aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-07-19libstore/globals.cc: Automatically set cores based on cgroup CPU limitAlex Wied
By default, Nix sets the "cores" setting to the number of CPUs which are physically present on the machine. If cgroups are used to limit the CPU and memory consumption of a large Nix build, the OOM killer may be invoked. For example, consider a GitLab CI pipeline which builds a large software package. The GitLab runner spawns a container whose CPU is limited to 4 cores and whose memory is limited to 16 GiB. If the underlying machine has 64 cores, Nix will invoke the build with -j64. In many cases, that level of parallelism will invoke the OOM killer and the build will completely fail. This change sets the default value of "cores" to be ceil(cpu_quota / cpu_period), with a fallback to std::thread::hardware_concurrency() if cgroups v2 is not detected.
2022-07-19local-derivation-goal.cc: save global errno to the stack before performing ↵Adam Joseph
tests which might clobber it
2022-07-19error.hh: add additional constructor with explicit errno argumentAdam Joseph
2022-07-19as requested by @thufschmitt ↵Adam Joseph
https://github.com/NixOS/nix/pull/6814#discussion_r924275777
2022-07-19change warn() to notice()Adam Joseph
2022-07-18Merge pull request #6784 from tweag/completion-testThéophane Hufschmitt
Add some tests for the CLI completion
2022-07-18Merge pull request #6812 from lovesegfault/rosetta-pathsEelco Dolstra
fix(libstore): allow Nix to access all Rosetta 2 paths on MacOS
2022-07-17local-derivation-goal.cc: detect unprivileged_userns_clone failure modeAdam Joseph
The workaround for "Some distros patch Linux" mentioned in local-derivation-goal.cc will not help in the `--option sandbox-fallback false` case. To provide the user more helpful guidance on how to get the sandbox working, let's check to see if the `/proc` node created by the aforementioned patch is present and configured in a way that will cause us problems. If so, give the user a suggestion for how to troubleshoot the problem.
2022-07-17local-derivation-goal.cc: add comment re: CLONE_NEWUSERAdam Joseph
local-derivation-goal.cc contains a comment stating that "Some distros patch Linux to not allow unprivileged user namespaces." Let's give a pointer to a common version of this patch for those who want more details about this failure mode.
2022-07-16local-derivation-goal.cc: warn if failing and /proc/self/ns/user missingAdam Joseph
This commit causes nix to `warn()` if sandbox setup has failed and `/proc/self/ns/user` does not exist. This is usually a sign that the kernel was compiled without `CONFIG_USER_NS=y`, which is required for sandboxing.
2022-07-16local-derivation-goal.cc: warn if failing due to max_user_namespaces==0Adam Joseph
This commit uses `warn()` to notify the user if sandbox setup fails with errno==EPERM and /proc/sys/user/max_user_namespaces is missing or zero, since that is at least part of the reason why sandbox setup failed. Note that `echo -n 0 > /proc/sys/user/max_user_namespaces` or equivalent at boot time has been the recommended mitigation for several Linux LPE vulnerabilities over the past few years. Many users have applied this mitigation and then forgotten that they have done so.
2022-07-16local-derivation-goal.cc: improve error messages when sandboxing failsAdam Joseph
The failure modes for nix's sandboxing setup are pretty complicated. When nix is unable to set up the sandbox, let's provide more detail about what went wrong. Specifically: * Make sure the error message includes the word "sandbox" so the user knows that the failure was related to sandboxing. * If `--option sandbox-fallback false` was provided, and removing it would have allowed further attempts to make progress, let the user know.
2022-07-15fix(libstore): allow Nix to access all Rosetta 2 paths on MacOSAlex Wied
Fixes: #5884
2022-07-15Merge pull request #6810 from jfly/jfly/do-not-assume-savedvars-existEelco Dolstra
nix develop: do not assume that saved vars are set
2022-07-15Merge pull request #6811 from edolstra/fix-auto-chrootEelco Dolstra
Disable auto-chroot if $NIX_STATE_DIR is set
2022-07-15Disable auto-chroot if $NIX_STATE_DIR is setEelco Dolstra
Issue #6732.
2022-07-14nix develop: do not assume that saved vars are setJeremy Fleischman
This fixes https://github.com/NixOS/nix/issues/6809
2022-07-14Merge pull request #6807 from NixOS/curl-patchDomen Kožar
curl: patch for netrc regression in Nix
2022-07-14curl: patch for netrc regression in NixDomen Kožar
2022-07-14Merge pull request #6804 from edolstra/fix-auto-chrootEelco Dolstra
Disable auto-chroot if $NIX_STORE_DIR is set
2022-07-14Disable auto-chroot if $NIX_STORE_DIR is setEelco Dolstra
Fixes #6732.
