Commit graph

8497 commits

Author SHA1 Message Date
Eelco Dolstra
c5c0617d6f Mention --no-sandbox if sandboxing is unsupported 2023-02-07 22:59:46 +01:00
Eelco Dolstra
4e61877b5c More #ifdef 2023-02-07 22:51:53 +01:00
Eelco Dolstra
d834de2894 Fix macOS build 2023-02-07 22:51:53 +01:00
Eelco Dolstra
bc1d9fd8b5 Check whether we can use PID namespaces
In unprivileged podman containers, /proc is not fully visible (there
are other filesystems mounted on subdirectories of /proc). Therefore
we can't mount a new /proc in the sandbox that matches the PID
namespace of the sandbox. So this commit automatically disables
sandboxing if /proc is not fully visible.
2023-02-07 22:51:53 +01:00
Eelco Dolstra
fb2f7f5dcc Fix auto-uid-allocation in Docker containers
This didn't work because sandboxing doesn't work in Docker. However,
the sandboxing check is done lazily - after clone(CLONE_NEWNS) fails,
we retry with sandboxing disabled. But at that point, we've already
done UID allocation under the assumption that user namespaces are
enabled.

So let's get rid of the "goto fallback" logic and just detect early
whether user / mount namespaces are enabled.

This commit also gets rid of a compatibility hack for some ancient
Linux kernels (<2.13).
2023-02-07 22:51:53 +01:00
Eelco Dolstra
7a6daf61e8 Fix activity message 2023-02-07 22:22:50 +01:00
Eelco Dolstra
a8fe0dc16c Speed up fetching submodules
Previously we would completely refetch the submodules from the
network, even though the repo might already have them. Now we copy the
.git/modules directory from the repo as an optimisation. This speeds
up evaluating

  builtins.fetchTree { type = "git"; url = "/path/to/blender"; submodules = true; }

(where /path/to/blender already has the needed submodules) from 121s
to 57s.

This is still pretty inefficient and a hack, but a better solution is
best done on the lazy-trees branch.

This change also help in the case where the repo already has the
submodules but the origin is unfetchable for whatever reason
(e.g. there have been cases where Nix in a GitHub action doesn't have
the right authentication set up).
2023-02-07 16:01:36 +01:00
Eelco Dolstra
2edd5cf618 Fix the origin URL used for fetching submodules
We cannot use 'actualUrl', because for file:// repos that's not the
original URL that the repo was fetched from. This is a problem since
submodules may be relative to the original URL.

Fixes e.g.

  nix eval --impure --json --expr 'builtins.fetchTree { type = "git"; url = "/path/to/blender"; submodules = true; }'

where /path/to/blender is a clone of
https://github.com/blender/blender.git (which has several relative
submodules like '../blender-addons.git').
2023-02-07 16:01:36 +01:00
Eelco Dolstra
81e75e4bf6 Add some progress indication when fetching submodules 2023-02-07 16:01:36 +01:00
631ba6442a
build-remote: store maxBuildJobs before forcing it to 1 2023-02-07 12:08:00 +01:00
3050005211
build-remote: don't warn when all local build slots are taken
Previously, build-remote would show a warning if all build slots were
taken, even if they would open up later. This caused a lot of spam in
the logs. Disable this warning when maxJobs > 0.

See #6263
2023-02-06 17:53:03 +01:00
John Ericson
44bea52ae3 Scope down --derivation to just the commands that use it
Per the old FIXME, this flag was on too many commands, and mostly
ignored. Now it is just on the commands where it actually has an effect.

Per https://github.com/NixOS/nix/issues/7261, I would still like to get
rid of it entirely, but that is a separate project. This change should
be good with or without doing that.
2023-02-04 18:30:02 -05:00
John Ericson
45fa297e40 Factor out InstallableStorePath to its own file, dedup
`nix app` had something called `InstallableDerivedPath` which is
actually the same thing. We go with the later's name because it has
become more correct.

I originally did this change (more hurriedly) as part of #6225 --- a
mini store-only Nix and a full Nix need to share this code. In the first
RFC meeting for https://github.com/NixOS/rfcs/pull/134 we discussed how
some splitting of the massive `installables.cc` could begin prior, as
that is a good thing anyways. (@edolstra's words, not mine!) This would
be one such PR.
2023-02-03 11:26:39 -05:00
f20d3726dd advertise transport encoding in http transfers to
tl;dr: With this 1 line change I was able to get a speedup of 1.5x on 1Gbit/s
wan connections by enabling zstd compression in nginx.

Also nix already supported all common compression format for http
transfer, webservers usually only enable them if they are advertised
through the Accept-Encoding header.

This pull requests makes nix advertises content compression support for
zstd, br, gzip and deflate.

