aboutsummaryrefslogtreecommitdiff
path: root/doc/manual/src
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2022-12-07 16:04:47 +0100
committerGitHub <noreply@github.com>2022-12-07 16:04:47 +0100
commitb5b7902a08e63290b7f775c6ccecdee11c3df556 (patch)
tree7c84c72d5cbc3331c5ca27421507ebf5446e1f25 /doc/manual/src
parent8e0946e8df968391d1430af8377bdb51204e4666 (diff)
parentc710aa1abd51231ce45fc419de2e0e82c8957fbd (diff)
Merge branch 'master' into remove-repeat
Diffstat (limited to 'doc/manual/src')
-rw-r--r--doc/manual/src/SUMMARY.md.in1
-rw-r--r--doc/manual/src/advanced-topics/post-build-hook.md15
-rw-r--r--doc/manual/src/release-notes/rl-2.12.md43
-rw-r--r--doc/manual/src/release-notes/rl-next.md47
4 files changed, 53 insertions, 53 deletions
diff --git a/doc/manual/src/SUMMARY.md.in b/doc/manual/src/SUMMARY.md.in
index 908e7e3d9..6a514fa2c 100644
--- a/doc/manual/src/SUMMARY.md.in
+++ b/doc/manual/src/SUMMARY.md.in
@@ -65,6 +65,7 @@
- [CLI guideline](contributing/cli-guideline.md)
- [Release Notes](release-notes/release-notes.md)
- [Release X.Y (202?-??-??)](release-notes/rl-next.md)
+ - [Release 2.12 (2022-12-06)](release-notes/rl-2.12.md)
- [Release 2.11 (2022-08-25)](release-notes/rl-2.11.md)
- [Release 2.10 (2022-07-11)](release-notes/rl-2.10.md)
- [Release 2.9 (2022-05-30)](release-notes/rl-2.9.md)
diff --git a/doc/manual/src/advanced-topics/post-build-hook.md b/doc/manual/src/advanced-topics/post-build-hook.md
index fcb52d878..1479cc3a4 100644
--- a/doc/manual/src/advanced-topics/post-build-hook.md
+++ b/doc/manual/src/advanced-topics/post-build-hook.md
@@ -33,12 +33,17 @@ distribute the public key for verifying the authenticity of the paths.
example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
```
-Then, add the public key and the cache URL to your `nix.conf`'s
-`trusted-public-keys` and `substituters` options:
+Then update [`nix.conf`](../command-ref/conf-file.md) on any machine that will access the cache.
+Add the cache URL to [`substituters`](../command-ref/conf-file.md#conf-substituters) and the public key to [`trusted-public-keys`](../command-ref/conf-file.md#conf-trusted-public-keys):
substituters = https://cache.nixos.org/ s3://example-nix-cache
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
+Machines that build for the cache must sign derivations using the private key.
+On those machines, add the path to the key file to the [`secret-key-files`](../command-ref/conf-file.md#conf-secret-key-files) field in their [`nix.conf`](../command-ref/conf-file.md):
+
+ secret-key-files = /etc/nix/key.private
+
We will restart the Nix daemon in a later step.
# Implementing the build hook
@@ -52,14 +57,12 @@ set -eu
set -f # disable globbing
export IFS=' '
-echo "Signing paths" $OUT_PATHS
-nix store sign --key-file /etc/nix/key.private $OUT_PATHS
echo "Uploading paths" $OUT_PATHS
-exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
+exec nix copy --to "s3://example-nix-cache" $OUT_PATHS
```
> **Note**
->
+>
> The `$OUT_PATHS` variable is a space-separated list of Nix store
> paths. In this case, we expect and want the shell to perform word
> splitting to make each output path its own argument to `nix
diff --git a/doc/manual/src/release-notes/rl-2.12.md b/doc/manual/src/release-notes/rl-2.12.md
new file mode 100644
index 000000000..82de22cb4
--- /dev/null
+++ b/doc/manual/src/release-notes/rl-2.12.md
@@ -0,0 +1,43 @@
+# Release 2.12 (2022-12-06)
+
+* On Linux, Nix can now run builds in a user namespace where they run
+ as root (UID 0) and have 65,536 UIDs available.
