Commit graph

6289 commits

Author SHA1 Message Date
Graham Christensen ce2281e6d8
Ensure PINCH_ME_IM_SILLY allows a /nix/store to stick around between builds
Also output in the status report that the user is very silly
2017-07-14 12:11:26 -04:00
Graham Christensen 1c7ce2a018
Assume yes if we have no TTY
Starve the TTY of input to ensure this works, but provide yes to the
current installer to handle the current broken case.
2017-07-14 12:11:23 -04:00
Graham Christensen 73a57a2f22
Cleanup and more specificity around set -e 2017-07-14 12:11:20 -04:00
Graham Christensen 3839dda2ec
Only clean if the file exists 2017-07-14 12:11:17 -04:00
Graham Christensen 92ca93528f
Clean up nix hints from the old insstaller 2017-07-14 12:11:13 -04:00
Graham Christensen 61ea9e9867
Run nix-build inside a fresh bash login 2017-07-14 12:11:10 -04:00
Graham Christensen bc647fd299
chmod 2017-07-14 12:11:07 -04:00
Graham Christensen a0369b14f4
Test the installer 2017-07-14 12:11:04 -04:00
Graham Christensen 657b47e1b3
Address feedback around printf & exec 2017-07-14 12:11:00 -04:00
Graham Christensen 6a4037ca05
Don't install a second nix after the initial installation, and the rsync change fixes a bug hidden by the nix replacement where the store files were being owned by the installing user due to rsync's -a implying -og. 2017-07-14 12:10:57 -04:00
Graham Christensen 092f447c6d
Clean up issues around uninstall directions, and only show
relevant directions
2017-07-14 12:10:54 -04:00
Graham Christensen 6f639943c2
Prompt for sudo before validating assumptions, and check ourselves for root-owned files instead of making a scary warning. 2017-07-14 12:10:51 -04:00
Graham Christensen 2b5ab03524
multi-user install: move the profile in to the nix etc/profiles.d output 2017-07-14 12:10:47 -04:00
Graham Christensen fb40d73e23
Switch to a fancy multi-user installer on Darwin 2017-07-14 12:10:44 -04:00
Graham Christensen a0ad8ba12e
Shellcheck the existing installer 2017-07-14 11:42:33 -04:00
Eelco Dolstra 112ff7833d
nix: Show help when no arguments are given
Fixes #1464.
2017-07-14 13:44:45 +02:00
Eelco Dolstra 38374a9d35
Tarball job: Include libseccomp on Linux only 2017-07-14 11:41:37 +02:00
Eelco Dolstra 0681f8c907
Shut up a memory leak warning 2017-07-14 11:40:57 +02:00
Eelco Dolstra 2965d40612 replaceSymlink(): Handle the case where the temporary file already exists
Not really necessary anymore for #849, but still nice to have.
2017-07-11 23:21:40 +02:00
Eelco Dolstra 8e8caf7f3e fetchTarball: Prevent concurrent downloads of the same file
Fixes #849.
2017-07-11 23:21:24 +02:00
Eelco Dolstra 9c00fa4179 Merge pull request #1422 from nh2/fix-potential-hash-comparison-crash
Fix potential crash/wrong result two hashes of unequal length are compared
2017-07-10 18:09:49 +02:00
Shea Levy 62a8fe6388 Merge branch 'man2' of git://github.com/robx/nix 2017-07-10 08:43:19 -04:00
Robert Vollmert 30117fb35b fix buggy nix-shell man page 2017-07-10 14:36:55 +02:00
Eelco Dolstra 1762b9616c Merge pull request #1428 from rimmington/clearer-regex-space-error
Clearer error message when regex exceeds space limit
2017-07-10 11:45:05 +02:00
Rhys 17bb00d378 Clearer error message when regex exceeds space limit 2017-07-10 09:35:53 +10:00
Robert Vollmert c85e662004 man page (nix-shell): Fix grouping of -p option
Not sure about the raw ellipsis.
2017-07-07 22:11:46 +02:00
Robert Vollmert 89771a8821 man page (nix-prefetch-url): Add some missing options 2017-07-07 22:11:46 +02:00
Robert Vollmert 772ef22c25 man page (nix-instantiate): -E is optional 2017-07-07 22:11:46 +02:00
Robert Vollmert 8ad898b2cd man page (nix-instantiate): Add --json to synopsis, order variables 2017-07-07 22:11:46 +02:00
Robert Vollmert b1f5995a20 man page (nix-instantiate): Remove non-existent nix-build argument -r 2017-07-07 22:11:46 +02:00
Robert Vollmert 56a1f8f499 man pages: Consistently separate alternatives by / 2017-07-07 22:11:46 +02:00
Robert Vollmert d1643bdaa2 man pages: Argument for --max-jobs 2017-07-07 22:11:45 +02:00
Robert Vollmert 68c626c6b0 man pages: Grouping for option alternatives 2017-07-07 22:11:45 +02:00
Robert Vollmert ce3095e141 glossary: Fix word order 2017-07-07 22:07:46 +02:00
Eelco Dolstra d3713716b6 Merge pull request #1445 from matthewbauer/macos-skip-hardlink
Don’t hardlink disallowed paths in OS X.
2017-07-07 11:05:21 +02:00
Eelco Dolstra eef09c220d Merge pull request #1444 from robx/man
Fix nix-instantiate manpage indentation
2017-07-07 11:04:06 +02:00
Matthew Bauer 72e80c59b5 Don’t hardlink disallowed paths in OS X.
Fixes #1443
2017-07-06 19:30:19 -07:00
Robert Vollmert 01722b3d2c Remove unused variable from test script 2017-07-06 22:37:53 +02:00
Robert Vollmert 60da5d2b8f Fix nix-instantiate manpage indentation
The second command variant is now its own cmdsynopsis, which ensures
it's not indented as was the case using sbrk.
2017-07-06 22:35:36 +02:00
Eelco Dolstra a3dc1e65ab
Add X32 to the seccomp filter
Fixes #1432.
2017-07-04 19:00:51 +02:00
Eelco Dolstra 42c5774e78
Sort substituters by priority
Fixes #1438.
2017-07-04 16:34:53 +02:00
Eelco Dolstra b7203e853e
getDefaultSubstituters(): Simplify initialisation
As shlevy pointed out, static variables in C++11 have thread-safe
initialisation.
2017-07-04 16:26:48 +02:00
Eelco Dolstra 6cf23c3e8f
Add allow-new-privileges option
This allows builds to call setuid binaries. This was previously
possible until we started using seccomp. Turns out that seccomp by
default disallows processes from acquiring new privileges. Generally,
any use of setuid binaries (except those created by the builder
itself) is by definition impure, but some people were relying on this
ability for certain tests.

