Commit graph

12966 commits

Author SHA1 Message Date
Théophane Hufschmitt daf1423a4a
Merge pull request from ncfavier/readFile-scan-references
Restrict `readFile` context to references that appear in the string
2022-11-15 16:22:28 +01:00
Théophane Hufschmitt cb39e9a99e
Test that the result of readFile gets ref-scanned 2022-11-14 16:13:26 +01:00
Eelco Dolstra 0efc314d4d
Merge pull request from Et7f3/pkg-config-lowdown
build: use pkg-config for lowdown
2022-11-14 16:12:09 +01:00
Théophane Hufschmitt 6bf8736517 Add release-notes for the context-restriction in readFile 2022-11-14 15:03:53 +01:00
Théophane Hufschmitt 8b4352d79b Merge remote-tracking branch 'nixos/master' into readFile-scan-references 2022-11-14 15:00:05 +01:00
Et7f3 efadeee8fd
build: use pkg-config for lowdown 2022-11-12 23:04:58 +01:00
Théophane Hufschmitt 302ddee749
Merge pull request from fricklerhandwerk/uninstall
add removing users to uninstall instructions
2022-11-11 14:39:07 +01:00
Valentin Gagarin 2af036e5a3
remove stray comma 2022-11-11 14:01:13 +01:00
Valentin Gagarin bb279257b3
Merge pull request from Mic92/ci
Auto-assign reviewers by file
2022-11-11 13:39:46 +01:00
Naïm Favier e7ed9ae0c7
Restrict readFile context to references that appear in the string
When calling `builtins.readFile` on a store path, the references of that
path are currently added to the resulting string's context.

This change makes those references the *possible* context of the string,
but filters them to keep only the references whose hash actually appears
in the string, similarly to what is done for determining the runtime
references of a path.
2022-11-11 13:04:34 +01:00
Théophane Hufschmitt 9550b1d519
Merge pull request from ncfavier/fix-eval-error-fmt
Fix printing of eval errors with two format placeholders
2022-11-10 18:41:16 +01:00
Théophane Hufschmitt f225f43076
Merge pull request from fricklerhandwerk/redirects
manual: generalize anchor redirects
2022-11-09 11:23:26 +01:00
Valentin Gagarin d8781c4fc5 add removing users to uninstall instructions 2022-11-09 01:11:47 +01:00
Valentin Gagarin ffca3e34cb
Merge pull request from fricklerhandwerk/language-overview
add syntax overview from NixOS manual
2022-11-09 00:52:53 +01:00
Valentin Gagarin daedaa197d fix typos in comments 2022-11-09 00:49:34 +01:00
Théophane Hufschmitt 37358d0bcf
Merge pull request from Artturin/ca-referencesremove
tests/impure-derivations.sh: remove unknown experimental feature 'ca-…
2022-11-08 09:37:38 +01:00
Eelco Dolstra b378876894
Merge pull request from patricksjackson/remote-brackets
build-remote: Add brackets to error message
2022-11-07 16:59:29 +01:00
Eelco Dolstra 995f5f2e41
Merge pull request from fricklerhandwerk/build-task
manual: build action -> build task
2022-11-07 16:58:47 +01:00
Eelco Dolstra 4d2244c757
Merge pull request from yorickvP/fix-7175
tarfile: set directory mode to at least 0500, don't extract fflags and perms
2022-11-07 16:56:41 +01:00
Valentin Gagarin f7ab93b068 manual: build action -> build task
after discussing this with multiple people, I'm convinced that "build
task" is more precise: a derivation is not an action, but inert until it
is built. also it's easier to pronounce.

proposal: use "build task" for the generic concept "description of how
to derive new files from the contents of existing files". then it will
be easier to distinguish what we mean by "derivation" (a specific data
structure and Nix language value type) and "store derivation" (a
serialisation of a derivation into a file in the Nix store).
2022-11-06 13:28:18 +01:00
Patrick Jackson 907f52c337 build-remote: Add brackets to error message 2022-11-04 10:49:44 -07:00
Naïm Favier dad859ba0f
Fix printing of eval errors with two format placeholders 2022-11-04 12:41:38 +01:00
Artturin 8e7bbc3c35 tests/impure-derivations.sh: remove unknown experimental feature 'ca-references'
ca-references was stabilized in d589a6aa8a
2022-11-03 21:53:11 +02:00
Eelco Dolstra 499e99d099
Merge pull request from Gabriella439/headless
Add `--yes` option for Nix installation script
2022-11-03 18:12:43 +01:00
Eelco Dolstra dd1970c233
Merge pull request from NixOS/dependabot/github_actions/cachix/cachix-action-12
Bump cachix/cachix-action from 11 to 12
2022-11-02 15:35:23 +01:00
Yorick 34ea0e2e7b
tarfile: set directory mode to at least 0500, don't extract fflags
We don't need SGID, or any ACL's. We also want to keep every dir +rx.
2022-11-01 16:01:38 +01:00
dependabot[bot] 06a6a7959e
Bump cachix/cachix-action from 11 to 12
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 11 to 12.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v11...v12)

