aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-09-24Merge pull request #7078 from obsidiansystems/trustworthy-signatureThéophane Hufschmitt
"valid signature" -> "signature by a trusted key"
2022-09-24Merge pull request #7079 from matthewbauer/allow-untrusted-settingsThéophane Hufschmitt
Allow pass max-silent-time and build-poll-interval to daemon untrusted
2022-09-24Merge pull request #7059 from NixOS/remove-useless-ca-file-messageEelco Dolstra
Remove a useless debug message in filetransfer.cc
2022-09-23Apply suggestions from code reviewJohn Ericson
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Rune K. Svendsen <runesvend@gmail.com>
2022-09-22Allow pass max-silent-time and build-poll-interval to daemon untrustedMatthew Bauer
These settings seem harmless, they control the same polling functionality that timeout does, but with different behavior. Should be safe for untrusted users to pass in.
2022-09-22Dodge "trusted" vs "trustworthy" by being explicit John Ericson
Hopefully this is best!
2022-09-22"valid signature" -> "trustworthy signature"John Ericson
I just had a colleague get confused by the previous phrase for good reason. "valid" sounds like an *objective* criterion, e.g. and *invalid signature* would be one that would be trusted by no one, e.g. because it misformatted or something. What is actually going is that there might be a signature which is perfectly valid to *someone else*, but not to the user, because they don't trust the corresponding public key. This is a *subjective* criterion, because it depends on the arbitrary and personal choice of which public keys to trust. I therefore think "trustworthy" is a better adjective to use. Whether something is worthy of trust is clearly subjective, and then "trust" within that word nicely evokes `trusted-public-keys` and friends.
2022-09-21Merge pull request #7070 from alyssais/repl-historyThéophane Hufschmitt
nix repl: warn if creating dir for history fails
2022-09-20nix repl: warn if creating dir for history failsAlyssa Ross
The history is not critical to the functionality of nix repl, so it's enough to warn here, rather than refuse to start if the directory Nix thinks the history should live in can't be created.
2022-09-19Improve durability of schema version file writessqualus
- call close explicitly in writeFile to prevent the close exception from being ignored - fsync after writing schema file to flush data to disk - fsync schema file parent to flush metadata to disk https://github.com/NixOS/nix/issues/7064
2022-09-19Remove a useless debug message in filetransfer.ccThéophane Hufschmitt
Remove the `verify TLS: Nix CA file = 'blah'` message that Nix used to print when fetching anything as it's both useless (`libcurl` prints the same info in its logs) and misleading (gives the impression that a new TLS connection is being established which might not be the case because of multiplexing. See #7011 )
2022-09-16fetchurl.nix: change other use of __impureAdam Joseph
2022-09-16Update src/libexpr/fetchurl.nixAdam Joseph
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2022-09-16libexpr/fetchurl.nix: allow __impure fetchAdam Joseph
This commit adds an optional `__impure` parameter to fetchurl.nix, which allows the caller to use `libfetcher`'s fetcher in an impure derivation. This allows nixpkgs' patch-normalizing fetcher (fetchpatch) to be rewritten to use nix's internal fetchurl, thereby eliminating the awkward "you can't use fetchpatch here" banners scattered all over the place. See also: https://github.com/NixOS/nixpkgs/pull/188587
2022-09-13Trim option descriptionsEelco Dolstra
This removes unintended blank lines in Markdown when the description is a multiline string literal.
2022-09-13RunPager: Stop the progress barEelco Dolstra
In particular, the progress bar was interfering with 'less' rendering in '--help' (e.g. run 'nix --help' and hit '/' to search).
2022-09-13Merge pull request #6994 from agbrooks/masterThéophane Hufschmitt
Prevent tempdir from being GC-ed before addToStoreFromDump completes
2022-09-12Address PR feedback on #6694Andrew Brooks
2022-09-09Merge pull request #6825 from rapenne-s/nix_shell_exampleValentin Gagarin
nix shell: document how to invoke multiple commands from the command …
2022-09-08Merge pull request #7008 from jonringer/add-command-docsThéophane Hufschmitt
Docs: Add nix develop --command entry
2022-09-06Keep created temp dirs inside store, but protect from GCAndrew Brooks
Implements the approach suggested by feedback on PR #6994, where tempdir paths are created in the store (now with an exclusive lock). As part of this work, the currently-broken and unused `createTempDirInStore` function is updated to create an exclusive lock on the temp directory in the store. The GC now makes a non-blocking attempt to lock any store directories that "look like" the temp directories created by this function, and if it can't acquire one, ignores the directory.
2022-09-06Merge pull request #6995 from matthewbauer/disable-sa-restart-on-macosEelco Dolstra
Disable SA_RESTART for some signals on macOS
2022-09-06Docs: Add nix develop --command entryJonathan Ringer
Add example of nix develop being used to execuate a series of script commands. This is common when doing things like CI/CD, and should be represented in the official documentation. Also useful for people looking for the 'nix develop' equivalent of 'nix-shell --run'. Related: - https://github.com/NixOS/nix/issues/6908 - https://github.com/NixOS/nix/issues/6908#issuecomment-1229266853
2022-09-06Remove some signalsMatthew Bauer
2022-09-03Add more signalsMatthew Bauer
2022-09-03Disable SA_RESTART for some signals on macOSMatthew Bauer
Disables the SA_RESTART behavior on macOS which causes: > Restarting of pending calls is requested by setting the SA_RESTART bit > in sa_flags. The affected system calls include read(2), write(2), > sendto(2), recvfrom(2), sendmsg(2) and recvmsg(2) on a communications > channel or a slow device (such as a terminal, but not a regular file) > and during a wait(2) or ioctl(2). From: https://man.openbsd.org/sigaction#SA_RESTART This being set on macOS caused a bug where read() calls to the daemon socket were blocking after a SIGINT was received. As a result, checkInterrupt was never reached even though the signal was received by the signal handler thread. On Linux, SA_RESTART is disabled by default. This probably effects other BSDs but I don’t have the ability to test it there right now.
