Commit graph

937 commits

Author SHA1 Message Date
Eelco Dolstra ceefddafe8 Compress binary tarballs using xz
Fixes https://github.com/NixOS/nix/issues/240.

Apparently 'tar -xf' can decompress xz files on macOS nowadays.
2019-08-27 22:18:34 +02:00
Venkateswara Rao Mandela 6dab42a551
installer: handle network proxy in systemd install
If a network proxy configuration is detected, setup an override
systemd unit file for nix-daemon service with the non-empty
proxy variables.

Proxy detection is performed by looking for http/https/ftp proxy and no
proxy variables in user environment
2019-08-24 09:08:41 -04:00
Matthew Bauer 0463d5e36f Allow empty /nix directory in multi-user installer
With macOS catalina, we can no longer modify the root system
volume (#2925). macOS provides a system configuration file in
synthetic.conf(5) to create empty root directories. This can be used
to mount /nix to a separate volume. As a result, this directory will
need to already exist prior to installation. Instead, check for
/nix/store and /nix/var for a live Nix installation.
2019-08-22 23:38:52 -04:00
Matthew Bauer c82a856b36 Add default for USER when unset
uses $(id -u -n) when USER is unset, this is needed on some weird
setups in Docker. Fixes #971
2019-07-25 09:39:44 -04:00
Eelco Dolstra 38a4d38bc3
Merge pull request #2746 from bjornfor/install-multi-user-defaults
install-multi-user: reduce max-jobs from 32 to 1
2019-06-17 10:17:40 +02:00
Johannes Climacus a8251ba2ed Replace type with command -v in install script
In POSIX sh, `type` is undefined.

cf. https://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html#tag_20_22_04
2019-05-29 10:08:21 -04:00
Matthew Bauer 92f461e4f4 Don’t set NIX_REMOTE=daemon in daemon profile
This is now autodetected. There is no need to put it in the profile.
2019-05-15 22:24:24 -04:00
Matthew Bauer 7c20ee448f Sync NIX_PROFILES between single-user and multi-user modes
When we are in single user mode, we still want to have access to
profiles. This way things in Nixpkgs that rely on them getting set
accurately are done in both cases. The point where I hit this is with
using aspell which looks in NIX_PROFILES:

https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/aspell/default.nix

Before this patch, NIX_PROFILES was never set in single user mode!
This corrects that.
2019-05-15 22:04:39 -04:00
Eelco Dolstra b6eb8a2d7e
nix-profile: Add all channels to $NIX_PATH
Fixes #2709.
2019-05-15 14:30:09 +02:00
Eelco Dolstra 3fd5425f94
Fix shellcheck error
https://hydra.nixos.org/build/93359951
2019-05-15 13:13:14 +02:00
Graham Christensen 5713772568
Merge pull request #2594 from LnL7/darwin-10.12.6
installer: update macOS version check to 10.12.2
2019-05-08 07:16:06 -04:00
Eelco Dolstra 989cb37777
Merge pull request #2679 from bjornfor/offline-install
install script: don't abort when "nix-channel --update" fails
2019-05-01 15:48:39 +02:00
Bjørn Forsman 07d9981f34 install-multi-user: remove unneeded settings from nix.conf
Hardcoding the "max-jobs" and "cores" settings in nix.conf at install
time, to the same value as Nix' built-in default, makes little sense to
me.
2019-03-27 16:26:14 +01:00
Bjørn Forsman dbe4c043d7 install-multi-user: reduce max-jobs from 32 to 1
Having max-jobs = 32 ($NIX_USER_COUNT is hardcoded to that value) may
severely overload the machine. The nix.conf(5) manual page says max-jobs
defaults to 1, so let's use that value.