It's particular useful to add transparent compression for binary caches
that serve packages from the host nix store in particular nix-serve,
nix-serve-ng and harmonia.

I tried so far gzip, brotli and zstd, whereas only zstd was able to bring
me performance improvements for 1Gbit/s WAN connections.

The following nginx configuration was used in combination with the
[zstd module](https://github.com/tokers/zstd-nginx-module) and
[harmonia](https://github.com/nix-community/harmonia/)

```nix
{
  services.nginx.virtualHosts."cache.yourhost.com" = {
    locations."/".extraConfig = ''
      proxy_pass http://127.0.0.1:5000;
      proxy_set_header Host $host;
      proxy_redirect http:// https://;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection $connection_upgrade;

      zstd on;
      zstd_types application/x-nix-archive;
    '';
  };
}
```

For testing I unpacked a linux kernel tarball to the nix store using
this command `nix-prefetch-url --unpack https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.1.8.tar.gz`.

Before:

```console
$ nix build && rm -rf /tmp/hello  && time ./result/bin/nix copy --no-check-sigs --from https://cache.thalheim.io --to 'file:///tmp/hello?compression=none' '/nix/store/j42mahch5f0jvfmayhzwbb88sw36fvah-linux-6.1.8.tar.gz'
warning: Git tree '/scratch/joerg/nix' is dirty

real    0m18,375s
user    0m2,889s
sys     0m1,558s
```

After:

```console
$ nix build && rm -rf /tmp/hello  && time ./result/bin/nix copy --no-check-sigs --from https://cache.thalheim.io --to 'file:///tmp/hello?compression=none' '/nix/store/j42mahch5f0jvfmayhzwb
b88sw36fvah-linux-6.1.8.tar.gz'

real    0m11,884s
user    0m4,130s
sys     0m1,439s
```

Signed-off-by: Jörg Thalheim <joerg@thalheim.io>

Update src/libstore/filetransfer.cc

Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2023-02-03 12:33:38 +00:00
Eelco Dolstra
dbe0748f97
Merge pull request #7739 from obsidiansystems/user-settings
Move `trustedUsers` and `allowedUsers` to separate config struct
2023-02-03 11:55:37 +01:00
John Ericson
a47e055e09 Move trustedUsers and allowedUsers to separate config struct
These settings are not needed for libstore at all, they are just used by
the nix daemon *command* for authorization on unix domain sockets. My
moving them to a new configuration struct just in that file, we avoid
them leaking anywhere else.

Also, it is good to break up the mammoth `Settings` struct in general.
Issue #5638 tracks this.

The message is not changed because I do not want to regress in
convenience to the user. Just saying "this connection is not trusted"
doesn't tell them out to fix the issue. The ideal thing to do would be
to somehow parameterize `processCommand` on how the error should be
displayed, so different sorts of connections can display different
information to the user based on how authentication is performed for the
connection in question. This, however, is a good bit more work, so it is
left for the future.

This came up with me thinking about the tcp:// store (#5265). The larger
project is not TCP *per se*, but the idea that it should be possible for
something else to manage access control to services like the Nix Daemon,
and those services simply trust or trust the incoming connection as they
are told. This is a more capability-oriented way of thinking about trust
than "every server implements its own auth separately" as we are used to today.

Its very great that libstore itself already implements just this model,
and so via this refactor I basically want to "enshrine" that so it
continues to be the case.
2023-02-02 14:17:24 -05:00
John Ericson
479c011784 Get rid of the authHook parameter on processConnection
This is (morally) dead code.

As @edolstra pointed out in
https://github.com/NixOS/nix/pull/5226#discussion_r1073470813, this is
no longer needed.

I created this in 8d4162ff9e, so it is
fitting that I now destroy it :).
2023-02-02 12:02:03 -05:00
Eelco Dolstra
b574c70ccb
Merge pull request #7736 from shlevy/plugin-files-daemon
Don't send plugin-files to the daemon.
2023-02-02 12:35:51 +01:00
Shea Levy
895c525d04
daemon: Warn on old clients passing unexpected plugin-files.
The setting itself was already ignored due to exception trying to set pluginFiles.
2023-02-02 06:03:45 -05:00
Shea Levy
92edc38369
Don't send plugin-files to the daemon.
This is radically unsafe and the daemon has already loaded its plugins
anyway.

