Age | Commit message (Collapse) | Author |
|
Rather than directly copying the source to its dest, copy it first to a
temporary location, and eventually move that temporary.
That way, the move is at least atomic from the point-of-view of the destination
|
|
In most places the fallback to copying isn’t needed and can actually be
bad, so we’d rather not transparently fallback
|
|
`move` tends to have this `mv` connotation of “I will copy it for you if
needs be”
|
|
Required by the old clang version
|
|
The recursive copy from the stl doesn’t exactly do what we need because
1. It doesn’t delete things as we go
2. It doesn’t keep the mtime, which change the nars
So re-implement it ourselves. A bit dull, but that way we have what we want
|
|
In `nix::rename`, if the call to `rename` fails with `EXDEV` (failure
because the source and the destination are in a different filesystems)
switch to copying and removing the source.
To avoid having to re-implement the copy manually, I switched the
function to use the c++17 `filesystem` library (which has a `copy`
function that should do what we want).
Fix #6262
|
|
Directly takes some c++ strings, and gently throws an exception on error
(rather than having to inline this logic everywhere)
|
|
Unclutter `util.cc` a bit
|
|
doc/distributed-builds: don't use deprecated alias
|
|
`nix ping-store` -> `nix store ping`.
|
|
docker.nix: Allow Nix configuration to be customized
|
|
manual: set -> attribute set
|
|
reword description to have shorter sentences.
|
|
|
|
|
|
local-derivation-goal.cc: improve error messages when sandboxing fails
|
|
libstore/globals.cc: Automatically set cores based on cgroup CPU limit
|
|
|
|
By default, Nix sets the "cores" setting to the number of CPUs which are
physically present on the machine. If cgroups are used to limit the CPU
and memory consumption of a large Nix build, the OOM killer may be
invoked.
For example, consider a GitLab CI pipeline which builds a large software
package. The GitLab runner spawns a container whose CPU is limited to 4
cores and whose memory is limited to 16 GiB. If the underlying machine
has 64 cores, Nix will invoke the build with -j64. In many cases, that
level of parallelism will invoke the OOM killer and the build will
completely fail.
This change sets the default value of "cores" to be
ceil(cpu_quota / cpu_period), with a fallback to
std::thread::hardware_concurrency() if cgroups v2 is not detected.
|
|
tests which might clobber it
|
|
|
|
https://github.com/NixOS/nix/pull/6814#discussion_r924275777
|
|
|
|
Add some tests for the CLI completion
|
|
fix(libstore): allow Nix to access all Rosetta 2 paths on MacOS
|
|
The workaround for "Some distros patch Linux" mentioned in
local-derivation-goal.cc will not help in the `--option
sandbox-fallback false` case. To provide the user more helpful
guidance on how to get the sandbox working, let's check to see if the
`/proc` node created by the aforementioned patch is present and
configured in a way that will cause us problems. If so, give the user
a suggestion for how to troubleshoot the problem.
|
|
local-derivation-goal.cc contains a comment stating that "Some distros
patch Linux to not allow unprivileged user namespaces." Let's give a
pointer to a common version of this patch for those who want more
details about this failure mode.
|
|
This commit causes nix to `warn()` if sandbox setup has failed and
`/proc/self/ns/user` does not exist. This is usually a sign that the
kernel was compiled without `CONFIG_USER_NS=y`, which is required for
sandboxing.
|
|
This commit uses `warn()` to notify the user if sandbox setup fails
with errno==EPERM and /proc/sys/user/max_user_namespaces is missing or
zero, since that is at least part of the reason why sandbox setup
failed.
Note that `echo -n 0 > /proc/sys/user/max_user_namespaces` or
equivalent at boot time has been the recommended mitigation for
several Linux LPE vulnerabilities over the past few years. Many users
have applied this mitigation and then forgotten that they have done
so.
|
|
The failure modes for nix's sandboxing setup are pretty complicated.
When nix is unable to set up the sandbox, let's provide more detail
about what went wrong. Specifically:
* Make sure the error message includes the word "sandbox" so the user
knows that the failure was related to sandboxing.
* If `--option sandbox-fallback false` was provided, and removing it
would have allowed further attempts to make progress, let the user
know.
|
|
Fixes: #5884
|
|
nix develop: do not assume that saved vars are set
|
|
Disable auto-chroot if $NIX_STATE_DIR is set
|
|
Issue #6732.
|
|
This fixes https://github.com/NixOS/nix/issues/6809
|
|
curl: patch for netrc regression in Nix
|
|
|
|
Disable auto-chroot if $NIX_STORE_DIR is set
|
|
Fixes #6732.
|
|
On test failures, print a bash stack trace
|
|
This makes it easier to identify what command failed. It looks like:
follow-paths.sh: test failed at:
main in follow-paths.sh:54
|
|
Split flakes tests
|
|
|
|
|
|
|
|
Note: these were previously not actually called.
|
|
|
|
|
|
|
|
|