aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-07-22Merge pull request #6814 from amjoseph-nixpkgs/pr/sandbox-error-messagesThéophane Hufschmitt
local-derivation-goal.cc: improve error messages when sandboxing fails
2022-07-19libstore/globals.cc: Move cgroup detection to libutilAlex Wied
2022-07-19libstore/globals.cc: Automatically set cores based on cgroup CPU limitAlex Wied
By default, Nix sets the "cores" setting to the number of CPUs which are physically present on the machine. If cgroups are used to limit the CPU and memory consumption of a large Nix build, the OOM killer may be invoked. For example, consider a GitLab CI pipeline which builds a large software package. The GitLab runner spawns a container whose CPU is limited to 4 cores and whose memory is limited to 16 GiB. If the underlying machine has 64 cores, Nix will invoke the build with -j64. In many cases, that level of parallelism will invoke the OOM killer and the build will completely fail. This change sets the default value of "cores" to be ceil(cpu_quota / cpu_period), with a fallback to std::thread::hardware_concurrency() if cgroups v2 is not detected.
2022-07-19local-derivation-goal.cc: save global errno to the stack before performing ↵Adam Joseph
tests which might clobber it
2022-07-19error.hh: add additional constructor with explicit errno argumentAdam Joseph
2022-07-19as requested by @thufschmitt ↵Adam Joseph
https://github.com/NixOS/nix/pull/6814#discussion_r924275777
2022-07-19change warn() to notice()Adam Joseph
2022-07-17local-derivation-goal.cc: detect unprivileged_userns_clone failure modeAdam Joseph
The workaround for "Some distros patch Linux" mentioned in local-derivation-goal.cc will not help in the `--option sandbox-fallback false` case. To provide the user more helpful guidance on how to get the sandbox working, let's check to see if the `/proc` node created by the aforementioned patch is present and configured in a way that will cause us problems. If so, give the user a suggestion for how to troubleshoot the problem.
2022-07-17local-derivation-goal.cc: add comment re: CLONE_NEWUSERAdam Joseph
local-derivation-goal.cc contains a comment stating that "Some distros patch Linux to not allow unprivileged user namespaces." Let's give a pointer to a common version of this patch for those who want more details about this failure mode.
2022-07-16local-derivation-goal.cc: warn if failing and /proc/self/ns/user missingAdam Joseph
This commit causes nix to `warn()` if sandbox setup has failed and `/proc/self/ns/user` does not exist. This is usually a sign that the kernel was compiled without `CONFIG_USER_NS=y`, which is required for sandboxing.
2022-07-16local-derivation-goal.cc: warn if failing due to max_user_namespaces==0Adam Joseph
This commit uses `warn()` to notify the user if sandbox setup fails with errno==EPERM and /proc/sys/user/max_user_namespaces is missing or zero, since that is at least part of the reason why sandbox setup failed. Note that `echo -n 0 > /proc/sys/user/max_user_namespaces` or equivalent at boot time has been the recommended mitigation for several Linux LPE vulnerabilities over the past few years. Many users have applied this mitigation and then forgotten that they have done so.
2022-07-16local-derivation-goal.cc: improve error messages when sandboxing failsAdam Joseph
The failure modes for nix's sandboxing setup are pretty complicated. When nix is unable to set up the sandbox, let's provide more detail about what went wrong. Specifically: * Make sure the error message includes the word "sandbox" so the user knows that the failure was related to sandboxing. * If `--option sandbox-fallback false` was provided, and removing it would have allowed further attempts to make progress, let the user know.
2022-07-15fix(libstore): allow Nix to access all Rosetta 2 paths on MacOSAlex Wied
Fixes: #5884
2022-07-15Merge pull request #6810 from jfly/jfly/do-not-assume-savedvars-existEelco Dolstra
nix develop: do not assume that saved vars are set
2022-07-15Disable auto-chroot if $NIX_STATE_DIR is setEelco Dolstra
Issue #6732.
2022-07-14nix develop: do not assume that saved vars are setJeremy Fleischman
This fixes https://github.com/NixOS/nix/issues/6809
2022-07-14Disable auto-chroot if $NIX_STORE_DIR is setEelco Dolstra
Fixes #6732.
