aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-08-03Make `moveFile` more atomicThéophane Hufschmitt
Rather than directly copying the source to its dest, copy it first to a temporary location, and eventually move that temporary. That way, the move is at least atomic from the point-of-view of the destination
2022-08-03Only use `renameFile` where neededThéophane Hufschmitt
In most places the fallback to copying isn’t needed and can actually be bad, so we’d rather not transparently fallback
2022-08-03moveFile -> renameFileThéophane Hufschmitt
`move` tends to have this `mv` connotation of “I will copy it for you if needs be”
2022-08-03Link against c++fs on darwinThéophane Hufschmitt
Required by the old clang version
2022-08-03Re-implement the recursive directory copyThéophane Hufschmitt
The recursive copy from the stl doesn’t exactly do what we need because 1. It doesn’t delete things as we go 2. It doesn’t keep the mtime, which change the nars So re-implement it ourselves. A bit dull, but that way we have what we want
2022-08-03rename: Fallback to a copy if the filesystems mismatchThéophane Hufschmitt
In `nix::rename`, if the call to `rename` fails with `EXDEV` (failure because the source and the destination are in a different filesystems) switch to copying and removing the source. To avoid having to re-implement the copy manually, I switched the function to use the c++17 `filesystem` library (which has a `copy` function that should do what we want). Fix #6262
2022-08-03Create a wrapper around stdlib’s `rename`Théophane Hufschmitt
Directly takes some c++ strings, and gently throws an exception on error (rather than having to inline this logic everywhere)
2022-08-03Move some fs-related functions to their own fileThéophane Hufschmitt
Unclutter `util.cc` a bit
2022-08-02Merge pull request #6851 from K900/patch-1Théophane Hufschmitt
doc/distributed-builds: don't use deprecated alias
2022-08-01doc/distributed-builds: don't use deprecated aliasK900
`nix ping-store` -> `nix store ping`.
2022-07-29Merge pull request #6844 from centromere/custom-nix-confRok Garbas
docker.nix: Allow Nix configuration to be customized
2022-07-28Merge pull request #6845 from fricklerhandwerk/attrsetEelco Dolstra
manual: set -> attribute set
2022-07-28manual: set -> attribute setValentin Gagarin
reword description to have shorter sentences.
2022-07-28manual: fix section title in table of contentsValentin Gagarin
2022-07-28docker.nix: Allow Nix configuration to be customizedAlex Wied
2022-07-22Merge pull request #6814 from amjoseph-nixpkgs/pr/sandbox-error-messagesThéophane Hufschmitt
local-derivation-goal.cc: improve error messages when sandboxing fails
2022-07-22Merge pull request #6813 from centromere/cgroup-cpu-detectionThéophane Hufschmitt
libstore/globals.cc: Automatically set cores based on cgroup CPU limit
2022-07-19libstore/globals.cc: Move cgroup detection to libutilAlex Wied
2022-07-19libstore/globals.cc: Automatically set cores based on cgroup CPU limitAlex Wied
By default, Nix sets the "cores" setting to the number of CPUs which are physically present on the machine. If cgroups are used to limit the CPU and memory consumption of a large Nix build, the OOM killer may be invoked. For example, consider a GitLab CI pipeline which builds a large software package. The GitLab runner spawns a container whose CPU is limited to 4 cores and whose memory is limited to 16 GiB. If the underlying machine has 64 cores, Nix will invoke the build with -j64. In many cases, that level of parallelism will invoke the OOM killer and the build will completely fail. This change sets the default value of "cores" to be ceil(cpu_quota / cpu_period), with a fallback to std::thread::hardware_concurrency() if cgroups v2 is not detected.
2022-07-19local-derivation-goal.cc: save global errno to the stack before performing ↵Adam Joseph
tests which might clobber it
2022-07-19error.hh: add additional constructor with explicit errno argumentAdam Joseph
2022-07-19as requested by @thufschmitt ↵Adam Joseph
https://github.com/NixOS/nix/pull/6814#discussion_r924275777
2022-07-19change warn() to notice()Adam Joseph
2022-07-18Merge pull request #6784 from tweag/completion-testThéophane Hufschmitt
Add some tests for the CLI completion
2022-07-18Merge pull request #6812 from lovesegfault/rosetta-pathsEelco Dolstra
fix(libstore): allow Nix to access all Rosetta 2 paths on MacOS
2022-07-17local-derivation-goal.cc: detect unprivileged_userns_clone failure modeAdam Joseph
The workaround for "Some distros patch Linux" mentioned in local-derivation-goal.cc will not help in the `--option sandbox-fallback false` case. To provide the user more helpful guidance on how to get the sandbox working, let's check to see if the `/proc` node created by the aforementioned patch is present and configured in a way that will cause us problems. If so, give the user a suggestion for how to troubleshoot the problem.
