 | buildUser.kill(); | |
912 | pid.wait(true); | |
913 | } else | |
914 | pid.kill(); | |
915 | ||
916 | assert(pid == -1); | |
917 | } | |
918 | ||
919 | hook.reset(); | |
920 | } | |
921 | ||
922 | ||
923 | void DerivationGoal::cancel(bool timeout) | |
924 | { | |
925 | if (settings.printBuildTrace && timeout) | |
926 | printMsg(lvlError, format("@ build-failed %1% - timeout") % drvPath); | |
927 | killChild(); | |
928 | amDone(ecFailed); | |
929 | } | |
930 | ||
931 | ||
932 | void DerivationGoal::work() | |
933 | { | |
934 | (this->*state)(); | |
935 | } | |
936 | ||
937 | ||
938 | void DerivationGoal::addWantedOutputs(const StringSet & outputs) | |
939 | { | |
940 | /* If we already want all outputs, there is nothing to do. */ | |
941 | if (wantedOutputs.empty()) return; | |
942 | ||
943 | if (outputs.empty()) { | |
944 | wantedOutputs.clear(); | |
945 | needRestart = true; | |
946 | } else | |
947 | foreach (StringSet::const_iterator, i, outputs) | |
948 | if (wantedOutputs.find(*i) == wantedOutputs.end()) { | |
949 | wantedOutputs.insert(*i); | |
950 | needRestart = true; | |
951 | } | |
952 | } | |
953 | ||
954 | ||
955 | void DerivationGoal::init() | |
956 | { | |
957 | trace("init"); | |
958 | ||
959 | if (settings.readOnlyMode) | |
960 | throw Error(format("cannot build derivation `%1%' - no write access to the Nix store") % drvPath); | |
961 | ||
962 | /* The first thing to do is to make sure that the derivation | |
963 | exists. If it doesn't, it may be created through a | |
964 | substitute. */ | |
2bb04905 LC |
965 | if (buildMode == bmNormal && worker.store.isValidPath(drvPath)) { |
966 | haveDerivation(); | |
967 | return; | |
968 | } | |
969 | ||
36457566 LC |
970 | addWaitee(worker.makeSubstitutionGoal(drvPath)); |
971 | ||
972 | state = &DerivationGoal::haveDerivation; | |
973 | } | |
974 | ||
975 | ||
976 | void DerivationGoal::haveDerivation() | |
977 | { | |
978 | trace("loading derivation"); | |
979 | ||
980 | if (nrFailed != 0) { | |
981 | printMsg(lvlError, format("cannot build missing derivation `%1%'") % drvPath); | |
982 | amDone(ecFailed); | |
983 | return; | |
984 | } | |
985 | ||
986 | /* `drvPath' should already be a root, but let's be on the safe | |
987 | side: if the user forgot to make it a root, we wouldn't want | |
988 | things being garbage collected while we're busy. */ | |
989 | worker.store.addTempRoot(drvPath); | |
990 | ||
991 | assert(worker.store.isValidPath(drvPath)); | |
992 | ||
993 | /* Get the derivation. */ | |
994 | drv = derivationFromPath(worker.store, drvPath); | |
995 | ||
996 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
997 | worker.store.addTempRoot(i->second.path); | |
998 | ||
999 | /* Check what outputs paths are not already valid. */ | |
1000 | PathSet invalidOutputs = checkPathValidity(false, buildMode == bmRepair); | |
1001 | ||
1002 | /* If they are all valid, then we're done. */ | |
1003 | if (invalidOutputs.size() == 0 && buildMode == bmNormal) { | |
1004 | amDone(ecSuccess); | |
1005 | return; | |
1006 | } | |
1007 | ||
1008 | /* Check whether any output previously failed to build. If so, | |
1009 | don't bother. */ | |
1010 | foreach (PathSet::iterator, i, invalidOutputs) | |
1011 | if (pathFailed(*i)) return; | |
1012 | ||
1013 | /* We are first going to try to create the invalid output paths | |
1014 | through substitutes. If that doesn't work, we'll build | |
1015 | them. */ | |
322eeb87 | 1016 | if (settings.useSubstitutes && substitutesAllowed(drv)) |
36457566 LC |
1017 | foreach (PathSet::iterator, i, invalidOutputs) |
1018 | addWaitee(worker.makeSubstitutionGoal(*i, buildMode == bmRepair)); | |
1019 | ||
1020 | if (waitees.empty()) /* to prevent hang (no wake-up event) */ | |
1021 | outputsSubstituted(); | |
1022 | else | |
1023 | state = &DerivationGoal::outputsSubstituted; | |
1024 | } | |
1025 | ||
1026 | ||
1027 | void DerivationGoal::outputsSubstituted() | |
1028 | { | |
1029 | trace("all outputs substituted (maybe)"); | |
1030 | ||
1031 | if (nrFailed > 0 && nrFailed > nrNoSubstituters + nrIncompleteClosure && !settings.tryFallback) | |
1032 | throw Error(format("some substitutes for the outputs of derivation `%1%' failed (usually happens due to networking issues); try `--fallback' to build derivation from source ") % drvPath); | |
1033 | ||
1034 | /* If the substitutes form an incomplete closure, then we should | |
1035 | build the dependencies of this derivation, but after that, we | |
1036 | can still use the substitutes for this derivation itself. */ | |
1037 | if (nrIncompleteClosure > 0 && !retrySubstitution) retrySubstitution = true; | |
1038 | ||
1039 | nrFailed = nrNoSubstituters = nrIncompleteClosure = 0; | |
1040 | ||
1041 | if (needRestart) { | |
1042 | needRestart = false; | |
1043 | haveDerivation(); | |
1044 | return; | |
1045 | } | |
1046 | ||
1047 | unsigned int nrInvalid = checkPathValidity(false, buildMode == bmRepair).size(); | |
1048 | if (buildMode == bmNormal && nrInvalid == 0) { | |
1049 | amDone(ecSuccess); | |
1050 | return; | |
1051 | } | |
1052 | if (buildMode == bmRepair && nrInvalid == 0) { | |
1053 | repairClosure(); | |
1054 | return; | |
1055 | } | |
1056 | if (buildMode == bmCheck && nrInvalid > 0) | |
1057 | throw Error(format("some outputs of `%1%' are not valid, so checking is not possible") % drvPath); | |
1058 | ||
1059 | /* Otherwise, at least one of the output paths could not be | |
1060 | produced using a substitute. So we have to build instead. */ | |
1061 | ||
1062 | /* Make sure checkPathValidity() from now on checks all | |
1063 | outputs. */ | |
1064 | wantedOutputs = PathSet(); | |
1065 | ||
1066 | /* The inputs must be built before we can build this goal. */ | |
1067 | foreach (DerivationInputs::iterator, i, drv.inputDrvs) | |
1068 | addWaitee(worker.makeDerivationGoal(i->first, i->second, buildMode == bmRepair ? bmRepair : bmNormal)); | |
1069 | ||
1070 | foreach (PathSet::iterator, i, drv.inputSrcs) | |
1071 | addWaitee(worker.makeSubstitutionGoal(*i)); | |
1072 | ||
1073 | if (waitees.empty()) /* to prevent hang (no wake-up event) */ | |
1074 | inputsRealised(); | |
1075 | else | |
1076 | state = &DerivationGoal::inputsRealised; | |
1077 | } | |
1078 | ||
1079 | ||
1080 | void DerivationGoal::repairClosure() | |
1081 | { | |
1082 | /* If we're repairing, we now know that our own outputs are valid. | |
1083 | Now check whether the other paths in the outputs closure are | |
1084 | good. If not, then start derivation goals for the derivations | |
1085 | that produced those outputs. */ | |
1086 | ||
1087 | /* Get the output closure. */ | |
1088 | PathSet outputClosure; | |
1089 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1090 | computeFSClosure(worker.store, i->second.path, outputClosure); | |
1091 | ||
1092 | /* Filter out our own outputs (which we have already checked). */ | |
1093 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1094 | outputClosure.erase(i->second.path); | |
1095 | ||
1096 | /* Get all dependencies of this derivation so that we know which | |
1097 | derivation is responsible for which path in the output | |
1098 | closure. */ | |
1099 | PathSet inputClosure; | |
1100 | computeFSClosure(worker.store, drvPath, inputClosure); | |
1101 | std::map<Path, Path> outputsToDrv; | |
1102 | foreach (PathSet::iterator, i, inputClosure) | |
1103 | if (isDerivation(*i)) { | |
1104 | Derivation drv = derivationFromPath(worker.store, *i); | |
1105 | foreach (DerivationOutputs::iterator, j, drv.outputs) | |
1106 | outputsToDrv[j->second.path] = *i; | |
1107 | } | |
1108 | ||
1109 | /* Check each path (slow!). */ | |
1110 | PathSet broken; | |
1111 | foreach (PathSet::iterator, i, outputClosure) { | |
1112 | if (worker.store.pathContentsGood(*i)) continue; | |
1113 | printMsg(lvlError, format("found corrupted or missing path `%1%' in the output closure of `%2%'") % *i % drvPath); | |
1114 | Path drvPath2 = outputsToDrv[*i]; | |
1115 | if (drvPath2 == "") | |
1116 | addWaitee(worker.makeSubstitutionGoal(*i, true)); | |
1117 | else | |
1118 | addWaitee(worker.makeDerivationGoal(drvPath2, PathSet(), bmRepair)); | |
1119 | } | |
1120 | ||
1121 | if (waitees.empty()) { | |
1122 | amDone(ecSuccess); | |
1123 | return; | |
1124 | } | |
1125 | ||
1126 | state = &DerivationGoal::closureRepaired; | |
1127 | } | |
1128 | ||
1129 | ||
1130 | void DerivationGoal::closureRepaired() | |
1131 | { | |
1132 | trace("closure repaired"); | |
1133 | if (nrFailed > 0) | |
1134 | throw Error(format("some paths in the output closure of derivation `%1%' could not be repaired") % drvPath); | |
1135 | amDone(ecSuccess); | |
1136 | } | |
1137 | ||
1138 | ||
1139 | void DerivationGoal::inputsRealised() | |
1140 | { | |
1141 | trace("all inputs realised"); | |
1142 | ||
1143 | if (nrFailed != 0) { | |
1144 | printMsg(lvlError, | |
1145 | format("cannot build derivation `%1%': %2% dependencies couldn't be built") | |
1146 | % drvPath % nrFailed); | |
1147 | amDone(ecFailed); | |
1148 | return; | |
1149 | } | |
1150 | ||
1151 | if (retrySubstitution) { | |
1152 | haveDerivation(); | |
1153 | return; | |
1154 | } | |
1155 | ||
1156 | /* Gather information necessary for computing the closure and/or | |
1157 | running the build hook. */ | |
1158 | ||
1159 | /* The outputs are referenceable paths. */ | |
1160 | foreach (DerivationOutputs::iterator, i, drv.outputs) { | |
1161 | debug(format("building path `%1%'") % i->second.path); | |
1162 | allPaths.insert(i->second.path); | |
1163 | } | |
1164 | ||
1165 | /* Determine the full set of input paths. */ | |
1166 | ||
1167 | /* First, the input derivations. */ | |
1168 | foreach (DerivationInputs::iterator, i, drv.inputDrvs) { | |
1169 | /* Add the relevant output closures of the input derivation | |
1170 | `*i' as input paths. Only add the closures of output paths | |
1171 | that are specified as inputs. */ | |
1172 | assert(worker.store.isValidPath(i->first)); | |
1173 | Derivation inDrv = derivationFromPath(worker.store, i->first); | |
1174 | foreach (StringSet::iterator, j, i->second) | |
1175 | if (inDrv.outputs.find(*j) != inDrv.outputs.end()) | |
1176 | computeFSClosure(worker.store, inDrv.outputs[*j].path, inputPaths); | |
1177 | else | |
1178 | throw Error( | |
1179 | format("derivation `%1%' requires non-existent output `%2%' from input derivation `%3%'") | |
1180 | % drvPath % *j % i->first); | |
1181 | } | |
1182 | ||
1183 | /* Second, the input sources. */ | |
1184 | foreach (PathSet::iterator, i, drv.inputSrcs) | |
1185 | computeFSClosure(worker.store, *i, inputPaths); | |
1186 | ||
1187 | debug(format("added input paths %1%") % showPaths(inputPaths)); | |
1188 | ||
1189 | allPaths.insert(inputPaths.begin(), inputPaths.end()); | |
1190 | ||
1191 | /* Is this a fixed-output derivation? */ | |
1192 | fixedOutput = true; | |
1193 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1194 | if (i->second.hash == "") fixedOutput = false; | |
1195 | ||
1196 | /* Okay, try to build. Note that here we don't wait for a build | |
1197 | slot to become available, since we don't need one if there is a | |
1198 | build hook. */ | |
1199 | state = &DerivationGoal::tryToBuild; | |
1200 | worker.wakeUp(shared_from_this()); | |
1201 | } | |
1202 | ||
1203 | ||
322eeb87 | 1204 | static bool canBuildLocally(const string & platform) |
36457566 | 1205 | { |
322eeb87 LC |
1206 | return platform == settings.thisSystem |
1207 | #if __linux__ | |
1208 | || (platform == "i686-linux" && settings.thisSystem == "x86_64-linux") | |
1209 | #endif | |
1210 | ; | |
36457566 LC |
1211 | } |
1212 | ||
1213 | ||
322eeb87 | 1214 | static string get(const StringPairs & map, const string & key, const string & def = "") |
36457566 LC |
1215 | { |
1216 | StringPairs::const_iterator i = map.find(key); | |
322eeb87 | 1217 | return i == map.end() ? def : i->second; |
36457566 LC |
1218 | } |
1219 | ||
1220 | ||
322eeb87 | 1221 | bool willBuildLocally(const Derivation & drv) |
36457566 | 1222 | { |
322eeb87 | 1223 | return get(drv.env, "preferLocalBuild") == "1" && canBuildLocally(drv.platform); |
36457566 LC |
1224 | } |
1225 | ||
1226 | ||
322eeb87 | 1227 | bool substitutesAllowed(const Derivation & drv) |
36457566 | 1228 | { |
322eeb87 | 1229 | return get(drv.env, "allowSubstitutes", "1") == "1"; |
36457566 LC |
1230 | } |
1231 | ||
1232 | ||
1233 | void DerivationGoal::tryToBuild() | |
1234 | { | |
1235 | trace("trying to build"); | |
1236 | ||
1237 | /* Check for the possibility that some other goal in this process | |
1238 | has locked the output since we checked in haveDerivation(). | |
1239 | (It can't happen between here and the lockPaths() call below | |
