aboutsummaryrefslogtreecommitdiff
path: root/src/libexpr/primops.cc
AgeCommit message (Collapse)Author
2018-05-30Move evaluator-specific settings out of libstoreEelco Dolstra
2018-05-16add `mod' and bitwise builtins: camel-case function namesvolth
2018-05-16add `mod' and bitwise builtins: remove `mod' and shiftsvolth
2018-05-12add `mod' and bitwise builtinsvolth
2018-04-17isFunction: True on primops.Shea Levy
Fixes #2073
2018-04-09Make prim_exec and prim_importNative available to pluginsShea Levy
2018-03-14Catch more possible instances of passing NULL to memcpy.Shea Levy
Actually fixes #1976.
2018-02-28Actually fix nixDataDir in non-canonical pathShea Levy
2018-02-26libexpr: Fix prim_replaceStrings() to work on an empty source stringTuomas Tynkkynen
Otherwise, running e.g. nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"' would just hang in an infinite loop. Found by afl-fuzz. First attempt of this was reverted in e2d71bd1862cdda because it caused another infinite loop, which is fixed now and a test added.
2018-02-21Revert "libexpr: Fix prim_replaceStrings() to work on an empty source string"Eelco Dolstra
This reverts commit 4ea9707591beceacf9988b3c185faf50da238403. It causes an infinite loop in Nixpkgs evaluation, e.g. "nix-instantiate -A hello" hung. PR #1886.
2018-02-19libexpr: Fix prim_replaceStrings() to work on an empty source stringTuomas Tynkkynen
Otherwise, running e.g. nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"' would just hang in an infinite loop. Found by afl-fuzz.
2018-02-17libexpr: Avoid an unnecessary string copy in prim_derivationStrictTuomas Tynkkynen
2018-02-17libexpr: Remove unnecessary drvName assignment in prim_derivationStrictTuomas Tynkkynen
drvName is already assigned to the same value right at the start of the function.
2018-02-17libexpr: Optimize prim_derivationStrict by using more symbol comparisonsTuomas Tynkkynen
2018-02-17libexpr: Optimize prim_attrNames a bitTuomas Tynkkynen
Instead of having lexicographicOrder() create a temporary sorted array of Attr*:s and copying attr names from that, copy the attr names first and then sort that.
2018-02-14Add splitVersion primop.Shea Levy
Fixes #1868.
2018-02-07Merge pull request #1816 from shlevy/add-pathEelco Dolstra
Add path primop.
2018-02-06Add path primop.Shea Levy
builtins.path allows specifying the name of a path (which makes paths with store-illegal names now addable), allows adding paths with flat instead of recursive hashes, allows specifying a filter (so is a generalization of filterSource), and allows specifying an expected hash (enabling safe path adding in pure mode).
2018-02-06realiseContext(): Add derivation outputs to the allowed pathsEelco Dolstra
This makes import-from-derivation work in restricted mode again.
2018-01-18Don't define builtins.{currentSystem,currentTime} in pure modeEelco Dolstra
This makes it easier to provide a default, e.g. system = builtins.currentSystem or "x86_64-linux";
2018-01-17TypoEelco Dolstra
2018-01-16Add pure evaluation modeEelco Dolstra
In this mode, the following restrictions apply: * The builtins currentTime, currentSystem and storePath throw an error. * $NIX_PATH and -I are ignored. * fetchGit and fetchMercurial require a revision hash. * fetchurl and fetchTarball require a sha256 attribute. * No file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is not allowed. Thus, the evaluation result is completely reproducible from the command line arguments. E.g. nix build --pure-eval '( let nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; }; nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; }; in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux )' The goal is to enable completely reproducible and traceable evaluation. For example, a NixOS configuration could be fully described by a single Git commit hash. 'nixos-rebuild' would do something like nix build --pure-eval '( (import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system ') where the Git repository /my-nixos-config would use further fetchGit calls or Git externals to fetch Nixpkgs and whatever other dependencies it has. Either way, the commit hash would uniquely identify the NixOS configuration and allow it to reproduced.
2018-01-12import, builtins.readFile: Handle diverted storesEelco Dolstra
Fixes #1791
2018-01-02Add hasContext primopShea Levy
2017-10-31Fix filterSourceEelco Dolstra
2017-10-30Add option allowed-urisEelco Dolstra
This allows network access in restricted eval mode.
2017-10-30enable-http2 -> http2Eelco Dolstra
2017-10-30fetchTarball: Use "source" as the default nameEelco Dolstra
This ensures that it produces the same output as fetchgit: $ nix eval --raw '(builtins.fetchgit https://github.com/NixOS/patchelf.git)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source $ nix eval --raw '(fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
2017-10-30fetchurl/fetchTarball: Respect name changesEelco Dolstra
The computation of urlHash didn't take the name into account, so subsequent fetchurl calls with the same URL but a different name would resolve to the same cached store path.
