From 69914e4b3c91b81b34a3f482d8ae2a4d7a77c04b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 26 May 2025 15:53:05 +0200 Subject: [PATCH 1/2] Remove `buildUser` from `DerivationBuilder` The use of a `buildUser` is an implementation detail of some types of sandboxes that shouldn't exposed. --- src/libstore/build/derivation-building-goal.cc | 2 +- src/libstore/unix/build/derivation-builder.cc | 7 ++++++- .../unix/include/nix/store/build/derivation-builder.hh | 5 ----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/libstore/build/derivation-building-goal.cc b/src/libstore/build/derivation-building-goal.cc index 7335668e1..2b5473b81 100644 --- a/src/libstore/build/derivation-building-goal.cc +++ b/src/libstore/build/derivation-building-goal.cc @@ -655,8 +655,8 @@ Goal::Co DerivationBuildingGoal::tryToBuild() builder->startBuilder(); } catch (BuildError & e) { + builder.reset(); outputLocks.unlock(); - builder->buildUser.reset(); worker.permanentFailure = true; co_return done(BuildResult::InputRejected, {}, std::move(e)); } diff --git a/src/libstore/unix/build/derivation-builder.cc b/src/libstore/unix/build/derivation-builder.cc index 08d4f021b..45fdd5c44 100644 --- a/src/libstore/unix/build/derivation-builder.cc +++ b/src/libstore/unix/build/derivation-builder.cc @@ -106,6 +106,11 @@ public: private: + /** + * User selected for running the builder. + */ + std::unique_ptr buildUser; + /** * The cgroup of the builder, if any. */ @@ -264,7 +269,7 @@ public: /** * Start building a derivation. */ - void startBuilder() override;; + void startBuilder() override; /** * Tear down build environment after the builder exits (either on diff --git a/src/libstore/unix/include/nix/store/build/derivation-builder.hh b/src/libstore/unix/include/nix/store/build/derivation-builder.hh index d6c40060a..01266a492 100644 --- a/src/libstore/unix/include/nix/store/build/derivation-builder.hh +++ b/src/libstore/unix/include/nix/store/build/derivation-builder.hh @@ -138,11 +138,6 @@ struct DerivationBuilderCallbacks */ struct DerivationBuilder : RestrictionContext { - /** - * User selected for running the builder. - */ - std::unique_ptr buildUser; - /** * The process ID of the builder. */ From 93ae95be83f4682f747edf7dfc50c27f152f7d99 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 26 May 2025 15:55:58 +0200 Subject: [PATCH 2/2] Remove duplicate comments on DerivationBuilderImpl overriden methods Having the exact same doc comments isn't very useful/maintainable. --- src/libstore/unix/build/derivation-builder.cc | 31 ------------------- 1 file changed, 31 deletions(-) diff --git a/src/libstore/unix/build/derivation-builder.cc b/src/libstore/unix/build/derivation-builder.cc index 45fdd5c44..e7412ed66 100644 --- a/src/libstore/unix/build/derivation-builder.cc +++ b/src/libstore/unix/build/derivation-builder.cc @@ -256,30 +256,10 @@ private: public: - /** - * Set up build environment / sandbox, acquiring resources (e.g. - * locks as needed). After this is run, the builder should be - * started. - * - * @returns true if successful, false if we could not acquire a build - * user. In that case, the caller must wait and then try again. - */ bool prepareBuild() override; - /** - * Start building a derivation. - */ void startBuilder() override; - /** - * Tear down build environment after the builder exits (either on - * its own or if it is killed). - * - * @returns The first case indicates failure during output - * processing. A status code and exception are returned, providing - * more information. The second case indicates success, and - * realisations for each output of the derivation are returned. - */ std::variant, SingleDrvOutputs> unprepareBuild() override; private: @@ -311,10 +291,6 @@ private: public: - /** - * Stop the in-process nix daemon thread. - * @see startDaemon - */ void stopDaemon() override; private: @@ -346,15 +322,8 @@ private: public: - /** - * Delete the temporary directory, if we have one. - */ void deleteTmpDir(bool force) override; - /** - * Kill any processes running under the build user UID or in the - * cgroup of the build. - */ void killSandbox(bool getStats) override; private: