aboutsummaryrefslogtreecommitdiff
path: root/src/nix
AgeCommit message (Collapse)Author
2023-06-20be more serious about security risks with trusted usersValentin Gagarin
2023-06-16fix typoValentin Gagarin
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-06-16do not refer to `trusted-users` another timeValentin Gagarin
2023-06-16fix link textValentin Gagarin
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-06-15Update src/nix/daemon.ccJohn Ericson
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-06-15reword documentation on trusted users and substitutersValentin Gagarin
this is to make it slightly easier to scan over
2023-06-05Add missing <sys/select.h> includeEmily Trau
`select()` may not be ambiently available for use on every platform
2023-06-04Fix code block formatting in man pagefigsoda
2023-05-23`nix flake check`: skip derivations for foreign systems (#7759)Peter Becich
`nix flake show` now skips derivations for foreign systems: https://github.com/NixOS/nix/pull/6988 This commit borrows from that to implement the same behavior for `nix flake check`. See "nix flake check breaks on IFD in multi-platform flake" https://github.com/NixOS/nix/issues/4265
2023-05-17Upgrade `downstreamPlaceholder` to a type with methodsJohn Ericson
This gets us ready for dynamic derivation dependencies (part of RFC 92).
2023-05-17Also use long options in src/nix/*.mdAlexander Schmolck
2023-05-16Fix the printing of the installables on `nix profile install` conflictThéophane Hufschmitt
- If the element comes from a flake, print the full flakeref (with the fragment part) and not just the reference to the flake itself - If the element doesn't come from a flake, print its store path(s) This is a bit too verbose, but has the advantages of being correct (and not crashing), so it's strictly better than the previous situation Fix https://github.com/NixOS/nix/issues/8284
2023-05-16Rename `ProfileElement.describe()` to `.identifier`Théophane Hufschmitt
This method isn't used to describe what the element is, but to return a unique identifier for it whithin the current profile
2023-05-15Dedup some markdown -> C++ big literal stuff in build systemJohn Ericson
This pattern rule was unwisely hidden in `src/libstore/local.mk`. Now it is properly in `mk/` and we reuse it for the profile docs too.
2023-05-15Merge pull request #8141 from tweag/user-files-docJohn Ericson
Document user files of nix
2023-05-10Fix `nix print-dev-env` & `nix develop` with drv pathsJohn Ericson
Fixes #8309 This regression was because both `CmdDevelop` and `CmdPrintDevEnv` were switched to be `InstallableValueCommand` subclasses, but actually neither should have been. The `nixpkgsFlakeRef` method should indeed not be on the base installable class, because "flake refs" and "nixpkgs" are not installable-wide notions, but that doesn't mean these commands should only accept installable values.
2023-04-28nix: Support the --repair flagEelco Dolstra
2023-04-28display documentation on manifest files separatelyValentin Gagarin
it's probably better not to show the manifest file documentation in the command-specific pages, because these are implementation details that are not really practically useful. this means no additional hassle for building the manual, but clutters the table of contents a bit.
2023-04-26move compatibility info to `nix profile` docsValentin Gagarin
2023-04-26Include user-profiles.md into nix profile --helpAlexander Bantyev
2023-04-26Document user files of nixAlexander Bantyev
2023-04-25nix build --json: Only show non-zero startTime / stopTimeEelco Dolstra
2023-04-24Merge remote-tracking branch 'origin/master' into source-pathEelco Dolstra
2023-04-21Use `std::set<StringContextElem>` not `PathSet` for string contextsJohn Ericson
Motivation `PathSet` is not correct because string contexts have other forms (`Built` and `DrvDeep`) that are not rendered as plain store paths. Instead of wrongly using `PathSet`, or "stringly typed" using `StringSet`, use `std::std<StringContextElem>`. ----- In support of this change, `NixStringContext` is now defined as `std::std<StringContextElem>` not `std:vector<StringContextElem>`. The old definition was just used by a `getContext` method which was only used by the eval cache. It can be deleted altogether since the types are now unified and the preexisting `copyContext` function already suffices. Summarizing the previous paragraph: Old: - `value/context.hh`: `NixStringContext = std::vector<StringContextElem>` - `value.hh`: `NixStringContext Value::getContext(...)` - `value.hh`: `copyContext(...)` New: - `value/context.hh`: `NixStringContext = std::set<StringContextElem>` - `value.hh`: `copyContext(...)` ---- The string representation of string context elements no longer contains the store dir. The diff of `src/libexpr/tests/value/context.cc` should make clear what the new representation is, so we recommend reviewing that file first. This was done for two reasons: Less API churn: `Value::mkString` and friends did not take a `Store` before. But if `NixStringContextElem::{parse, to_string}` *do* take a store (as they did before), then we cannot have the `Value` functions use them (in order to work with the fully-structured `NixStringContext`) without adding that argument. That would have been a lot of churn of threading the store, and this diff is already large enough, so the easier and less invasive thing to do was simply make the element `parse` and `to_string` functions not take the `Store` reference, and the easiest way to do that was to simply drop the store dir. Space usage: Dropping the `/nix/store/` (or similar) from the internal representation will safe space in the heap of the Nix programming being interpreted. If the heap contains many strings with non-trivial contexts, the saving could add up to something significant. ---- The eval cache version is bumped. The eval cache serialization uses `NixStringContextElem::{parse, to_string}`, and since those functions are changed per the above, that means the on-disk representation is also changed. This is simply done by changing the name of the used for the eval cache from `eval-cache-v4` to eval-cache-v5`. ---- To avoid some duplication `EvalCache::mkPathString` is added to abstract over the simple case of turning a store path to a string with just that string in the context. Context This PR picks up where #7543 left off. That one introduced the fully structured `NixStringContextElem` data type, but kept `PathSet context` as an awkward middle ground between internal `char[][]` interpreter heap string contexts and `NixStringContext` fully parsed string contexts. The infelicity of `PathSet context` was specifically called out during Nix team group review, but it was agreeing that fixing it could be left as future work. This is that future work. A possible follow-up step would be to get rid of the `char[][]` evaluator heap representation, too, but it is not yet clear how to do that. To use `NixStringContextElem` there we would need to get the STL containers to GC pointers in the GC build, and I am not sure how to do that. ---- PR #7543 effectively is writing the inverse of a `mkPathString`, `mkOutputString`, and one more such function for the `DrvDeep` case. I would like that PR to have property tests ensuring it is actually the inverse as expected. This PR sets things up nicely so that reworking that PR to be in that more elegant and better tested way is possible. Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2023-04-18Merge pull request #8220 from accelbread/whitelist-commit-lockfile-summaryRobert Hensing
Add commit-lockfile-summary to flake nixConfig whitelist
2023-04-18src/nix/flake.md: Itemize safe nixConfigsRobert Hensing
2023-04-17Experimentally allow forcing `nix-daemon` trust; use this to testJohn Ericson
We finally test the status quo of remote build trust in a number of ways. We create a new experimental feature on `nix-daemon` to do so. PR #3921, which improves the situation with trustless remote building, will build upon these changes. This code / tests was pull out of there to make this, so everything is easier to review, and in particular we test before and after so the new behavior in that PR is readily apparent from the testsuite diff alone.