2022-07-17local-derivation-goal.cc: add comment re: CLONE_NEWUSERAdam Joseph
local-derivation-goal.cc contains a comment stating that "Some distros patch Linux to not allow unprivileged user namespaces." Let's give a pointer to a common version of this patch for those who want more details about this failure mode.
2022-07-16local-derivation-goal.cc: warn if failing and /proc/self/ns/user missingAdam Joseph
This commit causes nix to `warn()` if sandbox setup has failed and `/proc/self/ns/user` does not exist. This is usually a sign that the kernel was compiled without `CONFIG_USER_NS=y`, which is required for sandboxing.
2022-07-16local-derivation-goal.cc: warn if failing due to max_user_namespaces==0Adam Joseph
This commit uses `warn()` to notify the user if sandbox setup fails with errno==EPERM and /proc/sys/user/max_user_namespaces is missing or zero, since that is at least part of the reason why sandbox setup failed. Note that `echo -n 0 > /proc/sys/user/max_user_namespaces` or equivalent at boot time has been the recommended mitigation for several Linux LPE vulnerabilities over the past few years. Many users have applied this mitigation and then forgotten that they have done so.
2022-07-16local-derivation-goal.cc: improve error messages when sandboxing failsAdam Joseph
The failure modes for nix's sandboxing setup are pretty complicated. When nix is unable to set up the sandbox, let's provide more detail about what went wrong. Specifically: * Make sure the error message includes the word "sandbox" so the user knows that the failure was related to sandboxing. * If `--option sandbox-fallback false` was provided, and removing it would have allowed further attempts to make progress, let the user know.
2022-07-15fix(libstore): allow Nix to access all Rosetta 2 paths on MacOSAlex Wied
Fixes: #5884
2022-07-15Merge pull request #6810 from jfly/jfly/do-not-assume-savedvars-existEelco Dolstra
nix develop: do not assume that saved vars are set
2022-07-15Merge pull request #6811 from edolstra/fix-auto-chrootEelco Dolstra
Disable auto-chroot if $NIX_STATE_DIR is set
2022-07-15Disable auto-chroot if $NIX_STATE_DIR is setEelco Dolstra
Issue #6732.
2022-07-14nix develop: do not assume that saved vars are setJeremy Fleischman
This fixes https://github.com/NixOS/nix/issues/6809
2022-07-14Merge pull request #6807 from NixOS/curl-patchDomen Kožar
curl: patch for netrc regression in Nix
2022-07-14curl: patch for netrc regression in NixDomen Kožar
2022-07-14Merge pull request #6804 from edolstra/fix-auto-chrootEelco Dolstra
Disable auto-chroot if $NIX_STORE_DIR is set
2022-07-14Disable auto-chroot if $NIX_STORE_DIR is setEelco Dolstra
Fixes #6732.
2022-07-14Merge pull request #6803 from edolstra/test-stack-traceEelco Dolstra
On test failures, print a bash stack trace
2022-07-14On test failures, print a bash stack traceEelco Dolstra
This makes it easier to identify what command failed. It looks like: follow-paths.sh: test failed at: main in follow-paths.sh:54
2022-07-14Merge pull request #6802 from edolstra/split-flakes-testsEelco Dolstra
Split flakes tests
2022-07-13Split off 'nix flake check' testsEelco Dolstra
2022-07-13Move flake-searching.sh and make it less dependent on gitEelco Dolstra
2022-07-13Move flake-local-settings.shEelco Dolstra
2022-07-13Move the 'nix bundle' testsEelco Dolstra
Note: these were previously not actually called.
2022-07-13Split off following paths testsEelco Dolstra
2022-07-13Split off 'nix flake init' testsEelco Dolstra
2022-07-13Split off the circular flake import testsEelco Dolstra
2022-07-13Split off the Mercurial flake testsEelco Dolstra