2022-09-02Prevent tempdir from being GC-ed before addToStoreFromDump has renamed itAndrew Brooks
This fixes issue 6823 by placing the tempdir used in LocalStore::addToStoreFromDump outside the Nix store, where automatic GC is no longer a concern.
2022-09-02Don’t readDerivation if impure derivations feature is disabledMatthew Bauer
readDerivation is pretty slow, and while it may not be significant for some use cases, on things like ghc-nix where we have thousands of derivations is really slows things down. So, this just doesn’t do the impure derivation check if the impure derivation experimental feature is disabled. Perhaps we could cache the result of isPure() and keep the check, but this is a quick fix to for the slowdown introduced with impure derivations features in 2.8.0.
2022-09-01Revert "Merge pull request #6621 from Kha/nested-follows"Eelco Dolstra
This reverts commit c530cda345377370c52a616d608de88b9d67cd40, reversing changes made to 4adcdff5c1d5f9f135c4ec61d690890443c19e6a.
2022-09-01Merge pull request #6621 from Kha/nested-followsThéophane Hufschmitt
Fix nested flake input overrides
2022-08-29Merge pull request #6968 from fricklerhandwerk/man-no-weblinksEelco Dolstra
do not render relative links in help pages
2022-08-28Fix overlapping flake followsSebastian Ullrich
2022-08-28Fix nested flake input overridesSebastian Ullrich
2022-08-26do not render relative links in help pagesValentin Gagarin
this simplifies the setup a lot, and avoids weird looking `./file.md` links showing up. it also does not show regular URLs any more. currently the command reference only has few of them, and not showing them in the offline documentation is hopefully not a big deal. instead of building more special-case solutions, clumsily preprocessing the input, or issuing verbal rules on dealing with URLs, should better be solved sustainably by not rendering relative links in `lowdown`: https://github.com/kristapsdz/lowdown/issues/105
2022-08-26Merge pull request #6954 from winterqt/darwin-sandbox-trustdEelco Dolstra
fix(libstore): allow access to trustd on macOS
2022-08-24Fix progress bar flicker with -LEelco Dolstra
This was caused by -L calling setLogFormat() again, which caused the creation of a new progress bar without destroying the old one. So we had two progress bars clobbering each other. We should change 'logger' to be a smart pointer, but I'll do that in a future PR. Fixes #6931.
2022-08-24Fix evaluation cacheEelco Dolstra
98e361ad4c1a26d4ffe4762a6f33bb9e39321a39 introduced a regression where previously stored attributes were replaced by placeholders. As a result, a command like 'nix build nixpkgs#hello' had to be executed at least twice to get caching. This code does not seem necessary for suggestions to work.
2022-08-24fix(libstore): allow access to trustd on macOSWinter
2022-08-24Merge pull request #6612 from NixOS/parallel-nix-copyEelco Dolstra
Make nix copy parallel again
2022-08-24Remove redundant FinallyEelco Dolstra
2022-08-24Fix macOS buildEelco Dolstra
2022-08-24Fix a misplaced parenthese in serve protocol checkRickard Nilsson
This issue made it impossible for clients using a serve protocol of version <= 2.3 to use the `cmdBuildDerivation` command of servers using a protocol of version >= 2.6. The faulty version check makes the server send back build outputs that the client is not expecting.
2022-08-23Merge pull request #6944 from edolstra/bash-varsEelco Dolstra
nix develop: Ignore some more bash special variables
2022-08-23Merge pull request #6909 from ncfavier/json-pathsEelco Dolstra
JSON: print paths as strings without copying them to the store
2022-08-23nix develop: Ignore some more bash special variablesEelco Dolstra
Fixes #6940.
2022-08-23Merge pull request #6887 from winterqt/specify-bashinteractive-outputsEelco Dolstra
nix-shell: specify which outputs from bashInteractive to build
2022-08-23Revert to `copyStore = true` for `nix-instantiate` and `nix-env`Naïm Favier
2022-08-23Fix a hang in nix-copy-ssh.shEelco Dolstra
This hang for some reason didn't trigger in the Nix build, but did running 'make installcheck' interactively. What happened: * Store::addMultipleToStore() calls a SinkToSource object to copy a path, which in turn calls LegacySSHStore::narFromPath(), which acquires a connection. * The SinkToSource object is not destroyed after the last bytes has been read, so the coroutine's stack is still alive and its destructors are not run. So the connection is not released. * Then when the next path is copied, because max-connections = 1, LegacySSHStore::narFromPath() hangs forever waiting for a connection to be released. The fix is to make sure that the source object is destroyed when we're done with it.
2022-08-22IndentationEelco Dolstra
2022-08-22Merge remote-tracking branch 'origin/master' into parallel-nix-copyEelco Dolstra