From d9abce4ad4b6888183271c0a4051981dee5fffe3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 12 Sep 2022 22:50:18 +0200 Subject: libfetchers: avoid api.github.com ratelimit if no github token is set If we don't have any github token, we won't be able to fetch private repos, but we are also more likely to run into API limits since we don't have a token. To mitigate this only ever use the github api if we actually have a token. --- src/libfetchers/github.cc | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/libfetchers/github.cc b/src/libfetchers/github.cc index a491d82a6..2115ce2f5 100644 --- a/src/libfetchers/github.cc +++ b/src/libfetchers/github.cc @@ -262,17 +262,20 @@ struct GitHubInputScheme : GitArchiveInputScheme DownloadUrl getDownloadUrl(const Input & input) const override { - // FIXME: use regular /archive URLs instead? api.github.com - // might have stricter rate limits. auto host = maybeGetStrAttr(input.attrs, "host").value_or("github.com"); - auto url = fmt( - host == "github.com" - ? "https://api.%s/repos/%s/%s/tarball/%s" - : "https://%s/api/v3/repos/%s/%s/tarball/%s", - host, getStrAttr(input.attrs, "owner"), getStrAttr(input.attrs, "repo"), + Headers headers = makeHeadersWithAuthTokens(host); + // If we have no auth headers then we default to the public archive + // urls so we do not run into rate limits. + const auto urlFmt = + host != "github.com" + ? "https://%s/api/v3/repos/%s/%s/tarball/%s" + : headers.empty() + ? "https://%s/%s/%s/archive/%s.tar.gz" + : "https://api.%s/repos/%s/%s/tarball/%s"; + + const auto url = fmt(urlFmt, host, getStrAttr(input.attrs, "owner"), getStrAttr(input.attrs, "repo"), input.getRev()->to_string(Base16, false)); - Headers headers = makeHeadersWithAuthTokens(host); return DownloadUrl { url, headers }; } -- cgit v1.2.3 From 069409d16787232dfbaac6a580d4e66d11bb5c86 Mon Sep 17 00:00:00 2001 From: Ana Hobden Date: Fri, 7 Oct 2022 09:07:22 -0700 Subject: Print common flags in --help --- src/nix/main.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/nix/main.cc b/src/nix/main.cc index e0155cd5d..006911216 100644 --- a/src/nix/main.cc +++ b/src/nix/main.cc @@ -187,7 +187,7 @@ static void showHelp(std::vector subcommand, MultiCommand & topleve *vUtils); auto attrs = state.buildBindings(16); - attrs.alloc("command").mkString(toplevel.toJSON().dump()); + attrs.alloc("toplevel").mkString(toplevel.toJSON().dump()); auto vRes = state.allocValue(); state.callFunction(*vGenerateManpage, state.allocValue()->mkAttrs(attrs), *vRes, noPos); -- cgit v1.2.3 From 7ef71cd21f45c9b22fc0ab8e75dad78fa8851f94 Mon Sep 17 00:00:00 2001 From: Adam Joseph Date: Sat, 8 Oct 2022 17:21:34 -0700 Subject: src/libexpr/primops.cc: parseDrvName: make documentation follow implementation The documentation for `parseDrvName` does not agree with the implementation when the derivation name contains a dash which is followed by something that is neither a letter nor a digit. This commit corrects the documentation to agree with the implementation. --- src/libexpr/primops.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/libexpr/primops.cc b/src/libexpr/primops.cc index 28b998474..840bfecef 100644 --- a/src/libexpr/primops.cc +++ b/src/libexpr/primops.cc @@ -3821,8 +3821,8 @@ static RegisterPrimOp primop_parseDrvName({ .args = {"s"}, .doc = R"( Split the string *s* into a package name and version. The package - name is everything up to but not including the first dash followed - by a digit, and the version is everything following that dash. The + name is everything up to but not including the first dash not followed + by a letter, and the version is everything following that dash. The result is returned in a set `{ name, version }`. Thus, `builtins.parseDrvName "nix-0.12pre12876"` returns `{ name = "nix"; version = "0.12pre12876"; }`. -- cgit v1.2.3 From eba610956b088e0d881c44189ef3e0d613bbf922 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 12 Oct 2022 15:09:00 +0200 Subject: Move some options into a misc category This unclutters the per-command options a bit by moving out some global options. --- src/libcmd/command.cc | 3 ++- src/libcmd/common-eval-args.cc | 2 -- src/libcmd/common-eval-args.hh | 2 ++ src/libmain/common-args.cc | 1 + src/libmain/common-args.hh | 1 + src/nix/main.cc | 4 ++++ 6 files changed, 10 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/libcmd/command.cc b/src/libcmd/command.cc index 14bb27936..1fdd9e0bd 100644 --- a/src/libcmd/command.cc +++ b/src/libcmd/command.cc @@ -88,7 +88,8 @@ EvalCommand::EvalCommand() { addFlag({ .longName = "debugger", - .description = "start an interactive environment if evaluation fails", + .description = "Start an interactive environment if evaluation fails.", + .category = MixEvalArgs::category, .handler = {&startReplOnEvalErrors, true}, }); } diff --git a/src/libcmd/common-eval-args.cc b/src/libcmd/common-eval-args.cc index 5b6e82388..140ed3b88 100644 --- a/src/libcmd/common-eval-args.cc +++ b/src/libcmd/common-eval-args.cc @@ -13,8 +13,6 @@ namespace nix { MixEvalArgs::MixEvalArgs() { - auto category = "Common evaluation options"; - addFlag({ .longName = "arg", .description = "Pass the value *expr* as the argument *name* to Nix functions.", diff --git a/src/libcmd/common-eval-args.hh b/src/libcmd/common-eval-args.hh index 03fa226aa..1ec800613 100644 --- a/src/libcmd/common-eval-args.hh +++ b/src/libcmd/common-eval-args.hh @@ -10,6 +10,8 @@ class Bindings; struct MixEvalArgs : virtual Args { + static constexpr auto category = "Common evaluation options"; + MixEvalArgs(); Bindings * getAutoArgs(EvalState & state); diff --git a/src/libmain/common-args.cc b/src/libmain/common-args.cc index 12f5403ea..f92920d18 100644 --- a/src/libmain/common-args.cc +++ b/src/libmain/common-args.cc @@ -32,6 +32,7 @@ MixCommonArgs::MixCommonArgs(const std::string & programName) addFlag({ .longName = "option", .description = "Set the Nix configuration setting *name* to *value* (overriding `nix.conf`).", + .category = miscCategory, .labels = {"name", "value"}, .handler = {[](std::string name, std::string value) { try { diff --git a/src/libmain/common-args.hh b/src/libmain/common-args.hh index 25453b8c6..f180d83ce 100644 --- a/src/libmain/common-args.hh +++ b/src/libmain/common-args.hh @@ -6,6 +6,7 @@ namespace nix { //static constexpr auto commonArgsCategory = "Miscellaneous common options"; static constexpr auto loggingCategory = "Logging-related options"; +static constexpr auto miscCategory = "Miscellaneous global options"; class MixCommonArgs : public virtual Args { diff --git a/src/nix/main.cc b/src/nix/main.cc index 006911216..d78312944 100644 --- a/src/nix/main.cc +++ b/src/nix/main.cc @@ -74,6 +74,7 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs addFlag({ .longName = "help", .description = "Show usage information.", + .category = miscCategory, .handler = {[&]() { throw HelpRequested(); }}, }); @@ -88,6 +89,7 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs addFlag({ .longName = "version", .description = "Show version information.", + .category = miscCategory, .handler = {[&]() { showVersion = true; }}, }); @@ -95,12 +97,14 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs .longName = "offline", .aliases = {"no-net"}, // FIXME: remove .description = "Disable substituters and consider all previously downloaded files up-to-date.", + .category = miscCategory, .handler = {[&]() { useNet = false; }}, }); addFlag({ .longName = "refresh", .description = "Consider all previously downloaded files out-of-date.", + .category = miscCategory, .handler = {[&]() { refresh = true; }}, }); } -- cgit v1.2.3 From a86916eb72f3a774d1d3ca859381b3ea8be5e0af Mon Sep 17 00:00:00 2001 From: Steam Deck User Date: Thu, 6 Oct 2022 11:01:55 -0700 Subject: Make warning about chroot store location more accurate While trying to use an alternate directory for my Nix installation, I noticed that nix's output didn't reflect the updated state directory. This patch corrects that and now prints the warning before attempting to create the directory (if the directory creation fails, it wouldn't have been obvious why nix was attempting to create the directory in the first place). With this patch, I now get the following warning: warning: '/home/deck/.var/app/org.nixos.nix/var/nix' does not exist, so Nix will use '/home/deck/.local/share/nix/root' as a chroot store --- src/libstore/store-api.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/libstore/store-api.cc b/src/libstore/store-api.cc index 86b12257a..06a9758fc 100644 --- a/src/libstore/store-api.cc +++ b/src/libstore/store-api.cc @@ -1363,9 +1363,9 @@ std::shared_ptr openFromNonUri(const std::string & uri, const Store::Para } catch (Error & e) { return std::make_shared(params); } - warn("'/nix' does not exist, so Nix will use '%s' as a chroot store", chrootStore); + warn("'%s' does not exist, so Nix will use '%s' as a chroot store", stateDir, chrootStore); } else - debug("'/nix' does not exist, so Nix will use '%s' as a chroot store", chrootStore); + debug("'%s' does not exist, so Nix will use '%s' as a chroot store", stateDir, chrootStore); Store::Params params2; params2["root"] = chrootStore; return std::make_shared(params2); -- cgit v1.2.3 From 59a304a9a822467cecb5ee4d344c38e13711e78e Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 13 Oct 2022 11:25:49 -0700 Subject: Fix clang warnings --- src/libcmd/repl.cc | 2 +- src/libmain/progress-bar.