This change adds basic scaffolding to allow configuring hashed_mirrors that will be used
by fetchurl to download artifacts by their hash, this is useful in case certain URLs are
no longer available but required to bootstrap nixpkgs stdenv.
These urls will have higher priority than the url specified in fetchurl(and friends) and
will be attempted before falling back to the actual url specified in fetchurl.
Change-Id: I589bdef609075f274cbdf6b26af602cafaa7496a
Reviewed-on: https://cl.snix.dev/c/snix/+/30567
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
This tests deep forcing happens in lexicographic key order, by comparing
the returned error from the evaluator. It's not possible to observe this
from inside nixlang, which is why we use one_offs.rs here.
Change-Id: I73085addca3a4df20bc23f9fced458758af5b391
Reviewed-on: https://cl.snix.dev/c/snix/+/30488
Reviewed-by: Bence Nemes <nemes.bence1@gmail.com>
Tested-by: besadii
Autosubmit: Florian Klink <flokli@flokli.de>
Part of #114
cargo fix wanted to rewrite `if let else` to match statements, but i
reverted them as they dont belong in this cl.
There weren't any warnings about locks (relative drop order changed in
2024)
Change-Id: I9c851ef8e214a481cbe7b4cf9b2634b5d56970d4
Reviewed-on: https://cl.snix.dev/c/snix/+/30369
Autosubmit: Bence Nemes <nemes.bence1@gmail.com>
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
Restrict the CLI to only root directories, passing the blake3 digest of
the root directory.
Usually we want to serve a directory, and we now have a `snix-castore
ingest` sucommand, and copying the output from that command is much less
effort than constructing a proto message.
More advanced usecases can still use the get_root_node_contents library
function and pass in other nodes.
Change-Id: I66c2c0a15723b43b5b0cffc1c201391df57dd602
Reviewed-on: https://cl.snix.dev/c/snix/+/30321
Reviewed-by: Stefan Junker <mail@stefanjunker.de>
Tested-by: besadii
The castore-http crate provides both a binary and a library interface to
serve a single castore root node over HTTP.
The library function `get_root_node_contents` will return a
`axum::Response` for a requested path in the castore root node
depending on the requested paths type.
If the requested path in the root node is a directory, we return:
- a index file if there is a file matching one of the configurable
`index_names`
- a directory listing, if no `index_names` were configured and
`auto_index` was enabled
- the FORBIDDEN status code if no `index_names` were set nor
`auto_index` was enabled
If the requested path in the root node is a file,
we return the file.
If the requested path in the root node is a symlink,
we figure out wether the target exists and return a REDIRECT.
If the requested path doesn't exist in the root node,
we respond with NOT_FOUND
The binary wraps this functionality and allows one to specify the
desired root node by providing its base-64 encoded representation as
well as the other configuration parameters affecting the behavior of
`get_root_node_contents`.
Change-Id: I737482299f788ec0244c54b52042f9eb655a05c2
Reviewed-on: https://cl.snix.dev/c/snix/+/30245
Autosubmit: Marijan Petričević <marijan.petricevic94@gmail.com>
Reviewed-by: Marijan Petričević <marijan.petricevic94@gmail.com>
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
We previously used to calculate the transitive input closure of builds
using eval state, i.e. based on known_paths from the drv that is being
built. This caused had 2 issues:
* The build included a lot of unnecessary build time dependencies of drv's that
the build depends on in addition to runtime dependencies.
* Some runtime dependencies were missing causing the build to fail, see #106
This implementation uses only runtime dependencies of direct
dependencies and makes sure to include any transitive runtime dependencies,
this is achieved by querying path_info_service for "references".
fixed#106
Change-Id: Id734bed7b0cf50e2dac96501a9bc70655ed15054
Reviewed-on: https://cl.snix.dev/c/snix/+/30308
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
This is a small utility that allows ingesting a given path or .tar
file content into the snix-castore and returns the B3Digest of the
root node. Another subcommand takes this hash to mount the content
back as a virtiofs or FUSE drive.
This works as-is, but I discovered issue #107 while working on it.
Change-Id: I11df73e39ab0db6f3868effab9bde4f090eadcb5
Reviewed-on: https://cl.snix.dev/c/snix/+/30293
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
subuid/subgids used to be hardcoded, which resulted in build failures
if those did not match the ones of the effective user.
fixes#86
Change-Id: I3b0c3e9ef710aa9e3de998891abe10fd1a893189
Reviewed-on: https://cl.snix.dev/c/snix/+/30301
Tested-by: besadii
Reviewed-by: Florian Klink <flokli@flokli.de>
We use hashbrown directly (instead of through std::collections::HashMap)
so that we can use HashMap::entry_ref, which only allocates if the entry
is not yet occupied.
This implicitly switches our hash to a less long-term DoS-resistant one
(foldhash rather than SipHash), but we don't usually face HashDoS risks
when ingesting archives.
Change-Id: I3e7fc2cd08d96380cd9fd62bfcfe6cd24698bc9a
Reviewed-on: https://cl.snix.dev/c/snix/+/30277
Reviewed-by: Florian Klink <flokli@flokli.de>
Tested-by: besadii
