Commit graph

5141 commits

Author SHA1 Message Date
Finn Behrens 5256bc77ca
add gitlab libfetcher 2020-05-28 23:00:08 +02:00
Eelco Dolstra f60ce4fa20
Merge pull request #3631 from andir/libutil-config-tests
Add unit tests for config.cc
2020-05-28 13:51:37 +02:00
Eelco Dolstra de141fcb79
Merge pull request #3455 from Ericson2314/enum-FileIngestionMethod
Replace some `bool recursive` with a new `FileIngestionMethod` enum
2020-05-28 13:50:06 +02:00
Eelco Dolstra 17ca997fc6 Merge remote-tracking branch 'origin/master' into flakes 2020-05-28 12:55:24 +02:00
Eelco Dolstra c3eff22f46 Merge branch 'store-visited' of https://github.com/mkenigs/nix into flakes 2020-05-28 12:15:39 +02:00
Eelco Dolstra 6286272371 nixpkgsFlakeRef(): Use locked nixpkgs 2020-05-28 12:13:13 +02:00
John Ericson 0f96f45061 Use FileIngestionMethod for nix hash
There was an enum there that matched in perfectly.
2020-05-27 23:50:11 -04:00
Matthew Bauer c66441a646 Rename some variables named “recursive” to “method”
This is much less confusing since recursive is no longer a boolean.
2020-05-27 13:21:26 -05:00
Matthew Bauer 7873fd175d Don’t use FileIngestionMethod for StorePathsCommand
This is a different recursive than used in makeFixedOutputPath.
2020-05-27 13:21:11 -05:00
Andreas Rammhold fc137d2f00
config.hh: Add documentation
Provides some general overview on the mechanics of Config/Setting and
comments for the public methods of Config.
2020-05-27 17:47:18 +02:00
Andreas Rammhold 9df3d8ccd7
tests/config.cc: add tests for Config::applyConfig 2020-05-27 17:47:18 +02:00
Andreas Rammhold e1b8c64c04
config.cc: extract parts of applyConfigFile into applyConfig
This moves the actual parsing of configuration contents into applyConfig
which applyConfigFile is then going to call. By changing this we can now
test the configuration file parsing without actually create a file on
disk.
2020-05-27 17:47:18 +02:00
Andreas Rammhold 93129cf1dd
Add unit tests for config.cc 2020-05-27 17:47:17 +02:00
Eelco Dolstra 66d3ac94c9 Merge pull request #3621 from gilligan/add-json-tests
Add unit tests for "json.hh"
2020-05-27 11:08:12 +02:00
Eelco Dolstra dae6a267a8
Merge pull request #3625 from gilligan/xml-writer-tests
Add unit tests for xml-writer
2020-05-27 11:07:53 +02:00
Carlo Nucera b90241ceb1 Change remaining bools with FileIngestionMethod 2020-05-26 11:32:41 -04:00
Carlo Nucera 6d73c10041 Merge remote-tracking branch 'origin/master' into enum-FileIngestionMethod 2020-05-26 11:14:08 -04:00
Tobias Pflug 4b388e8431 Add unit tests for xml-writer 2020-05-25 18:34:55 +02:00
Tobias Pflug c284700867 Add unit tests for "json.hh" 2020-05-25 11:57:45 +02:00
Tobias Pflug ecc5c90dfc Add unit tests for hashing functions 2020-05-25 11:50:41 +02:00
Matthew Kenigsberg 8d67794da1 handle circular flake dependencies in list-inputs 2020-05-21 17:06:11 -06:00
Tobias Pflug a73a820a5d Add unit testes for url.cc
This adds tests for

- parseURL
- percentDecode
- decodeQuery
2020-05-20 16:37:35 +02:00
Eelco Dolstra 5ef64f05e6 Cleanup 2020-05-18 15:50:29 +02:00
Eelco Dolstra 0ed946aa61 Merge branch 'wait-for-builders' of https://github.com/serokell/nix 2020-05-18 13:48:45 +02:00
Matthew Kenigsberg c4beded32e rm includes 2020-05-16 11:19:41 -06:00
Matthew Kenigsberg ba7d7ed2e3 Create bashInteractive InstallableFlake 2020-05-16 11:03:06 -06:00
Matthew Kenigsberg 0858793604 Call lockFlake once and store in _lockedFlake 2020-05-16 11:03:06 -06:00
Matthew Kenigsberg 04821bc171 use flake's nixpkgs to find bashInteractive 2020-05-16 11:03:06 -06:00
Matthew Kenigsberg 8fbc8540d3 use nixpkgs#bashInteractive for dev-shell 2020-05-16 11:03:06 -06:00
Ben Burdette 92123c6c79 Merge remote-tracking branch 'upstream/master' into errors-phase-2 2020-05-15 07:00:36 -06:00
Eelco Dolstra 5f64655ff4 Move registry-related commands from 'nix flake' to 'nix registry'
This makes 'nix flake' less cluttered and more consistent (it's only
subcommands that operator on a flake). Also, the registry is not
inherently flake-related (e.g. fetchTree could also use it to remap
inputs).
2020-05-15 14:38:10 +02:00
Ben Burdette 19694aa213 fix compile errors 2020-05-14 12:28:18 -06:00
Ben Burdette 4daccb279c formatting 2020-05-14 10:28:17 -06:00
Alexander Bantyev 183dd28266
Don't lock a user while doing remote builds 2020-05-14 17:00:54 +03:00
Ben Burdette ef9dd9f9bc formatting and a few minor changes 2020-05-13 15:56:39 -06:00
Ben Burdette c79d4addab consistent capitalization 2020-05-13 10:02:18 -06:00
Ben Burdette bfca5fc395 change status messages to info level 2020-05-13 09:52:36 -06:00
Eelco Dolstra 849d3968db
Update src/libfetchers/git.cc
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-05-13 10:41:21 +02:00
Ben Burdette ecbb8e9c0a no blank line if no LOC 2020-05-12 14:41:30 -06:00
Ben Burdette 960d4362ed hint only 2020-05-12 13:54:18 -06:00
Ben Burdette 72ecccee57 convert to logWarning format 2020-05-12 12:19:34 -06:00
Ben Burdette 19cffc29c9 remove unused extra json fields 2020-05-12 12:09:12 -06:00
Ben Burdette 2a19bf8619 move pos to the first arg, to indicate its not used in a fmt template 2020-05-12 11:27:37 -06:00
Ben Burdette ec870b9c85 new pos format for more errors 2020-05-12 10:52:26 -06:00
Eelco Dolstra 215f09d765
Merge pull request #3587 from NixOS/bash-completion
Generic shell completion support for the 'nix' command
2020-05-12 18:26:13 +02:00
Eelco Dolstra ebc024df22