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/libcmd/repl.cc b/src/libcmd/repl.cc index 61c05050f..df8932087 100644 --- a/src/libcmd/repl.cc +++ b/src/libcmd/repl.cc @@ -1050,7 +1050,7 @@ struct CmdRepl : InstallablesCommand evalSettings.pureEval = false; } - void prepare() + void prepare() override { if (!settings.isExperimentalFeatureEnabled(Xp::ReplFlake) && !(file) && this->_installables.size() >= 1) { warn("future versions of Nix will require using `--file` to load a file"); diff --git a/src/libmain/progress-bar.cc b/src/libmain/progress-bar.cc index 0bbeaff8d..961f4e18a 100644 --- a/src/libmain/progress-bar.cc +++ b/src/libmain/progress-bar.cc @@ -503,7 +503,7 @@ public: return s[0]; } - virtual void setPrintBuildLogs(bool printBuildLogs) + void setPrintBuildLogs(bool printBuildLogs) override { this->printBuildLogs = printBuildLogs; } -- cgit v1.2.3 From 96eb5ef156641ffc4c5ff01befe73a3419b346bc Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 13 Oct 2022 11:45:30 -0700 Subject: Improve Rosetta detection Turns out that one of those *.plist files can exist even if Rosetta is not installed. So let's just try to run an x86_64-darwin binary directly. --- src/libstore/globals.cc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index d724897bb..c3d5f9b8c 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -154,12 +154,12 @@ StringSet Settings::getDefaultExtraPlatforms() // machines. Note that we can’t force processes from executing // x86_64 in aarch64 environments or vice versa since they can // always exec with their own binary preferences. - if (pathExists("/Library/Apple/System/Library/LaunchDaemons/com.apple.oahd.plist") || - pathExists("/System/Library/LaunchDaemons/com.apple.oahd.plist")) { - if (std::string{SYSTEM} == "x86_64-darwin") - extraPlatforms.insert("aarch64-darwin"); - else if (std::string{SYSTEM} == "aarch64-darwin") + if (std::string{SYSTEM} == "aarch64-darwin") { + if (runProgram(RunOptions {.program = "arch", .args = {"-arch", "x86_64", "/bin/pwd"}, .mergeStderrToStdout = true}).first == 0) { + debug("Rosetta detected"); extraPlatforms.insert("x86_64-darwin"); + } else + debug("Rosetta not detected"); } #endif -- cgit v1.2.3 From 0359d6d12314e46e45f16cccca7e0b38046d2e1c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 13 Oct 2022 21:35:16 +0200 Subject: Fix error display if execve() in the builder fails After we've send "\2\n" to the parent, we can't send a serialized exception anymore. It will show up garbled like $ nix-build --store /tmp/nix --expr 'derivation { name = "foo"; system = "x86_64-linux"; builder = "/foo/bar"; }' this derivation will be built: /nix/store/xmdip0z5x1zqpp6gnxld3vqng7zbpapp-foo.drv building '/nix/store/xmdip0z5x1zqpp6gnxld3vqng7zbpapp-foo.drv'... ErrorErrorEexecuting '/foo/bar': No such file or directory error: builder for '/nix/store/xmdip0z5x1zqpp6gnxld3vqng7zbpapp-foo.drv' failed with exit code 1 --- src/libstore/build/local-derivation-goal.cc | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc index 18b682e13..5cea3b590 100644 --- a/src/libstore/build/local-derivation-goal.cc +++ b/src/libstore/build/local-derivation-goal.cc @@ -1594,6 +1594,8 @@ void LocalDerivationGoal::runChild() /* Warning: in the child we should absolutely not make any SQLite calls! */ + bool sendException = true; + try { /* child */ commonChildInit(builderOut); @@ -2050,6 +2052,8 @@ void LocalDerivationGoal::runChild() /* Indicate that we managed to set up the build environment. */ writeFull(STDERR_FILENO, std::string("\2\n")); + sendException = false; + /* Execute the program. This should not return. */ if (drv->isBuiltin()) { try { @@ -2103,10 +2107,13 @@ void LocalDerivationGoal::runChild() throw SysError("executing '%1%'", drv->builder); } catch (Error & e) { - writeFull(STDERR_FILENO, "\1\n"); - FdSink sink(STDERR_FILENO); - sink << e; - sink.flush(); + if (sendException) { + writeFull(STDERR_FILENO, "\1\n"); + FdSink sink(STDERR_FILENO); + sink << e; + sink.flush(); + } else + std::cerr << e.msg(); _exit(1); } } -- cgit v1.2.3 From ddd550395070eaee40e758ab630525f7e1162b85 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 14 Oct 2022 00:34:31 -0700 Subject: Use /usr/bin/true --- src/libstore/globals.