From 5755a5c354c8b622fae14a32b9f8f6f901fb9529 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 9 Jul 2012 11:33:38 -0400 Subject: [PATCH 01/18] Install a nix.conf manpage --- doc/manual/Makefile.am | 2 ++ doc/manual/conf-file.xml | 32 +++++++++++++++++++++----------- doc/manual/manual.xml | 6 +++++- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/doc/manual/Makefile.am b/doc/manual/Makefile.am index 33cb27e05..42da3c8b0 100644 --- a/doc/manual/Makefile.am +++ b/doc/manual/Makefile.am @@ -21,6 +21,8 @@ man1_MANS = nix-env.1 nix-build.1 nix-store.1 nix-instantiate.1 \ nix-prefetch-url.1 nix-channel.1 \ nix-install-package.1 nix-hash.1 nix-copy-closure.1 +man5_MANS = nix.conf.5 + man8_MANS = nix-worker.8 FIGURES = figures/user-environments.png diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml index 25a009de9..7fd104eb4 100644 --- a/doc/manual/conf-file.xml +++ b/doc/manual/conf-file.xml @@ -1,27 +1,36 @@ -
+ -Nix configuration file + + nix.conf + 5 + Nix + + + + nix.conf + Nix configuration file + + +Description A number of persistent settings of Nix are stored in the file sysconfdir/nix/nix.conf. This file is a list of name = value pairs, one per line. -Comments start with a # character. An example -configuration file is shown in . - -Nix configuration file +Comments start with a # character. Here is an example +configuration file: gc-keep-outputs = true # Nice for developers gc-keep-derivations = true # Idem env-keep-derivations = false - -The following variables are currently available: +The following settings are currently available: @@ -323,5 +332,6 @@ build-use-chroot = /dev /proc /bin + -
+ diff --git a/doc/manual/manual.xml b/doc/manual/manual.xml index 95fbe7d90..ccff9423c 100644 --- a/doc/manual/manual.xml +++ b/doc/manual/manual.xml @@ -40,7 +40,6 @@ Command Reference -
Main commands @@ -63,6 +62,11 @@
+
+ Files + +
+ From 087dee6e1b673b1e49f7c49fa0f05eb651bb5e94 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 9 Jul 2012 11:56:55 -0400 Subject: [PATCH 02/18] Get rid of nix.conf.example No need to duplicate the nix.conf manpage. --- Makefile.am | 6 +- nix.conf.example | 181 ----------------------------------------------- nix.spec.in | 5 +- 3 files changed, 2 insertions(+), 190 deletions(-) delete mode 100644 nix.conf.example diff --git a/Makefile.am b/Makefile.am index f50cdf19b..c97d0e266 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1,6 +1,6 @@ SUBDIRS = src perl scripts corepkgs doc misc tests EXTRA_DIST = substitute.mk nix.spec nix.spec.in bootstrap.sh \ - nix.conf.example NEWS version misc/systemd/nix-worker.service + NEWS version misc/systemd/nix-worker.service pkginclude_HEADERS = config.h @@ -10,10 +10,6 @@ nix.spec: nix.spec.in install-data-local: init-state $(INSTALL) -d $(DESTDIR)$(sysconfdir)/nix - $(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix - if ! test -e $(DESTDIR)$(sysconfdir)/nix/nix.conf; then \ - $(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix/nix.conf; \ - fi $(INSTALL) -d $(DESTDIR)$(docdir) $(INSTALL_DATA) README $(DESTDIR)$(docdir)/ diff --git a/nix.conf.example b/nix.conf.example deleted file mode 100644 index 3c55b570e..000000000 --- a/nix.conf.example +++ /dev/null @@ -1,181 +0,0 @@ -### Option `gc-keep-outputs' -# -# If `true', the garbage collector will keep the outputs of -# non-garbage derivations. If `false' (default), outputs will be -# deleted unless they are GC roots themselves (or reachable from other -# roots). -# -# In general, outputs must be registered as roots separately. -# However, even if the output of a derivation is registered as a root, -# the collector will still delete store paths that are used only at -# build time (e.g., the C compiler, or source tarballs downloaded from -# the network). To prevent it from doing so, set this option