From 805a3e33ad92eb6d93926f89dcb36104681a0d11 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Sat, 4 Jul 2020 16:02:30 +0800 Subject: [PATCH] nixbld: add Nix 'networked' derivations This obsoletes the fixed-output derivation hack previously used on Hydra, and the associated retry patch. --- nixbld-etc-nixos/configuration.nix | 7 +- nixbld-etc-nixos/hydra-retry.patch | 19 ----- .../nix-networked-derivations.diff | 84 +++++++++++++++++++ 3 files changed, 90 insertions(+), 20 deletions(-) delete mode 100644 nixbld-etc-nixos/hydra-retry.patch create mode 100644 nixbld-etc-nixos/nix-networked-derivations.diff diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index a4b66d8e..cbb091ce 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -378,10 +378,15 @@ in }; nixpkgs.config.packageOverrides = super: let self = super.pkgs; in { + nix = super.nix.overrideAttrs(oa: { + patches = oa.patches or [] ++ [ ./nix-networked-derivations.diff ]; + }); + nixFlakes = super.nixFlakes.overrideAttrs(oa: { + patches = oa.patches or [] ++ [ ./nix-networked-derivations.diff ]; + }); hydra-unstable = super.hydra-unstable.overrideAttrs(oa: { patches = oa.patches or [] ++ [ ./hydra-conda.patch - ./hydra-retry.patch ./hydra-unbreak-sysbuild.patch ./hydra-restrictdist.patch ]; diff --git a/nixbld-etc-nixos/hydra-retry.patch b/nixbld-etc-nixos/hydra-retry.patch deleted file mode 100644 index 4221cedb..00000000 --- a/nixbld-etc-nixos/hydra-retry.patch +++ /dev/null @@ -1,19 +0,0 @@ -commit 86bf81c0b8a51bffa4b4b566e1caaac6f0e041d3 -Author: Sebastien Bourdeauducq -Date: Thu Mar 14 17:45:32 2019 +0800 - - add option to disable retries on transient failures - -diff --git a/src/hydra-queue-runner/build-remote.cc b/src/hydra-queue-runner/build-remote.cc -index 69c430eb..bdbc808d 100644 ---- a/src/hydra-queue-runner/build-remote.cc -+++ b/src/hydra-queue-runner/build-remote.cc -@@ -344,7 +344,7 @@ void State::buildRemote(ref destStore, - break; - case BuildResult::TransientFailure: - result.stepStatus = bsFailed; -- result.canRetry = true; -+ result.canRetry = get(step->drv->env, "__hydraRetry").value_or("1") == "1"; - result.errorMsg = ""; - break; - case BuildResult::TimedOut: diff --git a/nixbld-etc-nixos/nix-networked-derivations.diff b/nixbld-etc-nixos/nix-networked-derivations.diff new file mode 100644 index 00000000..496b04ab --- /dev/null +++ b/nixbld-etc-nixos/nix-networked-derivations.diff @@ -0,0 +1,84 @@ +diff --git a/src/libstore/build.cc b/src/libstore/build.cc +index 53a0958a..16a98aec 100644 +--- a/src/libstore/build.cc ++++ b/src/libstore/build.cc +@@ -809,9 +809,16 @@ private: + /* Whether this is a fixed-output derivation. */ + bool fixedOutput; + ++ bool networked; ++ + /* Whether to run the build in a private network namespace. */ + bool privateNetwork = false; + ++ bool allowNetwork() ++ { ++ return fixedOutput || networked; ++ } ++ + typedef void (DerivationGoal::*GoalState)(); + GoalState state; + +@@ -1179,6 +1186,8 @@ void DerivationGoal::haveDerivation() + { + trace("have derivation"); + ++ fixedOutput = drv->isFixedOutput(); ++ + retrySubstitution = false; + + for (auto & i : drv->outputs) +@@ -1195,6 +1204,8 @@ void DerivationGoal::haveDerivation() + + parsedDrv = std::make_unique(drvPath, *drv); + ++ networked = parsedDrv->getBoolAttr("__networked"); ++ + /* We are first going to try to create the invalid output paths + through substitutes. If that doesn't work, we'll build + them. */ +@@ -1987,7 +1998,7 @@ void DerivationGoal::startBuilder() + else if (settings.sandboxMode == smDisabled) + useChroot = false; + else if (settings.sandboxMode == smRelaxed) +- useChroot = !fixedOutput && !noChroot; ++ useChroot = !allowNetwork() && !noChroot; + } + + if (worker.store.storeDir != worker.store.realStoreDir) { +@@ -2153,7 +2164,7 @@ void DerivationGoal::startBuilder() + "nogroup:x:65534:\n") % sandboxGid).str()); + + /* Create /etc/hosts with localhost entry. */ +- if (!fixedOutput) ++ if (!allowNetwork()) + writeFile(chrootRootDir + "/etc/hosts", "127.0.0.1 localhost\n::1 localhost\n"); + + /* Make the closure of the inputs available in the chroot, +@@ -2361,7 +2372,7 @@ void DerivationGoal::startBuilder() + us. + */ + +- if (!fixedOutput) ++ if (!allowNetwork()) + privateNetwork = true; + + userNamespaceSync.create(); +@@ -2573,7 +2584,7 @@ void DerivationGoal::initEnv() + to the builder is generally impure, but the output of + fixed-output derivations is by definition pure (since we + already know the cryptographic hash of the output). */ +- if (fixedOutput) { ++ if (allowNetwork()) { + for (auto & i : parsedDrv->getStringsAttr("impureEnvVars").value_or(Strings())) + env[i] = getEnv(i).value_or(""); + } +@@ -3184,7 +3195,7 @@ void DerivationGoal::runChild() + /* Fixed-output derivations typically need to access the + network, so give them access to /etc/resolv.conf and so + on. */ +- if (fixedOutput) { ++ if (allowNetwork()) { + ss.push_back("/etc/resolv.conf"); + + // Only use nss functions to resolve hosts and