Commit | Line | Data |
---|---|---|
36457566 LC |
1 | #include "config.h" |
2 | ||
3 | #include "references.hh" | |
4 | #include "pathlocks.hh" | |
5 | #include "misc.hh" | |
6 | #include "globals.hh" | |
7 | #include "local-store.hh" | |
8 | #include "util.hh" | |
9 | #include "archive.hh" | |
10 | #include "affinity.hh" | |
94d92c77 | 11 | #include "builtins.hh" |
36457566 LC |
12 | |
13 | #include <map> | |
14 | #include <sstream> | |
15 | #include <algorithm> | |
16 | ||
15ddeff5 | 17 | #include <limits.h> |
36457566 LC |
18 | #include <time.h> |
19 | #include <sys/time.h> | |
20 | #include <sys/wait.h> | |
21 | #include <sys/types.h> | |
22 | #include <sys/stat.h> | |
23 | #include <sys/utsname.h> | |
24 | #include <fcntl.h> | |
25 | #include <unistd.h> | |
26 | #include <errno.h> | |
27 | #include <stdio.h> | |
28 | #include <cstring> | |
a1aa5dab | 29 | #include <stdint.h> |
36457566 LC |
30 | |
31 | #include <pwd.h> | |
32 | #include <grp.h> | |
33 | ||
29a68668 | 34 | #include <zlib.h> |
f997137d LC |
35 | |
36 | #if HAVE_BZLIB_H | |
37 | # include <bzlib.h> | |
38 | #endif | |
36457566 LC |
39 | |
40 | /* Includes required for chroot support. */ | |
41 | #if HAVE_SYS_PARAM_H | |
42 | #include <sys/param.h> | |
43 | #endif | |
44 | #if HAVE_SYS_MOUNT_H | |
45 | #include <sys/mount.h> | |
46 | #endif | |
54c260e6 LC |
47 | #if HAVE_SYS_SYSCALL_H |
48 | #include <sys/syscall.h> | |
49 | #endif | |
36457566 LC |
50 | #if HAVE_SCHED_H |
51 | #include <sched.h> | |
52 | #endif | |
53 | ||
36457566 | 54 | |
cbe95af7 | 55 | #define CHROOT_ENABLED HAVE_CHROOT && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_PRIVATE) && defined(CLONE_NEWNS) && defined(SYS_pivot_root) |
36457566 LC |
56 | |
57 | #if CHROOT_ENABLED | |
58 | #include <sys/socket.h> | |
59 | #include <sys/ioctl.h> | |
60 | #include <net/if.h> | |
61 | #include <netinet/ip.h> | |
62 | #endif | |
63 | ||
2bb04905 | 64 | #if __linux__ |
36457566 | 65 | #include <sys/personality.h> |
36457566 LC |
66 | #endif |
67 | ||
68 | #if HAVE_STATVFS | |
69 | #include <sys/statvfs.h> | |
70 | #endif | |
71 | ||
72 | ||
73 | namespace nix { | |
74 | ||
75 | using std::map; | |
76 | ||
77 | ||
78 | static string pathNullDevice = "/dev/null"; | |
79 | ||
80 | ||
81 | /* Forward definition. */ | |
82 | class Worker; | |
83 | struct HookInstance; | |
84 | ||
85 | ||
86 | /* A pointer to a goal. */ | |
87 | class Goal; | |
f3ff1da4 | 88 | class DerivationGoal; |
36457566 LC |
89 | typedef std::shared_ptr<Goal> GoalPtr; |
90 | typedef std::weak_ptr<Goal> WeakGoalPtr; | |
91 | ||
2bb04905 LC |
92 | struct CompareGoalPtrs { |
93 | bool operator() (const GoalPtr & a, const GoalPtr & b); | |
94 | }; | |
95 | ||
36457566 | 96 | /* Set of goals. */ |
2bb04905 | 97 | typedef set<GoalPtr, CompareGoalPtrs> Goals; |
36457566 LC |
98 | typedef list<WeakGoalPtr> WeakGoals; |
99 | ||
100 | /* A map of paths to goals (and the other way around). */ | |
101 | typedef map<Path, WeakGoalPtr> WeakGoalMap; | |
102 | ||
103 | ||
104 | ||
105 | class Goal : public std::enable_shared_from_this<Goal> | |
106 | { | |
107 | public: | |
108 | typedef enum {ecBusy, ecSuccess, ecFailed, ecNoSubstituters, ecIncompleteClosure} ExitCode; | |
109 | ||
110 | protected: | |
111 | ||
112 | /* Backlink to the worker. */ | |
113 | Worker & worker; | |
114 | ||
115 | /* Goals that this goal is waiting for. */ | |
116 | Goals waitees; | |
117 | ||
118 | /* Goals waiting for this one to finish. Must use weak pointers | |
119 | here to prevent cycles. */ | |
120 | WeakGoals waiters; | |
121 | ||
122 | /* Number of goals we are/were waiting for that have failed. */ | |
123 | unsigned int nrFailed; | |
124 | ||
125 | /* Number of substitution goals we are/were waiting for that | |
126 | failed because there are no substituters. */ | |
127 | unsigned int nrNoSubstituters; | |
128 | ||
129 | /* Number of substitution goals we are/were waiting for that | |
130 | failed because othey had unsubstitutable references. */ | |
131 | unsigned int nrIncompleteClosure; | |
132 | ||
133 | /* Name of this goal for debugging purposes. */ | |
134 | string name; | |
135 | ||
136 | /* Whether the goal is finished. */ | |
137 | ExitCode exitCode; | |
138 | ||
139 | Goal(Worker & worker) : worker(worker) | |
140 | { | |
141 | nrFailed = nrNoSubstituters = nrIncompleteClosure = 0; | |
142 | exitCode = ecBusy; | |
143 | } | |
144 | ||
145 | virtual ~Goal() | |
146 | { | |
147 | trace("goal destroyed"); | |
148 | } | |
149 | ||
150 | public: | |
151 | virtual void work() = 0; | |
152 | ||
153 | void addWaitee(GoalPtr waitee); | |
154 | ||
155 | virtual void waiteeDone(GoalPtr waitee, ExitCode result); | |
156 | ||
157 | virtual void handleChildOutput(int fd, const string & data) | |
158 | { | |
159 | abort(); | |
160 | } | |
161 | ||
162 | virtual void handleEOF(int fd) | |
163 | { | |
164 | abort(); | |
165 | } | |
166 | ||
167 | void trace(const format & f); | |
168 | ||
169 | string getName() | |
170 | { | |
171 | return name; | |
172 | } | |
173 | ||
174 | ExitCode getExitCode() | |
175 | { | |
176 | return exitCode; | |
177 | } | |
178 | ||
f3ff1da4 ED |
179 | /* Callback in case of a timeout. It should wake up its waiters, |
180 | get rid of any running child processes that are being monitored | |
181 | by the worker (important!), etc. */ | |
182 | virtual void timedOut() = 0; | |
36457566 | 183 | |
2bb04905 LC |
184 | virtual string key() = 0; |
185 | ||
36457566 LC |
186 | protected: |
187 | void amDone(ExitCode result); | |
188 | }; | |
189 | ||
190 | ||
2bb04905 LC |
191 | bool CompareGoalPtrs::operator() (const GoalPtr & a, const GoalPtr & b) { |
192 | string s1 = a->key(); | |
193 | string s2 = b->key(); | |
194 | return s1 < s2; | |
195 | } | |
196 | ||
197 | ||
36457566 LC |
198 | /* A mapping used to remember for each child process to what goal it |
199 | belongs, and file descriptors for receiving log data and output | |
200 | path creation commands. */ | |
201 | struct Child | |
202 | { | |
203 | WeakGoalPtr goal; | |
204 | set<int> fds; | |
205 | bool respectTimeouts; | |
206 | bool inBuildSlot; | |
207 | time_t lastOutput; /* time we last got output on stdout/stderr */ | |
208 | time_t timeStarted; | |
209 | }; | |
210 | ||
211 | typedef map<pid_t, Child> Children; | |
212 | ||
213 | ||
214 | /* The worker class. */ | |
215 | class Worker | |
216 | { | |
217 | private: | |
218 | ||
219 | /* Note: the worker should only have strong pointers to the | |
220 | top-level goals. */ | |
221 | ||
222 | /* The top-level goals of the worker. */ | |
223 | Goals topGoals; | |
224 | ||
225 | /* Goals that are ready to do some work. */ | |
226 | WeakGoals awake; | |
227 | ||
228 | /* Goals waiting for a build slot. */ | |
229 | WeakGoals wantingToBuild; | |
230 | ||
231 | /* Child processes currently running. */ | |
232 | Children children; | |
233 | ||
234 | /* Number of build slots occupied. This includes local builds and | |
235 | substitutions but not remote builds via the build hook. */ | |
236 | unsigned int nrLocalBuilds; | |
237 | ||
238 | /* Maps used to prevent multiple instantiations of a goal for the | |
239 | same derivation / path. */ | |
240 | WeakGoalMap derivationGoals; | |
241 | WeakGoalMap substitutionGoals; | |
242 | ||
243 | /* Goals waiting for busy paths to be unlocked. */ | |
244 | WeakGoals waitingForAnyGoal; | |
245 | ||
246 | /* Goals sleeping for a few seconds (polling a lock). */ | |
247 | WeakGoals waitingForAWhile; | |
248 | ||
249 | /* Last time the goals in `waitingForAWhile' where woken up. */ | |
250 | time_t lastWokenUp; | |
251 | ||
252 | public: | |
253 | ||
254 | /* Set if at least one derivation had a BuildError (i.e. permanent | |
255 | failure). */ | |
256 | bool permanentFailure; | |
257 | ||
2bb04905 LC |
258 | /* Set if at least one derivation had a timeout. */ |
259 | bool timedOut; | |
260 | ||
36457566 LC |
261 | LocalStore & store; |
262 | ||
263 | std::shared_ptr<HookInstance> hook; | |
264 | ||
265 | Worker(LocalStore & store); | |
266 | ~Worker(); | |
267 | ||
268 | /* Make a goal (with caching). */ | |
269 | GoalPtr makeDerivationGoal(const Path & drvPath, const StringSet & wantedOutputs, BuildMode buildMode = bmNormal); | |
270 | GoalPtr makeSubstitutionGoal(const Path & storePath, bool repair = false); | |
271 | ||
272 | /* Remove a dead goal. */ | |
273 | void removeGoal(GoalPtr goal); | |
274 | ||
275 | /* Wake up a goal (i.e., there is something for it to do). */ | |
276 | void wakeUp(GoalPtr goal); | |
277 | ||
278 | /* Return the number of local build and substitution processes | |
279 | currently running (but not remote builds via the build | |
280 | hook). */ | |
281 | unsigned int getNrLocalBuilds(); | |
282 | ||
283 | /* Registers a running child process. `inBuildSlot' means that | |
284 | the process counts towards the jobs limit. */ | |
285 | void childStarted(GoalPtr goal, pid_t pid, | |
286 | const set<int> & fds, bool inBuildSlot, bool respectTimeouts); | |
287 | ||
288 | /* Unregisters a running child process. `wakeSleepers' should be | |
289 | false if there is no sense in waking up goals that are sleeping | |
290 | because they can't run yet (e.g., there is no free build slot, | |
291 | or the hook would still say `postpone'). */ | |
292 | void childTerminated(pid_t pid, bool wakeSleepers = true); | |
293 | ||
294 | /* Put `goal' to sleep until a build slot becomes available (which | |
295 | might be right away). */ | |
296 | void waitForBuildSlot(GoalPtr goal); | |
297 | ||
298 | /* Wait for any goal to finish. Pretty indiscriminate way to | |
299 | wait for some resource that some other goal is holding. */ | |
300 | void waitForAnyGoal(GoalPtr goal); | |
301 | ||
302 | /* Wait for a few seconds and then retry this goal. Used when | |
303 | waiting for a lock held by another process. This kind of | |
304 | polling is inefficient, but POSIX doesn't really provide a way | |
305 | to wait for multiple locks in the main select() loop. */ | |
306 | void waitForAWhile(GoalPtr goal); | |
307 | ||
308 | /* Loop until the specified top-level goals have finished. */ | |
309 | void run(const Goals & topGoals); | |
310 | ||
311 | /* Wait for input to become available. */ | |
312 | void waitForInput(); | |
313 | ||
314 | unsigned int exitStatus(); | |
315 | }; | |
316 | ||
317 | ||
318 | ////////////////////////////////////////////////////////////////////// | |
319 | ||
320 | ||
321 | void addToWeakGoals(WeakGoals & goals, GoalPtr p) | |
322 | { | |
323 | // FIXME: necessary? | |
2bb04905 | 324 | // FIXME: O(n) |
36457566 LC |
325 | foreach (WeakGoals::iterator, i, goals) |
326 | if (i->lock() == p) return; | |
327 | goals.push_back(p); | |
328 | } | |
329 | ||
330 | ||
331 | void Goal::addWaitee(GoalPtr waitee) | |
332 | { | |
333 | waitees.insert(waitee); | |
334 | addToWeakGoals(waitee->waiters, shared_from_this()); | |
335 | } | |
336 | ||
337 | ||
338 | void Goal::waiteeDone(GoalPtr waitee, ExitCode result) | |
339 | { | |
340 | assert(waitees.find(waitee) != waitees.end()); | |
341 | waitees.erase(waitee); | |
342 | ||
343 | trace(format("waitee `%1%' done; %2% left") % | |
344 | waitee->name % waitees.size()); | |
345 | ||
346 | if (result == ecFailed || result == ecNoSubstituters || result == ecIncompleteClosure) ++nrFailed; | |
347 | ||
348 | if (result == ecNoSubstituters) ++nrNoSubstituters; | |
349 | ||
350 | if (result == ecIncompleteClosure) ++nrIncompleteClosure; | |
351 | ||
352 | if (waitees.empty() || (result == ecFailed && !settings.keepGoing)) { | |
353 | ||
354 | /* If we failed and keepGoing is not set, we remove all | |
355 | remaining waitees. */ | |
356 | foreach (Goals::iterator, i, waitees) { | |
357 | GoalPtr goal = *i; | |
358 | WeakGoals waiters2; | |
359 | foreach (WeakGoals::iterator, j, goal->waiters) | |
360 | if (j->lock() != shared_from_this()) waiters2.push_back(*j); | |
361 | goal->waiters = waiters2; | |
362 | } | |
363 | waitees.clear(); | |
364 | ||
365 | worker.wakeUp(shared_from_this()); | |
366 | } | |
367 | } | |
368 | ||
369 | ||
370 | void Goal::amDone(ExitCode result) | |
371 | { | |
372 | trace("done"); | |
373 | assert(exitCode == ecBusy); | |
374 | assert(result == ecSuccess || result == ecFailed || result == ecNoSubstituters || result == ecIncompleteClosure); | |
375 | exitCode = result; | |
376 | foreach (WeakGoals::iterator, i, waiters) { | |
377 | GoalPtr goal = i->lock(); | |
378 | if (goal) goal->waiteeDone(shared_from_this(), result); | |
379 | } | |
380 | waiters.clear(); | |
381 | worker.removeGoal(shared_from_this()); | |
382 | } | |
383 | ||
384 | ||
385 | void Goal::trace(const format & f) | |
386 | { | |
387 | debug(format("%1%: %2%") % name % f); | |
388 | } | |
389 | ||
390 | ||
391 | ||
392 | ////////////////////////////////////////////////////////////////////// | |
393 | ||
394 | ||
395 | /* Common initialisation performed in child processes. */ | |
396 | static void commonChildInit(Pipe & logPipe) | |
397 | { | |
36457566 LC |
398 | /* Put the child in a separate session (and thus a separate |
399 | process group) so that it has no controlling terminal (meaning | |
400 | that e.g. ssh cannot open /dev/tty) and it doesn't receive | |
401 | terminal signals. */ | |
402 | if (setsid() == -1) | |
403 | throw SysError(format("creating a new session")); | |
404 | ||
405 | /* Dup the write side of the logger pipe into stderr. */ | |
406 | if (dup2(logPipe.writeSide, STDERR_FILENO) == -1) | |
407 | throw SysError("cannot pipe standard error into log file"); | |
408 | ||
409 | /* Dup stderr to stdout. */ | |
410 | if (dup2(STDERR_FILENO, STDOUT_FILENO) == -1) | |
411 | throw SysError("cannot dup stderr into stdout"); | |
412 | ||
413 | /* Reroute stdin to /dev/null. */ | |
414 | int fdDevNull = open(pathNullDevice.c_str(), O_RDWR); | |
415 | if (fdDevNull == -1) | |
416 | throw SysError(format("cannot open `%1%'") % pathNullDevice); | |
417 | if (dup2(fdDevNull, STDIN_FILENO) == -1) | |
418 | throw SysError("cannot dup null device into stdin"); | |
419 | close(fdDevNull); | |
420 | } | |
421 | ||
36457566 LC |
422 | /* Restore default handling of SIGPIPE, otherwise some programs will |
423 | randomly say "Broken pipe". */ | |
424 | static void restoreSIGPIPE() | |
425 | { | |
426 | struct sigaction act, oact; | |
427 | act.sa_handler = SIG_DFL; | |
428 | act.sa_flags = 0; | |
429 | sigemptyset(&act.sa_mask); | |
430 | if (sigaction(SIGPIPE, &act, &oact)) throw SysError("resetting SIGPIPE"); | |
431 | } | |
432 | ||
433 | ||
434 | ////////////////////////////////////////////////////////////////////// | |
435 | ||
436 | ||
437 | class UserLock | |
438 | { | |
439 | private: | |
440 | /* POSIX locks suck. If we have a lock on a file, and we open and | |
441 | close that file again (without closing the original file | |
442 | descriptor), we lose the lock. So we have to be *very* careful | |
443 | not to open a lock file on which we are holding a lock. */ | |
444 | static PathSet lockedPaths; /* !!! not thread-safe */ | |
445 | ||
446 | Path fnUserLock; | |
447 | AutoCloseFD fdUserLock; | |
448 | ||
449 | string user; | |
450 | uid_t uid; | |
451 | gid_t gid; | |
322eeb87 | 452 | std::vector<gid_t> supplementaryGIDs; |
36457566 LC |
453 | |
454 | public: | |
455 | UserLock(); | |
456 | ~UserLock(); | |
457 | ||
458 | void acquire(); | |
459 | void release(); | |
460 | ||
461 | void kill(); | |
462 | ||
463 | string getUser() { return user; } | |
464 | uid_t getUID() { return uid; } | |
465 | uid_t getGID() { return gid; } | |
322eeb87 | 466 | std::vector<gid_t> getSupplementaryGIDs() { return supplementaryGIDs; } |
36457566 LC |
467 | |
468 | bool enabled() { return uid != 0; } | |
469 | ||
470 | }; | |
471 | ||
472 | ||
473 | PathSet UserLock::lockedPaths; | |
474 | ||
475 | ||
476 | UserLock::UserLock() | |
477 | { | |
478 | uid = gid = 0; | |
479 | } | |
480 | ||
481 | ||
482 | UserLock::~UserLock() | |
483 | { | |
484 | release(); | |
485 | } | |
486 | ||
487 | ||
488 | void UserLock::acquire() | |
489 | { | |
490 | assert(uid == 0); | |
491 | ||
492 | assert(settings.buildUsersGroup != ""); | |
493 | ||
494 | /* Get the members of the build-users-group. */ | |
495 | struct group * gr = getgrnam(settings.buildUsersGroup.c_str()); | |
496 | if (!gr) | |
497 | throw Error(format("the group `%1%' specified in `build-users-group' does not exist") | |
498 | % settings.buildUsersGroup); | |
499 | gid = gr->gr_gid; | |
500 | ||
501 | /* Copy the result of getgrnam. */ | |
502 | Strings users; | |
503 | for (char * * p = gr->gr_mem; *p; ++p) { | |
504 | debug(format("found build user `%1%'") % *p); | |
505 | users.push_back(*p); | |
506 | } | |
507 | ||
508 | if (users.empty()) | |
509 | throw Error(format("the build users group `%1%' has no members") | |
510 | % settings.buildUsersGroup); | |
511 | ||
512 | /* Find a user account that isn't currently in use for another | |
513 | build. */ | |
514 | foreach (Strings::iterator, i, users) { | |
515 | debug(format("trying user `%1%'") % *i); | |
516 | ||
517 | struct passwd * pw = getpwnam(i->c_str()); | |
518 | if (!pw) | |
519 | throw Error(format("the user `%1%' in the group `%2%' does not exist") | |
520 | % *i % settings.buildUsersGroup); | |
521 | ||
522 | createDirs(settings.nixStateDir + "/userpool"); | |
523 | ||
524 | fnUserLock = (format("%1%/userpool/%2%") % settings.nixStateDir % pw->pw_uid).str(); | |
525 | ||
526 | if (lockedPaths.find(fnUserLock) != lockedPaths.end()) | |
527 | /* We already have a lock on this one. */ | |
528 | continue; | |
529 | ||
530 | AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT, 0600); | |
531 | if (fd == -1) | |
532 | throw SysError(format("opening user lock `%1%'") % fnUserLock); | |
533 | closeOnExec(fd); | |
534 | ||
535 | if (lockFile(fd, ltWrite, false)) { | |
536 | fdUserLock = fd.borrow(); | |
537 | lockedPaths.insert(fnUserLock); | |
538 | user = *i; | |
539 | uid = pw->pw_uid; | |
540 | ||
541 | /* Sanity check... */ | |
542 | if (uid == getuid() || uid == geteuid()) | |
