aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-05-07Merge "feat: setup gerrit commit-msg hook with nix develop" into mainPatrick Jackson
2024-05-07Merge changes If1077a7b,I62da3161,Iebb4667b into mainQyriad
* changes: flake: fix devShell on i686-linux by disabling ClangBuildAnalyzer on it flake: fix eval of checks & devshell on i686-linux flake: move the pre-commit definition to its own file
2024-05-07flake: fix devShell on i686-linux by disabling ClangBuildAnalyzer on itQyriad
ClangBuildAnalyzer doesn't build on i686-linux due to `long long int`/`size_t` conversion errors, so let's just exclude it from the devshell on that platform Change-Id: If1077a7b3860db4381999c8e304f6d4b2bc96a05
2024-05-07Merge changes Icf26010a,Ib6161567 into mainNikodem Rabuliński
* changes: Always initialize curl in parent process on darwin Fix failing darwin tests
2024-05-07feat: setup gerrit commit-msg hook with nix developPatrick Jackson
Closes #273 Change-Id: Id883d2cda06adbcae53b8c360ad015330f0af81b
2024-05-07Always initialize curl in parent process on darwinNikodem Rabuliński
Because of an objc quirk[1], calling curl_global_init for the first time after fork() will always result in a crash. Up until now the solution has been to set OBJC_DISABLE_INITIALIZE_FORK_SAFETY for every nix process to ignore that error. This is less than ideal because we were setting it in package.nix, which meant that running nix tests locally would fail because that variable was not set. Instead of working around that error we address it at the core - by calling curl_global_init inside initLibStore, which should mean curl will already have been initialized by the time we try to do so in a forked process. [1] https://github.com/apple-oss-distributions/objc4/blob/01edf1705fbc3ff78a423cd21e03dfc21eb4d780/runtime/objc-initialize.mm#L614-L636 Change-Id: Icf26010a8be655127cc130efb9c77b603a6660d0
2024-05-07flake: fix eval of checks & devshell on i686-linuxQyriad
Change-Id: I62da3161327051005e3f48f83974140efef4417e
2024-05-07flake: move the pre-commit definition to its own fileQyriad
It's a good hundred LOC, and wasn't coupled to the actual flake logic at all. Change-Id: Iebb4667b3197dbd8cb2b019014e99fa651848832
2024-05-07libutil: de-callback-ify computeClosureeldritch horrors
only two users of this function exist. only one used it in a way that even bears resemblance to asynchronicity, and even that one didn't do it right. fully async and parallel computation would have only worked if any getEdgesAsync never calls the continuation it receives itself, only from more derived callbacks running on other threads. calling it directly would cause the decoupling promise to be awaited immediately *on the original thread*, completely negating all nice async effects. Change-Id: I0aa640950cf327533a32dee410105efdabb448df
2024-05-07libstore: limit CA realisation info substitution concurrencyeldritch horrors
this seems to be an oversight, considering that regular substitutions are concurrency-limited. while not particularly necessary at present, once we've removed the `Callback` based interfaces it will be needed. Change-Id: Ide2d08169fcc24752cbd07a1d33fb8482f7034f5
2024-05-07libutil: throw EndOfFile at sourceToSink endeldritch horrors
... how has this never broken anything before Change-Id: If3789c02028e8f929481514f63d76b0b46bfc182
2024-05-06fix fallback chroot store creation after b247ef72dQyriad
When /nix/var (or, more precisely, NIX_STATE_DIR) does not exist at all, Lix falls back to creating an adhoc chroot store in XDG_DATA_HOME. b247ef72d[1] changed the way Store classes are initialized, and in the migration, a `params2` was accidentally changed to `params`. This commit restores the correct behavior, and in lieu of a single *character* fix, this commit also changes the variable name to something more reasonable. Fixes #274. [1]: b247ef72dc7bcc857288c0ddcceb3e42f76a78f1 n.b., this code might deserve some more looking at anyway. this fallback store creation throws away *all* Store params passed to openFromNonUri() in favor of an entirely new set which only contains the `root` param, which may or may not be the correct behavior Change-Id: Ibea559b88a50e6d6e75a1f87d9d7816cabb2a8f3
2024-05-07Merge "fix: readme typo" into mainjade
2024-05-07Merge "Remove README.md from build dependencies" into mainjade
2024-05-07Merge "chore: re-work the contribution guide" into mainjade
2024-05-07chore: re-work the contribution guideRaito Bezarius
As per our bootstrap governance discussions, here's a very simple proposal which links as much as possible to our wiki. Change-Id: I88b1c43f933ff7e529151b1e933fad40283383c4 Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-05-06Remove README.md from build dependenciesJade Lovelace
