summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/manual/conf-file.xml117
-rw-r--r--doc/manual/opt-common-syn.xml4
-rw-r--r--doc/manual/opt-common.xml11
-rw-r--r--nix.conf.example2
4 files changed, 133 insertions, 1 deletions
diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml
index 79faa05fd2..acf0eb4f54 100644
--- a/doc/manual/conf-file.xml
+++ b/doc/manual/conf-file.xml
@@ -118,6 +118,123 @@ env-keep-derivations = false
   </varlistentry>
 
 
+  <varlistentry xml:id="conf-build-max-silent-time"><term><literal>build-max-silent-time</literal></term>
+
+    <listitem>
+
+      <para>This option defines the maximum number of seconds that a
+      builder can go without producing any data on standard output or
+      standard error.  This is useful (for instance in a automated
+      build system) to catch builds that are stuck in an infinite
+      loop, or to catch remote builds that are hanging due to network
+      problems.  It can be overriden using the <option
+      linkend="opt-max-silent-time">--max-silent-time</option> command
+      line switch.</para>
+
+      <para>The value <literal>0</literal> means that there is no
+      timeout.  This is also the default.</para>
+
+    </listitem>
+
+  </varlistentry>
+
+
+  <varlistentry xml:id="conf-build-users-group"><term><literal>build-users-group</literal></term>
+
+    <listitem><para>This options specifies the Unix group containing
+    the Nix build user accounts.  In multi-user Nix installations,
+    builds should not be performed by the Nix account since that would
+    allow users to arbitrarily modify the Nix store and database by
+    supplying specially crafted builders; and they cannot be performed
+    by the calling user since that would allow him/her to influence
+    the build result.</para>
+
+    <para>Therefore, if this option is non-empty and specifies a valid
+    group, builds will be performed under the user accounts that are a
+    member of the group specified here (as listed in
+    <filename>/etc/group</filename>).  Those user accounts should not
+    be used for any other purpose!</para>
+
+    <para>Nix will never run two builds under the same user account at
+    the same time.  This is to prevent an obvious security hole: a
+    malicious user writing a Nix expression that modifies the build
+    result of a legitimate Nix expression being built by another user.
+    Therefore it is good to have as many Nix build user accounts as
+    you can spare.  (Remember: uids are cheap.)</para>
+
+    <para>The build users should have permission to create files in
+    the Nix store, but not delete them.  Therefore,
+    <filename>/nix/store</filename> should be owned by the Nix
+    account, its group should be the group specified here, and its
+    mode should be <literal>1775</literal>.</para>
+
+    <para>If the build users group is empty, builds will be performed
+    under the uid of the Nix process (that is, the uid of the caller
+    if <envar>NIX_REMOTE</envar> is empty, the uid under which the Nix
+    daemon runs if <envar>NIX_REMOTE</envar> is
+    <literal>daemon</literal>, or the uid that owns the setuid
+    <command>nix-worker</command> program if <envar>NIX_REMOTE</envar>
+    is <literal>slave</literal>).  Obviously, this should not be used
+    in multi-user settings with untrusted users.</para>
+
+    </listitem>
+
+  </varlistentry>
+
+
+  <varlistentry><term><literal>build-use-chroot</literal></term>
+
+    <listitem><para>If set to <literal>true</literal>, builds will be
+    performed in a <emphasis>chroot environment</emphasis>, i.e., the
+    build will be isolated from the normal file system hierarchy and
+    will only see the Nix store, the temporary build directory, and
+    the directories configured with the <link
+    linkend='conf-build-chroot-dirs'><literal>build-chroot-dirs</literal>
+    option</link> (such as <filename>/proc</filename> and
+    <filename>/dev</filename>).  This is useful to prevent undeclared
+    dependencies on files in directories such as
+    <filename>/usr/bin</filename>.</para>
+
+    <para>The use of a chroot requires that Nix is run as root (but
+    you can still use the <link
+    linkend='conf-build-users-group'>“build users” feature</link> to
+    perform builds under different users than root).  Currently,
+    chroot builds only work on Linux because Nix uses “bind mounts” to
+    make the Nix store and other directories available inside the
+    chroot.</para>
+
+    </listitem>
+
+  </varlistentry>
+
+  
+  <varlistentry xml:id="conf-build-chroot-dirs"><term><literal>build-chroot-dirs</literal></term>
+
+    <listitem><para>When builds are performed in a chroot environment,
+    Nix will mount (using <command>mount --bind</command> on Linux)
+    some directories from the normal file system hierarchy inside the
+    chroot.  These are the Nix store, the temporary build directory
+    (usually
+    <filename>/tmp/nix-<replaceable>pid</replaceable>-<replaceable>number</replaceable></filename>)
+    and the directories listed here.  The default is <literal>dev
+    /proc</literal>.  Files in <filename>/dev</filename> (such as
+    <filename>/dev/null</filename>) are needed by many builds, and
+    some files in <filename>/proc</filename> may also be needed
+    occasionally.</para>
+
+    <para>The value used on NixOS is
+    
+<programlisting>
+build-use-chroot = /dev /proc /bin</programlisting>
+
+    to make the <filename>/bin/sh</filename> symlink available (which
+    is still needed by many builders).</para>
+
+    </listitem>
+
+  </varlistentry>
+
+  
   <varlistentry><term><literal>system</literal></term>
 
     <listitem><para>This option specifies the canonical Nix system
diff --git a/doc/manual/opt-common-syn.xml b/doc/manual/opt-common-syn.xml
index 9aaabb8e98..eadc45e3a9 100644
--- a/doc/manual/opt-common-syn.xml
+++ b/doc/manual/opt-common-syn.xml
@@ -13,6 +13,10 @@
   </group>
   <replaceable>number</replaceable>
 </arg>
+<arg>
+  <arg><option>--max-silent-time</option></arg>
+  <replaceable>number</replaceable>
+</arg>
 <arg><option>--keep-going</option></arg>
 <arg><option>-k</option></arg>
 <arg><option>--keep-failed</option></arg>
diff --git a/doc/manual/opt-common.xml b/doc/manual/opt-common.xml
index 1d09fef955..7dfb7b8f85 100644
--- a/doc/manual/opt-common.xml
+++ b/doc/manual/opt-common.xml
@@ -103,6 +103,17 @@
 </varlistentry>
 
 
+<varlistentry xml:id="opt-max-silent-time"><term><option>--max-silent-time</option></term>
+
+  <listitem><para>Sets the maximum number of seconds that a builder
+  can go without producing any data on standard output or standard
+  error.  The default is specified by the <link
+  linkend='conf-build-max-silent-time'><literal>build-max-silent-time</literal></link>
+  configuration setting.  <literal>0</literal> means no
+  time-out.</para></listitem>
+
+</varlistentry>
+
 <varlistentry><term><option>--keep-going</option></term>
   <term><option>-k</option></term>
 
diff --git a/nix.conf.example b/nix.conf.example
index 99a94bfb91..a97554b18e 100644
--- a/nix.conf.example
+++ b/nix.conf.example
@@ -80,7 +80,7 @@
 
 ### Option `build-max-silent-time'
 #
-# This option defines the maximum number of seconds that builder can
+# This option defines the maximum number of seconds that a builder can
 # go without producing any data on standard output or standard error.
 # This is useful (for instance in a automated build system) to catch
 # builds that are stuck in an infinite loop, or to catch remote builds