8327e733 | 543 | throw Error(format("the build user should not be a member of `%1%'") |
36457566 LC |
544 | % settings.buildUsersGroup); |
545 | ||
322eeb87 LC |
546 | /* Get the list of supplementary groups of this build user. This |
547 | is usually either empty or contains a group such as "kvm". */ | |
548 | supplementaryGIDs.resize(10); | |
549 | int ngroups = supplementaryGIDs.size(); | |
550 | int err = getgrouplist(pw->pw_name, pw->pw_gid, | |
551 | supplementaryGIDs.data(), &ngroups); | |
552 | if (err == -1) | |
553 | throw Error(format("failed to get list of supplementary groups for ‘%1%’") % pw->pw_name); | |
554 | ||
555 | supplementaryGIDs.resize(ngroups); | |
556 | ||
36457566 LC |
557 | return; |
558 | } | |
559 | } | |
560 | ||
561 | throw Error(format("all build users are currently in use; " | |
562 | "consider creating additional users and adding them to the `%1%' group") | |
563 | % settings.buildUsersGroup); | |
564 | } | |
565 | ||
566 | ||
567 | void UserLock::release() | |
568 | { | |
569 | if (uid == 0) return; | |
570 | fdUserLock.close(); /* releases lock */ | |
571 | assert(lockedPaths.find(fnUserLock) != lockedPaths.end()); | |
572 | lockedPaths.erase(fnUserLock); | |
573 | fnUserLock = ""; | |
574 | uid = 0; | |
575 | } | |
576 | ||
577 | ||
578 | void UserLock::kill() | |
579 | { | |
580 | assert(enabled()); | |
581 | killUser(uid); | |
582 | } | |
583 | ||
584 | ||
585 | ////////////////////////////////////////////////////////////////////// | |
586 | ||
587 | ||
588 | struct HookInstance | |
589 | { | |
590 | /* Pipes for talking to the build hook. */ | |
591 | Pipe toHook; | |
592 | ||
593 | /* Pipe for the hook's standard output/error. */ | |
594 | Pipe fromHook; | |
595 | ||
596 | /* Pipe for the builder's standard output/error. */ | |
597 | Pipe builderOut; | |
598 | ||
599 | /* The process ID of the hook. */ | |
600 | Pid pid; | |
601 | ||
602 | HookInstance(); | |
603 | ||
604 | ~HookInstance(); | |
605 | }; | |
606 | ||
607 | ||
608 | HookInstance::HookInstance() | |
609 | { | |
610 | debug("starting build hook"); | |
611 | ||
bc69ea2d | 612 | const Path &buildHook = settings.guixProgram; |
36457566 LC |
613 | |
614 | /* Create a pipe to get the output of the child. */ | |
615 | fromHook.create(); | |
616 | ||
617 | /* Create the communication pipes. */ | |
618 | toHook.create(); | |
619 | ||
620 | /* Create a pipe to get the output of the builder. */ | |
621 | builderOut.create(); | |
622 | ||
623 | /* Fork the hook. */ | |
2bb04905 | 624 | pid = startProcess([&]() { |
36457566 | 625 | |
2bb04905 | 626 | commonChildInit(fromHook); |
36457566 | 627 | |
2bb04905 | 628 | if (chdir("/") == -1) throw SysError("changing into `/"); |
36457566 | 629 | |
2bb04905 LC |
630 | /* Dup the communication pipes. */ |
631 | if (dup2(toHook.readSide, STDIN_FILENO) == -1) | |
632 | throw SysError("dupping to-hook read side"); | |
36457566 | 633 | |
2bb04905 LC |
634 | /* Use fd 4 for the builder's stdout/stderr. */ |
635 | if (dup2(builderOut.writeSide, 4) == -1) | |
636 | throw SysError("dupping builder's stdout/stderr"); | |
36457566 | 637 | |
bc69ea2d LC |
638 | execl(buildHook.c_str(), buildHook.c_str(), "offload", |
639 | settings.thisSystem.c_str(), | |
2bb04905 LC |
640 | (format("%1%") % settings.maxSilentTime).str().c_str(), |
641 | (format("%1%") % settings.printBuildTrace).str().c_str(), | |
642 | (format("%1%") % settings.buildTimeout).str().c_str(), | |
643 | NULL); | |
36457566 | 644 | |
bc69ea2d | 645 | throw SysError(format("executing `%1% offload'") % buildHook); |
2bb04905 | 646 | }); |
36457566 | 647 | |
36457566 | 648 | pid.setSeparatePG(true); |
36457566 LC |
649 | fromHook.writeSide.close(); |
650 | toHook.readSide.close(); | |
651 | } | |
652 | ||
653 | ||
654 | HookInstance::~HookInstance() | |
655 | { | |
656 | try { | |
2bb04905 LC |
657 | toHook.writeSide.close(); |
658 | pid.kill(true); | |
36457566 LC |
659 | } catch (...) { |
660 | ignoreException(); | |
661 | } | |
662 | } | |
663 | ||
664 | ||
665 | ////////////////////////////////////////////////////////////////////// | |
666 | ||
667 | ||
668 | typedef map<string, string> HashRewrites; | |
669 | ||
670 | ||
671 | string rewriteHashes(string s, const HashRewrites & rewrites) | |
672 | { | |
673 | foreach (HashRewrites::const_iterator, i, rewrites) { | |
674 | assert(i->first.size() == i->second.size()); | |
675 | size_t j = 0; | |
676 | while ((j = s.find(i->first, j)) != string::npos) { | |
677 | debug(format("rewriting @ %1%") % j); | |
678 | s.replace(j, i->second.size(), i->second); | |
679 | } | |
680 | } | |
681 | return s; | |
682 | } | |
683 | ||
684 | ||
685 | ////////////////////////////////////////////////////////////////////// | |
686 | ||
687 | ||
688 | typedef enum {rpAccept, rpDecline, rpPostpone} HookReply; | |
689 | ||
690 | class SubstitutionGoal; | |
691 | ||
692 | class DerivationGoal : public Goal | |
693 | { | |
694 | private: | |
695 | /* The path of the derivation. */ | |
696 | Path drvPath; | |
697 | ||
698 | /* The specific outputs that we need to build. Empty means all of | |
699 | them. */ | |
700 | StringSet wantedOutputs; | |
701 | ||
702 | /* Whether additional wanted outputs have been added. */ | |
703 | bool needRestart; | |
704 | ||
705 | /* Whether to retry substituting the outputs after building the | |
706 | inputs. */ | |
707 | bool retrySubstitution; | |
708 | ||
709 | /* The derivation stored at drvPath. */ | |
710 | Derivation drv; | |
711 | ||
712 | /* The remainder is state held during the build. */ | |
713 | ||
714 | /* Locks on the output paths. */ | |
715 | PathLocks outputLocks; | |
716 | ||
717 | /* All input paths (that is, the union of FS closures of the | |
718 | immediate input paths). */ | |
719 | PathSet inputPaths; | |
720 | ||
721 | /* Referenceable paths (i.e., input and output paths). */ | |
722 | PathSet allPaths; | |
723 | ||
724 | /* Outputs that are already valid. If we're repairing, these are | |
725 | the outputs that are valid *and* not corrupt. */ | |
726 | PathSet validPaths; | |
727 | ||
728 | /* Outputs that are corrupt or not valid. */ | |
729 | PathSet missingPaths; | |
730 | ||
731 | /* User selected for running the builder. */ | |
732 | UserLock buildUser; | |
733 | ||
734 | /* The process ID of the builder. */ | |
735 | Pid pid; | |
736 | ||
737 | /* The temporary directory. */ | |
738 | Path tmpDir; | |
739 | ||
cb960102 ED |
740 | /* The path of the temporary directory in the sandbox. */ |
741 | Path tmpDirInSandbox; | |
742 | ||
36457566 LC |
743 | /* File descriptor for the log file. */ |
744 | FILE * fLogFile; | |
29a68668 | 745 | gzFile gzLogFile; |
f997137d | 746 | #if HAVE_BZLIB_H |
36457566 | 747 | BZFILE * bzLogFile; |
f997137d | 748 | #endif |
36457566 LC |
749 | AutoCloseFD fdLogFile; |
750 | ||
751 | /* Number of bytes received from the builder's stdout/stderr. */ | |
752 | unsigned long logSize; | |
753 | ||
754 | /* Pipe for the builder's standard output/error. */ | |
755 | Pipe builderOut; | |
756 | ||
757 | /* The build hook. */ | |
758 | std::shared_ptr<HookInstance> hook; | |
759 | ||
760 | /* Whether we're currently doing a chroot build. */ | |
761 | bool useChroot; | |
762 | ||
763 | Path chrootRootDir; | |
764 | ||
765 | /* RAII object to delete the chroot directory. */ | |
766 | std::shared_ptr<AutoDelete> autoDelChroot; | |
767 | ||
768 | /* All inputs that are regular files. */ | |
769 | PathSet regularInputPaths; | |
770 | ||
771 | /* Whether this is a fixed-output derivation. */ | |
772 | bool fixedOutput; | |
773 | ||
774 | typedef void (DerivationGoal::*GoalState)(); | |
775 | GoalState state; | |
776 | ||
54c260e6 | 777 | /* Stuff we need to pass to runChild(). */ |
36457566 LC |
778 | typedef map<Path, Path> DirsInChroot; // maps target path to source path |
779 | DirsInChroot dirsInChroot; | |
780 | typedef map<string, string> Environment; | |
781 | Environment env; | |
782 | ||
783 | /* Hash rewriting. */ | |
784 | HashRewrites rewritesToTmp, rewritesFromTmp; | |
785 | typedef map<Path, Path> RedirectedOutputs; | |
786 | RedirectedOutputs redirectedOutputs; | |
787 | ||
788 | BuildMode buildMode; | |
789 | ||
790 | /* If we're repairing without a chroot, there may be outputs that | |
791 | are valid but corrupt. So we redirect these outputs to | |
792 | temporary paths. */ | |
793 | PathSet redirectedBadOutputs; | |
794 | ||
b23b4d39 ED |
795 | /* The current round, if we're building multiple times. */ |
796 | unsigned int curRound = 1; | |
797 | ||
798 | unsigned int nrRounds; | |
799 | ||
800 | /* Path registration info from the previous round, if we're | |
801 | building multiple times. Since this contains the hash, it | |
802 | allows us to compare whether two rounds produced the same | |
803 | result. */ | |
804 | ValidPathInfos prevInfos; | |
36457566 | 805 | |
f3ff1da4 ED |
806 | BuildResult result; |
807 | ||
36457566 LC |
808 | public: |
809 | DerivationGoal(const Path & drvPath, const StringSet & wantedOutputs, Worker & worker, BuildMode buildMode = bmNormal); | |
810 | ~DerivationGoal(); | |
811 | ||
f3ff1da4 | 812 | void timedOut() override; |
36457566 | 813 | |
2bb04905 LC |
814 | string key() |
815 | { | |
816 | /* Ensure that derivations get built in order of their name, | |
817 | i.e. a derivation named "aardvark" always comes before | |
818 | "baboon". And substitution goals always happen before | |
819 | derivation goals (due to "b$"). */ | |
820 | return "b$" + storePathToName(drvPath) + "$" + drvPath; | |
821 | } | |
822 | ||
36457566 LC |
823 | void work(); |
824 | ||
825 | Path getDrvPath() | |
826 | { | |
827 | return drvPath; | |
828 | } | |
829 | ||
830 | /* Add wanted outputs to an already existing derivation goal. */ | |
831 | void addWantedOutputs(const StringSet & outputs); | |
832 | ||
f3ff1da4 ED |
833 | BuildResult getResult() { return result; } |
834 | ||
36457566 LC |
835 | private: |
836 | /* The states. */ | |
837 | void init(); | |
838 | void haveDerivation(); | |
839 | void outputsSubstituted(); | |
840 | void closureRepaired(); | |
841 | void inputsRealised(); | |
842 | void tryToBuild(); | |
843 | void buildDone(); | |
844 | ||
845 | /* Is the build hook willing to perform the build? */ | |
846 | HookReply tryBuildHook(); | |
847 | ||
848 | /* Start building a derivation. */ | |
849 | void startBuilder(); | |
850 | ||
54c260e6 LC |
851 | /* Run the builder's process. */ |
852 | void runChild(); | |
36457566 LC |
853 | |
854 | friend int childEntry(void *); | |
855 | ||
856 | /* Check that the derivation outputs all exist and register them | |
857 | as valid. */ | |
858 | void registerOutputs(); | |
859 | ||
860 | /* Open a log file and a pipe to it. */ | |
861 | Path openLogFile(); | |
862 | ||
863 | /* Close the log file. */ | |
864 | void closeLogFile(); | |
865 | ||
866 | /* Delete the temporary directory, if we have one. */ | |
867 | void deleteTmpDir(bool force); | |
868 | ||
869 | /* Callback used by the worker to write to the log. */ | |
870 | void handleChildOutput(int fd, const string & data); | |
871 | void handleEOF(int fd); | |
872 | ||
873 | /* Return the set of (in)valid paths. */ | |
874 | PathSet checkPathValidity(bool returnValid, bool checkHash); | |
875 | ||
876 | /* Abort the goal if `path' failed to build. */ | |
877 | bool pathFailed(const Path & path); | |
878 | ||
879 | /* Forcibly kill the child process, if any. */ | |
880 | void killChild(); | |
881 | ||
882 | Path addHashRewrite(const Path & path); | |
883 | ||
884 | void repairClosure(); | |
f3ff1da4 ED |
885 | |
886 | void done(BuildResult::Status status, const string & msg = ""); | |
36457566 LC |
887 | }; |
888 | ||
889 | ||
890 | DerivationGoal::DerivationGoal(const Path & drvPath, const StringSet & wantedOutputs, Worker & worker, BuildMode buildMode) | |
891 | : Goal(worker) | |
892 | , wantedOutputs(wantedOutputs) | |
893 | , needRestart(false) | |
894 | , retrySubstitution(false) | |
895 | , fLogFile(0) | |
29a68668 | 896 | , gzLogFile(0) |
f997137d | 897 | #if HAVE_BZLIB_H |
36457566 | 898 | , bzLogFile(0) |
f997137d | 899 | #endif |
36457566 LC |
900 | , useChroot(false) |
901 | , buildMode(buildMode) | |
902 | { | |
903 | this->drvPath = drvPath; | |
904 | state = &DerivationGoal::init; | |
905 | name = (format("building of `%1%'") % drvPath).str(); | |
906 | trace("created"); | |
538684d0 ED |
907 | |
908 | /* Prevent the .chroot directory from being | |
909 | garbage-collected. (See isActiveTempFile() in gc.cc.) */ | |
910 | worker.store.addTempRoot(drvPath); | |
36457566 LC |
911 | } |
912 | ||
913 | ||
914 | DerivationGoal::~DerivationGoal() | |
915 | { | |
916 | /* Careful: we should never ever throw an exception from a | |
917 | destructor. */ | |
2bb04905 LC |
918 | try { killChild(); } catch (...) { ignoreException(); } |
919 | try { deleteTmpDir(false); } catch (...) { ignoreException(); } | |
920 | try { closeLogFile(); } catch (...) { ignoreException(); } | |
36457566 LC |
921 | } |
922 | ||
923 | ||
924 | void DerivationGoal::killChild() | |
925 | { | |
926 | if (pid != -1) { | |
927 | worker.childTerminated(pid); | |
928 | ||
929 | if (buildUser.enabled()) { | |
930 | /* If we're using a build user, then there is a tricky | |
931 | race condition: if we kill the build user before the | |
932 | child has done its setuid() to the build user uid, then | |
933 | it won't be killed, and we'll potentially lock up in | |
934 | pid.wait(). So also send a conventional kill to the | |
935 | child. */ | |
936 | ::kill(-pid, SIGKILL); /* ignore the result */ | |
937 | buildUser.kill(); | |
938 | pid.wait(true); | |
939 | } else | |
940 | pid.kill(); | |
941 | ||
942 | assert(pid == -1); | |
943 | } | |
944 | ||
af73beeb LC |
945 | /* If there was a build hook involved, remove it from the worker's |
946 | children. */ | |
947 | if (hook && hook->pid != -1) { | |
948 | worker.childTerminated(hook->pid); | |
949 | } | |
36457566 LC |
950 | hook.reset(); |
951 | } | |
952 | ||
953 | ||
f3ff1da4 | 954 | void DerivationGoal::timedOut() |
36457566 | 955 | { |
f3ff1da4 | 956 | if (settings.printBuildTrace) |
36457566 LC |
957 | printMsg(lvlError, format("@ build-failed %1% - timeout") % drvPath); |
958 | killChild(); | |
f3ff1da4 | 959 | done(BuildResult::TimedOut); |
36457566 LC |
960 | } |
961 | ||
962 | ||
963 | void DerivationGoal::work() | |
964 | { | |
965 | (this->*state)(); | |
966 | } | |
967 | ||
968 | ||
969 | void DerivationGoal::addWantedOutputs(const StringSet & outputs) | |
970 | { | |
971 | /* If we already want all outputs, there is nothing to do. */ | |
972 | if (wantedOutputs.empty()) return; | |
973 | ||
974 | if (outputs.empty()) { | |
975 | wantedOutputs.clear(); | |
976 | needRestart = true; | |
977 | } else | |
978 | foreach (StringSet::const_iterator, i, outputs) | |
979 | if (wantedOutputs.find(*i) == wantedOutputs.end()) { | |
980 | wantedOutputs.insert(*i); | |
981 | needRestart = true; | |
982 | } | |
983 | } | |
984 | ||
985 | ||
986 | void DerivationGoal::init() | |
987 | { | |
988 | trace("init"); | |
989 | ||
990 | if (settings.readOnlyMode) | |
8327e733 | 991 | throw Error(format("cannot build derivation `%1%' - no write access to the store") % drvPath); |
36457566 LC |
992 | |
993 | /* The first thing to do is to make sure that the derivation | |
994 | exists. If it doesn't, it may be created through a | |
995 | substitute. */ | |
2bb04905 LC |
996 | if (buildMode == bmNormal && worker.store.isValidPath(drvPath)) { |
997 | haveDerivation(); | |
998 | return; | |
999 | } | |
1000 | ||
36457566 LC |
1001 | addWaitee(worker.makeSubstitutionGoal(drvPath)); |
1002 | ||
1003 | state = &DerivationGoal::haveDerivation; | |
1004 | } | |
1005 | ||
1006 | ||
1007 | void DerivationGoal::haveDerivation() | |
1008 | { | |
1009 | trace("loading derivation"); | |
1010 | ||
1011 | if (nrFailed != 0) { | |
f3ff1da4 ED |
1012 | printMsg(lvlError, format("cannot build missing derivation ‘%1%’") % drvPath); |
1013 | done(BuildResult::MiscFailure); | |
36457566 LC |
1014 | return; |
1015 | } | |
1016 | ||
1017 | /* `drvPath' should already be a root, but let's be on the safe | |
1018 | side: if the user forgot to make it a root, we wouldn't want | |
1019 | things being garbage collected while we're busy. */ | |
1020 | worker.store.addTempRoot(drvPath); | |
1021 | ||
1022 | assert(worker.store.isValidPath(drvPath)); | |
1023 | ||
1024 | /* Get the derivation. */ | |
1025 | drv = derivationFromPath(worker.store, drvPath); | |
1026 | ||
1027 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1028 | worker.store.addTempRoot(i->second.path); | |
1029 | ||
1030 | /* Check what outputs paths are not already valid. */ | |
1031 | PathSet invalidOutputs = checkPathValidity(false, buildMode == bmRepair); | |
1032 | ||
1033 | /* If they are all valid, then we're done. */ | |
1034 | if (invalidOutputs.size() == 0 && buildMode == bmNormal) { | |
f3ff1da4 | 1035 | done(BuildResult::AlreadyValid); |
36457566 LC |
1036 | return; |
1037 | } | |
1038 | ||
1039 | /* Check whether any output previously failed to build. If so, | |
1040 | don't bother. */ | |
1041 | foreach (PathSet::iterator, i, invalidOutputs) | |
1042 | if (pathFailed(*i)) return; | |
1043 | ||
1044 | /* We are first going to try to create the invalid output paths | |
1045 | through substitutes. If that doesn't work, we'll build | |
1046 | them. */ | |
322eeb87 | 1047 | if (settings.useSubstitutes && substitutesAllowed(drv)) |
36457566 LC |
1048 | foreach (PathSet::iterator, i, invalidOutputs) |
1049 | addWaitee(worker.makeSubstitutionGoal(*i, buildMode == bmRepair)); | |
1050 | ||
1051 | if (waitees.empty()) /* to prevent hang (no wake-up event) */ | |
1052 | outputsSubstituted(); | |
1053 | else | |
1054 | state = &DerivationGoal::outputsSubstituted; | |
1055 | } | |
1056 | ||
1057 | ||
1058 | void DerivationGoal::outputsSubstituted() | |
1059 | { | |
1060 | trace("all outputs substituted (maybe)"); | |
1061 | ||
1062 | if (nrFailed > 0 && nrFailed > nrNoSubstituters + nrIncompleteClosure && !settings.tryFallback) | |
