Commit graph

6020 commits

Author SHA1 Message Date
Will Dietz 56253bb08f rand() -> random(), since we use srandom().
rand() requires we call srand() instead,
but might as well use random().
2018-03-06 17:44:25 -06:00
Eelco Dolstra 70dbac7491
Merge pull request #1948 from shlevy/no-forward
ssh-ng: Don't forward options to the daemon.
2018-03-05 18:23:00 +01:00
Shea Levy 088ef81759
ssh-ng: Don't forward options to the daemon.
This can be iterated on and currently leaves out settings we know we
want to forward, but it fixes #1713 and fixes #1935 and isn't
fundamentally broken like the status quo. Future changes are suggested
in a comment.
2018-03-05 07:42:15 -05:00
Will Dietz e9a5ce9b07 release.nix: don't try to use nix-2.0 branch, no longer exists
Probably should point at the 18.03 release branch once that's made.
2018-03-03 13:48:54 -06:00
Shea Levy 3748a0ca1e
Merge branch 'improve-search-algorithm' of git://github.com/Ma27/nix 2018-03-02 11:41:08 -05:00
Shea Levy aa8bbbf69d
Merge branch 'write-failure-fixes' of git://github.com/lheckemann/nix 2018-03-02 10:59:59 -05:00
Eelco Dolstra 5c7a6d07de
Merge pull request #1932 from mfiano/patch-1
nix-channel grammar and punctuation
2018-03-02 16:58:00 +01:00
Eelco Dolstra 939cf4cceb
Fix error message 2018-03-02 14:32:00 +01:00
Michael Fiano ad97d1a786
nix-channel grammar and punctuation
Minor changes to the nix-channel manpage for my first contribution
2018-03-01 00:27:25 -05:00
Shea Levy 4a000cbb39
Merge pull request #1927 from dtzWill/fix/fetchgit-HEAD
fetchGit: use "HEAD" as default ref instead of "master"
2018-02-28 18:44:57 -05:00
Will Dietz e89d02bf03 fetchGit: use "HEAD" as default ref 2018-02-28 16:34:34 -06:00
Daiderd Jordan 05cb8e5c5a
launchd: enable keepalive for the nix-daemon service
Without this the daemon won't be restarted if the process ever dies, for
example when sending a SIGHUP to reload nix.conf.
2018-02-28 19:58:48 +01:00
Shea Levy 14ca85688c
Actually fix nixDataDir in non-canonical path 2018-02-28 06:19:40 -05:00
Eelco Dolstra 8a5da93841
Merge pull request #1912 from dezgeg/replacestrings-take-2
libexpr: Fix prim_replaceStrings() to work on an empty source string, take 2
2018-02-27 12:53:19 +01:00
Tuomas Tynkkynen 77e9e1ed91 libexpr: Fix prim_replaceStrings() to work on an empty source string
Otherwise, running e.g.

nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"'

would just hang in an infinite loop.

Found by afl-fuzz.

First attempt of this was reverted in e2d71bd186 because it caused
another infinite loop, which is fixed now and a test added.
2018-02-26 19:49:13 +02:00
Eelco Dolstra 24ec750003
nix run: Fix segfault on macOS
Note that clearenv() is not available on macOS.

Fixes #1907.
2018-02-26 18:29:40 +01:00
Graham Christensen 9432f3fb7d
Merge pull request #1901 from veprbl/patch-5
Fix a small typo in the release notes
2018-02-24 10:26:14 -05:00
Graham Christensen ab435463d0
Merge pull request #1903 from primeos/release-notes-2.0-url-fix
doc: Fix a URL in the release notes for Nix 2.0
2018-02-24 10:19:39 -05:00
Michael Weiss bd94e63853 doc: Fix a URL in the release notes for Nix 2.0 2018-02-24 16:07:10 +01:00
Dmitry Kalinkin d9d8a84a96
Fix a small typo in the release notes 2018-02-23 23:45:42 -05:00
Eelco Dolstra 64e486ab63
Fix downloadCached() with a chroot store
E.g.

  nix run --store ~/my-nix -f channel:nixos-17.03 hello -c hello

This problem was mentioned in #1897.
2018-02-23 13:00:42 +01:00
Eelco Dolstra 39b4177500
Fix example in release notes 2018-02-22 17:42:06 +01:00
Eelco Dolstra 2691d51a33
Doh 2018-02-22 17:14:35 +01:00
Eelco Dolstra b6dec2f3ca
Release script tweaks 2018-02-22 17:11:17 +01:00
Eelco Dolstra 179b896acb
Merge branch 'data-dir-non-canon' of https://github.com/shlevy/nix 2018-02-22 14:20:43 +01:00
Eelco Dolstra e8d53bfdc9
Revert "Enable sandbox builds on Linux by default"
This reverts commit ddc58e7896.

https://hydra.nixos.org/eval/1435322
2018-02-22 14:20:07 +01:00
Shea Levy ddbcd01c83
Fix restricted mode when installing in non-canonical data dir 2018-02-22 07:18:14 -05:00
Eelco Dolstra eaa52c34b4
Set release date 2018-02-22 12:44:46 +01:00
Eelco Dolstra ddc58e7896
Enable sandbox builds on Linux by default
The overhead of sandbox builds is a problem on NixOS (since building a
NixOS configuration involves a lot of small derivations) but not for
typical non-NixOS use cases. So outside of NixOS we can enable it.

