build-remote.pl: Use ‘nix-store --serve’ on the remote side

This makes things more efficient (we don't need to use an SSH master connection, and we only start a single remote process) and gets rid of locking issues (the remote nix-store process will keep inputs and outputs locked as long as they're needed). It also makes it more or less secure to connect directly to the root account on the build machine, using a forced command (e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix daemon and is therefore more efficient. Also, don't call nix-store to import the output paths.
2025-06-27 16:51:15 +02:00 · 2014-07-11 16:02:19 +02:00 · 2014-07-11 16:02:19 +02:00 · a5c6347ff0
commit a5c6347ff0
parent b8f24f2535
9 changed files with 185 additions and 115 deletions
--- a/src/nix-store/nix-store.cc
+++ b/src/nix-store/nix-store.cc
@ -928,7 +928,6 @@ static void opServe(Strings opFlags, Strings opArgs)
                }

                writeStrings(store->queryValidPaths(paths), out);
-                out.flush();
                break;
            }

@ -947,17 +946,15 @@ static void opServe(Strings opFlags, Strings opArgs)
                    writeLongLong(info.narSize, out);
                }
                writeString("", out);
-                out.flush();
                break;
            }

            case cmdDumpStorePath:
                dumpPath(readStorePath(in), out);
-                out.flush();
                break;

            case cmdImportPaths: {
-                if (!writeAllowed) throw Error("importing paths not allowed");
+                if (!writeAllowed) throw Error("importing paths is not allowed");
                string compression = readString(in);

                if (compression != "") {
@ -986,7 +983,6 @@ static void opServe(Strings opFlags, Strings opArgs)
                    store->importPaths(false, in);

                writeInt(1, out); // indicate success
-                out.flush();

                /* The decompressor will have left stdin in an
                   undefined state, so we can't continue. */
@ -995,9 +991,40 @@ static void opServe(Strings opFlags, Strings opArgs)
                break;
            }

+            case cmdExportPaths: {
+                exportPaths(*store, readStorePaths<Paths>(in), false, out);
+                break;
+            }
+
+            case cmdBuildPaths: {
+                /* Used by build-remote.pl. */
+                if (!writeAllowed) throw Error("building paths is not allowed");
+                PathSet paths = readStorePaths<PathSet>(in);
+
+                // FIXME: changing options here doesn't work if we're
+                // building through the daemon.
+                verbosity = lvlError;
+                settings.keepLog = false;
+                settings.useSubstitutes = false;
+                settings.maxSilentTime = readInt(in);
+                settings.buildTimeout = readInt(in);
+
+                int res = 0;
+                try {
+                    store->buildPaths(paths);
+                } catch (Error & e) {
+                    printMsg(lvlError, format("error: %1%") % e.msg());
+                    res = e.status;
+                }
+                writeInt(res, out);
+                break;
+            }
+
            default:
                throw Error(format("unknown serve command %1%") % cmd);
        }
+
+        out.flush();
    }
 }

--- a/src/nix-store/serve-protocol.hh
+++ b/src/nix-store/serve-protocol.hh
@ -14,6 +14,8 @@ typedef enum {
    cmdQueryPathInfos = 2,
    cmdDumpStorePath = 3,
    cmdImportPaths = 4,
+    cmdExportPaths = 5,
+    cmdBuildPaths = 6,
 } ServeCommand;

 }