Commit graph

119 commits

Author SHA1 Message Date
Shea Levy 88cd2d41ac
Add plugins to make Nix more extensible.
All plugins in plugin-files will be dlopened, allowing them to
statically construct instances of the various Register* types Nix
supports.
2018-02-08 12:44:37 -05:00
Shea Levy de96daf54f
Merge branch 'master' of git://github.com/catern/nix 2018-02-01 13:21:45 -05:00
Eelco Dolstra e7b23eb5ab
Remove docs on removed --drv-link and --add-drv-link options 2018-02-01 16:40:58 +01:00
Spencer Baugh e5432574e2 document ability to set NIX_REMOTE=unix://path/to/socket 2018-01-31 22:47:16 +00:00
Eelco Dolstra cfeff3b273
Move show-trace docs 2018-01-17 11:53:16 +01:00
Renzo Carbonara b0328c244d nix.conf: builders-use-substitutes
Fixes #937
2018-01-09 22:40:07 +01:00
Eelco Dolstra 44272d8719
Rename "use-substitutes" to "substitute"
Commit c2154d4c84 renamed
"build-use-substitutes" to "use-substitutes", but that broke
"nix-copy-closure --use-substitutes".
2018-01-04 16:58:39 +01:00
Joe Hermaszewski 35a49f1d7f
Escape left angle brackets in XML documentation 2017-12-09 15:31:03 +00:00
Markus Hauck 0af668426d nix-hash: Add sentence and example for nix-prefetch-url hash 2017-12-08 10:27:34 +01:00
Eelco Dolstra 7536fe31dd
Add a warning about the 'trusted-users' option 2017-11-21 18:49:52 +01:00
Eelco Dolstra 8df60b4ea8
Document secret-key-files 2017-11-20 18:51:04 +01:00
Eelco Dolstra 91a1987607
signed-binary-caches -> require-sigs
Unlike signed-binary-caches (which could only be '*' or ''),
require-sigs is a proper Boolean option. The default is true.
2017-11-20 17:44:07 +01:00
Eelco Dolstra 7a2b64e55c
binary-cache-public-keys -> trusted-public-keys
The name had become a misnomer since it's not only for substitution
from binary caches, but when adding/copying any
(non-content-addressed) path to a store.
2017-11-20 17:32:34 +01:00
Eelco Dolstra 812e027e1d
Add option allowed-uris
This allows network access in restricted eval mode.
2017-10-30 12:41:49 +01:00
Eelco Dolstra c2154d4c84
Rename a few configuration options
In particular, drop the "build-" and "gc-" prefixes which are
pointless. So now you can say

  nix build --no-sandbox

instead of

  nix build --no-build-use-sandbox
2017-08-31 14:28:25 +02:00
davidak 92bcb61127 replace "Mac OS X" with "macOS"
except in older release notes where the name was actually Mac OS X.
2017-07-30 12:26:17 +02:00
Eelco Dolstra 49304bae81
Make the hashes mirrors used by builtins.fetchurl configurable
In particular, this allows it to be disabled in our tests.
2017-07-17 13:07:08 +02:00
Robert Vollmert 30117fb35b fix buggy nix-shell man page 2017-07-10 14:36:55 +02:00
Robert Vollmert c85e662004 man page (nix-shell): Fix grouping of -p option
Not sure about the raw ellipsis.
2017-07-07 22:11:46 +02:00
Robert Vollmert 89771a8821 man page (nix-prefetch-url): Add some missing options 2017-07-07 22:11:46 +02:00
Robert Vollmert 772ef22c25 man page (nix-instantiate): -E is optional 2017-07-07 22:11:46 +02:00
Robert Vollmert 8ad898b2cd man page (nix-instantiate): Add --json to synopsis, order variables 2017-07-07 22:11:46 +02:00
Robert Vollmert b1f5995a20 man page (nix-instantiate): Remove non-existent nix-build argument -r 2017-07-07 22:11:46 +02:00
Robert Vollmert 56a1f8f499 man pages: Consistently separate alternatives by / 2017-07-07 22:11:46 +02:00
Robert Vollmert d1643bdaa2 man pages: Argument for --max-jobs 2017-07-07 22:11:45 +02:00
Robert Vollmert 68c626c6b0 man pages: Grouping for option alternatives 2017-07-07 22:11:45 +02:00
Robert Vollmert 60da5d2b8f Fix nix-instantiate manpage indentation
The second command variant is now its own cmdsynopsis, which ensures
it's not indented as was the case using sbrk.
2017-07-06 22:35:36 +02:00
Eelco Dolstra 6cf23c3e8f
Add allow-new-privileges option
This allows builds to call setuid binaries. This was previously
possible until we started using seccomp. Turns out that seccomp by
default disallows processes from acquiring new privileges. Generally,
any use of setuid binaries (except those created by the builder
itself) is by definition impure, but some people were relying on this
ability for certain tests.

