| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
This adds a command 'nix make-content-addressable' that rewrites the
specified store paths into content-addressable paths. The advantage of
such paths is that 1) they can be imported without signatures; 2) they
can enable deduplication in cases where derivation changes do not
cause output changes (apart from store path hashes).
For example,
$ nix make-content-addressable -r nixpkgs.cowsay
rewrote '/nix/store/g1g31ah55xdia1jdqabv1imf6mcw0nb1-glibc-2.25-49' to '/nix/store/48jfj7bg78a8n4f2nhg269rgw1936vj4-glibc-2.25-49'
...
rewrote '/nix/store/qbi6rzpk0bxjw8lw6azn2mc7ynnn455q-cowsay-3.03+dfsg1-16' to '/nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16'
We can then copy the resulting closure to another store without
signatures:
$ nix copy --trusted-public-keys '' ---to ~/my-nix /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16
In order to support self-references in content-addressable paths,
these paths are hashed "modulo" self-references, meaning that
self-references are zeroed out during hashing. Somewhat annoyingly,
this means that the NAR hash stored in the Nix database is no longer
necessarily equal to the output of "nix hash-path"; for
content-addressable paths, you need to pass the --modulo flag:
$ nix path-info --json /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 | jq -r .[].narHash
sha256:0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw
$ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16
1ggznh07khq0hz6id09pqws3a8q9pn03ya3c03nwck1kwq8rclzs
$ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 --modulo iq6g2x4q62xp7y7493bibx0qn5w7xz67
0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw
|
|
Experimental features are now opt-in. There is currently one
experimental feature: "nix-command" (which enables the "nix"
command. This will allow us to merge experimental features more
quickly, without committing to supporting them indefinitely.
Typical usage:
$ nix build --experimental-features 'nix-command flakes' nixpkgs#hello
(cherry picked from commit 8e478c234100cf03ea1b777d4bd42a9be7be9e8c,
without the "flakes" feature)
|
|
Fixes #3140.
|
|
Fix unset variable in installer
|
|
|
|
nix-channel documentation: don't suggest deprecated function
|
|
Fixes #3138.
|
|
Add libatomic for 32-bit ARM
|
|
|
|
https://hydra.nixos.org/build/102803093
|
|
https://hydra.nixos.org/build/102803044
|
|
Remove world-writability from {profiles,gcroots}/per-user
|
|
|
|
|
|
700 is pointless since the store is world-readable anyway. And
per-user/root/channels must be world-readable.
|
|
|
|
|
|
|
|
This is already done by the installer, so no need to do it again.
|
|
|
|
'nix-daemon' now creates subdirectories for users when they first
connect.
Fixes #509 (CVE-2019-17365).
Should also fix #3127.
|
|
Otherwise, builds like NixOS VM tests may leave the terminal in a
weird state and do resets.
|
|
|
|
|
|
|
|
Fixes #1892.
Fixes #1865.
Fixes #3119.
|
|
Handle empty sandbox_shell
|
|
|
|
|
|
Make nix-daemon.plist less fragile on macOS
|
|
We're calling `wait4path` on the full, resolved `@bindir@/nix-daemon` path.
That means we're hardcoding something like:
/bin/wait4path /nix/store/zs9c5xhp3zv9p23qnjxp87nl5injsi1i-nix-2.3/bin/nix-daemon && /nix/var/nix/profiles/default/bin/nix-daemon
That seems unnecessarily fragile.
It might be better to wait4path on the path we intend to call.
|
|
Don't symlink org.nixos.nix-daemon.plist in installer
|
|
Don’t source bashrc in pure mode
|
|
Previously, SANDBOX_SHELL was set to empty when unavailable. This
caused issues when actually generating the sandbox. Instead, just set
SANDBOX_SHELL when --with-sandbox-shell= is non-empty. Alternative
implementation to https://github.com/NixOS/nix/pull/3038.
|
|
Pure mode should not try to source the user’s bashrc file. These may
have many impurities that the user does not expect to get into their
shell.
Fixes #3090
|
|
In the multi-user install script, we originally made sure no previous
references to Nix existed. This prevented any previous installs from
contaminating the new install. However, some users need the ability to
repair their existing Nix installation without uninstalling all
references to Nix. This change allows users with existing Nix
installations to use the installer, while still outputing a warning
message on the dangers of this. As a result, the multi-user install
script work much more like the single-user install script has worked
in the past.
This is a requirement for macOS Catalina users now that
/Library/LaunchDaemons/org.nixos.nix-daemon.plisg is not managed by
the Nix store. If there is ever a change to the .plist, all users will
need to rerun this install script to get the new changes. Otherwise,
changes to the launch daemon will require manual interventions.
|
|
On Catalina, the /nix filesystem might not be mounted at start time.
To avoid this service not starting, we need to keep the launch agent
outside of the Nix store. A wait4pid will hold for our /nix dir to be
mounted.
Fixes #3125.
|
|
Fix typos in the Nix Manual.
|
|
|
|
nix search: remove verbose example
|
|
|
|
This reverts commit 6b83174ffffbdfc3f876d94d5178e0b83f675cae because
it doesn't work on macOS yet.
https://hydra.nixos.org/build/102617587
|
|
|
|
Taken from Mesa configure script:
https://github.com/mesa3d/mesa/blob/17.2/configure.ac#L405-L427
|
|
Fixes #3113
|
|
Fix fetchTarball with chroot stores
|
|
Fixes #2405.
|
|
mention `nix-store --query --roots` when a path cannot be deleted
|