Show hint how to enable experimental features 2020-05-12 15:47:09 +02:00
Eelco Dolstra 268ecf5b3f
nix: Don't require --experimental-features=nix-command for some subcommands 2020-05-12 15:47:09 +02:00
Eelco Dolstra b8b2dbf272 Fix InstallableCommand 2020-05-12 11:53:32 +02:00
Eelco Dolstra 437614b479 Fix macOS build
macOS doesn't have GLOB_ONLYDIR.
2020-05-12 11:09:09 +02:00
Ben Burdette 7c3138844c more pos reporting 2020-05-11 17:34:57 -06:00
Ben Burdette 631642c5b4 new format for pos 2020-05-11 16:58:08 -06:00
Ben Burdette b93c1bf3d6 fixes to merged code 2020-05-11 15:52:15 -06:00
Ben Burdette 59b1f5c701 Merge branch 'master' into errors-phase-2 2020-05-11 14:35:30 -06:00
Eelco Dolstra 649c2db308 nix flake: Add completion support 2020-05-11 22:10:33 +02:00
Eelco Dolstra 27d34ef770 When completing flakerefs, only return directories 2020-05-11 22:04:13 +02:00
Ben Burdette 536bbf53e1 comments and cleanup 2020-05-11 13:58:38 -06:00
Eelco Dolstra 259ff74bde Add completion for installables
This completes flakerefs using the registry (e.g. 'nix<TAB>' => 'nix
nixpkgs') and flake output attributes by evaluating the flake
(e.g. 'dwarffs#nix<TAB>' => 'dwarffs#nixosModules').
2020-05-11 21:49:02 +02:00
Eelco Dolstra e917332d63 Shut up warnings while running completers 2020-05-11 21:38:17 +02:00
Ben Burdette 958e81987b switch from printError warnings to logWarnings 2020-05-11 13:02:16 -06:00
Domen Kožar 5bdb67c843
Merge pull request #3568 from kolloch/outputHashModeError
libstore/build.cc: more explicit error about form of output
2020-05-11 18:14:32 +02:00
Domen Kožar 1d8144e36b
Update src/libstore/build.cc 2020-05-11 18:14:23 +02:00
Eelco Dolstra 4c3c638a05 Cleanup 2020-05-11 15:57:45 +02:00
Eelco Dolstra 0884f180f5 Simplify 2020-05-10 21:50:32 +02:00
Eelco Dolstra e0c19ee620 Add completion for paths 2020-05-10 21:35:07 +02:00
Eelco Dolstra 91ddee6bf0 nix: Implement basic bash completion 2020-05-10 20:32:21 +02:00
Matthew Kenigsberg 73ee1afffe Reorder to build
This reverts commit 883948d7a0add742ccae58e9845d769a8064371c.
2020-05-09 14:42:32 -06:00
Matthew Kenigsberg 9f4cfbb2e7 Refactor installables
InstallableValue has children InstallableFlake and InstallableAttrPath, but InstallableFlake was overriding toDerivations, and usage was changed so that InstallableFlake didn't need cmd. So these changes were made:
InstallableValue::toDerivations() -> InstalllableAttrPath::toDerivations()
InstallableValue::cmd -> InstallableAttrPath::cmd

