Age | Commit message (Collapse) | Author |
|
move documentation on `auto-allocate-uids` to options docs
|
|
|
|
check the store for input before failing (hopefully fix #6700)
|
|
|
|
Given this typo I am not sure if it has been tested.
|
|
Lower verbosity of exceptions in getMaxCPU()
|
|
Change "while evaluating <fun>" to "while *calling*" in trace
|
|
The old way was not correct.
Here is an example:
```
$ nix-instantiate --eval --expr 'let x = a: throw "asdf"; in x 1' --show-trace
error: asdf
… while evaluating 'x'
at «string»:1:9:
1| let x = a: throw "asdf"; in x 1
| ^
… from call site
at «string»:1:29:
1| let x = a: throw "asdf"; in x 1
| ^
```
and yet also:
```
$ nix-instantiate --eval --expr 'let x = a: throw "asdf"; in x' --show-trace
<LAMBDA>
```
Here is the thing: in both cases we are evaluating `x`!
Nix is a higher-order languages, and functions are a sort of value. When
we write `x = a: ...`, `a: ...` is the expression that `x` is being
defined to be, and that is already a value. Therefore, we should *never*
get an trace that says "while evaluating `x`", because evaluating `a:
...` is *trival* and nothing happens during it!
What is actually happening here is we are applying `x` and evaluating
its *body* with arguments substituted for parameters. I think the
simplest way to say is just "while *calling* `x`", and so that is what I
changed it to.
|
|
Fixes #7268.
|
|
doc: listToAttrs: document repeated keys
|
|
Also, don't assume in LocalDerivationGoal that cgroups are mounted on
/sys/fs/cgroup.
|
|
|
|
|
|
https://hydra.nixos.org/log/mcgypcf9vj4n8vdmw7lj3l05c899v73w-nix-2.12.0pre20221201_16b03f0-x86_64-unknown-linux-musl.drv
|
|
|
|
|
|
this is where it belongs and can be found together with the other
options.
|
|
Fixes
error: [json.exception.type_error.301] cannot create object from initializer list
in tests/fetchClosure.sh.
|
|
Automatic UID allocation
|
|
|
|
repl: print a newline on ctrl-D
|
|
|
|
|
|
Replace src/libutil/json.cc with nlohmann
|
|
in order to avoid potential problems with the progress bar
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
|
|
|
|
We need to close the GC server socket before shutting down the active
GC client connections, otherwise a client may (re)connect and get
ECONNRESET. But also handle ECONNRESET for resilience.
Fixes random failures like
GC socket disconnected
connecting to '/tmp/nix-shell.y07M0H/nix-test/default/var/nix/gc-socket/socket'
sending GC root '/tmp/nix-shell.y07M0H/nix-test/default/store/kb5yzija0f1x5xkqkgclrdzldxj6nnc6-non-blocking'
reading GC root from client: error: unexpected EOF reading a line
1 store paths deleted, 0.00 MiB freed
error: reading from file: Connection reset by peer
in gc-non-blocking.sh.
|
|
It calls strlen() on the input (rather than simply copying at most
`size` bytes), which can fail if the input is not zero-terminated and
is inefficient in any case.
Fixes #7347.
|
|
Fix why-depends for CA derivations
|
|
|
|
why-depends assumed that we knew the output path of the second argument.
For CA derivations, we might not know until it's built. One way to solve
this would be to build the second installable to get the output path.
In this case we don't need to, though. If the first installable (A)
depends on the second (B), then getting the store path of A will
necessitate having the store path B. The contrapositive is, if the store
path of B is not known (i.e. it's a CA derivation which hasn't been
built), then A does not depend on B.
|
|
|
|
nix build --json: Include build statistics
|
|
This avoids having the user's gid in the supplementary group list as
well.
|
|
We shouldn't skip this if the supplementary group list is empty,
because then the sandbox won't drop the supplementary groups of the
parent (like "root").
|
|
local-derivation-goal.cc: enable seccomp filters for mips{32,64}
|
|
Co-authored-by: Linus Heckemann <git@sphalerite.org>
|
|
We have to use a gid that has write access to the Nix store.
|
|
Example:
# nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
[
{
"cpuSystem": 1.911431,
"cpuUser": 1.214249,
"drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
"outputs": {
"out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
},
"startTime": 1669024076,
"stopTime": 1669024079
}
]
|
|
|
|
|
|
|
|
|
|
Example:
# nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
[
{
"cpuSystem": 1.911431,
"cpuUser": 1.214249,
"drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
"outputs": {
"out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
},
"startTime": 1669024076,
"stopTime": 1669024079
}
]
|
|
|
|
|
|
|
|
|
|
The new experimental feature 'cgroups' enables the use of cgroups for
all builds. This allows better containment and enables setting
resource limits and getting some build stats.
|
|
|