NOTE: Both max-jobs and cores are now being set to their default value,
so they can be removed alltogether.
2019-03-27 16:23:35 +01:00
Samuel Dionne-Riel d854e7dfd6 install-multi-user: Detect and fail lack of systemd separately
Otherwise, the user is shown:

```
Sorry, I don't know what to do on Linux
```

Which is... not exactly right.
2019-03-26 21:08:22 -04:00
Domen Kožar 6f0359012c
Merge pull request #2693 from thoughtpolice/scripts/multi-user-sandbox
scripts: remove default 'sandbox = false' from multi-user installer
2019-03-24 19:45:56 +07:00
Austin Seipp d7a7a029ff
scripts: remove default 'sandbox = false' from multi-user installer
Sandboxing is now enabled by default on Linux, but is still disabled on
macOS. However, the installer always turned it off to ensure consistent
behavior.

Remove this default configuration, so we fall back to the default
platform-specific value.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-02-23 08:35:26 -06:00
Jonas Chevalier b402148d8f
remove noop uses of nix-store --init
the nix-store --init command is a noop apparently
2019-02-22 21:07:53 +01:00
Bjørn Forsman b9567aa8b6 install script: don't abort when "nix-channel --update" fails
Instead, print a message about what happened and tell the user what can
be done (run "[sudo -i] nix-channel --update nixpkgs" again at a later
time). This change allows installing Nix when you're offline.

Since the multi-user installer is so verbose, the message isn't printed
until the end.

Fixes issue #2650 ("installation without internet connection").
2019-02-20 09:35:01 +01:00
Shea Levy e58a71442a
nix.sh: Be set -u compliant. 2019-02-14 13:24:16 -05:00
Daiderd Jordan 82f054d7d5
installer: update macOS version check to 10.12.2
Nixpkgs will drop support for <10.12 soon and thus a nix release built
using the 19.03 channel will also require a newer version of macOS.
2018-12-20 20:12:20 +01:00
Eelco Dolstra 32a0a223d5
Merge pull request #2432 from luke-clifton/fixssl
SSL certificate search failed to find user profile certificates.
2018-11-15 13:07:43 +01:00
Graham Christensen (Target) ea41838ae0
install script: remove unportable command check, fixup errant escape
`which` isn't necessarily portable, but `command -v` is an equivalent form.

Additionally, the `\'` is not necessary, as it is already quoted by `"`.
2018-10-16 10:22:36 -04:00
Matthew Bauer 9cc876fb11
nix-profile-daemon: remove cruft
This removes part of the PATH that were being added automatically in multi-user installs:

- $HOME/.nix-profile/lib/kde4/libexec - shouldn't be needed anymore, we are now using kde5
- @localstatedir@/nix/profiles/default/lib/kde4/libexec - same as above
- @localstatedir@/nix/profiles/default - shouldn't ever contain binaries
2018-10-01 13:26:59 -05:00
Luke Clifton fb72104b80 Search NIX_PROFILE for SSL CA 2018-09-20 07:33:35 +08:00
Luke Clifton 1241a58975 Look inside the user profile 2018-09-19 15:22:39 +08:00
Graham Christensen 51f9682a8b
Default to single-user install 2018-09-01 10:45:56 -04:00
Eelco Dolstra 7c3c635d4f
release.nix: Generate the installer script 2018-05-30 17:40:08 +02:00
Eelco Dolstra 4caaa4c5fe
Move installer script from nixos-homepage 2018-05-30 17:17:50 +02:00
Graham Christensen 6ba1726eeb
install-multi-user: support 'set -u' runs, closes #2193 2018-05-30 09:35:21 -04:00
Graham Christensen d459d3307c
nix-daemon.sh profile script: operate under set -u
If the profile is sourced inside a script with `set -u`, the check for
__ETC_PROFILE_NIX_SOURCED and NIX_SSL_CERT_FILE would raise an error.
A simple guard around this check allows the script to operate under
standard environments (where it is fairly reasonable to assume USER
and HOME are set.)
2018-05-30 09:15:46 -04:00
Graham Christensen cad903b634
multi-user profile: borrow single user profiles' NIX_SSL_CERT_FILE finding logic 2018-05-25 15:59:10 -04:00
Graham Christensen c4b9486f9b
install-multi-user: don't force NIX_SSL_CERT_FILE
Following the lead of the single user installer, if NIX_SSL_CERT_FILE is explicitly set prior to running, accept the user-provided version.
2018-05-25 15:54:55 -04:00
Eelco Dolstra 1df32c7d7c
Merge pull request #1664 from matthewbauer/patch-4
Setup NIX_PATH correctly in nix-profile-daemon
2018-05-25 13:36:04 +02:00
Graham Christensen 51cbe99104
installer: default to the daemon installor for Linux with systemd
Note: don't backport to 2.0-maintenance
2018-04-19 13:45:17 -04:00
Graham Christensen 17b158af85
installer: allow opting in / out to the daemon installer
By passing --daemon or --no-daemon, the installer can be forced to
select one or the other installation options, despite what the
automatic detection can provide.

This commit can be backported to 2.0-maintenance because it explicitly
turns off the daemon installation for Linux under systemd.
2018-04-19 13:45:11 -04:00
Matthew Justin Bauer d7a84d330c Setup nix_path correctly in nix-profile-daemon
We need nixpkgs to be set in NIX_PATH for Nix 1.12 to work correctly
2018-04-04 18:02:59 -05:00
Graham Christensen 4eb40c72ed
macos: Handle when a build user doesn't have a user ID 2018-03-30 13:57:00 -04:00
Graham Christensen f06f8102bd
Use a looser comparison for the 'user note' check
We use grep instead of an equality check because it is difficult
to extract _just_ the user's note, instead it is prefixed with
some plist junk. This was causing the user note to always be set,
even if there was no reason for it.
2018-03-30 11:38:08 -04:00
Graham Christensen 4ba91f5bae
Check for the existence of a profile target before seeing if it mentions Nix
Grep would ignore files that didn't exist, but would complain
about files in a directory if the directory didn't exist. Simply check
for the directory first, prior to grepping it.
2018-03-30 11:37:32 -04:00
Graham Christensen 2921165a9d
Expand the multi-user installer to support Linuxes with systemd
- darwin installer: delete hardware report, not necessary
 - moves os-specific code from the darwin installer to to `poly_*`
   functions
 - adds profile.d support to the profile targets, which automatically
   handles many distros which don't have a /etc/bashrc but do have an
   /etc/profile.d
 - /bin/bash -> /usr/bin/env bash
 - document why each excluded shellcheck check is excluded
 - rename the multi-user to Daemon-based
2018-03-29 15:38:01 -04:00
Eelco Dolstra f471aacff2
Merge pull request #1775 from LnL7/darwin-build-users
installer: create 'enough' build users
2018-02-13 12:31:53 +01:00
Giorgio Gallo 9f9393df55 solves #1582 2018-01-29 21:33:17 +01:00
Eelco Dolstra 5647e55f65
Merge pull request #1793 from peterstuart/fix-extra-space
Remove extra space in chat_about_sudo()
2018-01-18 16:19:44 +01:00
Iavael ebc42f8b59
Fix manpath detection
Checking for MANPATH without quotes always returns true, so that it breaks bash-completion for man pages on modern systems without MANPATH environment variable.
2018-01-15 00:43:39 +03:00
Peter Stuart a65376b01d
Remove extra space. 2018-01-12 14:27:29 -05:00
Daiderd Jordan d15826164c
installer: create 'enough' build users 2018-01-03 22:34:34 +01:00
Daiderd Jordan 27788f4060
installer: don't touch /etc/profile
The default profile already loads /etc/bashrc.
2018-01-03 22:29:54 +01:00
Frederik Rietdijk ab8ba71205 Do not export ASPELL_CONF
This does not belong in Nix. Setting this env var is already done by the aspell derivation found in Nixpkgs.
2017-12-29 13:45:54 +01:00
Frederik Rietdijk af1e2ffca1 Fix escaping, fixes build 2017-12-20 13:24:39 +01:00
Graham Christensen 1db034364a
replace lolcat with nix-info 2017-12-08 07:19:32 -05:00
Graham Christensen be79d1f189
darwin installer: fix on High Sierra 2017-12-08 07:19:26 -05:00
Eelco Dolstra ea94a87493
install-darwin-multi-user.sh: Remove superfluous nix.conf settings 2017-11-20 17:32:34 +01:00
Shea Levy 6a037a738a
Pull nix-profile-daemon from 1.11 2017-10-16 14:51:39 -04:00
Eelco Dolstra 73252aef18 Merge pull request #1591 from shlevy/darwin-installer-no-sudo-i
darwin installer: Fix on systems where sudo -i is disabled.
2017-10-12 13:08:15 +02:00
Shea Levy fb98e29067 darwin installer: Fix on systems where sudo -i is disabled. 2017-10-05 09:07:55 -07:00
Anthony Cowley 92f9d18aa0 install-darwin-multi-user: relax assumption check
The installer will error out if a user's shell configuration includes any mention of ~nix-profile~, even if this is in a comment. This change is designed to do the bare minimum to ignore lines beginning with a `#`.
2017-10-02 20:07:56 -04:00
Eelco Dolstra c2154d4c84
Rename a few configuration options
In particular, drop the "build-" and "gc-" prefixes which are
pointless. So now you can say