1063 | throw Error(format("some substitutes for the outputs of derivation `%1%' failed (usually happens due to networking issues); try `--fallback' to build derivation from source ") % drvPath); | |
1064 | ||
1065 | /* If the substitutes form an incomplete closure, then we should | |
1066 | build the dependencies of this derivation, but after that, we | |
1067 | can still use the substitutes for this derivation itself. */ | |
1068 | if (nrIncompleteClosure > 0 && !retrySubstitution) retrySubstitution = true; | |
1069 | ||
1070 | nrFailed = nrNoSubstituters = nrIncompleteClosure = 0; | |
1071 | ||
1072 | if (needRestart) { | |
1073 | needRestart = false; | |
1074 | haveDerivation(); | |
1075 | return; | |
1076 | } | |
1077 | ||
1078 | unsigned int nrInvalid = checkPathValidity(false, buildMode == bmRepair).size(); | |
1079 | if (buildMode == bmNormal && nrInvalid == 0) { | |
f3ff1da4 | 1080 | done(BuildResult::Substituted); |
36457566 LC |
1081 | return; |
1082 | } | |
1083 | if (buildMode == bmRepair && nrInvalid == 0) { | |
1084 | repairClosure(); | |
1085 | return; | |
1086 | } | |
1087 | if (buildMode == bmCheck && nrInvalid > 0) | |
1088 | throw Error(format("some outputs of `%1%' are not valid, so checking is not possible") % drvPath); | |
1089 | ||
1090 | /* Otherwise, at least one of the output paths could not be | |
1091 | produced using a substitute. So we have to build instead. */ | |
1092 | ||
1093 | /* Make sure checkPathValidity() from now on checks all | |
1094 | outputs. */ | |
1095 | wantedOutputs = PathSet(); | |
1096 | ||
1097 | /* The inputs must be built before we can build this goal. */ | |
1098 | foreach (DerivationInputs::iterator, i, drv.inputDrvs) | |
1099 | addWaitee(worker.makeDerivationGoal(i->first, i->second, buildMode == bmRepair ? bmRepair : bmNormal)); | |
1100 | ||
1101 | foreach (PathSet::iterator, i, drv.inputSrcs) | |
1102 | addWaitee(worker.makeSubstitutionGoal(*i)); | |
1103 | ||
1104 | if (waitees.empty()) /* to prevent hang (no wake-up event) */ | |
1105 | inputsRealised(); | |
1106 | else | |
1107 | state = &DerivationGoal::inputsRealised; | |
1108 | } | |
1109 | ||
1110 | ||
1111 | void DerivationGoal::repairClosure() | |
1112 | { | |
1113 | /* If we're repairing, we now know that our own outputs are valid. | |
1114 | Now check whether the other paths in the outputs closure are | |
1115 | good. If not, then start derivation goals for the derivations | |
1116 | that produced those outputs. */ | |
1117 | ||
1118 | /* Get the output closure. */ | |
1119 | PathSet outputClosure; | |
1a9574e3 ED |
1120 | foreach (DerivationOutputs::iterator, i, drv.outputs) { |
1121 | if (!wantOutput(i->first, wantedOutputs)) continue; | |
36457566 | 1122 | computeFSClosure(worker.store, i->second.path, outputClosure); |
1a9574e3 | 1123 | } |
36457566 LC |
1124 | |
1125 | /* Filter out our own outputs (which we have already checked). */ | |
1126 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1127 | outputClosure.erase(i->second.path); | |
1128 | ||
1129 | /* Get all dependencies of this derivation so that we know which | |
1130 | derivation is responsible for which path in the output | |
1131 | closure. */ | |
1132 | PathSet inputClosure; | |
1133 | computeFSClosure(worker.store, drvPath, inputClosure); | |
1134 | std::map<Path, Path> outputsToDrv; | |
1135 | foreach (PathSet::iterator, i, inputClosure) | |
1136 | if (isDerivation(*i)) { | |
1137 | Derivation drv = derivationFromPath(worker.store, *i); | |
1138 | foreach (DerivationOutputs::iterator, j, drv.outputs) | |
1139 | outputsToDrv[j->second.path] = *i; | |
1140 | } | |
1141 | ||
1142 | /* Check each path (slow!). */ | |
1143 | PathSet broken; | |
1144 | foreach (PathSet::iterator, i, outputClosure) { | |
1145 | if (worker.store.pathContentsGood(*i)) continue; | |
1146 | printMsg(lvlError, format("found corrupted or missing path `%1%' in the output closure of `%2%'") % *i % drvPath); | |
1147 | Path drvPath2 = outputsToDrv[*i]; | |
1148 | if (drvPath2 == "") | |
1149 | addWaitee(worker.makeSubstitutionGoal(*i, true)); | |
1150 | else | |
1151 | addWaitee(worker.makeDerivationGoal(drvPath2, PathSet(), bmRepair)); | |
1152 | } | |
1153 | ||
1154 | if (waitees.empty()) { | |
f3ff1da4 | 1155 | done(BuildResult::AlreadyValid); |
36457566 LC |
1156 | return; |
1157 | } | |
1158 | ||
1159 | state = &DerivationGoal::closureRepaired; | |
1160 | } | |
1161 | ||
1162 | ||
1163 | void DerivationGoal::closureRepaired() | |
1164 | { | |
1165 | trace("closure repaired"); | |
1166 | if (nrFailed > 0) | |
f3ff1da4 ED |
1167 | throw Error(format("some paths in the output closure of derivation ‘%1%’ could not be repaired") % drvPath); |
1168 | done(BuildResult::AlreadyValid); | |
36457566 LC |
1169 | } |
1170 | ||
1171 | ||
1172 | void DerivationGoal::inputsRealised() | |
1173 | { | |
1174 | trace("all inputs realised"); | |
1175 | ||
1176 | if (nrFailed != 0) { | |
1177 | printMsg(lvlError, | |
1178 | format("cannot build derivation `%1%': %2% dependencies couldn't be built") | |
1179 | % drvPath % nrFailed); | |
f3ff1da4 | 1180 | done(BuildResult::DependencyFailed); |
36457566 LC |
1181 | return; |
1182 | } | |
1183 | ||
1184 | if (retrySubstitution) { | |
1185 | haveDerivation(); | |
1186 | return; | |
1187 | } | |
1188 | ||
1189 | /* Gather information necessary for computing the closure and/or | |
1190 | running the build hook. */ | |
1191 | ||
1192 | /* The outputs are referenceable paths. */ | |
1193 | foreach (DerivationOutputs::iterator, i, drv.outputs) { | |
1194 | debug(format("building path `%1%'") % i->second.path); | |
1195 | allPaths.insert(i->second.path); | |
1196 | } | |
1197 | ||
1198 | /* Determine the full set of input paths. */ | |
1199 | ||
1200 | /* First, the input derivations. */ | |
1201 | foreach (DerivationInputs::iterator, i, drv.inputDrvs) { | |
1202 | /* Add the relevant output closures of the input derivation | |
1203 | `*i' as input paths. Only add the closures of output paths | |
1204 | that are specified as inputs. */ | |
1205 | assert(worker.store.isValidPath(i->first)); | |
1206 | Derivation inDrv = derivationFromPath(worker.store, i->first); | |
1207 | foreach (StringSet::iterator, j, i->second) | |
1208 | if (inDrv.outputs.find(*j) != inDrv.outputs.end()) | |
1209 | computeFSClosure(worker.store, inDrv.outputs[*j].path, inputPaths); | |
1210 | else | |
1211 | throw Error( | |
1212 | format("derivation `%1%' requires non-existent output `%2%' from input derivation `%3%'") | |
1213 | % drvPath % *j % i->first); | |
1214 | } | |
1215 | ||
1216 | /* Second, the input sources. */ | |
1217 | foreach (PathSet::iterator, i, drv.inputSrcs) | |
1218 | computeFSClosure(worker.store, *i, inputPaths); | |
1219 | ||
1220 | debug(format("added input paths %1%") % showPaths(inputPaths)); | |
1221 | ||
1222 | allPaths.insert(inputPaths.begin(), inputPaths.end()); | |
1223 | ||
1224 | /* Is this a fixed-output derivation? */ | |
1225 | fixedOutput = true; | |
b23b4d39 ED |
1226 | for (auto & i : drv.outputs) |
1227 | if (i.second.hash == "") fixedOutput = false; | |
1228 | ||
1229 | /* Don't repeat fixed-output derivations since they're already | |
1230 | verified by their output hash.*/ | |
1231 | nrRounds = fixedOutput ? 1 : settings.get("build-repeat", 0) + 1; | |
36457566 LC |
1232 | |
1233 | /* Okay, try to build. Note that here we don't wait for a build | |
1234 | slot to become available, since we don't need one if there is a | |
1235 | build hook. */ | |
1236 | state = &DerivationGoal::tryToBuild; | |
1237 | worker.wakeUp(shared_from_this()); | |
1238 | } | |
1239 | ||
1240 | ||
322eeb87 | 1241 | static bool canBuildLocally(const string & platform) |
36457566 | 1242 | { |
322eeb87 LC |
1243 | return platform == settings.thisSystem |
1244 | #if __linux__ | |
1245 | || (platform == "i686-linux" && settings.thisSystem == "x86_64-linux") | |
162825f9 | 1246 | || (platform == "armhf-linux" && settings.thisSystem == "aarch64-linux") |
322eeb87 LC |
1247 | #endif |
1248 | ; | |
36457566 LC |
1249 | } |
1250 | ||
1251 | ||
322eeb87 | 1252 | static string get(const StringPairs & map, const string & key, const string & def = "") |
36457566 LC |
1253 | { |
1254 | StringPairs::const_iterator i = map.find(key); | |
322eeb87 | 1255 | return i == map.end() ? def : i->second; |
36457566 LC |
1256 | } |
1257 | ||
1258 | ||
322eeb87 | 1259 | bool willBuildLocally(const Derivation & drv) |
36457566 | 1260 | { |
322eeb87 | 1261 | return get(drv.env, "preferLocalBuild") == "1" && canBuildLocally(drv.platform); |
36457566 LC |
1262 | } |
1263 | ||
1264 | ||
322eeb87 | 1265 | bool substitutesAllowed(const Derivation & drv) |
36457566 | 1266 | { |
322eeb87 | 1267 | return get(drv.env, "allowSubstitutes", "1") == "1"; |
36457566 LC |
1268 | } |
1269 | ||
1270 | ||
1271 | void DerivationGoal::tryToBuild() | |
1272 | { | |
1273 | trace("trying to build"); | |
1274 | ||
1275 | /* Check for the possibility that some other goal in this process | |
1276 | has locked the output since we checked in haveDerivation(). | |
1277 | (It can't happen between here and the lockPaths() call below | |
1278 | because we're not allowing multi-threading.) If so, put this | |
1279 | goal to sleep until another goal finishes, then try again. */ | |
1280 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1281 | if (pathIsLockedByMe(i->second.path)) { | |
1282 | debug(format("putting derivation `%1%' to sleep because `%2%' is locked by another goal") | |
1283 | % drvPath % i->second.path); | |
1284 | worker.waitForAnyGoal(shared_from_this()); | |
1285 | return; | |
1286 | } | |
1287 | ||
1288 | /* Obtain locks on all output paths. The locks are automatically | |
8327e733 | 1289 | released when we exit this function or the client crashes. If we |
36457566 LC |
1290 | can't acquire the lock, then continue; hopefully some other |
1291 | goal can start a build, and if not, the main loop will sleep a | |
1292 | few seconds and then retry this goal. */ | |
322eeb87 | 1293 | if (!outputLocks.lockPaths(outputPaths(drv), "", false)) { |
36457566 LC |
1294 | worker.waitForAWhile(shared_from_this()); |
1295 | return; | |
1296 | } | |
1297 | ||
1298 | /* Now check again whether the outputs are valid. This is because | |
1299 | another process may have started building in parallel. After | |
1300 | it has finished and released the locks, we can (and should) | |
1301 | reuse its results. (Strictly speaking the first check can be | |
1302 | omitted, but that would be less efficient.) Note that since we | |
1303 | now hold the locks on the output paths, no other process can | |
1304 | build this derivation, so no further checks are necessary. */ | |
1305 | validPaths = checkPathValidity(true, buildMode == bmRepair); | |
36457566 LC |
1306 | if (buildMode != bmCheck && validPaths.size() == drv.outputs.size()) { |
1307 | debug(format("skipping build of derivation `%1%', someone beat us to it") % drvPath); | |
1308 | outputLocks.setDeletion(true); | |
f3ff1da4 | 1309 | done(BuildResult::AlreadyValid); |
36457566 LC |
1310 | return; |
1311 | } | |
1312 | ||
322eeb87 | 1313 | missingPaths = outputPaths(drv); |
36457566 LC |
1314 | if (buildMode != bmCheck) |
1315 | foreach (PathSet::iterator, i, validPaths) missingPaths.erase(*i); | |
1316 | ||
1317 | /* If any of the outputs already exist but are not valid, delete | |
1318 | them. */ | |
1319 | foreach (DerivationOutputs::iterator, i, drv.outputs) { | |
1320 | Path path = i->second.path; | |
1321 | if (worker.store.isValidPath(path)) continue; | |
1322 | if (!pathExists(path)) continue; | |
1323 | debug(format("removing invalid path `%1%'") % path); | |
1324 | deletePath(path); | |
1325 | } | |
1326 | ||
1327 | /* Check again whether any output previously failed to build, | |
1328 | because some other process may have tried and failed before we | |
1329 | acquired the lock. */ | |
1330 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1331 | if (pathFailed(i->second.path)) return; | |
1332 | ||
1333 | /* Don't do a remote build if the derivation has the attribute | |
1334 | `preferLocalBuild' set. Also, check and repair modes are only | |
1335 | supported for local builds. */ | |
1336 | bool buildLocally = buildMode != bmNormal || willBuildLocally(drv); | |
1337 | ||
1338 | /* Is the build hook willing to accept this job? */ | |
1339 | if (!buildLocally) { | |
1340 | switch (tryBuildHook()) { | |
1341 | case rpAccept: | |
1342 | /* Yes, it has started doing so. Wait until we get | |
1343 | EOF from the hook. */ | |
1344 | state = &DerivationGoal::buildDone; | |
1345 | return; | |
1346 | case rpPostpone: | |
1347 | /* Not now; wait until at least one child finishes or | |
1348 | the wake-up timeout expires. */ | |
1349 | worker.waitForAWhile(shared_from_this()); | |
1350 | outputLocks.unlock(); | |
1351 | return; | |
1352 | case rpDecline: | |
1353 | /* We should do it ourselves. */ | |
1354 | break; | |
1355 | } | |
1356 | } | |
1357 | ||
1358 | /* Make sure that we are allowed to start a build. If this | |
1359 | derivation prefers to be done locally, do it even if | |
1360 | maxBuildJobs is 0. */ | |
1361 | unsigned int curBuilds = worker.getNrLocalBuilds(); | |
1362 | if (curBuilds >= settings.maxBuildJobs && !(buildLocally && curBuilds == 0)) { | |
1363 | worker.waitForBuildSlot(shared_from_this()); | |
1364 | outputLocks.unlock(); | |
1365 | return; | |
1366 | } | |
1367 | ||
1368 | try { | |
1369 | ||
1370 | /* Okay, we have to build. */ | |
1371 | startBuilder(); | |
1372 | ||
1373 | } catch (BuildError & e) { | |
1374 | printMsg(lvlError, e.msg()); | |
1375 | outputLocks.unlock(); | |
1376 | buildUser.release(); | |
1377 | if (settings.printBuildTrace) | |
1378 | printMsg(lvlError, format("@ build-failed %1% - %2% %3%") | |
1379 | % drvPath % 0 % e.msg()); | |
1380 | worker.permanentFailure = true; | |
f3ff1da4 | 1381 | done(BuildResult::InputRejected, e.msg()); |
36457566 LC |
1382 | return; |
1383 | } | |
1384 | ||
1385 | /* This state will be reached when we get EOF on the child's | |
1386 | log pipe. */ | |
1387 | state = &DerivationGoal::buildDone; | |
1388 | } | |
1389 | ||
1390 | ||
1391 | void replaceValidPath(const Path & storePath, const Path tmpPath) | |
1392 | { | |
1393 | /* We can't atomically replace storePath (the original) with | |
1394 | tmpPath (the replacement), so we have to move it out of the | |
1395 | way first. We'd better not be interrupted here, because if | |
1396 | we're repairing (say) Glibc, we end up with a broken system. */ | |
1397 | Path oldPath = (format("%1%.old-%2%-%3%") % storePath % getpid() % rand()).str(); | |
1398 | if (pathExists(storePath)) | |
1399 | rename(storePath.c_str(), oldPath.c_str()); | |
1400 | if (rename(tmpPath.c_str(), storePath.c_str()) == -1) | |
1401 | throw SysError(format("moving `%1%' to `%2%'") % tmpPath % storePath); | |
1402 | if (pathExists(oldPath)) | |
1403 | deletePath(oldPath); | |
1404 | } | |
1405 | ||
1406 | ||
b23b4d39 ED |
1407 | MakeError(NotDeterministic, BuildError) |
1408 | ||
1409 | ||
36457566 LC |
1410 | void DerivationGoal::buildDone() |
1411 | { | |
1412 | trace("build done"); | |
1413 | ||
1414 | /* Since we got an EOF on the logger pipe, the builder is presumed | |
1415 | to have terminated. In fact, the builder could also have | |
1416 | simply have closed its end of the pipe --- just don't do that | |
1417 | :-) */ | |
1418 | int status; | |
1419 | pid_t savedPid; | |
1420 | if (hook) { | |
1421 | savedPid = hook->pid; | |
1422 | status = hook->pid.wait(true); | |
1423 | } else { | |
1424 | /* !!! this could block! security problem! solution: kill the | |
1425 | child */ | |
1426 | savedPid = pid; | |
1427 | status = pid.wait(true); | |
1428 | } | |
1429 | ||
1430 | debug(format("builder process for `%1%' finished") % drvPath); | |
1431 | ||
1432 | /* So the child is gone now. */ | |
1433 | worker.childTerminated(savedPid); | |
1434 | ||
1435 | /* Close the read side of the logger pipe. */ | |
1436 | if (hook) { | |
1437 | hook->builderOut.readSide.close(); | |
1438 | hook->fromHook.readSide.close(); | |
1439 | } | |
1440 | else builderOut.readSide.close(); | |
1441 | ||
1442 | /* Close the log file. */ | |
1443 | closeLogFile(); | |
1444 | ||
1445 | /* When running under a build user, make sure that all processes | |
1446 | running under that uid are gone. This is to prevent a | |
1447 | malicious user from leaving behind a process that keeps files | |
1448 | open and modifies them after they have been chown'ed to | |
1449 | root. */ | |
1450 | if (buildUser.enabled()) buildUser.kill(); | |
1451 | ||
1452 | bool diskFull = false; | |
1453 | ||
1454 | try { | |
1455 | ||
1456 | /* Check the exit status. */ | |
1457 | if (!statusOk(status)) { | |
1458 | ||
1459 | /* Heuristically check whether the build failure may have | |
1460 | been caused by a disk full condition. We have no way | |
1461 | of knowing whether the build actually got an ENOSPC. | |
1462 | So instead, check if the disk is (nearly) full now. If | |
1463 | so, we don't mark this build as a permanent failure. */ | |
1464 | #if HAVE_STATVFS | |
1465 | unsigned long long required = 8ULL * 1024 * 1024; // FIXME: make configurable | |
1466 | struct statvfs st; | |
1467 | if (statvfs(settings.nixStore.c_str(), &st) == 0 && | |
1468 | (unsigned long long) st.f_bavail * st.f_bsize < required) | |
1469 | diskFull = true; | |
1470 | if (statvfs(tmpDir.c_str(), &st) == 0 && | |
1471 | (unsigned long long) st.f_bavail * st.f_bsize < required) | |
1472 | diskFull = true; | |
1473 | #endif | |
1474 | ||
1475 | deleteTmpDir(false); | |
1476 | ||
1477 | /* Move paths out of the chroot for easier debugging of | |
1478 | build failures. */ | |
1479 | if (useChroot && buildMode == bmNormal) | |
1480 | foreach (PathSet::iterator, i, missingPaths) | |
1481 | if (pathExists(chrootRootDir + *i)) | |
1482 | rename((chrootRootDir + *i).c_str(), i->c_str()); | |
1483 | ||
36457566 LC |
1484 | if (diskFull) |
1485 | printMsg(lvlError, "note: build failure may have been caused by lack of free disk space"); | |