---
updated-dependencies:
- dependency-name: cachix/cachix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-31 22:08:02 +00:00
Eelco Dolstra 0edba4cc1e
Merge pull request from jfroche/fix/savedArgv-access
Move savedArgv into libmain
2022-10-31 16:35:08 +01:00
Théophane Hufschmitt 90ed041677
Merge pull request from Mic92/libfetchers-variant
libfetchers: avoid api.github.com ratelimit if no github token is set
2022-10-31 11:48:51 +01:00
Jörg Thalheim e00761af73 Also test github flakes when access tokens are provided 2022-10-30 07:10:58 +01:00
Sandro Jäckel 9f1dd0df5b
Update test after api.github.com ratelimit avoidance 2022-10-29 21:51:29 +02:00
Jean-François Roche cd86eeb693
Move savedArgv into libmain
`savedArgv` is not accessible by plugins when defined in main binary.
Moving it into one of the nix lib fix the problem.
2022-10-28 12:19:37 +02:00
Jörg Thalheim 48f840cff8 assign fricklerhandwerk for documentation releated PRs 2022-10-27 18:13:24 +02:00
Eelco Dolstra b7e8a3bf4c
Merge pull request from NixOS/restore-nix-build-remote
Fix `nix __build-remote`
2022-10-27 13:33:51 +02:00
Théophane Hufschmitt f8d0193383 Pass the right argv when calling the build hook
Call it as `['nix', '__build-remote', ... ]` rather than the previous
`["__build-remote", "nix __build-remote", ... ]` which seemed to have
been most likely unintended
2022-10-27 11:53:04 +02:00
Eelco Dolstra 9323d139b0
Merge pull request from agbrooks/git-tag-bug
Prevent fetchGit from using incorrect cached rev for different refs
2022-10-26 16:48:48 +02:00
Théophane Hufschmitt 74cc24f4cf
Merge pull request from jherland/antiquoted-paths
Explain how Nix handles antiquotation of paths
2022-10-26 12:42:59 +02:00
Théophane Hufschmitt 9bff7e8ee2 Fix nix __build-remote
Because of a wrong index, `nix __build-remote` wasn't working.

Fix the index to restore the command (and the build hook).
2022-10-26 11:53:46 +02:00
Théophane Hufschmitt bf2e6bcda3
Merge pull request from yorickvP/fix-defaultApp
nix run: fix "'defaultApp.x86_64-linux' should have type 'derivation'"
2022-10-26 11:42:59 +02:00
Yorick aff6d10934
nix run: fix "'defaultApp.x86_64-linux' should have type 'derivation'" 2022-10-26 10:05:27 +02:00
Gabriella Gonzalez a71e3172af Add --yes option for Nix installation script 2022-10-25 16:43:00 -07:00
Théophane Hufschmitt 899878f77a
Merge pull request from akiekintveld/master
Defer to SSH config files for ForwardAgent option
2022-10-25 20:26:52 +02:00
Eelco Dolstra fed1700754
Merge pull request from NixOS/flake-type
Mark flakes with ._type = "flake".
2022-10-25 17:31:23 +02:00
Théophane Hufschmitt c7414d48f2
Merge pull request from patricksjackson/fix-defaults
Fix default values in the manual
2022-10-25 16:48:59 +02:00
Eelco Dolstra da2c61637b
Use _type
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2022-10-25 16:48:31 +02:00
Théophane Hufschmitt b9290a0a5b
Merge pull request from sternenseemann/reenable-eval-okay-eq
tests/lang: re-enable eval-okay-eq.nix tests
2022-10-25 16:41:37 +02:00
Théophane Hufschmitt b154070ab0
Merge pull request from wentasah/profile-help
Improve --profile description
2022-10-25 10:38:35 +02:00
Michal Sojka a9a868fe6a Improve --profile description
The description of the --profile option talks about the "update" operation.
This is probably meant for operations such as "nix profile install", but the
same option is reused in other subcommands, which do not update the profile,
such as "nix profile {list,history,diff-closures}".

We update the description to make sense in both contexts.
2022-10-24 08:49:46 +02:00
Shea Levy 334fa81d08
Mark flakes with .type = "flake".
Fixes 
2022-10-23 06:54:11 -04:00
Austin Kiekintveld 8e7804273c Defer to SSH config files for ForwardAgent option
Currently, Nix passes `-a` when it runs commands on a remote machine via
SSH, which disables agent forwarding. This causes issues when the
`ForwardAgent` option is set in SSH config files, as the command line
operation always overrides those.

In particular, this causes issues if the command being run is `sudo`
and the remote machine is configured with the equivalent of NixOS's
`security.pam.enableSSHAgentAuth` option. Not allowing SSH agent
forwarding can cause authentication to fail unexpectedly.

This can currently be worked around by setting `NIX_SSHOPTS="-A"`, but
we should defer to the options in the SSH config files to be least
surprising for users.
2022-10-22 19:51:22 -05:00