Fixes cachix/devenv#276
2023-02-01 20:05:56 -05:00
Jamie Quigley
32ca59649b
nix-shell: Colour the prompt red if the user is root
This matches the nixos prompt colours - green for standard user, red for
root
2023-02-01 20:50:44 +00:00
Eelco Dolstra
e8ca49f6ef Fix clang compilation 2023-02-01 20:34:44 +01:00
Eelco Dolstra
57a4258426 Remove an unused capture 2023-02-01 20:27:35 +01:00
Eelco Dolstra
7a09bfbcb6
Merge pull request #7723 from yorickvP/nix-store-ping-json
nix store ping: add --json flag
2023-02-01 17:11:34 +01:00
Théophane Hufschmitt
518da6c6a3
Merge pull request #7716 from obsidiansystems/small-storePath-cleanups
Separate `path.hh` from `content-address.hh`
2023-02-01 16:00:28 +01:00
Eelco Dolstra
b55a946d8d
Merge pull request #7717 from obsidiansystems/delete-dead-code
Delete dead code
2023-02-01 15:57:04 +01:00
Théophane Hufschmitt
e32c5c2c77
Merge pull request #7667 from dramforever/flake-search-attr
Better error message for nix search when attr is not found
2023-02-01 15:56:22 +01:00
Eelco Dolstra
845b7f067d
Merge pull request #7726 from hercules-ci/flake-show-when-empty-hide
nix flake show: Ignore empty attrsets
2023-02-01 15:49:13 +01:00
Eelco Dolstra
14b0b9ea5a
Merge pull request #7203 from graham33/feature/cpp20
Proposal: Use C++20
2023-02-01 15:41:04 +01:00
60d48eda23 nix flake show: Ignore empty attrsets
For frameworks it's important that structures are as lazy as possible
to prevent infinite recursions, performance issues and errors that
aren't related to the thing to evaluate. As a consequence, they have
to emit more attributes than strictly (sic) necessary.
However, these attributes with empty values are not useful to the user
so we omit them.
2023-01-31 18:20:26 +01:00
4f4a6074e4
nix store ping: try to print json if connect() fails aswell 2023-01-31 15:10:39 +01:00
28648ed784
nix store ping: add --json flag 2023-01-31 13:24:23 +01:00
Robert Hensing
c9b9260f34
Merge pull request #7713 from obsidiansystems/more-rapid-check
Add more property tests
2023-01-30 18:54:53 +01:00
John Ericson
e21aa43212 Delete dead code
The references set seems to have been unused since `LegacySSHStore`
references were first created in
caa5793b4a.

The method decls never were upstream, and accidentally added by me in
062533f7cd (probably due to `git rerere`).
Sorry!

This reduces the diff from #3746.
2023-01-30 11:29:01 -05:00
dramforever
6b779e4b07 Fix extra "." in CmdSearch::getDefaultFlakeAttrPaths
No other getDefaultFlakeAttrPaths implementation has this trailing dot,
and the dot can show up in error messages like:

  error: flake '...' does not provide attribute 'packages.x86_64-linux.', ...
2023-01-31 00:04:05 +08:00
dramforever
377d5eb388 Installable::getCursors: Cleanup
- Clarify doc comments, Installables::getCursors returns non-empty
  vector
- Use vector::at in Installable::getCursor instead of checking for empty
  vector and throwing an exception with error message.
2023-01-31 00:04:05 +08:00
dramforever
b26562c629 InstallableFlake: Handle missing attr in getCursors
Handle the case where none of getActualAttrPaths() actually exists,
in which case instead of returning an empty vector.

This fixes the case where the user misspells the attribute name in nix
search. Instead of getting no search results, now it shows an error with
suggestions.

Also remove InstallableFlake::getCursor() override since it's now
equivalent to the base class version.
2023-01-30 23:59:09 +08:00
John Ericson
560142fec0 Make per-variant Arbitrary impls too
This is a nice idea that @roberth requested. If we could factor our a
generic `std::variant` impl as a follow-up it would be even better!
2023-01-30 10:56:00 -05:00
John Ericson
02e745ba5b Separate path.hh from content-address.hh
It is good to separate concerns; `StorePath` (in general) has nothing to
do with `ContentAddress` anyways.

This reduces the diff from #3746.
2023-01-30 10:14:03 -05:00
John Ericson
f3e272ba02 Avoid some StorePath <-> Path round trips
Avoid needless work and throwing away invariants.