Example:

  $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges
  builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines:
    cannot raise the capability into the Ambient set
    : Operation not permitted

  $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges
  builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines:
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms

Fixes #1429.
2017-07-04 15:48:25 +02:00
Eelco Dolstra ad8b96f1f2
Fix handling of expression installables with a / in them 2017-07-04 15:38:23 +02:00
Eelco Dolstra c0015e87af
Support base-64 hashes
Also simplify the Hash API.

Fixes #1437.
2017-07-04 15:07:41 +02:00
Eelco Dolstra fe97c69898
<nix/fetchurl.nix>: Support sha512 argument 2017-07-04 14:45:50 +02:00
Eelco Dolstra 0a5a867758
nix-shell: Respect --dry-run
Fixes #824.
2017-07-03 11:54:30 +02:00
Eelco Dolstra fcca702a96
Replace a few bool flags with enums
Functions like copyClosure() had 3 bool arguments, which creates a
severe risk of mixing up arguments.

Also, implement copyClosure() using copyPaths().
2017-07-03 11:38:08 +02:00
Eelco Dolstra 90da34e421
processGraph(): Call getEdges in parallel 2017-07-03 11:38:08 +02:00
Eelco Dolstra 63d6e0ad3f Merge pull request #1417 from corngood/cygwin-fix
Call SetDllDirectory("") after sqlite3 init on cygwin
2017-06-30 19:50:00 +02:00