aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2022-04-14Merge pull request #6387 from Uthar/fixEelco Dolstra
assert hash types for Git and Mercurial
2022-04-12assert hash types for Git and MercurialKasper Gałkowski
2022-04-11Merge pull request #6392 from danpls/fix-actualUrl-mercurialEelco Dolstra
libfetchers: Fix assertion (Mercurial)
2022-04-11Merge pull request #6380 from thufschmitt/fix-double-slahsh-in-uriEelco Dolstra
Allow empty path segments in urls
2022-04-11Merge pull request #6391 from danpls/replace-regexEelco Dolstra
libfetchers: Replace regex to clarify intent
2022-04-10Log builder args and environment variablesSebastian Blunt
Previously it only logged the builder's path, this changes it to log the arguments at the same log level, and the environment variables at the vomit level. This helped me debug https://github.com/svanderburg/node2nix/issues/75
2022-04-09libfetchers: Fix assertion (Mercurial)Daniel Pauls
See commit 1e1cd6e7a for more information.
2022-04-09libfetchers: Replace regex to clarify intentDaniel Pauls
2022-04-08Merge pull request #6376 from Uthar/masterThéophane Hufschmitt
don't assume that rev is a SHA1 hash
2022-04-08Allow empty path segments in urlsThéophane Hufschmitt
Valid per https://datatracker.ietf.org/doc/html/rfc3986#section-3.3 (and also somewhat frequently happening for local paths)
2022-04-08Remove duplicate "error:"Eelco Dolstra
2022-04-08Error: Remove unused sname() methodEelco Dolstra
2022-04-08Remove unused Error.name fieldEelco Dolstra
2022-04-07don't assume that rev is a SHA1 hashKasper Gałkowski
This was a problem when writing a fetcher that uses e.g. sha256 hashes for revisions. This doesn't actually do anything new, but allows for creating such fetchers in the future (perhaps when support for Git's SHA256 object format gains more popularity).
2022-04-07Merge pull request #6348 from cole-h/fix-restoring-mount-namespaceEelco Dolstra
libutil: Fix restoring mount namespace
2022-04-07Merge pull request #6374 from danpls/fix-actualUrlThéophane Hufschmitt
libfetchers: Fix assertion
2022-04-06nix flake check: Warn about deprecated nixosModule outputRehno Lindeque
2022-04-06libfetchers: Fix assertionDaniel Pauls
The filter expects all paths to have a prefix of the raw `actualUrl`, but `Store::addToStore(...)` provides absolute canonicalized paths. To fix this create an absolute and canonicalized path from the `actualUrl` and use it instead. Fixes #6195.
2022-04-06Fix empty 'nix copy' error messageEelco Dolstra
This was caused by SubstitutionGoal not setting the errorMsg field in its BuildResult. We now get a more descriptive message than in 2.7.0, e.g. error: path '/nix/store/13mh...' is required, but there is no substituter that can build it instead of the misleading (since there was no build) error: build of '/nix/store/13mh...' failed Fixes #6295.
2022-04-06fetchClosure: Don't allow URL query parametersEelco Dolstra
Allowing this is a potential security hole, since it allows the user to specify parameters like 'local-nar-cache'.
2022-04-05Merge pull request #6366 from danpls/base64-reserveEelco Dolstra
libutil: Reserve memory when en/decoding base64
2022-04-05tokenizeString: Fix semantic mistakeDaniel Pauls
`string_view::find_first_not_of(...)` and `string_view::find_first_of(...)` return `string_view::npos` on error not `string::npos`.
2022-04-05libutil: Reserve memory when en/decoding base64Daniel Pauls
The size of the output when encoding to and decoding from base64 is (roughly) known so we can allocate it in advance to prevent reallocation.
2022-04-05Merge pull request #6362 from thufschmitt/verbose-doctorEelco Dolstra
doctor: Always show the output
2022-04-05doctor: Always show the outputThéophane Hufschmitt
Fix https://github.com/NixOS/nix/issues/6342
2022-04-05Allow `welcomeText` when checking a flake templateThéophane Hufschmitt
Fix https://github.com/NixOS/nix/issues/6321
2022-04-04libutil: don't save cwd fd, use path insteadCole Helbling
Saving the cwd fd didn't actually work well -- prior to this commit, the following would happen: : ~/w/vc/nix ; doas outputs/out/bin/nix --experimental-features 'nix-command flakes' run nixpkgs#coreutils -- --coreutils-prog=pwd pwd: couldn't find directory entry in ‘../../../..’ with matching i-node : ~/w/vc/nix ; doas outputs/out/bin/nix --experimental-features 'nix-command flakes' develop -c pwd pwd: couldn't find directory entry in ‘../../../..’ with matching i-node
2022-04-04libutil: save cwd fd in restoreMountNamespaceCole Helbling
This doesn't work very well (maybe I'm misunderstanding the desired implementation): : ~/w/vc/nix ; doas outputs/out/bin/nix --experimental-features 'nix-command flakes' develop -c pwd pwd: couldn't find directory entry in ‘../../../..’ with matching i-node
2022-04-04libutil: `try` restoring the cwd from fdSavedCwdCole Helbling
2022-04-04libutil: save fd to cwd instead of cwd itselfCole Helbling
2022-04-04libutil: cleanup savedCwd logicCole Helbling
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2022-04-04Add missing #includeEelco Dolstra
2022-04-01fix(run): set applyNixConfig lockFlagTom Bereknyei
2022-04-01libutil: Properly guard self-allocating getcwd on GNUCole Helbling
It's a GNU extension, as pointed out by pennae.