InstallableValue uses state instead of cmd

toBuildables() and toDerivations() were made abstract
2020-05-09 14:42:32 -06:00
Matthew Kenigsberg bf81dd40e9 InstallableExpr unused 2020-05-09 10:16:00 -06:00
Benjamin Hipple 146f9c114f doc: consistently refer to 'fixed-output' with a dash
General cleanup that makes it easier to search for the term.
2020-05-09 10:58:43 -04:00
Ben Burdette 55eb717148 add pos to errorinfo, remove from hints 2020-05-08 18:18:28 -06:00
Eelco Dolstra d3d8186c9c
Merge pull request #3571 from gilligan/nix-unit-testing
Add unit tests
2020-05-08 17:02:25 +02:00
Tobias Pflug 181a47d884 Enable toLower umlauts test
Update comment and enable the test
2020-05-08 15:13:55 +02:00
Tobias Pflug 2191141274 Enable baseNameOf test
Add note about removal of trailing slashes in the doc comment of
baseNameOf and enabled the test.
2020-05-08 15:07:40 +02:00
Tobias Pflug e3df9c2a6e Enable dirOf test
Adjusted the doc comment for `dirOf` to reflect the implementation
behavior.
2020-05-08 15:03:44 +02:00
Eelco Dolstra 5b8883faac
configure: Look for gtest 2020-05-08 12:09:37 +02:00
Eelco Dolstra ca657525b8
Don't install unit tests 2020-05-08 12:03:27 +02:00
Eelco Dolstra 7898cdb75a
make check: Run unit tests 2020-05-08 11:49:40 +02:00
Eelco Dolstra 72b9d971bc
Fix warning 2020-05-08 11:35:57 +02:00
Eelco Dolstra 7cc7cef950
Move unit tests to sr/libutil/tests, use mk make rules 2020-05-08 11:34:09 +02:00
Alexander Bantyev 772e5db828
Mention build users in the 'waiting for' message 2020-05-08 12:29:00 +03:00
Alexander Bantyev 14073fb76b
Don't block while waiting for build users 2020-05-08 12:22:39 +03:00
Ben Burdette 1b801cec40 pretending to be const 2020-05-07 16:43:36 -06:00
Tobias Pflug 1f3602a2c9 Remove replaceInSet
The function isn't being used anywhere so it seems safe to remove
2020-05-07 18:15:13 +02:00
Eelco Dolstra 14a3a62bfc
Update src/nix/search.cc
Co-authored-by: Jörg Thalheim <Mic92@users.noreply.github.com>
2020-05-07 12:13:16 +02:00
Ben Burdette e3901638b5 todo removal 2020-05-06 15:01:13 -06:00
Ben Burdette e76ad2e48a implement SysError errno handling 2020-05-06 14:07:20 -06:00
Eelco Dolstra 1ad71bc62c Remove support for old lockfiles and the epoch/uri attributes 2020-05-06 17:48:18 +02:00
Eelco Dolstra b0e9b07e80 Remove obsolete FIXME 2020-05-06 17:40:01 +02:00
Eelco Dolstra ff394ff206 Remove the nixpkgs.<attr> compatibility hack
Since we've changed a lot of things in the 'nix' command (e.g. rename
'nix run') there is not much point in keeping this around.
2020-05-06 17:20:23 +02:00
Domen Kožar 672985531c
Merge pull request #3570 from Mic92/nix-search
nix/search: no error for empty search results if json is enabled
2020-05-06 16:14:58 +02:00
Jörg Thalheim 85c1932c94
nix/search: no error for empty search results if json is enabled
- result list will be always empty if --json is passed
- for scripts an empty search result is not really an error,
  we rather want to distinguish between evaluation errors and empty results
2020-05-06 14:43:54 +01:00
Eelco Dolstra 2f8ee4578f
Merge remote-tracking branch 'origin/master' into flakes 2020-05-06 12:01:40 +02:00
Eelco Dolstra 74a1bfdcab
Merge pull request #3546 from guibou/nix_readfile_on_0_sized_files
builtins.readFile: do not truncate content
2020-05-06 11:33:55 +02:00
Eelco Dolstra 272c4ba36d
Merge pull request #3557 from Ma27/nix-repl-help
Improve help-message for nix-repl
2020-05-06 11:25:47 +02:00
Peter Kolloch 9be46859a9 libstore/build.cc: more explicit about form of output
Be more explicit about why we expect a regular file as output
when outputHashMode=flat for a fixed output derivation.
2020-05-06 11:21:12 +02:00
Eelco Dolstra 02c5914ea4
Merge pull request #3562 from pikajude/master
Use fragment size for autoGC capacity calculation
2020-05-06 11:19:30 +02:00
Eelco Dolstra fd4911269f
Revert "Merge pull request #3558 from LnL7/ssh-ng-stderr"
This reverts commit 3ebfbecdd1, reversing
changes made to c089c52d5f.