2022-07-13Simplify the check for overrides on non-existent inputsEelco Dolstra
2022-07-13Fix typo in flake.ccIkko Ashimine
non-existant -> non-existent
2022-07-12Merge pull request #6663 from Ma27/follows-invalid-inputThéophane Hufschmitt
flakes: throw an error if `follows`-declaration for an input is invalid
2022-07-12Fix debug messageEelco Dolstra
2022-07-12Move follows-check into its own functionMaximilian Bosch
2022-07-12Turn error for non-existant follows into a warningMaximilian Bosch
2022-07-12flakes: throw an error if `follows`-declaration for an input is invalidMaximilian Bosch
I recently got fairly confused why the following expression didn't have any effect { description = "Foobar"; inputs.sops-nix = { url = github:mic92/sops-nix; inputs.nixpkgs_22_05.follows = "nixpkgs"; }; } until I found out that the input was called `nixpkgs-22_05` (please note the dash vs. underscore). IMHO it's not a good idea to not throw an error in that case and probably leave end-users rather confused, so I implemented a small check for that which basically checks whether `follows`-declaration from overrides actually have corresponding inputs in the transitive flake. In fact this was done by accident already in our own test-suite where the removal of a `follows` was apparently forgotten[1]. Since the key of the `std::map` that holds the `overrides` is a vector and we have to find the last element of each vector (i.e. the override) this has to be done with a for loop in O(n) complexity with `n` being the total amount of overrides (which shouldn't be that large though). Please note that this doesn't work with nested expressions, i.e. inputs.fenix.inputs.nixpkgs.follows = "..."; which is a known problem[2]. For the expression demonstrated above, an error like this will be thrown: error: sops-nix has a `follows'-declaration for a non-existant input nixpkgs_22_05! [1] 2664a216e57169ec57d7f51be1b8383c1be83fd5 [2] https://github.com/NixOS/nix/issues/5790
2022-07-12Merge pull request #6693 from ncfavier/complete-flake-inputsThéophane Hufschmitt
Improve shell completion of flake inputs
2022-07-11Merge branch 'master' into ignore-tryBen Burdette
2022-07-11move ignore-try to EvalSettingsBen Burdette
2022-07-11use util.hh class instead of localBen Burdette
2022-07-11'tryEval' not 'try clause'Ben Burdette
2022-07-11Fix flake input completion for `InstallablesCommand`sNaïm Favier
Defers completion of flake inputs until the whole command line is parsed so that we know what flakes we need to complete the inputs of. Previously, `nix build flake --update-input <Tab>` always behaved like `nix build . --update-input <Tab>`.
2022-07-05builtins.traceVerbose: Post rebase fixesGytis Ivaskevicius
2022-07-05Add builtins.traceVerboseGytis Ivaskevicius
Co-Authored-By: Silvan Mosberger <contact@infinisil.com> Add builtins.traceVerbose tests
2022-07-05Merge pull request #6664 from Ma27/innixshell-backwards-compatThéophane Hufschmitt
nix-shell: restore backwards-compat with old nixpkgs
2022-06-29Merge pull request #6699 from tennox/better-flake-new-error-messageThéophane Hufschmitt
flakes: apply templates partially on conflicts
2022-06-29Merge pull request #6233 from flox/nix-repl-flakesThéophane Hufschmitt
Nix repl flakes
2022-06-29Merge pull request #6674 from ↵Théophane Hufschmitt
virusdave/dnicponski/scratch/dont_capture_stdout_in_nix_repl_master Don't capture `stdout` when launching subshells in `nix repl`
2022-06-29Merge pull request #6702 from ncfavier/develop-prepend-varsEelco Dolstra
nix develop: save XDG_DATA_DIRS for loadable completion
2022-06-29Merge remote-tracking branch 'origin/master' into better-flake-new-error-messageThéophane Hufschmitt
2022-06-29Merge pull request #6739 from edolstra/ignore-chroot-errorEelco Dolstra
Don't fail if we can't create ~/.local/share/nix/root
2022-06-29Don't fail if we can't create ~/.local/share/nix/rootEelco Dolstra
https://hydra.nixos.org/build/182135943
2022-06-29src/libexpr/tests/primops.cc: Quote Nix expressionsEelco Dolstra
Otherwise they don't survive reformatting, see the failure in https://github.com/NixOS/nix/pull/6721.
2022-06-29Merge pull request #6737 from centromere/fix-typoEelco Dolstra
doc: Fix typo
2022-06-29Merge pull request #6706 from lheckemann/cache-info-cache-invalidationThéophane Hufschmitt
nar-info-disk-cache: refresh nix-cache-info weekly
2022-06-28doc: Fix typoAlex Wied
2022-06-26#6699 flake init: fix trying to add unchanged fileManu [tennox]
After skipping because of being of identical content it tried to git add it.
2022-06-26#6699 flake init: Apply suggestions of @thufschmittManu [tennox]
2022-06-26Update src/nix/flake.cc Manuel
https://github.com/NixOS/nix/pull/6699#discussion_r904097147 Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2022-06-26Update src/nix/flake.cc Manuel
https://github.com/NixOS/nix/pull/6699#discussion_r904096906 Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2022-06-26fetchGit: document `shallow` argumentGuillaume Girol
2022-06-25Merge pull request #6717 from edolstra/move-flake-registryEelco Dolstra
Fetch flake-registry.json from channels.nixos.org