| Age | Commit message (Collapse) | Author |
|---|
|
|
|
nix build --json: Include build statistics
|
|
This avoids having the user's gid in the supplementary group list as
well.
|
|
We shouldn't skip this if the supplementary group list is empty,
because then the sandbox won't drop the supplementary groups of the
parent (like "root").
|
|
local-derivation-goal.cc: enable seccomp filters for mips{32,64}
|
|
Co-authored-by: Linus Heckemann <git@sphalerite.org>
|
|
We have to use a gid that has write access to the Nix store.
|
|
Example:
# nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
[
{
"cpuSystem": 1.911431,
"cpuUser": 1.214249,
"drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
"outputs": {
"out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
},
"startTime": 1669024076,
"stopTime": 1669024079
}
]
|
|
|
|
|
|
|
|
|
|
Example:
# nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
[
{
"cpuSystem": 1.911431,
"cpuUser": 1.214249,
"drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
"outputs": {
"out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
},
"startTime": 1669024076,
"stopTime": 1669024079
}
]
|
|
|
|
|
|
|
|
|
|
The new experimental feature 'cgroups' enables the use of cgroups for
all builds. This allows better containment and enables setting
resource limits and getting some build stats.
|
|
|
|
|
|
Temporarily disable the debugger during completion evaluation
|
|
|
|
libstore: link to aws-crt-cpp
|
|
Fix #6572 `requires non-existent output`
|
|
Restrict `readFile` context to references that appear in the string
|
|
It occurred when a output of the dependency was already available,
so it didn't need rebuilding and didn't get added to the
inputDrvOutputs.
This process-related info wasn't suitable for the purpose of finding
the actual input paths for the builder. It is better to do this in
absolute terms by querying the store.
|
|
|
|
|
|
This change is needed to support aws-sdk-cpp 1.10 and newer.
I opted not to make this dependent on the sdk version because
the crt dependency has been in the interface of the older
sdk as well, and it was only coincidence that libstore didn't
make use of any privately defined symbols directly.
|
|
When calling `builtins.readFile` on a store path, the references of that
path are currently added to the resulting string's context.
This change makes those references the *possible* context of the string,
but filters them to keep only the references whose hash actually appears
in the string, similarly to what is done for determining the runtime
references of a path.
|
|
Fix printing of eval errors with two format placeholders
|
|
|
|
|
|
Cgroups are now only used for derivations that require the uid-range
range feature. This allows auto UID allocation even on systems that
don't have cgroups (like macOS).
Also, make things work on modern systems that use cgroups v2 (where
there is a single hierarchy and no "systemd" controller).
|
|
build-remote: Add brackets to error message
|
|
manual: build action -> build task
|
|
after discussing this with multiple people, I'm convinced that "build
task" is more precise: a derivation is not an action, but inert until it
is built. also it's easier to pronounce.
proposal: use "build task" for the generic concept "description of how
to derive new files from the contents of existing files". then it will
be easier to distinguish what we mean by "derivation" (a specific data
structure and Nix language value type) and "store derivation" (a
serialisation of a derivation into a file in the Nix store).
|
|
|
|
|
|
|
|
|
|
|
|
Completing things that would error would print an ugly error in
the middle of your command line. Avoid printing this error.
|
|
readline is not re-entrant, so entering the debugger from the
completioncallback results in an eventual segfault.
The workaround is to temporarily disable the debugger when searching
for possible completions.
|
|
We don't need SGID, or any ACL's. We also want to keep every dir +rx.
|
|
Move savedArgv into libmain
|
|
libfetchers: avoid api.github.com ratelimit if no github token is set
|
|
`savedArgv` is not accessible by plugins when defined in main binary.
Moving it into one of the nix lib fix the problem.
|
|
Fix `nix __build-remote`
|
|
Call it as `['nix', '__build-remote', ... ]` rather than the previous
`["__build-remote", "nix __build-remote", ... ]` which seemed to have
been most likely unintended
|