Example:

  $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges
  builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines:
    cannot raise the capability into the Ambient set
    : Operation not permitted

  $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges
  builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines:
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms

Fixes #1429.
2017-07-04 15:48:25 +02:00
Eelco Dolstra d3449b286b Merge pull request #1371 from regnat/doc_--xml_fix
fix the description of --xml and --json
2017-05-03 11:06:12 +02:00
regnat a786d26dc2 doc: fix the description of --xml and --json
Those options seem to only apply with --eval and not with --parse.
2017-05-03 10:49:34 +02:00
Eelco Dolstra d7653dfc6d
Remove $NIX_BUILD_HOOK and $NIX_CURRENT_LOAD
This is to simplify remote build configuration. These environment
variables predate nix.conf.

The build hook now has a sensible default (namely build-remote).

The current load is kept in the Nix state directory now.
2017-05-01 17:30:16 +02:00
Eelco Dolstra 8d6af08530 Merge pull request #1348 from armijnhemel/nix-env
better document --meta option for nix-env
2017-04-24 10:18:23 +02:00
Eelco Dolstra f05d5f89ff
Read per-user settings from ~/.config/nix/nix.conf 2017-04-20 14:58:16 +02:00
Eelco Dolstra 562585e901
binary-caches-parallel-connections -> http-connections 2017-04-20 14:04:00 +02:00
Eelco Dolstra 4222402219
nix.conf man page: binary-caches -> substituters 2017-04-20 13:41:29 +02:00
Armijn Hemel 1559c596f6 document option 2017-04-19 19:10:12 +02:00
Eelco Dolstra ba9ad29fdb
Convert Settings to the new config system
This makes all config options self-documenting.

Unknown or unparseable config settings and --option flags now cause a
warning.
2017-04-13 20:53:23 +02:00
Eelco Dolstra aa23bba27f
Fix tests to reflect the signed-binary-caches default change 2017-03-21 18:06:13 +01:00
Eelco Dolstra 0afeb7f51e
Store: Add a method for getting build logs
This allows various Store implementations to provide different ways to
get build logs. For example, BinaryCacheStore can get the build logs
from the binary cache.

Also, remove the log-servers option since we can use substituters for
this.
2017-03-15 16:48:29 +01:00
Eelco Dolstra 19643a781e
nix -> Nix 2017-03-09 13:36:56 +01:00
Shea Levy 5f831c1057 Add docs for allow-import-from-derivation 2017-03-08 09:12:03 -05:00
Eelco Dolstra 7251d048fa
Support auto-configuration of build-max-jobs
"build-max-jobs" and the "-j" option can now be set to "auto" to use
the number of CPUs in the system. (Unlike build-cores, it doesn't use
0 to imply auto-configuration, because a) magic values are a bad idea
in general; b) 0 is a legitimate value used to disable local
building.)

Fixes #1198.
2017-02-28 12:54:50 +01:00
Eelco Dolstra bd5388e7b2
Tweak netrc docs 2017-02-16 14:24:16 +01:00
Renzo Carbonara e6e74f987f Add netrc-file support 2017-02-02 13:24:20 +01:00
Eelco Dolstra 9000150a78
Drop a few more references to all-packages.nix
And also don't refer to f-spot, which apparently no longer exists.

Issue #1170.
2017-01-03 16:42:24 +01:00
Jonas Chevalier 45ed6e7ef2 Document the common --no-build-hook option 2016-12-28 14:19:59 +00:00
Daiderd Jordan 36b3e15953
manual: add NIX_CONF_DIR to conf-file section 2016-12-16 10:59:07 +01:00
Eelco Dolstra 18b7363a69 Support optional sandbox paths
For example, you can now set

  build-sandbox-paths = /dev/nvidiactl?

to specify that /dev/nvidiactl should only be mounted in the sandbox
if it exists in the host filesystem. This is useful e.g. for EC2
images that should support both CUDA and non-CUDA instances.
2016-10-31 17:09:52 +01:00
Eelco Dolstra 818ab58cc6 Add sandbox-dev-shm-size option
Fixes #1069.
2016-09-21 16:54:53 +02:00
Eelco Dolstra 6656ef7b5b Revive binary-caches-parallel-connections
It's a slight misnomer now because it actually limits *all* downloads,
not just binary cache lookups.

Also add a "enable-http2" option to allow disabling use of HTTP/2
(enabled by default).
2016-09-14 16:38:26 +02:00