[Nix-dev] Using ccache without changing stdenv hash?

Wout Mertens wout.mertens at gmail.com
Tue Dec 9 19:24:21 CET 2014


You can configure the hashing ccache uses to determine if the compiler
changed. For developing a bootstrap, you might just use the compiler
version, but for regular use you'd use the full path of the binary so it
includes the nix hash. See compiler_check at
http://ccache.samba.org/manual.html#_configuration_settings.

Other than that, ccache uses all the inputs to the compiler to determine
the cache hash.

Indeed, ccache needs to write to a shared cache so that could be poisoned.
An option would be to run ccache setuid as someone else so that the
poisoning can only be done by compiling a malicious payload in a way that
the input hash clashes.

On Tue Dec 09 2014 at 6:59:50 PM Shea Levy <shea at shealevy.com> wrote:

> Also, presumably builds will have to have write access to the cache, which
> means a malicious build can break things for other builds.
>
> On Dec 9, 2014, at 5:57 PM, Wout Mertens <wout.mertens at gmail.com> wrote:
>
> I don't follow. It's a cache, so it always returns the same output for a
> given set of inputs (compiler version, source files, preprocessor
> settings). Its presence should be undetectable.
>
> The only impurity is that time taken to compile is dependent on previous
> compiles, no?
>
> However, it is still useful for development but not if using it means
> rebuilding the world on your laptop... So I'd like to at least offer the
> option for development.
>
> Wout.
>
> On Tue Dec 09 2014 at 6:32:04 PM Shea Levy <shea at shealevy.com> wrote:
>
>> ccache is impure and thus should not be used for hydra.
>>
>> On Dec 9, 2014, at 5:28 PM, Wout Mertens <wout.mertens at gmail.com> wrote:
>>
>> Hi all,
>>
>> there is some support for ccache in the tree but nothing in the way of
>> documentation. I gave it a shot, see
>> https://github.com/NixOS/nixpkgs/issues/2387#issuecomment-66215017, and
>> it seems to work however it also changes the hash of stdenv.
>>
>> Is there a way to change stdenv so that ccache can be turned on or off
>> without causing rebuilds?
>>
>> I'm convinced that this would be a major boon for Hydra, which probably
>> spends a lot of time compiling the same C/C++ files with the same
>> preprocessed output. Likewise for developing expressions.
>>
>> Wout.
>>
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20141209/2407febb/attachment.html 


More information about the nix-dev mailing list