  nix build --no-sandbox

instead of

  nix build --no-build-use-sandbox
2017-08-31 14:28:25 +02:00
Jörg Thalheim 2fd8f8bb99 Replace Unicode quotes in user-facing strings by ASCII
Relevant RFC: NixOS/rfcs#4

$ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-30 12:32:45 +01:00
Graham Christensen e0d39c8dc4
Rename PINCH_ME_IM_SILLY to ALLOW_PREEXISTING_INSTALLATION 2017-07-14 12:11:33 -04:00
Graham Christensen 12f6bb33d2
If there is no TTY, also skip verbose sudo messages 2017-07-14 12:11:30 -04:00
Graham Christensen ce2281e6d8
Ensure PINCH_ME_IM_SILLY allows a /nix/store to stick around between builds
Also output in the status report that the user is very silly
2017-07-14 12:11:26 -04:00
Graham Christensen 1c7ce2a018
Assume yes if we have no TTY
Starve the TTY of input to ensure this works, but provide yes to the
current installer to handle the current broken case.
2017-07-14 12:11:23 -04:00
Graham Christensen 657b47e1b3
Address feedback around printf & exec 2017-07-14 12:11:00 -04:00
Graham Christensen 6a4037ca05
Don't install a second nix after the initial installation, and the rsync change fixes a bug hidden by the nix replacement where the store files were being owned by the installing user due to rsync's -a implying -og. 2017-07-14 12:10:57 -04:00
Graham Christensen 092f447c6d
Clean up issues around uninstall directions, and only show
relevant directions
2017-07-14 12:10:54 -04:00
Graham Christensen 6f639943c2
Prompt for sudo before validating assumptions, and check ourselves for root-owned files instead of making a scary warning. 2017-07-14 12:10:51 -04:00
Graham Christensen 2b5ab03524
multi-user install: move the profile in to the nix etc/profiles.d output 2017-07-14 12:10:47 -04:00
Graham Christensen fb40d73e23
Switch to a fancy multi-user installer on Darwin 2017-07-14 12:10:44 -04:00
Jörg Thalheim 542fe0d8f3 nix-profile.sh: remove sbin from PATH
sbin is a symlink to bin. 
profiles only contains packages, which have this symlink. 
It is a subset of bin.

related to https://github.com/NixOS/nixpkgs/pull/25550
2017-05-07 07:41:19 +01:00
Eelco Dolstra 6f4682ad36
Merge branch 'nix-copy-closure-c++' of https://github.com/shlevy/nix 2017-02-07 20:47:45 +01:00
Eelco Dolstra 27dc76c1a5
Remove build-remote.pl.in 2017-02-07 18:49:17 +01:00
Domen Kožar 48d4a23aa0
bail out if macOS 10.9 or lower is used during installer 2017-01-25 07:28:49 +01:00
Shea Levy bfa41eb671 nix-copy-closure: Implement in C++.
Tests fail currently because the database is not given proper hashes in the VM
2017-01-20 09:47:58 -05:00
James Broadhead 9ce3fa2b2d shellcheck scripts/install-nix-from-closure.sh 2016-12-19 15:04:10 +00:00
Eelco Dolstra 215b70f51e
Revert "Get rid of unicode quotes (#1140)"
This reverts commit f78126bfd6. There
really is no need for such a massive change...
2016-11-26 00:38:01 +01:00
Guillaume Maudoux f78126bfd6 Get rid of unicode quotes (#1140) 2016-11-25 15:48:27 +01:00
Manav Rathi eec5409a69 installation: allow profile modification to be skipped (#1072)
The current behaviour modifies the first writeable file from amongst
.bash_profile, .bash_login and .profile.  So .bash_profile (if it is
writable) would be modified even if a user has already sourced nix.sh
in, say, .profile.

