Age | Commit message (Collapse) | Author |
|
|
|
* changes:
flake: fix devShell on i686-linux by disabling ClangBuildAnalyzer on it
flake: fix eval of checks & devshell on i686-linux
flake: move the pre-commit definition to its own file
|
|
ClangBuildAnalyzer doesn't build on i686-linux due to
`long long int`/`size_t` conversion errors, so let's just exclude it
from the devshell on that platform
Change-Id: If1077a7b3860db4381999c8e304f6d4b2bc96a05
|
|
* changes:
Always initialize curl in parent process on darwin
Fix failing darwin tests
|
|
Closes #273
Change-Id: Id883d2cda06adbcae53b8c360ad015330f0af81b
|
|
Because of an objc quirk[1], calling curl_global_init for the first time
after fork() will always result in a crash.
Up until now the solution has been to set
OBJC_DISABLE_INITIALIZE_FORK_SAFETY for every nix process to ignore
that error.
This is less than ideal because we were setting it in package.nix,
which meant that running nix tests locally would fail because
that variable was not set.
Instead of working around that error we address it at the core -
by calling curl_global_init inside initLibStore, which should mean
curl will already have been initialized by the time we try to do so in
a forked process.
[1] https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-initialize.mm#L614-L636
Change-Id: Icf26010a8be655127cc130efb9c77b603a6660d0
|
|
Change-Id: I62da3161327051005e3f48f83974140efef4417e
|
|
It's a good hundred LOC, and wasn't coupled to the actual flake logic at
all.
Change-Id: Iebb4667b3197dbd8cb2b019014e99fa651848832
|
|
only two users of this function exist. only one used it in a way that
even bears resemblance to asynchronicity, and even that one didn't do
it right. fully async and parallel computation would have only worked
if any getEdgesAsync never calls the continuation it receives itself,
only from more derived callbacks running on other threads. calling it
directly would cause the decoupling promise to be awaited immediately
*on the original thread*, completely negating all nice async effects.
Change-Id: I0aa640950cf327533a32dee410105efdabb448df
|
|
this seems to be an oversight, considering that regular substitutions
are concurrency-limited. while not particularly necessary at present,
once we've removed the `Callback` based interfaces it will be needed.
Change-Id: Ide2d08169fcc24752cbd07a1d33fb8482f7034f5
|
|
... how has this never broken anything before
Change-Id: If3789c02028e8f929481514f63d76b0b46bfc182
|
|
When /nix/var (or, more precisely, NIX_STATE_DIR) does not exist at all,
Lix falls back to creating an adhoc chroot store in XDG_DATA_HOME.
b247ef72d[1] changed the way Store classes are initialized, and in the
migration, a `params2` was accidentally changed to `params`. This commit
restores the correct behavior, and in lieu of a single *character* fix,
this commit also changes the variable name to something more reasonable.
Fixes #274.
[1]: b247ef72dc7bcc857288c0ddcceb3e42f76a78f1
n.b., this code might deserve some more looking at anyway. this fallback
store creation throws away *all* Store params passed to
openFromNonUri() in favor of an entirely new set which only contains
the `root` param, which may or may not be the correct behavior
Change-Id: Ibea559b88a50e6d6e75a1f87d9d7816cabb2a8f3
|
|
|
|
|
|
|
|
As per our bootstrap governance discussions, here's a very simple
proposal which links as much as possible to our wiki.
Change-Id: I88b1c43f933ff7e529151b1e933fad40283383c4
Signed-off-by: Raito Bezarius <raito@lix.systems>
|
|
Now we will simply hit cache every time anyone changes readme, yay!
Change-Id: I5906f589d319ff6d43cbd2b467887e08f7474283
|
|
The text on the matrix link was wrong.
Change-Id: I5d15b27eef0d7d03505920ebf1c03fecbb7faabe
|
|
returning 0 from the callback for errors signals successful transfer if
the source returned no data even though the exception we've just caught
clearly disagrees. while this is not all that important (since the only
viable cause of such errors will be dataCallback, and the sole instance
of it being used already takes care of exceptions) we can just do this.
Change-Id: I2bb150eff447121d82e8e3aa4e00057c40523ac6
|
|
this will be necessary if we want download() to return a source instead
of consuming a sink, which will in turn be needed to remove coroutines.
Change-Id: I34ec241e9bbc5d32fbcd243b244e29c3757533aa
|
|
Some tests were failing on darwin,
if the auto-allocate-uids featrure was enabled.
This was because AAU on darwin works by setuid-ing as a non-existent
user, so the tests that were relying on `whoami` were failing.
In the case of trusted-users we fall back to printing the user id,
which is already handled gracefully in the daemon code - i.e. when
a user does not exist or for some other reason looking up their
username is not possible, the daemon falls back to searching for their
uid inside the trusted-users list.
When whoami is used to print the username for other purpose,
we default to printing nixbld.
Change-Id: Ib61615677565098cb5fbf5e26a946ef427c58caf
|
|
|
|
Change-Id: I70079a553ec355be944f9940258f9abf861759fc
|
|
This doesn't comprehensively fix everything outdated in the manual, or
make the manual greatly better, but it does note down where at least
jade noticed it was wrong, and it does fix all the instances of
referencing Nix to conform to the style guide to the best of our
ability.