Now we will simply hit cache every time anyone changes readme, yay! Change-Id: I5906f589d319ff6d43cbd2b467887e08f7474283
2024-05-06fix: readme typoAbhiram
The text on the matrix link was wrong. Change-Id: I5d15b27eef0d7d03505920ebf1c03fecbb7faabe
2024-05-06filetransfer: correctly abort empty transferseldritch horrors
returning 0 from the callback for errors signals successful transfer if the source returned no data even though the exception we've just caught clearly disagrees. while this is not all that important (since the only viable cause of such errors will be dataCallback, and the sole instance of it being used already takes care of exceptions) we can just do this. Change-Id: I2bb150eff447121d82e8e3aa4e00057c40523ac6
2024-05-06filetransfer: extract decompressor creationeldritch horrors
this will be necessary if we want download() to return a source instead of consuming a sink, which will in turn be needed to remove coroutines. Change-Id: I34ec241e9bbc5d32fbcd243b244e29c3757533aa
2024-05-06Fix failing darwin testsNikodem Rabuliński
Some tests were failing on darwin, if the auto-allocate-uids featrure was enabled. This was because AAU on darwin works by setuid-ing as a non-existent user, so the tests that were relying on `whoami` were failing. In the case of trusted-users we fall back to printing the user id, which is already handled gracefully in the daemon code - i.e. when a user does not exist or for some other reason looking up their username is not possible, the daemon falls back to searching for their uid inside the trusted-users list. When whoami is used to print the username for other purpose, we default to printing nixbld. Change-Id: Ib61615677565098cb5fbf5e26a946ef427c58caf
2024-05-06Merge "Fix the pages in the manual for Lix" into mainjade
2024-05-05meson: install org.nixos.nix-daemon.plist on macOSQyriad
Change-Id: I70079a553ec355be944f9940258f9abf861759fc
2024-05-05Fix the pages in the manual for LixJade Lovelace
This doesn't comprehensively fix everything outdated in the manual, or make the manual greatly better, but it does note down where at least jade noticed it was wrong, and it does fix all the instances of referencing Nix to conform to the style guide to the best of our ability. A lot of things have been commented out for being wrong, and there are three types of FIXME introduced: - FIXME(Lix): generically Lix needs to fix it - FIXME(Qyriad): re https://git.lix.systems/lix-project/lix/issues/215 - FIXME(meson): docs got outdated by meson changes and need rewriting I did fix a bunch of it that I could, but there could certainly be mistakes and this is definitely just an incremental improvement. Fixes: https://git.lix.systems/lix-project/lix/issues/266 Change-Id: I5993c4603d7f026a887089fce77db08394362135
2024-05-05Merge "gitignore nocontribmsg" into mainjade
2024-05-05gitignore nocontribmsgJade Lovelace
follow-on to https://gerrit.lix.systems/c/lix/+/996 Change-Id: I5b88697d5c802d2788e07387de406e4a4bd351e3
2024-05-05Merge "README: update to be Lix" into mainQyriad
2024-05-05README: update to be LixQyriad
Change-Id: I15b2513de61cffa2002799c4d12d251ef0970b9f
2024-05-05fix integer overflow on i686 with high phys memoryQyriad
sizeof(long) is 4 bytes on i686 GCC. With ~32 GiB of memory and a page size of 4096, there are 7988420 pages. (7988420 * 4096) is bigger than INT32_MAX folks. This has gone unnoticed for 9 years, and only came up thanks to 94ea517db[1] adding integer overflow sensitization checks, which caused this broken code to emit an illegal instruction, crashing Lix the instant the buildsystem ran Lix to generate the docs files. [1]: 94ea517dbe729765b69638190f4bea3f6a632b40 Change-Id: I50bb9ea072aac11b449d79e5d55525887a6e5a99
2024-05-05Merge "point nix3-upgrade-nix to releases.lix.systems/manifest.nix" into mainQyriad
2024-05-05Merge "Warn on untrusted client settings being ignored" into mainjade
2024-05-05filetransfer: abort transfer on receiver exceptioneldritch horrors
not doing this will cause transfers that had their readers disappear to linger. with lingering transfers the curl thread can't shut down, which will cause nix itself to not shut down until the transfer finishes some other way (most likely network timeouts). also add a new test for this. Change-Id: Id2401b3ac85731c824db05918d4079125be25b57
2024-05-05point nix3-upgrade-nix to releases.lix.systems/manifest.nixQyriad
This file is currently manually managed, but will be automated along with the rest of the release process. Change-Id: I77839919549aaac73de582b2e563ce3ef914a8cb