2017-10-25Bump language versionEelco Dolstra
2017-10-25Pass lists/attrsets to bash as (associative) arraysEelco Dolstra
2017-08-15Add builtins.string function.Nicolas B. Pierron
The function 'builtins.split' takes a POSIX extended regular expression and an arbitrary string. It returns a list of non-matching substring interleaved by lists of matched groups of the regular expression. ```nix with builtins; assert split "(a)b" "abc" == [ "" [ "a" ] "c" ]; assert split "([ac])" "abc" == [ "" [ "a" ] "b" [ "c" ] "" ]; assert split "(a)|(c)" "abc" == [ "" [ "a" null ] "b" [ null "c" ] "" ]; assert split "([[:upper:]]+)" " FOO " == [ " " [ "FOO" ] " " ]; ```
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-10Merge pull request #1428 from rimmington/clearer-regex-space-errorEelco Dolstra
Clearer error message when regex exceeds space limit
2017-07-10Clearer error message when regex exceeds space limitRhys
2017-07-04Support base-64 hashesEelco Dolstra
Also simplify the Hash API. Fixes #1437.
2017-05-17builtins.match: Improve error message for bad regular expressionEelco Dolstra
Issue #1331.
2017-05-16Improve progress indicatorEelco Dolstra
2017-05-15Disallow outputHash being null or an empty stringEelco Dolstra
Fixes #1384.
2017-03-31builtins.exec: Make the argument just a listShea Levy
2017-03-30Add exec primop behind allow-unsafe-native-code-during-evaluation.Shea Levy
Execute a given program with the (optional) given arguments as the user running the evaluation, parsing stdout as an expression to be evaluated. There are many use cases for nix that would benefit from being able to run arbitrary code during evaluation, including but not limited to: * Automatic git fetching to get a sha256 from a git revision * git rev-parse HEAD * Automatic extraction of information from build specifications from other tools, particularly language-specific package managers like cabal or npm * Secrets decryption (e.g. with nixops) * Private repository fetching Ideally, we would add this functionality in a more principled way to nix, but in the mean time 'builtins.exec' can be used to get these tasks done. The primop is only available when the 'allow-unsafe-native-code-during-evaluation' nix option is true. That flag also enables the 'importNative' primop, which is strictly more powerful but less convenient (since it requires compiling a plugin against the running version of nix).
2017-03-08Add option to disable import-from-derivation completely, even if the drv is ↵Shea Levy
already realized
2017-01-26Add support for passing structured data to buildersEelco Dolstra
Previously, all derivation attributes had to be coerced into strings so that they could be passed via the environment. This is lossy (e.g. lists get flattened, necessitating configureFlags vs. configureFlagsArray, of which the latter cannot be specified as an attribute), doesn't support attribute sets at all, and has size limitations (necessitating hacks like passAsFile). This patch adds a new mode for passing attributes to builders, namely encoded as a JSON file ".attrs.json" in the current directory of the builder. This mode is activated via the special attribute __structuredAttrs = true; (The idea is that one day we can set this in stdenv.mkDerivation.) For example, stdenv.mkDerivation { __structuredAttrs = true; name = "foo"; buildInputs = [ pkgs.hello pkgs.cowsay ]; doCheck = true; hardening.format = false; } results in a ".attrs.json" file containing (sans the indentation): { "buildInputs": [], "builder": "/nix/store/ygl61ycpr2vjqrx775l1r2mw1g2rb754-bash-4.3-p48/bin/bash", "configureFlags": [ "--with-foo", "--with-bar=1 2" ], "doCheck": true, "hardening": { "format": false }, "name": "foo", "nativeBuildInputs": [ "/nix/store/10h6li26i7g6z3mdpvra09yyf10mmzdr-hello-2.10", "/nix/store/4jnvjin0r6wp6cv1hdm5jbkx3vinlcvk-cowsay-3.03" ], "propagatedBuildInputs": [], "propagatedNativeBuildInputs": [], "stdenv": "/nix/store/f3hw3p8armnzy6xhd4h8s7anfjrs15n2-stdenv", "system": "x86_64-linux" } "passAsFile" is ignored in this mode because it's not needed - large strings are included directly in the JSON representation. It is up to the builder to do something with the JSON representation. For example, in bash-based builders, lists/attrsets of string values could be mapped to bash (associative) arrays.
2017-01-26Bindings: Add a method for iterating in lexicographically sorted orderEelco Dolstra
2017-01-24Revert "Propagate path context via builtins.readFile"Eelco Dolstra
This reverts commit f7f0116dd727ac954fb04d9ef9b9fe7ec034e563. Issue #1174.
2017-01-24Revert "builtins.readFile: Put the references of the file, not those needed ↵Eelco Dolstra
to realize the file, into the context" Reverting commit 451c223deea17918454ae083dcfc0ea2b6103cab for now because it breaks http://hydra.nixos.org/build/46805136, not clear why.
2017-01-10builtins.readFile: Put the references of the file, not those needed to ↵Shea Levy
realize the file, into the context
2016-11-26Revert "Get rid of unicode quotes (#1140)"Eelco Dolstra
This reverts commit f78126bfd6b6c8477fcdbc09b2f98772dbe9a1e7. There really is no need for such a massive change...
2016-11-25Get rid of unicode quotes (#1140)Guillaume Maudoux
2016-10-26Fix SIGFPE from integer overflow during divisionTuomas Tynkkynen
On some architectures (like x86_64 or i686, but not ARM for example) overflow during integer division causes a crash due to SIGFPE. Reproduces on a 64-bit system with: nix-instantiate --eval -E '(-9223372036854775807 - 1) / -1' The only way this can happen is when the smallest possible integer is divided by -1, so just special-case that.