aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am6
-rw-r--r--corepkgs/Makefile.am2
-rw-r--r--corepkgs/config.nix.in1
-rw-r--r--corepkgs/fetchurl.nix36
-rw-r--r--doc/manual/Makefile.am2
-rw-r--r--doc/manual/conf-file.xml32
-rw-r--r--doc/manual/manual.xml6
-rw-r--r--nix.conf.example181
-rw-r--r--nix.spec.in10
-rw-r--r--tests/Makefile.am3
-rw-r--r--tests/fetchurl.nix6
-rw-r--r--tests/fetchurl.sh9
12 files changed, 88 insertions, 206 deletions
diff --git a/Makefile.am b/Makefile.am
index f50cdf19b..c97d0e266 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
SUBDIRS = src perl scripts corepkgs doc misc tests
EXTRA_DIST = substitute.mk nix.spec nix.spec.in bootstrap.sh \
- nix.conf.example NEWS version misc/systemd/nix-worker.service
+ NEWS version misc/systemd/nix-worker.service
pkginclude_HEADERS = config.h
@@ -10,10 +10,6 @@ nix.spec: nix.spec.in
install-data-local: init-state
$(INSTALL) -d $(DESTDIR)$(sysconfdir)/nix
- $(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix
- if ! test -e $(DESTDIR)$(sysconfdir)/nix/nix.conf; then \
- $(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix/nix.conf; \
- fi
$(INSTALL) -d $(DESTDIR)$(docdir)
$(INSTALL_DATA) README $(DESTDIR)$(docdir)/
diff --git a/corepkgs/Makefile.am b/corepkgs/Makefile.am
index a8de60165..729d15e7b 100644
--- a/corepkgs/Makefile.am
+++ b/corepkgs/Makefile.am
@@ -1,6 +1,6 @@
all-local: config.nix
-files = nar.nix buildenv.nix buildenv.pl unpack-channel.nix unpack-channel.sh derivation.nix
+files = nar.nix buildenv.nix buildenv.pl unpack-channel.nix unpack-channel.sh derivation.nix fetchurl.nix
install-exec-local:
$(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs
diff --git a/corepkgs/config.nix.in b/corepkgs/config.nix.in
index 1be4bd090..26e821d0e 100644
--- a/corepkgs/config.nix.in
+++ b/corepkgs/config.nix.in
@@ -10,5 +10,6 @@ in {
xz = "@xz@";
tar = "@tar@";
tr = "@tr@";
+ curl = "@curl@";
nixBinDir = fromEnv "NIX_BIN_DIR" "@bindir@";
}
diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix
new file mode 100644
index 000000000..4a0ae8279
--- /dev/null
+++ b/corepkgs/fetchurl.nix
@@ -0,0 +1,36 @@
+with import <nix/config.nix>;
+
+{system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? ""}:
+
+assert (outputHash != "" && outputHashAlgo != "")
+ || md5 != "" || sha1 != "" || sha256 != "";
+
+let
+
+ builder = builtins.toFile "fetchurl.sh"
+ ''
+ echo "downloading $url into $out"
+ ${curl} --fail --location --max-redirs 20 --insecure "$url" > "$out"
+ '';
+
+in
+
+derivation {
+ name = baseNameOf (toString url);
+ builder = shell;
+ args = [ "-e" builder ];
+
+ # New-style output content requirements.
+ outputHashAlgo = if outputHashAlgo != "" then outputHashAlgo else
+ if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5";
+ outputHash = if outputHash != "" then outputHash else
+ if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5;
+
+ inherit system url;
+
+ # No need to double the amount of network traffic
+ preferLocalBuild = true;
+
+ # Don't build in a chroot because Nix's dependencies may not be there.