1486 | ||
1487 | throw BuildError(format("builder for `%1%' %2%") | |
1488 | % drvPath % statusToString(status)); | |
1489 | } | |
1490 | ||
1491 | /* Compute the FS closure of the outputs and register them as | |
1492 | being valid. */ | |
1493 | registerOutputs(); | |
1494 | ||
1495 | if (buildMode == bmCheck) { | |
f3ff1da4 | 1496 | done(BuildResult::Built); |
36457566 LC |
1497 | return; |
1498 | } | |
1499 | ||
1500 | /* Delete unused redirected outputs (when doing hash rewriting). */ | |
1501 | foreach (RedirectedOutputs::iterator, i, redirectedOutputs) | |
1502 | if (pathExists(i->second)) deletePath(i->second); | |
1503 | ||
1504 | /* Delete the chroot (if we were using one). */ | |
1505 | autoDelChroot.reset(); /* this runs the destructor */ | |
1506 | ||
1507 | deleteTmpDir(true); | |
1508 | ||
b23b4d39 ED |
1509 | /* Repeat the build if necessary. */ |
1510 | if (curRound++ < nrRounds) { | |
1511 | outputLocks.unlock(); | |
1512 | buildUser.release(); | |
1513 | state = &DerivationGoal::tryToBuild; | |
1514 | worker.wakeUp(shared_from_this()); | |
1515 | return; | |
1516 | } | |
1517 | ||
36457566 LC |
1518 | /* It is now safe to delete the lock files, since all future |
1519 | lockers will see that the output paths are valid; they will | |
1520 | not create new lock files with the same names as the old | |
1521 | (unlinked) lock files. */ | |
1522 | outputLocks.setDeletion(true); | |
1523 | outputLocks.unlock(); | |
1524 | ||
1525 | } catch (BuildError & e) { | |
2bb04905 LC |
1526 | if (!hook) |
1527 | printMsg(lvlError, e.msg()); | |
36457566 LC |
1528 | outputLocks.unlock(); |
1529 | buildUser.release(); | |
1530 | ||
f3ff1da4 ED |
1531 | BuildResult::Status st = BuildResult::MiscFailure; |
1532 | ||
2bb04905 LC |
1533 | if (hook && WIFEXITED(status) && WEXITSTATUS(status) == 101) { |
1534 | if (settings.printBuildTrace) | |
1535 | printMsg(lvlError, format("@ build-failed %1% - timeout") % drvPath); | |
f3ff1da4 | 1536 | st = BuildResult::TimedOut; |
2bb04905 | 1537 | } |
36457566 | 1538 | |
2bb04905 LC |
1539 | else if (hook && (!WIFEXITED(status) || WEXITSTATUS(status) != 100)) { |
1540 | if (settings.printBuildTrace) | |
36457566 LC |
1541 | printMsg(lvlError, format("@ hook-failed %1% - %2% %3%") |
1542 | % drvPath % status % e.msg()); | |
2bb04905 LC |
1543 | } |
1544 | ||
1545 | else { | |
1546 | if (settings.printBuildTrace) | |
36457566 LC |
1547 | printMsg(lvlError, format("@ build-failed %1% - %2% %3%") |
1548 | % drvPath % 1 % e.msg()); | |
f3ff1da4 ED |
1549 | |
1550 | st = | |
1551 | statusOk(status) ? BuildResult::OutputRejected : | |
1552 | fixedOutput || diskFull ? BuildResult::TransientFailure : | |
1553 | BuildResult::PermanentFailure; | |
2bb04905 LC |
1554 | |
1555 | /* Register the outputs of this build as "failed" so we | |
1556 | won't try to build them again (negative caching). | |
1557 | However, don't do this for fixed-output derivations, | |
1558 | since they're likely to fail for transient reasons | |
1559 | (e.g., fetchurl not being able to access the network). | |
1560 | Hook errors (like communication problems with the | |
1561 | remote machine) shouldn't be cached either. */ | |
1562 | if (settings.cacheFailure && !fixedOutput && !diskFull) | |
1563 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
1564 | worker.store.registerFailedPath(i->second.path); | |
36457566 LC |
1565 | } |
1566 | ||
f3ff1da4 | 1567 | done(st, e.msg()); |
36457566 LC |
1568 | return; |
1569 | } | |
1570 | ||
1571 | /* Release the build user, if applicable. */ | |
1572 | buildUser.release(); | |
1573 | ||
1574 | if (settings.printBuildTrace) | |
1575 | printMsg(lvlError, format("@ build-succeeded %1% -") % drvPath); | |
1576 | ||
f3ff1da4 | 1577 | done(BuildResult::Built); |
36457566 LC |
1578 | } |
1579 | ||
1580 | ||
1581 | HookReply DerivationGoal::tryBuildHook() | |
1582 | { | |
bc69ea2d | 1583 | if (!settings.useBuildHook) return rpDecline; |
36457566 LC |
1584 | |
1585 | if (!worker.hook) | |
1586 | worker.hook = std::shared_ptr<HookInstance>(new HookInstance); | |
1587 | ||
1588 | /* Tell the hook about system features (beyond the system type) | |
1589 | required from the build machine. (The hook could parse the | |
1590 | drv file itself, but this is easier.) */ | |
1591 | Strings features = tokenizeString<Strings>(get(drv.env, "requiredSystemFeatures")); | |
1592 | foreach (Strings::iterator, i, features) checkStoreName(*i); /* !!! abuse */ | |
1593 | ||
1594 | /* Send the request to the hook. */ | |
1595 | writeLine(worker.hook->toHook.writeSide, (format("%1% %2% %3% %4%") | |
1596 | % (worker.getNrLocalBuilds() < settings.maxBuildJobs ? "1" : "0") | |
1597 | % drv.platform % drvPath % concatStringsSep(",", features)).str()); | |
1598 | ||
1599 | /* Read the first line of input, which should be a word indicating | |
1600 | whether the hook wishes to perform the build. */ | |
1601 | string reply; | |
1602 | while (true) { | |
1603 | string s = readLine(worker.hook->fromHook.readSide); | |
1604 | if (string(s, 0, 2) == "# ") { | |
1605 | reply = string(s, 2); | |
1606 | break; | |
1607 | } | |
1608 | s += "\n"; | |
1609 | writeToStderr(s); | |
1610 | } | |
1611 | ||
1612 | debug(format("hook reply is `%1%'") % reply); | |
1613 | ||
1614 | if (reply == "decline" || reply == "postpone") | |
1615 | return reply == "decline" ? rpDecline : rpPostpone; | |
1616 | else if (reply != "accept") | |
1617 | throw Error(format("bad hook reply `%1%'") % reply); | |
1618 | ||
1619 | printMsg(lvlTalkative, format("using hook to build path(s) %1%") % showPaths(missingPaths)); | |
1620 | ||
1621 | hook = worker.hook; | |
1622 | worker.hook.reset(); | |
1623 | ||
1624 | /* Tell the hook all the inputs that have to be copied to the | |
1625 | remote system. This unfortunately has to contain the entire | |
1626 | derivation closure to ensure that the validity invariant holds | |
1627 | on the remote system. (I.e., it's unfortunate that we have to | |
1628 | list it since the remote system *probably* already has it.) */ | |
1629 | PathSet allInputs; | |
1630 | allInputs.insert(inputPaths.begin(), inputPaths.end()); | |
1631 | computeFSClosure(worker.store, drvPath, allInputs); | |
1632 | ||
1633 | string s; | |
1634 | foreach (PathSet::iterator, i, allInputs) { s += *i; s += ' '; } | |
1635 | writeLine(hook->toHook.writeSide, s); | |
1636 | ||
1637 | /* Tell the hooks the missing outputs that have to be copied back | |
1638 | from the remote system. */ | |
1639 | s = ""; | |
1640 | foreach (PathSet::iterator, i, missingPaths) { s += *i; s += ' '; } | |
1641 | writeLine(hook->toHook.writeSide, s); | |
1642 | ||
1643 | hook->toHook.writeSide.close(); | |
1644 | ||
1645 | /* Create the log file and pipe. */ | |
1646 | Path logFile = openLogFile(); | |
1647 | ||
1648 | set<int> fds; | |
1649 | fds.insert(hook->fromHook.readSide); | |
1650 | fds.insert(hook->builderOut.readSide); | |
ada9a19a | 1651 | worker.childStarted(shared_from_this(), hook->pid, fds, false, true); |
36457566 LC |
1652 | |
1653 | if (settings.printBuildTrace) | |
6ef61cc4 LC |
1654 | printMsg(lvlError, format("@ build-started %1% - %2% %3% %4%") |
1655 | % drvPath % drv.platform % logFile % hook->pid); | |
36457566 LC |
1656 | |
1657 | return rpAccept; | |
1658 | } | |
1659 | ||
1660 | ||
1661 | void chmod_(const Path & path, mode_t mode) | |
1662 | { | |
1663 | if (chmod(path.c_str(), mode) == -1) | |
1664 | throw SysError(format("setting permissions on `%1%'") % path); | |
1665 | } | |
1666 | ||
1667 | ||
1668 | int childEntry(void * arg) | |
1669 | { | |
54c260e6 | 1670 | ((DerivationGoal *) arg)->runChild(); |
36457566 LC |
1671 | return 1; |
1672 | } | |
1673 | ||
1674 | ||
1675 | void DerivationGoal::startBuilder() | |
1676 | { | |
b23b4d39 ED |
1677 | auto f = format( |
1678 | buildMode == bmRepair ? "repairing path(s) %1%" : | |
1679 | buildMode == bmCheck ? "checking path(s) %1%" : | |
1680 | nrRounds > 1 ? "building path(s) %1% (round %2%/%3%)" : | |
1681 | "building path(s) %1%"); | |
1682 | f.exceptions(boost::io::all_error_bits ^ boost::io::too_many_args_bit); | |
1683 | startNest(nest, lvlInfo, f % showPaths(missingPaths) % curRound % nrRounds); | |
36457566 | 1684 | |
8ecc3c6c LC |
1685 | /* Note: built-in builders are *not* running in a chroot environment so |
1686 | that we can easily implement them in Guile without having it as a | |
1687 | derivation input (they are running under a separate build user, | |
1688 | though). */ | |
1689 | useChroot = settings.useChroot && !isBuiltin(drv); | |
cb960102 | 1690 | |
36457566 | 1691 | /* Construct the environment passed to the builder. */ |
b23b4d39 | 1692 | env.clear(); |
36457566 LC |
1693 | |
1694 | /* Most shells initialise PATH to some default (/bin:/usr/bin:...) when | |
1695 | PATH is not set. We don't want this, so we fill it in with some dummy | |
1696 | value. */ | |
1697 | env["PATH"] = "/path-not-set"; | |
1698 | ||
1699 | /* Set HOME to a non-existing path to prevent certain programs from using | |
1700 | /etc/passwd (or NIS, or whatever) to locate the home directory (for | |
1701 | example, wget looks for ~/.wgetrc). I.e., these tools use /etc/passwd | |
1702 | if HOME is not set, but they will just assume that the settings file | |
1703 | they are looking for does not exist if HOME is set but points to some | |
1704 | non-existing path. */ | |
1705 | Path homeDir = "/homeless-shelter"; | |
1706 | env["HOME"] = homeDir; | |
1707 | ||
8327e733 | 1708 | /* Tell the builder where the store is. Usually they |
36457566 LC |
1709 | shouldn't care, but this is useful for purity checking (e.g., |
1710 | the compiler or linker might only want to accept paths to files | |
1711 | in the store or in the build directory). */ | |
1712 | env["NIX_STORE"] = settings.nixStore; | |
1713 | ||
1714 | /* The maximum number of cores to utilize for parallel building. */ | |
1715 | env["NIX_BUILD_CORES"] = (format("%d") % settings.buildCores).str(); | |
1716 | ||
1717 | /* Add all bindings specified in the derivation. */ | |
1718 | foreach (StringPairs::iterator, i, drv.env) | |
1719 | env[i->first] = i->second; | |
1720 | ||
1721 | /* Create a temporary directory where the build will take | |
1722 | place. */ | |
cb960102 | 1723 | auto drvName = storePathToName(drvPath); |
7a57c96a | 1724 | tmpDir = createTempDir("", "guix-build-" + drvName, false, false, 0700); |
cb960102 ED |
1725 | |
1726 | /* In a sandbox, for determinism, always use the same temporary | |
1727 | directory. */ | |
4078fa8f | 1728 | tmpDirInSandbox = useChroot ? canonPath("/tmp", true) + "/guix-build-" + drvName + "-0" : tmpDir; |
36457566 LC |
1729 | |
1730 | /* For convenience, set an environment pointing to the top build | |
1731 | directory. */ | |
cb960102 | 1732 | env["NIX_BUILD_TOP"] = tmpDirInSandbox; |
36457566 LC |
1733 | |
1734 | /* Also set TMPDIR and variants to point to this directory. */ | |
cb960102 | 1735 | env["TMPDIR"] = env["TEMPDIR"] = env["TMP"] = env["TEMP"] = tmpDirInSandbox; |
36457566 LC |
1736 | |
1737 | /* Explicitly set PWD to prevent problems with chroot builds. In | |
1738 | particular, dietlibc cannot figure out the cwd because the | |
1739 | inode of the current directory doesn't appear in .. (because | |
1740 | getdents returns the inode of the mount point). */ | |
cb960102 | 1741 | env["PWD"] = tmpDirInSandbox; |
36457566 LC |
1742 | |
1743 | /* Compatibility hack with Nix <= 0.7: if this is a fixed-output | |
1744 | derivation, tell the builder, so that for instance `fetchurl' | |
1745 | can skip checking the output. On older Nixes, this environment | |
1746 | variable won't be set, so `fetchurl' will do the check. */ | |
1747 | if (fixedOutput) env["NIX_OUTPUT_CHECKED"] = "1"; | |
1748 | ||
1749 | /* *Only* if this is a fixed-output derivation, propagate the | |
1750 | values of the environment variables specified in the | |
1751 | `impureEnvVars' attribute to the builder. This allows for | |
1752 | instance environment variables for proxy configuration such as | |
1753 | `http_proxy' to be easily passed to downloaders like | |
1754 | `fetchurl'. Passing such environment variables from the caller | |
1755 | to the builder is generally impure, but the output of | |
1756 | fixed-output derivations is by definition pure (since we | |
1757 | already know the cryptographic hash of the output). */ | |
1758 | if (fixedOutput) { | |
1759 | Strings varNames = tokenizeString<Strings>(get(drv.env, "impureEnvVars")); | |
1760 | foreach (Strings::iterator, i, varNames) env[*i] = getEnv(*i); | |
1761 | } | |
1762 | ||
1763 | /* The `exportReferencesGraph' feature allows the references graph | |
1764 | to be passed to a builder. This attribute should be a list of | |
1765 | pairs [name1 path1 name2 path2 ...]. The references graph of | |
1766 | each `pathN' will be stored in a text file `nameN' in the | |
1767 | temporary build directory. The text files have the format used | |
1768 | by `nix-store --register-validity'. However, the deriver | |
1769 | fields are left empty. */ | |
1770 | string s = get(drv.env, "exportReferencesGraph"); | |
1771 | Strings ss = tokenizeString<Strings>(s); | |
1772 | if (ss.size() % 2 != 0) | |
1773 | throw BuildError(format("odd number of tokens in `exportReferencesGraph': `%1%'") % s); | |
1774 | for (Strings::iterator i = ss.begin(); i != ss.end(); ) { | |
1775 | string fileName = *i++; | |
1776 | checkStoreName(fileName); /* !!! abuse of this function */ | |
1777 | ||
1778 | /* Check that the store path is valid. */ | |
1779 | Path storePath = *i++; | |
1780 | if (!isInStore(storePath)) | |
1781 | throw BuildError(format("`exportReferencesGraph' contains a non-store path `%1%'") | |
1782 | % storePath); | |
1783 | storePath = toStorePath(storePath); | |
1784 | if (!worker.store.isValidPath(storePath)) | |
1785 | throw BuildError(format("`exportReferencesGraph' contains an invalid path `%1%'") | |
1786 | % storePath); | |
1787 | ||
1788 | /* If there are derivations in the graph, then include their | |
1789 | outputs as well. This is useful if you want to do things | |
1790 | like passing all build-time dependencies of some path to a | |
1791 | derivation that builds a NixOS DVD image. */ | |
1792 | PathSet paths, paths2; | |
1793 | computeFSClosure(worker.store, storePath, paths); | |
1794 | paths2 = paths; | |
1795 | ||
1796 | foreach (PathSet::iterator, j, paths2) { | |
1797 | if (isDerivation(*j)) { | |
1798 | Derivation drv = derivationFromPath(worker.store, *j); | |
1799 | foreach (DerivationOutputs::iterator, k, drv.outputs) | |
1800 | computeFSClosure(worker.store, k->second.path, paths); | |
1801 | } | |
1802 | } | |
1803 | ||
1804 | /* Write closure info to `fileName'. */ | |
1805 | writeFile(tmpDir + "/" + fileName, | |
1806 | worker.store.makeValidityRegistration(paths, false, false)); | |
1807 | } | |
1808 | ||
1809 | ||
1810 | /* If `build-users-group' is not empty, then we have to build as | |
1811 | one of the members of that group. */ | |
1812 | if (settings.buildUsersGroup != "") { | |
1813 | buildUser.acquire(); | |
1814 | assert(buildUser.getUID() != 0); | |
1815 | assert(buildUser.getGID() != 0); | |
1816 | ||
1817 | /* Make sure that no other processes are executing under this | |
1818 | uid. */ | |
1819 | buildUser.kill(); | |
1820 | ||
1821 | /* Change ownership of the temporary build directory. */ | |
1822 | if (chown(tmpDir.c_str(), buildUser.getUID(), buildUser.getGID()) == -1) | |
54c260e6 LC |
1823 | throw SysError(format("cannot change ownership of '%1%'") % tmpDir); |
1824 | } | |
36457566 | 1825 | |
36457566 LC |
1826 | if (useChroot) { |
1827 | #if CHROOT_ENABLED | |
1828 | /* Create a temporary directory in which we set up the chroot | |
8327e733 | 1829 | environment using bind-mounts. We put it in the store |
36457566 | 1830 | to ensure that we can create hard-links to non-directory |
8327e733 | 1831 | inputs in the fake store in the chroot (see below). */ |
36457566 LC |
1832 | chrootRootDir = drvPath + ".chroot"; |
1833 | if (pathExists(chrootRootDir)) deletePath(chrootRootDir); | |
1834 | ||
1835 | /* Clean up the chroot directory automatically. */ | |
1836 | autoDelChroot = std::shared_ptr<AutoDelete>(new AutoDelete(chrootRootDir)); | |
1837 | ||
1838 | printMsg(lvlChatty, format("setting up chroot environment in `%1%'") % chrootRootDir); | |
1839 | ||
54c260e6 LC |
1840 | if (mkdir(chrootRootDir.c_str(), 0750) == -1) |
1841 | throw SysError(format("cannot create ‘%1%’") % chrootRootDir); | |
1842 | ||
1843 | if (chown(chrootRootDir.c_str(), 0, buildUser.getGID()) == -1) | |
1844 | throw SysError(format("cannot change ownership of ‘%1%’") % chrootRootDir); | |
1845 | ||
36457566 LC |
1846 | /* Create a writable /tmp in the chroot. Many builders need |
1847 | this. (Of course they should really respect $TMPDIR | |
1848 | instead.) */ | |
1849 | Path chrootTmpDir = chrootRootDir + "/tmp"; | |
1850 | createDirs(chrootTmpDir); | |
1851 | chmod_(chrootTmpDir, 01777); | |
1852 | ||
1853 | /* Create a /etc/passwd with entries for the build user and the | |
1854 | nobody account. The latter is kind of a hack to support | |
1855 | Samba-in-QEMU. */ | |
1856 | createDirs(chrootRootDir + "/etc"); | |
1857 | ||
1858 | writeFile(chrootRootDir + "/etc/passwd", | |
1859 | (format( | |
1860 | "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n" | |
1861 | "nobody:x:65534:65534:Nobody:/:/noshell\n") | |
1862 | % (buildUser.enabled() ? buildUser.getUID() : getuid()) | |
1863 | % (buildUser.enabled() ? buildUser.getGID() : getgid())).str()); | |
1864 | ||
1865 | /* Declare the build user's group so that programs get a consistent | |
1866 | view of the system (e.g., "id -gn"). */ | |
1867 | writeFile(chrootRootDir + "/etc/group", | |
1868 | (format("nixbld:!:%1%:\n") | |
1869 | % (buildUser.enabled() ? buildUser.getGID() : getgid())).str()); | |
1870 | ||
1871 | /* Create /etc/hosts with localhost entry. */ | |
54c260e6 LC |
1872 | if (!fixedOutput) |
1873 | writeFile(chrootRootDir + "/etc/hosts", "127.0.0.1 localhost\n"); | |
