| Age | Commit message (Collapse) | Author |
|---|
|
Fix building with GCC 9
|
|
Fix PID namespace support check
|
|
Nixpkgs on aarch64-linux is currently stuck on GCC 9
(https://github.com/NixOS/nixpkgs/issues/208412) and using gcc11Stdenv
doesn't work either.
So use c++2a instead of c++20 for now. Unfortunately this means we
can't use some C++20 features for now (like std::span).
|
|
Follow XDG Base Directory standard
|
|
Descriptions for commandline flags may not include newlines and should
be rather short for display in a shell. Truncate the description string
of a flag on '\n' or '.' to and add an ellipsis if needed.
|
|
|
|
XDG Base Directory is a standard for locations for storing various
files. Nix has a few files which seem to fit in the standard, but
currently use a custom location directly in the user's ~, polluting
it:
- ~/.nix-profile
- ~/.nix-defexpr
- ~/.nix-channels
This commit adds a config option (use-xdg-base-directories) to follow
the XDG spec and instead use the following locations:
- $XDG_STATE_HOME/nix/profile
- $XDG_STATE_HOME/nix/defexpr
- $XDG_STATE_HOME/nix/channels
If $XDG_STATE_HOME is not set, it is assumed to be ~/.local/state.
Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
Co-authored-by: Tim Fenney <kodekata@gmail.com>
Co-authored-by: pasqui23 <pasqui23@users.noreply.github.com>
Co-authored-by: Artturin <Artturin@artturin.com>
Co-authored-by: John Ericson <Ericson2314@Yahoo.com>
|
|
Fix minor syntax issue in one of the examples.
|
|
|
|
daemon.cc: Rename UserSettings -> AuthorizationSettings
|
|
|
|
This is a bit more accurate.
It's a private name, but before you know it, someone might make it public!
|
|
Fixes #7783.
|
|
Add a basic daemon authorization test
|
|
disallow selecting shell prompt in code samples
|
|
Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
|
|
|
|
Attribute set expressions need to end with a ;
|
|
|
|
Scope down `--derivation` to just the commands that use it
|
|
Git submodule fixes
|
|
advertise transport encoding in http transfers to
|
|
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
|
|
Co-authored-by: Josef Kemetmüller <josef.kemetmueller@gmail.com>
|
|
* Documentation: builtins.fetchGit when used on a local path
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
|
|
|
|
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
|
|
docs: Fix small formatting errors
|
|
Fix auto-uid-allocation in Docker containers
|
|
And clarify test
|
|
Fixes #3898
The entire `BinaryCaches` row used to get replaced after it became
stale according to the `timestamp` column. In a concurrent scenario,
this leads to foreign key conflicts as different instances of the
in-process `state.caches` cache now differ, with the consequence that
the older process still tries to use the `id` number of the old record.
Furthermore, this phenomenon appears to have caused the cache for
actual narinfos to be erased about every week, while the default
ttl for narinfos was supposed to be 30 days.
|
|
|
|
This allows testing with a clean database.
|
|
This is slightly more accurate considering that an outdated record
may exist in the persistent cache. Possibly-outdated records are
quite relevant as they may be foreign keys to more recent information
that we want to keep, but we will not return them here.
|
|
Set environment variable NIX_DEBUG_SQLITE_TRACES=1 to log all sql statements.
|
|
These were accidentally logged and do not need to appear in make's
log output.
|
|
Use a pipe for all install commands
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
|
|
PR template: Ask release notes for incompatible changes, not bug fixes
|
|
This is a workaround for
[mdBook#2000](https://github.com/rust-lang/mdBook/issues/2000)
|
|
|
|
|
|
|
|
|
|
|
|
In unprivileged podman containers, /proc is not fully visible (there
are other filesystems mounted on subdirectories of /proc). Therefore
we can't mount a new /proc in the sandbox that matches the PID
namespace of the sandbox. So this commit automatically disables
sandboxing if /proc is not fully visible.
|
|
This didn't work because sandboxing doesn't work in Docker. However,
the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails,
we retry with sandboxing disabled. But at that point, we've already
done UID allocation under the assumption that user namespaces are
enabled.
So let's get rid of the "goto fallback" logic and just detect early
whether user / mount namespaces are enabled.
This commit also gets rid of a compatibility hack for some ancient
Linux kernels (<2.13).
|
|
|
|
|
|
fix documentation for `clang11Stdenv` dev shell
|
|
|