+ __noChroot = true;
+}
diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am
index 33cb27e05..42da3c8b0 100644
--- a/doc/manual/Makefile.am
+++ b/doc/manual/Makefile.am
@@ -21,6 +21,8 @@ man1_MANS = nix-env.1 nix-build.1 nix-store.1 nix-instantiate.1 \
nix-prefetch-url.1 nix-channel.1 \
nix-install-package.1 nix-hash.1 nix-copy-closure.1
+man5_MANS = nix.conf.5
+
man8_MANS = nix-worker.8
FIGURES = figures/user-environments.png
diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml
index e2890b103..00016b97b 100644
--- a/doc/manual/conf-file.xml
+++ b/doc/manual/conf-file.xml
@@ -1,27 +1,36 @@
-<section xmlns="http://docbook.org/ns/docbook"
- xmlns:xlink="http://www.w3.org/1999/xlink"
- xml:id="sec-conf-file">
+<refentry xmlns="http://docbook.org/ns/docbook"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xml:id="sec-conf-file">
-<title>Nix configuration file</title>
+<refmeta>
+ <refentrytitle>nix.conf</refentrytitle>
+ <manvolnum>5</manvolnum>
+ <refmiscinfo class="source">Nix</refmiscinfo>
+ <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo>
+</refmeta>
+<refnamediv>
+ <refname>nix.conf</refname>
+ <refpurpose>Nix configuration file</refpurpose>
+</refnamediv>
+
+<refsection><title>Description</title>
<para>A number of persistent settings of Nix are stored in the file
<filename><replaceable>sysconfdir</replaceable>/nix/nix.conf</filename>.
This file is a list of <literal><replaceable>name</replaceable> =
<replaceable>value</replaceable></literal> pairs, one per line.
-Comments start with a <literal>#</literal> character. An example
-configuration file is shown in <xref linkend="ex-nix-conf" />.</para>
-
-<example xml:id='ex-nix-conf'><title>Nix configuration file</title>
+Comments start with a <literal>#</literal> character. Here is an example
+configuration file:</para>
<programlisting>
gc-keep-outputs = true # Nice for developers
gc-keep-derivations = true # Idem
env-keep-derivations = false
</programlisting>
-</example>
-<para>The following variables are currently available:
+<para>The following settings are currently available:
<variablelist>
@@ -343,5 +352,6 @@ build-use-chroot = /dev /proc /bin</programlisting>
</para>
+</refsection>
-</section>
+</refentry>
diff --git a/doc/manual/manual.xml b/doc/manual/manual.xml
index 95fbe7d90..ccff9423c 100644
--- a/doc/manual/manual.xml
+++ b/doc/manual/manual.xml
@@ -40,7 +40,6 @@
<title>Command Reference</title>
<xi:include href="opt-common.xml" />
<xi:include href="env-common.xml" />
- <xi:include href="conf-file.xml" />
<section>
<title>Main commands</title>
@@ -63,6 +62,11 @@
<xi:include href="nix-worker.xml" />
</section>
+ <section>
+ <title>Files</title>
+ <xi:include href="conf-file.xml" />
+ </section>
+
</appendix>
<xi:include href="troubleshooting.xml" />
diff --git a/nix.conf.example b/nix.conf.example
deleted file mode 100644
index 3c55b570e..000000000
--- a/nix.conf.example
+++ /dev/null
@@ -1,181 +0,0 @@
-### Option `gc-keep-outputs'
-#
-# If `true', the garbage collector will keep the outputs of
-# non-garbage derivations. If `false' (default), outputs will be
-# deleted unless they are GC roots themselves (or reachable from other
-# roots).
-#
-# In general, outputs must be registered as roots separately.
-# However, even if the output of a derivation is registered as a root,
-# the collector will still delete store paths that are used only at
-# build time (e.g., the C compiler, or source tarballs downloaded from
-# the network). To prevent it from doing so, set this option to
-# `true'.
-#gc-keep-outputs = false
-
-
-### Option `gc-keep-derivations'
-#
-# If `true' (default), the garbage collector will keep the derivations
-# from which non-garbage store paths were built. If `false', they
-# will be deleted unless explicitly registered as a root (or reachable
-# from other roots).
-#
-# Keeping derivation around is useful for querying and traceability
-# (e.g., it allows you to ask with what dependencies or options a
-# store path was built), so by default this option is on. Turn it off
-# to safe a bit of disk space (or a lot if `gc-keep-outputs' is also
-# turned on).
-#gc-keep-derivations = true
-
-
-### Option `env-keep-derivations'
-#
-# If `false' (default), derivations are not stored in Nix user
-# environments. That is, the derivation any build-time-only
-# dependencies may be garbage-collected.
