From cb9601029ea164b86bdf997f7160d494c15d344b Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 2 Dec 2015 14:59:07 +0100 Subject: daemon: Use deterministic $TMPDIR in chroot. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rather than using $/nix-build--, the temporary directory is now always /tmp/nix-build--0. This improves bitwise-exact reproducibility for builds that store $TMPDIR in their build output. (Of course, those should still be fixed...) * nix/libstore/build.cc (DerivationGoal)[tmpDirInSandbox]: New field. (DerivationGoal::startBuilder): Initialize 'useChroot' earlier. Compute 'tmpDirInSandbox', and use it when populating 'dirsInChroot'. * doc/guix.texi (Build Environment Setup): Document it. Co-authored-by: Ludovic Courtès --- doc/guix.texi | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'doc') diff --git a/doc/guix.texi b/doc/guix.texi index 97fddd025e..4b06b32232 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -600,6 +600,14 @@ user @file{nobody}; a writable @file{/tmp} directory. @end itemize +You can influence the directory where the daemon stores build trees +@i{via} the @code{TMPDIR} environment variable. However, the build tree +within the chroot is always @file{/tmp/nix-build-@var{name}.drv-0}, +where @var{name} is the derivation name---e.g., @code{coreutils-8.24}. +This way, the value of @code{TMPDIR} does not leak inside build +environments, which avoids discrepancies in cases where build processes +capture the name of their build tree. + If you are installing Guix as an unprivileged user, it is still possible to run @command{guix-daemon} provided you pass @code{--disable-chroot}. However, build processes will not be isolated from one another, and not -- cgit v1.2.3