Issue #179.
2018-02-22 12:27:25 +01:00
Eelco Dolstra 6964131cd7
Merge branch 'fix/sandbox-shell-features' of https://github.com/dtzWill/nix 2018-02-22 12:20:13 +01:00
Eelco Dolstra de4c03d201
Merge branch 'fix/dry-run-partially' of https://github.com/dtzWill/nix 2018-02-22 12:18:20 +01:00
Eelco Dolstra 88c90d5e6d
Manual: Put configuration options in sorted order 2018-02-21 18:08:47 +01:00
Eelco Dolstra 0d54671b7b
Manual: Update chapter on remote builds
Alos add a command "nix ping-store" to make it easier to see if Nix
can connect to a remote builder (e.g. 'nix ping-store --store
ssh://mac').
2018-02-21 16:24:26 +01:00
Eelco Dolstra e2d71bd186
Revert "libexpr: Fix prim_replaceStrings() to work on an empty source string"
This reverts commit 4ea9707591.

It causes an infinite loop in Nixpkgs evaluation,
e.g. "nix-instantiate -A hello" hung.

PR #1886.
2018-02-21 15:35:28 +01:00
Shea Levy a6c497f526
Merge branch 'nix-copy' of git://github.com/Mic92/nix-1 2018-02-20 21:05:17 -05:00
Jörg Thalheim fa7fd76c5e nix-copy: fix examples
maybe a left-over from nix-store -r ?
2018-02-21 01:13:46 +00:00
Shea Levy 7c377dc5cc
Merge remote-tracking branch 'dezgeg/afl-fixes' 2018-02-20 16:32:48 -05:00
Eelco Dolstra 4e44025ac5
Release notes: Add contributors 2018-02-20 15:20:14 +01:00
Eelco Dolstra cea4fb3a31
Fix evaluation of binaryTarball.aarch64-linux 2018-02-20 12:33:32 +01:00
Tuomas Tynkkynen 546f98dace libutil: Fix invalid assert on decoding base64 hashes
The assertion is broken because there is no one-to-one mapping from
length of a base64 string to the length of the output.

E.g.

"1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9q=" results in a 32-byte output.
"1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9qy" results in a 33-byte output.

To reproduce, evaluate:

builtins.derivationStrict {
    name = "0";
    builder = "0";
    system = "0";
    outputHashAlgo = "sha256";
    outputHash = "1q69lz7Empb06nzfkj651413n9icx0njmyr3xzq1j9qy";
}

Found by afl-fuzz.
2018-02-19 23:20:26 +02:00
Tuomas Tynkkynen 4ea9707591 libexpr: Fix prim_replaceStrings() to work on an empty source string
Otherwise, running e.g.

nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"'

would just hang in an infinite loop.

Found by afl-fuzz.
2018-02-19 23:20:26 +02:00
Tuomas Tynkkynen 1d0e42879f libutil: Fix infinite loop in filterANSIEscapes on '\r'
E.g. nix-instantiate --eval -E 'abort "\r"' hangs.

Found by afl-fuzz.
2018-02-19 23:20:26 +02:00
Tuomas Tynkkynen 056d28a601 libexpr: Don't create lots of temporary strings in Bindings::lexicographicOrder
Avoids ~180,000 string temporaries created when evaluating a headless
NixOS system.
2018-02-19 22:47:25 +02:00
Eelco Dolstra d4e93532e2
Fix incorrect (and unnecessary) format string
https://hydra.nixos.org/eval/1434547#tabs-now-fail
2018-02-19 20:46:39 +01:00
Eelco Dolstra d7fdfe322b
Remove macOS multi-user instructions
This is already handled by the installer.
2018-02-19 20:40:25 +01:00
Eelco Dolstra 70eb64147e
Update release notes
Also add some examples to nix --help.
2018-02-19 20:38:53 +01:00
Will Dietz a6c0b773b7 configure.ac: define HAVE_SECCOMP macro when using seccomp, fix build/tests
Happily the failing tests should prevent anyone from using such a Nix
in situations where they expect sandboxing to be on,
which would otherwise be a risk.
2018-02-19 12:13:51 -06:00
Eelco Dolstra 623fcb071e
Merge pull request #1882 from shlevy/no-seccomp-no-filterSyscalls
Don't silently succeed seccomp setup when !HAVE_SECCOMP.
2018-02-19 17:39:46 +01:00
Shea Levy e1eb63a586
Merge branch 'perf-fixes' of git://github.com/dezgeg/nix 2018-02-19 10:11:52 -05:00
Shea Levy e59a8a63e1
Don't silently succeed seccomp setup when !HAVE_SECCOMP.
Running Nix with build users without seccomp on Linux is dangerous,
and administrators should very explicitly opt-in to it.
2018-02-19 09:56:24 -05:00