-#
-# If `true', when you add a Nix derivation to a user environment, the
-# path of the derivation is stored in the user environment. Thus, the
-# derivation will not be garbage-collected until the user environment
-# generation is deleted (`nix-env --delete-generations'). To prevent
-# build-time-only dependencies from being collected, you should also
-# turn on `gc-keep-outputs'.
-#
-# The difference between this option and `gc-keep-derivations' is that
-# this one is `sticky': it applies to any user environment created
-# while this option was enabled, while `gc-keep-derivations' only
-# applies at the moment the garbage collector is run.
-#env-keep-derivations = false
-
-
-### Option `build-max-jobs'
-#
-# This option defines the maximum number of jobs that Nix will try to
-# build in parallel. The default is 1. You should generally set it
-# to the number of CPUs in your system (e.g., 2 on a Athlon 64 X2).
-# It can be overriden using the `--max-jobs' / `-j' command line
-# switch.
-#build-max-jobs = 1
-
-
-### Option `build-cores'
-#
-# This option defines the number of CPU cores to utilize in parallel
-# within a build job, i.e. by passing an appropriate `-jN' flag to GNU
-# Make. The default is 1, meaning that parallel building within jobs
-# is disabled. Passing the special value `0' causes Nix to try and
-# auto-detect the number of available cores on the local host. This
-# setting can be overridden using the `--cores' command line switch.
-#build-cores = 1
-
-
-### Option `build-max-silent-time'
-#
-# This option defines the maximum number of seconds that a builder can
-# go without producing any data on standard output or standard error.
-# This is useful (for instance in a automated build system) to catch
-# builds that are stuck in an infinite loop, or to catch remote builds
-# that are hanging due to network problems. It can be overriden using
-# the `--max-silent-time' command line switch.
-#
-# The value 0 means that there is no timeout. This is also the
-# default.
-#
-# Example:
-# build-max-silent-time = 600 # = 10 minutes
-#build-max-silent-time = 0
-
-
-### Option `build-users-group'
-#
-# This options specifies the Unix group containing the Nix build user
-# accounts. In multi-user Nix installations, builds should not
-# be performed by the Nix account since that would allow users to
-# arbitrarily modify the Nix store and database by supplying specially
-# crafted builders; and they cannot be performed by the calling user
-# since that would allow him/her to influence the build result.
-#
-# Therefore, if this option is non-empty and specifies a valid group,
-# builds will be performed under the user accounts that are a member
-# of the group specified here (as listed in /etc/group). Those user
-# accounts should not be used for any other purpose!
-#
-# Nix will never run two builds under the same user account at the
-# same time. This is to prevent an obvious security hole: a malicious
-# user writing a Nix expression that modifies the build result of a
-# legitimate Nix expression being built by another user. Therefore it
-# is good to have as many Nix build user accounts as you can spare.
-# (Remember: uids are cheap.)
-#
-# The build users should have permission to create files in the Nix
-# store, but not delete them. Therefore, /nix/store should be owned
-# by the Nix account, its group should be the group specified here,
-# and its mode should be 1775.
-#
-# If the build users group is empty, builds will be performed under
-# the uid of the Nix process (that is, the uid of the caller if
-# $NIX_REMOTE is empty, the uid under which the Nix daemon runs if
-# $NIX_REMOTE is `daemon', or the uid that owns the setuid nix-worker
-# program if $NIX_REMOTE is `slave'). Obviously, this should not be
-# used in multi-user settings with untrusted users.
-#
-# The default is empty.
-#
-# Example:
-# build-users-group = nix-builders
-#build-users-group =
-
-
-### Option `build-use-chroot'
-#
-# If set to `true', builds will be performed in a chroot environment,
-# i.e., the build will be isolated from the normal file system
-# hierarchy and will only see the Nix store, the temporary build
-# directory, and the directories configured with the
-# `build-chroot-dirs' option (such as /proc and /dev). This is useful
-# to prevent undeclared dependencies on files in directories such as
-# /usr/bin.
-#
-# The use of a chroot requires that Nix is run as root (but you can
-# still use the "build users" feature to perform builds under
-# different users than root). Currently, chroot builds only work on
-# Linux because Nix uses "bind mounts" to make the Nix store and other
-# directories available inside the chroot.
-#
-# The default is `false'.