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index c3d5f9b8c..903621da0 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -155,7 +155,7 @@ StringSet Settings::getDefaultExtraPlatforms() // x86_64 in aarch64 environments or vice versa since they can // always exec with their own binary preferences. if (std::string{SYSTEM} == "aarch64-darwin") { - if (runProgram(RunOptions {.program = "arch", .args = {"-arch", "x86_64", "/bin/pwd"}, .mergeStderrToStdout = true}).first == 0) { + if (runProgram(RunOptions {.program = "arch", .args = {"-arch", "x86_64", "/usr/bin/true"}, .mergeStderrToStdout = true}).first == 0) { debug("Rosetta detected"); extraPlatforms.insert("x86_64-darwin"); } else -- cgit v1.2.3 From 285277a61af8d7ad49f2155166690601aa1a59a9 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 14 Oct 2022 00:35:33 -0700 Subject: Remove useless debug statements We haven't parsed the '-v' command line flags yet when this code executes, so we can't actually get debug output here. --- src/libstore/globals.cc | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc index 903621da0..ff658c428 100644 --- a/src/libstore/globals.cc +++ b/src/libstore/globals.cc @@ -154,13 +154,9 @@ StringSet Settings::getDefaultExtraPlatforms() // machines. Note that we can’t force processes from executing // x86_64 in aarch64 environments or vice versa since they can // always exec with their own binary preferences. - if (std::string{SYSTEM} == "aarch64-darwin") { - if (runProgram(RunOptions {.program = "arch", .args = {"-arch", "x86_64", "/usr/bin/true"}, .mergeStderrToStdout = true}).first == 0) { - debug("Rosetta detected"); - extraPlatforms.insert("x86_64-darwin"); - } else - debug("Rosetta not detected"); - } + if (std::string{SYSTEM} == "aarch64-darwin" && + runProgram(RunOptions {.program = "arch", .args = {"-arch", "x86_64", "/usr/bin/true"}, .mergeStderrToStdout = true}).first == 0) + extraPlatforms.insert("x86_64-darwin"); #endif return extraPlatforms; -- cgit v1.2.3 From 0d756757877ecfb09fd2003cf887dfdf8067b702 Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Fri, 14 Oct 2022 12:25:41 +0200 Subject: libmain: Add extraStackOverflowHandler --- src/libmain/shared.hh | 19 +++++++++++++++++++ src/libmain/stack.cc | 6 ++++++ 2 files changed, 25 insertions(+) (limited to 'src') diff --git a/src/libmain/shared.hh b/src/libmain/shared.hh index 0cc56d47d..66d29a1f7 100644 --- a/src/libmain/shared.hh +++ b/src/libmain/shared.hh @@ -113,5 +113,24 @@ struct PrintFreed /* Install a SIGSEGV handler to detect stack overflows. */ void detectStackOverflow(); +/* Pluggable behavior to run before _exit(1) in case of a stack overflow. + + Default value: do nothing, return immediately. + + This is called by the handler installed by detectStackOverflow(). + + This gives Nix library consumers a limit opportunity to report the error + condition. + + NOTE: Use with diligence, because this runs in the signal handler, with very + limited stack space and a potentially a corrupted heap, all while the failed + thread is blocked indefinitely. All functions called must be reentrant. */ +extern std::function stackOverflowHandler; + +/* The default, robust implementation of stackOverflowHandler. + + Prints an error message directly to stderr using a syscall instead of the + logger. Exits the process immediately after. */ +void defaultStackOverflowHandler(siginfo_t * info, void * ctx); } diff --git a/src/libmain/stack.cc b/src/libmain/stack.cc index b0a4a4c5d..a6d10f738 100644 --- a/src/libmain/stack.cc +++ b/src/libmain/stack.cc @@ -1,4 +1,5 @@ #include "error.hh" +#include "shared.hh" #include #include @@ -31,6 +32,7 @@ static void sigsegvHandler(int signo, siginfo_t * info, void * ctx) if (diff < 4096) { char msg[] = "error: stack overflow (possible infinite recursion)\n"; [[gnu::unused]] auto res = write(2, msg, strlen(msg)); + nix::extraStackOverflowHandler(info, ctx); _exit(1); // maybe abort instead? } } @@ -67,5 +69,9 @@ void detectStackOverflow() #endif } +std::function extraStackOverflowHandler( + [](siginfo_t * info, void * ctx) { + } +); } -- cgit v1.2.3 From ab4eb39386eab091f8682efa69e104f4ed74c1ca Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Fri, 14 Oct 2022 12:37:34 +0200 Subject: libmain: Make the entire stack overflow handler pluggable --- src/libmain/shared.hh | 7 ++++--- src/libmain/stack.cc | 16 ++++++++-------- 2 files changed, 12 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/libmain/shared.hh b/src/libmain/shared.hh index 66d29a1f7..3c37fd627 100644 --- a/src/libmain/shared.hh +++ b/src/libmain/shared.hh @@ -113,14 +113,15 @@ struct PrintFreed /* Install a SIGSEGV handler to detect stack overflows. */ void detectStackOverflow(); -/* Pluggable behavior to run before _exit(1) in case of a stack overflow. +/* Pluggable behavior to run in case of a stack overflow. - Default value: do nothing, return immediately. + Default value: defaultStackOverflowHandler. This is called by the handler installed by detectStackOverflow(). This gives Nix library consumers a limit opportunity to report the error - condition. + condition. The handler should exit the process. + See defaultStackOverflowHandler() for a reference implementation. NOTE: Use with diligence, because this runs in the signal handler, with very limited