aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-11-20nix run: Fix "flag '--command' requires 2 argument(s)"Eelco Dolstra
2017-11-20nix run: Fix accidental removal of /nix/store existence checkEelco Dolstra
Parenthetical to #1686, we don't need to create a new root if we can just bind-mount on top of the existing /nix/store.
2017-11-20nix run: Ignore non-directories while setting up the chrootEelco Dolstra
Fixes #1686.
2017-11-20signed-binary-caches -> require-sigsEelco Dolstra
Unlike signed-binary-caches (which could only be '*' or ''), require-sigs is a proper Boolean option. The default is true.
2017-11-20CleanupEelco Dolstra
2017-11-20binary-cache-public-keys -> trusted-public-keysEelco Dolstra
The name had become a misnomer since it's not only for substitution from binary caches, but when adding/copying any (non-content-addressed) path to a store.
2017-11-20Merge pull request #1645 from twhitehead/stat-raceEelco Dolstra
Fix (highly unlikely) race condition in readLink
2017-11-20nix copy: Abbreviate "daemon"Eelco Dolstra
2017-11-15Add a "profile" option to S3BinaryCacheStoreEelco Dolstra
This allows specifying the AWS configuration profile to use. E.g. nix copy --from s3://my-cache?profile=aws-dev-account /nix/store/cf3isrlqavvd5w7rpky1fa8j9lcnlggm-...
2017-11-14anchor nix::Exit exceptionWill Dietz
2017-11-14nix sign-paths: Support binary cachesEelco Dolstra
2017-11-14Revert "Don't parse "x:x" as a URI"Eelco Dolstra
This reverts commit f90f660b243866b8860eeb24cc4a345d32cc7ce7. This broke Hydra's release.nix, which contained preCheck = ''export LOGNAME=${LOGNAME:-foo}'';
2017-11-14nix ls-{nar,store}: Don't abort on missing filesEelco Dolstra
2017-11-14nix ls-{nar,store} --json: Respect -REelco Dolstra
2017-11-14Don't indent JSON outputEelco Dolstra
2017-11-14nix ls-{store,nar}: Add --json flagEelco Dolstra
2017-11-14Make config options available to legacy commandsEelco Dolstra
2017-11-08Remove extraneous commentEelco Dolstra
2017-11-08Merge pull request #1650 from copumpkin/darwin-sandbox-unix-socketEelco Dolstra
Always allow builds to use unix domain sockets in Darwin sandbox
2017-11-06Merge pull request #1632 from AmineChikhaoui/sigint-copyEelco Dolstra
run query paths in parallel during nix copy and handle SIGINT
2017-11-03fetchgit.cc -> fetchGit.ccEelco Dolstra
2017-11-03Remove git:// support in NIX_PATHEelco Dolstra
This didn't support specifying a revision/branch, and was restricted to git:// URIs (since https:// or ssh:// would be ambiguous).
2017-11-03fetchGit/fetchMercurial: Filter out directories with untracked filesEelco Dolstra
2017-11-03fetchGit: Add a testEelco Dolstra
2017-11-03fetchGit: Don't do a remote fetch if we already have the revEelco Dolstra
2017-11-03Merge pull request #1651 from LnL7/darwin-sandbox-getpwuidEelco Dolstra
Allow getpwuid in the darwin sandbox
2017-11-03Allow getpwuid in the darwin sandbox.Daiderd Jordan
2017-11-03Merge pull request #1660 from 4z3/patch-1Eelco Dolstra
fetchMercurial: fix error message
2017-11-03Merge pull request #1655 from copumpkin/patch-1Eelco Dolstra
Don't freak out if we get a 403 from S3
2017-11-03Don't freak out if we get a 403 from S3Daniel Peebles
As far as we're concerned, not being able to access a file just means the file is missing. Plus, AWS explicitly goes out of its way to return a 403 if the file is missing and the requester doesn't have permission to list the bucket. Also getting rid of an old hack that Eelco said was only relevant to an older AWS SDK.
2017-11-02fetchMercurial: fix error messagetv
2017-11-01Fix buildEelco Dolstra
https://hydra.nixos.org/build/63172338
2017-11-01fetchMercurial: Don't fetch hashes we already haveEelco Dolstra
2017-11-01Add fetchMercurial primopEelco Dolstra
E.g. $ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)' { branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; } $ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })' { branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; } $ nix eval '(fetchMercurial /tmp/unclean-hg-tree)' { branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
2017-10-31Fix filterSourceEelco Dolstra
2017-10-31Always allow builds to use unix domain sockets in Darwin sandboxDan Peebles
2017-10-30builtins.fetchgit: Support importing a working treeEelco Dolstra
For example, you can write src = fetchgit ./.; and if ./. refers to an unclean working tree, that tree will be copied to the Nix store. This removes the need for "cleanSource".
2017-10-30Merge pull request #1646 from copumpkin/optional-sandbox-local-networkEelco Dolstra
Allow optional localhost network access to sandboxed derivations
2017-10-30Allow optional localhost network access to sandboxed derivationsDan Peebles
This will allow bind and connect to 127.0.0.1, which can reduce purity/ security (if you're running a vulnerable service on localhost) but is also needed for a ton of test suites, so I'm leaving it turned off by default but allowing certain derivations to turn it on as needed. It also allows DNS resolution of arbitrary hostnames but I haven't found a way to avoid that. In principle I'd just want to allow resolving localhost but that doesn't seem to be possible. I don't think this belongs under `build-use-sandbox = relaxed` because we want it on Hydra and I don't think it's the end of the world.
2017-10-30Don't parse "x:x" as a URIEelco Dolstra
URIs now have to contain "://" or start with "channel:".
2017-10-30Fix (highly unlikely) race condition in readLinkTyson Whitehead
Used to determine symlink size with stat and value with readlink. This could technically result in garbage if symlink changed between calls. Also gets around the broken stat implementation in our network filesystem (returns size + 1 giving a byte of garbage).
2017-10-30nix-build: Fix --hashEelco Dolstra
2017-10-30Make "fetchGit /path" workEelco Dolstra
2017-10-30fetchGit: Fix broken assertionEelco Dolstra
Different URIs can map to the same cache entry if they have the same revision.
2017-10-30Add option allowed-urisEelco Dolstra
This allows network access in restricted eval mode.
2017-10-30builtins.fetchGit: Return an attrset with revision infoEelco Dolstra
This adds rev, shortRev and revCount attributes, equal to what Hydra provides. E.g. $ nix eval '(fetchGit https://github.com/NixOS/patchelf.git)' { outPath = "/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source"; rev = "29c085fd9d3fc972f75b3961905d6b4ecce7eb2b"; revCount = 303; shortRev = "29c085f"; }
2017-10-30enable-http2 -> http2Eelco Dolstra
2017-10-30fetchgit -> fetchGitEelco Dolstra
Almost all other primops are camelCase so no reason not to use that here.
2017-10-30fetchTarball: Use "source" as the default nameEelco Dolstra
This ensures that it produces the same output as fetchgit: $ nix eval --raw '(builtins.fetchgit https://github.com/NixOS/patchelf.git)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source $ nix eval --raw '(fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
2017-10-30fetchurl/fetchTarball: Respect name changesEelco Dolstra
The computation of urlHash didn't take the name into account, so subsequent fetchurl calls with the same URL but a different name would resolve to the same cached store path.