aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/globals.hh
AgeCommit message (Collapse)Author
2023-04-07libstore: Remove lockCPU dead codeRobert Hensing
Left over from 9747ea84b, https://github.com/NixOS/nix/pull/5821
2023-04-07Finish converting existing comments for internal API docs (#8146)John Ericson
* Finish converting existing comments for internal API docs 99% of this was just reformatting existing comments. Only two exceptions: - Expanded upon `BuildResult::status` compat note - Split up file-level `symbol-table.hh` doc comments to get per-definition docs Also fixed a few whitespace goofs, turning leading tabs to spaces and removing trailing spaces. Picking up from #8133 * Fix two things from comments * Use triple-backtick not indent for `dumpPath` * Convert GNU-style `\`..'` quotes to markdown style in API docs This will render correctly.
2023-03-31Ensure all headers have `#pragma once` and are in API docsJohn Ericson
`///@file` makes them show up in the internal API dos. A tiny few were missing `#pragma once`.
2023-03-27Merge pull request #8084 from edolstra/store-docsEelco Dolstra
Auto-generate store documentation
2023-03-27Merge pull request #8062 from edolstra/ssl-cert-fileEelco Dolstra
Add a setting for configuring the SSL certificates file
2023-03-27ssl-cert-file: Use listsEelco Dolstra
2023-03-23Document store URLsEelco Dolstra
2023-03-21Move store docs to 'nix help-stores'Eelco Dolstra
Why not 'nix help stores'? Well, 'nix help <arg>' already means 'show help on the "arg" subcommand'.
2023-03-20Move enabled experimental feature to libutil structJohn Ericson
This is needed in subsequent commits to allow the settings and CLI args infrastructure itself to read this setting.
2023-03-17Add a setting for configuring the SSL certificates fileEelco Dolstra
This provides a platform-independent way to configure the SSL certificates file in the Nix daemon. Previously we provided instructions for overriding the environment variable in launchd, but that obviously doesn't work with systemd. Now we can just tell users to add ssl-cert-file = /etc/ssl/my-certificate-bundle.crt to their nix.conf.
2023-02-27add information on the `build-hook` settingValentin Gagarin
add a warning that you probably never want to change this.
2023-02-10Merge pull request #5588 from tweag/balsoft/xdgThéophane Hufschmitt
Follow XDG Base Directory standard
2023-02-10A setting to follow XDG Base Directory standardAlexander Bantyev
XDG Base Directory is a standard for locations for storing various files. Nix has a few files which seem to fit in the standard, but currently use a custom location directly in the user's ~, polluting it: - ~/.nix-profile - ~/.nix-defexpr - ~/.nix-channels This commit adds a config option (use-xdg-base-directories) to follow the XDG spec and instead use the following locations: - $XDG_STATE_HOME/nix/profile - $XDG_STATE_HOME/nix/defexpr - $XDG_STATE_HOME/nix/channels If $XDG_STATE_HOME is not set, it is assumed to be ~/.local/state. Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com> Co-authored-by: Tim Fenney <kodekata@gmail.com> Co-authored-by: pasqui23 <pasqui23@users.noreply.github.com> Co-authored-by: Artturin <Artturin@artturin.com> Co-authored-by: John Ericson <Ericson2314@Yahoo.com>
2023-02-02Move `trustedUsers` and `allowedUsers` to separate config structJohn Ericson
These settings are not needed for libstore at all, they are just used by the nix daemon *command* for authorization on unix domain sockets. My moving them to a new configuration struct just in that file, we avoid them leaking anywhere else. Also, it is good to break up the mammoth `Settings` struct in general. Issue #5638 tracks this. The message is not changed because I do not want to regress in convenience to the user. Just saying "this connection is not trusted" doesn't tell them out to fix the issue. The ideal thing to do would be to somehow parameterize `processCommand` on how the error should be displayed, so different sorts of connections can display different information to the user based on how authentication is performed for the connection in question. This, however, is a good bit more work, so it is left for the future. This came up with me thinking about the tcp:// store (#5265). The larger project is not TCP *per se*, but the idea that it should be possible for something else to manage access control to services like the Nix Daemon, and those services simply trust or trust the incoming connection as they are told. This is a more capability-oriented way of thinking about trust than "every server implements its own auth separately" as we are used to today. Its very great that libstore itself already implements just this model, and so via this refactor I basically want to "enshrine" that so it continues to be the case.
2023-01-26improve documentation about substituters and trusted usersSolène Rapenne
Co-authored-by: Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
2023-01-10doc/manual: Introduce @docroot@ as a stable base for includable snippetsRobert Hensing
This way the links are clearly within the manual (ie not absolute paths), while allowing snippets to reference the documentation root reliably, regardless of at which base url they're included.
