Eelco Dolstra
179b896acb
Merge branch 'data-dir-non-canon' of https://github.com/shlevy/nix
2018-02-22 14:20:43 +01:00
Shea Levy
ddbcd01c83
Fix restricted mode when installing in non-canonical data dir
2018-02-22 07:18:14 -05:00
Eelco Dolstra
e2d71bd186
Revert "libexpr: Fix prim_replaceStrings() to work on an empty source string"
...
This reverts commit 4ea9707591
.
It causes an infinite loop in Nixpkgs evaluation,
e.g. "nix-instantiate -A hello" hung.
PR #1886 .
2018-02-21 15:35:28 +01:00
Tuomas Tynkkynen
4ea9707591
libexpr: Fix prim_replaceStrings() to work on an empty source string
...
Otherwise, running e.g.
nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"'
would just hang in an infinite loop.
Found by afl-fuzz.
2018-02-19 23:20:26 +02:00
Tuomas Tynkkynen
056d28a601
libexpr: Don't create lots of temporary strings in Bindings::lexicographicOrder
...
Avoids ~180,000 string temporaries created when evaluating a headless
NixOS system.
2018-02-19 22:47:25 +02:00
Tuomas Tynkkynen
37264ed0ad
libexpr: Avoid an unnecessary string copy in prim_derivationStrict
2018-02-17 16:54:21 +02:00
Tuomas Tynkkynen
66eeff3345
libexpr: Remove unnecessary drvName assignment in prim_derivationStrict
...
drvName is already assigned to the same value right at the start of the
function.
2018-02-17 16:54:21 +02:00
Tuomas Tynkkynen
7e0360504d
libexpr: Optimize prim_derivationStrict by using more symbol comparisons
2018-02-17 16:54:21 +02:00
Tuomas Tynkkynen
0845cdf944
libexpr: Rely on Boehm returning zeroed memory in EvalState::allocEnv()
...
Boehm guarantees that memory returned by GC_malloc() is zeroed, so take
advantage of that.
2018-02-17 16:54:21 +02:00
Tuomas Tynkkynen
b8bed7da14
libexpr: Optimize prim_attrNames a bit
...
Instead of having lexicographicOrder() create a temporary sorted array
of Attr*:s and copying attr names from that, copy the attr names
first and then sort that.
2018-02-17 16:54:21 +02:00
Tuomas Tynkkynen
f67a7007a2
libexpr: Pre-reserve space in string in unescapeStr()
...
Avoids some malloc() traffic.
2018-02-16 04:39:43 +02:00
Shea Levy
b095c06139
Add splitVersion primop.
...
Fixes #1868 .
2018-02-14 09:55:43 -05:00
Eelco Dolstra
7828dca9e8
Merge branch 'register-constant' of https://github.com/shlevy/nix
2018-02-13 12:24:48 +01:00
Frederik Rietdijk
60eca58533
Nix stats: flatten statistics
...
Flattens the list of statistics as suggested in
https://github.com/NixOS/ofborg/issues/67 . This makes it easier to work
with.
2018-02-11 14:37:50 +01:00
Shea Levy
081f14a169
Allow using RegisterPrimop to define constants.
...
This enables plugins to add new constants, as well as new primops.
2018-02-08 14:35:50 -05:00
Eelco Dolstra
abe6be578b
Merge pull request #1816 from shlevy/add-path
...
Add path primop.
2018-02-07 13:32:35 +01:00
Shea Levy
69d82e5c58
Add path primop.
...
builtins.path allows specifying the name of a path (which makes paths
with store-illegal names now addable), allows adding paths with flat
instead of recursive hashes, allows specifying a filter (so is a
generalization of filterSource), and allows specifying an expected
hash (enabling safe path adding in pure mode).
2018-02-06 16:48:08 -05:00
Eelco Dolstra
43f8ef73c6
realiseContext(): Add derivation outputs to the allowed paths
...
This makes import-from-derivation work in restricted mode again.
2018-02-06 15:38:45 +01:00
Eelco Dolstra
f24e726ba5
checkURI(): Check file URIs against allowedPaths
...
This makes e.g. 'fetchGit ./.' work (assuming that ./. is an allowed
path).
2018-02-06 14:35:33 +01:00
Eelco Dolstra
89a2a11d9f
Don't use [[noreturn]]
2018-01-19 15:00:38 +01:00
Eelco Dolstra
0c95776c3e
Don't define builtins.{currentSystem,currentTime} in pure mode
...
This makes it easier to provide a default, e.g.
system = builtins.currentSystem or "x86_64-linux";
2018-01-18 16:38:48 +01:00
Eelco Dolstra
d8b4cfad82
Typo
2018-01-17 11:53:08 +01:00
Eelco Dolstra
d4dcffd643
Add pure evaluation mode
...
In this mode, the following restrictions apply:
* The builtins currentTime, currentSystem and storePath throw an
error.
* $NIX_PATH and -I are ignored.
* fetchGit and fetchMercurial require a revision hash.
* fetchurl and fetchTarball require a sha256 attribute.
* No file system access is allowed outside of the paths returned by
fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is
not allowed.