1240 | because we're not allowing multi-threading.) If so, put this | |
1241 | goal to sleep until another goal finishes, then try again. */ | |
1242 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1243 | if (pathIsLockedByMe(i->second.path)) { | |
1244 | debug(format("putting derivation `%1%' to sleep because `%2%' is locked by another goal") | |
1245 | % drvPath % i->second.path); | |
1246 | worker.waitForAnyGoal(shared_from_this()); | |
1247 | return; | |
1248 | } | |
1249 | ||
1250 | /* Obtain locks on all output paths. The locks are automatically | |
1251 | released when we exit this function or Nix crashes. If we | |
1252 | can't acquire the lock, then continue; hopefully some other | |
1253 | goal can start a build, and if not, the main loop will sleep a | |
1254 | few seconds and then retry this goal. */ | |
322eeb87 | 1255 | if (!outputLocks.lockPaths(outputPaths(drv), "", false)) { |
36457566 LC |
1256 | worker.waitForAWhile(shared_from_this()); |
1257 | return; | |
1258 | } | |
1259 | ||
1260 | /* Now check again whether the outputs are valid. This is because | |
1261 | another process may have started building in parallel. After | |
1262 | it has finished and released the locks, we can (and should) | |
1263 | reuse its results. (Strictly speaking the first check can be | |
1264 | omitted, but that would be less efficient.) Note that since we | |
1265 | now hold the locks on the output paths, no other process can | |
1266 | build this derivation, so no further checks are necessary. */ | |
1267 | validPaths = checkPathValidity(true, buildMode == bmRepair); | |
1268 | assert(buildMode != bmCheck || validPaths.size() == drv.outputs.size()); | |
1269 | if (buildMode != bmCheck && validPaths.size() == drv.outputs.size()) { | |
1270 | debug(format("skipping build of derivation `%1%', someone beat us to it") % drvPath); | |
1271 | outputLocks.setDeletion(true); | |
1272 | amDone(ecSuccess); | |
1273 | return; | |
1274 | } | |
1275 | ||
322eeb87 | 1276 | missingPaths = outputPaths(drv); |
36457566 LC |
1277 | if (buildMode != bmCheck) |
1278 | foreach (PathSet::iterator, i, validPaths) missingPaths.erase(*i); | |
1279 | ||
1280 | /* If any of the outputs already exist but are not valid, delete | |
1281 | them. */ | |
1282 | foreach (DerivationOutputs::iterator, i, drv.outputs) { | |
1283 | Path path = i->second.path; | |
1284 | if (worker.store.isValidPath(path)) continue; | |
1285 | if (!pathExists(path)) continue; | |
1286 | debug(format("removing invalid path `%1%'") % path); | |
1287 | deletePath(path); | |
1288 | } | |
1289 | ||
1290 | /* Check again whether any output previously failed to build, | |
1291 | because some other process may have tried and failed before we | |
1292 | acquired the lock. */ | |
1293 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1294 | if (pathFailed(i->second.path)) return; | |
1295 | ||
1296 | /* Don't do a remote build if the derivation has the attribute | |
1297 | `preferLocalBuild' set. Also, check and repair modes are only | |
1298 | supported for local builds. */ | |
1299 | bool buildLocally = buildMode != bmNormal || willBuildLocally(drv); | |
1300 | ||
1301 | /* Is the build hook willing to accept this job? */ | |
1302 | if (!buildLocally) { | |
1303 | switch (tryBuildHook()) { | |
1304 | case rpAccept: | |
1305 | /* Yes, it has started doing so. Wait until we get | |
1306 | EOF from the hook. */ | |
1307 | state = &DerivationGoal::buildDone; | |
1308 | return; | |
1309 | case rpPostpone: | |
1310 | /* Not now; wait until at least one child finishes or | |
1311 | the wake-up timeout expires. */ | |
1312 | worker.waitForAWhile(shared_from_this()); | |
1313 | outputLocks.unlock(); | |
1314 | return; | |
1315 | case rpDecline: | |
1316 | /* We should do it ourselves. */ | |
1317 | break; | |
1318 | } | |
1319 | } | |
1320 | ||
1321 | /* Make sure that we are allowed to start a build. If this | |
1322 | derivation prefers to be done locally, do it even if | |
1323 | maxBuildJobs is 0. */ | |
1324 | unsigned int curBuilds = worker.getNrLocalBuilds(); | |
1325 | if (curBuilds >= settings.maxBuildJobs && !(buildLocally && curBuilds == 0)) { | |
1326 | worker.waitForBuildSlot(shared_from_this()); | |
1327 | outputLocks.unlock(); | |
1328 | return; | |
1329 | } | |
1330 | ||
1331 | try { | |
1332 | ||
1333 | /* Okay, we have to build. */ | |
1334 | startBuilder(); | |
1335 | ||
1336 | } catch (BuildError & e) { | |
1337 | printMsg(lvlError, e.msg()); | |
1338 | outputLocks.unlock(); | |
1339 | buildUser.release(); | |
1340 | if (settings.printBuildTrace) | |
1341 | printMsg(lvlError, format("@ build-failed %1% - %2% %3%") | |
1342 | % drvPath % 0 % e.msg()); | |
1343 | worker.permanentFailure = true; | |
1344 | amDone(ecFailed); | |
1345 | return; | |
1346 | } | |
1347 | ||
1348 | /* This state will be reached when we get EOF on the child's | |
1349 | log pipe. */ | |
1350 | state = &DerivationGoal::buildDone; | |
1351 | } | |
1352 | ||
1353 | ||
1354 | void replaceValidPath(const Path & storePath, const Path tmpPath) | |
1355 | { | |
1356 | /* We can't atomically replace storePath (the original) with | |
1357 | tmpPath (the replacement), so we have to move it out of the | |
1358 | way first. We'd better not be interrupted here, because if | |
1359 | we're repairing (say) Glibc, we end up with a broken system. */ | |
1360 | Path oldPath = (format("%1%.old-%2%-%3%") % storePath % getpid() % rand()).str(); | |
1361 | if (pathExists(storePath)) | |
1362 | rename(storePath.c_str(), oldPath.c_str()); | |
1363 | if (rename(tmpPath.c_str(), storePath.c_str()) == -1) | |
1364 | throw SysError(format("moving `%1%' to `%2%'") % tmpPath % storePath); | |
1365 | if (pathExists(oldPath)) | |
1366 | deletePath(oldPath); | |
1367 | } | |
1368 | ||
1369 | ||
1370 | void DerivationGoal::buildDone() | |
1371 | { | |
1372 | trace("build done"); | |
1373 | ||
1374 | /* Since we got an EOF on the logger pipe, the builder is presumed | |
1375 | to have terminated. In fact, the builder could also have | |
1376 | simply have closed its end of the pipe --- just don't do that | |
1377 | :-) */ | |
1378 | int status; | |
1379 | pid_t savedPid; | |
1380 | if (hook) { | |
1381 | savedPid = hook->pid; | |
1382 | status = hook->pid.wait(true); | |
1383 | } else { | |
1384 | /* !!! this could block! security problem! solution: kill the | |
1385 | child */ | |
1386 | savedPid = pid; | |
1387 | status = pid.wait(true); | |
1388 | } | |
1389 | ||
1390 | debug(format("builder process for `%1%' finished") % drvPath); | |
1391 | ||
1392 | /* So the child is gone now. */ | |
1393 | worker.childTerminated(savedPid); | |
1394 | ||
1395 | /* Close the read side of the logger pipe. */ | |
1396 | if (hook) { | |
1397 | hook->builderOut.readSide.close(); | |
1398 | hook->fromHook.readSide.close(); | |
1399 | } | |
1400 | else builderOut.readSide.close(); | |
1401 | ||
1402 | /* Close the log file. */ | |
1403 | closeLogFile(); | |
1404 | ||
1405 | /* When running under a build user, make sure that all processes | |
1406 | running under that uid are gone. This is to prevent a | |
1407 | malicious user from leaving behind a process that keeps files | |
1408 | open and modifies them after they have been chown'ed to | |
1409 | root. */ | |
1410 | if (buildUser.enabled()) buildUser.kill(); | |
1411 | ||
1412 | bool diskFull = false; | |
1413 | ||
1414 | try { | |
1415 | ||
1416 | /* Check the exit status. */ | |
1417 | if (!statusOk(status)) { | |
1418 | ||
1419 | /* Heuristically check whether the build failure may have | |
1420 | been caused by a disk full condition. We have no way | |
1421 | of knowing whether the build actually got an ENOSPC. | |
1422 | So instead, check if the disk is (nearly) full now. If | |
1423 | so, we don't mark this build as a permanent failure. */ | |
1424 | #if HAVE_STATVFS | |
1425 | unsigned long long required = 8ULL * 1024 * 1024; // FIXME: make configurable | |
1426 | struct statvfs st; | |
1427 | if (statvfs(settings.nixStore.c_str(), &st) == 0 && | |
1428 | (unsigned long long) st.f_bavail * st.f_bsize < required) | |
1429 | diskFull = true; | |
1430 | if (statvfs(tmpDir.c_str(), &st) == 0 && | |
1431 | (unsigned long long) st.f_bavail * st.f_bsize < required) | |
1432 | diskFull = true; | |
1433 | #endif | |
1434 | ||
1435 | deleteTmpDir(false); | |
1436 | ||
1437 | /* Move paths out of the chroot for easier debugging of | |
1438 | build failures. */ | |
1439 | if (useChroot && buildMode == bmNormal) | |
1440 | foreach (PathSet::iterator, i, missingPaths) | |
1441 | if (pathExists(chrootRootDir + *i)) | |
1442 | rename((chrootRootDir + *i).c_str(), i->c_str()); | |
1443 | ||
36457566 LC |
1444 | if (diskFull) |
1445 | printMsg(lvlError, "note: build failure may have been caused by lack of free disk space"); | |
1446 | ||
1447 | throw BuildError(format("builder for `%1%' %2%") | |
1448 | % drvPath % statusToString(status)); | |
1449 | } | |
1450 | ||
1451 | /* Compute the FS closure of the outputs and register them as | |
1452 | being valid. */ | |
1453 | registerOutputs(); | |
1454 | ||
1455 | if (buildMode == bmCheck) { | |
1456 | amDone(ecSuccess); | |
1457 | return; | |
1458 | } | |
1459 | ||
1460 | /* Delete unused redirected outputs (when doing hash rewriting). */ | |
1461 | foreach (RedirectedOutputs::iterator, i, redirectedOutputs) | |
1462 | if (pathExists(i->second)) deletePath(i->second); | |
1463 | ||
1464 | /* Delete the chroot (if we were using one). */ | |
1465 | autoDelChroot.reset(); /* this runs the destructor */ | |
1466 | ||
1467 | deleteTmpDir(true); | |
1468 | ||
1469 | /* It is now safe to delete the lock files, since all future | |
1470 | lockers will see that the output paths are valid; they will | |
1471 | not create new lock files with the same names as the old | |
1472 | (unlinked) lock files. */ | |
1473 | outputLocks.setDeletion(true); | |
1474 | outputLocks.unlock(); | |
1475 | ||
1476 | } catch (BuildError & e) { | |
2bb04905 LC |
1477 | if (!hook) |
1478 | printMsg(lvlError, e.msg()); | |
36457566 LC |
1479 | outputLocks.unlock(); |
1480 | buildUser.release(); | |
1481 | ||
2bb04905 LC |
1482 | if (hook && WIFEXITED(status) && WEXITSTATUS(status) == 101) { |
1483 | if (settings.printBuildTrace) | |
1484 | printMsg(lvlError, format("@ build-failed %1% - timeout") % drvPath); | |
1485 | worker.timedOut = true; | |
1486 | } | |
36457566 | 1487 | |
2bb04905 LC |
1488 | else if (hook && (!WIFEXITED(status) || WEXITSTATUS(status) != 100)) { |
1489 | if (settings.printBuildTrace) | |
36457566 LC |
1490 | printMsg(lvlError, format("@ hook-failed %1% - %2% %3%") |
1491 | % drvPath % status % e.msg()); | |
2bb04905 LC |
1492 | } |
1493 | ||
1494 | else { | |
1495 | if (settings.printBuildTrace) | |
36457566 LC |
1496 | printMsg(lvlError, format("@ build-failed %1% - %2% %3%") |
1497 | % drvPath % 1 % e.msg()); | |
2bb04905 LC |
1498 | worker.permanentFailure = !fixedOutput && !diskFull; |
1499 | ||
1500 | /* Register the outputs of this build as "failed" so we | |
1501 | won't try to build them again (negative caching). | |
1502 | However, don't do this for fixed-output derivations, | |
1503 | since they're likely to fail for transient reasons | |
1504 | (e.g., fetchurl not being able to access the network). | |
1505 | Hook errors (like communication problems with the | |
1506 | remote machine) shouldn't be cached either. */ | |
1507 | if (settings.cacheFailure && !fixedOutput && !diskFull) | |
1508 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1509 | worker.store.registerFailedPath(i->second.path); | |
36457566 LC |
1510 | } |
1511 | ||
36457566 LC |
1512 | amDone(ecFailed); |
1513 | return; | |
1514 | } | |
1515 | ||
1516 | /* Release the build user, if applicable. */ | |
1517 | buildUser.release(); | |
1518 | ||
1519 | if (settings.printBuildTrace) | |
1520 | printMsg(lvlError, format("@ build-succeeded %1% -") % drvPath); | |
1521 | ||
1522 | amDone(ecSuccess); | |
1523 | } | |
1524 | ||
1525 | ||
1526 | HookReply DerivationGoal::tryBuildHook() | |
1527 | { | |
1528 | if (!settings.useBuildHook || getEnv("NIX_BUILD_HOOK") == "") return rpDecline; | |
1529 | ||
1530 | if (!worker.hook) | |
1531 | worker.hook = std::shared_ptr<HookInstance>(new HookInstance); | |
1532 | ||
1533 | /* Tell the hook about system features (beyond the system type) | |
1534 | required from the build machine. (The hook could parse the | |
1535 | drv file itself, but this is easier.) */ | |
1536 | Strings features = tokenizeString<Strings>(get(drv.env, "requiredSystemFeatures")); | |