36457566 LC |
1874 | |
1875 | /* Bind-mount a user-configurable set of directories from the | |
1876 | host file system. */ | |
2bb04905 LC |
1877 | PathSet dirs = tokenizeString<StringSet>(settings.get("build-chroot-dirs", string(DEFAULT_CHROOT_DIRS))); |
1878 | PathSet dirs2 = tokenizeString<StringSet>(settings.get("build-extra-chroot-dirs", string(""))); | |
1879 | dirs.insert(dirs2.begin(), dirs2.end()); | |
1880 | for (auto & i : dirs) { | |
1881 | size_t p = i.find('='); | |
36457566 | 1882 | if (p == string::npos) |
2bb04905 | 1883 | dirsInChroot[i] = i; |
36457566 | 1884 | else |
2bb04905 | 1885 | dirsInChroot[string(i, 0, p)] = string(i, p + 1); |
36457566 | 1886 | } |
cb960102 | 1887 | dirsInChroot[tmpDirInSandbox] = tmpDir; |
36457566 LC |
1888 | |
1889 | /* Make the closure of the inputs available in the chroot, | |
8327e733 | 1890 | rather than the whole store. This prevents any access |
36457566 LC |
1891 | to undeclared dependencies. Directories are bind-mounted, |
1892 | while other inputs are hard-linked (since only directories | |
1893 | can be bind-mounted). !!! As an extra security | |
8327e733 | 1894 | precaution, make the fake store only writable by the |
36457566 | 1895 | build user. */ |
54c260e6 LC |
1896 | Path chrootStoreDir = chrootRootDir + settings.nixStore; |
1897 | createDirs(chrootStoreDir); | |
1898 | chmod_(chrootStoreDir, 01775); | |
1899 | ||
1900 | if (chown(chrootStoreDir.c_str(), 0, buildUser.getGID()) == -1) | |
1901 | throw SysError(format("cannot change ownership of ‘%1%’") % chrootStoreDir); | |
36457566 LC |
1902 | |
1903 | foreach (PathSet::iterator, i, inputPaths) { | |
1904 | struct stat st; | |
1905 | if (lstat(i->c_str(), &st)) | |
1906 | throw SysError(format("getting attributes of path `%1%'") % *i); | |
1907 | if (S_ISDIR(st.st_mode)) | |
1908 | dirsInChroot[*i] = *i; | |
1909 | else { | |
1910 | Path p = chrootRootDir + *i; | |
1911 | if (link(i->c_str(), p.c_str()) == -1) { | |
1912 | /* Hard-linking fails if we exceed the maximum | |
1913 | link count on a file (e.g. 32000 of ext3), | |
1914 | which is quite possible after a `nix-store | |
1915 | --optimise'. */ | |
1916 | if (errno != EMLINK) | |
1917 | throw SysError(format("linking `%1%' to `%2%'") % p % *i); | |
1918 | StringSink sink; | |
1919 | dumpPath(*i, sink); | |
1920 | StringSource source(sink.s); | |
1921 | restorePath(p, source); | |
1922 | } | |
1923 | ||
1924 | regularInputPaths.insert(*i); | |
1925 | } | |
1926 | } | |
1927 | ||
60c7c364 ED |
1928 | /* If we're repairing, checking or rebuilding part of a |
1929 | multiple-outputs derivation, it's possible that we're | |
36457566 LC |
1930 | rebuilding a path that is in settings.dirsInChroot |
1931 | (typically the dependencies of /bin/sh). Throw them | |
1932 | out. */ | |
60c7c364 ED |
1933 | for (auto & i : drv.outputs) |
1934 | dirsInChroot.erase(i.second.path); | |
36457566 LC |
1935 | |
1936 | #else | |
1937 | throw Error("chroot builds are not supported on this platform"); | |
1938 | #endif | |
1939 | } | |
1940 | ||
1941 | else { | |
1942 | ||
1943 | if (pathExists(homeDir)) | |
1944 | throw Error(format("directory `%1%' exists; please remove it") % homeDir); | |
1945 | ||
1946 | /* We're not doing a chroot build, but we have some valid | |
1947 | output paths. Since we can't just overwrite or delete | |
1948 | them, we have to do hash rewriting: i.e. in the | |
1949 | environment/arguments passed to the build, we replace the | |
1950 | hashes of the valid outputs with unique dummy strings; | |
1951 | after the build, we discard the redirected outputs | |
1952 | corresponding to the valid outputs, and rewrite the | |
1953 | contents of the new outputs to replace the dummy strings | |
1954 | with the actual hashes. */ | |
1955 | if (validPaths.size() > 0) | |
1956 | foreach (PathSet::iterator, i, validPaths) | |
1957 | addHashRewrite(*i); | |
1958 | ||
1959 | /* If we're repairing, then we don't want to delete the | |
1960 | corrupt outputs in advance. So rewrite them as well. */ | |
1961 | if (buildMode == bmRepair) | |
1962 | foreach (PathSet::iterator, i, missingPaths) | |
1963 | if (worker.store.isValidPath(*i) && pathExists(*i)) { | |
1964 | addHashRewrite(*i); | |
1965 | redirectedBadOutputs.insert(*i); | |
1966 | } | |
1967 | } | |
1968 | ||
1969 | ||
1970 | /* Run the builder. */ | |
1971 | printMsg(lvlChatty, format("executing builder `%1%'") % drv.builder); | |
1972 | ||
1973 | /* Create the log file. */ | |
1974 | Path logFile = openLogFile(); | |
1975 | ||
1976 | /* Create a pipe to get the output of the builder. */ | |
1977 | builderOut.create(); | |
1978 | ||
1979 | /* Fork a child to build the package. Note that while we | |
1980 | currently use forks to run and wait for the children, it | |
1981 | shouldn't be hard to use threads for this on systems where | |
1982 | fork() is unavailable or inefficient. | |
1983 | ||
1984 | If we're building in a chroot, then also set up private | |
1985 | namespaces for the build: | |
1986 | ||
1987 | - The PID namespace causes the build to start as PID 1. | |
1988 | Processes outside of the chroot are not visible to those on | |
1989 | the inside, but processes inside the chroot are visible from | |
1990 | the outside (though with different PIDs). | |
1991 | ||
1992 | - The private mount namespace ensures that all the bind mounts | |
1993 | we do will only show up in this process and its children, and | |
1994 | will disappear automatically when we're done. | |
1995 | ||
1996 | - The private network namespace ensures that the builder cannot | |
1997 | talk to the outside world (or vice versa). It only has a | |
1998 | private loopback interface. | |
1999 | ||
2000 | - The IPC namespace prevents the builder from communicating | |
2001 | with outside processes using SysV IPC mechanisms (shared | |
2002 | memory, message queues, semaphores). It also ensures that | |
2003 | all IPC objects are destroyed when the builder exits. | |
2004 | ||
2005 | - The UTS namespace ensures that builders see a hostname of | |
2006 | localhost rather than the actual hostname. | |
2007 | */ | |
2008 | #if CHROOT_ENABLED | |
2009 | if (useChroot) { | |
54c260e6 LC |
2010 | char stack[32 * 1024]; |
2011 | int flags = CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS | SIGCHLD; | |
2012 | if (!fixedOutput) flags |= CLONE_NEWNET; | |
a1aa5dab MW |
2013 | /* Ensure proper alignment on the stack. On aarch64, it has to be 16 |
2014 | bytes. */ | |
2015 | pid = clone(childEntry, | |
2016 | (char *)(((uintptr_t)stack + sizeof(stack) - 8) & ~(uintptr_t)0xf), | |
2017 | flags, this); | |
54c260e6 LC |
2018 | if (pid == -1) |
2019 | throw SysError("cloning builder process"); | |
36457566 LC |
2020 | } else |
2021 | #endif | |
2022 | { | |
2023 | pid = fork(); | |
54c260e6 | 2024 | if (pid == 0) runChild(); |
36457566 LC |
2025 | } |
2026 | ||
2027 | if (pid == -1) throw SysError("unable to fork"); | |
2028 | ||
2029 | /* parent */ | |
2030 | pid.setSeparatePG(true); | |
2031 | builderOut.writeSide.close(); | |
2032 | worker.childStarted(shared_from_this(), pid, | |
2033 | singleton<set<int> >(builderOut.readSide), true, true); | |
2034 | ||
2bb04905 LC |
2035 | /* Check if setting up the build environment failed. */ |
2036 | string msg = readLine(builderOut.readSide); | |
2037 | if (!msg.empty()) throw Error(msg); | |
2038 | ||
36457566 | 2039 | if (settings.printBuildTrace) { |
6ef61cc4 LC |
2040 | printMsg(lvlError, format("@ build-started %1% - %2% %3% %4%") |
2041 | % drvPath % drv.platform % logFile % pid); | |
36457566 | 2042 | } |
2bb04905 | 2043 | |
36457566 LC |
2044 | } |
2045 | ||
2046 | ||
54c260e6 | 2047 | void DerivationGoal::runChild() |
36457566 LC |
2048 | { |
2049 | /* Warning: in the child we should absolutely not make any SQLite | |
2050 | calls! */ | |
2051 | ||
36457566 LC |
2052 | try { /* child */ |
2053 | ||
2bb04905 LC |
2054 | _writeToStderr = 0; |
2055 | ||
2056 | restoreAffinity(); | |
2057 | ||
2058 | commonChildInit(builderOut); | |
2059 | ||
36457566 | 2060 | #if CHROOT_ENABLED |
8ecc3c6c | 2061 | if (useChroot) { |
36457566 LC |
2062 | /* Initialise the loopback interface. */ |
2063 | AutoCloseFD fd(socket(PF_INET, SOCK_DGRAM, IPPROTO_IP)); | |
2064 | if (fd == -1) throw SysError("cannot open IP socket"); | |
2065 | ||
2066 | struct ifreq ifr; | |
2067 | strcpy(ifr.ifr_name, "lo"); | |
2068 | ifr.ifr_flags = IFF_UP | IFF_LOOPBACK | IFF_RUNNING; | |
2069 | if (ioctl(fd, SIOCSIFFLAGS, &ifr) == -1) | |
2070 | throw SysError("cannot set loopback interface flags"); | |
2071 | ||
2072 | fd.close(); | |
2073 | ||
2074 | /* Set the hostname etc. to fixed values. */ | |
2075 | char hostname[] = "localhost"; | |
54c260e6 LC |
2076 | if (sethostname(hostname, sizeof(hostname)) == -1) |
2077 | throw SysError("cannot set host name"); | |
36457566 | 2078 | char domainname[] = "(none)"; // kernel default |
54c260e6 LC |
2079 | if (setdomainname(domainname, sizeof(domainname)) == -1) |
2080 | throw SysError("cannot set domain name"); | |
36457566 LC |
2081 | |
2082 | /* Make all filesystems private. This is necessary | |
2083 | because subtrees may have been mounted as "shared" | |
2084 | (MS_SHARED). (Systemd does this, for instance.) Even | |
2085 | though we have a private mount namespace, mounting | |
2086 | filesystems on top of a shared subtree still propagates | |
2087 | outside of the namespace. Making a subtree private is | |
2088 | local to the namespace, though, so setting MS_PRIVATE | |
2089 | does not affect the outside world. */ | |
842e0e43 JT |
2090 | if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) { |
2091 | throw SysError("unable to make ‘/’ private mount"); | |
36457566 LC |
2092 | } |
2093 | ||
54c260e6 LC |
2094 | /* Bind-mount chroot directory to itself, to treat it as a |
2095 | different filesystem from /, as needed for pivot_root. */ | |
2096 | if (mount(chrootRootDir.c_str(), chrootRootDir.c_str(), 0, MS_BIND, 0) == -1) | |
2097 | throw SysError(format("unable to bind mount ‘%1%’") % chrootRootDir); | |
2098 | ||
36457566 LC |
2099 | /* Set up a nearly empty /dev, unless the user asked to |
2100 | bind-mount the host /dev. */ | |
54c260e6 | 2101 | Strings ss; |
36457566 LC |
2102 | if (dirsInChroot.find("/dev") == dirsInChroot.end()) { |
2103 | createDirs(chrootRootDir + "/dev/shm"); | |
2104 | createDirs(chrootRootDir + "/dev/pts"); | |
36457566 LC |
2105 | ss.push_back("/dev/full"); |
2106 | #ifdef __linux__ | |
2107 | if (pathExists("/dev/kvm")) | |
2108 | ss.push_back("/dev/kvm"); | |
2109 | #endif | |
2110 | ss.push_back("/dev/null"); | |
2111 | ss.push_back("/dev/random"); | |
2112 | ss.push_back("/dev/tty"); | |
2113 | ss.push_back("/dev/urandom"); | |
2114 | ss.push_back("/dev/zero"); | |
36457566 LC |
2115 | createSymlink("/proc/self/fd", chrootRootDir + "/dev/fd"); |
2116 | createSymlink("/proc/self/fd/0", chrootRootDir + "/dev/stdin"); | |
2117 | createSymlink("/proc/self/fd/1", chrootRootDir + "/dev/stdout"); | |
2118 | createSymlink("/proc/self/fd/2", chrootRootDir + "/dev/stderr"); | |
2119 | } | |
2120 | ||
54c260e6 LC |
2121 | /* Fixed-output derivations typically need to access the |
2122 | network, so give them access to /etc/resolv.conf and so | |
2123 | on. */ | |
2124 | if (fixedOutput) { | |
2125 | ss.push_back("/etc/resolv.conf"); | |
2126 | ss.push_back("/etc/nsswitch.conf"); | |
2127 | ss.push_back("/etc/services"); | |
2128 | ss.push_back("/etc/hosts"); | |
2129 | } | |
2130 | ||
2131 | for (auto & i : ss) dirsInChroot[i] = i; | |
2132 | ||
36457566 LC |
2133 | /* Bind-mount all the directories from the "host" |
2134 | filesystem that we want in the chroot | |
2135 | environment. */ | |
2136 | foreach (DirsInChroot::iterator, i, dirsInChroot) { | |
2137 | struct stat st; | |
2138 | Path source = i->second; | |
2139 | Path target = chrootRootDir + i->first; | |
2140 | if (source == "/proc") continue; // backwards compatibility | |
2141 | debug(format("bind mounting `%1%' to `%2%'") % source % target); | |
2142 | if (stat(source.c_str(), &st) == -1) | |
2143 | throw SysError(format("getting attributes of path `%1%'") % source); | |
2144 | if (S_ISDIR(st.st_mode)) | |
2145 | createDirs(target); | |
2146 | else { | |
2147 | createDirs(dirOf(target)); | |
2148 | writeFile(target, ""); | |
2149 | } | |
2150 | if (mount(source.c_str(), target.c_str(), "", MS_BIND, 0) == -1) | |
2151 | throw SysError(format("bind mount from `%1%' to `%2%' failed") % source % target); | |
2152 | } | |
2153 | ||
2154 | /* Bind a new instance of procfs on /proc to reflect our | |
2155 | private PID namespace. */ | |
2156 | createDirs(chrootRootDir + "/proc"); | |
2157 | if (mount("none", (chrootRootDir + "/proc").c_str(), "proc", 0, 0) == -1) | |
2158 | throw SysError("mounting /proc"); | |
2159 | ||
2160 | /* Mount a new tmpfs on /dev/shm to ensure that whatever | |
2161 | the builder puts in /dev/shm is cleaned up automatically. */ | |
2162 | if (pathExists("/dev/shm") && mount("none", (chrootRootDir + "/dev/shm").c_str(), "tmpfs", 0, 0) == -1) | |
2163 | throw SysError("mounting /dev/shm"); | |
2164 | ||
2165 | /* Mount a new devpts on /dev/pts. Note that this | |
2166 | requires the kernel to be compiled with | |
2167 | CONFIG_DEVPTS_MULTIPLE_INSTANCES=y (which is the case | |
2168 | if /dev/ptx/ptmx exists). */ | |
2169 | if (pathExists("/dev/pts/ptmx") && | |
2170 | !pathExists(chrootRootDir + "/dev/ptmx") | |
2171 | && dirsInChroot.find("/dev/pts") == dirsInChroot.end()) | |
2172 | { | |
2173 | if (mount("none", (chrootRootDir + "/dev/pts").c_str(), "devpts", 0, "newinstance,mode=0620") == -1) | |
2174 | throw SysError("mounting /dev/pts"); | |
2175 | createSymlink("/dev/pts/ptmx", chrootRootDir + "/dev/ptmx"); | |
2176 | ||
2bb04905 LC |
2177 | /* Make sure /dev/pts/ptmx is world-writable. With some |
2178 | Linux versions, it is created with permissions 0. */ | |
2179 | chmod_(chrootRootDir + "/dev/pts/ptmx", 0666); | |
36457566 LC |
2180 | } |
2181 | ||
54c260e6 LC |
2182 | /* Do the chroot(). */ |
2183 | if (chdir(chrootRootDir.c_str()) == -1) | |
2184 | throw SysError(format("cannot change directory to '%1%'") % chrootRootDir); | |
2185 | ||
2186 | if (mkdir("real-root", 0) == -1) | |
2187 | throw SysError("cannot create real-root directory"); | |
2188 | ||
2189 | #define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root, put_old)) | |
2190 | if (pivot_root(".", "real-root") == -1) | |
2191 | throw SysError(format("cannot pivot old root directory onto '%1%'") % (chrootRootDir + "/real-root")); | |
2192 | #undef pivot_root | |
2193 | ||
2194 | if (chroot(".") == -1) | |
2195 | throw SysError(format("cannot change root directory to '%1%'") % chrootRootDir); | |
2196 | ||
2197 | if (umount2("real-root", MNT_DETACH) == -1) | |
2198 | throw SysError("cannot unmount real root filesystem"); | |
2199 | ||
2200 | if (rmdir("real-root") == -1) | |
2201 | throw SysError("cannot remove real-root directory"); | |
36457566 LC |
2202 | } |
2203 | #endif | |
2204 | ||
cb960102 | 2205 | if (chdir(tmpDirInSandbox.c_str()) == -1) |
36457566 LC |
2206 | throw SysError(format("changing into `%1%'") % tmpDir); |
2207 | ||
2208 | /* Close all other file descriptors. */ | |
2209 | closeMostFDs(set<int>()); | |
2210 | ||
2bb04905 | 2211 | #if __linux__ |
36457566 LC |
2212 | /* Change the personality to 32-bit if we're doing an |
2213 | i686-linux build on an x86_64-linux machine. */ | |
2214 | struct utsname utsbuf; | |
2215 | uname(&utsbuf); | |
2216 | if (drv.platform == "i686-linux" && | |
2217 | (settings.thisSystem == "x86_64-linux" || | |
2218 | (!strcmp(utsbuf.sysname, "Linux") && !strcmp(utsbuf.machine, "x86_64")))) { | |
2bb04905 | 2219 | if (personality(PER_LINUX32) == -1) |
36457566 LC |
2220 | throw SysError("cannot set i686-linux personality"); |
2221 | } | |
2222 | ||
162825f9 EF |
2223 | if (drv.platform == "armhf-linux" && |
2224 | (settings.thisSystem == "aarch64-linux" || | |
2225 | (!strcmp(utsbuf.sysname, "Linux") && !strcmp(utsbuf.machine, "aarch64")))) { | |
2226 | if (personality(PER_LINUX32) == -1) | |
2227 | throw SysError("cannot set armhf-linux personality"); | |
2228 | } | |
2229 | ||
36457566 LC |
2230 | /* Impersonate a Linux 2.6 machine to get some determinism in |
2231 | builds that depend on the kernel version. */ | |
2232 | if ((drv.platform == "i686-linux" || drv.platform == "x86_64-linux") && settings.impersonateLinux26) { | |
2233 | int cur = personality(0xffffffff); | |
2234 | if (cur != -1) personality(cur | 0x0020000 /* == UNAME26 */); | |
2235 | } | |
2bb04905 LC |
2236 | |
2237 | /* Disable address space randomization for improved | |
2238 | determinism. */ | |
2239 | int cur = personality(0xffffffff); | |
2240 | if (cur != -1) personality(cur | ADDR_NO_RANDOMIZE); | |
36457566 LC |
2241 | #endif |
2242 | ||
2243 | /* Fill in the environment. */ | |
2244 | Strings envStrs; | |
2245 | foreach (Environment::const_iterator, i, env) | |
2246 | envStrs.push_back(rewriteHashes(i->first + "=" + i->second, rewritesToTmp)); | |
36457566 LC |
2247 | |
2248 | /* If we are running in `build-users' mode, then switch to the | |
2249 | user we allocated above. Make sure that we drop all root | |
2250 | privileges. Note that above we have closed all file | |
2251 | descriptors except std*, so that's safe. Also note that | |
2252 | setuid() when run as root sets the real, effective and | |
2253 | saved UIDs. */ | |
2254 | if (buildUser.enabled()) { | |
322eeb87 LC |
2255 | /* Preserve supplementary groups of the build user, to allow |
2256 | admins to specify groups such as "kvm". */ | |
2257 | if (setgroups(buildUser.getSupplementaryGIDs().size(), | |
2258 | buildUser.getSupplementaryGIDs().data()) == -1) | |
2259 | throw SysError("cannot set supplementary groups of build user"); | |
36457566 LC |
2260 | |
2261 | if (setgid(buildUser.getGID()) == -1 || | |
2262 | getgid() != buildUser.getGID() || | |
2263 | getegid() != buildUser.getGID()) | |
2264 | throw SysError("setgid failed"); | |
2265 | ||