This commit introduces a new environment variable,
NIX_INSTALLER_NO_MODIFY_PROFILE.  If this is set during installation,
then the modifications are unconditionally skipped.

This is useful for users who have a manually curated set of dotfiles
that they are porting to a new machine. In such scenarios, nix.sh is
already sourced at a place where the user prefers.  Without this
change, the nix installer would insist on modifying .bash_profile if
it exists.

This commit also add documentations for both the current behaviour and
the new override.
2016-11-03 18:02:29 +01:00
Eelco Dolstra fb2dd32100 SSL_CERT_FILE -> NIX_SSL_CERT_FILE
This prevents collisions with the "native" OpenSSL, in particular on
OS X.

Fixes #921.
2016-10-13 17:09:10 +02:00
Shea Levy 87b189c2b3 Merge branch 'nix-build-c++' 2016-08-31 12:10:21 -04:00
Shea Levy 572aba284a Merge branch 'nix-channel-c++' 2016-08-31 09:49:24 -04:00
Jude Taylor 596e4a5693 remove old traces of resolve-system-dependencies 2016-08-13 15:27:49 -07:00
Shea Levy 59124228b3 nix-channel: implement in c++ 2016-08-11 11:34:43 -04:00
Shea Levy 6e51af8023 Nuke nix-push.
Rarely used, nix copy replaces it.
2016-08-10 11:13:11 -04:00
Shea Levy a6eed133c5 Remove download-from-binary-cache.pl.in.
We have BinaryCacheStore now
2016-08-10 08:43:33 -04:00
Shea Levy e3128014db Remove scripts/show-duplication.pl
Was added in 2006 to "measure the cost of the Nix approach".

Given that it uses /usr/bin/perl, I think this is safe to remove.
2016-08-10 08:40:58 -04:00
Shea Levy 15c035c13f Remove nix-install-package.
Refs #831
2016-08-10 08:20:51 -04:00
Shea Levy 80ebc553ec nix-build: Port to c++
This was a dumb line-for-line rewrite, because nix build/nix run/etc.
will replace it.
2016-08-09 07:42:20 -04:00
Alexey Shmalko eef754813f Set $MANPATH (#1005)
Currently, man has issues finding man pages for Nix-installed
application (also, `nix-env --help` doesn't work). The issue is caused
by custom `$MANPATH` set by my system. That makes man use it instead of
searching in default location.

Either of next lines workaround the issue:
```sh
unset MANPATH

export MANPATH=$HOME/.nix-profile/share/man:$MANPATH
```

This patch adds the later line to the `nix-profile.sh` if user has
`MANPATH` set. (Not clearing `MANPATH` as that would be disrespect of
user's preferences.)

As a side-effect, host's man might find man pages installed by Nix.
2016-07-29 12:00:11 +02:00
Shea Levy ee3032e4de Merge branch 'find-runtime-roots-c++' 2016-07-24 07:33:49 -04:00
Shea Levy 3c68a661f2 resolve-system-dependencies.pl: Only install on darwin 2016-07-21 19:00:54 -04:00
Shea Levy 3c46fe62b8 find-runtime-roots: fold into gc.cc 2016-07-21 07:04:41 -04:00
Eelco Dolstra 4494000e04 LocalStore: Allow the physical and logical store directories to differ
This is primarily to subsume the functionality of the
copy-from-other-stores substituter. For example, in the NixOS
installer, we can now do (assuming we're in the target chroot, and the
Nix store of the installation CD is bind-mounted on /tmp/nix):

