Age | Commit message (Collapse) | Author |
|
Fixes #5645
|
|
|
|
|
|
Fixes #5985.
|
|
|
|
|
|
once a string has been forced we already have dynamic storage allocated for it,
so we can easily reuse that storage instead of copying.
|
|
|
|
Fixes #5952.
|
|
Fix segfault or stack overflow caused by large derivation fields
|
|
If we want to be careful about hitting the stack protector page, we should use `-fstack-check` instead.
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
|
|
Add back `copyClosure` for plain `StorePath`s
|
|
This was removed in 2e199673a523fa81de31ffdd2a25976ce0814631 when
`copyPath` transitioned to use `RealisedPath`. But then in
e9848beca704d27a13e28b4403251725bd485bb2 we added it back just for
`realisedPath`.
I think it is a good utility function --- one can easily imagine it
becoming optimized in the future, and copying paths *violating* the
closure is a very niche feature.
So if we have `copyPaths` for both sorts of paths, I think we should
have `copyClosure` for both sorts too.
|
|
Although this will leave gaps in the stack, the performance impact
of those should be insignificant and we get a simpler solution
this way.
|
|
|
|
... to avoid non-standard, unidiomatic alloca.
|
|
This removes a dynamic stack allocation, making the derivation
unparsing logic robust against overflows when large strings are
added to a derivation.
Overflow behavior depends on the platform and stack configuration.
For instance, x86_64-linux/glibc behaves as (somewhat) expected:
$ (ulimit -s 20000; nix-instantiate tests/lang/eval-okay-big-derivation-attr.nix)
error: stack overflow (possible infinite recursion)
$ (ulimit -s 40000; nix-instantiate tests/lang/eval-okay-big-derivation-attr.nix)
error: expression does not evaluate to a derivation (or a set or list of those)
However, on aarch64-darwin:
$ nix-instantiate big-attr.nix ~
zsh: segmentation fault nix-instantiate big-attr.nix
This indicates a slight flaw in the single stack protection page
approach that is not encountered with normal stack frames.
|
|
|
|
This allows setting the commit-lockfile-summary option to a non-empty
string to override the commit summary while leaving the body unchanged.
|
|
|
|
Fixes #5222.
|
|
|
|
|
|
These were needed back in the pre-C++11 era because we didn't have
move semantics. But now we do.
|
|
|
|
Make --repair-path also repair corrupt optimised links
|
|
|
|
There already existed a smoke test for the link content length,
but it appears that there exists some corruptions pernicious enough
to replace the file content with zeros, and keeping the same length.
--repair-path now goes as far as checking the content of the link,
making it true to its name and actually repairing the path for such
coruption cases.
|
|
|
|
|
|
This causes a recursive call to ensurePath(), which is not a good
idea.
|
|
Better diagnostics if no valid signature found
|
|
This was already accidentally disabled in ba87b08. It also no longer
appears to be beneficial, and in fact slow things down, e.g. when
evaluating a NixOS system configuration:
elapsed time: median = 3.8170 mean = 3.8202 stddev = 0.0195 min = 3.7894 max = 3.8600 [rejected, p=0.00000, Δ=0.36929±0.02513]
|
|
On Docker (but not podman), unshare(CLONE_FS) fails with EPERM. So
let's ignore it and hope nothing bad happens.
Attempted fix for #5777.
|
|
Add a crude tracing mechansim for the build results
|
|
reproducibility: hide non-reproducible settings from manual
|
|
ca-specific-schema.sql: add index on RealisationsRefs(referrer)
|
|
This is a temporary hack until we make queryMissing() async.
Closes #5324.
|
|
|
|
|
|
|
|
https://hydra.nixos.org/build/161439235
|
|
On macOS / BSD, these sockets inherit the non-blocking flag of the
server soocket, which is not what we want.
https://github.com/dotnet/runtime/issues/25069
https://bugs.python.org/issue7995
https://hydra.nixos.org/build/161439304
|
|
Add a `_NIX_TRACE_BUILT_OUTPUTS` environment variable that can be set to
a filename in which the result of each build will be logged.
This is intentionally crude and undocumented as it’s only meant to be a
temporary thing to assess the usefulness of CA derivations.
Any other use would need a cleaner re-implementation first.
|
|
Make the build of unresolved derivations return the same status as the
resolved one, except in the case of an `AlreadyValid` in which case it
will return `ResolvesToAlreadyValid` to mean that the outputs of the unresolved
derivation weren’t known, but the resolved one is.
|
|
|
|
Closes #1584.
|
|
|
|
Tidy up the logging
|
|
I downloaded Nix tonight, and immediately broke it by accidentally removing the default binary caching.
After figuring this out, I also failed to fix it properly, due to using the wrong key for Nix's default binary cache
If the diagnostic message would have been clearer about what/where a "signature" for a "substituter" is + comes from, it probably would have saved me a few hours.
Maybe we can save other noobs the same pain?
|