A lot of things have been commented out for being wrong, and there are
three types of FIXME introduced:
- FIXME(Lix): generically Lix needs to fix it
- FIXME(Qyriad): re https://git.lix.systems/lix-project/lix/issues/215
- FIXME(meson): docs got outdated by meson changes and need rewriting
I did fix a bunch of it that I could, but there could certainly be
mistakes and this is definitely just an incremental improvement.
Fixes: https://git.lix.systems/lix-project/lix/issues/266
Change-Id: I5993c4603d7f026a887089fce77db08394362135
|
|
|
|
follow-on to https://gerrit.lix.systems/c/lix/+/996
Change-Id: I5b88697d5c802d2788e07387de406e4a4bd351e3
|
|
|
|
Change-Id: I15b2513de61cffa2002799c4d12d251ef0970b9f
|
|
sizeof(long) is 4 bytes on i686 GCC.
With ~32 GiB of memory and a page size of 4096, there are 7988420 pages.
(7988420 * 4096) is bigger than INT32_MAX folks.
This has gone unnoticed for 9 years, and only came up thanks to
94ea517db[1] adding integer overflow sensitization checks, which caused
this broken code to emit an illegal instruction, crashing Lix the
instant the buildsystem ran Lix to generate the docs files.
[1]: 94ea517dbe729765b69638190f4bea3f6a632b40
Change-Id: I50bb9ea072aac11b449d79e5d55525887a6e5a99
|
|
|
|
|
|
not doing this will cause transfers that had their readers disappear to
linger. with lingering transfers the curl thread can't shut down, which
will cause nix itself to not shut down until the transfer finishes some
other way (most likely network timeouts). also add a new test for this.
Change-Id: Id2401b3ac85731c824db05918d4079125be25b57
|
|
This file is currently manually managed, but will be automated along
with the rest of the release process.
Change-Id: I77839919549aaac73de582b2e563ce3ef914a8cb
|
|
|
|
It can be turned off by creating a file `.nocontribmsg` in the root
of the repo.
Change-Id: Iecc5c647c824a0416e527550226447780b94c08e
|
|
works recursively" into main
|
|
mdbook has the unfortunate habit of creating stub files for chapters it
can't find on disk. turn off this helpful feature as it masks errors in
the summary file, and fix a recently introduced instance of this error.
Change-Id: I10d86aac0489c9c494bd5c8a50047415f4d4b18d
|
|
These are such a footgun and trip people up a lot. Let's make Lix louder
about this.
Related: https://git.lix.systems/lix-project/lix/issues/261
Change-Id: I6a8d57c9817caaa6b0cbf886c615dda51038f628
|
|
|
|
sandbox" into main
|
|
If unprivileged userns are *believed* to be disabled (such as with
"kernel.unprivileged_userns_clone = 0"), Lix would previously *give up*
on trying to use a user namespace before actually trying it, even if, in
cases such as unprivileged_userns_clone, it would actually be allowed
since Nix has CAP_SYS_ADMIN when running as daemon.
(see, e.g. https://github.com/archlinux/linux/commit/25d4709a4fc0e4f3b432c24b60dd508fb84f0cb2)
We changed it to actually try it first, and then diagnose possible
causes, and also to be more loud about the whole thing, using warnings
instead of debugs. These warnings will only print on the first build run
by the daemon, which is, tbh, eh, shrug.
This is what led to us realizing that no-userns was a poorly exercised
condition.
Change-Id: I8e4f21afc89c574020dc7e89a560cc740ce6573a
|
|
This was found when `logrotate.conf` failed to build in a NixOS system
with:
/nix/store/26zdl4pyw5qazppj8if5lm8bjzxlc07l-coreutils-9.3/bin/id: cannot find name for group ID 30000
This was surprising because it seemed to mean that /etc/group was busted
in the sandbox. Indeed it was:
root:x:0:
nixbld:!:100:
nogroup:x:65534:
We diagnosed this to sandboxUid() being called before
usingUserNamespace() was called, in setting up /etc/group inside the
sandbox. This code desperately needs refactoring.
We also moved the /etc/group code to be with the /etc/passwd code, but
honestly this code is all spaghetti'd all over the place and needs some
more serious tidying than we did here.
We also moved some checks to be earlier to improve locality with where
the things they are checking come from.
Change-Id: Ie29798771f3593c46ec313a32960fa955054aceb
|
|
Change-Id: I254b793b42f77ffe9f357f3b376683e5758f23b5
|
|
|
|
|
|
The binary to check for is called hg not hq.
Change-Id: I812a30f9347d5bf0573cdacc3fc887960887ee92
|
|
This has the following downsides:
* you cannot build Lix against nixos-unstable.
* this will immediately break as soon as libseccomp will hit
nixos-23.11 (given that people will probably use the package.nix via
our overlay or override nixpkgs via `follows`).
Hence, removing the assert again and add a better FIXME comment.
Change-Id: I284e10cf08e1873fef70ed869a1638aa89792422
|
|
into main
|
|
binaries" into main
|
|
recursively
When I added the warning that an input X has an override for a
non-existent input, the recursive flake input override fix wasn't
implemented yet[1].
This patch tests that both work together.
[1] https://github.com/NixOS/nix/pull/6663
Change-Id: I90dc032029b7160ab4a97d28c480c59d3a6f0150
|