2266 | if (setuid(buildUser.getUID()) == -1 || | |
2267 | getuid() != buildUser.getUID() || | |
2268 | geteuid() != buildUser.getUID()) | |
2269 | throw SysError("setuid failed"); | |
2270 | } | |
2271 | ||
94d92c77 LC |
2272 | restoreSIGPIPE(); |
2273 | ||
2274 | /* Indicate that we managed to set up the build environment. */ | |
2275 | writeFull(STDERR_FILENO, "\n"); | |
2276 | ||
2277 | /* Execute the program. This should not return. */ | |
2278 | if (isBuiltin(drv)) { | |
2279 | try { | |
2280 | logType = ltFlat; | |
2281 | ||
2282 | auto buildDrv = lookupBuiltinBuilder(drv.builder); | |
9b5364a3 LC |
2283 | if (buildDrv != NULL) { |
2284 | /* Check what the output file name is. When doing a | |
2285 | 'bmCheck' build, the output file name is different from | |
2286 | that specified in DRV due to hash rewriting. */ | |
2287 | Path output = drv.outputs["out"].path; | |
2288 | auto redirected = redirectedOutputs.find(output); | |
2289 | if (redirected != redirectedOutputs.end()) | |
2290 | output = redirected->second; | |
2291 | ||
2292 | buildDrv(drv, drvPath, output); | |
2293 | } | |
94d92c77 LC |
2294 | else |
2295 | throw Error(format("unsupported builtin function '%1%'") % string(drv.builder, 8)); | |
2296 | _exit(0); | |
2297 | } catch (std::exception & e) { | |
2298 | writeFull(STDERR_FILENO, "error: " + string(e.what()) + "\n"); | |
2299 | _exit(1); | |
2300 | } | |
2301 | } | |
2302 | ||
36457566 | 2303 | /* Fill in the arguments. */ |
54c260e6 | 2304 | Strings args; |
36457566 | 2305 | string builderBasename = baseNameOf(drv.builder); |
54c260e6 LC |
2306 | args.push_back(builderBasename); |
2307 | foreach (Strings::iterator, i, drv.args) | |
2308 | args.push_back(rewriteHashes(*i, rewritesToTmp)); | |
36457566 | 2309 | |
322eeb87 | 2310 | execve(drv.builder.c_str(), stringsToCharPtrs(args).data(), stringsToCharPtrs(envStrs).data()); |
36457566 | 2311 | |
7bf2a70a LC |
2312 | int error = errno; |
2313 | ||
2314 | /* Right platform? Check this after we've tried 'execve' to allow for | |
2315 | transparent emulation of different platforms with binfmt_misc | |
2316 | handlers that invoke QEMU. */ | |
2317 | if (error == ENOEXEC && !canBuildLocally(drv.platform)) { | |
2318 | if (settings.printBuildTrace) | |
2319 | printMsg(lvlError, format("@ unsupported-platform %1% %2%") % drvPath % drv.platform); | |
2320 | throw Error( | |
2321 | format("a `%1%' is required to build `%3%', but I am a `%2%'") | |
2322 | % drv.platform % settings.thisSystem % drvPath); | |
2323 | } | |
2324 | ||
2325 | errno = error; | |
36457566 LC |
2326 | throw SysError(format("executing `%1%'") % drv.builder); |
2327 | ||
2328 | } catch (std::exception & e) { | |
54c260e6 | 2329 | writeFull(STDERR_FILENO, "while setting up the build environment: " + string(e.what()) + "\n"); |
2bb04905 | 2330 | _exit(1); |
36457566 LC |
2331 | } |
2332 | ||
2333 | abort(); /* never reached */ | |
2334 | } | |
2335 | ||
2336 | ||
2337 | /* Parse a list of reference specifiers. Each element must either be | |
2338 | a store path, or the symbolic name of the output of the derivation | |
2339 | (such as `out'). */ | |
2340 | PathSet parseReferenceSpecifiers(const Derivation & drv, string attr) | |
2341 | { | |
2342 | PathSet result; | |
2343 | Paths paths = tokenizeString<Paths>(attr); | |
2344 | foreach (Strings::iterator, i, paths) { | |
2345 | if (isStorePath(*i)) | |
2346 | result.insert(*i); | |
2347 | else if (drv.outputs.find(*i) != drv.outputs.end()) | |
2348 | result.insert(drv.outputs.find(*i)->second.path); | |
2349 | else throw BuildError( | |
76533c52 | 2350 | format("derivation contains an invalid reference specifier `%1%'") |
36457566 LC |
2351 | % *i); |
2352 | } | |
2353 | return result; | |
2354 | } | |
2355 | ||
2356 | ||
2357 | void DerivationGoal::registerOutputs() | |
2358 | { | |
2359 | /* When using a build hook, the build hook can register the output | |
2360 | as valid (by doing `nix-store --import'). If so we don't have | |
2361 | to do anything here. */ | |
2362 | if (hook) { | |
2363 | bool allValid = true; | |
2364 | foreach (DerivationOutputs::iterator, i, drv.outputs) | |
2365 | if (!worker.store.isValidPath(i->second.path)) allValid = false; | |
2366 | if (allValid) return; | |
2367 | } | |
2368 | ||
2369 | ValidPathInfos infos; | |
2370 | ||
b23b4d39 ED |
2371 | /* Set of inodes seen during calls to canonicalisePathMetaData() |
2372 | for this build's outputs. This needs to be shared between | |
2373 | outputs to allow hard links between outputs. */ | |
2374 | InodesSeen inodesSeen; | |
2375 | ||
b4528110 ED |
2376 | Path checkSuffix = "-check"; |
2377 | ||
36457566 LC |
2378 | /* Check whether the output paths were created, and grep each |
2379 | output path to determine what other paths it references. Also make all | |
2380 | output paths read-only. */ | |
2381 | foreach (DerivationOutputs::iterator, i, drv.outputs) { | |
2382 | Path path = i->second.path; | |
2383 | if (missingPaths.find(path) == missingPaths.end()) continue; | |
2384 | ||
2385 | Path actualPath = path; | |
2386 | if (useChroot) { | |
2387 | actualPath = chrootRootDir + path; | |
2388 | if (pathExists(actualPath)) { | |
8327e733 | 2389 | /* Move output paths from the chroot to the store. */ |
36457566 LC |
2390 | if (buildMode == bmRepair) |
2391 | replaceValidPath(path, actualPath); | |
2392 | else | |
2393 | if (buildMode != bmCheck && rename(actualPath.c_str(), path.c_str()) == -1) | |
8327e733 | 2394 | throw SysError(format("moving build output `%1%' from the chroot to the store") % path); |
36457566 LC |
2395 | } |
2396 | if (buildMode != bmCheck) actualPath = path; | |
2397 | } else { | |
2398 | Path redirected = redirectedOutputs[path]; | |
2399 | if (buildMode == bmRepair | |
2400 | && redirectedBadOutputs.find(path) != redirectedBadOutputs.end() | |
2401 | && pathExists(redirected)) | |
2402 | replaceValidPath(path, redirected); | |
7889e72d | 2403 | if (buildMode == bmCheck && redirected != "") |
36457566 LC |
2404 | actualPath = redirected; |
2405 | } | |
2406 | ||
2407 | struct stat st; | |
2408 | if (lstat(actualPath.c_str(), &st) == -1) { | |
2409 | if (errno == ENOENT) | |
2410 | throw BuildError( | |
2411 | format("builder for `%1%' failed to produce output path `%2%'") | |
2412 | % drvPath % path); | |
2413 | throw SysError(format("getting attributes of path `%1%'") % actualPath); | |
2414 | } | |
2415 | ||
2416 | #ifndef __CYGWIN__ | |
2417 | /* Check that the output is not group or world writable, as | |
2418 | that means that someone else can have interfered with the | |
2419 | build. Also, the output should be owned by the build | |
2420 | user. */ | |
2421 | if ((!S_ISLNK(st.st_mode) && (st.st_mode & (S_IWGRP | S_IWOTH))) || | |
2422 | (buildUser.enabled() && st.st_uid != buildUser.getUID())) | |
2423 | throw BuildError(format("suspicious ownership or permission on `%1%'; rejecting this build output") % path); | |
2424 | #endif | |
2425 | ||
2426 | /* Apply hash rewriting if necessary. */ | |
2427 | bool rewritten = false; | |
2428 | if (!rewritesFromTmp.empty()) { | |
2429 | printMsg(lvlError, format("warning: rewriting hashes in `%1%'; cross fingers") % path); | |
2430 | ||
2431 | /* Canonicalise first. This ensures that the path we're | |
2432 | rewriting doesn't contain a hard link to /etc/shadow or | |
2433 | something like that. */ | |
2434 | canonicalisePathMetaData(actualPath, buildUser.enabled() ? buildUser.getUID() : -1, inodesSeen); | |
2435 | ||
2436 | /* FIXME: this is in-memory. */ | |
2437 | StringSink sink; | |
2438 | dumpPath(actualPath, sink); | |
2439 | deletePath(actualPath); | |
2440 | sink.s = rewriteHashes(sink.s, rewritesFromTmp); | |
2441 | StringSource source(sink.s); | |
2442 | restorePath(actualPath, source); | |
2443 | ||
2444 | rewritten = true; | |
2445 | } | |
2446 | ||
2447 | startNest(nest, lvlTalkative, | |
2448 | format("scanning for references inside `%1%'") % path); | |
2449 | ||
2450 | /* Check that fixed-output derivations produced the right | |
2451 | outputs (i.e., the content hash should match the specified | |
2452 | hash). */ | |
2453 | if (i->second.hash != "") { | |
2454 | ||
2455 | bool recursive; HashType ht; Hash h; | |
2456 | i->second.parseHashInfo(recursive, ht, h); | |
2457 | ||
2458 | if (!recursive) { | |
2459 | /* The output path should be a regular file without | |
2460 | execute permission. */ | |
2461 | if (!S_ISREG(st.st_mode) || (st.st_mode & S_IXUSR) != 0) | |
2462 | throw BuildError( | |
2463 | format("output path `%1% should be a non-executable regular file") % path); | |
2464 | } | |
2465 | ||
2466 | /* Check the hash. */ | |
2467 | Hash h2 = recursive ? hashPath(ht, actualPath).first : hashFile(ht, actualPath); | |
dc0f74e5 LC |
2468 | if (h != h2) { |
2469 | if (settings.printBuildTrace) | |
2470 | printMsg(lvlError, format("@ hash-mismatch %1% %2% %3% %4%") | |
2471 | % path % i->second.hashAlgo | |
2472 | % printHash16or32(h) % printHash16or32(h2)); | |
2473 | throw BuildError(format("hash mismatch for store item '%1%'") % path); | |
2474 | } | |
36457566 LC |
2475 | } |
2476 | ||
2477 | /* Get rid of all weird permissions. This also checks that | |
2478 | all files are owned by the build user, if applicable. */ | |
2479 | canonicalisePathMetaData(actualPath, | |
2480 | buildUser.enabled() && !rewritten ? buildUser.getUID() : -1, inodesSeen); | |
2481 | ||
2482 | /* For this output path, find the references to other paths | |
2483 | contained in it. Compute the SHA-256 NAR hash at the same | |
2484 | time. The hash is stored in the database so that we can | |
2485 | verify later on whether nobody has messed with the store. */ | |
2486 | HashResult hash; | |
2487 | PathSet references = scanForReferences(actualPath, allPaths, hash); | |
2488 | ||
2489 | if (buildMode == bmCheck) { | |
f83e82cd | 2490 | if (!store->isValidPath(path)) continue; |
36457566 | 2491 | ValidPathInfo info = worker.store.queryPathInfo(path); |
7f3b2510 ED |
2492 | if (hash.first != info.hash) { |
2493 | if (settings.keepFailed) { | |
b4528110 | 2494 | Path dst = path + checkSuffix; |
7f3b2510 ED |
2495 | if (pathExists(dst)) deletePath(dst); |
2496 | if (rename(actualPath.c_str(), dst.c_str())) | |
2497 | throw SysError(format("renaming `%1%' to `%2%'") % actualPath % dst); | |
2498 | throw Error(format("derivation `%1%' may not be deterministic: output `%2%' differs from ‘%3%’") | |
2499 | % drvPath % path % dst); | |
2500 | } else | |
2501 | throw Error(format("derivation `%1%' may not be deterministic: output `%2%' differs") | |
2502 | % drvPath % path); | |
2503 | } | |
d5912428 LC |
2504 | |
2505 | if (settings.printBuildTrace) | |
2506 | printMsg(lvlError, format("@ build-succeeded %1% -") % drvPath); | |
2507 | ||
36457566 LC |
2508 | continue; |
2509 | } | |
2510 | ||
2511 | /* For debugging, print out the referenced and unreferenced | |
2512 | paths. */ | |
2513 | foreach (PathSet::iterator, i, inputPaths) { | |
2514 | PathSet::iterator j = references.find(*i); | |
2515 | if (j == references.end()) | |
2516 | debug(format("unreferenced input: `%1%'") % *i); | |
2517 | else | |
2518 | debug(format("referenced input: `%1%'") % *i); | |
2519 | } | |
2520 | ||
2bb04905 LC |
2521 | /* Enforce `allowedReferences' and friends. */ |
2522 | auto checkRefs = [&](const string & attrName, bool allowed, bool recursive) { | |
2523 | if (drv.env.find(attrName) == drv.env.end()) return; | |
2524 | ||
2525 | PathSet spec = parseReferenceSpecifiers(drv, get(drv.env, attrName)); | |
2526 | ||
2527 | PathSet used; | |
2528 | if (recursive) { | |
2529 | /* Our requisites are the union of the closures of our references. */ | |
2530 | for (auto & i : references) | |
2531 | /* Don't call computeFSClosure on ourselves. */ | |
2532 | if (actualPath != i) | |
2533 | computeFSClosure(worker.store, i, used); | |
2534 | } else | |
2535 | used = references; | |
2536 | ||
2537 | for (auto & i : used) | |
2538 | if (allowed) { | |
2539 | if (spec.find(i) == spec.end()) | |
2540 | throw BuildError(format("output (`%1%') is not allowed to refer to path `%2%'") % actualPath % i); | |
2541 | } else { | |
2542 | if (spec.find(i) != spec.end()) | |
2543 | throw BuildError(format("output (`%1%') is not allowed to refer to path `%2%'") % actualPath % i); | |
2544 | } | |
2545 | }; | |
2546 | ||
2547 | checkRefs("allowedReferences", true, false); | |
2548 | checkRefs("allowedRequisites", true, true); | |
2549 | checkRefs("disallowedReferences", false, false); | |
2550 | checkRefs("disallowedRequisites", false, true); | |
36457566 | 2551 | |
b4528110 ED |
2552 | if (curRound == nrRounds) { |
2553 | worker.store.optimisePath(path); // FIXME: combine with scanForReferences() | |
36457566 | 2554 | |
b4528110 ED |
2555 | worker.store.markContentsGood(path); |
2556 | } | |
36457566 LC |
2557 | |
2558 | ValidPathInfo info; | |
2559 | info.path = path; | |
2560 | info.hash = hash.first; | |
2561 | info.narSize = hash.second; | |
2562 | info.references = references; | |
2563 | info.deriver = drvPath; | |
2564 | infos.push_back(info); | |
2565 | } | |
2566 | ||
2567 | if (buildMode == bmCheck) return; | |
2568 | ||
b4528110 ED |
2569 | /* Compare the result with the previous round, and report which |
2570 | path is different, if any.*/ | |
2571 | if (curRound > 1 && prevInfos != infos) { | |
2572 | assert(prevInfos.size() == infos.size()); | |
2573 | for (auto i = prevInfos.begin(), j = infos.begin(); i != prevInfos.end(); ++i, ++j) | |
2574 | if (!(*i == *j)) { | |
2575 | Path prev = i->path + checkSuffix; | |
2576 | if (pathExists(prev)) | |
2577 | throw NotDeterministic( | |
2578 | format("output ‘%1%’ of ‘%2%’ differs from ‘%3%’ from previous round") | |
2579 | % i->path % drvPath % prev); | |
2580 | else | |
2581 | throw NotDeterministic( | |
2582 | format("output ‘%1%’ of ‘%2%’ differs from previous round") | |
2583 | % i->path % drvPath); | |
2584 | } | |
2585 | assert(false); // shouldn't happen | |
2586 | } | |
2587 | ||
2588 | if (settings.keepFailed) { | |
2589 | for (auto & i : drv.outputs) { | |
2590 | Path prev = i.second.path + checkSuffix; | |
2591 | if (pathExists(prev)) deletePath(prev); | |
2592 | if (curRound < nrRounds) { | |
2593 | Path dst = i.second.path + checkSuffix; | |
2594 | if (rename(i.second.path.c_str(), dst.c_str())) | |
2595 | throw SysError(format("renaming ‘%1%’ to ‘%2%’") % i.second.path % dst); | |
2596 | } | |
2597 | } | |
2598 | ||
2599 | } | |
b23b4d39 ED |
2600 | |
2601 | if (curRound < nrRounds) { | |
2602 | prevInfos = infos; | |
2603 | return; | |
2604 | } | |
2605 | ||
36457566 LC |
2606 | /* Register each output path as valid, and register the sets of |
2607 | paths referenced by each of them. If there are cycles in the | |
2608 | outputs, this will fail. */ | |
2609 | worker.store.registerValidPaths(infos); | |
2610 | } | |
2611 | ||
2612 | ||
2613 | string drvsLogDir = "drvs"; | |
2614 | ||
2615 | ||
2616 | Path DerivationGoal::openLogFile() | |
2617 | { | |
2618 | logSize = 0; | |
2619 | ||
2620 | if (!settings.keepLog) return ""; | |
2621 | ||
2622 | string baseName = baseNameOf(drvPath); | |
2623 | ||
2624 | /* Create a log file. */ | |
2625 | Path dir = (format("%1%/%2%/%3%/") % settings.nixLogDir % drvsLogDir % string(baseName, 0, 2)).str(); | |
2626 | createDirs(dir); | |
2627 | ||
29a68668 LC |
2628 | switch (settings.logCompression) |
2629 | { | |
2630 | case COMPRESSION_GZIP: { | |
2631 | Path logFileName = (format("%1%/%2%.gz") % dir % string(baseName, 2)).str(); | |
2632 | AutoCloseFD fd = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666); | |
2633 | if (fd == -1) throw SysError(format("creating log file `%1%'") % logFileName); | |
2634 | closeOnExec(fd); | |
2635 | ||
2636 | /* Note: FD will be closed by 'gzclose'. */ | |
2637 | if (!(gzLogFile = gzdopen(fd.borrow(), "w"))) | |
2638 | throw Error(format("cannot open compressed log file `%1%'") % logFileName); | |
2639 | ||
2640 | gzbuffer(gzLogFile, 32768); | |
2641 | gzsetparams(gzLogFile, Z_BEST_COMPRESSION, Z_DEFAULT_STRATEGY); | |
36457566 | 2642 | |
29a68668 LC |
2643 | return logFileName; |
2644 | } | |
2645 | ||
f997137d | 2646 | #if HAVE_BZLIB_H |
29a68668 | 2647 | case COMPRESSION_BZIP2: { |
36457566 LC |
2648 | Path logFileName = (format("%1%/%2%.bz2") % dir % string(baseName, 2)).str(); |
2649 | AutoCloseFD fd = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666); | |
2650 | if (fd == -1) throw SysError(format("creating log file `%1%'") % logFileName); | |
2651 | closeOnExec(fd); | |
2652 | ||
2653 | if (!(fLogFile = fdopen(fd.borrow(), "w"))) | |
2654 | throw SysError(format("opening file `%1%'") % logFileName); | |
2655 | ||
2656 | int err; | |
2657 | if (!(bzLogFile = BZ2_bzWriteOpen(&err, fLogFile, 9, 0, 0))) | |
2658 | throw Error(format("cannot open compressed log file `%1%'") % logFileName); | |
2659 | ||
2660 | return logFileName; | |
29a68668 | 2661 | } |
f997137d | 2662 | #endif |
36457566 | 2663 | |
29a68668 | 2664 | case COMPRESSION_NONE: { |
36457566 LC |
2665 | Path logFileName = (format("%1%/%2%") % dir % string(baseName, 2)).str(); |
2666 | fdLogFile = open(logFileName.c_str(), O_CREAT | O_WRONLY | O_TRUNC, 0666); | |
2667 | if (fdLogFile == -1) throw SysError(format("creating log file `%1%'") % logFileName); | |
2668 | closeOnExec(fdLogFile); | |
2669 | return logFileName; | |
29a68668 | 2670 | } |
36457566 | 2671 | } |
29a68668 LC |
2672 | |
2673 | abort(); | |
36457566 LC |
2674 | } |
2675 | ||
2676 | ||
2677 | void DerivationGoal::closeLogFile() | |
2678 | { | |
29a68668 LC |
2679 | if (gzLogFile) { |
2680 | int err; | |
2681 | err = gzclose(gzLogFile); | |
2682 | gzLogFile = NULL; | |
2683 | if (err != Z_OK) throw Error(format("cannot close compressed log file (gzip error = %1%)") % err); | |
2684 | } | |
f997137d | 2685 | #if HAVE_BZLIB_H |
29a68668 | 2686 | else if (bzLogFile) { |
36457566 LC |
2687 | int err; |
2688 | BZ2_bzWriteClose(&err, bzLogFile, 0, 0, 0); | |
2689 | bzLogFile = 0; | |
2690 | if (err != BZ_OK) throw Error(format("cannot close compressed log file (BZip2 error = %1%)") % err); | |
