aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2023-02-07Mention --no-sandbox if sandboxing is unsupportedEelco Dolstra
2023-02-07More #ifdefEelco Dolstra
2023-02-07Fix macOS buildEelco Dolstra
2023-02-07Check whether we can use PID namespacesEelco Dolstra
In unprivileged podman containers, /proc is not fully visible (there are other filesystems mounted on subdirectories of /proc). Therefore we can't mount a new /proc in the sandbox that matches the PID namespace of the sandbox. So this commit automatically disables sandboxing if /proc is not fully visible.
2023-02-07Fix auto-uid-allocation in Docker containersEelco Dolstra
This didn't work because sandboxing doesn't work in Docker. However, the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails, we retry with sandboxing disabled. But at that point, we've already done UID allocation under the assumption that user namespaces are enabled. So let's get rid of the "goto fallback" logic and just detect early whether user / mount namespaces are enabled. This commit also gets rid of a compatibility hack for some ancient Linux kernels (<2.13).
2023-02-07Merge pull request #7758 from peterbecich/clang11-devshell-documentationEelco Dolstra
fix documentation for `clang11Stdenv` dev shell
2023-02-07Merge pull request #7768 from ncfavier/fixup-7714Valentin Gagarin
2023-02-07Merge pull request #7766 from ↵Eelco Dolstra
NixOS/dependabot/github_actions/cachix/install-nix-action-19 Bump cachix/install-nix-action from 18 to 19
2023-02-07Merge pull request #7767 from NixOS/backport-pr-nameEelco Dolstra
Backport PR title: Bot-based -> Automatic
2023-02-07Merge pull request #7318 from fricklerhandwerk/doc-instantiateValentin Gagarin
add "instantiate" to glossary
2023-02-07add "instantiate" to glossaryValentin Gagarin
2023-02-07doc: fixup 7714Naïm Favier
2023-02-07Backport PR title: Bot-based -> AutomaticValentin Gagarin
In hope to reduce friction in contributor-facing communication, use a more common word. "bot" needless jargon for "something the machine does itself".
2023-02-06Bump cachix/install-nix-action from 18 to 19dependabot[bot]
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 18 to 19. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v18...v19) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2023-02-05fix `clang11Stdenv` dev shell documentationPeter Becich
`clang11StdenvPackages` does not exist ``` │ └───x86_64-linux │ ├───ccacheStdenv: development environment 'nix' │ ├───clang11Stdenv: development environment 'nix' │ ├───clangStdenv: development environment 'nix' │ ├───default: development environment 'nix' │ ├───gccStdenv: development environment 'nix' │ ├───libcxxStdenv: development environment 'nix' │ └───stdenv: development environment 'nix' ```
2023-02-03Merge pull request #7705 from Ma27/fix-initNix-in-perl-bindingsRobert Hensing
perl: run `initLibStore()` on `openStore()`
2023-02-03Merge pull request #7739 from obsidiansystems/user-settingsEelco Dolstra
Move `trustedUsers` and `allowedUsers` to separate config struct
2023-02-03Merge pull request #7738 from obsidiansystems/delete-authHookEelco Dolstra
Get rid of the `authHook` parameter on `processConnection`
2023-02-02Move `trustedUsers` and `allowedUsers` to separate config structJohn Ericson
These settings are not needed for libstore at all, they are just used by the nix daemon *command* for authorization on unix domain sockets. My moving them to a new configuration struct just in that file, we avoid them leaking anywhere else. Also, it is good to break up the mammoth `Settings` struct in general. Issue #5638 tracks this. The message is not changed because I do not want to regress in convenience to the user. Just saying "this connection is not trusted" doesn't tell them out to fix the issue. The ideal thing to do would be to somehow parameterize `processCommand` on how the error should be displayed, so different sorts of connections can display different information to the user based on how authentication is performed for the connection in question. This, however, is a good bit more work, so it is left for the future. This came up with me thinking about the tcp:// store (#5265). The larger project is not TCP *per se*, but the idea that it should be possible for something else to manage access control to services like the Nix Daemon, and those services simply trust or trust the incoming connection as they are told. This is a more capability-oriented way of thinking about trust than "every server implements its own auth separately" as we are used to today. Its very great that libstore itself already implements just this model, and so via this refactor I basically want to "enshrine" that so it continues to be the case.
2023-02-02Get rid of the `authHook` parameter on `processConnection`John Ericson
This is (morally) dead code. As @edolstra pointed out in https://github.com/NixOS/nix/pull/5226#discussion_r1073470813, this is no longer needed. I created this in 8d4162ff9e940ea9e2f97b07f3030a722695901a, so it is fitting that I now destroy it :).
2023-02-02Merge pull request #7607 from Hoverbear/installation-expandEelco Dolstra
Expand installation.md
2023-02-02perl: run `initLibStore()` on `openStore()`Maximilian Bosch
Since #7478 it's mandatory that `initLibStore()` is called for store operations. However that's not the case when running `openStore()` in Perl using the perl-bindings. That breaks e.g. `hydra-eval-jobset` when built against Nix 2.13 which uses small portions of the store API.