https://github.com/NixOS/nix/pull/3558
2020-05-06 10:54:18 +02:00
Eelco Dolstra 6f3244ce45 Merge remote-tracking branch 'origin/master' into flakes 2020-05-05 18:59:33 +02:00
Eelco Dolstra 909b4a8820 nix doctor: Consistency 2020-05-05 15:27:47 +02:00
Eelco Dolstra f132d82a79 nix --help: Group commands 2020-05-05 15:18:23 +02:00
Alexander Bantyev 04967dee9d
Wait for build users when none are available 2020-05-05 13:04:36 +03:00
Ben Burdette 7ffb5efdbc appending to hints; remove _printError 2020-05-04 16:19:57 -06:00
Ben Burdette f30de61578 add normaltxt, yellowify->yellowtxt 2020-05-04 16:19:20 -06:00
Jude Taylor e2fc575c61 nix auto-gc: use fragment size 2020-05-04 14:42:06 -07:00
Ben Burdette 8c8f2b74ec log as warning 2020-05-04 14:44:42 -06:00
Ben Burdette afaa541013 affinity operator<< 2020-05-04 14:44:00 -06:00
Eelco Dolstra a721a0b114 Flag: Use designated initializers 2020-05-04 22:40:19 +02:00
Ben Burdette 9c5ece44a7 separate msgs instead of appending to what() 2020-05-04 13:46:15 -06:00
Eelco Dolstra 3ebfbecdd1
Merge pull request #3558 from LnL7/ssh-ng-stderr
remote-store: don't log raw stderr by default
2020-05-04 13:02:33 +02:00
Ben Burdette ab6f0b9641 convert some printError calls to logError 2020-05-03 08:01:25 -06:00
Daiderd Jordan 4769eea5e2
logging: handle build log lines in simple logger
The raw stderr output isn't logged anymore so the build logs need to be
printed by the default logger in order for the old commands like
nix-build to still show build output.
2020-05-02 23:40:53 +02:00
Daiderd Jordan f16e24f95e
remote-store: don't log raw stderr by default
For remote stores the log messages are already forwarded as structured
STDERR_RESULT messages so the old format is duplicate information.  But
still included with -vvv since it could be useful for debugging
problems.

    $ nix build -L /nix/store/nl71b2niws857ffiaggyrkjwgx9jjzc0-foo.drv --store ssh-ng://localhost
    Hello World!
    foo> Hello World!
    [1/0/1 built] building foo

Fixes #3556
2020-05-02 23:40:50 +02:00
Maximilian Bosch 2aeb874e83
Improve help-message for nix-repl
* Remove obsolete `printHelp` function
* Add an example to demonstrate how to list all available commands
  within the REPL
2020-05-01 23:32:01 +02:00
Ben Burdette 4b99c09f5c convert some errors 2020-05-01 14:32:06 -06:00
Eelco Dolstra c089c52d5f Fix build 2020-05-01 12:42:39 +02:00
Matthew Kenigsberg d6b4047c2f rename nix run to nix shell and nix app to nix run
(cherry picked from commit 5d8504b978)
2020-05-01 12:17:36 +02:00
Eelco Dolstra 941f95284a Merge remote-tracking branch 'origin/master' into flakes 2020-05-01 11:59:56 +02:00
Ben Burdette a3030e3c31 fix error calls 2020-04-30 17:56:26 -06:00
Ben Burdette f5d3215c87 logError 2020-04-30 16:31:47 -06:00
Ben Burdette 171b4ce85c typo 2020-04-30 09:57:01 -06:00
Eelco Dolstra 0135fd6ec4
nix dev-shell: Unset shellHook
This avoids inheriting the caller's shellHook, which can happen when
running a dev-shell inside a dev-shell.
2020-04-30 14:47:56 +02:00
Eelco Dolstra efe6c186ea
nix dev-shell: Support structured attrs
Tested against https://github.com/NixOS/nixpkgs/pull/72074.

Fixes #3540.
2020-04-30 14:47:47 +02:00
Eelco Dolstra 2fcfc6c2c6
nix dev-shell: Refactor script for getting the environment 2020-04-30 13:05:29 +02:00
Domen Kožar df8e9d691c
Merge pull request #3548 from Ma27/fetchtarball-pos
Fix displaying error-position in `builtins.fetch{Tree,Tarball}`
2020-04-30 10:33:12 +02:00
Ben Burdette 39ff80d031 errorinfo constructor test 2020-04-29 18:57:05 -06:00
Matthew Kenigsberg 5d8504b978 rename nix run to nix shell and nix app to nix run 2020-04-29 15:45:10 -06:00
Maximilian Bosch d1229859c2
Fix displaying error-position in builtins.fetch{Tree,Tarball}
Without dereferencing this pointer, you'd get an error like this:

```
error: unsupported argument 'abc' to 'fetchTarball', at 0x13627e8
```
2020-04-29 22:53:39 +02:00
Guillaume Bouchard 2e5be2a749 StringSink pre allocate
When used with `readFile`, we have a pretty good heuristic of the file
size, so `reserve` this in the `string`. This will save some allocation
/ copy when the string is growing.
2020-04-29 18:44:01 +02:00
Guillaume Bouchard 7afcb5af98 Remove the drain argument from readFile
Now it is always `drain` (see previous commit).
2020-04-29 18:43:45 +02:00
Ben Burdette e2f61263eb uncrustify formatting 2020-04-29 10:14:32 -06:00
Eelco Dolstra 9570036146 nix copy: Build derivations
Fixes