stack space and a potentially a corrupted heap, all while the failed diff --git a/src/libmain/stack.cc b/src/libmain/stack.cc index a6d10f738..10f71c1dc 100644 --- a/src/libmain/stack.cc +++ b/src/libmain/stack.cc @@ -30,10 +30,7 @@ static void sigsegvHandler(int signo, siginfo_t * info, void * ctx) ptrdiff_t diff = (char *) info->si_addr - sp; if (diff < 0) diff = -diff; if (diff < 4096) { - char msg[] = "error: stack overflow (possible infinite recursion)\n"; - [[gnu::unused]] auto res = write(2, msg, strlen(msg)); - nix::extraStackOverflowHandler(info, ctx); - _exit(1); // maybe abort instead? + nix::stackOverflowHandler(info, ctx); } } @@ -69,9 +66,12 @@ void detectStackOverflow() #endif } -std::function extraStackOverflowHandler( - [](siginfo_t * info, void * ctx) { - } -); +std::function stackOverflowHandler(defaultStackOverflowHandler); + +void defaultStackOverflowHandler(siginfo_t * info, void * ctx) { + char msg[] = "error: stack overflow (possible infinite recursion)\n"; + [[gnu::unused]] auto res = write(2, msg, strlen(msg)); + _exit(1); // maybe abort instead? +} } -- cgit v1.2.3 From a259084c50cdb692a6ba6818bb56ee381e67715b Mon Sep 17 00:00:00 2001 From: Andrew Brooks Date: Fri, 14 Oct 2022 18:04:47 -0500 Subject: Fix #7146 When fetching a non-local git repo by ref (and no rev), don't consider unrelated cached revs for the same repository. --- src/libfetchers/git.cc | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/libfetchers/git.cc b/src/libfetchers/git.cc index c1a21e764..7b7a1be35 100644 --- a/src/libfetchers/git.cc +++ b/src/libfetchers/git.cc @@ -485,6 +485,10 @@ struct GitInputScheme : InputScheme } input.attrs.insert_or_assign("ref", *head); unlockedAttrs.insert_or_assign("ref", *head); + } else { + if (!input.getRev()) { + unlockedAttrs.insert_or_assign("ref", input.getRef().value()); + } } if (auto res = getCache()->lookup(store, unlockedAttrs)) { -- cgit v1.2.3 From af9c9504ca8c2be9e9854e74a081743d882c8a8d Mon Sep 17 00:00:00 2001 From: Nathan Henrie Date: Mon, 17 Oct 2022 14:15:32 -0600 Subject: Fix typo -- dashes not underscores --- src/nix/repl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/nix/repl.md b/src/nix/repl.md index 23ef0f4e6..c5113be61 100644 --- a/src/nix/repl.md +++ b/src/nix/repl.md @@ -36,7 +36,7 @@ R""( Loading Installable ''... Added 1 variables. - # nix repl --extra_experimental_features 'flakes repl-flake' nixpkgs + # nix repl --extra-experimental-features 'flakes repl-flake' nixpkgs Loading Installable 'flake:nixpkgs#'... Added 5 variables. -- cgit v1.2.3 From 61f89e954af060c8dbdcd5a4fffcf023ac555686 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 18 Oct 2022 16:42:06 +0200 Subject: Add command 'nix store path-from-hash-part' This exposes the Store::queryPathFromHashPart() interface in the CLI. --- src/nix/path-from-hash-part.cc | 39 +++++++++++++++++++++++++++++++++++++++ src/nix/path-from-hash-part.md | 20 ++++++++++++++++++++ 2 files changed, 59 insertions(+) create mode 100644 src/nix/path-from-hash-part.cc create mode 100644 src/nix/path-from-hash-part.md (limited to 'src') diff --git a/src/nix/path-from-hash-part.cc b/src/nix/path-from-hash-part.cc new file mode 100644 index 000000000..7f7cda8d3 --- /dev/null +++ b/src/nix/path-from-hash-part.cc @@ -0,0 +1,39 @@ +#include "command.hh" +#include "store-api.hh" + +using namespace nix; + +struct CmdPathFromHashPart : StoreCommand +{ + std::string hashPart; + + CmdPathFromHashPart() + { + expectArgs({ + .label = "hash-part", + .handler = {&hashPart}, + }); + } + + std::string description() override + { + return "get a store path from its hash part"; + } + + std::string doc() override + { + return + #include "path-from-hash-part.md" + ; + } + + void run(ref store) override + { + if (auto storePath = store->queryPathFromHashPart(hashPart)) + logger->cout(store->printStorePath(*storePath)); + else + throw Error("there is no store path corresponding to '%s'", hashPart); + } +}; + +static auto rCmdPathFromHashPart = registerCommand2({"store", "path-from-hash-part"}); diff --git a/src/nix/path-from-hash-part.md b/src/nix/path-from-hash-part.md new file mode 100644 index 000000000..788e13ab6 --- /dev/null +++ b/src/nix/path-from-hash-part.md @@ -0,0 +1,20 @@ +R""( + +# Examples + +* Return the full store path with the given hash part: + + ```console + # nix store path-from-hash-part --store https://cache.nixos.org/ 0i2jd68mp5g6h2sa5k9c85rb80sn8hi9 + /nix/store/0i2jd68mp5g6h2sa5k9c85rb80sn8hi9-hello-2.10 + ``` + +# Description + +Given the hash part of a store path (that is, the 32 characters +following `/nix/store/`), return the full store path. This is +primarily useful in the implementation of binary caches, where a +request for a `.narinfo` file