2023-02-02Merge pull request #7736 from shlevy/plugin-files-daemonEelco Dolstra
Don't send plugin-files to the daemon.
2023-02-02daemon: Warn on old clients passing unexpected plugin-files.Shea Levy
The setting itself was already ignored due to exception trying to set pluginFiles.
2023-02-02Merge pull request #7734 from Sciencentistguy/root-red-ps1Théophane Hufschmitt
nix-shell: Colour the prompt red if the user is root
2023-02-01Don't send plugin-files to the daemon.Shea Levy
This is radically unsafe and the daemon has already loaded its plugins anyway. Fixes cachix/devenv#276
2023-02-01nix-shell: Colour the prompt red if the user is rootJamie Quigley
This matches the nixos prompt colours - green for standard user, red for root
2023-02-01Merge pull request #7733 from edolstra/clang-c++20Eelco Dolstra
Fix C++20 compilation with clang
2023-02-01Fix clang compilationEelco Dolstra
2023-02-01Remove an unused captureEelco Dolstra
2023-02-01Merge pull request #7723 from yorickvP/nix-store-ping-jsonEelco Dolstra
nix store ping: add --json flag
2023-02-01Merge pull request #7716 from obsidiansystems/small-storePath-cleanupsThéophane Hufschmitt
Separate `path.hh` from `content-address.hh`
2023-02-01Merge pull request #7717 from obsidiansystems/delete-dead-codeEelco Dolstra
Delete dead code
2023-02-01Merge pull request #7718 from obsidiansystems/fix-rapidcheck-autoconfEelco Dolstra
Fix configure.ac rapidcheck tests
2023-02-01Merge pull request #7667 from dramforever/flake-search-attrThéophane Hufschmitt
Better error message for nix search when attr is not found
2023-02-01Merge pull request #7719 from andersk/manual-timestampEelco Dolstra
manual: Document that the store timestamp is now 1, not 0
2023-02-01Merge pull request #7726 from hercules-ci/flake-show-when-empty-hideEelco Dolstra
nix flake show: Ignore empty attrsets
2023-02-01Merge pull request #7203 from graham33/feature/cpp20Eelco Dolstra
Proposal: Use C++20
2023-01-31nix flake show: Ignore empty attrsetsRobert Hensing
For frameworks it's important that structures are as lazy as possible to prevent infinite recursions, performance issues and errors that aren't related to the thing to evaluate. As a consequence, they have to emit more attributes than strictly (sic) necessary. However, these attributes with empty values are not useful to the user so we omit them.
2023-01-31tests/store-ping: test nix store ping --jsonYorick van Pelt
2023-01-31nix store ping: try to print json if connect() fails aswellYorick van Pelt
2023-01-31Merge pull request #7714 from ncfavier/doc-structuredAttrsThéophane Hufschmitt
doc: add `__structuredAttrs`, `outputChecks`, `unsafeDiscardReferences`
2023-01-31nix store ping: add --json flagYorick van Pelt
2023-01-30manual: Document that the store timestamp is now 1, not 0Anders Kaseorg
Commit 14bc3ce3d6d5745717fa19b8b43b5fdd117ff757 (0.13~43) changed the timestamps in the Nix store from 0 to 1. Update the nix-store man page to match. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2023-01-30Merge pull request #7713 from obsidiansystems/more-rapid-checkRobert Hensing
Add more property tests
2023-01-30Fix configure.ac rapidcheck testsJohn Ericson
- `AC_LANG_PUSH(C++)` is needed for the header check - The library check is hopeless (without lots of third-party macros I don't feel like getting) because name mangling Pkg-config would make all this easier. I previously opened https://github.com/emil-e/rapidcheck/issues/302, I should write a PR too.
2023-01-30Delete dead codeJohn Ericson
The references set seems to have been unused since `LegacySSHStore` references were first created in caa5793b4a74049ee37dd88eb1c5b785456ce40d. The method decls never were upstream, and accidentally added by me in 062533f7cdb74026096ca8c7d5b6e393893d59ef (probably due to `git rerere`). Sorry! This reduces the diff from #3746.
2023-01-31Fix extra "." in CmdSearch::getDefaultFlakeAttrPathsdramforever
No other getDefaultFlakeAttrPaths implementation has this trailing dot, and the dot can show up in error messages like: error: flake '...' does not provide attribute 'packages.x86_64-linux.', ...
2023-01-31Installable::getCursors: Cleanupdramforever
- Clarify doc comments, Installables::getCursors returns non-empty vector - Use vector::at in Installable::getCursor instead of checking for empty vector and throwing an exception with error message.
2023-01-30InstallableFlake: Handle missing attr in getCursorsdramforever
Handle the case where none of getActualAttrPaths() actually exists, in which case instead of returning an empty vector. This fixes the case where the user misspells the attribute name in nix search. Instead of getting no search results, now it shows an error with suggestions. Also remove InstallableFlake::getCursor() override since it's now equivalent to the base class version.