1537 | foreach (Strings::iterator, i, features) checkStoreName(*i); /* !!! abuse */ | |
1538 | ||
1539 | /* Send the request to the hook. */ | |
1540 | writeLine(worker.hook->toHook.writeSide, (format("%1% %2% %3% %4%") | |
1541 | % (worker.getNrLocalBuilds() < settings.maxBuildJobs ? "1" : "0") | |
1542 | % drv.platform % drvPath % concatStringsSep(",", features)).str()); | |
1543 | ||
1544 | /* Read the first line of input, which should be a word indicating | |
1545 | whether the hook wishes to perform the build. */ | |
1546 | string reply; | |
1547 | while (true) { | |
1548 | string s = readLine(worker.hook->fromHook.readSide); | |
1549 | if (string(s, 0, 2) == "# ") { | |
1550 | reply = string(s, 2); | |
1551 | break; | |
1552 | } | |
1553 | s += "\n"; | |
1554 | writeToStderr(s); | |
1555 | } | |
1556 | ||
1557 | debug(format("hook reply is `%1%'") % reply); | |
1558 | ||
1559 | if (reply == "decline" || reply == "postpone") | |
1560 | return reply == "decline" ? rpDecline : rpPostpone; | |
1561 | else if (reply != "accept") | |
1562 | throw Error(format("bad hook reply `%1%'") % reply); | |
1563 | ||
1564 | printMsg(lvlTalkative, format("using hook to build path(s) %1%") % showPaths(missingPaths)); | |
1565 | ||
1566 | hook = worker.hook; | |
1567 | worker.hook.reset(); | |
1568 | ||
1569 | /* Tell the hook all the inputs that have to be copied to the | |
1570 | remote system. This unfortunately has to contain the entire | |
1571 | derivation closure to ensure that the validity invariant holds | |
1572 | on the remote system. (I.e., it's unfortunate that we have to | |
1573 | list it since the remote system *probably* already has it.) */ | |
1574 | PathSet allInputs; | |
1575 | allInputs.insert(inputPaths.begin(), inputPaths.end()); | |
1576 | computeFSClosure(worker.store, drvPath, allInputs); | |
1577 | ||
1578 | string s; | |
1579 | foreach (PathSet::iterator, i, allInputs) { s += *i; s += ' '; } | |
1580 | writeLine(hook->toHook.writeSide, s); | |
1581 | ||
1582 | /* Tell the hooks the missing outputs that have to be copied back | |
1583 | from the remote system. */ | |
1584 | s = ""; | |
1585 | foreach (PathSet::iterator, i, missingPaths) { s += *i; s += ' '; } | |
1586 | writeLine(hook->toHook.writeSide, s); | |
1587 | ||
1588 | hook->toHook.writeSide.close(); | |
1589 | ||
1590 | /* Create the log file and pipe. */ | |
1591 | Path logFile = openLogFile(); | |
1592 | ||
1593 | set<int> fds; | |
1594 | fds.insert(hook->fromHook.readSide); | |
1595 | fds.insert(hook->builderOut.readSide); | |
1596 | worker.childStarted(shared_from_this(), hook->pid, fds, false, false); | |
1597 | ||
1598 | if (settings.printBuildTrace) | |
1599 | printMsg(lvlError, format("@ build-started %1% - %2% %3%") | |
1600 | % drvPath % drv.platform % logFile); | |
1601 | ||
1602 | return rpAccept; | |
1603 | } | |
1604 | ||
1605 | ||
1606 | void chmod_(const Path & path, mode_t mode) | |
1607 | { | |
1608 | if (chmod(path.c_str(), mode) == -1) | |
1609 | throw SysError(format("setting permissions on `%1%'") % path); | |
1610 | } | |
1611 | ||
1612 | ||
1613 | int childEntry(void * arg) | |
1614 | { | |
54c260e6 | 1615 | ((DerivationGoal *) arg)->runChild(); |
36457566 LC |
1616 | return 1; |
1617 | } | |
1618 | ||
1619 | ||
1620 | void DerivationGoal::startBuilder() | |
1621 | { | |
1622 | startNest(nest, lvlInfo, format( | |
1623 | buildMode == bmRepair ? "repairing path(s) %1%" : | |
1624 | buildMode == bmCheck ? "checking path(s) %1%" : | |
1625 | "building path(s) %1%") % showPaths(missingPaths)); | |
1626 | ||
1627 | /* Right platform? */ | |
1628 | if (!canBuildLocally(drv.platform)) { | |
1629 | if (settings.printBuildTrace) | |
1630 | printMsg(lvlError, format("@ unsupported-platform %1% %2%") % drvPath % drv.platform); | |
1631 | throw Error( | |
1632 | format("a `%1%' is required to build `%3%', but I am a `%2%'") | |
1633 | % drv.platform % settings.thisSystem % drvPath); | |
1634 | } | |
1635 | ||
1636 | /* Construct the environment passed to the builder. */ | |
1637 | ||
1638 | /* Most shells initialise PATH to some default (/bin:/usr/bin:...) when | |
1639 | PATH is not set. We don't want this, so we fill it in with some dummy | |
1640 | value. */ | |
1641 | env["PATH"] = "/path-not-set"; | |
1642 | ||
1643 | /* Set HOME to a non-existing path to prevent certain programs from using | |
1644 | /etc/passwd (or NIS, or whatever) to locate the home directory (for | |
1645 | example, wget looks for ~/.wgetrc). I.e., these tools use /etc/passwd | |
1646 | if HOME is not set, but they will just assume that the settings file | |
1647 | they are looking for does not exist if HOME is set but points to some | |
1648 | non-existing path. */ | |
1649 | Path homeDir = "/homeless-shelter"; | |
1650 | env["HOME"] = homeDir; | |
1651 | ||
1652 | /* Tell the builder where the Nix store is. Usually they | |
1653 | shouldn't care, but this is useful for purity checking (e.g., | |
1654 | the compiler or linker might only want to accept paths to files | |
1655 | in the store or in the build directory). */ | |
1656 | env["NIX_STORE"] = settings.nixStore; | |
1657 | ||
1658 | /* The maximum number of cores to utilize for parallel building. */ | |
1659 | env["NIX_BUILD_CORES"] = (format("%d") % settings.buildCores).str(); | |
1660 | ||
1661 | /* Add all bindings specified in the derivation. */ | |
1662 | foreach (StringPairs::iterator, i, drv.env) | |
1663 | env[i->first] = i->second; | |
1664 | ||
1665 | /* Create a temporary directory where the build will take | |
1666 | place. */ | |
1667 | tmpDir = createTempDir("", "nix-build-" + storePathToName(drvPath), false, false, 0700); | |
1668 | ||
1669 | /* For convenience, set an environment pointing to the top build | |
1670 | directory. */ | |
1671 | env["NIX_BUILD_TOP"] = tmpDir; | |
1672 | ||
1673 | /* Also set TMPDIR and variants to point to this directory. */ | |
1674 | env["TMPDIR"] = env["TEMPDIR"] = env["TMP"] = env["TEMP"] = tmpDir; | |
1675 | ||
1676 | /* Explicitly set PWD to prevent problems with chroot builds. In | |
1677 | particular, dietlibc cannot figure out the cwd because the | |
1678 | inode of the current directory doesn't appear in .. (because | |
1679 | getdents returns the inode of the mount point). */ | |
1680 | env["PWD"] = tmpDir; | |
1681 | ||
1682 | /* Compatibility hack with Nix <= 0.7: if this is a fixed-output | |
1683 | derivation, tell the builder, so that for instance `fetchurl' | |
1684 | can skip checking the output. On older Nixes, this environment | |
1685 | variable won't be set, so `fetchurl' will do the check. */ | |
1686 | if (fixedOutput) env["NIX_OUTPUT_CHECKED"] = "1"; | |
1687 | ||
1688 | /* *Only* if this is a fixed-output derivation, propagate the | |
1689 | values of the environment variables specified in the | |
1690 | `impureEnvVars' attribute to the builder. This allows for | |
1691 | instance environment variables for proxy configuration such as | |
1692 | `http_proxy' to be easily passed to downloaders like | |
1693 | `fetchurl'. Passing such environment variables from the caller | |
1694 | to the builder is generally impure, but the output of | |
1695 | fixed-output derivations is by definition pure (since we | |
1696 | already know the cryptographic hash of the output). */ | |
1697 | if (fixedOutput) { | |
1698 | Strings varNames = tokenizeString<Strings>(get(drv.env, "impureEnvVars")); | |
1699 | foreach (Strings::iterator, i, varNames) env[*i] = getEnv(*i); | |
1700 | } | |
1701 | ||
1702 | /* The `exportReferencesGraph' feature allows the references graph | |
1703 | to be passed to a builder. This attribute should be a list of | |
1704 | pairs [name1 path1 name2 path2 ...]. The references graph of | |
1705 | each `pathN' will be stored in a text file `nameN' in the | |
1706 | temporary build directory. The text files have the format used | |
1707 | by `nix-store --register-validity'. However, the deriver | |
1708 | fields are left empty. */ | |
1709 | string s = get(drv.env, "exportReferencesGraph"); | |
1710 | Strings ss = tokenizeString<Strings>(s); | |
1711 | if (ss.size() % 2 != 0) | |
1712 | throw BuildError(format("odd number of tokens in `exportReferencesGraph': `%1%'") % s); | |
1713 | for (Strings::iterator i = ss.begin(); i != ss.end(); ) { | |
1714 | string fileName = *i++; | |
1715 | checkStoreName(fileName); /* !!! abuse of this function */ | |
1716 | ||
1717 | /* Check that the store path is valid. */ | |
1718 | Path storePath = *i++; | |
1719 | if (!isInStore(storePath)) | |
1720 | throw BuildError(format("`exportReferencesGraph' contains a non-store path `%1%'") | |
1721 | % storePath); | |
1722 | storePath = toStorePath(storePath); | |
1723 | if (!worker.store.isValidPath(storePath)) | |
1724 | throw BuildError(format("`exportReferencesGraph' contains an invalid path `%1%'") | |
1725 | % storePath); | |
1726 | ||
1727 | /* If there are derivations in the graph, then include their | |
1728 | outputs as well. This is useful if you want to do things | |
1729 | like passing all build-time dependencies of some path to a | |
1730 | derivation that builds a NixOS DVD image. */ | |
1731 | PathSet paths, paths2; | |
1732 | computeFSClosure(worker.store, storePath, paths); | |
1733 | paths2 = paths; | |
1734 | ||
1735 | foreach (PathSet::iterator, j, paths2) { | |
1736 | if (isDerivation(*j)) { | |
1737 | Derivation drv = derivationFromPath(worker.store, *j); | |
1738 | foreach (DerivationOutputs::iterator, k, drv.outputs) | |
1739 | computeFSClosure(worker.store, k->second.path, paths); | |
1740 | } | |
1741 | } | |
1742 | ||
1743 | /* Write closure info to `fileName'. */ | |
1744 | writeFile(tmpDir + "/" + fileName, | |
1745 | worker.store.makeValidityRegistration(paths, false, false)); | |
1746 | } | |
1747 | ||
1748 | ||
1749 | /* If `build-users-group' is not empty, then we have to build as | |
1750 | one of the members of that group. */ | |
1751 | if (settings.buildUsersGroup != "") { | |
1752 | buildUser.acquire(); | |
1753 | assert(buildUser.getUID() != 0); | |
1754 | assert(buildUser.getGID() != 0); | |
1755 | ||
1756 | /* Make sure that no other processes are executing under this | |
1757 | uid. */ | |
1758 | buildUser.kill(); | |
1759 | ||
1760 | /* Change ownership of the temporary build directory. */ | |
1761 | if (chown(tmpDir.c_str(), buildUser.getUID(), buildUser.getGID()) == -1) | |
54c260e6 LC |
1762 | throw SysError(format("cannot change ownership of '%1%'") % tmpDir); |
1763 | } | |
36457566 | 1764 | |
36457566 LC |
1765 | useChroot = settings.useChroot; |
1766 | ||
36457566 LC |
1767 | if (useChroot) { |
1768 | #if CHROOT_ENABLED | |
1769 | /* Create a temporary directory in which we set up the chroot | |
1770 | environment using bind-mounts. We put it in the Nix store | |
1771 | to ensure that we can create hard-links to non-directory | |
1772 | inputs in the fake Nix store in the chroot (see below). */ | |
1773 | chrootRootDir = drvPath + ".chroot"; | |
1774 | if (pathExists(chrootRootDir)) deletePath(chrootRootDir); | |
1775 | ||
1776 | /* Clean up the chroot directory automatically. */ | |
1777 | autoDelChroot = std::shared_ptr<AutoDelete>(new AutoDelete(chrootRootDir)); | |
1778 | ||
1779 | printMsg(lvlChatty, format("setting up chroot environment in `%1%'") % chrootRootDir); | |
1780 | ||
54c260e6 LC |
1781 | if (mkdir(chrootRootDir.c_str(), 0750) == -1) |
1782 | throw SysError(format("cannot create ‘%1%’") % chrootRootDir); | |
1783 | ||
1784 | if (chown(chrootRootDir.c_str(), 0, buildUser.getGID()) == -1) | |
1785 | throw SysError(format("cannot change ownership of ‘%1%’") % chrootRootDir); | |
1786 | ||
36457566 LC |
1787 | /* Create a writable /tmp in the chroot. Many builders need |
1788 | this. (Of course they should really respect $TMPDIR | |
1789 | instead.) */ | |
1790 | Path chrootTmpDir = chrootRootDir + "/tmp"; | |
1791 | createDirs(chrootTmpDir); | |
1792 | chmod_(chrootTmpDir, 01777); | |
1793 | ||
1794 | /* Create a /etc/passwd with entries for the build user and the | |
1795 | nobody account. The latter is kind of a hack to support | |
1796 | Samba-in-QEMU. */ | |
1797 | createDirs(chrootRootDir + "/etc"); | |
1798 | ||
1799 | writeFile(chrootRootDir + "/etc/passwd", | |
1800 | (format( | |
1801 | "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n" | |
1802 | "nobody:x:65534:65534:Nobody:/:/noshell\n") | |
1803 | % (buildUser.enabled() ? buildUser.getUID() : getuid()) | |
1804 | % (buildUser.enabled() ? buildUser.getGID() : getgid())).str()); | |
1805 | ||
1806 | /* Declare the build user's group so that programs get a consistent | |