only supplies the hash part +(e.g. `https://cache.nixos.org/0i2jd68mp5g6h2sa5k9c85rb80sn8hi9.narinfo`). + +)"" -- cgit v1.2.3 From e136d57f26155a9f54dfb0ca00212b2016932104 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 18 Oct 2022 17:48:09 +0200 Subject: Implement BinaryCacheStore::queryPathFromHashPart() --- src/libstore/binary-cache-store.cc | 11 +++++++++++ src/libstore/binary-cache-store.hh | 3 +-- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/libstore/binary-cache-store.cc b/src/libstore/binary-cache-store.cc index 9226c4e19..a26770c79 100644 --- a/src/libstore/binary-cache-store.cc +++ b/src/libstore/binary-cache-store.cc @@ -331,6 +331,17 @@ bool BinaryCacheStore::isValidPathUncached(const StorePath & storePath) return fileExists(narInfoFileFor(storePath)); } +std::optional BinaryCacheStore::queryPathFromHashPart(const std::string & hashPart) +{ + auto pseudoPath = StorePath(hashPart + "-" + MissingName); + try { + auto info = queryPathInfo(pseudoPath); + return info->path; + } catch (InvalidPath &) { + return std::nullopt; + } +} + void BinaryCacheStore::narFromPath(const StorePath & storePath, Sink & sink) { auto info = queryPathInfo(storePath).cast(); diff --git a/src/libstore/binary-cache-store.hh b/src/libstore/binary-cache-store.hh index ca538b3cb..8c82e2387 100644 --- a/src/libstore/binary-cache-store.hh +++ b/src/libstore/binary-cache-store.hh @@ -95,8 +95,7 @@ public: void queryPathInfoUncached(const StorePath & path, Callback> callback) noexcept override; - std::optional queryPathFromHashPart(const std::string & hashPart) override - { unsupported("queryPathFromHashPart"); } + std::optional queryPathFromHashPart(const std::string & hashPart) override; void addToStore(const ValidPathInfo & info, Source & narSource, RepairFlag repair, CheckSigsFlag checkSigs) override; -- cgit v1.2.3 From 8e7804273cec1bb3fa05ce09a37f0732b71a72ec Mon Sep 17 00:00:00 2001 From: Austin Kiekintveld Date: Sat, 22 Oct 2022 19:51:22 -0500 Subject: Defer to SSH config files for ForwardAgent option Currently, Nix passes `-a` when it runs commands on a remote machine via SSH, which disables agent forwarding. This causes issues when the `ForwardAgent` option is set in SSH config files, as the command line operation always overrides those. In particular, this causes issues if the command being run is `sudo` and the remote machine is configured with the equivalent of NixOS's `security.pam.enableSSHAgentAuth` option. Not allowing SSH agent forwarding can cause authentication to fail unexpectedly. This can currently be worked around by setting `NIX_SSHOPTS="-A"`, but we should defer to the options in the SSH config files to be least surprising for users. --- src/libstore/ssh.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/libstore/ssh.cc b/src/libstore/ssh.cc index 1bbad71f2..69bfe3418 100644 --- a/src/libstore/ssh.cc +++ b/src/libstore/ssh.cc @@ -67,7 +67,7 @@ std::unique_ptr SSHMaster::startCommand(const std::string if (fakeSSH) { args = { "bash", "-c" }; } else { - args = { "ssh", host.c_str(), "-x", "-a" }; + args = { "ssh", host.c_str(), "-x" }; addCommonSSHOpts(args); if (socketPath != "") args.insert(args.end(), {"-S", socketPath}); -- cgit v1.2.3 From 334fa81d0828f79d832a029ba16e0c807ec15554 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 23 Oct 2022 06:54:11 -0400 Subject: Mark flakes with .type = "flake". Fixes #7186 --- src/libexpr/flake/call-flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/libexpr/flake/call-flake.nix b/src/libexpr/flake/call-flake.nix index 932ac5e90..87d7a126b 100644 --- a/src/libexpr/flake/call-flake.nix +++ b/src/libexpr/flake/call-flake.nix @@ -43,7 +43,7 @@ let outputs = flake.outputs (inputs // { self = result; }); - result = outputs // sourceInfo // { inherit inputs; inherit outputs; inherit sourceInfo; }; + result = outputs // sourceInfo // { inherit inputs; inherit outputs; inherit sourceInfo; type = "flake"; }; in if node.flake or true then assert builtins.isFunction flake.outputs; -- cgit v1.2.3 From a9a868fe6a456a52cf08244dbb87d67798ed3f9c Mon Sep 17 00:00:00 2001 From: Michal Sojka Date: Mon, 24 Oct 2022 08:49:46 +0200 Subject: Improve --profile description The description of the --profile option talks about the "update" operation. This is probably meant for operations such as "nix profile install", but the same option is reused in other subcommands, which do not update the profile, such as "nix profile {list,history,diff-closures}". We update the description to make sense in both contexts. --- src/libcmd/command.