aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-04-04libutil: don't save cwd fd, use path insteadCole Helbling
Saving the cwd fd didn't actually work well -- prior to this commit, the following would happen: : ~/w/vc/nix ; doas outputs/out/bin/nix --experimental-features 'nix-command flakes' run nixpkgs#coreutils -- --coreutils-prog=pwd pwd: couldn't find directory entry in ‘../../../..’ with matching i-node : ~/w/vc/nix ; doas outputs/out/bin/nix --experimental-features 'nix-command flakes' develop -c pwd pwd: couldn't find directory entry in ‘../../../..’ with matching i-node
2022-04-04libutil: save cwd fd in restoreMountNamespaceCole Helbling
This doesn't work very well (maybe I'm misunderstanding the desired implementation): : ~/w/vc/nix ; doas outputs/out/bin/nix --experimental-features 'nix-command flakes' develop -c pwd pwd: couldn't find directory entry in ‘../../../..’ with matching i-node
2022-04-04libutil: `try` restoring the cwd from fdSavedCwdCole Helbling
2022-04-04libutil: save fd to cwd instead of cwd itselfCole Helbling
2022-04-04libutil: cleanup savedCwd logicCole Helbling
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2022-04-04Add missing #includeEelco Dolstra
2022-04-04Merge pull request #6350 from flox/lock_installableEelco Dolstra
fix(run): set applyNixConfig lockFlag
2022-04-01fix(run): set applyNixConfig lockFlagTom Bereknyei
2022-04-01libutil: Properly guard self-allocating getcwd on GNUCole Helbling
It's a GNU extension, as pointed out by pennae.
2022-04-01libutil: Don't use std::filesystemCole Helbling
Just in case making libutil depend on std::filesystem is unacceptable, here is the non-filesystem approach.
2022-04-01libutil: Fix restoring mount namespaceaszlig
I regularly pass around simple scripts by using nix-shell as the script interpreter, eg. like this: #!/usr/bin/env nix-shell #!nix-shell -p dd_rescue coreutils bash -i bash While this works most of the time, I recently had one occasion where it would not and the above would result in the following: $ sudo ./myscript.sh bash: ./myscript.sh: No such file or directory Note the "sudo" here, because this error only occurs if we're root. The reason for the latter is because running Nix as root means that we can directly access the store, which makes sure we use a filesystem namespace to make the store writable. XXX - REWORD! So when stracing the process, I stumbled on the following sequence: openat(AT_FDCWD, "/proc/self/ns/mnt", O_RDONLY) = 3 unshare(CLONE_NEWNS) = 0 ... later ... getcwd("/the/real/cwd", 4096) = 14 setns(3, CLONE_NEWNS) = 0 getcwd("/", 4096) = 2 In the whole strace output there are no calls to chdir() whatsoever, so I decided to look into the kernel source to see what else could change directories and found this[1]: /* Update the pwd and root */ set_fs_pwd(fs, &root); set_fs_root(fs, &root); The set_fs_pwd() call is roughly equivalent to a chdir() syscall and this is called when the setns() syscall is invoked[2]. [1]: https://github.com/torvalds/linux/blob/b14ffae378aa1db993e62b01392e70d1e585fb23/fs/namespace.c#L4659 [2]: https://github.com/torvalds/linux/blob/b14ffae378aa1db993e62b01392e70d1e585fb23/kernel/nsproxy.c#L346
2022-04-01Merge pull request #6344 from flox/profile_url_uriEelco Dolstra
profile!: consistent use of url/uri. create new version
2022-04-01Merge pull request #6347 from edolstra/fix-output-hash-algoEelco Dolstra
Fix handling of outputHash when outputHashAlgo is not specified
2022-04-01Fix handling of outputHash when outputHashAlgo is not specifiedEelco Dolstra
https://hydra.nixos.org/build/171351131
2022-04-01Merge pull request #6343 from Artturin/anothertypoThéophane Hufschmitt
scripts/install-systemd-multi-user.sh: fix another typo
2022-03-31scripts/install-systemd-multi-user.sh: fix another typoArtturin
2022-03-31Merge pull request #6227 from NixOS/impure-derivations-ngEelco Dolstra
Impure derivations
2022-03-31commentsBen Burdette
2022-03-31tests/impure-derivations.sh: Ensure that inputAddressed build failsEelco Dolstra
2022-03-31show 'with' bindings as well as staticBen Burdette
2022-03-31Update release notesEelco Dolstra
2022-03-31Provide default values for outputHashAlgo and outputHashModeEelco Dolstra
2022-03-31Fix macOS buildEelco Dolstra
2022-03-31Rename 'pure' -> 'sandboxed' for consistencyEelco Dolstra
2022-03-31needsNetworkAccess() -> isSandboxed()Eelco Dolstra
2022-03-31Document isPure()Eelco Dolstra
2022-03-31Fix macOS buildEelco Dolstra
2022-03-31Fix testEelco Dolstra