2023-04-17Merge pull request #3746 from obsidiansystems/path-infoRobert Hensing
Introduce `StoreReferences` and `ContentAddressWithReferences`
2023-04-17Explain various `.self = false,`John Ericson
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-04-17Merge remote-tracking branch 'upstream/master' into source-pathRobert Hensing
2023-04-14Whitelist commit-lockfile-summary in flake nixConfigArchit Gupta
2023-04-14Start cross-referencing experimental featuresJohn Ericson
- Create a glossary entry for experimental features. - Have the man page experimental feature notice link `nix-commmand`. (Eventually this should be programmed, based on whether the command is experimental, and if so what experimental feature does it depend on.) - Document which installables depend on which experimental features. I tried to use the same style (bold warning and block quote) that the top of the man page uses. Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-04-11Merge pull request #7798 from peeley/list-experimental-featuresEelco Dolstra
Documentation: list experimental features in manual
2023-04-07Merge remote-tracking branch 'upstream/master' into path-infoJohn Ericson
2023-04-07Tidy up and comment daemon CLIJohn Ericson
Some of the factoring out was taken from #7912 by @mupdt. Thanks! No behavior should be changed in this commit. Co-Authored-By: mupdt <25388474+mupdt@users.noreply.github.com> Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-04-07Create `nix derivation add` commandJohn Ericson
Also refine `nix derivation show`'s docs very slightly.
2023-04-07Rename files to reflect new `nix derivation show` nameJohn Ericson
This will match the files we added for `nix add derivation` in the rest of this PR.
2023-04-07`nix show-derivation` -> `nix derivation show`John Ericson
2023-04-07Include the name in the JSON for derivationsJohn Ericson
This is non-breaking change in the to-JSON direction. This *is* a breaking change in the from-JSON direction, but we don't care, as that is brand new in this PR. `nix show-derivation --help` currently has the sole public documentation of this format, it is updated accordingly.
2023-04-06Add `Store::isTrustedClient()`matthewcroughan
This function returns true or false depending on whether the Nix client is trusted or not. Mostly relevant when speaking to a remote store with a daemon. We include this information in `nix ping store` and `nix doctor` Co-Authored-By: John Ericson <John.Ericson@Obsidian.Systems>
2023-04-06Backport SourcePath from the lazy-trees branchEelco Dolstra
This introduces the SourcePath type from lazy-trees as an abstraction for accessing files from inputs that may not be materialized in the real filesystem (e.g. Git repositories). Currently, however, it's just a wrapper around CanonPath, so it shouldn't change any behaviour. (On lazy-trees, SourcePath is a <InputAccessor, CanonPath> tuple.)
2023-04-04Assemble experimental feature docs outside of Nix itselfJohn Ericson
Instead of constructing a markdown list in C++ (which involved all sorts of nasty string literals), export some JSON and assemble it with the manual build system. Besides following the precedent set with other dumped data, this is a better separate of content and presentation; if we decide for example we want to display this information in a different way, or in a different section of the manual, it will become much easier to do so.
2023-04-03Stuctured command stabilityJohn Ericson
Prior to this, there was an ad-hoc whitelist in `main.cc`. Now, every command states its stability. In a future PR, we will adjust the manual to take advantage of this new information in the JSON. (It will be easier to do that once we have some experimental feature docs to link too; see #5930 and #7798.)
2023-04-03Merge pull request #7610 from obsidiansystems/gate-default-settingsThéophane Hufschmitt
Punt on improper global flags for now
2023-03-31Ensure all headers have `#pragma once` and are in API docsJohn Ericson
`///@file` makes them show up in the internal API dos. A tiny few were missing `#pragma once`.
2023-03-31Merge pull request #7406 from amesgen/gitlab-fetcherThéophane Hufschmitt
Document `gitlab` input scheme
2023-03-30Use "raw pattern" for content address typesJohn Ericson
We weren't because this ancient PR predated it! This is actually a new version of the pattern which addresses some issues identified in #7479.
2023-03-30Merge remote-tracking branch 'upstream/master' into path-infoJohn Ericson
Also improve content-address.hh API docs.
2023-03-28Docs: Explain why `import nixpkgs` works in flakesJoachim Breitner
2023-03-27Fix more profile dirs in docsJohn Ericson
Picking up where #8078 left off.