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/libcmd/command.cc b/src/libcmd/command.cc index 1fdd9e0bd..0740ea960 100644 --- a/src/libcmd/command.cc +++ b/src/libcmd/command.cc @@ -226,7 +226,7 @@ MixProfile::MixProfile() { addFlag({ .longName = "profile", - .description = "The profile to update.", + .description = "The profile to operate on.", .labels = {"path"}, .handler = {&profile}, .completer = completePath -- cgit v1.2.3 From da2c61637bbf5d22fc2aa3c8d24005f364d28fa2 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 25 Oct 2022 16:48:31 +0200 Subject: Use _type Co-authored-by: Robert Hensing --- src/libexpr/flake/call-flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/libexpr/flake/call-flake.nix b/src/libexpr/flake/call-flake.nix index 87d7a126b..8061db3df 100644 --- a/src/libexpr/flake/call-flake.nix +++ b/src/libexpr/flake/call-flake.nix @@ -43,7 +43,7 @@ let outputs = flake.outputs (inputs // { self = result; }); - result = outputs // sourceInfo // { inherit inputs; inherit outputs; inherit sourceInfo; type = "flake"; }; + result = outputs // sourceInfo // { inherit inputs; inherit outputs; inherit sourceInfo; _type = "flake"; }; in if node.flake or true then assert builtins.isFunction flake.outputs; -- cgit v1.2.3 From aff6d10934f046066ed68b0d54fa077e726008e5 Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Wed, 26 Oct 2022 10:05:27 +0200 Subject: nix run: fix "'defaultApp.x86_64-linux' should have type 'derivation'" --- src/nix/app.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/nix/app.cc b/src/nix/app.cc index 821964f86..48de8fb82 100644 --- a/src/nix/app.cc +++ b/src/nix/app.cc @@ -66,7 +66,9 @@ UnresolvedApp Installable::toApp(EvalState & state) auto type = cursor->getAttr("type")->getString(); - std::string expected = !attrPath.empty() && state.symbols[attrPath[0]] == "apps" ? "app" : "derivation"; + std::string expected = !attrPath.empty() && + (state.symbols[attrPath[0]] == "apps" || state.symbols[attrPath[0]] == "defaultApp") + ? "app" : "derivation"; if (type != expected) throw Error("attribute '%s' should have type '%s'", cursor->getAttrPathStr(), expected); -- cgit v1.2.3 From 9bff7e8ee26c97441858e1cea097f44c6db61235 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= <7226587+thufschmitt@users.noreply.github.com> Date: Tue, 25 Oct 2022 21:17:32 +0200 Subject: Fix `nix __build-remote` Because of a wrong index, `nix __build-remote` wasn't working. Fix the index to restore the command (and the build hook). --- src/nix/main.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/nix/main.cc b/src/nix/main.cc index d78312944..f8e93e367 100644 --- a/src/nix/main.cc +++ b/src/nix/main.cc @@ -270,7 +270,7 @@ void mainWrapped(int argc, char * * argv) programPath = argv[0]; auto programName = std::string(baseNameOf(programPath)); - if (argc > 0 && std::string_view(argv[0]) == "__build-remote") { + if (argc > 1 && std::string_view(argv[1]) == "__build-remote") { programName = "build-remote"; argv++; argc--; } -- cgit v1.2.3 From f8d01933838f719b2511a9a73a5fa710cdd59496 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= Date: Thu, 27 Oct 2022 11:53:04 +0200 Subject: Pass the right argv when calling the build hook Call it as `['nix', '__build-remote', ... ]` rather than the previous `["__build-remote", "nix __build-remote", ... ]` which seemed to have been most likely unintended --- src/libstore/build/hook-instance.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/libstore/build/hook-instance.cc b/src/libstore/build/hook-instance.cc index 1f19ddccc..cb58a1f02 100644 --- a/src/libstore/build/hook-instance.cc +++ b/src/libstore/build/hook-instance.cc @@ -16,11 +16,11 @@ HookInstance::HookInstance() buildHookArgs.pop_front(); Strings args; + args.push_back(std::string(baseNameOf(buildHook))); for (auto & arg : buildHookArgs) args.push_back(arg); - args.push_back(std::string(baseNameOf(settings.buildHook.get()))); args.push_back(std::to_string(verbosity)); /* Create a pipe to get the output of the child. */ -- cgit v1.2.3 From cd86eeb693342c79b01ff38ca723088dc1e42291 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Fri, 28 Oct 2022 12:19:37 +0200 Subject: Move savedArgv into libmain `savedArgv` is not accessible by plugins when defined in main binary. Moving it into one of the nix lib fix the problem. --- src/libmain/shared.cc | 1 + src/nix/main.cc | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc index c1cf38565..a58428762 100644 --- a/src/libmain/shared.cc +++ b/src/libmain/shared.cc @@ -33,6 +33,7 @@ namespace nix { +char * * savedArgv; static bool gcWarning = true; diff --git a/src/nix/main.cc b/src/nix/main.cc index d78312944..956730276 100644 --- a/src/nix/main.cc +++ b/src/nix/main.cc @@ -53,7 +53,6 @@ static bool haveInternet() } std::string programPath; -char * * savedArgv; struct HelpRequested { }; -- cgit v1.2.3 From 34ea0e2e7b72aa70b4b562eef77c7f3617fed1bb Mon Sep 17 00:00:00 2001 From: Yorick van Pelt Date: Tue, 1 Nov 2022 15:46:30 +0100 Subject: tarfile: set directory mode to at least 0500, don't extract fflags We don't need SGID, or any ACL's. We also want to keep every dir +rx. --- src/libutil/tarfile.