  $ nix-build ... --option substituters 'local?state=/tmp/nix/var&real=/tmp/nix/store'

However, unlike copy-from-other-stores, this also allows write access
to such a store. One application might be fetching substitutes for
/nix/store in a situation where the user doesn't have sufficient
privileges to create /nix, e.g.:

  $ NIX_REMOTE="local?state=/home/alice/nix/var&real=/home/alice/nix/store" nix-build ...
2016-06-02 16:02:48 +02:00
Eelco Dolstra 33664f0e8d Fix reference to $NIX_LINK 2016-05-31 15:14:24 +02:00
Eelco Dolstra c9ff3747db nix-profile.sh: Don't pollute the environment 2016-05-31 13:07:10 +02:00
Eelco Dolstra c2d27d30cf nix-copy-closure / build-remote.pl: Disable signature checking
This restores the Nix 1.11 behaviour.
2016-05-31 11:48:05 +02:00
Gabriel Gonzalez 3889415bf8 Fix ?? in Nix warning message
Nix sometimes outputs a warning message like this:

```
directory /nix does not exist; creating it by running ‘?? using sudo
```

... when it really meant to output something that looked like this:

```
directory /nix does not exist; creating it by running 'mkdir -m 0755 /nix && chown gabriel /nix' using sudo
```

The reason why is due to some bizarre behavior in Bash where it will translate anything of the form `$x’` to `??`, leading to the incorrect warning message.  I don't know what is the origin of this Bash behavior, but the easiest fix is to just use ASCII quotes instead of unicode quotes.
2016-05-18 12:02:48 -07:00
Eelco Dolstra f435f82475 Remove OpenSSL-based signing 2016-05-04 11:01:48 +02:00
Eelco Dolstra 80f739b571 Merge pull request #883 from sheenobu/bugfix/ruby_shebang
Workaround to support ruby as an interpreter
2016-05-03 11:14:21 +02:00
Eelco Dolstra aa3bc3d5dc Eliminate the substituter mechanism
Substitution is now simply a Store -> Store copy operation, most
typically from BinaryCacheStore to LocalStore.
2016-04-29 13:57:08 +02:00
Eelco Dolstra 6e1b099279 Remove --print-build-trace
This was added to support Hydra, but Hydra no longer uses it.
2016-04-25 19:18:45 +02:00
Eelco Dolstra 41633f9f73 Improved logging abstraction
This also gets rid of --log-type, since the nested log type isn't
useful in a multi-threaded situation, and nobody cares about the
"pretty" log type.
2016-04-25 19:18:45 +02:00
Sheena Artrip 2989783f64
Workaround to support ruby as an interpreter 2016-04-18 13:16:59 -04:00
Eelco Dolstra a54736355a install-nix-from-closure: Don't run nix-store --verify
Verification is slow. Also, we really shouldn't advise users to nuke
their store.
2016-04-14 12:50:01 +02:00
Shea Levy 1b3e704fb9 Merge branch 'patch-2' of git://github.com/wmertens/nix
install-nix-from-closure improvments
2016-04-12 07:33:04 -04:00
Eelco Dolstra 867967265b Remove manifest support
Manifests have been superseded by binary caches for years. This also
gets rid of nix-pull, nix-generate-patches and bsdiff/bspatch.
2016-04-11 16:20:15 +02:00
Wout Mertens af4fb6ef61 Bring nix-profile.sh in line with NixOS
Use the same logic as NixOS' profile and environment setup. Closes #414
2016-04-10 23:45:52 +02:00
Wout Mertens ef00999fb7 Remove information about nix-store --optimise 2016-04-10 21:55:26 +02:00
wmertens 4916d92092 Always verify nix store on install
Just wasted a couple hours chasing shadows because the nix store got
corrupted and there was no indication of that anywhere.

Since an install is one-time only, might as well verify.  Optimization
showed that the copied files aren't read-only; fixed that as well.