+ <!-- FIXME: move this to its own section about system features -->
+ This is primarily useful for running containers such as `systemd-nspawn`
+ inside a Nix build. For an example, see [`tests/systemd-nspawn/nix`][nspawn].
+
+ [nspawn]: https://github.com/NixOS/nix/blob/67bcb99700a0da1395fa063d7c6586740b304598/tests/systemd-nspawn.nix.
+
+ A build can enable this by setting the derivation attribute:
+
+ ```
+ requiredSystemFeatures = [ "uid-range" ];
+ ```
+
+ The `uid-range` [system feature] requires the [`auto-allocate-uids`]
+ setting to be enabled.
+
+ [system feature]: (../command-ref/conf-file.md#conf-system-features)
+
+* Nix can now automatically pick UIDs for builds, removing the need to
+ create `nixbld*` user accounts. See [`auto-allocate-uids`].
+
+ [`auto-allocate-uids`]: (../command-ref/conf-file.md#conf-auto-allocate-uids)
+
+* On Linux, Nix has experimental support for running builds inside a
+ cgroup. See
+ [`use-cgroups`](../command-ref/conf-file.md#conf-use-cgroups).
+
+* `<nix/fetchurl.nix>` now accepts an additional argument `impure` which
+ defaults to `false`. If it is set to `true`, the `hash` and `sha256`
+ arguments will be ignored and the resulting derivation will have
+ `__impure` set to `true`, making it an impure derivation.
+
+* If `builtins.readFile` is called on a file with context, then only
+ the parts of the context that appear in the content of the file are
+ retained. This avoids a lot of spurious errors where strings end up
+ having a context just because they are read from a store path
+ ([#7260](https://github.com/NixOS/nix/pull/7260)).
+
+* `nix build --json` now prints some statistics about top-level
+ derivations, such as CPU statistics when cgroups are enabled.
diff --git a/doc/manual/src/release-notes/rl-next.md b/doc/manual/src/release-notes/rl-next.md
index faead26c2..c1f4de76f 100644
--- a/doc/manual/src/release-notes/rl-next.md
+++ b/doc/manual/src/release-notes/rl-next.md
@@ -1,51 +1,4 @@
# Release X.Y (202?-??-??)
-* `<nix/fetchurl.nix>` now accepts an additional argument `impure` which
- defaults to `false`. If it is set to `true`, the `hash` and `sha256`
- arguments will be ignored and the resulting derivation will have
- `__impure` set to `true`, making it an impure derivation.
-
-* If `builtins.readFile` is called on a file with context, then only the parts
- of that context that appear in the content of the file are retained.
- This avoids a lot of spurious errors where some benign strings end-up having
- a context just because they are read from a store path
- ([#7260](https://github.com/NixOS/nix/pull/7260)).
-
-* Nix can now automatically pick UIDs for builds, removing the need to
- create `nixbld*` user accounts.
-
- See [`auto-allocate-uids`].
-
- [`auto-allocate-uids`]: (../command-ref/conf-file.md#conf-auto-allocate-uids)
-
-* On Linux, Nix can now run builds in a user namespace where the build
- runs as root (UID 0) and has 65,536 UIDs available.
-
- <!-- FIXME: move this to its own section about system features -->
-
- This is primarily useful for running containers such as `systemd-nspawn`
- inside a Nix build. For an example, see [`tests/systemd-nspawn/nix`][nspawn].
-
- [nspawn]: https://github.com/NixOS/nix/blob/67bcb99700a0da1395fa063d7c6586740b304598/tests/systemd-nspawn.nix.
-
- A build can enable this by by setting the derivation attribute:
-
- ```
- requiredSystemFeatures = [ "uid-range" ];
- ```
-
- The `uid-range` [system feature] requires the [`auto-allocate-uids`]
- setting to be enabled.
-
- [system feature]: (../command-ref/conf-file.md#conf-system-features),
-
-* On Linux, Nix has experimental support for running builds inside a
- cgroup.
-
- See [`use-cgroups`](../command-ref/conf-file.md#conf-use-cgroups).
-
-* `nix build --json` now prints some statistics about top-level
- derivations, such as CPU statistics when cgroups are enabled.
-
* The `repeat` and `enforce-determinism` options have been removed
since they had been broken under many circumstances for a long time.