2023-01-02Merge pull request #7478 from hercules-ci/make-sure-initNix-calledThéophane Hufschmitt
libstore: Make sure that initNix has been called
2022-12-28doc: sandbox-paths computes closuresNaïm Favier
2022-12-24libstore: Make sure that initNix has been calledRobert Hensing
Prevent bugs like https://github.com/cachix/cachix/pull/477
2022-12-14Allow disabling build users by unsetting `build-users-group`Naïm Favier
Unsetting `build-users-group` (without `auto-allocate-uids` enabled) gives the following error: ``` src/libstore/lock.cc:25: static std::unique_ptr<nix::UserLock> nix::SimpleUserLock::acquire(): Assertion `settings.buildUsersGroup != ""' failed. ``` Fix the logic in `useBuildUsers` and document the default value for `build-users-group`.
2022-12-07Remove repeat and enforce-determinism optionsLinus Heckemann
These only functioned if a very narrow combination of conditions held: - The result path does not yet exist (--check did not result in repeated builds), AND - The result path is not available from any configured substituters, AND - No remote builders that can build the path are available. If any of these do not hold, a derivation would be built 0 or 1 times regardless of the repeat option. Thus, remove it to avoid confusion.
2022-12-06Tweak option descriptionsEelco Dolstra
2022-12-01move documentation on `auto-allocate-uids` to options docsValentin Gagarin
this is where it belongs and can be found together with the other options.
2022-11-28Add a setting for enabling cgroupsEelco Dolstra
2022-11-21Use hex for startIdEelco Dolstra
Co-authored-by: Linus Heckemann <git@sphalerite.org>
2022-11-08Fix build on macOSEelco Dolstra
2022-11-08Split auto UID allocation from cgroupsEelco Dolstra
Cgroups are now only used for derivations that require the uid-range range feature. This allows auto UID allocation even on systems that don't have cgroups (like macOS). Also, make things work on modern systems that use cgroups v2 (where there is a single hierarchy and no "systemd" controller).
2022-11-03Merge remote-tracking branch 'origin/master' into auto-uid-allocationEelco Dolstra
2022-10-05Merge pull request #6870 from ↵Valentin Gagarin
amjoseph-nixpkgs/pr/doc/explain-local-remote-binary-substituter
2022-09-23Apply suggestions from code reviewJohn Ericson
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Rune K. Svendsen <runesvend@gmail.com>
2022-09-22Dodge "trusted" vs "trustworthy" by being explicit John Ericson
Hopefully this is best!
2022-09-22"valid signature" -> "trustworthy signature"John Ericson
I just had a colleague get confused by the previous phrase for good reason. "valid" sounds like an *objective* criterion, e.g. and *invalid signature* would be one that would be trusted by no one, e.g. because it misformatted or something. What is actually going is that there might be a signature which is perfectly valid to *someone else*, but not to the user, because they don't trust the corresponding public key. This is a *subjective* criterion, because it depends on the arbitrary and personal choice of which public keys to trust. I therefore think "trustworthy" is a better adjective to use. Whether something is worthy of trust is clearly subjective, and then "trust" within that word nicely evokes `trusted-public-keys` and friends.
2022-09-01linkify mention of other optionsAdam Joseph
2022-09-01move substituter signature-checking conditions to configuration file ↵Adam Joseph
documentation
2022-08-22SpellingEelco Dolstra
2022-08-20Better documentation wordingSolène Rapenne
Co-authored-by: Anderson Torres <torres.anderson.85@protonmail.com>
2022-08-19add a nix.conf option to set a download speed limitSolene Rapenne
2022-06-23Remove NIX_LIBEXEC_DIREelco Dolstra
2022-06-23Fix build-remote in nix-staticEelco Dolstra
'build-remote' is now executed via /proc/self/exe so it always works.
2022-06-08Add security.csm to the default ignore listJonpez2
2022-03-01Move some stuff from `Settings` to a new `FetchSettings`.John Ericson
Starting work on #5638 The exact boundary between `FetchSettings` and `EvalSettings` is not clear to me, but that's fine. First lets clean out `libstore`, and then worry about what, if anything, should be the separation between those two.
2022-02-28Merge remote-tracking branch 'upstream/master' into auto-uid-allocationJohn Ericson
2022-02-25Remove std::string alias (for real this time)Eelco Dolstra
Also use std::string_view in a few more places.
2022-02-25refactor: remove verbose-build from docsKevin Amado
- From what I see it is an implementation detail but is no longer configurable from the settings
2022-01-30fix spelling mistakes reported by Debian's lintian toolThomas Koch
2022-01-18allow modifying lockfile commit msg with nix config optionlincoln auster [they/them]
This allows setting the commit-lockfile-summary option to a non-empty string to override the commit summary while leaving the body unchanged.
2021-12-14Merge pull request #5702 from baloo/baloo/hide-non-reproducible-settingsThéophane Hufschmitt
reproducibility: hide non-reproducible settings from manual
2021-12-10Ignore system.nfs4_aclEelco Dolstra
Closes #1584.
2021-12-10Merge branch 'master' of https://github.com/MagicRB/nixEelco Dolstra
2021-12-01reproducibility: hide non-reproducible settings from manualArthur Gautier
Because the manual is generated from default values which are themselves generated from various sources (cpuid, bios settings (kvm), number of cores). This commit hides non-reproducible settings from the manual output.