2024-05-05Merge "add a contributor notice message to the dev shell hook" into mainQyriad
2024-05-05add a contributor notice message to the dev shell hookQyriad
It can be turned off by creating a file `.nocontribmsg` in the root of the repo. Change-Id: Iecc5c647c824a0416e527550226447780b94c08e
2024-05-05Merge "tests/flakes/follow-paths: test that warning about non-existent input ↵Maximilian Bosch
works recursively" into main
2024-05-05doc: fix build littering doc/eldritch horrors
mdbook has the unfortunate habit of creating stub files for chapters it can't find on disk. turn off this helpful feature as it masks errors in the summary file, and fix a recently introduced instance of this error. Change-Id: I10d86aac0489c9c494bd5c8a50047415f4d4b18d
2024-05-04Warn on untrusted client settings being ignoredJade Lovelace
These are such a footgun and trip people up a lot. Let's make Lix louder about this. Related: https://git.lix.systems/lix-project/lix/issues/261 Change-Id: I6a8d57c9817caaa6b0cbf886c615dda51038f628
2024-05-05Merge "Actually try making a userns before assuming they don't work" into mainjade
2024-05-05Merge "Fix /etc/group having desynced IDs from the actual UID in the ↵jade
sandbox" into main
2024-05-05Actually try making a userns before assuming they don't workJade Lovelace
If unprivileged userns are *believed* to be disabled (such as with "kernel.unprivileged_userns_clone = 0"), Lix would previously *give up* on trying to use a user namespace before actually trying it, even if, in cases such as unprivileged_userns_clone, it would actually be allowed since Nix has CAP_SYS_ADMIN when running as daemon. (see, e.g. https://github.com/archlinux/linux/commit/25d4709a4fc0e4f3b432c24b60dd508fb84f0cb2) We changed it to actually try it first, and then diagnose possible causes, and also to be more loud about the whole thing, using warnings instead of debugs. These warnings will only print on the first build run by the daemon, which is, tbh, eh, shrug. This is what led to us realizing that no-userns was a poorly exercised condition. Change-Id: I8e4f21afc89c574020dc7e89a560cc740ce6573a
2024-05-04Fix /etc/group having desynced IDs from the actual UID in the sandboxJade Lovelace
This was found when `logrotate.conf` failed to build in a NixOS system with: /nix/store/26zdl4pyw5qazppj8if5lm8bjzxlc07l-coreutils-9.3/bin/id: cannot find name for group ID 30000 This was surprising because it seemed to mean that /etc/group was busted in the sandbox. Indeed it was: root:x:0: nixbld:!:100: nogroup:x:65534: We diagnosed this to sandboxUid() being called before usingUserNamespace() was called, in setting up /etc/group inside the sandbox. This code desperately needs refactoring. We also moved the /etc/group code to be with the /etc/passwd code, but honestly this code is all spaghetti'd all over the place and needs some more serious tidying than we did here. We also moved some checks to be earlier to improve locality with where the things they are checking come from. Change-Id: Ie29798771f3593c46ec313a32960fa955054aceb
2024-05-04Remove a URL literal from fetchTarball docsJade Lovelace
Change-Id: I254b793b42f77ffe9f357f3b376683e5758f23b5
2024-05-04Merge "package: remove assert for libseccomp version" into mainMaximilian Bosch
2024-05-04Merge "tests: actually run mercurial tests" into mainMaximilian Bosch
2024-05-04tests: actually run mercurial testsMaximilian Bosch
The binary to check for is called hg not hq. Change-Id: I812a30f9347d5bf0573cdacc3fc887960887ee92
2024-05-04package: remove assert for libseccomp versionMaximilian Bosch
This has the following downsides: * you cannot build Lix against nixos-unstable. * this will immediately break as soon as libseccomp will hit nixos-23.11 (given that people will probably use the package.nix via our overlay or override nixpkgs via `follows`). Hence, removing the assert again and add a better FIXME comment. Change-Id: I284e10cf08e1873fef70ed869a1638aa89792422
2024-05-04Merge "Revert "Revert "Merge pull request #6621 from Kha/nested-follows""" ↵Maximilian Bosch
into main
2024-05-04Merge "libstore/local-derivation-goal: prohibit creating setuid/setgid ↵Maximilian Bosch
binaries" into main
2024-05-03tests/flakes/follow-paths: test that warning about non-existent input works ↵Maximilian Bosch
recursively When I added the warning that an input X has an override for a non-existent input, the recursive flake input override fix wasn't implemented yet[1]. This patch tests that both work together. [1] https://github.com/NixOS/nix/pull/6663 Change-Id: I90dc032029b7160ab4a97d28c480c59d3a6f0150