-#
-# Example:
-# build-use-chroot = true
-#build-use-chroot = false
-
-
-### Option `build-chroot-dirs'
-#
-# When builds are performed in a chroot environment, Nix will mount
-# (using `mount --bind' on Linux) some directories from the normal
-# file system hierarchy inside the chroot. These are the Nix store,
-# the temporary build directory (usually /tmp/nix-<pid>-<number>) and
-# the directories listed here. The default is "/dev /dev/pts /proc".
-# Files in /dev (such as /dev/null) are needed by many builds, and
-# some files in /proc may also be needed occasionally.
-#
-# Example:
-# build-use-chroot = /dev /proc /bin
-#build-chroot-dirs = /dev /dev/pts /proc
-
-
-### Option `build-cache-failure'
-#
-# If this option is enabled, Nix will do negative caching; that is, it
-# will remember failed builds, and won't attempt to try to build them
-# again if you ask for it. Negative caching is disabled by default
-# because Nix cannot distinguish between permanent build errors (e.g.,
-# a syntax error in a source file) and transient build errors (e.g., a
-# full disk), as they both cause the builder to return a non-zero exit
-# code. You can clear the cache by doing `rm -f
-# /nix/var/nix/db/failed/*'.
-#
-# Example:
-# build-cache-failure = true
-#build-cache-failure = false
diff --git a/nix.spec.in b/nix.spec.in
index 44ea8d7c9..8b1ea8a54 100644
--- a/nix.spec.in
+++ b/nix.spec.in
@@ -121,10 +121,7 @@ ln -sf %{_libdir}/nix/libNixStore.so.0 Store.so
popd
# Specify build users group
-sed -i "s|#build-users-group =$|build-users-group = %{nixbld_group}|" \
- $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf
-# ... and delete the example configuration
-rm $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf.example
+echo "build-users-group = %{nixbld_group}" > $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf
# make per-user directories
for d in profiles gcroots;
@@ -192,8 +189,9 @@ systemctl start nix-worker.service
%endif
%{_datadir}/emacs/site-lisp/nix-mode.el
%{_datadir}/nix
-%{_mandir}/man1/nix-*.1*
-%{_mandir}/man8/nix-*.8*
+%{_mandir}/man1/*.1*
+%{_mandir}/man5/*.5*
+%{_mandir}/man8/*.8*
%config(noreplace) %{_sysconfdir}/profile.d/nix.sh
/nix
%dir %{_sysconfdir}/nix
diff --git a/tests/Makefile.am b/tests/Makefile.am
index f44caa4b3..517c382b1 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -9,7 +9,7 @@ TESTS = init.sh hash.sh lang.sh add.sh simple.sh dependencies.sh \
gc-runtime.sh install-package.sh check-refs.sh filter-source.sh \
remote-store.sh export.sh export-graph.sh negative-caching.sh \
binary-patching.sh timeout.sh secure-drv-outputs.sh nix-channel.sh \
- multiple-outputs.sh import-derivation.sh
+ multiple-outputs.sh import-derivation.sh fetchurl.sh
XFAIL_TESTS =
@@ -38,6 +38,7 @@ EXTRA_DIST = $(TESTS) \
secure-drv-outputs.nix \
multiple-outputs.nix \
import-derivation.nix \
+ fetchurl.nix \
$(wildcard lang/*.nix) $(wildcard lang/*.exp) $(wildcard lang/*.exp.xml) $(wildcard lang/*.flags) $(wildcard lang/dir*/*.nix) \
common.sh.in
diff --git a/tests/fetchurl.nix b/tests/fetchurl.nix
new file mode 100644
index 000000000..2abcc039a
--- /dev/null
+++ b/tests/fetchurl.nix
@@ -0,0 +1,6 @@
+{ filename, sha256 }:
+
+import <nix/fetchurl.nix> {
+ url = "file://${filename}";
+ inherit sha256;
+}
diff --git a/tests/fetchurl.sh b/tests/fetchurl.sh
new file mode 100644
index 000000000..bb6180ca3
--- /dev/null
+++ b/tests/fetchurl.sh
@@ -0,0 +1,9 @@
+source common.sh
+
+clearStore
+
+hash=$(nix-hash --flat --type sha256 ./fetchurl.nix)
+
+outPath=$(nix-build ./fetchurl.nix --argstr filename $(pwd)/fetchurl.nix --argstr sha256 $hash)
+
+cmp $outPath fetchurl.nix