1807 | view of the system (e.g., "id -gn"). */ | |
1808 | writeFile(chrootRootDir + "/etc/group", | |
1809 | (format("nixbld:!:%1%:\n") | |
1810 | % (buildUser.enabled() ? buildUser.getGID() : getgid())).str()); | |
1811 | ||
1812 | /* Create /etc/hosts with localhost entry. */ | |
54c260e6 LC |
1813 | if (!fixedOutput) |
1814 | writeFile(chrootRootDir + "/etc/hosts", "127.0.0.1 localhost\n"); | |
36457566 LC |
1815 | |
1816 | /* Bind-mount a user-configurable set of directories from the | |
1817 | host file system. */ | |
2bb04905 LC |
1818 | PathSet dirs = tokenizeString<StringSet>(settings.get("build-chroot-dirs", string(DEFAULT_CHROOT_DIRS))); |
1819 | PathSet dirs2 = tokenizeString<StringSet>(settings.get("build-extra-chroot-dirs", string(""))); | |
1820 | dirs.insert(dirs2.begin(), dirs2.end()); | |
1821 | for (auto & i : dirs) { | |
1822 | size_t p = i.find('='); | |
36457566 | 1823 | if (p == string::npos) |
2bb04905 | 1824 | dirsInChroot[i] = i; |
36457566 | 1825 | else |
2bb04905 | 1826 | dirsInChroot[string(i, 0, p)] = string(i, p + 1); |
36457566 LC |
1827 | } |
1828 | dirsInChroot[tmpDir] = tmpDir; | |
1829 | ||
1830 | /* Make the closure of the inputs available in the chroot, | |
1831 | rather than the whole Nix store. This prevents any access | |
1832 | to undeclared dependencies. Directories are bind-mounted, | |
1833 | while other inputs are hard-linked (since only directories | |
1834 | can be bind-mounted). !!! As an extra security | |
1835 | precaution, make the fake Nix store only writable by the | |
1836 | build user. */ | |
54c260e6 LC |
1837 | Path chrootStoreDir = chrootRootDir + settings.nixStore; |
1838 | createDirs(chrootStoreDir); | |
1839 | chmod_(chrootStoreDir, 01775); | |
1840 | ||
1841 | if (chown(chrootStoreDir.c_str(), 0, buildUser.getGID()) == -1) | |
1842 | throw SysError(format("cannot change ownership of ‘%1%’") % chrootStoreDir); | |
36457566 LC |
1843 | |
1844 | foreach (PathSet::iterator, i, inputPaths) { | |
1845 | struct stat st; | |
1846 | if (lstat(i->c_str(), &st)) | |
1847 | throw SysError(format("getting attributes of path `%1%'") % *i); | |
1848 | if (S_ISDIR(st.st_mode)) | |
1849 | dirsInChroot[*i] = *i; | |
1850 | else { | |
1851 | Path p = chrootRootDir + *i; | |
1852 | if (link(i->c_str(), p.c_str()) == -1) { | |
1853 | /* Hard-linking fails if we exceed the maximum | |
1854 | link count on a file (e.g. 32000 of ext3), | |
1855 | which is quite possible after a `nix-store | |
1856 | --optimise'. */ | |
1857 | if (errno != EMLINK) | |
1858 | throw SysError(format("linking `%1%' to `%2%'") % p % *i); | |
1859 | StringSink sink; | |
1860 | dumpPath(*i, sink); | |
1861 | StringSource source(sink.s); | |
1862 | restorePath(p, source); | |
1863 | } | |
1864 | ||
1865 | regularInputPaths.insert(*i); | |
1866 | } | |
1867 | } | |
1868 | ||
1869 | /* If we're repairing or checking, it's possible that we're | |
1870 | rebuilding a path that is in settings.dirsInChroot | |
1871 | (typically the dependencies of /bin/sh). Throw them | |
1872 | out. */ | |
1873 | if (buildMode != bmNormal) | |
1874 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1875 | dirsInChroot.erase(i->second.path); | |
1876 | ||
1877 | #else | |
1878 | throw Error("chroot builds are not supported on this platform"); | |
1879 | #endif | |
1880 | } | |
1881 | ||
1882 | else { | |
1883 | ||
1884 | if (pathExists(homeDir)) | |
1885 | throw Error(format("directory `%1%' exists; please remove it") % homeDir); | |
1886 | ||
1887 | /* We're not doing a chroot build, but we have some valid | |
1888 | output paths. Since we can't just overwrite or delete | |
1889 | them, we have to do hash rewriting: i.e. in the | |
1890 | environment/arguments passed to the build, we replace the | |
1891 | hashes of the valid outputs with unique dummy strings; | |
1892 | after the build, we discard the redirected outputs | |
1893 | corresponding to the valid outputs, and rewrite the | |
1894 | contents of the new outputs to replace the dummy strings | |
1895 | with the actual hashes. */ | |
1896 | if (validPaths.size() > 0) | |
1897 | foreach (PathSet::iterator, i, validPaths) | |
1898 | addHashRewrite(*i); | |
1899 | ||
1900 | /* If we're repairing, then we don't want to delete the | |
1901 | corrupt outputs in advance. So rewrite them as well. */ | |
1902 | if (buildMode == bmRepair) | |
1903 | foreach (PathSet::iterator, i, missingPaths) | |
1904 | if (worker.store.isValidPath(*i) && pathExists(*i)) { | |
1905 | addHashRewrite(*i); | |
1906 | redirectedBadOutputs.insert(*i); | |
1907 | } | |
1908 | } | |
1909 | ||
1910 | ||
1911 | /* Run the builder. */ | |
1912 | printMsg(lvlChatty, format("executing builder `%1%'") % drv.builder); | |
1913 | ||
1914 | /* Create the log file. */ | |
1915 | Path logFile = openLogFile(); | |
1916 | ||
1917 | /* Create a pipe to get the output of the builder. */ | |
1918 | builderOut.create(); | |
1919 | ||
1920 | /* Fork a child to build the package. Note that while we | |
1921 | currently use forks to run and wait for the children, it | |
1922 | shouldn't be hard to use threads for this on systems where | |
1923 | fork() is unavailable or inefficient. | |
1924 | ||
1925 | If we're building in a chroot, then also set up private | |
1926 | namespaces for the build: | |
1927 | ||
1928 | - The PID namespace causes the build to start as PID 1. | |
1929 | Processes outside of the chroot are not visible to those on | |
1930 | the inside, but processes inside the chroot are visible from | |
1931 | the outside (though with different PIDs). | |
1932 | ||
1933 | - The private mount namespace ensures that all the bind mounts | |
1934 | we do will only show up in this process and its children, and | |
1935 | will disappear automatically when we're done. | |
1936 | ||
1937 | - The private network namespace ensures that the builder cannot | |
1938 | talk to the outside world (or vice versa). It only has a | |
1939 | private loopback interface. | |
1940 | ||
1941 | - The IPC namespace prevents the builder from communicating | |
1942 | with outside processes using SysV IPC mechanisms (shared | |
1943 | memory, message queues, semaphores). It also ensures that | |
1944 | all IPC objects are destroyed when the builder exits. | |
1945 | ||
1946 | - The UTS namespace ensures that builders see a hostname of | |
1947 | localhost rather than the actual hostname. | |
1948 | */ | |
1949 | #if CHROOT_ENABLED | |
1950 | if (useChroot) { | |
54c260e6 LC |
1951 | char stack[32 * 1024]; |
1952 | int flags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | SIGCHLD; | |
1953 | if (!fixedOutput) flags |= CLONE_NEWNET; | |
1954 | pid = clone(childEntry, stack + sizeof(stack) - 8, flags, this); | |
1955 | if (pid == -1) | |
1956 | throw SysError("cloning builder process"); | |
36457566 LC |
1957 | } else |
1958 | #endif | |
1959 | { | |
1960 | pid = fork(); | |
54c260e6 | 1961 | if (pid == 0) runChild(); |
36457566 LC |
1962 | } |
1963 | ||
1964 | if (pid == -1) throw SysError("unable to fork"); | |
1965 | ||
1966 | /* parent */ | |
1967 | pid.setSeparatePG(true); | |
1968 | builderOut.writeSide.close(); | |
1969 | worker.childStarted(shared_from_this(), pid, | |
1970 | singleton<set<int> >(builderOut.readSide), true, true); | |
1971 | ||
2bb04905 LC |
1972 | /* Check if setting up the build environment failed. */ |
1973 | string msg = readLine(builderOut.readSide); | |
1974 | if (!msg.empty()) throw Error(msg); | |
1975 | ||
36457566 LC |
1976 | if (settings.printBuildTrace) { |
1977 | printMsg(lvlError, format("@ build-started %1% - %2% %3%") | |
1978 | % drvPath % drv.platform % logFile); | |
1979 | } | |
2bb04905 | 1980 | |
36457566 LC |
1981 | } |
1982 | ||
1983 | ||
54c260e6 | 1984 | void DerivationGoal::runChild() |
36457566 LC |
1985 | { |
1986 | /* Warning: in the child we should absolutely not make any SQLite | |
1987 | calls! */ | |
1988 | ||
36457566 LC |
1989 | try { /* child */ |
1990 | ||
2bb04905 LC |
1991 | _writeToStderr = 0; |
1992 | ||
1993 | restoreAffinity(); | |
1994 | ||
1995 | commonChildInit(builderOut); | |
1996 | ||
36457566 LC |
1997 | #if CHROOT_ENABLED |
1998 | if (useChroot) { | |
1999 | /* Initialise the loopback interface. */ | |
2000 | AutoCloseFD fd(socket(PF_INET, SOCK_DGRAM, IPPROTO_IP)); | |
2001 | if (fd == -1) throw SysError("cannot open IP socket"); | |
2002 | ||
2003 | struct ifreq ifr; | |
2004 | strcpy(ifr.ifr_name, "lo"); | |
2005 | ifr.ifr_flags = IFF_UP | IFF_LOOPBACK | IFF_RUNNING; | |
2006 | if (ioctl(fd, SIOCSIFFLAGS, &ifr) == -1) | |
2007 | throw SysError("cannot set loopback interface flags"); | |
2008 | ||
2009 | fd.close(); | |
2010 | ||
2011 | /* Set the hostname etc. to fixed values. */ | |
2012 | char hostname[] = "localhost"; | |
54c260e6 LC |
2013 | if (sethostname(hostname, sizeof(hostname)) == -1) |
2014 | throw SysError("cannot set host name"); | |
36457566 | 2015 | char domainname[] = "(none)"; // kernel default |
54c260e6 LC |
2016 | if (setdomainname(domainname, sizeof(domainname)) == -1) |
2017 | throw SysError("cannot set domain name"); | |
36457566 LC |
2018 | |
2019 | /* Make all filesystems private. This is necessary | |
2020 | because subtrees may have been mounted as "shared" | |
2021 | (MS_SHARED). (Systemd does this, for instance.) Even | |
2022 | though we have a private mount namespace, mounting | |
2023 | filesystems on top of a shared subtree still propagates | |
2024 | outside of the namespace. Making a subtree private is | |
2025 | local to the namespace, though, so setting MS_PRIVATE | |
2026 | does not affect the outside world. */ | |
2027 | Strings mounts = tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n"); | |
2028 | foreach (Strings::iterator, i, mounts) { | |
2029 | vector<string> fields = tokenizeString<vector<string> >(*i, " "); | |
2030 | string fs = decodeOctalEscaped(fields.at(4)); | |
2031 | if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1) | |
2032 | throw SysError(format("unable to make filesystem `%1%' private") % fs); | |
2033 | } | |
2034 | ||
54c260e6 LC |
2035 | /* Bind-mount chroot directory to itself, to treat it as a |
2036 | different filesystem from /, as needed for pivot_root. */ | |
2037 | if (mount(chrootRootDir.c_str(), chrootRootDir.c_str(), 0, MS_BIND, 0) == -1) | |
2038 | throw SysError(format("unable to bind mount ‘%1%’") % chrootRootDir); | |
2039 | ||
36457566 LC |
2040 | /* Set up a nearly empty /dev, unless the user asked to |
2041 | bind-mount the host /dev. */ | |
54c260e6 | 2042 | Strings ss; |
36457566 LC |
2043 | if (dirsInChroot.find("/dev") == dirsInChroot.end()) { |
2044 | createDirs(chrootRootDir + "/dev/shm"); | |
2045 | createDirs(chrootRootDir + "/dev/pts"); | |
36457566 LC |
2046 | ss.push_back("/dev/full"); |
2047 | #ifdef __linux__ | |
2048 | if (pathExists("/dev/kvm")) | |
2049 | ss.push_back("/dev/kvm"); | |
2050 | #endif | |
2051 | ss.push_back("/dev/null"); | |
2052 | ss.push_back("/dev/random"); | |
2053 | ss.push_back("/dev/tty"); | |
2054 | ss.push_back("/dev/urandom"); | |
2055 | ss.push_back("/dev/zero"); | |
36457566 LC |
2056 | createSymlink("/proc/self/fd", chrootRootDir + "/dev/fd"); |
2057 | createSymlink("/proc/self/fd/0", chrootRootDir + "/dev/stdin"); | |
2058 | createSymlink("/proc/self/fd/1", chrootRootDir + "/dev/stdout"); | |
2059 | createSymlink("/proc/self/fd/2", chrootRootDir + "/dev/stderr"); | |
2060 | } | |
2061 | ||
54c260e6 LC |
2062 | /* Fixed-output derivations typically need to access the |
2063 | network, so give them access to /etc/resolv.conf and so | |
2064 | on. */ | |
2065 | if (fixedOutput) { | |
2066 | ss.push_back("/etc/resolv.conf"); | |
2067 | ss.push_back("/etc/nsswitch.conf"); | |
2068 | ss.push_back("/etc/services"); | |
2069 | ss.push_back("/etc/hosts"); | |
2070 | } | |
2071 | ||
2072 | for (auto & i : ss) dirsInChroot[i] = i; | |
2073 | ||
36457566 LC |
2074 | /* Bind-mount all the directories from the "host" |
2075 | filesystem that we want in the chroot | |
2076 | environment. */ | |
2077 | foreach (DirsInChroot::iterator, i, dirsInChroot) { | |
2078 | struct stat st; | |
2079 | Path source = i->second; | |
2080 | Path target = chrootRootDir + i->first; | |
2081 | if (source == "/proc") continue; // backwards compatibility | |
2082 | debug(format("bind mounting `%1%' to `%2%'") % source % target); | |
2083 | if (stat(source.c_str(), &st) == -1) | |
2084 | throw SysError(format("getting attributes of path `%1%'") % source); | |
2085 | if (S_ISDIR(st.st_mode)) | |
2086 | createDirs(target); | |
2087 | else { | |
2088 | createDirs(dirOf(target)); | |
2089 | writeFile(target, ""); | |
2090 | } | |