2691 | } | |
f997137d | 2692 | #endif |
36457566 LC |
2693 | |
2694 | if (fLogFile) { | |
2695 | fclose(fLogFile); | |
2696 | fLogFile = 0; | |
2697 | } | |
2698 | ||
2699 | fdLogFile.close(); | |
2700 | } | |
2701 | ||
2702 | ||
2608e409 HG |
2703 | static void _chown(const Path & path, uid_t uid, gid_t gid) |
2704 | { | |
2705 | checkInterrupt(); | |
2706 | ||
2707 | if (lchown(path.c_str(), uid, gid) == -1) { | |
2708 | throw SysError(format("change owner and group of `%1%'") % path); | |
2709 | } | |
2710 | struct stat st = lstat(path); | |
2711 | if (S_ISDIR(st.st_mode)) { | |
2712 | for (auto & i : readDirectory(path)) | |
2713 | _chown(path + "/" + i.name, uid, gid); | |
2714 | } | |
2715 | } | |
2716 | ||
2717 | ||
36457566 LC |
2718 | void DerivationGoal::deleteTmpDir(bool force) |
2719 | { | |
2720 | if (tmpDir != "") { | |
2721 | if (settings.keepFailed && !force) { | |
2722 | printMsg(lvlError, | |
2723 | format("note: keeping build directory `%2%'") | |
2724 | % drvPath % tmpDir); | |
2725 | chmod(tmpDir.c_str(), 0755); | |
2608e409 HG |
2726 | // Change the ownership if clientUid is set. Never change the |
2727 | // ownership or the group to "root" for security reasons. | |
2728 | if (settings.clientUid != (uid_t) -1 && settings.clientUid != 0) { | |
2729 | _chown(tmpDir, settings.clientUid, | |
2730 | settings.clientGid != 0 ? settings.clientGid : -1); | |
2731 | } | |
36457566 LC |
2732 | } |
2733 | else | |
2734 | deletePath(tmpDir); | |
2735 | tmpDir = ""; | |
2736 | } | |
2737 | } | |
2738 | ||
2739 | ||
2740 | void DerivationGoal::handleChildOutput(int fd, const string & data) | |
2741 | { | |
6ef61cc4 LC |
2742 | string prefix; |
2743 | ||
2744 | if (settings.multiplexedBuildOutput) { | |
2745 | /* Print a prefix that allows clients to determine whether a message | |
2746 | comes from the daemon or from a build process, and in the latter | |
2747 | case, which build process it comes from. The PID here matches the | |
2748 | one given in "@ build-started" traces; it's shorter that the | |
2749 | derivation file name, hence this choice. */ | |
2750 | prefix = "@ build-log " | |
2751 | + std::to_string(pid < 0 ? hook->pid : pid) | |
2752 | + " " + std::to_string(data.size()) + "\n"; | |
2753 | } | |
2754 | ||
36457566 LC |
2755 | if ((hook && fd == hook->builderOut.readSide) || |
2756 | (!hook && fd == builderOut.readSide)) | |
2757 | { | |
2758 | logSize += data.size(); | |
2759 | if (settings.maxLogSize && logSize > settings.maxLogSize) { | |
2760 | printMsg(lvlError, | |
2761 | format("%1% killed after writing more than %2% bytes of log output") | |
2762 | % getName() % settings.maxLogSize); | |
f3ff1da4 | 2763 | timedOut(); // not really a timeout, but close enough |
36457566 LC |
2764 | return; |
2765 | } | |
2766 | if (verbosity >= settings.buildVerbosity) | |
6ef61cc4 | 2767 | writeToStderr(prefix + data); |
29a68668 LC |
2768 | |
2769 | if (gzLogFile) { | |
2770 | if (data.size() > 0) { | |
2771 | int count, err; | |
2772 | count = gzwrite(gzLogFile, data.data(), data.size()); | |
2773 | if (count == 0) throw Error(format("cannot write to compressed log file (gzip error = %1%)") % gzerror(gzLogFile, &err)); | |
2774 | } | |
f997137d | 2775 | #if HAVE_BZLIB_H |
29a68668 | 2776 | } else if (bzLogFile) { |
36457566 LC |
2777 | int err; |
2778 | BZ2_bzWrite(&err, bzLogFile, (unsigned char *) data.data(), data.size()); | |
2779 | if (err != BZ_OK) throw Error(format("cannot write to compressed log file (BZip2 error = %1%)") % err); | |
f997137d | 2780 | #endif |
36457566 | 2781 | } else if (fdLogFile != -1) |
54c260e6 | 2782 | writeFull(fdLogFile, data); |
36457566 LC |
2783 | } |
2784 | ||
2785 | if (hook && fd == hook->fromHook.readSide) | |
6ef61cc4 | 2786 | writeToStderr(prefix + data); |
36457566 LC |
2787 | } |
2788 | ||
2789 | ||
2790 | void DerivationGoal::handleEOF(int fd) | |
2791 | { | |
2792 | worker.wakeUp(shared_from_this()); | |
2793 | } | |
2794 | ||
2795 | ||
2796 | PathSet DerivationGoal::checkPathValidity(bool returnValid, bool checkHash) | |
2797 | { | |
2798 | PathSet result; | |
2799 | foreach (DerivationOutputs::iterator, i, drv.outputs) { | |
2800 | if (!wantOutput(i->first, wantedOutputs)) continue; | |
2801 | bool good = | |
2802 | worker.store.isValidPath(i->second.path) && | |
2803 | (!checkHash || worker.store.pathContentsGood(i->second.path)); | |
2804 | if (good == returnValid) result.insert(i->second.path); | |
2805 | } | |
2806 | return result; | |
2807 | } | |
2808 | ||
2809 | ||
2810 | bool DerivationGoal::pathFailed(const Path & path) | |
2811 | { | |
2812 | if (!settings.cacheFailure) return false; | |
2813 | ||
2814 | if (!worker.store.hasPathFailed(path)) return false; | |
2815 | ||
2816 | printMsg(lvlError, format("builder for `%1%' failed previously (cached)") % path); | |
2817 | ||
2818 | if (settings.printBuildTrace) | |
2819 | printMsg(lvlError, format("@ build-failed %1% - cached") % drvPath); | |
2820 | ||
f3ff1da4 | 2821 | done(BuildResult::CachedFailure); |
36457566 LC |
2822 | |
2823 | return true; | |
2824 | } | |
2825 | ||
2826 | ||
2827 | Path DerivationGoal::addHashRewrite(const Path & path) | |
2828 | { | |
2829 | string h1 = string(path, settings.nixStore.size() + 1, 32); | |
2830 | string h2 = string(printHash32(hashString(htSHA256, "rewrite:" + drvPath + ":" + path)), 0, 32); | |
2831 | Path p = settings.nixStore + "/" + h2 + string(path, settings.nixStore.size() + 33); | |
2832 | if (pathExists(p)) deletePath(p); | |
2833 | assert(path.size() == p.size()); | |
2834 | rewritesToTmp[h1] = h2; | |
2835 | rewritesFromTmp[h2] = h1; | |
2836 | redirectedOutputs[path] = p; | |
9b5364a3 LC |
2837 | printMsg(lvlChatty, format("output '%1%' redirected to '%2%'") |
2838 | % path % p); | |
36457566 LC |
2839 | return p; |
2840 | } | |
2841 | ||
2842 | ||
f3ff1da4 ED |
2843 | void DerivationGoal::done(BuildResult::Status status, const string & msg) |
2844 | { | |
2845 | result.status = status; | |
2846 | result.errorMsg = msg; | |
2847 | amDone(result.success() ? ecSuccess : ecFailed); | |
2848 | if (result.status == BuildResult::TimedOut) | |
2849 | worker.timedOut = true; | |
2850 | if (result.status == BuildResult::PermanentFailure || result.status == BuildResult::CachedFailure) | |
2851 | worker.permanentFailure = true; | |
2852 | } | |
2853 | ||
2854 | ||
36457566 LC |
2855 | ////////////////////////////////////////////////////////////////////// |
2856 | ||
2857 | ||
2858 | class SubstitutionGoal : public Goal | |
2859 | { | |
2860 | friend class Worker; | |
2861 | ||
2862 | private: | |
2863 | /* The store path that should be realised through a substitute. */ | |
2864 | Path storePath; | |
2865 | ||
36457566 LC |
2866 | /* Path info returned by the substituter's query info operation. */ |
2867 | SubstitutablePathInfo info; | |
2868 | ||
2869 | /* Pipe for the substituter's standard output. */ | |
2870 | Pipe outPipe; | |
2871 | ||
2872 | /* Pipe for the substituter's standard error. */ | |
2873 | Pipe logPipe; | |
2874 | ||
2875 | /* The process ID of the builder. */ | |
2876 | Pid pid; | |
2877 | ||
2878 | /* Lock on the store path. */ | |
2879 | std::shared_ptr<PathLocks> outputLock; | |
2880 | ||
2881 | /* Whether to try to repair a valid path. */ | |
2882 | bool repair; | |
2883 | ||
2884 | /* Location where we're downloading the substitute. Differs from | |
2885 | storePath when doing a repair. */ | |
2886 | Path destPath; | |
2887 | ||
2888 | typedef void (SubstitutionGoal::*GoalState)(); | |
2889 | GoalState state; | |
2890 | ||
f6919ebd LC |
2891 | void tryNext(); |
2892 | ||
36457566 LC |
2893 | public: |
2894 | SubstitutionGoal(const Path & storePath, Worker & worker, bool repair = false); | |
2895 | ~SubstitutionGoal(); | |
2896 | ||
f3ff1da4 | 2897 | void timedOut(); |
36457566 | 2898 | |
2bb04905 LC |
2899 | string key() |
2900 | { | |
2901 | /* "a$" ensures substitution goals happen before derivation | |
2902 | goals. */ | |
2903 | return "a$" + storePathToName(storePath) + "$" + storePath; | |
2904 | } | |
2905 | ||
36457566 LC |
2906 | void work(); |
2907 | ||
2908 | /* The states. */ | |
2909 | void init(); | |
36457566 LC |
2910 | void gotInfo(); |
2911 | void referencesValid(); | |
2912 | void tryToRun(); | |
2913 | void finished(); | |
2914 | ||
2915 | /* Callback used by the worker to write to the log. */ | |
2916 | void handleChildOutput(int fd, const string & data); | |
2917 | void handleEOF(int fd); | |
2918 | ||
2919 | Path getStorePath() { return storePath; } | |
2920 | }; | |
2921 | ||
2922 | ||
2923 | SubstitutionGoal::SubstitutionGoal(const Path & storePath, Worker & worker, bool repair) | |
2924 | : Goal(worker) | |
36457566 LC |
2925 | , repair(repair) |
2926 | { | |
2927 | this->storePath = storePath; | |
2928 | state = &SubstitutionGoal::init; | |
2929 | name = (format("substitution of `%1%'") % storePath).str(); | |
2930 | trace("created"); | |
2931 | } | |
2932 | ||
2933 | ||
2934 | SubstitutionGoal::~SubstitutionGoal() | |
2935 | { | |
2936 | if (pid != -1) worker.childTerminated(pid); | |
2937 | } | |
2938 | ||
2939 | ||
f3ff1da4 | 2940 | void SubstitutionGoal::timedOut() |
36457566 | 2941 | { |
f3ff1da4 | 2942 | if (settings.printBuildTrace) |
36457566 LC |
2943 | printMsg(lvlError, format("@ substituter-failed %1% timeout") % storePath); |
2944 | if (pid != -1) { | |
2945 | pid_t savedPid = pid; | |
2946 | pid.kill(); | |
2947 | worker.childTerminated(savedPid); | |
2948 | } | |
2949 | amDone(ecFailed); | |
2950 | } | |
2951 | ||
2952 | ||
2953 | void SubstitutionGoal::work() | |
2954 | { | |
2955 | (this->*state)(); | |
2956 | } | |
2957 | ||
2958 | ||
2959 | void SubstitutionGoal::init() | |
2960 | { | |
2961 | trace("init"); | |
2962 | ||
2963 | worker.store.addTempRoot(storePath); | |
2964 | ||
2965 | /* If the path already exists we're done. */ | |
2966 | if (!repair && worker.store.isValidPath(storePath)) { | |
2967 | amDone(ecSuccess); | |
2968 | return; | |
2969 | } | |
2970 | ||
2971 | if (settings.readOnlyMode) | |
8327e733 | 2972 | throw Error(format("cannot substitute path `%1%' - no write access to the store") % storePath); |
36457566 | 2973 | |
36457566 LC |
2974 | tryNext(); |
2975 | } | |
2976 | ||
2977 | ||
2978 | void SubstitutionGoal::tryNext() | |
2979 | { | |
f6919ebd | 2980 | trace("trying substituter"); |
36457566 | 2981 | |
f6919ebd LC |
2982 | SubstitutablePathInfos infos; |
2983 | PathSet dummy(singleton<PathSet>(storePath)); | |
2984 | worker.store.querySubstitutablePathInfos(dummy, infos); | |
2985 | SubstitutablePathInfos::iterator k = infos.find(storePath); | |
2986 | if (k == infos.end()) { | |
36457566 LC |
2987 | /* None left. Terminate this goal and let someone else deal |
2988 | with it. */ | |
2989 | debug(format("path `%1%' is required, but there is no substituter that can build it") % storePath); | |
2990 | /* Hack: don't indicate failure if there were no substituters. | |
2991 | In that case the calling derivation should just do a | |
2992 | build. */ | |
f6919ebd LC |
2993 | amDone(ecNoSubstituters); |
2994 | return; | |
36457566 LC |
2995 | } |
2996 | ||
f6919ebd | 2997 | /* Found a substitute. */ |
36457566 | 2998 | info = k->second; |
36457566 LC |
2999 | |
3000 | /* To maintain the closure invariant, we first have to realise the | |
3001 | paths referenced by this one. */ | |
3002 | foreach (PathSet::iterator, i, info.references) | |
3003 | if (*i != storePath) /* ignore self-references */ | |
3004 | addWaitee(worker.makeSubstitutionGoal(*i)); | |
3005 | ||
3006 | if (waitees.empty()) /* to prevent hang (no wake-up event) */ | |
3007 | referencesValid(); | |
3008 | else | |
3009 | state = &SubstitutionGoal::referencesValid; | |
3010 | } | |
3011 | ||
3012 | ||
3013 | void SubstitutionGoal::referencesValid() | |
3014 | { | |
3015 | trace("all references realised"); | |
3016 | ||
3017 | if (nrFailed > 0) { | |
3018 | debug(format("some references of path `%1%' could not be realised") % storePath); | |
3019 | amDone(nrNoSubstituters > 0 || nrIncompleteClosure > 0 ? ecIncompleteClosure : ecFailed); | |
3020 | return; | |
3021 | } | |
3022 | ||
3023 | foreach (PathSet::iterator, i, info.references) | |
3024 | if (*i != storePath) /* ignore self-references */ | |
3025 | assert(worker.store.isValidPath(*i)); | |
3026 | ||
3027 | state = &SubstitutionGoal::tryToRun; | |
3028 | worker.wakeUp(shared_from_this()); | |
3029 | } | |
3030 | ||
3031 | ||
3032 | void SubstitutionGoal::tryToRun() | |
3033 | { | |
3034 | trace("trying to run"); | |
3035 | ||
3036 | /* Make sure that we are allowed to start a build. Note that even | |
3037 | is maxBuildJobs == 0 (no local builds allowed), we still allow | |
3038 | a substituter to run. This is because substitutions cannot be | |
3039 | distributed to another machine via the build hook. */ | |
3040 | if (worker.getNrLocalBuilds() >= (settings.maxBuildJobs == 0 ? 1 : settings.maxBuildJobs)) { | |
3041 | worker.waitForBuildSlot(shared_from_this()); | |
3042 | return; | |
3043 | } | |
3044 | ||
3045 | /* Maybe a derivation goal has already locked this path | |
3046 | (exceedingly unlikely, since it should have used a substitute | |
3047 | first, but let's be defensive). */ | |
3048 | outputLock.reset(); // make sure this goal's lock is gone | |
3049 | if (pathIsLockedByMe(storePath)) { | |
3050 | debug(format("restarting substitution of `%1%' because it's locked by another goal") | |
3051 | % storePath); | |
3052 | worker.waitForAnyGoal(shared_from_this()); | |
3053 | return; /* restart in the tryToRun() state when another goal finishes */ | |
3054 | } | |
3055 | ||
3056 | /* Acquire a lock on the output path. */ | |
3057 | outputLock = std::shared_ptr<PathLocks>(new PathLocks); | |
3058 | if (!outputLock->lockPaths(singleton<PathSet>(storePath), "", false)) { | |
3059 | worker.waitForAWhile(shared_from_this()); | |
3060 | return; | |
3061 | } | |
3062 | ||
3063 | /* Check again whether the path is invalid. */ | |
3064 | if (!repair && worker.store.isValidPath(storePath)) { | |
3065 | debug(format("store path `%1%' has become valid") % storePath); | |
3066 | outputLock->setDeletion(true); | |
3067 | amDone(ecSuccess); | |
3068 | return; | |
3069 | } | |
3070 | ||
3071 | printMsg(lvlInfo, format("fetching path `%1%'...") % storePath); | |
3072 | ||
3073 | outPipe.create(); | |
3074 | logPipe.create(); | |
3075 | ||
3076 | destPath = repair ? storePath + ".tmp" : storePath; | |
3077 | ||
3078 | /* Remove the (stale) output path if it exists. */ | |
3079 | if (pathExists(destPath)) | |
3080 | deletePath(destPath); | |
3081 | ||
3082 | worker.store.setSubstituterEnv(); | |
3083 | ||
3084 | /* Fill in the arguments. */ | |
3085 | Strings args; | |
f6919ebd LC |
3086 | args.push_back("guix"); |
3087 | args.push_back("substitute"); | |
36457566 LC |
3088 | args.push_back("--substitute"); |
3089 | args.push_back(storePath); | |
3090 | args.push_back(destPath); | |
36457566 LC |
3091 | |
3092 | /* Fork the substitute program. */ | |
2bb04905 | 3093 | pid = startProcess([&]() { |
36457566 | 3094 | |
2bb04905 | 3095 | commonChildInit(logPipe); |
36457566 | 3096 | |
2bb04905 LC |
3097 | if (dup2(outPipe.writeSide, STDOUT_FILENO) == -1) |
3098 | throw SysError("cannot dup output pipe into stdout"); | |
36457566 | 3099 | |
f6919ebd | 3100 | execv(settings.guixProgram.c_str(), stringsToCharPtrs(args).data()); |
36457566 | 3101 | |
f6919ebd | 3102 | throw SysError(format("executing `%1% substitute'") % settings.guixProgram); |
2bb04905 | 3103 | }); |
36457566 | 3104 | |
36457566 LC |
3105 | pid.setSeparatePG(true); |
3106 | pid.setKillSignal(SIGTERM); | |
3107 | outPipe.writeSide.close(); | |
3108 | logPipe.writeSide.close(); | |
3109 | worker.childStarted(shared_from_this(), | |
3110 | pid, singleton<set<int> >(logPipe.readSide), true, true); | |
3111 | ||
3112 | state = &SubstitutionGoal::finished; | |
3113 | ||
3114 | if (settings.printBuildTrace) | |
f6919ebd LC |
3115 | /* The second element in the message used to be the name of the |
3116 | substituter but we're left with only one. */ | |
3117 | printMsg(lvlError, format("@ substituter-started %1% substitute") % storePath); | |
36457566 LC |
3118 | } |
3119 | ||
3120 | ||
3121 | void SubstitutionGoal::finished() | |
3122 | { | |
3123 | trace("substitute finished"); | |
3124 | ||
3125 | /* Since we got an EOF on the logger pipe, the substitute is | |
3126 | presumed to have terminated. */ | |
3127 | pid_t savedPid = pid; | |
3128 | int status = pid.wait(true); | |
3129 | ||
3130 | /* So the child is gone now. */ | |
3131 | worker.childTerminated(savedPid); | |
3132 | ||
3133 | /* Close the read side of the logger pipe. */ | |
3134 | logPipe.readSide.close(); | |
3135 | ||
3136 | /* Get the hash info from stdout. */ | |
3137 | string dummy = readLine(outPipe.readSide); | |
3138 | string expectedHashStr = statusOk(status) ? readLine(outPipe.readSide) : ""; | |
3139 | outPipe.readSide.close(); | |
3140 | ||
3141 | /* Check the exit status and the build result. */ | |
3142 | HashResult hash; | |
3143 | try { | |
3144 | ||
3145 | if (!statusOk(status)) | |
3146 | throw SubstError(format("fetching path `%1%' %2%") | |
3147 | % storePath % statusToString(status)); | |
3148 | ||
3149 | if (!pathExists(destPath)) | |
3150 | throw SubstError(format("substitute did not produce path `%1%'") % destPath); | |
3151 | ||
3152 | hash = hashPath(htSHA256, destPath); | |
3153 | ||
3154 | /* Verify the expected hash we got from the substituer. */ | |
3155 | if (expectedHashStr != "") { | |
3156 | size_t n = expectedHashStr.find(':'); | |
3157 | if (n == string::npos) | |
3158 | throw Error(format("bad hash from substituter: %1%") % expectedHashStr); | |
3159 | HashType hashType = parseHashType(string(expectedHashStr, 0, n)); | |
3160 | if (hashType == htUnknown) | |
3161 | throw Error(format("unknown hash algorithm in `%1%'") % expectedHashStr); | |
3162 | Hash expectedHash = parseHash16or32(hashType, string(expectedHashStr, n + 1)); | |