Thus, the evaluation result is completely reproducible from the
command line arguments. E.g.
nix build --pure-eval '(
let
nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git ; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; };
nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git ; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; };
in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux
)'
The goal is to enable completely reproducible and traceable
evaluation. For example, a NixOS configuration could be fully
described by a single Git commit hash. 'nixos-rebuild' would do
something like
nix build --pure-eval '(
(import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system
')
where the Git repository /my-nixos-config would use further fetchGit
calls or Git externals to fetch Nixpkgs and whatever other
dependencies it has. Either way, the commit hash would uniquely
identify the NixOS configuration and allow it to reproduced.
2018-01-16 19:23:18 +01:00
Eelco Dolstra
74f75c8558
import, builtins.readFile: Handle diverted stores
...
Fixes #1791
2018-01-12 17:31:08 +01:00
Will Dietz
428680b307
fetchGit: fix creation of uninitialized cache dir, let git create it
...
fetchGit test (as modified in previous commit) now passes.
2018-01-09 09:05:18 -06:00
Shea Levy
689b2783fc
Add hasContext primop
2018-01-02 12:25:14 -05:00
Will Dietz
2e6f06c37e
fetchGit: Fix handling of local repo when not using 'master' branch
...
Add tests checking this behavior.
2017-12-22 15:29:52 -06:00
Ben Gamari
f9bcbddef2
json-to-value: Throw sensible error message on invalid numbers
2017-12-14 19:09:45 -05:00
Shea Levy
11a7f8ce14
Merge branch 'fetchGit-fast-revision-update'
2017-12-05 11:16:39 -05:00
Eelco Dolstra
90948a4e3a
nix-shell/nix-build: Support .drv files again
...
Fixes #1663 .
Also handle '!<output-name>' (#1694 ).
2017-11-24 18:08:35 +01:00
Shea Levy
eedbc4e06c
fetchGit: Ignore tarballTtl if rev is set and not in the repo.
...
Fixes #1697 .
2017-11-24 06:09:24 -05:00
Eelco Dolstra
d7da6c9ea9
fetchGit/fetchMercurial: Fix directory inclusion check
...
E.g. the existence of .gitignore would cause .git to be included.
2017-11-21 19:34:46 +01:00
Eelco Dolstra
2c39e4eca0
Revert "Don't parse "x:x" as a URI"
...
This reverts commit f90f660b24
.
This broke Hydra's release.nix, which contained
preCheck = ''export LOGNAME=${LOGNAME:-foo}'';
2017-11-14 15:10:52 +01:00
Eelco Dolstra
7a4d9574d9
fetchgit.cc -> fetchGit.cc
2017-11-03 13:55:31 +01:00
Eelco Dolstra
6cf7c6a6b0
Remove git:// support in NIX_PATH
...
This didn't support specifying a revision/branch, and was restricted
to git:// URIs (since https:// or ssh:// would be ambiguous).
2017-11-03 13:55:31 +01:00
Eelco Dolstra
ee6ac38848
fetchGit/fetchMercurial: Filter out directories with untracked files
2017-11-03 13:55:31 +01:00
Eelco Dolstra
4dee01da7c
fetchGit: Add a test
2017-11-03 13:55:30 +01:00
Eelco Dolstra
0e77aa3982
fetchGit: Don't do a remote fetch if we already have the rev
2017-11-03 13:55:30 +01:00
tv
5ab37f0e44
fetchMercurial: fix error message
2017-11-02 23:37:42 +01:00
Eelco Dolstra
212e72c609
Fix build
...
https://hydra.nixos.org/build/63172338
2017-11-01 21:32:30 +01:00
Eelco Dolstra
e026bc3b05
fetchMercurial: Don't fetch hashes we already have
2017-11-01 18:43:11 +01:00
Eelco Dolstra
1969f357b7
Add fetchMercurial primop
...
E.g.
$ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello )'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; }
$ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello ; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; }
$ nix eval '(fetchMercurial /tmp/unclean-hg-tree)'
{ branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
2017-11-01 17:45:32 +01:00
Eelco Dolstra
cd532a9251
Fix filterSource
2017-10-31 16:18:32 +01:00
Eelco Dolstra
72cd52c3cd
builtins.fetchgit: Support importing a working tree
...
For example, you can write
src = fetchgit ./.;
and if ./. refers to an unclean working tree, that tree will be copied
to the Nix store. This removes the need for "cleanSource".
2017-10-30 19:59:25 +01:00
Eelco Dolstra
f90f660b24
Don't parse "x:x" as a URI
...
URIs now have to contain "://" or start with "channel:".
2017-10-30 17:58:01 +01:00
Eelco Dolstra
63c80ae26f
Make "fetchGit /path" work
2017-10-30 13:18:28 +01:00
Eelco Dolstra
a5c392a80e
fetchGit: Fix broken assertion
...
Different URIs can map to the same cache entry if they have the same
revision.
2017-10-30 12:55:46 +01:00
Eelco Dolstra
812e027e1d
Add option allowed-uris
...
This allows network access in restricted eval mode.
2017-10-30 12:41:49 +01:00
Eelco Dolstra
e38382895d
builtins.fetchGit: Return an attrset with revision info
...
This adds rev, shortRev and revCount attributes, equal to what Hydra
provides. E.g.
$ nix eval '(fetchGit https://github.com/NixOS/patchelf.git )'
{ outPath = "/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source"; rev = "29c085fd9d3fc972f75b3961905d6b4ecce7eb2b"; revCount = 303; shortRev = "29c085f"; }
2017-10-30 11:49:03 +01:00
Eelco Dolstra
f9686885be
enable-http2 -> http2
2017-10-30 11:00:59 +01:00