2091 | if (mount(source.c_str(), target.c_str(), "", MS_BIND, 0) == -1) | |
2092 | throw SysError(format("bind mount from `%1%' to `%2%' failed") % source % target); | |
2093 | } | |
2094 | ||
2095 | /* Bind a new instance of procfs on /proc to reflect our | |
2096 | private PID namespace. */ | |
2097 | createDirs(chrootRootDir + "/proc"); | |
2098 | if (mount("none", (chrootRootDir + "/proc").c_str(), "proc", 0, 0) == -1) | |
2099 | throw SysError("mounting /proc"); | |
2100 | ||
2101 | /* Mount a new tmpfs on /dev/shm to ensure that whatever | |
2102 | the builder puts in /dev/shm is cleaned up automatically. */ | |
2103 | if (pathExists("/dev/shm") && mount("none", (chrootRootDir + "/dev/shm").c_str(), "tmpfs", 0, 0) == -1) | |
2104 | throw SysError("mounting /dev/shm"); | |
2105 | ||
2106 | /* Mount a new devpts on /dev/pts. Note that this | |
2107 | requires the kernel to be compiled with | |
2108 | CONFIG_DEVPTS_MULTIPLE_INSTANCES=y (which is the case | |
2109 | if /dev/ptx/ptmx exists). */ | |
2110 | if (pathExists("/dev/pts/ptmx") && | |
2111 | !pathExists(chrootRootDir + "/dev/ptmx") | |
2112 | && dirsInChroot.find("/dev/pts") == dirsInChroot.end()) | |
2113 | { | |
2114 | if (mount("none", (chrootRootDir + "/dev/pts").c_str(), "devpts", 0, "newinstance,mode=0620") == -1) | |
2115 | throw SysError("mounting /dev/pts"); | |
2116 | createSymlink("/dev/pts/ptmx", chrootRootDir + "/dev/ptmx"); | |
2117 | ||
2bb04905 LC |
2118 | /* Make sure /dev/pts/ptmx is world-writable. With some |
2119 | Linux versions, it is created with permissions 0. */ | |
2120 | chmod_(chrootRootDir + "/dev/pts/ptmx", 0666); | |
36457566 LC |
2121 | } |
2122 | ||
54c260e6 LC |
2123 | /* Do the chroot(). */ |
2124 | if (chdir(chrootRootDir.c_str()) == -1) | |
2125 | throw SysError(format("cannot change directory to '%1%'") % chrootRootDir); | |
2126 | ||
2127 | if (mkdir("real-root", 0) == -1) | |
2128 | throw SysError("cannot create real-root directory"); | |
2129 | ||
2130 | #define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old)) | |
2131 | if (pivot_root(".", "real-root") == -1) | |
2132 | throw SysError(format("cannot pivot old root directory onto '%1%'") % (chrootRootDir + "/real-root")); | |
2133 | #undef pivot_root | |
2134 | ||
2135 | if (chroot(".") == -1) | |
2136 | throw SysError(format("cannot change root directory to '%1%'") % chrootRootDir); | |
2137 | ||
2138 | if (umount2("real-root", MNT_DETACH) == -1) | |
2139 | throw SysError("cannot unmount real root filesystem"); | |
2140 | ||
2141 | if (rmdir("real-root") == -1) | |
2142 | throw SysError("cannot remove real-root directory"); | |
36457566 LC |
2143 | } |
2144 | #endif | |
2145 | ||
36457566 LC |
2146 | if (chdir(tmpDir.c_str()) == -1) |
2147 | throw SysError(format("changing into `%1%'") % tmpDir); | |
2148 | ||
2149 | /* Close all other file descriptors. */ | |
2150 | closeMostFDs(set<int>()); | |
2151 | ||
2bb04905 | 2152 | #if __linux__ |
36457566 LC |
2153 | /* Change the personality to 32-bit if we're doing an |
2154 | i686-linux build on an x86_64-linux machine. */ | |
2155 | struct utsname utsbuf; | |
2156 | uname(&utsbuf); | |
2157 | if (drv.platform == "i686-linux" && | |
2158 | (settings.thisSystem == "x86_64-linux" || | |
2159 | (!strcmp(utsbuf.sysname, "Linux") && !strcmp(utsbuf.machine, "x86_64")))) { | |
2bb04905 | 2160 | if (personality(PER_LINUX32) == -1) |
36457566 LC |
2161 | throw SysError("cannot set i686-linux personality"); |
2162 | } | |
2163 | ||
2164 | /* Impersonate a Linux 2.6 machine to get some determinism in | |
2165 | builds that depend on the kernel version. */ | |
2166 | if ((drv.platform == "i686-linux" || drv.platform == "x86_64-linux") && settings.impersonateLinux26) { | |
2167 | int cur = personality(0xffffffff); | |
2168 | if (cur != -1) personality(cur | 0x0020000 /* == UNAME26 */); | |
2169 | } | |
2bb04905 LC |
2170 | |
2171 | /* Disable address space randomization for improved | |
2172 | determinism. */ | |
2173 | int cur = personality(0xffffffff); | |
2174 | if (cur != -1) personality(cur | ADDR_NO_RANDOMIZE); | |
36457566 LC |
2175 | #endif |
2176 | ||
2177 | /* Fill in the environment. */ | |
2178 | Strings envStrs; | |
2179 | foreach (Environment::const_iterator, i, env) | |
2180 | envStrs.push_back(rewriteHashes(i->first + "=" + i->second, rewritesToTmp)); | |
36457566 LC |
2181 | |
2182 | /* If we are running in `build-users' mode, then switch to the | |
2183 | user we allocated above. Make sure that we drop all root | |
2184 | privileges. Note that above we have closed all file | |
2185 | descriptors except std*, so that's safe. Also note that | |
2186 | setuid() when run as root sets the real, effective and | |
2187 | saved UIDs. */ | |
2188 | if (buildUser.enabled()) { | |
322eeb87 LC |
2189 | /* Preserve supplementary groups of the build user, to allow |
2190 | admins to specify groups such as "kvm". */ | |
2191 | if (setgroups(buildUser.getSupplementaryGIDs().size(), | |
2192 | buildUser.getSupplementaryGIDs().data()) == -1) | |
2193 | throw SysError("cannot set supplementary groups of build user"); | |
36457566 LC |
2194 | |
2195 | if (setgid(buildUser.getGID()) == -1 || | |
2196 | getgid() != buildUser.getGID() || | |
2197 | getegid() != buildUser.getGID()) | |
2198 | throw SysError("setgid failed"); | |
2199 | ||
2200 | if (setuid(buildUser.getUID()) == -1 || | |
2201 | getuid() != buildUser.getUID() || | |
2202 | geteuid() != buildUser.getUID()) | |
2203 | throw SysError("setuid failed"); | |
2204 | } | |
2205 | ||
2206 | /* Fill in the arguments. */ | |
54c260e6 | 2207 | Strings args; |
36457566 | 2208 | string builderBasename = baseNameOf(drv.builder); |
54c260e6 LC |
2209 | args.push_back(builderBasename); |
2210 | foreach (Strings::iterator, i, drv.args) | |
2211 | args.push_back(rewriteHashes(*i, rewritesToTmp)); | |
36457566 LC |
2212 | |
2213 | restoreSIGPIPE(); | |
2214 | ||
2bb04905 | 2215 | /* Indicate that we managed to set up the build environment. */ |
54c260e6 | 2216 | writeFull(STDERR_FILENO, "\n"); |
2bb04905 | 2217 | |
36457566 | 2218 | /* Execute the program. This should not return. */ |
322eeb87 | 2219 | execve(drv.builder.c_str(), stringsToCharPtrs(args).data(), stringsToCharPtrs(envStrs).data()); |
36457566 LC |
2220 | |
2221 | throw SysError(format("executing `%1%'") % drv.builder); | |
2222 | ||
2223 | } catch (std::exception & e) { | |
54c260e6 | 2224 | writeFull(STDERR_FILENO, "while setting up the build environment: " + string(e.what()) + "\n"); |
2bb04905 | 2225 | _exit(1); |
36457566 LC |
2226 | } |
2227 | ||
2228 | abort(); /* never reached */ | |
2229 | } | |
2230 | ||
2231 | ||
2232 | /* Parse a list of reference specifiers. Each element must either be | |
2233 | a store path, or the symbolic name of the output of the derivation | |
2234 | (such as `out'). */ | |
2235 | PathSet parseReferenceSpecifiers(const Derivation & drv, string attr) | |
2236 | { | |
2237 | PathSet result; | |
2238 | Paths paths = tokenizeString<Paths>(attr); | |
2239 | foreach (Strings::iterator, i, paths) { | |
2240 | if (isStorePath(*i)) | |
2241 | result.insert(*i); | |
2242 | else if (drv.outputs.find(*i) != drv.outputs.end()) | |
2243 | result.insert(drv.outputs.find(*i)->second.path); | |
2244 | else throw BuildError( | |
2245 | format("derivation contains an illegal reference specifier `%1%'") | |
2246 | % *i); | |
2247 | } | |
2248 | return result; | |
2249 | } | |
2250 | ||
2251 | ||
2252 | void DerivationGoal::registerOutputs() | |
2253 | { | |
2254 | /* When using a build hook, the build hook can register the output | |
2255 | as valid (by doing `nix-store --import'). If so we don't have | |
2256 | to do anything here. */ | |
2257 | if (hook) { | |
2258 | bool allValid = true; | |
2259 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
2260 | if (!worker.store.isValidPath(i->second.path)) allValid = false; | |
2261 | if (allValid) return; | |
2262 | } | |
2263 | ||
2264 | ValidPathInfos infos; | |
2265 | ||
2266 | /* Check whether the output paths were created, and grep each | |
2267 | output path to determine what other paths it references. Also make all | |
2268 | output paths read-only. */ | |
2269 | foreach (DerivationOutputs::iterator, i, drv.outputs) { | |
2270 | Path path = i->second.path; | |
2271 | if (missingPaths.find(path) == missingPaths.end()) continue; | |
2272 | ||
2273 | Path actualPath = path; | |
2274 | if (useChroot) { | |
2275 | actualPath = chrootRootDir + path; | |
2276 | if (pathExists(actualPath)) { | |
2277 | /* Move output paths from the chroot to the Nix store. */ | |
2278 | if (buildMode == bmRepair) | |
2279 | replaceValidPath(path, actualPath); | |
2280 | else | |
2281 | if (buildMode != bmCheck && rename(actualPath.c_str(), path.c_str()) == -1) | |
2282 | throw SysError(format("moving build output `%1%' from the chroot to the Nix store") % path); | |
2283 | } | |
2284 | if (buildMode != bmCheck) actualPath = path; | |
2285 | } else { | |
2286 | Path redirected = redirectedOutputs[path]; | |
2287 | if (buildMode == bmRepair | |
2288 | && redirectedBadOutputs.find(path) != redirectedBadOutputs.end() | |
2289 | && pathExists(redirected)) | |
2290 | replaceValidPath(path, redirected); | |
2291 | if (buildMode == bmCheck) | |
2292 | actualPath = redirected; | |
2293 | } | |
2294 | ||
2295 | struct stat st; | |
2296 | if (lstat(actualPath.c_str(), &st) == -1) { | |
2297 | if (errno == ENOENT) | |
2298 | throw BuildError( | |
2299 | format("builder for `%1%' failed to produce output path `%2%'") | |
2300 | % drvPath % path); | |
2301 | throw SysError(format("getting attributes of path `%1%'") % actualPath); | |
2302 | } | |
2303 | ||
2304 | #ifndef __CYGWIN__ | |
2305 | /* Check that the output is not group or world writable, as | |
2306 | that means that someone else can have interfered with the | |
2307 | build. Also, the output should be owned by the build | |
2308 | user. */ | |
2309 | if ((!S_ISLNK(st.st_mode) && (st.st_mode & (S_IWGRP | S_IWOTH))) || | |
2310 | (buildUser.enabled() && st.st_uid != buildUser.getUID())) | |
2311 | throw BuildError(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path); | |
2312 | #endif | |
2313 | ||
2314 | /* Apply hash rewriting if necessary. */ | |
2315 | bool rewritten = false; | |
2316 | if (!rewritesFromTmp.empty()) { | |
2317 | printMsg(lvlError, format("warning: rewriting hashes in `%1%'; cross fingers") % path); | |
2318 | ||
2319 | /* Canonicalise first. This ensures that the path we're | |
2320 | rewriting doesn't contain a hard link to /etc/shadow or | |
2321 | something like that. */ | |
2322 | canonicalisePathMetaData(actualPath, buildUser.enabled() ? buildUser.getUID() : -1, inodesSeen); | |
2323 | ||
2324 | /* FIXME: this is in-memory. */ | |
2325 | StringSink sink; | |
2326 | dumpPath(actualPath, sink); | |
2327 | deletePath(actualPath); | |
2328 | sink.s = rewriteHashes(sink.s, rewritesFromTmp); | |
2329 | StringSource source(sink.s); | |
2330 | restorePath(actualPath, source); | |
2331 | ||
2332 | rewritten = true; | |
2333 | } | |
2334 | ||
2335 | startNest(nest, lvlTalkative, | |
2336 | format("scanning for references inside `%1%'") % path); | |
2337 | ||
2338 | /* Check that fixed-output derivations produced the right | |
2339 | outputs (i.e., the content hash should match the specified | |
2340 | hash). */ | |
2341 | if (i->second.hash != "") { | |
2342 | ||
2343 | bool recursive; HashType ht; Hash h; | |
2344 | i->second.parseHashInfo(recursive, ht, h); | |
2345 | ||
2346 | if (!recursive) { | |
2347 | /* The output path should be a regular file without | |
2348 | execute permission. */ | |
2349 | if (!S_ISREG(st.st_mode) || (st.st_mode & S_IXUSR) != 0) | |
2350 | throw BuildError( | |
2351 | format("output path `%1% should be a non-executable regular file") % path); | |
2352 | } | |
2353 | ||
2354 | /* Check the hash. */ | |
2355 | Hash h2 = recursive ? hashPath(ht, actualPath).first : hashFile(ht, actualPath); | |
2356 | if (h != h2) | |
2357 | throw BuildError( | |
2358 | format("output path `%1%' should have %2% hash `%3%', instead has `%4%'") | |
2359 | % path % i->second.hashAlgo % printHash16or32(h) % printHash16or32(h2)); | |
2360 | } | |
2361 | ||
2362 | /* Get rid of all weird permissions. This also checks that | |
2363 | all files are owned by the build user, if applicable. */ | |
2364 | canonicalisePathMetaData(actualPath, | |
2365 | buildUser.enabled() && !rewritten ? buildUser.getUID() : -1, inodesSeen); | |
2366 | ||
2367 | /* For this output path, find the references to other paths | |
2368 | contained in it. Compute the SHA-256 NAR hash at the same | |
