| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This makes Darwin consistent with Linux: Nix expressions can't break
out of the sandbox unless relaxed sandbox mode is enabled.
For the normal sandbox mode this will require fixing #759 however.
|
|
|
|
|
|
Otherwise, since the call to write a "d" character to the lock file
can fail with ENOSPC, we can get an unhandled exception resulting in a
call to terminate().
|
|
Caused by 8063fc497ab78fa72962b93874fe25dcca2b55ed. If tmpDir !=
tmpDirInSandbox (typically when there are multiple concurrent builds
with the same name), the *Path attribute would not point to an
existing file. This caused Nixpkgs' writeTextFile to write an empty
file. In particular this showed up as hanging VM builds (because it
would run an empty run-nixos-vm script and then wait for it to finish
booting).
|
|
Hopefully fixes Darwin sandbox regression introduced in
8063fc497ab78fa72962b93874fe25dcca2b55ed.
|
|
|
|
|
|
We should probably disallow these, but until then, we shouldn't barf
with an assertion failure.
Fixes #738.
|
|
Make Debian package depend on libcurl3-nss
|
|
Otherwise nix-env fails to start if it is not installed
|
|
Use shellwords for nix-shell shebang
|
|
|
|
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent
ambiguity.
|
|
Clarify error message for hash mismatches (again)
|
|
This is arguably nitpicky, but I think this new formulation is even
clearer. My thinking is that it's easier to comprehend when the
calculated hash value is displayed close to the output path. (I think it
is somewhat similar to eliminating double negatives in logic
statements.)
The formulation is inspired / copied from the OpenEmbedded build tool,
bitbake.
|
|
Previously we can't have quoted arguments.
This now allows us to use things like `ghcWithPackages`
|
|
|
|
Rather than using $<host-TMPDIR>/nix-build-<drvname>-<number>, the
temporary directory is now always /tmp/nix-build-<drvname>-0. This
improves bitwise-exact reproducibility for builds that store $TMPDIR
in their build output. (Of course, those should still be fixed...)
|
|
edolstra:
“…since callers of readDirectory have to handle the possibility of
DT_UNKNOWN anyway, and we don't want to do a stat call for every
directory entry unless it's really needed.”
|
|
autoCallFunction now auto-calls functors
|
|
|
|
Update nix.spec.in
|
|
Some benchmarking suggested this as a good value. Running
$ benchmark -f ... -t 25 -- sh -c 'rm -f /nix/var/nix/binary-cache*; nix-store -r /nix/store/x5z8a2yvz8h6ccmhwrwrp9igg03575jg-nixos-15.09.git.5fd87e1M.drv --dry-run --option binary-caches-parallel-connections <N>'
gave the following mean elapsed times for these values of N:
N=10: 3.3541
N=20: 2.9320
N=25: 2.6690
N=30: 2.9417
N=50: 3.2021
N=100: 3.5718
N=150: 4.2079
Memory usage is also reduced (N=150 used 186 MB, N=25 only 68 MB).
Closes #708.
|
|
|
|
|
|
There is really no conceivable reason why building Nix would need
access to the host's nix.conf. If it does, it's a bug, and we should
fix that instead.
|
|
Also, make the FreeBSD checks conditional on FreeBSD.
|
|
Print license information on '--xml --meta'
|
|
Fixed typo.
|
|
FreeBSD support with knowledge about Linux emulation
|
|
|
|
Reintroduces the functionality that allows the baked-in pre-build-hook to find framework dependencies
|
|
|
|
As discussed in NixOS/nixpkgs#11001, we still need some of the old
sandbox mechanism.
This reverts commit d760c2638c9e1f4b8cd9b4ec90d68bf0c76a800b.
|
|
The nixpkgs manual prescribes the use of values from stdenv.lib.licenses
for the meta.license attribute. Those values are attribute sets and
currently skipped when running nix-env with '--xml --meta'. This has the
consequence that also nixpkgs-lint will report missing licenses.
With this commit nix-env with '--xml --meta' will print all attributes
of an attribute set that are of type tString. For example the output for
the package nixpkgs.hello is
<meta name="license" type="strings">
<string type="url" value="http://spdx.org/licenses/GPL-3.0+" />
<string type="shortName" value="gpl3Plus" />
<string type="fullName" value="GNU General Public License v3.0 or later" />
<string type="spdxId" value="GPL-3.0+" />
</meta>
This commit fixes nixpkgs-lint, too.
|
|
|
|
Temporarily allow derivations to describe their full sandbox profile.
This will be eventually scaled back to a more secure setup, see the
discussion at #695
|
|
src/libstore/build.cc: clarify error message for hash mismatches
|
|
Nix reports a hash mismatch saying:
output path ‘foo’ should have sha256 hash ‘abc’, instead has ‘xyz’
That message is slightly ambiguous and some people read that statement
to mean the exact opposite of what it is supposed to mean. After this
patch, the message will be:
Nix expects output path ‘foo’ to have sha256 hash ‘abc’, instead it has ‘xyz’
|
|
Use AutoDelete for sandbox profile file
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