2022-04-01libutil: Don't use std::filesystemCole Helbling
Just in case making libutil depend on std::filesystem is unacceptable, here is the non-filesystem approach.
2022-04-01libutil: Fix restoring mount namespaceaszlig
I regularly pass around simple scripts by using nix-shell as the script interpreter, eg. like this: #!/usr/bin/env nix-shell #!nix-shell -p dd_rescue coreutils bash -i bash While this works most of the time, I recently had one occasion where it would not and the above would result in the following: $ sudo ./myscript.sh bash: ./myscript.sh: No such file or directory Note the "sudo" here, because this error only occurs if we're root. The reason for the latter is because running Nix as root means that we can directly access the store, which makes sure we use a filesystem namespace to make the store writable. XXX - REWORD! So when stracing the process, I stumbled on the following sequence: openat(AT_FDCWD, "/proc/self/ns/mnt", O_RDONLY) = 3 unshare(CLONE_NEWNS) = 0 ... later ... getcwd("/the/real/cwd", 4096) = 14 setns(3, CLONE_NEWNS) = 0 getcwd("/", 4096) = 2 In the whole strace output there are no calls to chdir() whatsoever, so I decided to look into the kernel source to see what else could change directories and found this[1]: /* Update the pwd and root */ set_fs_pwd(fs, &root); set_fs_root(fs, &root); The set_fs_pwd() call is roughly equivalent to a chdir() syscall and this is called when the setns() syscall is invoked[2]. [1]: https://github.com/torvalds/linux/blob/b14ffae378aa1db993e62b01392e70d1e585fb23/fs/namespace.c#L4659 [2]: https://github.com/torvalds/linux/blob/b14ffae378aa1db993e62b01392e70d1e585fb23/kernel/nsproxy.c#L346
2022-04-01Merge pull request #6344 from flox/profile_url_uriEelco Dolstra
profile!: consistent use of url/uri. create new version
2022-04-01Fix handling of outputHash when outputHashAlgo is not specifiedEelco Dolstra
https://hydra.nixos.org/build/171351131
2022-03-31Merge pull request #6227 from NixOS/impure-derivations-ngEelco Dolstra
Impure derivations
2022-03-31Provide default values for outputHashAlgo and outputHashModeEelco Dolstra
2022-03-31Fix macOS buildEelco Dolstra
2022-03-31Rename 'pure' -> 'sandboxed' for consistencyEelco Dolstra
2022-03-31needsNetworkAccess() -> isSandboxed()Eelco Dolstra
2022-03-31Document isPure()Eelco Dolstra
2022-03-31Fix macOS buildEelco Dolstra
2022-03-31Support fixed-output derivations depending on impure derivationsEelco Dolstra
2022-03-31Add support for impure derivationsEelco Dolstra
Impure derivations are derivations that can produce a different result every time they're built. Example: stdenv.mkDerivation { name = "impure"; __impure = true; # marks this derivation as impure outputHashAlgo = "sha256"; outputHashMode = "recursive"; buildCommand = "date > $out"; }; Some important characteristics: * This requires the 'impure-derivations' experimental feature. * Impure derivations are not "cached". Thus, running "nix-build" on the example above multiple times will cause a rebuild every time. * They are implemented similar to CA derivations, i.e. the output is moved to a content-addressed path in the store. The difference is that we don't register a realisation in the Nix database. * Pure derivations are not allowed to depend on impure derivations. In the future fixed-output derivations will be allowed to depend on impure derivations, thus forming an "impurity barrier" in the dependency graph. * When sandboxing is enabled, impure derivations can access the network in the same way as fixed-output derivations. In relaxed sandboxing mode, they can access the local filesystem.
2022-03-31Merge pull request #6337 from danpls/fix-to-json-replEelco Dolstra
libexpr: Throw the correct error in toJSON
2022-03-31replaceEnv(): Pass newEnv by referenceEelco Dolstra
2022-03-30profile!: consistent use of url/uri. create new versionTom Bereknyei