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/libutil/tarfile.cc b/src/libutil/tarfile.cc index a7db58559..238d0a7a6 100644 --- a/src/libutil/tarfile.cc +++ b/src/libutil/tarfile.cc @@ -77,9 +77,7 @@ TarArchive::~TarArchive() static void extract_archive(TarArchive & archive, const Path & destDir) { - int flags = ARCHIVE_EXTRACT_FFLAGS - | ARCHIVE_EXTRACT_PERM - | ARCHIVE_EXTRACT_TIME + int flags = ARCHIVE_EXTRACT_TIME | ARCHIVE_EXTRACT_SECURE_SYMLINKS | ARCHIVE_EXTRACT_SECURE_NODOTDOT; @@ -98,6 +96,10 @@ static void extract_archive(TarArchive & archive, const Path & destDir) archive_entry_copy_pathname(entry, (destDir + "/" + name).c_str()); + // sources can and do contain dirs with no rx bits + if (archive_entry_filetype(entry) == AE_IFDIR && (archive_entry_mode(entry) & 0500) != 0500) + archive_entry_set_mode(entry, archive_entry_mode(entry) | 0500); + // Patch hardlink path const char *original_hardlink = archive_entry_hardlink(entry); if (original_hardlink) { -- cgit v1.2.3 From dad859ba0f2d1faad5d687348ad1a4e8ebe8b123 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Na=C3=AFm=20Favier?= Date: Fri, 4 Nov 2022 12:41:38 +0100 Subject: Fix printing of eval errors with two format placeholders --- src/libexpr/eval.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index e3716f217..563f24e48 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -904,7 +904,7 @@ void EvalState::throwEvalError(const char * s, const std::string & s2, const std::string & s3) { debugThrowLastTrace(EvalError({ - .msg = hintfmt(s, s2), + .msg = hintfmt(s, s2, s3), .errPos = positions[noPos] })); } @@ -913,7 +913,7 @@ void EvalState::throwEvalError(const PosIdx pos, const char * s, const std::stri const std::string & s3) { debugThrowLastTrace(EvalError({ - .msg = hintfmt(s, s2), + .msg = hintfmt(s, s2, s3), .errPos = positions[pos] })); } @@ -922,7 +922,7 @@ void EvalState::throwEvalError(const PosIdx pos, const char * s, const std::stri const std::string & s3, Env & env, Expr & expr) { debugThrow(EvalError({ - .msg = hintfmt(s, s2), + .msg = hintfmt(s, s2, s3), .errPos = positions[pos] }), env, expr); } -- cgit v1.2.3 From 907f52c3376ea764e3fd143fe48c0bbb8958ef22 Mon Sep 17 00:00:00 2001 From: Patrick Jackson Date: Fri, 4 Nov 2022 10:49:44 -0700 Subject: build-remote: Add brackets to error message --- src/build-remote/build-remote.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/build-remote/build-remote.cc b/src/build-remote/build-remote.cc index ff8ba2724..6b81ecc49 100644 --- a/src/build-remote/build-remote.cc +++ b/src/build-remote/build-remote.cc @@ -186,12 +186,12 @@ static int main_build_remote(int argc, char * * argv) // build the hint template. std::string errorText = "Failed to find a machine for remote build!\n" - "derivation: %s\nrequired (system, features): (%s, %s)"; + "derivation: %s\nrequired (system, features): (%s, [%s])"; errorText += "\n%s available machines:"; errorText += "\n(systems, maxjobs, supportedFeatures, mandatoryFeatures)"; for (unsigned int i = 0; i < machines.size(); ++i) - errorText += "\n(%s, %s, %s, %s)"; + errorText += "\n([%s], %s, [%s], [%s])"; // add the template values. std::string drvstr; -- cgit v1.2.3 From f7ab93b0685b653c60b86540639a42b03389c90b Mon Sep 17 00:00:00 2001 From: Valentin Gagarin Date: Sun, 6 Nov 2022 12:25:21 +0100 Subject: manual: build action -> build task after discussing this with multiple people, I'm convinced that "build task" is more precise: a derivation is not an action, but inert until it is built. also it's easier to pronounce. proposal: use "build task" for the generic concept "description of how to derive new files from the contents of existing files". then it will be easier to distinguish what we mean by "derivation" (a specific data structure and Nix language value type) and "store derivation" (a serialisation of a derivation into a file in the Nix store). --- src/nix/daemon.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/nix/daemon.md b/src/nix/daemon.md index e97016a94..d5cdadf08 100644 --- a/src/nix/daemon.md +++ b/src/nix/daemon.md @@ -11,7 +11,7 @@ R""( # Description This command runs the Nix daemon, which is a required component in -multi-user Nix installations. It performs build actions and other +multi-user Nix installations. It runs build tasks and other operations on the Nix store on behalf of non-root users. Usually you don't run the daemon directly; instead it's managed by a service management framework such as `systemd`. -- cgit v1.2.3