  $ nix copy .#hydraJobs.vendoredCrates --to /tmp/nix
  error: path '/nix/store/...' is not valid
2020-04-29 15:51:45 +02:00
Eelco Dolstra 9c4e05766b nix copy: Move --from / --to check
This means you now get an error message *before* stuff gets built:

  $ nix copy .#hydraJobs.vendoredCrates
  error: you must pass '--from' and/or '--to'
  Try 'nix --help' for more information.
2020-04-29 15:50:59 +02:00
Antoine Eiche ca93b26db6 Only call grantpt on MacOS systems
The commit 3cc1125595 adds a `grantpt`
call on the builder pseudo terminal fd. This call is actually only
required for MacOS, but it however requires a RW access to /dev/pts
which is only RO bindmounted in the Bazel Linux sandbox. So, Nix can
not be actually run in the Bazel Linux sandbox for unneeded reasons.
2020-04-29 15:43:20 +02:00
Eelco Dolstra 70bcd6a55c Evaluation cache: Don't barf in read-only mode
Fixes

  $ nix copy
  warning: Git tree '/home/eelco/Dev/nix-flake' is dirty
  nix: src/nix/installables.cc:348: std::tuple<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, nix::FlakeRef, nix::InstallableValue::DerivationInfo> nix::InstallableFlake::toDerivation(): Assertion `state->store->isValidPath(drvPath)' failed.
  Aborted (core dumped)
2020-04-29 15:42:53 +02:00
Guillaume Bouchard 5a34a473dd builtins.readFile: do not truncate content
This closes #3026 by allowing `builtins.readFile` to read a file with a
wrongly reported file size, for example, files in `/proc` may report a
file size of 0. Reading file in `/proc` is not a good enough motivation,
however I do think it just makes nix more robust by allowing more file
to be read.  Especially, I do considerer the previous behavior to be
dangerous because nix was previously reading truncated files. Examples
of file system which incorrectly report file size may be network file
system or dynamic file system (for performance reason, a dynamic file
system such as FUSE may generate the content of the file on demand).

```
nix-repl> builtins.readFile "/proc/version"
""
```

With this commit:

```
nix-repl> builtins.readFile "/proc/version"
"Linux version 5.6.7 (nixbld@localhost) (gcc version 9.3.0 (GCC)) #1-NixOS SMP Thu Apr 23 08:38:27 UTC 2020\n"
```

Here is a summary of the behavior changes:

- If the reported size is smaller, previous implementation
was silently returning a truncated file content. The new implementation
is returning the correct file content.

- If a file had a bigger reported file size, previous implementation was
failing with an exception, but the new implementation is returning the
correct file content. This change of behavior is coherent with this pull
request.

Open questions

- The behavior is unchanged for correctly reported file size, however
performances may vary because it uses the more complex sink interface.
Considering that sink is used a lot, I don't think this impacts the
performance a lot.
- `builtins.readFile` on an infinite file, such as `/dev/random` may
fill the memory.
- it does not support adding file to store, such as `${/proc/version}`.
2020-04-29 14:50:52 +02:00
Eelco Dolstra 5ada0831cf Merge remote-tracking branch 'origin/master' into flakes 2020-04-29 13:32:27 +02:00
Ben Burdette 22e6490311 Error classname as name 2020-04-28 21:06:08 -06:00
Eelco Dolstra 06849c3090
Merge pull request #3542 from mkenigs/gcroots
Set GCROOT to store path to prevent garbage collection
2020-04-28 21:04:06 +02:00
Matthew Kenigsberg 6d40fe573c rename to NIX_GCROOT 2020-04-28 11:18:54 -06:00
Eelco Dolstra 52a3ca823d Tweak warning message 2020-04-28 17:56:01 +02:00
Eelco Dolstra 6a8cba83bb Merge branch 'nix-env-warn-unmatched' of https://github.com/lheckemann/nix 2020-04-28 17:45:25 +02:00
Ben Burdette e51a757720 astyle format 2020-04-27 15:15:08 -06:00
Eelco Dolstra 6521c92ce8 Improve path:// handling
In particular, doing 'nix build /path/to/dir' now works if
/path/to/dir is not a Git tree (it only has to contain a flake.nix
file).