2369 | time. The hash is stored in the database so that we can | |
2370 | verify later on whether nobody has messed with the store. */ | |
2371 | HashResult hash; | |
2372 | PathSet references = scanForReferences(actualPath, allPaths, hash); | |
2373 | ||
2374 | if (buildMode == bmCheck) { | |
2375 | ValidPathInfo info = worker.store.queryPathInfo(path); | |
2376 | if (hash.first != info.hash) | |
2bb04905 | 2377 | throw Error(format("derivation `%1%' may not be deterministic: hash mismatch in output `%2%'") % drvPath % path); |
36457566 LC |
2378 | continue; |
2379 | } | |
2380 | ||
2381 | /* For debugging, print out the referenced and unreferenced | |
2382 | paths. */ | |
2383 | foreach (PathSet::iterator, i, inputPaths) { | |
2384 | PathSet::iterator j = references.find(*i); | |
2385 | if (j == references.end()) | |
2386 | debug(format("unreferenced input: `%1%'") % *i); | |
2387 | else | |
2388 | debug(format("referenced input: `%1%'") % *i); | |
2389 | } | |
2390 | ||
2bb04905 LC |
2391 | /* Enforce `allowedReferences' and friends. */ |
2392 | auto checkRefs = [&](const string & attrName, bool allowed, bool recursive) { | |
2393 | if (drv.env.find(attrName) == drv.env.end()) return; | |
2394 | ||
2395 | PathSet spec = parseReferenceSpecifiers(drv, get(drv.env, attrName)); | |
2396 | ||
2397 | PathSet used; | |
2398 | if (recursive) { | |
2399 | /* Our requisites are the union of the closures of our references. */ | |
2400 | for (auto & i : references) | |
2401 | /* Don't call computeFSClosure on ourselves. */ | |
2402 | if (actualPath != i) | |
2403 | computeFSClosure(worker.store, i, used); | |
2404 | } else | |
2405 | used = references; | |
2406 | ||
2407 | for (auto & i : used) | |
2408 | if (allowed) { | |
2409 | if (spec.find(i) == spec.end()) | |
2410 | throw BuildError(format("output (`%1%') is not allowed to refer to path `%2%'") % actualPath % i); | |
2411 | } else { | |
2412 | if (spec.find(i) != spec.end()) | |
2413 | throw BuildError(format("output (`%1%') is not allowed to refer to path `%2%'") % actualPath % i); | |
2414 | } | |
2415 | }; | |
2416 | ||
2417 | checkRefs("allowedReferences", true, false); | |
2418 | checkRefs("allowedRequisites", true, true); | |
2419 | checkRefs("disallowedReferences", false, false); | |
2420 | checkRefs("disallowedRequisites", false, true); | |
36457566 LC |
2421 | |
2422 | worker.store.optimisePath(path); // FIXME: combine with scanForReferences() | |
2423 | ||
2424 | worker.store.markContentsGood(path); | |
2425 | ||
2426 | ValidPathInfo info; | |
2427 | info.path = path; | |
2428 | info.hash = hash.first; | |
2429 | info.narSize = hash.second; | |
2430 | info.references = references; | |
2431 | info.deriver = drvPath; | |
2432 | infos.push_back(info); | |
2433 | } | |
2434 | ||
2435 | if (buildMode == bmCheck) return; | |
2436 | ||
2437 | /* Register each output path as valid, and register the sets of | |
2438 | paths referenced by each of them. If there are cycles in the | |
2439 | outputs, this will fail. */ | |
2440 | worker.store.registerValidPaths(infos); | |
2441 | } | |
2442 | ||
2443 | ||
2444 | string drvsLogDir = "drvs"; | |
2445 | ||
2446 | ||
2447 | Path DerivationGoal::openLogFile() | |
2448 | { | |
2449 | logSize = 0; | |
2450 | ||
2451 | if (!settings.keepLog) return ""; | |
2452 | ||
2453 | string baseName = baseNameOf(drvPath); | |
2454 | ||
2455 | /* Create a log file. */ | |
2456 | Path dir = (format("%1%/%2%/%3%/") % settings.nixLogDir % drvsLogDir % string(baseName, 0, 2)).str(); | |
2457 | createDirs(dir); | |
2458 | ||
2459 | if (settings.compressLog) { | |
2460 | ||
2461 | Path logFileName = (format("%1%/%2%.bz2") % dir % string(baseName, 2)).str(); | |
2462 | AutoCloseFD fd = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666); | |
2463 | if (fd == -1) throw SysError(format("creating log file `%1%'") % logFileName); | |
2464 | closeOnExec(fd); | |
2465 | ||
2466 | if (!(fLogFile = fdopen(fd.borrow(), "w"))) | |
2467 | throw SysError(format("opening file `%1%'") % logFileName); | |
2468 | ||
2469 | int err; | |
2470 | if (!(bzLogFile = BZ2_bzWriteOpen(&err, fLogFile, 9, 0, 0))) | |
2471 | throw Error(format("cannot open compressed log file `%1%'") % logFileName); | |
2472 | ||
2473 | return logFileName; | |
2474 | ||
2475 | } else { | |
2476 | Path logFileName = (format("%1%/%2%") % dir % string(baseName, 2)).str(); | |
2477 | fdLogFile = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666); | |
2478 | if (fdLogFile == -1) throw SysError(format("creating log file `%1%'") % logFileName); | |
2479 | closeOnExec(fdLogFile); | |
2480 | return logFileName; | |
2481 | } | |
2482 | } | |
2483 | ||
2484 | ||
2485 | void DerivationGoal::closeLogFile() | |
2486 | { | |
2487 | if (bzLogFile) { | |
2488 | int err; | |
2489 | BZ2_bzWriteClose(&err, bzLogFile, 0, 0, 0); | |
2490 | bzLogFile = 0; | |
2491 | if (err != BZ_OK) throw Error(format("cannot close compressed log file (BZip2 error = %1%)") % err); | |
2492 | } | |
2493 | ||
2494 | if (fLogFile) { | |
2495 | fclose(fLogFile); | |
2496 | fLogFile = 0; | |
2497 | } | |
2498 | ||
2499 | fdLogFile.close(); | |
2500 | } | |
2501 | ||
2502 | ||
2503 | void DerivationGoal::deleteTmpDir(bool force) | |
2504 | { | |
2505 | if (tmpDir != "") { | |
2506 | if (settings.keepFailed && !force) { | |
2507 | printMsg(lvlError, | |
2508 | format("note: keeping build directory `%2%'") | |
2509 | % drvPath % tmpDir); | |
2510 | chmod(tmpDir.c_str(), 0755); | |
2511 | } | |
2512 | else | |
2513 | deletePath(tmpDir); | |
2514 | tmpDir = ""; | |
2515 | } | |
2516 | } | |
2517 | ||
2518 | ||
2519 | void DerivationGoal::handleChildOutput(int fd, const string & data) | |
2520 | { | |
2521 | if ((hook && fd == hook->builderOut.readSide) || | |
2522 | (!hook && fd == builderOut.readSide)) | |
2523 | { | |
2524 | logSize += data.size(); | |
2525 | if (settings.maxLogSize && logSize > settings.maxLogSize) { | |
2526 | printMsg(lvlError, | |
2527 | format("%1% killed after writing more than %2% bytes of log output") | |
2528 | % getName() % settings.maxLogSize); | |
2529 | cancel(true); // not really a timeout, but close enough | |
2530 | return; | |
2531 | } | |
2532 | if (verbosity >= settings.buildVerbosity) | |
2533 | writeToStderr(data); | |
2534 | if (bzLogFile) { | |
2535 | int err; | |
2536 | BZ2_bzWrite(&err, bzLogFile, (unsigned char *) data.data(), data.size()); | |
2537 | if (err != BZ_OK) throw Error(format("cannot write to compressed log file (BZip2 error = %1%)") % err); | |
2538 | } else if (fdLogFile != -1) | |
54c260e6 | 2539 | writeFull(fdLogFile, data); |
36457566 LC |
2540 | } |
2541 | ||
2542 | if (hook && fd == hook->fromHook.readSide) | |
2543 | writeToStderr(data); | |
2544 | } | |
2545 | ||
2546 | ||
2547 | void DerivationGoal::handleEOF(int fd) | |
2548 | { | |
2549 | worker.wakeUp(shared_from_this()); | |
2550 | } | |
2551 | ||
2552 | ||
2553 | PathSet DerivationGoal::checkPathValidity(bool returnValid, bool checkHash) | |
2554 | { | |
2555 | PathSet result; | |
2556 | foreach (DerivationOutputs::iterator, i, drv.outputs) { | |
2557 | if (!wantOutput(i->first, wantedOutputs)) continue; | |
2558 | bool good = | |
2559 | worker.store.isValidPath(i->second.path) && | |
2560 | (!checkHash || worker.store.pathContentsGood(i->second.path)); | |
2561 | if (good == returnValid) result.insert(i->second.path); | |
2562 | } | |
2563 | return result; | |
2564 | } | |
2565 | ||
2566 | ||
2567 | bool DerivationGoal::pathFailed(const Path & path) | |
2568 | { | |
2569 | if (!settings.cacheFailure) return false; | |
2570 | ||
2571 | if (!worker.store.hasPathFailed(path)) return false; | |
2572 | ||
2573 | printMsg(lvlError, format("builder for `%1%' failed previously (cached)") % path); | |
2574 | ||
2575 | if (settings.printBuildTrace) | |
2576 | printMsg(lvlError, format("@ build-failed %1% - cached") % drvPath); | |
2577 | ||
2578 | worker.permanentFailure = true; | |
2579 | amDone(ecFailed); | |
2580 | ||
2581 | return true; | |
2582 | } | |
2583 | ||
2584 | ||
2585 | Path DerivationGoal::addHashRewrite(const Path & path) | |
2586 | { | |
2587 | string h1 = string(path, settings.nixStore.size() + 1, 32); | |
2588 | string h2 = string(printHash32(hashString(htSHA256, "rewrite:" + drvPath + ":" + path)), 0, 32); | |
2589 | Path p = settings.nixStore + "/" + h2 + string(path, settings.nixStore.size() + 33); | |
2590 | if (pathExists(p)) deletePath(p); | |
2591 | assert(path.size() == p.size()); | |
2592 | rewritesToTmp[h1] = h2; | |
2593 | rewritesFromTmp[h2] = h1; | |
2594 | redirectedOutputs[path] = p; | |
2595 | return p; | |
2596 | } | |
2597 | ||
2598 | ||
2599 | ////////////////////////////////////////////////////////////////////// | |
2600 | ||
2601 | ||
2602 | class SubstitutionGoal : public Goal | |
2603 | { | |
2604 | friend class Worker; | |
2605 | ||
2606 | private: | |
2607 | /* The store path that should be realised through a substitute. */ | |
2608 | Path storePath; | |
2609 | ||
2610 | /* The remaining substituters. */ | |
2611 | Paths subs; | |
2612 | ||
2613 | /* The current substituter. */ | |
2614 | Path sub; | |
2615 | ||
2616 | /* Whether any substituter can realise this path */ | |
2617 | bool hasSubstitute; | |
2618 | ||
2619 | /* Path info returned by the substituter's query info operation. */ | |
2620 | SubstitutablePathInfo info; | |
2621 | ||
2622 | /* Pipe for the substituter's standard output. */ | |
2623 | Pipe outPipe; | |
2624 | ||
2625 | /* Pipe for the substituter's standard error. */ | |
2626 | Pipe logPipe; | |
2627 | ||
2628 | /* The process ID of the builder. */ | |
2629 | Pid pid; | |
2630 | ||
2631 | /* Lock on the store path. */ | |
2632 | std::shared_ptr<PathLocks> outputLock; | |
2633 | ||
2634 | /* Whether to try to repair a valid path. */ | |
2635 | bool repair; | |
2636 | ||
2637 | /* Location where we're downloading the substitute. Differs from | |
2638 | storePath when doing a repair. */ | |
2639 | Path destPath; | |
2640 | ||
2641 | typedef void (SubstitutionGoal::*GoalState)(); | |
2642 | GoalState state; | |
2643 | ||
2644 | public: | |
2645 | SubstitutionGoal(const Path & storePath, Worker & worker, bool repair = false); | |
2646 | ~SubstitutionGoal(); | |
2647 | ||
2648 | void cancel(bool timeout); | |
2649 | ||
2bb04905 LC |
2650 | string key() |
2651 | { | |
2652 | /* "a$" ensures substitution goals happen before derivation | |
2653 | goals. */ | |
2654 | return "a$" + storePathToName(storePath) + "$" + storePath; | |
2655 | } | |
2656 | ||
36457566 LC |
2657 | void work(); |
2658 | ||
2659 | /* The states. */ | |
2660 | void init(); | |
2661 | void tryNext(); | |
2662 | void gotInfo(); | |
2663 | void referencesValid(); | |
2664 | void tryToRun(); | |
2665 | void finished(); | |
2666 | ||
2667 | /* Callback used by the worker to write to the log. */ | |
2668 | void handleChildOutput(int fd, const string & data); | |
2669 | void handleEOF(int fd); | |
2670 | ||
2671 | Path getStorePath() { return storePath; } | |
2672 | }; | |
2673 | ||
2674 | ||
2675 | SubstitutionGoal::SubstitutionGoal(const Path & storePath, Worker & worker, bool repair) | |
2676 | : Goal(worker) | |
2677 | , hasSubstitute(false) | |
2678 | , repair(repair) | |
2679 | { | |
2680 | this->storePath = storePath; | |
2681 | state = &SubstitutionGoal::init; | |
2682 | name = (format("substitution of `%1%'") % storePath).str(); | |
2683 | trace("created"); | |
2684 | } | |
2685 | ||
2686 | ||
2687 | SubstitutionGoal::~SubstitutionGoal() | |
2688 | { | |
2689 | if (pid != -1) worker.childTerminated(pid); | |
2690 | } | |
2691 | ||
2692 | ||
2693 | void SubstitutionGoal::cancel(bool timeout) | |
2694 | { | |
2695 | if (settings.printBuildTrace && timeout) | |
2696 | printMsg(lvlError, format("@ substituter-failed %1% timeout") % storePath); | |
2697 | if (pid != -1) { | |
2698 | pid_t savedPid = pid; | |
2699 | pid.kill(); | |
2700 | worker.childTerminated(savedPid); | |
2701 | } | |
2702 | amDone(ecFailed); | |
2703 | } | |
2704 | ||
2705 | ||
2706 | void SubstitutionGoal::work() | |
2707 | { | |
2708 | (this->*state)(); | |
2709 | } | |
2710 | ||
2711 | ||
2712 | void SubstitutionGoal::init() | |
2713 | { | |
2714 | trace("init"); | |
2715 | ||
2716 | worker.store.addTempRoot(storePath); | |
2717 | ||
2718 | /* If the path already exists we're done. */ | |
2719 | if (!repair && worker.store.isValidPath(storePath)) { | |
2720 | amDone(ecSuccess); | |
2721 | return; | |
2722 | } | |
2723 | ||
2724 | if (settings.readOnlyMode) | |
2725 | throw Error(format("cannot substitute path `%1%' - no write access to the Nix store") % storePath); | |