3163 | Hash actualHash = hashType == htSHA256 ? hash.first : hashPath(hashType, destPath).first; | |
dc0f74e5 LC |
3164 | if (expectedHash != actualHash) { |
3165 | if (settings.printBuildTrace) | |
3166 | printMsg(lvlError, format("@ hash-mismatch %1% %2% %3% %4%") | |
3167 | % storePath % "sha256" | |
3168 | % printHash16or32(expectedHash) | |
3169 | % printHash16or32(actualHash)); | |
3170 | throw SubstError(format("hash mismatch for substituted item `%1%'") % storePath); | |
3171 | } | |
36457566 LC |
3172 | } |
3173 | ||
3174 | } catch (SubstError & e) { | |
3175 | ||
3176 | printMsg(lvlInfo, e.msg()); | |
3177 | ||
3178 | if (settings.printBuildTrace) { | |
3179 | printMsg(lvlError, format("@ substituter-failed %1% %2% %3%") | |
3180 | % storePath % status % e.msg()); | |
3181 | } | |
3182 | ||
f6919ebd | 3183 | amDone(ecFailed); |
36457566 LC |
3184 | return; |
3185 | } | |
3186 | ||
3187 | if (repair) replaceValidPath(storePath, destPath); | |
3188 | ||
3189 | canonicalisePathMetaData(storePath, -1); | |
3190 | ||
3191 | worker.store.optimisePath(storePath); // FIXME: combine with hashPath() | |
3192 | ||
3193 | ValidPathInfo info2; | |
3194 | info2.path = storePath; | |
3195 | info2.hash = hash.first; | |
3196 | info2.narSize = hash.second; | |
3197 | info2.references = info.references; | |
3198 | info2.deriver = info.deriver; | |
3199 | worker.store.registerValidPath(info2); | |
3200 | ||
3201 | outputLock->setDeletion(true); | |
3202 | outputLock.reset(); | |
3203 | ||
3204 | worker.store.markContentsGood(storePath); | |
3205 | ||
3206 | printMsg(lvlChatty, | |
3207 | format("substitution of path `%1%' succeeded") % storePath); | |
3208 | ||
3209 | if (settings.printBuildTrace) | |
3210 | printMsg(lvlError, format("@ substituter-succeeded %1%") % storePath); | |
3211 | ||
3212 | amDone(ecSuccess); | |
3213 | } | |
3214 | ||
3215 | ||
3216 | void SubstitutionGoal::handleChildOutput(int fd, const string & data) | |
3217 | { | |
3218 | assert(fd == logPipe.readSide); | |
3219 | if (verbosity >= settings.buildVerbosity) writeToStderr(data); | |
3220 | /* Don't write substitution output to a log file for now. We | |
3221 | probably should, though. */ | |
3222 | } | |
3223 | ||
3224 | ||
3225 | void SubstitutionGoal::handleEOF(int fd) | |
3226 | { | |
3227 | if (fd == logPipe.readSide) worker.wakeUp(shared_from_this()); | |
3228 | } | |
3229 | ||
3230 | ||
3231 | ||
3232 | ////////////////////////////////////////////////////////////////////// | |
3233 | ||
3234 | ||
3235 | static bool working = false; | |
3236 | ||
3237 | ||
3238 | Worker::Worker(LocalStore & store) | |
3239 | : store(store) | |
3240 | { | |
3241 | /* Debugging: prevent recursive workers. */ | |
3242 | if (working) abort(); | |
3243 | working = true; | |
3244 | nrLocalBuilds = 0; | |
3245 | lastWokenUp = 0; | |
3246 | permanentFailure = false; | |
2bb04905 | 3247 | timedOut = false; |
36457566 LC |
3248 | } |
3249 | ||
3250 | ||
3251 | Worker::~Worker() | |
3252 | { | |
3253 | working = false; | |
3254 | ||
3255 | /* Explicitly get rid of all strong pointers now. After this all | |
3256 | goals that refer to this worker should be gone. (Otherwise we | |
3257 | are in trouble, since goals may call childTerminated() etc. in | |
3258 | their destructors). */ | |
3259 | topGoals.clear(); | |
3260 | } | |
3261 | ||
3262 | ||
f3ff1da4 ED |
3263 | GoalPtr Worker::makeDerivationGoal(const Path & path, |
3264 | const StringSet & wantedOutputs, BuildMode buildMode) | |
36457566 LC |
3265 | { |
3266 | GoalPtr goal = derivationGoals[path].lock(); | |
3267 | if (!goal) { | |
3268 | goal = GoalPtr(new DerivationGoal(path, wantedOutputs, *this, buildMode)); | |
3269 | derivationGoals[path] = goal; | |
3270 | wakeUp(goal); | |
3271 | } else | |
3272 | (dynamic_cast<DerivationGoal *>(goal.get()))->addWantedOutputs(wantedOutputs); | |
3273 | return goal; | |
3274 | } | |
3275 | ||
3276 | ||
3277 | GoalPtr Worker::makeSubstitutionGoal(const Path & path, bool repair) | |
3278 | { | |
3279 | GoalPtr goal = substitutionGoals[path].lock(); | |
3280 | if (!goal) { | |
3281 | goal = GoalPtr(new SubstitutionGoal(path, *this, repair)); | |
3282 | substitutionGoals[path] = goal; | |
3283 | wakeUp(goal); | |
3284 | } | |
3285 | return goal; | |
3286 | } | |
3287 | ||
3288 | ||
3289 | static void removeGoal(GoalPtr goal, WeakGoalMap & goalMap) | |
3290 | { | |
3291 | /* !!! inefficient */ | |
3292 | for (WeakGoalMap::iterator i = goalMap.begin(); | |
3293 | i != goalMap.end(); ) | |
3294 | if (i->second.lock() == goal) { | |
3295 | WeakGoalMap::iterator j = i; ++j; | |
3296 | goalMap.erase(i); | |
3297 | i = j; | |
3298 | } | |
3299 | else ++i; | |
3300 | } | |
3301 | ||
3302 | ||
3303 | void Worker::removeGoal(GoalPtr goal) | |
3304 | { | |
3305 | nix::removeGoal(goal, derivationGoals); | |
3306 | nix::removeGoal(goal, substitutionGoals); | |
3307 | if (topGoals.find(goal) != topGoals.end()) { | |
3308 | topGoals.erase(goal); | |
3309 | /* If a top-level goal failed, then kill all other goals | |
3310 | (unless keepGoing was set). */ | |
3311 | if (goal->getExitCode() == Goal::ecFailed && !settings.keepGoing) | |
3312 | topGoals.clear(); | |
3313 | } | |
3314 | ||
3315 | /* Wake up goals waiting for any goal to finish. */ | |
3316 | foreach (WeakGoals::iterator, i, waitingForAnyGoal) { | |
3317 | GoalPtr goal = i->lock(); | |
3318 | if (goal) wakeUp(goal); | |
3319 | } | |
3320 | ||
3321 | waitingForAnyGoal.clear(); | |
3322 | } | |
3323 | ||
3324 | ||
3325 | void Worker::wakeUp(GoalPtr goal) | |
3326 | { | |
3327 | goal->trace("woken up"); | |
3328 | addToWeakGoals(awake, goal); | |
3329 | } | |
3330 | ||
3331 | ||
3332 | unsigned Worker::getNrLocalBuilds() | |
3333 | { | |
3334 | return nrLocalBuilds; | |
3335 | } | |
3336 | ||
3337 | ||
3338 | void Worker::childStarted(GoalPtr goal, | |
3339 | pid_t pid, const set<int> & fds, bool inBuildSlot, | |
3340 | bool respectTimeouts) | |
3341 | { | |
3342 | Child child; | |
3343 | child.goal = goal; | |
3344 | child.fds = fds; | |
3345 | child.timeStarted = child.lastOutput = time(0); | |
3346 | child.inBuildSlot = inBuildSlot; | |
3347 | child.respectTimeouts = respectTimeouts; | |
3348 | children[pid] = child; | |
3349 | if (inBuildSlot) nrLocalBuilds++; | |
3350 | } | |
3351 | ||
3352 | ||
3353 | void Worker::childTerminated(pid_t pid, bool wakeSleepers) | |
3354 | { | |
3355 | assert(pid != -1); /* common mistake */ | |
3356 | ||
3357 | Children::iterator i = children.find(pid); | |
3358 | assert(i != children.end()); | |
3359 | ||
3360 | if (i->second.inBuildSlot) { | |
3361 | assert(nrLocalBuilds > 0); | |
3362 | nrLocalBuilds--; | |
3363 | } | |
3364 | ||
3365 | children.erase(pid); | |
3366 | ||
3367 | if (wakeSleepers) { | |
3368 | ||
3369 | /* Wake up goals waiting for a build slot. */ | |
3370 | foreach (WeakGoals::iterator, i, wantingToBuild) { | |
3371 | GoalPtr goal = i->lock(); | |
3372 | if (goal) wakeUp(goal); | |
3373 | } | |
3374 | ||
3375 | wantingToBuild.clear(); | |
3376 | } | |
3377 | } | |
3378 | ||
3379 | ||
3380 | void Worker::waitForBuildSlot(GoalPtr goal) | |
3381 | { | |
3382 | debug("wait for build slot"); | |
3383 | if (getNrLocalBuilds() < settings.maxBuildJobs) | |
3384 | wakeUp(goal); /* we can do it right away */ | |
3385 | else | |
3386 | addToWeakGoals(wantingToBuild, goal); | |
3387 | } | |
3388 | ||
3389 | ||
3390 | void Worker::waitForAnyGoal(GoalPtr goal) | |
3391 | { | |
3392 | debug("wait for any goal"); | |
3393 | addToWeakGoals(waitingForAnyGoal, goal); | |
3394 | } | |
3395 | ||
3396 | ||
3397 | void Worker::waitForAWhile(GoalPtr goal) | |
3398 | { | |
3399 | debug("wait for a while"); | |
3400 | addToWeakGoals(waitingForAWhile, goal); | |
3401 | } | |
3402 | ||
3403 | ||
3404 | void Worker::run(const Goals & _topGoals) | |
3405 | { | |
3406 | foreach (Goals::iterator, i, _topGoals) topGoals.insert(*i); | |
3407 | ||
3408 | startNest(nest, lvlDebug, format("entered goal loop")); | |
3409 | ||
3410 | while (1) { | |
3411 | ||
3412 | checkInterrupt(); | |
3413 | ||
2bb04905 LC |
3414 | /* Call every wake goal (in the ordering established by |
3415 | CompareGoalPtrs). */ | |
36457566 | 3416 | while (!awake.empty() && !topGoals.empty()) { |
2bb04905 LC |
3417 | Goals awake2; |
3418 | for (auto & i : awake) { | |
3419 | GoalPtr goal = i.lock(); | |
3420 | if (goal) awake2.insert(goal); | |
3421 | } | |
36457566 | 3422 | awake.clear(); |
2bb04905 | 3423 | for (auto & goal : awake2) { |
36457566 | 3424 | checkInterrupt(); |
2bb04905 LC |
3425 | goal->work(); |
3426 | if (topGoals.empty()) break; // stuff may have been cancelled | |
36457566 LC |
3427 | } |
3428 | } | |
3429 | ||
3430 | if (topGoals.empty()) break; | |
3431 | ||
3432 | /* Wait for input. */ | |
3433 | if (!children.empty() || !waitingForAWhile.empty()) | |
3434 | waitForInput(); | |
3435 | else { | |
3436 | if (awake.empty() && settings.maxBuildJobs == 0) throw Error( | |
3437 | "unable to start any build; either increase `--max-jobs' " | |
3438 | "or enable distributed builds"); | |
3439 | assert(!awake.empty()); | |
3440 | } | |
3441 | } | |
3442 | ||
3443 | /* If --keep-going is not set, it's possible that the main goal | |
3444 | exited while some of its subgoals were still active. But if | |
3445 | --keep-going *is* set, then they must all be finished now. */ | |
3446 | assert(!settings.keepGoing || awake.empty()); | |
3447 | assert(!settings.keepGoing || wantingToBuild.empty()); | |
3448 | assert(!settings.keepGoing || children.empty()); | |
3449 | } | |
3450 | ||
3451 | ||
3452 | void Worker::waitForInput() | |
3453 | { | |
3454 | printMsg(lvlVomit, "waiting for children"); | |
3455 | ||
3456 | /* Process output from the file descriptors attached to the | |
3457 | children, namely log output and output path creation commands. | |
3458 | We also use this to detect child termination: if we get EOF on | |
3459 | the logger pipe of a build, we assume that the builder has | |
3460 | terminated. */ | |
3461 | ||
3462 | bool useTimeout = false; | |
3463 | struct timeval timeout; | |
3464 | timeout.tv_usec = 0; | |
3465 | time_t before = time(0); | |
3466 | ||
3467 | /* If we're monitoring for silence on stdout/stderr, or if there | |
3468 | is a build timeout, then wait for input until the first | |
3469 | deadline for any child. */ | |
3470 | assert(sizeof(time_t) >= sizeof(long)); | |
3471 | time_t nearest = LONG_MAX; // nearest deadline | |
3472 | foreach (Children::iterator, i, children) { | |
3473 | if (!i->second.respectTimeouts) continue; | |
3474 | if (settings.maxSilentTime != 0) | |
3475 | nearest = std::min(nearest, i->second.lastOutput + settings.maxSilentTime); | |
3476 | if (settings.buildTimeout != 0) | |
3477 | nearest = std::min(nearest, i->second.timeStarted + settings.buildTimeout); | |
3478 | } | |
3479 | if (nearest != LONG_MAX) { | |
3480 | timeout.tv_sec = std::max((time_t) 1, nearest - before); | |
3481 | useTimeout = true; | |
3482 | printMsg(lvlVomit, format("sleeping %1% seconds") % timeout.tv_sec); | |
3483 | } | |
3484 | ||
3485 | /* If we are polling goals that are waiting for a lock, then wake | |
3486 | up after a few seconds at most. */ | |
3487 | if (!waitingForAWhile.empty()) { | |
3488 | useTimeout = true; | |
3489 | if (lastWokenUp == 0) | |
3490 | printMsg(lvlError, "waiting for locks or build slots..."); | |
3491 | if (lastWokenUp == 0 || lastWokenUp > before) lastWokenUp = before; | |
3492 | timeout.tv_sec = std::max((time_t) 1, (time_t) (lastWokenUp + settings.pollInterval - before)); | |
3493 | } else lastWokenUp = 0; | |
3494 | ||
3495 | using namespace std; | |
3496 | /* Use select() to wait for the input side of any logger pipe to | |
3497 | become `available'. Note that `available' (i.e., non-blocking) | |
3498 | includes EOF. */ | |
3499 | fd_set fds; | |
3500 | FD_ZERO(&fds); | |
3501 | int fdMax = 0; | |
3502 | foreach (Children::iterator, i, children) { | |
3503 | foreach (set<int>::iterator, j, i->second.fds) { | |
3504 | FD_SET(*j, &fds); | |
3505 | if (*j >= fdMax) fdMax = *j + 1; | |
3506 | } | |
3507 | } | |
3508 | ||
3509 | if (select(fdMax, &fds, 0, 0, useTimeout ? &timeout : 0) == -1) { | |
3510 | if (errno == EINTR) return; | |
3511 | throw SysError("waiting for input"); | |
3512 | } | |
3513 | ||
3514 | time_t after = time(0); | |
3515 | ||
3516 | /* Process all available file descriptors. */ | |
3517 | ||
3518 | /* Since goals may be canceled from inside the loop below (causing | |
3519 | them go be erased from the `children' map), we have to be | |
3520 | careful that we don't keep iterators alive across calls to | |
f3ff1da4 | 3521 | timedOut(). */ |
36457566 LC |
3522 | set<pid_t> pids; |
3523 | foreach (Children::iterator, i, children) pids.insert(i->first); | |
3524 | ||
3525 | foreach (set<pid_t>::iterator, i, pids) { | |
3526 | checkInterrupt(); | |
3527 | Children::iterator j = children.find(*i); | |
3528 | if (j == children.end()) continue; // child destroyed | |
3529 | GoalPtr goal = j->second.goal.lock(); | |
3530 | assert(goal); | |
3531 | ||
3532 | set<int> fds2(j->second.fds); | |
3533 | foreach (set<int>::iterator, k, fds2) { | |
3534 | if (FD_ISSET(*k, &fds)) { | |
3535 | unsigned char buffer[4096]; | |
3536 | ssize_t rd = read(*k, buffer, sizeof(buffer)); | |
3537 | if (rd == -1) { | |
3538 | if (errno != EINTR) | |
3539 | throw SysError(format("reading from %1%") | |
3540 | % goal->getName()); | |
3541 | } else if (rd == 0) { | |
3542 | debug(format("%1%: got EOF") % goal->getName()); | |
3543 | goal->handleEOF(*k); | |
3544 | j->second.fds.erase(*k); | |
3545 | } else { | |
3546 | printMsg(lvlVomit, format("%1%: read %2% bytes") | |
3547 | % goal->getName() % rd); | |
3548 | string data((char *) buffer, rd); | |
3549 | j->second.lastOutput = after; | |
3550 | goal->handleChildOutput(*k, data); | |
3551 | } | |
3552 | } | |
3553 | } | |
3554 | ||
3555 | if (goal->getExitCode() == Goal::ecBusy && | |
3556 | settings.maxSilentTime != 0 && | |
3557 | j->second.respectTimeouts && | |
3558 | after - j->second.lastOutput >= (time_t) settings.maxSilentTime) | |
3559 | { | |
3560 | printMsg(lvlError, | |
3561 | format("%1% timed out after %2% seconds of silence") | |
3562 | % goal->getName() % settings.maxSilentTime); | |
f3ff1da4 | 3563 | goal->timedOut(); |
36457566 LC |
3564 | } |
3565 | ||
3566 | else if (goal->getExitCode() == Goal::ecBusy && | |
3567 | settings.buildTimeout != 0 && | |
3568 | j->second.respectTimeouts && | |
3569 | after - j->second.timeStarted >= (time_t) settings.buildTimeout) | |
3570 | { | |
3571 | printMsg(lvlError, | |
3572 | format("%1% timed out after %2% seconds") | |
3573 | % goal->getName() % settings.buildTimeout); | |
f3ff1da4 | 3574 | goal->timedOut(); |
36457566 LC |
3575 | } |
3576 | } | |
3577 | ||
3578 | if (!waitingForAWhile.empty() && lastWokenUp + settings.pollInterval <= after) { | |
3579 | lastWokenUp = after; | |
3580 | foreach (WeakGoals::iterator, i, waitingForAWhile) { | |
3581 | GoalPtr goal = i->lock(); | |
3582 | if (goal) wakeUp(goal); | |
3583 | } | |
3584 | waitingForAWhile.clear(); | |
3585 | } | |
3586 | } | |
3587 | ||
3588 | ||
3589 | unsigned int Worker::exitStatus() | |
3590 | { | |
2bb04905 | 3591 | return timedOut ? 101 : (permanentFailure ? 100 : 1); |
36457566 LC |
3592 | } |
3593 | ||
3594 | ||
3595 | ////////////////////////////////////////////////////////////////////// | |
3596 | ||
3597 | ||
3598 | void LocalStore::buildPaths(const PathSet & drvPaths, BuildMode buildMode) | |
3599 | { | |
3600 | startNest(nest, lvlDebug, | |
3601 | format("building %1%") % showPaths(drvPaths)); | |
3602 | ||
3603 | Worker worker(*this); | |
3604 | ||
3605 | Goals goals; | |
3606 | foreach (PathSet::const_iterator, i, drvPaths) { | |
3607 | DrvPathWithOutputs i2 = parseDrvPathWithOutputs(*i); | |
3608 | if (isDerivation(i2.first)) | |
3609 | goals.insert(worker.makeDerivationGoal(i2.first, i2.second, buildMode)); | |
3610 | else | |
3611 | goals.insert(worker.makeSubstitutionGoal(*i, buildMode)); | |
3612 | } | |
3613 | ||
3614 | worker.run(goals); | |
3615 | ||
3616 | PathSet failed; | |
3617 | foreach (Goals::iterator, i, goals) | |
3618 | if ((*i)->getExitCode() == Goal::ecFailed) { | |
3619 | DerivationGoal * i2 = dynamic_cast<DerivationGoal *>(i->get()); | |
3620 | if (i2) failed.insert(i2->getDrvPath()); | |
3621 | else failed.insert(dynamic_cast<SubstitutionGoal *>(i->get())->getStorePath()); | |
3622 | } | |
3623 | ||
3624 | if (!failed.empty()) | |
3625 | throw Error(format("build of %1% failed") % showPaths(failed), worker.exitStatus()); | |
3626 | } | |
3627 | ||
3628 | ||
3629 | void LocalStore::ensurePath(const Path & path) | |
3630 | { | |
3631 | /* If the path is already valid, we're done. */ | |
3632 | if (isValidPath(path)) return; | |
3633 | ||
3634 | Worker worker(*this); | |
3635 | GoalPtr goal = worker.makeSubstitutionGoal(path); | |
3636 | Goals goals = singleton<Goals>(goal); | |
3637 | ||
3638 | worker.run(goals); | |
3639 | ||
3640 | if (goal->getExitCode() != Goal::ecSuccess) | |
3641 | throw Error(format("path `%1%' does not exist and cannot be created") % path, worker.exitStatus()); | |
3642 | } | |
3643 | ||
3644 | ||
3645 | void LocalStore::repairPath(const Path & path) | |
3646 | { | |
3647 | Worker worker(*this); | |
3648 | GoalPtr goal = worker.makeSubstitutionGoal(path, true); | |
3649 | Goals goals = singleton<Goals>(goal); | |
3650 | ||
3651 | worker.run(goals); | |
3652 | ||
c56cd90c ED |
3653 | if (goal->getExitCode() != Goal::ecSuccess) { |
3654 | /* Since substituting the path didn't work, if we have a valid | |
3655 | deriver, then rebuild the deriver. */ | |
3656 | Path deriver = queryDeriver(path); | |
3657 | if (deriver != "" && isValidPath(deriver)) { | |
3658 | goals.clear(); | |
3659 | goals.insert(worker.makeDerivationGoal(deriver, StringSet(), bmRepair)); | |
3660 | worker.run(goals); | |
3661 | } else | |
3662 | throw Error(format("cannot repair path `%1%'") % path, worker.exitStatus()); | |
3663 | } | |
36457566 LC |
3664 | } |
3665 | ||
3666 | ||
3667 | } |