These conversions date back to when `StorePath` was in Rust and there
were issues with it missing utility methods.
2023-01-30 09:37:57 -05:00
Eelco Dolstra
c79b1582a7
Merge pull request #5226 from NixOS/client-side-profiles
Move the default profiles to the user’s home
2023-01-30 12:21:47 +01:00
Théophane Hufschmitt
575d0aea5d
Merge pull request #6988 from max-privatevoid/pr-flake-show-foreign
nix flake show: don't evaluate derivations for foreign systems by default
2023-01-30 12:06:37 +01:00
Théophane Hufschmitt
de1b593233
Merge pull request #7087 from ncfavier/referenceablePaths
Self-contained outputs
2023-01-30 11:06:54 +01:00
Théophane Hufschmitt
7cd08ae379
Merge pull request #7645 from typetetris/fix-url-parsing-file-as-application-scheme
Fix url parsing for urls using `file+`
2023-01-30 10:42:03 +01:00
Théophane Hufschmitt
4aaf0ee52e
Merge branch 'master' into referenceablePaths 2023-01-30 10:31:00 +01:00
Théophane Hufschmitt
d70b890488
Merge pull request #7689 from ncfavier/nix-path-restrict-eval
getDefaultNixPath: actually respect `{restrict,pure}-eval`
2023-01-30 10:03:17 +01:00
John Ericson
ecd3e4ebd7 More property tests
Also put proper comparison methods on `DerivedPath` and
`NixStringContextElem`, which is needed for the tests but good in
general.
2023-01-29 17:09:59 -05:00
John Ericson
ec0c0efec6 Allow unit test infra to be reused across libs' tests
This allows using Arbitrary "instances" defined in libstore-tests in
libexpr-tests, something we will leverage in a moment.
2023-01-29 13:52:57 -05:00
Max
02e81cdf62 apply showAllSystems to legacyPackages as well 2023-01-27 23:59:48 +01:00
Naïm Favier
dba9173a1d
Document default nix-path value 2023-01-27 15:25:07 +01:00
Naïm Favier
1cba5984a6
getDefaultNixPath: actually respect {restrict,pure}-eval
Previously, getDefaultNixPath was called too early: at initialisation
time, before CLI and config have been processed, when `restrictEval` and
`pureEval` both have their default value `false`. Call it when
initialising the EvalState instead, and use `setDefault`.
2023-01-27 13:28:57 +01:00
Théophane Hufschmitt
ab424a39a9 Merge remote-tracking branch 'nixos/master' into pr-flake-show-foreign 2023-01-27 09:46:46 +01:00
Solène Rapenne
6b2729c81e improve documentation about substituters and trusted users
Co-authored-by: Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
2023-01-26 09:56:44 +01:00
Solène Rapenne
64951d9125 Update src/libstore/daemon.cc
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-01-26 09:34:25 +01:00
Solène Rapenne
a96156c58f warnings: enhance the case of untrusted substituter for untrusted user 2023-01-26 09:34:25 +01:00
Guillaume Maudoux
734c5fdcd6 Fix 'destructor called on non-final ...' warning
clangStdenv compiles with a single warning:

```
warning: destructor called on non-final 'nix::PosAdapter' that has virtual functions but non-virtual destructor [-Wdelete-non-abstract-non-virtual-dtor]
```

This fixes the warning by making the destructor of PosAdapter virtual,
deffering to the correct destructor from the concrete child classes.
This has no impact in the end, as none of these classes have specific
destructors.

Technicaly, it may be faster not to have this indirection, but as per
the warning, there is only one place where we have to delete abstract
PosAdapter values.

Not worth bikesheding I guess.
2023-01-24 16:37:50 +01:00
Eelco Dolstra
f503ba1b8b
Merge pull request #7595 from cole-h/show-setting-value
nix/show-config: allow getting the value of a specific setting
2023-01-23 17:56:39 +01:00
Robert Hensing
9b56683398
Merge pull request #7447 from aakropotkin/read-file-type
Read file type
2023-01-23 17:37:22 +01:00
Robert Hensing
0a9acefeb5
Merge pull request #7657 from obsidiansystems/fix-7655
Fix #7655
2023-01-23 15:42:59 +01:00
John Ericson
018e2571aa Test store paths, with property tests
The property test in fact found a bug: we were excluding numbers!
2023-01-23 07:05:50 -05:00
John Ericson
685395332d Better-scope Store forward declarations 2023-01-23 07:05:50 -05:00
John Ericson
7fe308c2f8 Add rapidcheck dependency for testing
Property tests are great!

Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2023-01-23 07:05:50 -05:00
Alex Ameen
153ee460c5 primop: add readFileType, optimize readDir
Allows checking directory entry type of a single file/directory.

This was added to optimize the use of `builtins.readDir` on some
filesystems and operating systems which cannot detect this information
using POSIX's `readdir`.

Previously `builtins.readDir` would eagerly use system calls to lookup
these filetypes using other interfaces; this change makes these
operations lazy in the attribute values for each file with application
of `builtins.readFileType`.
2023-01-22 13:45:02 -06:00
John Ericson
0afdf4084c Fix #7655
We had some local variables left over from the older (more
complicated) implementation of this function. They should all be unused,
but one wasn't by mistake.