2726 | ||
2727 | subs = settings.substituters; | |
2728 | ||
2729 | tryNext(); | |
2730 | } | |
2731 | ||
2732 | ||
2733 | void SubstitutionGoal::tryNext() | |
2734 | { | |
2735 | trace("trying next substituter"); | |
2736 | ||
2737 | if (subs.size() == 0) { | |
2738 | /* None left. Terminate this goal and let someone else deal | |
2739 | with it. */ | |
2740 | debug(format("path `%1%' is required, but there is no substituter that can build it") % storePath); | |
2741 | /* Hack: don't indicate failure if there were no substituters. | |
2742 | In that case the calling derivation should just do a | |
2743 | build. */ | |
2744 | amDone(hasSubstitute ? ecFailed : ecNoSubstituters); | |
2745 | return; | |
2746 | } | |
2747 | ||
2748 | sub = subs.front(); | |
2749 | subs.pop_front(); | |
2750 | ||
2751 | SubstitutablePathInfos infos; | |
2752 | PathSet dummy(singleton<PathSet>(storePath)); | |
2753 | worker.store.querySubstitutablePathInfos(sub, dummy, infos); | |
2754 | SubstitutablePathInfos::iterator k = infos.find(storePath); | |
2755 | if (k == infos.end()) { tryNext(); return; } | |
2756 | info = k->second; | |
2757 | hasSubstitute = true; | |
2758 | ||
2759 | /* To maintain the closure invariant, we first have to realise the | |
2760 | paths referenced by this one. */ | |
2761 | foreach (PathSet::iterator, i, info.references) | |
2762 | if (*i != storePath) /* ignore self-references */ | |
2763 | addWaitee(worker.makeSubstitutionGoal(*i)); | |
2764 | ||
2765 | if (waitees.empty()) /* to prevent hang (no wake-up event) */ | |
2766 | referencesValid(); | |
2767 | else | |
2768 | state = &SubstitutionGoal::referencesValid; | |
2769 | } | |
2770 | ||
2771 | ||
2772 | void SubstitutionGoal::referencesValid() | |
2773 | { | |
2774 | trace("all references realised"); | |
2775 | ||
2776 | if (nrFailed > 0) { | |
2777 | debug(format("some references of path `%1%' could not be realised") % storePath); | |
2778 | amDone(nrNoSubstituters > 0 || nrIncompleteClosure > 0 ? ecIncompleteClosure : ecFailed); | |
2779 | return; | |
2780 | } | |
2781 | ||
2782 | foreach (PathSet::iterator, i, info.references) | |
2783 | if (*i != storePath) /* ignore self-references */ | |
2784 | assert(worker.store.isValidPath(*i)); | |
2785 | ||
2786 | state = &SubstitutionGoal::tryToRun; | |
2787 | worker.wakeUp(shared_from_this()); | |
2788 | } | |
2789 | ||
2790 | ||
2791 | void SubstitutionGoal::tryToRun() | |
2792 | { | |
2793 | trace("trying to run"); | |
2794 | ||
2795 | /* Make sure that we are allowed to start a build. Note that even | |
2796 | is maxBuildJobs == 0 (no local builds allowed), we still allow | |
2797 | a substituter to run. This is because substitutions cannot be | |
2798 | distributed to another machine via the build hook. */ | |
2799 | if (worker.getNrLocalBuilds() >= (settings.maxBuildJobs == 0 ? 1 : settings.maxBuildJobs)) { | |
2800 | worker.waitForBuildSlot(shared_from_this()); | |
2801 | return; | |
2802 | } | |
2803 | ||
2804 | /* Maybe a derivation goal has already locked this path | |
2805 | (exceedingly unlikely, since it should have used a substitute | |
2806 | first, but let's be defensive). */ | |
2807 | outputLock.reset(); // make sure this goal's lock is gone | |
2808 | if (pathIsLockedByMe(storePath)) { | |
2809 | debug(format("restarting substitution of `%1%' because it's locked by another goal") | |
2810 | % storePath); | |
2811 | worker.waitForAnyGoal(shared_from_this()); | |
2812 | return; /* restart in the tryToRun() state when another goal finishes */ | |
2813 | } | |
2814 | ||
2815 | /* Acquire a lock on the output path. */ | |
2816 | outputLock = std::shared_ptr<PathLocks>(new PathLocks); | |
2817 | if (!outputLock->lockPaths(singleton<PathSet>(storePath), "", false)) { | |
2818 | worker.waitForAWhile(shared_from_this()); | |
2819 | return; | |
2820 | } | |
2821 | ||
2822 | /* Check again whether the path is invalid. */ | |
2823 | if (!repair && worker.store.isValidPath(storePath)) { | |
2824 | debug(format("store path `%1%' has become valid") % storePath); | |
2825 | outputLock->setDeletion(true); | |
2826 | amDone(ecSuccess); | |
2827 | return; | |
2828 | } | |
2829 | ||
2830 | printMsg(lvlInfo, format("fetching path `%1%'...") % storePath); | |
2831 | ||
2832 | outPipe.create(); | |
2833 | logPipe.create(); | |
2834 | ||
2835 | destPath = repair ? storePath + ".tmp" : storePath; | |
2836 | ||
2837 | /* Remove the (stale) output path if it exists. */ | |
2838 | if (pathExists(destPath)) | |
2839 | deletePath(destPath); | |
2840 | ||
2841 | worker.store.setSubstituterEnv(); | |
2842 | ||
2843 | /* Fill in the arguments. */ | |
2844 | Strings args; | |
2845 | args.push_back(baseNameOf(sub)); | |
2846 | args.push_back("--substitute"); | |
2847 | args.push_back(storePath); | |
2848 | args.push_back(destPath); | |
36457566 LC |
2849 | |
2850 | /* Fork the substitute program. */ | |
2bb04905 | 2851 | pid = startProcess([&]() { |
36457566 | 2852 | |
2bb04905 | 2853 | commonChildInit(logPipe); |
36457566 | 2854 | |
2bb04905 LC |
2855 | if (dup2(outPipe.writeSide, STDOUT_FILENO) == -1) |
2856 | throw SysError("cannot dup output pipe into stdout"); | |
36457566 | 2857 | |
322eeb87 | 2858 | execv(sub.c_str(), stringsToCharPtrs(args).data()); |
36457566 | 2859 | |
2bb04905 LC |
2860 | throw SysError(format("executing `%1%'") % sub); |
2861 | }); | |
36457566 | 2862 | |
36457566 LC |
2863 | pid.setSeparatePG(true); |
2864 | pid.setKillSignal(SIGTERM); | |
2865 | outPipe.writeSide.close(); | |
2866 | logPipe.writeSide.close(); | |
2867 | worker.childStarted(shared_from_this(), | |
2868 | pid, singleton<set<int> >(logPipe.readSide), true, true); | |
2869 | ||
2870 | state = &SubstitutionGoal::finished; | |
2871 | ||
2872 | if (settings.printBuildTrace) | |
2873 | printMsg(lvlError, format("@ substituter-started %1% %2%") % storePath % sub); | |
2874 | } | |
2875 | ||
2876 | ||
2877 | void SubstitutionGoal::finished() | |
2878 | { | |
2879 | trace("substitute finished"); | |
2880 | ||
2881 | /* Since we got an EOF on the logger pipe, the substitute is | |
2882 | presumed to have terminated. */ | |
2883 | pid_t savedPid = pid; | |
2884 | int status = pid.wait(true); | |
2885 | ||
2886 | /* So the child is gone now. */ | |
2887 | worker.childTerminated(savedPid); | |
2888 | ||
2889 | /* Close the read side of the logger pipe. */ | |
2890 | logPipe.readSide.close(); | |
2891 | ||
2892 | /* Get the hash info from stdout. */ | |
2893 | string dummy = readLine(outPipe.readSide); | |
2894 | string expectedHashStr = statusOk(status) ? readLine(outPipe.readSide) : ""; | |
2895 | outPipe.readSide.close(); | |
2896 | ||
2897 | /* Check the exit status and the build result. */ | |
2898 | HashResult hash; | |
2899 | try { | |
2900 | ||
2901 | if (!statusOk(status)) | |
2902 | throw SubstError(format("fetching path `%1%' %2%") | |
2903 | % storePath % statusToString(status)); | |
2904 | ||
2905 | if (!pathExists(destPath)) | |
2906 | throw SubstError(format("substitute did not produce path `%1%'") % destPath); | |
2907 | ||
2908 | hash = hashPath(htSHA256, destPath); | |
2909 | ||
2910 | /* Verify the expected hash we got from the substituer. */ | |
2911 | if (expectedHashStr != "") { | |
2912 | size_t n = expectedHashStr.find(':'); | |
2913 | if (n == string::npos) | |
2914 | throw Error(format("bad hash from substituter: %1%") % expectedHashStr); | |
2915 | HashType hashType = parseHashType(string(expectedHashStr, 0, n)); | |
2916 | if (hashType == htUnknown) | |
2917 | throw Error(format("unknown hash algorithm in `%1%'") % expectedHashStr); | |
2918 | Hash expectedHash = parseHash16or32(hashType, string(expectedHashStr, n + 1)); | |
2919 | Hash actualHash = hashType == htSHA256 ? hash.first : hashPath(hashType, destPath).first; | |
2920 | if (expectedHash != actualHash) | |
2921 | throw SubstError(format("hash mismatch in downloaded path `%1%': expected %2%, got %3%") | |
2922 | % storePath % printHash(expectedHash) % printHash(actualHash)); | |
2923 | } | |
2924 | ||
2925 | } catch (SubstError & e) { | |
2926 | ||
2927 | printMsg(lvlInfo, e.msg()); | |
2928 | ||
2929 | if (settings.printBuildTrace) { | |
2930 | printMsg(lvlError, format("@ substituter-failed %1% %2% %3%") | |
2931 | % storePath % status % e.msg()); | |
2932 | } | |
2933 | ||
2934 | /* Try the next substitute. */ | |
2935 | state = &SubstitutionGoal::tryNext; | |
2936 | worker.wakeUp(shared_from_this()); | |
2937 | return; | |
2938 | } | |
2939 | ||
2940 | if (repair) replaceValidPath(storePath, destPath); | |
2941 | ||
2942 | canonicalisePathMetaData(storePath, -1); | |
2943 | ||
2944 | worker.store.optimisePath(storePath); // FIXME: combine with hashPath() | |
2945 | ||
2946 | ValidPathInfo info2; | |
2947 | info2.path = storePath; | |
2948 | info2.hash = hash.first; | |
2949 | info2.narSize = hash.second; | |
2950 | info2.references = info.references; | |
2951 | info2.deriver = info.deriver; | |
2952 | worker.store.registerValidPath(info2); | |
2953 | ||
2954 | outputLock->setDeletion(true); | |
2955 | outputLock.reset(); | |
2956 | ||
2957 | worker.store.markContentsGood(storePath); | |
2958 | ||
2959 | printMsg(lvlChatty, | |
2960 | format("substitution of path `%1%' succeeded") % storePath); | |
2961 | ||
2962 | if (settings.printBuildTrace) | |
2963 | printMsg(lvlError, format("@ substituter-succeeded %1%") % storePath); | |
2964 | ||
2965 | amDone(ecSuccess); | |
2966 | } | |
2967 | ||
2968 | ||
2969 | void SubstitutionGoal::handleChildOutput(int fd, const string & data) | |
2970 | { | |
2971 | assert(fd == logPipe.readSide); | |
2972 | if (verbosity >= settings.buildVerbosity) writeToStderr(data); | |
2973 | /* Don't write substitution output to a log file for now. We | |
2974 | probably should, though. */ | |
2975 | } | |
2976 | ||
2977 | ||
2978 | void SubstitutionGoal::handleEOF(int fd) | |
2979 | { | |
2980 | if (fd == logPipe.readSide) worker.wakeUp(shared_from_this()); | |
2981 | } | |
2982 | ||
2983 | ||
2984 | ||
2985 | ////////////////////////////////////////////////////////////////////// | |
2986 | ||
2987 | ||
2988 | static bool working = false; | |
2989 | ||
2990 | ||
2991 | Worker::Worker(LocalStore & store) | |
2992 | : store(store) | |
2993 | { | |
2994 | /* Debugging: prevent recursive workers. */ | |
2995 | if (working) abort(); | |
2996 | working = true; | |
2997 | nrLocalBuilds = 0; | |
2998 | lastWokenUp = 0; | |
2999 | permanentFailure = false; | |
2bb04905 | 3000 | timedOut = false; |
36457566 LC |
3001 | } |
3002 | ||
3003 | ||
3004 | Worker::~Worker() | |
3005 | { | |
3006 | working = false; | |
3007 | ||
3008 | /* Explicitly get rid of all strong pointers now. After this all | |
3009 | goals that refer to this worker should be gone. (Otherwise we | |
3010 | are in trouble, since goals may call childTerminated() etc. in | |
3011 | their destructors). */ | |
3012 | topGoals.clear(); | |
3013 | } | |
3014 | ||
3015 | ||
3016 | GoalPtr Worker::makeDerivationGoal(const Path & path, const StringSet & wantedOutputs, BuildMode buildMode) | |
3017 | { | |
3018 | GoalPtr goal = derivationGoals[path].lock(); | |
3019 | if (!goal) { | |
3020 | goal = GoalPtr(new DerivationGoal(path, wantedOutputs, *this, buildMode)); | |
3021 | derivationGoals[path] = goal; | |
3022 | wakeUp(goal); | |
3023 | } else | |
3024 | (dynamic_cast<DerivationGoal *>(goal.get()))->addWantedOutputs(wantedOutputs); | |
3025 | return goal; | |
3026 | } | |
3027 | ||
3028 | ||
3029 | GoalPtr Worker::makeSubstitutionGoal(const Path & path, bool repair) | |
3030 | { | |
3031 | GoalPtr goal = substitutionGoals[path].lock(); | |
3032 | if (!goal) { | |
3033 | goal = GoalPtr(new SubstitutionGoal(path, *this, repair)); | |
3034 | substitutionGoals[path] = goal; | |
3035 | wakeUp(goal); | |
3036 | } | |
3037 | return goal; | |
3038 | } | |
3039 | ||
3040 | ||
3041 | static void removeGoal(GoalPtr goal, WeakGoalMap & goalMap) | |
3042 | { | |
3043 | /* !!! inefficient */ | |
3044 | for (WeakGoalMap::iterator i = goalMap.begin(); | |
3045 | i != goalMap.end(); ) | |
3046 | if (i->second.lock() == goal) { | |
3047 | WeakGoalMap::iterator j = i; ++j; | |
3048 | goalMap.erase(i); | |
3049 | i = j; | |
3050 | } | |
3051 | else ++i; | |
3052 | } | |
3053 | ||
3054 | ||
3055 | void Worker::removeGoal(GoalPtr goal) | |
3056 | { | |
3057 | nix::removeGoal(goal, derivationGoals); | |
3058 | nix::removeGoal(goal, substitutionGoals); | |
3059 | if (topGoals.find(goal) != topGoals.end()) { | |
3060 | topGoals.erase(goal); | |
3061 | /* If a top-level goal failed, then kill all other goals | |
3062 | (unless keepGoing was set). */ | |