Also, 'nix flake init' no longer requires a Git tree (but it will do a
'git add flake.nix' if it's a Git tree)
2020-04-27 22:53:11 +02:00
Eelco Dolstra 829dcb35d5 flake-template.nix: Add defaultPackage 2020-04-27 22:52:49 +02:00
Alyssa Ross c05e20daa1
Fix long paths permanently breaking GC
Suppose I have a path /nix/store/[hash]-[name]/a/a/a/a/a/[...]/a,
long enough that everything after "/nix/store/" is longer than 4096
(MAX_PATH) bytes.

Nix will happily allow such a path to be inserted into the store,
because it doesn't look at all the nested structure.  It just cares
about the /nix/store/[hash]-[name] part.  But, when the path is deleted,
we encounter a problem.  Nix will move the path to /nix/store/trash, but
then when it's trying to recursively delete the trash directory, it will
at some point try to unlink
/nix/store/trash/[hash]-[name]/a/a/a/a/a/[...]/a.  This will fail,
because the path is too long.  After this has failed, any store deletion
operation will never work again, because Nix needs to delete the trash
directory before recreating it to move new things to it.  (I assume this
is because otherwise a path being deleted could already exist in the
trash, and then moving it would fail.)

This means that if I can trick somebody into just fetching a tarball
containing a path of the right length, they won't be able to delete
store paths or garbage collect ever again, until the offending path is
manually removed from /nix/store/trash.  (And even fixing this manually
is quite difficult if you don't understand the issue, because the
absolute path that Nix says it failed to remove is also too long for
rm(1).)

This patch fixes the issue by making Nix's recursive delete operation
use unlinkat(2).  This function takes a relative path and a directory
file descriptor.  We ensure that the relative path is always just the
name of the directory entry, and therefore its length will never exceed
255 bytes.  This means that it will never even come close to AX_PATH,
and Nix will therefore be able to handle removing arbitrarily deep
directory hierachies.

Since the directory file descriptor is used for recursion after being
used in readDirectory, I made a variant of readDirectory that takes an
already open directory stream, to avoid the directory being opened
multiple times.  As we have seen from this issue, the less we have to
interact with paths, the better, and so it's good to reuse file
descriptors where possible.

I left _deletePath as succeeding even if the parent directory doesn't
exist, even though that feels wrong to me, because without that early
return, the linux-sandbox test failed.

Reported-by: Alyssa Ross <hi@alyssa.is>
Thanks-to: Puck Meerburg <puck@puckipedia.com>
Tested-by: Puck Meerburg <puck@puckipedia.com>
Reviewed-by: Puck Meerburg <puck@puckipedia.com>
2020-04-27 20:50:17 +00:00
Matthew Kenigsberg 9e95b95a5d comment 2020-04-27 13:18:26 -06:00
Matthew Kenigsberg a3bc695e7d Set GCROOT to store path to prevent garbage collection 2020-04-27 11:22:20 -06:00
Eelco Dolstra b51dff431c Improve error message when an argument is not a flake 2020-04-27 18:55:20 +02:00
Eelco Dolstra b4e23dcd9e nix search: Search legacyPackages recursively 2020-04-27 16:29:26 +02:00
Ben Burdette 1ff42722ce error.hh 2020-04-26 14:47:41 -06:00