Delete them all, and replace the one that was still in use as intended.
2023-01-21 23:55:06 -05:00
Guillaume Maudoux
a0642305ab
Use complete '__toString' attribute name
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-01-20 13:06:00 +01:00
Guillaume Maudoux
ee4b849b17
Fix unreachable error message
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-01-20 13:01:03 +01:00
Eric Wolf
4d50995eff Fix url parsing for urls using file+
`file+https://example.org/test.mp4` should not be rejected with
`unexpected authority`.
2023-01-20 10:31:26 +01:00
Guillaume Maudoux
a9fa2c758b Always display addErrorContext messages in (expanded) traces 2023-01-19 14:14:19 +01:00
Guillaume Maudoux
6228b6b950 Discuss re-entrant errors and design 2023-01-19 14:12:26 +01:00
Guillaume Maudoux
ca7c5e08c1 Add tests for error traces, and fixes 2023-01-19 14:10:56 +01:00
Guillaume Maudoux
e4726a0c79 Revert "Revert "Merge pull request #6204 from layus/coerce-string""
This reverts commit 9b33ef3879.
2023-01-19 13:23:04 +01:00
Eelco Dolstra
0510aa40a3
Merge pull request #7631 from edolstra/output-names
OutputSpec: Allow all valid output names
2023-01-18 17:09:15 +01:00
Eelco Dolstra
75c89c3e5e Add test for OutputsSpec::Names
From @Ericson2314.
2023-01-18 16:34:37 +01:00
Eelco Dolstra
95cfd50d25 OutputSpec: Allow all valid output names
Fixes #7624.
2023-01-18 14:14:29 +01:00
Eelco Dolstra
01f268322a Restore support for channel: URLs in fetchTarball
Fixes #7625.
2023-01-18 12:57:03 +01:00
9b33ef3879 Revert "Merge pull request #6204 from layus/coerce-string"
This reverts commit a75b7ba30f, reversing
changes made to 9af16c5f74.
2023-01-18 01:34:07 +01:00
John Ericson
3965b0f75f Try again to fix aarch64-linux build failure
f419ab48e6 was on the right track, but
there are a few more missing `raw()` calls to fix.
2023-01-17 09:14:17 -05:00
Taeer Bar-Yam
b2752a4f74 add comments 2023-01-17 08:28:56 -05:00
Théophane Hufschmitt
6bdf4edb77 Keep the default profile the same
It's used as the “system” profile in a bunch of places, so better not
touch it. Besides, it doesn't hurt to keep it since it's owned by root
any way, so it doesn't have the `chown` problem that the user profiles
had and that led to wanting to move them on the client-side.
2023-01-17 14:17:28 +01:00
Théophane Hufschmitt
c80621dbac Don't try to migrate existing profiles
Doing so would be more dangerous than useful, better leave them as-is if
they already exist
2023-01-17 14:17:28 +01:00
Théophane Hufschmitt
0601050755 Migrate the old profiles to the new location
Make sure that we don’t just create the new profiles directory, but that
we also migrate every existing profile to it.
2023-01-17 14:17:28 +01:00
Théophane Hufschmitt
a5919f4754 Move the default profiles to the user’s home
Rather than using `/nix/var/nix/{profiles,gcroots}/per-user/`, put the user
profiles and gcroots under `$XDG_DATA_DIR/nix/{profiles,gcroots}`.

This means that the daemon no longer needs to manage these paths itself
(they are fully handled client-side). In particular, it doesn’t have to
`chown` them anymore (removing one need for root).

This does change the layout of the gc-roots created by nix-env, and is
likely to break some stuff, so I’m not sure how to properly handle that.
2023-01-17 14:17:28 +01:00
Eelco Dolstra
9a32f77a95
Merge pull request #7606 from hercules-ci/recognize-some-flake-attributes
flake check: Recognize well known community attributes
2023-01-17 13:27:30 +01:00
4e7592b593 flake check: Recognize well known community attributes
This avoids warning fatigue, making `nix flake check` more effective.
2023-01-16 20:16:45 +01:00
Eelco Dolstra
1df3d62c76
Merge pull request #7585 from NixOS/macos-disconnect
MonitorFdHup: Make it work on macOS again
2023-01-16 13:30:15 +01:00
John Ericson
f419ab48e6 Try to fix build failure
Failure: https://hydra.nixos.org/build/205357257/nixlog/1

The problem seems to be trying to `std::visit` a derived class of
`std::variant`. Per
https://stackoverflow.com/questions/63616709/incomplete-type-stdvariant-used-in-nested-name-specifier
certain C++ standard library implementations allow this, but others do
not.