2022-03-31tests/impure-derivations.sh: Restart daemonEelco Dolstra
2022-03-31Support fixed-output derivations depending on impure derivationsEelco Dolstra
2022-03-31Add support for impure derivationsEelco Dolstra
Impure derivations are derivations that can produce a different result every time they're built. Example: stdenv.mkDerivation { name = "impure"; __impure = true; # marks this derivation as impure outputHashAlgo = "sha256"; outputHashMode = "recursive"; buildCommand = "date > $out"; }; Some important characteristics: * This requires the 'impure-derivations' experimental feature. * Impure derivations are not "cached". Thus, running "nix-build" on the example above multiple times will cause a rebuild every time. * They are implemented similar to CA derivations, i.e. the output is moved to a content-addressed path in the store. The difference is that we don't register a realisation in the Nix database. * Pure derivations are not allowed to depend on impure derivations. In the future fixed-output derivations will be allowed to depend on impure derivations, thus forming an "impurity barrier" in the dependency graph. * When sandboxing is enabled, impure derivations can access the network in the same way as fixed-output derivations. In relaxed sandboxing mode, they can access the local filesystem.
2022-03-31Merge pull request #6337 from danpls/fix-to-json-replEelco Dolstra
libexpr: Throw the correct error in toJSON
2022-03-31replaceEnv(): Pass newEnv by referenceEelco Dolstra
2022-03-31Merge pull request #6339 from flox/bundler_defaultEelco Dolstra
bundler: update default bundler to support new bundler API
2022-03-30profile!: consistent use of url/uri. create new versionTom Bereknyei
2022-03-30bundler: update default bundler to support new bundler APITom Bereknyei
2022-03-30libutil: Change return value of addTrace to voidDaniel Pauls
The return value of BaseError::addTrace(...) is never used and error-prone as subclasses calling it will return a BaseError instead of the subclass. This commit changes its return value to be void.
2022-03-30libexpr: Throw the correct error in toJSONDaniel Pauls
BaseError::addTrace(...) returns a BaseError, but we want to throw a TypeError instead. Fixes #6336.
2022-03-30Merge pull request #6335 from thufschmitt/gitignore-stray-filesEelco Dolstra
Gitignore or don’t create some build outputs
2022-03-30Gitignore the generated systemd nix-daemon conf fileThéophane Hufschmitt
2022-03-30Don’t create a file in the worktree in the fetchPath testThéophane Hufschmitt
2022-03-30Merge pull request #6334 from NixOS/require-mounts-for-dbEelco Dolstra
nix-daemon.service: require mounts for /nix/var/nix/db
2022-03-29nix-daemon.service: require mounts for /nix/var/nix/dbGraham Christensen
Users may want to mount a filesystem just for the Nix database, with the filesystem's parameters specially tuned for sqlite. For example, on ZFS you might set the recordsize to 64k after changing the database's page size to 65536.
2022-03-29remove const_castBen Burdette
2022-03-29Merge pull request #6268 from thufschmitt/remove-the-variant-in-hashmoduloEelco Dolstra
Simplify the handling of the hash modulo
2022-03-29Simplify the handling of the hash moduloThéophane Hufschmitt
Rather than having four different but very similar types of hashes, make only one, with a tag indicating whether it corresponds to a regular of deferred derivation. This implies a slight logical change: The original Nix+multiple-outputs model assumed only one hash-modulo per derivation. Adding multiple-outputs CA derivations changed this as these have one hash-modulo per output. This change is now treating each derivation as having one hash modulo per output. This obviously means that we internally loose the guaranty that all the outputs of input-addressed derivations have the same hash modulo. But it turns out that it doesn’t matter because there’s nothing in the code taking advantage of that fact (and it probably shouldn’t anyways). The upside is that it is now much easier to work with these hashes, and we can get rid of a lot of useless `std::visit{ overloaded`. Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2022-03-28load debug trace staticenv on 'show'Ben Burdette
2022-03-28debugTraceIndexBen Burdette
2022-03-28Merge pull request #6330 from edolstra/run-remote-storeThéophane Hufschmitt
nix {run,shell}: Print a better error message if the store is not local
2022-03-28Merge pull request #6328 from edolstra/fix-nix-profile-installEelco Dolstra
nix profile install: Don't use queryDerivationOutputMap()