Age | Commit message (Collapse) | Author |
|
This provides a platform-independent way to configure the SSL
certificates file in the Nix daemon. Previously we provided
instructions for overriding the environment variable in launchd, but
that obviously doesn't work with systemd. Now we can just tell users
to add
ssl-cert-file = /etc/ssl/my-certificate-bundle.crt
to their nix.conf.
|
|
it was bumped in https://github.com/NixOS/nixpkgs/pull/176558
|
|
The default maxfiles on macOS 11 and macOS 12 is 256, which is too low
for nix to work:
```
$ launchctl limit maxfiles
maxfiles 256 unlimited
```
Set NumberOfFiles of nix-daemon to 4096 to avoid `Too many open files`
error.
|
|
Previously, the build system used uname(1) output when it wanted to
check the operating system it was being built for, which meant that it
didn't take into-account cross-compilation when the build and host
operating systems were different.
To fix this, instead of consulting uname output, we consult the host
triple, specifically the third "kernel" part.
For "kernel"s with stable ABIs, like Linux or Cygwin, we can use a
simple ifeq to test whether we're compiling for that system, but for
other platforms, like Darwin, FreeBSD, or Solaris, we have to use a
more complicated check to take into account the version numbers at the
end of the "kernel"s. I couldn't find a way to just strip these
version numbers in GNU Make without shelling out, which would be even
more ugly IMO. Because these checks differ between kernels, and the
patsubst ones are quite fiddly, I've added variables for each host OS
we might want to check to make them easier to reuse.
|
|
Before:
UID PID PPID C STIME TTY TIME CMD
0 1737 1 0 2:28PM ?? 0:00.00 /bin/sh -c /bin/wait4path /nix/var/nix/profiles/default/bin/nix-daemon && /nix/var/nix/profiles/default/bin/nix-daemon
0 1739 1737 0 2:28PM ?? 0:00.05 /nix/var/nix/profiles/default/bin/nix-daemon
After:
UID PID PPID C STIME TTY TIME CMD
0 1763 1 0 2:29PM ?? 0:00.05 /nix/var/nix/profiles/default/bin/nix-daemon
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
|
Mac OS multi-user installations are currently broken because all requests
made by nix-daemon to the binary cache fail with:
```
unable to download ... Problem with the SSL CA cert (path? access rights?) (77).
```
This change ensures that the nix-daemon knows where to find the SSL CA cert file.
Fixes #2899 and #3261.
|
|
We're calling `wait4path` on the full, resolved `@bindir@/nix-daemon` path.
That means we're hardcoding something like:
/bin/wait4path /nix/store/zs9c5xhp3zv9p23qnjxp87nl5injsi1i-nix-2.3/bin/nix-daemon && /nix/var/nix/profiles/default/bin/nix-daemon
That seems unnecessarily fragile.
It might be better to wait4path on the path we intend to call.
|
|
On Catalina, the /nix filesystem might not be mounted at start time.
To avoid this service not starting, we need to keep the launch agent
outside of the Nix store. A wait4pid will hold for our /nix dir to be
mounted.
Fixes #3125.
|
|
launchd has some weird syntx. Apparently the program needs to be in
the ProgramArguments, as Program appears to be ignored.
|
|
When using a volume, the nix-daemon path may not exist. To avoid this
issue, we must use the wait4path tool. This should solve one of the
issues in multi-user on macOS Catalina.
|
|
Since macOS 10.14 this has become an error, causing problems if the
nix-daemon loads nix during substitution (this is a forked process).
Workaround for #2523.
|
|
Without this the daemon won't be restarted if the process ever dies, for
example when sending a SIGHUP to reload nix.conf.
|
|
This is mostly to ensure that when Nix is started on macOS via a
launchd service or sshd (for a remote build), it gets a certificate
bundle.
|
|
|
|
|
|
This prevents collisions with the "native" OpenSSL, in particular on
OS X.
Fixes #921.
|
|
Otherwise in particular https://cache.nixos.org won't work in the
daemon.
|
|
|
|
|