The solution is simply to call the `raw` method, which upcasts the
reference back to the `std::variant`.
2023-01-15 15:16:14 -05:00
John Ericson
a416476217 Move ValidPathInfo defintions to path-info.cc
Originally there was no `path-info.*`, then there was `path-info.hh`,
then there was `path-info.cc`, but only for new things. Moving this
stuff over makes everything consistent.
2023-01-13 15:39:19 -05:00
Robert Hensing
fec527bba1
Merge pull request #7597 from tweag/move-implem-bit-to-implem-file
Move the `getBuildLog` implementation to its own implementation file
2023-01-13 20:16:33 +01:00
Robert Hensing
d21f54958e
Merge pull request #6815 from obsidiansystems/better-wanted-outputs
`OutputSpec` for `DerivationGoal` and `DerivedPath`, today's `OutputSpec` -> `ExtendedOutputSpec`
2023-01-13 16:03:12 +01:00
Théophane Hufschmitt
b8a0e9a9b8 Move the getBuildLog implementation to its own implementation file
Keep the header minimal and clean
2023-01-13 11:05:44 +01:00
Théophane Hufschmitt
bdeb6de889
Merge pull request #7430 from tweag/ca/fix-nix-log
Ca/fix nix log
2023-01-13 11:00:56 +01:00
John Ericson
d8512653d4 Write more (extended) output spec tests 2023-01-12 22:05:55 -05:00
John Ericson
d29eb08563 Assert on construction that OutputsSpec::Names is non-empty 2023-01-12 20:52:29 -05:00
John Ericson
e947aa5401 Unit test OuputsSpec::{union_, isSubsetOf} 2023-01-12 20:33:50 -05:00
John Ericson
31875bcfb7 Split OutputsSpec::merge into OuputsSpec::{union_, isSubsetOf}
Additionally get rid of the evil time we made an empty
`OutputSpec::Names()`.
2023-01-12 20:20:27 -05:00
Cole Helbling
1fc74afbba nix/show-config: allow getting the value of a specific setting
Instead of needing to run `nix show-config --json | jq -r
'."warn-dirty".value'` to view the value of `warn-dirty`, you can now
run `nix show-config warn-dirty`.
2023-01-12 13:56:35 -08:00
Théophane Hufschmitt
eaa20f2574
Merge pull request #7590 from fricklerhandwerk/remove-unnecessary-cast
remove unncessary cast
2023-01-12 14:00:43 +01:00
Valentin Gagarin
48b2a3a0d0 remove unncessary cast 2023-01-12 13:23:32 +01:00
John Ericson
0faf5326bd Improve tests for OutputsSpec 2023-01-11 19:09:21 -05:00
John Ericson
5ba6e5d0d9 Remove default constructor from OutputsSpec
This forces us to be explicit.

It also requires to rework how `from_json` works. A `JSON_IMPL` is added
to assist with this.
2023-01-11 19:08:19 -05:00
John Ericson
114a6e2b09 Make it hard to construct an empty OutputsSpec::Names
This should be a non-empty set, and so we don't want people doing this
by accident. We remove the zero-0 constructor with a little inheritance
trickery.
2023-01-11 19:08:19 -05:00
John Ericson
8a3b1b7ced Simplify and document store path installable parsing 2023-01-11 19:08:19 -05:00
John Ericson
ce2f91d356 Split OutputsSpec and ExtendedOutputsSpec, use the former more
`DerivedPath::Built` and `DerivationGoal` were previously using a
regular set with the convention that the empty set means all outputs.
But it is easy to forget about this rule when processing those sets.
Using `OutputSpec` forces us to get it right.
2023-01-11 18:57:18 -05:00
John Ericson
a7c0cff07f Rename OutputPath -> ExtendedOutputPath
Do this prior to making a new more limitted `OutputPath` we will use in
more places.
2023-01-11 18:55:29 -05:00
John Ericson
a8f45b5e5a Improve OutputsSpec slightly
A few little changes preparing for the rest.
2023-01-11 18:54:50 -05:00
Eelco Dolstra
9fc8d00d74 MonitorFdHup: Make it work on macOS again
It appears that on current macOS versions, our use of poll() to detect
client disconnects no longer works. As a workaround, poll() for
POLLRDNORM, since this *will* wake up when the client has
disconnected. The downside is that it also wakes up when input is
available. So just sleep for a bit in that case.  This means that on
macOS, a client disconnect may take up to a second to be detected,
but that's better than not being detected at all.