3063 | if (goal->getExitCode() == Goal::ecFailed && !settings.keepGoing) | |
3064 | topGoals.clear(); | |
3065 | } | |
3066 | ||
3067 | /* Wake up goals waiting for any goal to finish. */ | |
3068 | foreach (WeakGoals::iterator, i, waitingForAnyGoal) { | |
3069 | GoalPtr goal = i->lock(); | |
3070 | if (goal) wakeUp(goal); | |
3071 | } | |
3072 | ||
3073 | waitingForAnyGoal.clear(); | |
3074 | } | |
3075 | ||
3076 | ||
3077 | void Worker::wakeUp(GoalPtr goal) | |
3078 | { | |
3079 | goal->trace("woken up"); | |
3080 | addToWeakGoals(awake, goal); | |
3081 | } | |
3082 | ||
3083 | ||
3084 | unsigned Worker::getNrLocalBuilds() | |
3085 | { | |
3086 | return nrLocalBuilds; | |
3087 | } | |
3088 | ||
3089 | ||
3090 | void Worker::childStarted(GoalPtr goal, | |
3091 | pid_t pid, const set<int> & fds, bool inBuildSlot, | |
3092 | bool respectTimeouts) | |
3093 | { | |
3094 | Child child; | |
3095 | child.goal = goal; | |
3096 | child.fds = fds; | |
3097 | child.timeStarted = child.lastOutput = time(0); | |
3098 | child.inBuildSlot = inBuildSlot; | |
3099 | child.respectTimeouts = respectTimeouts; | |
3100 | children[pid] = child; | |
3101 | if (inBuildSlot) nrLocalBuilds++; | |
3102 | } | |
3103 | ||
3104 | ||
3105 | void Worker::childTerminated(pid_t pid, bool wakeSleepers) | |
3106 | { | |
3107 | assert(pid != -1); /* common mistake */ | |
3108 | ||
3109 | Children::iterator i = children.find(pid); | |
3110 | assert(i != children.end()); | |
3111 | ||
3112 | if (i->second.inBuildSlot) { | |
3113 | assert(nrLocalBuilds > 0); | |
3114 | nrLocalBuilds--; | |
3115 | } | |
3116 | ||
3117 | children.erase(pid); | |
3118 | ||
3119 | if (wakeSleepers) { | |
3120 | ||
3121 | /* Wake up goals waiting for a build slot. */ | |
3122 | foreach (WeakGoals::iterator, i, wantingToBuild) { | |
3123 | GoalPtr goal = i->lock(); | |
3124 | if (goal) wakeUp(goal); | |
3125 | } | |
3126 | ||
3127 | wantingToBuild.clear(); | |
3128 | } | |
3129 | } | |
3130 | ||
3131 | ||
3132 | void Worker::waitForBuildSlot(GoalPtr goal) | |
3133 | { | |
3134 | debug("wait for build slot"); | |
3135 | if (getNrLocalBuilds() < settings.maxBuildJobs) | |
3136 | wakeUp(goal); /* we can do it right away */ | |
3137 | else | |
3138 | addToWeakGoals(wantingToBuild, goal); | |
3139 | } | |
3140 | ||
3141 | ||
3142 | void Worker::waitForAnyGoal(GoalPtr goal) | |
3143 | { | |
3144 | debug("wait for any goal"); | |
3145 | addToWeakGoals(waitingForAnyGoal, goal); | |
3146 | } | |
3147 | ||
3148 | ||
3149 | void Worker::waitForAWhile(GoalPtr goal) | |
3150 | { | |
3151 | debug("wait for a while"); | |
3152 | addToWeakGoals(waitingForAWhile, goal); | |
3153 | } | |
3154 | ||
3155 | ||
3156 | void Worker::run(const Goals & _topGoals) | |
3157 | { | |
3158 | foreach (Goals::iterator, i, _topGoals) topGoals.insert(*i); | |
3159 | ||
3160 | startNest(nest, lvlDebug, format("entered goal loop")); | |
3161 | ||
3162 | while (1) { | |
3163 | ||
3164 | checkInterrupt(); | |
3165 | ||
2bb04905 LC |
3166 | /* Call every wake goal (in the ordering established by |
3167 | CompareGoalPtrs). */ | |
36457566 | 3168 | while (!awake.empty() && !topGoals.empty()) { |
2bb04905 LC |
3169 | Goals awake2; |
3170 | for (auto & i : awake) { | |
3171 | GoalPtr goal = i.lock(); | |
3172 | if (goal) awake2.insert(goal); | |
3173 | } | |
36457566 | 3174 | awake.clear(); |
2bb04905 | 3175 | for (auto & goal : awake2) { |
36457566 | 3176 | checkInterrupt(); |
2bb04905 LC |
3177 | goal->work(); |
3178 | if (topGoals.empty()) break; // stuff may have been cancelled | |
36457566 LC |
3179 | } |
3180 | } | |
3181 | ||
3182 | if (topGoals.empty()) break; | |
3183 | ||
3184 | /* Wait for input. */ | |
3185 | if (!children.empty() || !waitingForAWhile.empty()) | |
3186 | waitForInput(); | |
3187 | else { | |
3188 | if (awake.empty() && settings.maxBuildJobs == 0) throw Error( | |
3189 | "unable to start any build; either increase `--max-jobs' " | |
3190 | "or enable distributed builds"); | |
3191 | assert(!awake.empty()); | |
3192 | } | |
3193 | } | |
3194 | ||
3195 | /* If --keep-going is not set, it's possible that the main goal | |
3196 | exited while some of its subgoals were still active. But if | |
3197 | --keep-going *is* set, then they must all be finished now. */ | |
3198 | assert(!settings.keepGoing || awake.empty()); | |
3199 | assert(!settings.keepGoing || wantingToBuild.empty()); | |
3200 | assert(!settings.keepGoing || children.empty()); | |
3201 | } | |
3202 | ||
3203 | ||
3204 | void Worker::waitForInput() | |
3205 | { | |
3206 | printMsg(lvlVomit, "waiting for children"); | |
3207 | ||
3208 | /* Process output from the file descriptors attached to the | |
3209 | children, namely log output and output path creation commands. | |
3210 | We also use this to detect child termination: if we get EOF on | |
3211 | the logger pipe of a build, we assume that the builder has | |
3212 | terminated. */ | |
3213 | ||
3214 | bool useTimeout = false; | |
3215 | struct timeval timeout; | |
3216 | timeout.tv_usec = 0; | |
3217 | time_t before = time(0); | |
3218 | ||
3219 | /* If we're monitoring for silence on stdout/stderr, or if there | |
3220 | is a build timeout, then wait for input until the first | |
3221 | deadline for any child. */ | |
3222 | assert(sizeof(time_t) >= sizeof(long)); | |
3223 | time_t nearest = LONG_MAX; // nearest deadline | |
3224 | foreach (Children::iterator, i, children) { | |
3225 | if (!i->second.respectTimeouts) continue; | |
3226 | if (settings.maxSilentTime != 0) | |
3227 | nearest = std::min(nearest, i->second.lastOutput + settings.maxSilentTime); | |
3228 | if (settings.buildTimeout != 0) | |
3229 | nearest = std::min(nearest, i->second.timeStarted + settings.buildTimeout); | |
3230 | } | |
3231 | if (nearest != LONG_MAX) { | |
3232 | timeout.tv_sec = std::max((time_t) 1, nearest - before); | |
3233 | useTimeout = true; | |
3234 | printMsg(lvlVomit, format("sleeping %1% seconds") % timeout.tv_sec); | |
3235 | } | |
3236 | ||
3237 | /* If we are polling goals that are waiting for a lock, then wake | |
3238 | up after a few seconds at most. */ | |
3239 | if (!waitingForAWhile.empty()) { | |
3240 | useTimeout = true; | |
3241 | if (lastWokenUp == 0) | |
3242 | printMsg(lvlError, "waiting for locks or build slots..."); | |
3243 | if (lastWokenUp == 0 || lastWokenUp > before) lastWokenUp = before; | |
3244 | timeout.tv_sec = std::max((time_t) 1, (time_t) (lastWokenUp + settings.pollInterval - before)); | |
3245 | } else lastWokenUp = 0; | |
3246 | ||
3247 | using namespace std; | |
3248 | /* Use select() to wait for the input side of any logger pipe to | |
3249 | become `available'. Note that `available' (i.e., non-blocking) | |
3250 | includes EOF. */ | |
3251 | fd_set fds; | |
3252 | FD_ZERO(&fds); | |
3253 | int fdMax = 0; | |
3254 | foreach (Children::iterator, i, children) { | |
3255 | foreach (set<int>::iterator, j, i->second.fds) { | |
3256 | FD_SET(*j, &fds); | |
3257 | if (*j >= fdMax) fdMax = *j + 1; | |
3258 | } | |
3259 | } | |
3260 | ||
3261 | if (select(fdMax, &fds, 0, 0, useTimeout ? &timeout : 0) == -1) { | |
3262 | if (errno == EINTR) return; | |
3263 | throw SysError("waiting for input"); | |
3264 | } | |
3265 | ||
3266 | time_t after = time(0); | |
3267 | ||
3268 | /* Process all available file descriptors. */ | |
3269 | ||
3270 | /* Since goals may be canceled from inside the loop below (causing | |
3271 | them go be erased from the `children' map), we have to be | |
3272 | careful that we don't keep iterators alive across calls to | |
3273 | cancel(). */ | |
3274 | set<pid_t> pids; | |
3275 | foreach (Children::iterator, i, children) pids.insert(i->first); | |
3276 | ||
3277 | foreach (set<pid_t>::iterator, i, pids) { | |
3278 | checkInterrupt(); | |
3279 | Children::iterator j = children.find(*i); | |
3280 | if (j == children.end()) continue; // child destroyed | |
3281 | GoalPtr goal = j->second.goal.lock(); | |
3282 | assert(goal); | |
3283 | ||
3284 | set<int> fds2(j->second.fds); | |
3285 | foreach (set<int>::iterator, k, fds2) { | |
3286 | if (FD_ISSET(*k, &fds)) { | |
3287 | unsigned char buffer[4096]; | |
3288 | ssize_t rd = read(*k, buffer, sizeof(buffer)); | |
3289 | if (rd == -1) { | |
3290 | if (errno != EINTR) | |
3291 | throw SysError(format("reading from %1%") | |
3292 | % goal->getName()); | |
3293 | } else if (rd == 0) { | |
3294 | debug(format("%1%: got EOF") % goal->getName()); | |
3295 | goal->handleEOF(*k); | |
3296 | j->second.fds.erase(*k); | |
3297 | } else { | |
3298 | printMsg(lvlVomit, format("%1%: read %2% bytes") | |
3299 | % goal->getName() % rd); | |
3300 | string data((char *) buffer, rd); | |
3301 | j->second.lastOutput = after; | |
3302 | goal->handleChildOutput(*k, data); | |
3303 | } | |
3304 | } | |
3305 | } | |
3306 | ||
3307 | if (goal->getExitCode() == Goal::ecBusy && | |
3308 | settings.maxSilentTime != 0 && | |
3309 | j->second.respectTimeouts && | |
3310 | after - j->second.lastOutput >= (time_t) settings.maxSilentTime) | |
3311 | { | |
3312 | printMsg(lvlError, | |
3313 | format("%1% timed out after %2% seconds of silence") | |
3314 | % goal->getName() % settings.maxSilentTime); | |
3315 | goal->cancel(true); | |
2bb04905 | 3316 | timedOut = true; |
36457566 LC |
3317 | } |
3318 | ||
3319 | else if (goal->getExitCode() == Goal::ecBusy && | |
3320 | settings.buildTimeout != 0 && | |
3321 | j->second.respectTimeouts && | |
3322 | after - j->second.timeStarted >= (time_t) settings.buildTimeout) | |
3323 | { | |
3324 | printMsg(lvlError, | |
3325 | format("%1% timed out after %2% seconds") | |
3326 | % goal->getName() % settings.buildTimeout); | |
3327 | goal->cancel(true); | |
2bb04905 | 3328 | timedOut = true; |
36457566 LC |
3329 | } |
3330 | } | |
3331 | ||
3332 | if (!waitingForAWhile.empty() && lastWokenUp + settings.pollInterval <= after) { | |
3333 | lastWokenUp = after; | |
3334 | foreach (WeakGoals::iterator, i, waitingForAWhile) { | |
3335 | GoalPtr goal = i->lock(); | |
3336 | if (goal) wakeUp(goal); | |
3337 | } | |
3338 | waitingForAWhile.clear(); | |
3339 | } | |
3340 | } | |
3341 | ||
3342 | ||
3343 | unsigned int Worker::exitStatus() | |
3344 | { | |
2bb04905 | 3345 | return timedOut ? 101 : (permanentFailure ? 100 : 1); |
36457566 LC |
3346 | } |
3347 | ||
3348 | ||
3349 | ////////////////////////////////////////////////////////////////////// | |
3350 | ||
3351 | ||
3352 | void LocalStore::buildPaths(const PathSet & drvPaths, BuildMode buildMode) | |
3353 | { | |
3354 | startNest(nest, lvlDebug, | |
3355 | format("building %1%") % showPaths(drvPaths)); | |
3356 | ||
3357 | Worker worker(*this); | |
3358 | ||
3359 | Goals goals; | |
3360 | foreach (PathSet::const_iterator, i, drvPaths) { | |
3361 | DrvPathWithOutputs i2 = parseDrvPathWithOutputs(*i); | |
3362 | if (isDerivation(i2.first)) | |
3363 | goals.insert(worker.makeDerivationGoal(i2.first, i2.second, buildMode)); | |
3364 | else | |
3365 | goals.insert(worker.makeSubstitutionGoal(*i, buildMode)); | |
3366 | } | |
3367 | ||
3368 | worker.run(goals); | |
3369 | ||
3370 | PathSet failed; | |
3371 | foreach (Goals::iterator, i, goals) | |
3372 | if ((*i)->getExitCode() == Goal::ecFailed) { | |
3373 | DerivationGoal * i2 = dynamic_cast<DerivationGoal *>(i->get()); | |
3374 | if (i2) failed.insert(i2->getDrvPath()); | |
3375 | else failed.insert(dynamic_cast<SubstitutionGoal *>(i->get())->getStorePath()); | |
3376 | } | |
3377 | ||
3378 | if (!failed.empty()) | |
3379 | throw Error(format("build of %1% failed") % showPaths(failed), worker.exitStatus()); | |
3380 | } | |
3381 | ||
3382 | ||
3383 | void LocalStore::ensurePath(const Path & path) | |
3384 | { | |
3385 | /* If the path is already valid, we're done. */ | |
3386 | if (isValidPath(path)) return; | |
3387 | ||
3388 | Worker worker(*this); | |
3389 | GoalPtr goal = worker.makeSubstitutionGoal(path); | |
3390 | Goals goals = singleton<Goals>(goal); | |
3391 | ||
3392 | worker.run(goals); | |
3393 | ||
3394 | if (goal->getExitCode() != Goal::ecSuccess) | |
3395 | throw Error(format("path `%1%' does not exist and cannot be created") % path, worker.exitStatus()); | |
3396 | } | |
3397 | ||
3398 | ||
3399 | void LocalStore::repairPath(const Path & path) | |
3400 | { | |
3401 | Worker worker(*this); | |
3402 | GoalPtr goal = worker.makeSubstitutionGoal(path, true); | |
3403 | Goals goals = singleton<Goals>(goal); | |
3404 | ||
3405 | worker.run(goals); | |
3406 | ||
3407 | if (goal->getExitCode() != Goal::ecSuccess) | |
3408 | throw Error(format("cannot repair path `%1%'") % path, worker.exitStatus()); | |
3409 | } | |
3410 | ||
3411 | ||
3412 | } |