2022-07-14Merge pull request #6803 from edolstra/test-stack-traceEelco Dolstra
On test failures, print a bash stack trace
2022-07-14On test failures, print a bash stack traceEelco Dolstra
This makes it easier to identify what command failed. It looks like: follow-paths.sh: test failed at: main in follow-paths.sh:54
2022-07-14Merge pull request #6802 from edolstra/split-flakes-testsEelco Dolstra
Split flakes tests
2022-07-13Split off 'nix flake check' testsEelco Dolstra
2022-07-13Move flake-searching.sh and make it less dependent on gitEelco Dolstra
2022-07-13Move flake-local-settings.shEelco Dolstra
2022-07-13Move the 'nix bundle' testsEelco Dolstra
Note: these were previously not actually called.
2022-07-13Split off following paths testsEelco Dolstra
2022-07-13Split off 'nix flake init' testsEelco Dolstra
2022-07-13Split off the circular flake import testsEelco Dolstra
2022-07-13Split off the Mercurial flake testsEelco Dolstra
2022-07-13Move flakes tests to a subdirectoryEelco Dolstra
2022-07-13Merge pull request #6797 from edolstra/overrides-checkEelco Dolstra
Simplify the check for overrides on non-existent inputs
2022-07-13tests/flakes.sh: Make sure flake7 is cleanEelco Dolstra
Cherry-picked from the lazy-trees branch, where we no longer write a lock file if any of the inputs is dirty.
2022-07-13Simplify the check for overrides on non-existent inputsEelco Dolstra
2022-07-13Merge pull request #6794 from eltociear/patch-1Théophane Hufschmitt
Fix typo in flake.cc
2022-07-13Add some more completion testsThéophane Hufschmitt
- Test another command than `build` - Test with two input flakes
2022-07-13Fix the “out of order” completion testThéophane Hufschmitt
`--override-input` id snarky because it takes two arguments, so it doesn't play well when completed in the middle of the CLI (since the argument just after gets interpreted as its second argument). So use `--update-input` instead
2022-07-13Fix typo in flake.ccIkko Ashimine
non-existant -> non-existent
2022-07-12Merge pull request #6791 from edolstra/fix-installerEelco Dolstra
Fix --no-daemon installation
2022-07-12Merge pull request #6663 from Ma27/follows-invalid-inputThéophane Hufschmitt
flakes: throw an error if `follows`-declaration for an input is invalid
2022-07-12Fix --no-daemon installationEelco Dolstra
It was accidentally triggering the auto-chroot code path because /nix/var/nix didn't exist. Fixes #6790.
2022-07-12Fix debug messageEelco Dolstra
2022-07-12Move follows-check into its own functionMaximilian Bosch
2022-07-12Turn error for non-existant follows into a warningMaximilian Bosch
2022-07-12Merge pull request #6781 from ryantm/staleEelco Dolstra
update stale bot per RFC 0124
2022-07-12flakes: throw an error if `follows`-declaration for an input is invalidMaximilian Bosch
I recently got fairly confused why the following expression didn't have any effect { description = "Foobar"; inputs.sops-nix = { url = github:mic92/sops-nix; inputs.nixpkgs_22_05.follows = "nixpkgs"; }; } until I found out that the input was called `nixpkgs-22_05` (please note the dash vs. underscore). IMHO it's not a good idea to not throw an error in that case and probably leave end-users rather confused, so I implemented a small check for that which basically checks whether `follows`-declaration from overrides actually have corresponding inputs in the transitive flake. In fact this was done by accident already in our own test-suite where the removal of a `follows` was apparently forgotten[1]. Since the key of the `std::map` that holds the `overrides` is a vector and we have to find the last element of each vector (i.e. the override) this has to be done with a for loop in O(n) complexity with `n` being the total amount of overrides (which shouldn't be that large though). Please note that this doesn't work with nested expressions, i.e. inputs.fenix.inputs.nixpkgs.follows = "..."; which is a known problem[2]. For the expression demonstrated above, an error like this will be thrown: error: sops-nix has a `follows'-declaration for a non-existant input nixpkgs_22_05! [1] 2664a216e57169ec57d7f51be1b8383c1be83fd5 [2] https://github.com/NixOS/nix/issues/5790
2022-07-12Test the tilde expansion for the flake completionThéophane Hufschmitt
Also add a disabled test for when the `--override-input` flag comes *before* the flake ref
2022-07-12Harden the comparisons in the completion testThéophane Hufschmitt
- Don't use `printf` for the expected result, but just use bash's `$' '` litteral strings - Quote the `nix` call result - Invert the order in the comparisons (just because it feels more natural)