Fixes #7584.
2023-01-11 10:48:40 -08:00
Eelco Dolstra
7515617ad0 Backport getLine tests from lazy-trees 2023-01-11 13:49:39 +01:00
Théophane Hufschmitt
a3ba80357d
Merge pull request #7543 from obsidiansystems/typed-string-context
Parse string context elements properly
2023-01-11 07:09:37 +01:00
Robert Hensing
f58c301112
Merge pull request #7541 from hercules-ci/check-manual-links
Check links in the manual
2023-01-10 23:07:38 +01:00
Robert Hensing
fefa3a49ce doc/manual: Apply suggestions from code review
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-01-10 22:30:41 +01:00
e79f935718 doc/manual: Fix broken internal links
The targets I could find.
2023-01-10 22:30:41 +01:00
34a1e0d29b doc/manual: Introduce @docroot@ as a stable base for includable snippets
This way the links are clearly within the manual (ie not absolute paths),
while allowing snippets to reference the documentation root reliably,
regardless of at which base url they're included.
2023-01-10 22:30:41 +01:00
John Ericson
5576d5e987 Parse string context elements properly
Prior to this change, we had a bunch of ad-hoc string manipulation code
scattered around. This made it hard to figure out what data model for
string contexts is.

Now, we still store string contexts most of the time as encoded strings
--- I was wary of the performance implications of changing that --- but
whenever we parse them we do so only through the
`NixStringContextElem::parse` method, which handles all cases. This
creates a data type that is very similar to `DerivedPath` but:

 - Represents the funky `=<drvpath>` case as properly distinct from the
   others.

 - Only encodes a single output, no wildcards and no set, for the
   "built" case.

(I would like to deprecate `=<path>`, after which we are in spitting
distance of `DerivedPath` and could maybe get away with fewer types, but
that is another topic for another day.)
2023-01-10 13:10:49 -05:00
John Ericson
da64f026dd Make clear that StorePathWithOutputs is a deprecated type
- Add a comment

- Put `OutputsSpec` in a different header (First part of #6815)

- Make a few stray uses of it in new code use `DerivedPath` instead.
2023-01-10 11:27:19 -05:00
Eelco Dolstra
59cc920cc0 Add a FIXME 2023-01-10 15:20:30 +01:00
Eelco Dolstra
7f1af270dd Clean up toDerivedPaths() logic 2023-01-10 15:08:46 +01:00
Eelco Dolstra
1123c42f90
Apply suggestions from code review
Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2023-01-10 14:57:35 +01:00
Eelco Dolstra
b4dc68f0be Show string in error message 2023-01-10 14:56:03 +01:00
Eelco Dolstra
b80e4b57da ExtraInfo -> ExtraPathInfo 2023-01-10 14:52:49 +01:00
Eelco Dolstra
8e923bf4c5 Merge remote-tracking branch 'origin/master' into fix-7417 2023-01-10 14:35:06 +01:00
Will Bush
05b13aff3d
Fix typo in example for builtin function map 2023-01-06 23:04:43 -06:00
Théophane Hufschmitt
8d88c3b347
Merge pull request #7307 from hercules-ci/derivation-goal-improve-comment
libstore/derivation-goal: Elaborate a TODO for performance concern
2023-01-06 13:07:57 +01:00
Eelco Dolstra
420ccecc1e
Merge pull request #7557 from NixOS/fix-7529
On macOS with auto-uid-allocation and sandboxing, use the correct gid
2023-01-06 12:35:55 +01:00
Naïm Favier
f1ee4ece80
Don't check NixOS modules
NixOS modules can be paths. Rather than dig further down into the layer
violation, don't check anything specific to NixOS modules.
2023-01-05 18:23:30 +01:00
Eelco Dolstra
3a98107170
Merge pull request #7542 from edolstra/gc-deadlock
Fix deadlock between auto-GC and addTempRoot()
2023-01-05 17:08:23 +01:00
Eelco Dolstra
0fe2b222d5
Merge pull request #7539 from tweag/fix-nix-why-depends--derivation
Fix `nix why-depends --derivation`
2023-01-05 15:32:04 +01:00
Eelco Dolstra
4e84b532ed On macOS with auto-uid-allocation and sandboxing, use the correct gid
macOS doesn't have user namespacing, so the gid of the builder needs
to be nixbld. The logic got "has sandboxing enabled" confused with
"has user namespaces".

Fixes #7529.
2023-01-05 04:58:55 -08:00
Eelco Dolstra
6991e558dd Move macOS sandbox files to sr/libstore/build 2023-01-04 04:50:45 -08:00
Eelco Dolstra
609a7dc059 Include macOS sandbox files in the Nix binary
This basically reverts 6e5165b773.
It fixes errors like

  sandbox-exec: <internal init prelude>:292:47: unable to open sandbox-minimal.sb: not found

when trying to run a development Nix installed in a user's home
directory.

Also, we're trying to minimize the number of installed files
to make it possible to deploy Nix as a single statically-linked
binary.
2023-01-04 04:36:07 -08:00
Naïm Favier
3c968191f1
move unsafeDiscardReferences out of outputChecks
It's not a check.
2023-01-03 18:53:01 +01:00
Eelco Dolstra
d4d1ca8b11 nix --version: Print the data directory 2023-01-03 08:30:49 -08:00
Naïm Favier
15f7fa59be
unsafeDiscardReferences
Adds a new boolean structured attribute
`outputChecks.<output>.unsafeDiscardReferences` which disables scanning
an output for runtime references.

