| Age | Commit message (Collapse) | Author |
|---|
|
For example, you can write
src = fetchgit ./.;
and if ./. refers to an unclean working tree, that tree will be copied
to the Nix store. This removes the need for "cleanSource".
|
|
Allow optional localhost network access to sandboxed derivations
|
|
This will allow bind and connect to 127.0.0.1, which can reduce purity/
security (if you're running a vulnerable service on localhost) but is
also needed for a ton of test suites, so I'm leaving it turned off by
default but allowing certain derivations to turn it on as needed.
It also allows DNS resolution of arbitrary hostnames but I haven't found
a way to avoid that. In principle I'd just want to allow resolving
localhost but that doesn't seem to be possible.
I don't think this belongs under `build-use-sandbox = relaxed` because we
want it on Hydra and I don't think it's the end of the world.
|
|
URIs now have to contain "://" or start with "channel:".
|
|
|
|
|
|
Different URIs can map to the same cache entry if they have the same
revision.
|
|
This allows network access in restricted eval mode.
|
|
This adds rev, shortRev and revCount attributes, equal to what Hydra
provides. E.g.
$ nix eval '(fetchGit https://github.com/NixOS/patchelf.git)'
{ outPath = "/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source"; rev = "29c085fd9d3fc972f75b3961905d6b4ecce7eb2b"; revCount = 303; shortRev = "29c085f"; }
|
|
|
|
Almost all other primops are camelCase so no reason not to use that
here.
|
|
This ensures that it produces the same output as fetchgit:
$ nix eval --raw '(builtins.fetchgit https://github.com/NixOS/patchelf.git)'
/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
$ nix eval --raw '(fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)'
/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
|
|
The computation of urlHash didn't take the name into account, so
subsequent fetchurl calls with the same URL but a different name would
resolve to the same cached store path.
|
|
|
|
The "name" attribute defaults to "source", which we should use for all
similar functions (e.g. fetchTarball and in Hydra) to ensure that we
get a consistent store path regardless of how the tree is fetched.
"source" is not necessarily a correct label, but using an empty name
is problematic: you get an ugly store path ending in a dash, and it's
impossible to have a fixed-output derivation that produces that path
because ".drv" is not a valid store name.
Fixes #904.
|
|
|
|
https://hydra.nixos.org/build/62945761
|
|
|
|
|
|
|
|
|
|
|
|
You can now say '--store /tmp/nix' instead of '--store local?root=/tmp/nix'.
|
|
In particular, don't show superfluous "fetching path" and "building
path(s)" messages, and show the current round (with --repeat).
|
|
Fixes #1599.
|
|
E.g.
$ nix build nixpkgs.hello --builders 'root@wendy'
[1/0/1 built] building hello-2.10 on ssh://root@wendy: checking for minix/config.h... no
|
|
|
|
This makes the progress indicator show statuses like "connecting to
'root@machine'".
|
|
Also, random cleanup to argument handling.
|
|
This is superfluous since you can now just set "builders" to empty,
e.g. "--builders ''".
|
|
You can now include files via the "builders" option, using the syntax
"@<filename>". Having only one option makes it easier to override
builders completely.
For backward compatibility, the default is "@/etc/nix/machines", or
"@<filename>" for each file name in NIX_REMOTE_SYSTEMS.
|
|
This ensures that command line flags such as --builders get passed
correctly.
|
|
|
|
Fixes the error
error: opening lock file '/nix/var/nix/current-load/main-lock': Permission denied
when using a chroot store.
|
|
Shift Darwin sandbox to separate installed files
|
|
|
|
This reverts commit 908590dc6cfcca3a98755b194d93b2da39aee95c. Since
hydra-server can have a different store URI from hydra-queue-runner
now, we don't really need this.
|
|
|
|
|
|
|
|
This makes it slightly more manageable to see at a glance what in a
build's sandbox profile is unique to the build and what is standard. Also
a first step to factoring more of our Darwin logic into scheme functions
that will allow us a bit more flexibility. And of course less of that
nasty codegen in C++! 😀
|
|
|
|
This speeds up commands like "nix cat-store". For example:
$ time nix cat-store --store https://cache.nixos.org?local-nar-cache=/tmp/nar-cache /nix/store/i60yncmq6w9dyv37zd2k454g0fkl3arl-systemd-234/etc/udev/udev.conf
real 0m4.336s
$ time nix cat-store --store https://cache.nixos.org?local-nar-cache=/tmp/nar-cache /nix/store/i60yncmq6w9dyv37zd2k454g0fkl3arl-systemd-234/etc/udev/udev.conf
real 0m0.045s
The primary motivation is to allow hydra-server to serve files from S3
binary caches. Previously Hydra had a hack to do "nix-store -r
<path>", but that fetches the entire closure so is prohibitively
expensive.
There is no garbage collection of the NAR cache yet. Also, the entire
NAR is read when accessing a single member file. We could generate the
NAR listing to provide random access.
Note: the NAR cache is indexed by the store path hash, not the content
hash, so NAR caches should not be shared between binary caches, unless
you're sure that all your builds are binary-reproducible.
|
|
Probably as a result of a bad merge in
4b8f1b0ec066a5b994747b1afd050f5f62d857f6, we had both a
BinaryCacheStoreAccessor and a
RemoteFSAccessor. BinaryCacheStore::getFSAccessor() returned the
latter, but BinaryCacheStore::addToStore() checked for the
former. This probably caused hydra-queue-runner to download paths that
it just uploaded.
|
|
This check fails for tags and branches, and is made redundant by the
checks git itself will do when fetching the repo.
|
|
This check spuriously fails for e.g. git@github.com:NixOS/nixpkgs.git,
and even for ssh://git@github.com/NixOS/nixpkgs.git, and is made
redundant by the checks git itself will do when fetching the repo. We
instead pass a -- before passing the URI to git to avoid injection.
|
|
I needed this to test ACL/xattr removal in
canonicalisePathMetaData(). Might also be useful if you need to build
old Nixpkgs that doesn't have the required patches to remove
setuid/setgid creation.
|
|
Improve error message for conflicting priorities
|
|
Retry in all error cases but a few
|
|
The worker threads could exit prematurely if they finished processing
all items while the main thread was still adding items. In particular,
this caused hanging nix-store --serve processes in the build farm.
Also, process items from the main thread.
|