to -# `true'. -#gc-keep-outputs = false - - -### Option `gc-keep-derivations' -# -# If `true' (default), the garbage collector will keep the derivations -# from which non-garbage store paths were built. If `false', they -# will be deleted unless explicitly registered as a root (or reachable -# from other roots). -# -# Keeping derivation around is useful for querying and traceability -# (e.g., it allows you to ask with what dependencies or options a -# store path was built), so by default this option is on. Turn it off -# to safe a bit of disk space (or a lot if `gc-keep-outputs' is also -# turned on). -#gc-keep-derivations = true - - -### Option `env-keep-derivations' -# -# If `false' (default), derivations are not stored in Nix user -# environments. That is, the derivation any build-time-only -# dependencies may be garbage-collected. -# -# If `true', when you add a Nix derivation to a user environment, the -# path of the derivation is stored in the user environment. Thus, the -# derivation will not be garbage-collected until the user environment -# generation is deleted (`nix-env --delete-generations'). To prevent -# build-time-only dependencies from being collected, you should also -# turn on `gc-keep-outputs'. -# -# The difference between this option and `gc-keep-derivations' is that -# this one is `sticky': it applies to any user environment created -# while this option was enabled, while `gc-keep-derivations' only -# applies at the moment the garbage collector is run. -#env-keep-derivations = false - - -### Option `build-max-jobs' -# -# This option defines the maximum number of jobs that Nix will try to -# build in parallel. The default is 1. You should generally set it -# to the number of CPUs in your system (e.g., 2 on a Athlon 64 X2). -# It can be overriden using the `--max-jobs' / `-j' command line -# switch. -#build-max-jobs = 1 - - -### Option `build-cores' -# -# This option defines the number of CPU cores to utilize in parallel -# within a build job, i.e. by passing an appropriate `-jN' flag to GNU -# Make. The default is 1, meaning that parallel building within jobs -# is disabled. Passing the special value `0' causes Nix to try and -# auto-detect the number of available cores on the local host. This -# setting can be overridden using the `--cores' command line switch. -#build-cores = 1 - - -### Option `build-max-silent-time' -# -# This option defines the maximum number of seconds that a builder can -# go without producing any data on standard output or standard error. -# This is useful (for instance in a automated build system) to catch -# builds that are stuck in an infinite loop, or to catch remote builds -# that are hanging due to network problems. It can be overriden using -# the `--max-silent-time' command line switch. -# -# The value 0 means that there is no timeout. This is also the -# default. -# -# Example: -# build-max-silent-time = 600 # = 10 minutes -#build-max-silent-time = 0 - - -### Option `build-users-group' -# -# This options specifies the Unix group containing the Nix build user -# accounts. In multi-user Nix installations, builds should not -# be performed by the Nix account since that would allow users to -# arbitrarily modify the Nix store and database by supplying specially -# crafted builders; and they cannot be performed by the calling user -# since that would allow him/her to influence the build result. -# -# Therefore, if this option is non-empty and specifies a valid group, -# builds will be performed under the user accounts that are a member -# of the group specified here (as listed in /etc/group). Those user -# accounts should not be used for any other purpose! -# -# Nix will never run two builds under the same user account at the -# same time. This is to prevent an obvious security hole: a malicious -# user writing a Nix expression that modifies the build result of a -# legitimate Nix expression being built by another user. Therefore it -# is good to have as many Nix build user accounts as you can spare. -# (Remember: uids are cheap.) -# -# The build users should have permission to create files in the Nix -# store, but not delete them. Therefore, /nix/store should be owned -# by the Nix account, its group should be the group specified here, -# and its mode should be 1775. -# -# If the build users group is empty, builds will be performed under -# the uid of the Nix process (that is, the uid of the caller if -# $NIX_REMOTE is empty, the uid under which the Nix daemon runs if -# $NIX_REMOTE is `daemon', or the uid that owns the setuid nix-worker -# program if $NIX_REMOTE is `slave'). Obviously, this should not be -# used in multi-user settings with untrusted users. -# -# The default is empty. -# -# Example: -# build-users-group = nix-builders -#build-users-group = - - -### Option `build-use-chroot' -# -# If set to `true', builds will be performed in a chroot environment, -# i.e., the build will be isolated from the normal file system -# hierarchy and will only see the Nix store, the temporary build -# directory, and the directories configured with the -# `build-chroot-dirs' option (such as /proc and /dev). This is useful -# to prevent undeclared dependencies on files in directories such as -# /usr/bin. -# -# The use of a chroot requires that Nix is run as root (but you can -# still use the "build users" feature to perform builds under -# different users than root). Currently, chroot builds only work on -# Linux because Nix uses "bind mounts" to make the Nix store and other -# directories available inside the chroot. -# -# The default is `false'. -# -# Example: -# build-use-chroot = true -#build-use-chroot = false - - -### Option `build-chroot-dirs' -# -# When builds are performed in a chroot environment, Nix will mount -# (using `mount --bind' on Linux) some directories from the normal -# file system hierarchy inside the chroot. These are the Nix store, -# the temporary build directory (usually /tmp/nix--) and -# the directories listed here. The default is "/dev /dev/pts /proc". -# Files in /dev (such as /dev/null) are needed by many builds, and -# some files in /proc may also be needed occasionally. -# -# Example: -# build-use-chroot = /dev /proc /bin -#build-chroot-dirs = /dev /dev/pts /proc - - -### Option `build-cache-failure' -# -# If this option is enabled, Nix will do negative caching; that is, it -# will remember failed builds, and won't attempt to try to build them -# again if you ask for it. Negative caching is disabled by default -# because Nix cannot distinguish between permanent build errors (e.g., -# a syntax error in a source file) and transient build errors (e.g., a -# full disk), as they both cause the builder to return a non-zero exit -# code. You can clear the cache by doing `rm -f -# /nix/var/nix/db/failed/*'. -# -# Example: -# build-cache-failure = true -#build-cache-failure = false diff --git a/nix.spec.in b/nix.spec.in index 44ea8d7c9..29e53c0c3 100644 --- a/nix.spec.in +++ b/nix.spec.in @@ -121,10 +121,7 @@ ln -sf %{_libdir}/nix/libNixStore.so.0 Store.so popd # Specify build users group -sed -i "s|#build-users-group =$|build-users-group = %{nixbld_group}|" \ - $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf -# ... and delete the example configuration -rm $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf.example +echo "build-users-group = %{nixbld_group}" > $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf # make per-user directories for d in profiles gcroots; From a560124cdf43a08733d85336f7c8172fea1cfc5a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 9 Jul 2012 11:58:12 -0400 Subject: [PATCH 03/18] Fix RPM builds http://hydra.nixos.org/build/2784908 --- nix.spec.in | 1 + 1 file changed, 1 insertion(+) diff --git a/nix.spec.in b/nix.spec.in index 29e53c0c3..9413ef7b3 100644 --- a/nix.spec.in +++ b/nix.spec.in @@ -190,6 +190,7 @@ systemctl start nix-worker.service %{_datadir}/emacs/site-lisp/nix-mode.el %{_datadir}/nix %{_mandir}/man1/nix-*.1* +%{_mandir}/man5/nix-*.5* %{_mandir}/man8/nix-*.8* %config(noreplace) %{_sysconfdir}/profile.d/nix.sh /nix From 27f0c34390d6680a843e2d4fad527dc672ed35c6 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 9 Jul 2012 13:16:09 -0400 Subject: [PATCH 04/18] Really fix RPM builds --- nix.spec.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix.spec.in b/nix.spec.in index 9413ef7b3..8b1ea8a54 100644 --- a/nix.spec.in +++ b/nix.spec.in @@ -189,9 +189,9 @@ systemctl start nix-worker.service %endif %{_datadir}/emacs/site-lisp/nix-mode.el %{_datadir}/nix -%{_mandir}/man1/nix-*.1* -%{_mandir}/man5/nix-*.5* -%{_mandir}/man8/nix-*.8* +%{_mandir}/man1/*.1* +%{_mandir}/man5/*.5* +%{_mandir}/man8/*.8* %config(noreplace) %{_sysconfdir}/profile.d/nix.sh /nix %dir %{_sysconfdir}/nix From c4df7472676cac9bf5243ee8bc7cd0017f91a28d Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 10:19:17 -0400 Subject: [PATCH 05/18] Resurrect old corepkgs fetchurl --- corepkgs/fetchurl/Makefile.am | 11 +++++++++++ corepkgs/fetchurl/builder.sh.in | 5 +++++ corepkgs/fetchurl/default.nix | 23 +++++++++++++++++++++++ 3 files changed, 39 insertions(+) create mode 100644 corepkgs/fetchurl/Makefile.am create mode 100644 corepkgs/fetchurl/builder.sh.in create mode 100644 corepkgs/fetchurl/default.nix diff --git a/corepkgs/fetchurl/Makefile.am b/corepkgs/fetchurl/Makefile.am new file mode 100644 index 000000000..3cb63e0ce --- /dev/null +++ b/corepkgs/fetchurl/Makefile.am @@ -0,0 +1,11 @@ +all-local: builder.sh + +install-exec-local: + $(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs + $(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs/fetchurl + $(INSTALL_DATA) default.nix $(DESTDIR)$(datadir)/nix/corepkgs/fetchurl + $(INSTALL_PROGRAM) builder.sh $(DESTDIR)$(datadir)/nix/corepkgs/fetchurl + +include ../../substitute.mk + +EXTRA_DIST = default.nix builder.sh.in diff --git a/corepkgs/fetchurl/builder.sh.in b/corepkgs/fetchurl/builder.sh.in new file mode 100644 index 000000000..02abb18b4 --- /dev/null +++ b/corepkgs/fetchurl/builder.sh.in @@ -0,0 +1,5 @@ +#! @shell@ -e + +echo "downloading $url into $out" + +@curl@ --fail --location --max-redirs 20 "$url" > "$out" diff --git a/corepkgs/fetchurl/default.nix b/corepkgs/fetchurl/default.nix new file mode 100644 index 000000000..37f01b55e --- /dev/null +++ b/corepkgs/fetchurl/default.nix @@ -0,0 +1,23 @@ +# Argh, this thing is duplicated (more-or-less) in Nixpkgs. Need to +# find a way to combine them. + +{system, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? ""}: + +assert (outputHash != "" && outputHashAlgo != "") + || md5 != "" || sha1 != "" || sha256 != ""; + +derivation { + name = baseNameOf (toString url); + builder = ./builder.sh; + + # Compatibility with Nix <= 0.7. + id = md5; + + # New-style output content requirements. + outputHashAlgo = if outputHashAlgo != "" then outputHashAlgo else + if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5"; + outputHash = if outputHash != "" then outputHash else + if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5; + + inherit system url; +} From 40c01ec4671c09a6ceb61ef201dad48156000075 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 10:22:26 -0400 Subject: [PATCH 06/18] corepkgs/config.nix.in: We'll need curl --- corepkgs/config.nix.in | 1 + 1 file changed, 1 insertion(+) diff --git a/corepkgs/config.nix.in b/corepkgs/config.nix.in index b324d732a..98924c4ef 100644 --- a/corepkgs/config.nix.in +++ b/corepkgs/config.nix.in @@ -9,5 +9,6 @@ in { bzip2 = fromEnv "NIX_BZIP2" "@bzip2@"; tar = "@tar@"; tr = "@tr@"; + curl = "@curl@"; nixBinDir = fromEnv "NIX_BIN_DIR" "@bindir@"; } From 6450f5699fa824934b92ca7ba1d345c36e9c009a Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 10:25:58 -0400 Subject: [PATCH 07/18] Move fetchurl files out of their subdirectory --- corepkgs/{fetchurl/default.nix => fetchurl.nix} | 0 corepkgs/{fetchurl/builder.sh.in => fetchurl.sh} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename corepkgs/{fetchurl/default.nix => fetchurl.nix} (100%) rename corepkgs/{fetchurl/builder.sh.in => fetchurl.sh} (100%) diff --git a/corepkgs/fetchurl/default.nix b/corepkgs/fetchurl.nix similarity index 100% rename from corepkgs/fetchurl/default.nix rename to corepkgs/fetchurl.nix diff --git a/corepkgs/fetchurl/builder.sh.in b/corepkgs/fetchurl.sh similarity index 100% rename from corepkgs/fetchurl/builder.sh.in rename to corepkgs/fetchurl.sh From fd2630e1f739c12b4a1f01159e1230d9fb7fb997 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 10:26:50 -0400 Subject: [PATCH 08/18] Remove old fetchurl makefile --- corepkgs/fetchurl/Makefile.am | 11 ----------- 1 file changed, 11 deletions(-) delete mode 100644 corepkgs/fetchurl/Makefile.am diff --git a/corepkgs/fetchurl/Makefile.am b/corepkgs/fetchurl/Makefile.am deleted file mode 100644 index 3cb63e0ce..000000000 --- a/corepkgs/fetchurl/Makefile.am +++ /dev/null @@ -1,11 +0,0 @@ -all-local: builder.sh - -install-exec-local: - $(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs - $(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs/fetchurl - $(INSTALL_DATA) default.nix $(DESTDIR)$(datadir)/nix/corepkgs/fetchurl - $(INSTALL_PROGRAM) builder.sh $(DESTDIR)$(datadir)/nix/corepkgs/fetchurl - -include ../../substitute.mk - -EXTRA_DIST = default.nix builder.sh.in From 9d94a28bed39d0e9bcb3532cdac1a254a44efa97 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 10:29:18 -0400 Subject: [PATCH 09/18] The fetchurl builder is now fetchurl.sh --- corepkgs/fetchurl.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index 37f01b55e..c85c007ff 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -8,7 +8,7 @@ assert (outputHash != "" && outputHashAlgo != "") derivation { name = baseNameOf (toString url); - builder = ./builder.sh; + builder = ./fetchurl.sh; # Compatibility with Nix <= 0.7. id = md5; From a994eb92a4e0d8744b244cd421c855d76831bdc0 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 10:32:12 -0400 Subject: [PATCH 10/18] corepkgs/fetchurl.sh: Use config.nix's curl --- corepkgs/fetchurl.nix | 4 +++- corepkgs/fetchurl.sh | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index c85c007ff..758212015 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -1,3 +1,5 @@ +with import ; + # Argh, this thing is duplicated (more-or-less) in Nixpkgs. Need to # find a way to combine them. @@ -19,5 +21,5 @@ derivation { outputHash = if outputHash != "" then outputHash else if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5; - inherit system url; + inherit system url curl; } diff --git a/corepkgs/fetchurl.sh b/corepkgs/fetchurl.sh index 02abb18b4..608a946ab 100644 --- a/corepkgs/fetchurl.sh +++ b/corepkgs/fetchurl.sh @@ -2,4 +2,4 @@ echo "downloading $url into $out" -@curl@ --fail --location --max-redirs 20 "$url" > "$out" +$curl --fail --location --max-redirs 20 "$url" > "$out" From f863673a903d17566be8a03bcf8655d9912428bd Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 10:33:40 -0400 Subject: [PATCH 11/18] corepkgs/fetchurl: Call the shell directly instead of using the shebang --- corepkgs/fetchurl.nix | 3 ++- corepkgs/fetchurl.sh | 2 -- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index 758212015..72107294c 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -10,7 +10,8 @@ assert (outputHash != "" && outputHashAlgo != "") derivation { name = baseNameOf (toString url); - builder = ./fetchurl.sh; + builder = shell; + args = [ "-e" ./fetchurl.sh ]; # Compatibility with Nix <= 0.7. id = md5; diff --git a/corepkgs/fetchurl.sh b/corepkgs/fetchurl.sh index 608a946ab..6d35794ca 100644 --- a/corepkgs/fetchurl.sh +++ b/corepkgs/fetchurl.sh @@ -1,5 +1,3 @@ -#! @shell@ -e - echo "downloading $url into $out" $curl --fail --location --max-redirs 20 "$url" > "$out" From 543bf742c9391bc49f59c52adb042bbd3c5e2364 Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 10:55:35 -0400 Subject: [PATCH 12/18] corepkgs: distribute fetchurl files --- corepkgs/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/corepkgs/Makefile.am b/corepkgs/Makefile.am index a8de60165..94d373572 100644 --- a/corepkgs/Makefile.am +++ b/corepkgs/Makefile.am @@ -1,6 +1,6 @@ all-local: config.nix -files = nar.nix buildenv.nix buildenv.pl unpack-channel.nix unpack-channel.sh derivation.nix +files = nar.nix buildenv.nix buildenv.pl unpack-channel.nix unpack-channel.sh derivation.nix fetchurl.nix fetchurl.sh install-exec-local: $(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs From 53f52c2111bcf339bdaab703a263fd2c001da51c Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 11:04:11 -0400 Subject: [PATCH 13/18] corepkgs/fetchurl: the 'system' argument can be optional --- corepkgs/fetchurl.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index 72107294c..3d467fe18 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -3,7 +3,7 @@ with import ; # Argh, this thing is duplicated (more-or-less) in Nixpkgs. Need to # find a way to combine them. -{system, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? ""}: +{system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? ""}: assert (outputHash != "" && outputHashAlgo != "") || md5 != "" || sha1 != "" || sha256 != ""; From a2865f6b3d2af5593a100cba5c86ba62a1330bdb Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 11:11:02 -0400 Subject: [PATCH 14/18] corepkgs/fetchurl: Build locally and outside of the chroot --- corepkgs/fetchurl.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index 3d467fe18..91870a70c 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -23,4 +23,10 @@ derivation { if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5; inherit system url curl; + + # No need to double the amount of network traffic + preferLocalBuild = true; + + # Don't build in a chroot because Nix's dependencies may not be there. + __noChroot = true; } From 035aa114037857b51968e62a1176f4086e2477ec Mon Sep 17 00:00:00 2001 From: Shea Levy Date: Sun, 8 Jul 2012 11:14:57 -0400 Subject: [PATCH 15/18] Remove obsolete comment --- corepkgs/fetchurl.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index 91870a70c..29cf6720b 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -1,8 +1,5 @@ with import ; -# Argh, this thing is duplicated (more-or-less) in Nixpkgs. Need to -# find a way to combine them. - {system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? ""}: assert (outputHash != "" && outputHashAlgo != "") From 51f9f9924bcd0c30b45e370fc69dc43e6621ef61 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 9 Jul 2012 15:41:43 -0400 Subject: [PATCH 16/18] Add a test for the fetchurl function --- tests/Makefile.am | 3 ++- tests/fetchurl.nix | 6 ++++++ tests/fetchurl.sh | 9 +++++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 tests/fetchurl.nix create mode 100644 tests/fetchurl.sh diff --git a/tests/Makefile.am b/tests/Makefile.am index f44caa4b3..517c382b1 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -9,7 +9,7 @@ TESTS = init.sh hash.sh lang.sh add.sh simple.sh dependencies.sh \ gc-runtime.sh install-package.sh check-refs.sh filter-source.sh \ remote-store.sh export.sh