    __structuredAttrs = true;
    outputChecks.out.unsafeDiscardReferences = true;

This is useful when creating filesystem images containing their own embedded Nix
store: they are self-contained blobs of data with no runtime dependencies.

Setting this attribute requires the experimental feature
`discard-references` to be enabled.
2023-01-03 17:19:16 +01:00
Eelco Dolstra
28d5b5cd45 Fix deadlock between auto-GC and addTempRoot()
Previously addTempRoot() acquired the LocalStore state lock and waited
for the garbage collector to reply. If the garbage collector is in the
same process (as it the case with auto-GC), this would deadlock as
soon as the garbage collector thread needs the LocalStore state lock.

So now addTempRoot() uses separate Syncs for the state that it
needs. As long at the auto-GC thread doesn't call addTempRoot() (which
it shouldn't), it shouldn't deadlock.

Fixes #3224.
2023-01-03 15:20:21 +01:00
Eelco Dolstra
224b56f10e Move creation of the temp roots file into its own function
This also moves the file handle into its own Sync object so we're not
holding the _state while acquiring the file lock. There was no real
deadlock risk here since locking a newly created file cannot block,
but it's still a bit nicer.
2023-01-03 14:51:23 +01:00
Eelco Dolstra
ae31b5f50f
Merge pull request #7497 from rski/master
src/libstore: Print the reason opening the DB failed
2023-01-03 12:44:14 +01:00
Eelco Dolstra
d33d15a48b Put the --show-trace hint in the logical place 2023-01-02 20:53:58 +01:00
Eelco Dolstra
c548e35498 Don't use state.positions[noPos]
This caused traces 'at «none»:0: (source not available)'.
2023-01-02 20:53:58 +01:00
Eelco Dolstra
6b69652385 Merge remote-tracking branch 'origin/master' into coerce-string 2023-01-02 20:53:39 +01:00
Théophane Hufschmitt
8cac451fce Fix why-depends for CA derivations (again)
This has the same goal as b13fd4c58e81b2b2b0d72caa5ce80de861622610,but
achieves it in a different way in order to not break
`nix why-depends --derivation`.
2023-01-02 17:42:22 +01:00
Théophane Hufschmitt
105d74eb81 Revert "Fix why-depends for CA derivations"
This reverts commit b13fd4c58e.
2023-01-02 15:44:04 +01:00
Théophane Hufschmitt
9af16c5f74
Merge pull request #5941 from hercules-ci/optimize-intersectAttrs
Optimize intersectAttrs performance
2023-01-02 15:22:38 +01:00
Valentin Gagarin
e0c4a95611 antiquotation -> string interpolation
as proposed by @mkaito[1] and @tazjin[2] and discussed with @edolstra
and Nix maintainers

[1]: https://github.com/NixOS/nix.dev/pull/267#issuecomment-1270076332
[2]: https://github.com/NixOS/nix.dev/pull/267#issuecomment-1270201979

Co-authored-by: John Ericson <git@JohnEricson.me>
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2023-01-02 14:38:57 +01:00
Théophane Hufschmitt
fb8fc6fda6
Merge pull request #7478 from hercules-ci/make-sure-initNix-called
libstore: Make sure that initNix has been called
2023-01-02 14:12:49 +01:00
Valentin Gagarin
9cdf8ededb remove redundant re-definition of store derivations 2023-01-02 13:37:59 +01:00
Théophane Hufschmitt
cfd6c7fc9b
Merge pull request #7485 from fricklerhandwerk/doc-store-derivation
define "store derivation"
2023-01-02 13:26:41 +01:00
Théophane Hufschmitt
b3285c7722
Merge pull request #7351 from NaN-git/fix-mkString
cleanup eval.hh/eval.cc
2023-01-02 11:41:52 +01:00
Théophane Hufschmitt
e8a3e58171
Merge pull request #7521 from ncfavier/migration-deadlock
Release shared lock before acquiring exclusive lock
2023-01-02 11:08:43 +01:00
Steven Shaw
84b0893725
Fix error message 2023-01-01 12:37:43 +10:00
Eelco Dolstra
8c52f8ea9d
Merge pull request #7524 from ncfavier/sandbox-paths-closure
doc: sandbox-paths computes closures
2022-12-29 19:45:51 +01:00
Eelco Dolstra
8227fe819e
Merge pull request #7504 from edolstra/nix-develop-personality
nix develop: Set personality
2022-12-29 19:42:45 +01:00