Also, use /bin/sh since there's a good chance that this script will be
run on systems without /bin/bash
2016-04-10 21:55:26 +02:00
Shea Levy 4f011bccf8 Merge branch 'master' of git://github.com/stepcut/nix 2016-02-19 18:21:41 -05:00
Eelco Dolstra c4d22997f3 Add C++ functions for .narinfo processing / signing
This is currently only used by the Hydra queue runner rework, but like
eff5021eaa it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)
2016-02-16 16:38:44 +01:00
Peter Simons 92063851b1 nix-profile.sh.in: find ca-bundle.pem on openSUSE Tumbleweed machines 2016-02-16 10:15:05 +01:00
Peter Simons bd42510e49 nix-profile.sh.in: quote use of $HOME in shell arguments
All other places in the script do this already, so let's be consistent.
2016-02-12 13:24:25 +01:00
Alex Cruice ad0dc41899 Check shell profile is writeable before modifying
The `set -e` at the top of the script causes the installation to fail to
complete if the shell profile is not writeable. Checking file existence
only is not enough.
2016-02-10 11:57:50 +01:00
Brian McKenna 3baf8be1d1 Fix broken call to shellwords
nix-shell shebangs were broken by 9018deab
2016-01-20 16:35:16 +01:00
Philip Potter 4f3cf06c97 Verify TLS certificate before downloading binaries
The --insecure flag to curl tells curl not to bother checking if the TLS
certificate presented by the server actually matches the hostname
requested, and actually is issued by a trusted CA chain.  This almost
entirely negates any benefit from using TLS in the first place.

This removes the --insecure flag to ensure we actually have a secure
connection to the intended hostname before downloading binaries.

Manually tested locally within a dev-shell; was able to download
binaries from https://cache.nixos.org without issue.

[Note: --insecure was only used for fetching NARs, whose integrity is
verified by Nix anyway using the hash from the .narinfo. But if we can
fetch the .narinfo without --insecure, we can also fetch the .nar, so
there is not much point to using --insecure. --Eelco]
2016-01-05 14:19:46 +01:00
Fabian Schmitthenner 0eb200e569 propagate NIX_BUILD_SHELL also in pure builds document NIX_BUILD_SHELL in the nix-shell command documentation 2016-01-05 14:11:20 +01:00
Brian McKenna 9018deab6c Use shellwords for nix-shell shebang
Previously we can't have quoted arguments.

This now allows us to use things like `ghcWithPackages`
2015-12-07 11:31:26 +11:00
Jeremy Shaw 3afa16e16f Clarify installation error message that is shown when /nix/store exists but is not writable by the user 2015-12-06 11:00:03 -06:00
Eelco Dolstra c0d4173263 Set default binary-caches-parallel-connections to 25
Some benchmarking suggested this as a good value. Running

  $ benchmark -f ... -t 25 -- sh -c 'rm -f /nix/var/nix/binary-cache*; nix-store -r /nix/store/x5z8a2yvz8h6ccmhwrwrp9igg03575jg-nixos-15.09.git.5fd87e1M.drv --dry-run --option binary-caches-parallel-connections <N>'

gave the following mean elapsed times for these values of N:

N=10:  3.3541
N=20:  2.9320
N=25:  2.6690
N=30:  2.9417
N=50:  3.2021
N=100: 3.5718
N=150: 4.2079

Memory usage is also reduced (N=150 used 186 MB, N=25 only 68 MB).

Closes #708.
2015-11-25 17:13:11 +01:00
Jude Taylor 279fa8f618 reintroduce host deps in tandem with sandbox profiles 2015-11-21 15:57:06 -08:00
Eelco Dolstra 9ee15abe30 Fix bad characters in "copying 7 missing paths from ..." 2015-11-10 16:12:26 +01:00
Shea Levy fef8c3a5ab resolve-system-dependencies.pl: Simplify union impl
Patch by @pikajude
2015-10-21 18:18:03 -04:00
Jude Taylor f5a7739171 appropriately handle lock acquisition failures in resolve-system-dependencies.pl 2015-10-21 14:38:35 -07:00
Jude Taylor ff6953cb03 Add resolve-system-dependencies.pl 2015-10-21 12:38:52 -07:00
Eelco Dolstra bec3c31608 nix-prefetch-url: Rewrite in C++ 2015-10-01 16:47:43 +02:00
Utku Demir a49514a2e2 Also set CURLOPT_SSL_VERIFYHOST=0 when "verify-https-binary-caches" is false
This makes that option even more insecure, by also not checking the SSL host.