export-graph.sh negative-caching.sh \ binary-patching.sh timeout.sh secure-drv-outputs.sh nix-channel.sh \ - multiple-outputs.sh import-derivation.sh + multiple-outputs.sh import-derivation.sh fetchurl.sh XFAIL_TESTS = @@ -38,6 +38,7 @@ EXTRA_DIST = $(TESTS) \ secure-drv-outputs.nix \ multiple-outputs.nix \ import-derivation.nix \ + fetchurl.nix \ $(wildcard lang/*.nix) $(wildcard lang/*.exp) $(wildcard lang/*.exp.xml) $(wildcard lang/*.flags) $(wildcard lang/dir*/*.nix) \ common.sh.in diff --git a/tests/fetchurl.nix b/tests/fetchurl.nix new file mode 100644 index 000000000..2abcc039a --- /dev/null +++ b/tests/fetchurl.nix @@ -0,0 +1,6 @@ +{ filename, sha256 }: + +import { + url = "file://${filename}"; + inherit sha256; +} diff --git a/tests/fetchurl.sh b/tests/fetchurl.sh new file mode 100644 index 000000000..bb6180ca3 --- /dev/null +++ b/tests/fetchurl.sh @@ -0,0 +1,9 @@ +source common.sh + +clearStore + +hash=$(nix-hash --flat --type sha256 ./fetchurl.nix) + +outPath=$(nix-build ./fetchurl.nix --argstr filename $(pwd)/fetchurl.nix --argstr sha256 $hash) + +cmp $outPath fetchurl.nix From 2dd3117c2723ff08c6226b71d569bcea50d58ad1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 9 Jul 2012 15:48:55 -0400 Subject: [PATCH 17/18] Inline fetchurl.sh --- corepkgs/Makefile.am | 2 +- corepkgs/fetchurl.nix | 17 ++++++++++++----- corepkgs/fetchurl.sh | 3 --- 3 files changed, 13 insertions(+), 9 deletions(-) delete mode 100644 corepkgs/fetchurl.sh diff --git a/corepkgs/Makefile.am b/corepkgs/Makefile.am index 94d373572..729d15e7b 100644 --- a/corepkgs/Makefile.am +++ b/corepkgs/Makefile.am @@ -1,6 +1,6 @@ all-local: config.nix -files = nar.nix buildenv.nix buildenv.pl unpack-channel.nix unpack-channel.sh derivation.nix fetchurl.nix fetchurl.sh +files = nar.nix buildenv.nix buildenv.pl unpack-channel.nix unpack-channel.sh derivation.nix fetchurl.nix install-exec-local: $(INSTALL) -d $(DESTDIR)$(datadir)/nix/corepkgs diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index 29cf6720b..8fc1c5970 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -5,13 +5,20 @@ with import ; assert (outputHash != "" && outputHashAlgo != "") || md5 != "" || sha1 != "" || sha256 != ""; +let + + builder = builtins.toFile "fetchurl.sh" + '' + echo "downloading $url into $out" + ${curl} --fail --location --max-redirs 20 "$url" > "$out" + ''; + +in + derivation { name = baseNameOf (toString url); builder = shell; - args = [ "-e" ./fetchurl.sh ]; - - # Compatibility with Nix <= 0.7. - id = md5; + args = [ "-e" builder ]; # New-style output content requirements. outputHashAlgo = if outputHashAlgo != "" then outputHashAlgo else @@ -19,7 +26,7 @@ derivation { outputHash = if outputHash != "" then outputHash else if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5; - inherit system url curl; + inherit system url; # No need to double the amount of network traffic preferLocalBuild = true; diff --git a/corepkgs/fetchurl.sh b/corepkgs/fetchurl.sh deleted file mode 100644 index 6d35794ca..000000000 --- a/corepkgs/fetchurl.sh +++ /dev/null @@ -1,3 +0,0 @@ -echo "downloading $url into $out" - -$curl --fail --location --max-redirs 20 "$url" > "$out" From eae802459d7639a69baec555264f394adad043c0 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 9 Jul 2012 15:49:20 -0400 Subject: [PATCH 18/18] Pass --insecure to curl so that https works --- corepkgs/fetchurl.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/corepkgs/fetchurl.nix b/corepkgs/fetchurl.nix index 8fc1c5970..4a0ae8279 100644 --- a/corepkgs/fetchurl.nix +++ b/corepkgs/fetchurl.nix @@ -10,7 +10,7 @@ let builder = builtins.toFile "fetchurl.sh" '' echo "downloading $url into $out" - ${curl} --fail --location --max-redirs 20 "$url" > "$out" + ${curl} --fail --location --max-redirs 20 --insecure "$url" > "$out" ''; in