But without this parameter, one can still get SSL errors even when
"verify-https-binary-caches" is false, which is unexpected IMO.
2015-09-25 22:34:08 +03:00
Eelco Dolstra 984c5cdc50 Drop newline in error message 2015-08-07 05:32:17 +02:00
Eelco Dolstra ccf31dbc25 nix-copy-closure: Add -v flag
And make exportPath() less spammy by default.
2015-07-20 01:52:07 +02:00
Eelco Dolstra e012c126db Revert "add the manpath to the installer"
This reverts commit 76f985b92d. We
shouldn't mess with $MANPATH, because on some "man" implementations
(like NixOS'), the default value on $MANPATH is derived from $PATH. So
if you set $MANPATH, you lose the default locations.
2015-07-01 13:04:15 +02:00
Eelco Dolstra c48617671d nix-channel: Fix bogus error message caused by 8a84bd8c8b 2015-06-12 01:56:34 +02:00
Eelco Dolstra f2b67fbf2a nix-push: Support -j
Fixes #548.
2015-06-08 14:16:06 +02:00
Eelco Dolstra bf8cc4e9b6 Update cacert locations 2015-06-08 11:40:35 +02:00
Eelco Dolstra b190f771e7 copy-from-other-stores: Use cp 2015-06-04 14:55:40 +02:00
Eelco Dolstra f0f30f594c Naming 2015-06-03 15:19:26 +02:00
Eelco Dolstra a80f11bf7b nix-shell: Support multiple "#! nix-shell" lines 2015-06-01 13:48:45 +02:00
Eelco Dolstra e0a068cb97 nix-shell: Barf if -p and -E are both used
Closes #454, #455.
2015-05-21 17:04:43 +02:00
Eelco Dolstra deb8668a0e nix-shell: Fix uninitialized value warning 2015-05-05 14:19:58 +02:00
Shea Levy 96dcc006e9 Merge branch 'nix-channel-tarballs' of git://github.com/copumpkin/nix 2015-04-27 19:07:43 -04:00
Luca Bruno ab2b3d6668 nix-collect-garbage: translate to C++ 2015-04-22 15:08:48 +00:00
Dan Peebles 8a84bd8c8b Support tarballs in nix channel URLs 2015-04-20 00:34:29 -04:00
Michael Merickel 76f985b92d add the manpath to the installer 2015-04-12 20:30:47 -04:00
Eelco Dolstra 9f3eb56b46 Reduce verbosity in build-remote.pl 2015-03-04 16:27:42 +01:00
Shea Levy 47bdc52c1b Merge branch 'gh-476-fix-install-script' of git://github.com/jramnani/nix
sometimes cd prints to stdout
2015-02-22 12:00:51 -05:00
Eelco Dolstra 175935e053 FIXMEs 2015-02-19 14:10:33 +01:00
Eelco Dolstra 1816ac0db1 Escape arguments to nix-shell #! scripts 2015-02-18 20:13:53 +01:00
Eelco Dolstra dc7e8fae48 Support passing command line arguments to nix-shell #! scripts 2015-02-18 15:55:18 +01:00
Eelco Dolstra bb10010582 Fix nix-shell shebang scripts if -p is used 2015-02-18 12:40:07 +01:00
Eelco Dolstra f19b4abfb2 Include NAR size in fingerprint computation
This is not strictly needed for integrity (since we already include
the NAR hash in the fingerprint) but it helps against endless data
attacks [1]. (However, this will also require
download-from-binary-cache.pl to bail out if it receives more than the
specified number of bytes.)

[1] https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf
2015-02-17 13:16:58 +01:00
Jeff Ramnani d53735c823 Nix install script failed when "cd" printed to stdout.
In some cases the bash builtin command "cd" can print the variable $CWD
to stdout.  This caused the install script to fail while copying files
because the source path was wrong.

Fixes #476.
2015-02-11 12:39:14 -06:00