Commit graph

11809 commits

Author SHA1 Message Date
Eelco Dolstra 589f6f267b fetchClosure: Don't allow URL query parameters
Allowing this is a potential security hole, since it allows the user
to specify parameters like 'local-nar-cache'.
2022-04-06 11:52:51 +02:00
Eelco Dolstra c0ad86f681
Merge pull request #6366 from danpls/base64-reserve
libutil: Reserve memory when en/decoding base64
2022-04-05 23:20:33 +02:00
Eelco Dolstra f89fa29914
Merge pull request #6367 from danpls/fix-npos
tokenizeString: Fix semantic mistake
2022-04-05 23:19:35 +02:00
Daniel Pauls 513652d594 tokenizeString: Fix semantic mistake
`string_view::find_first_not_of(...)` and
`string_view::find_first_of(...)` return `string_view::npos` on error
not `string::npos`.
2022-04-05 22:33:03 +02:00
Daniel Pauls 1fa0393479 libutil: Reserve memory when en/decoding base64
The size of the output when encoding to and decoding from base64 is
(roughly) known so we can allocate it in advance to prevent
reallocation.
2022-04-05 21:30:50 +02:00
Eelco Dolstra 27b952a8a1
Merge pull request #6362 from thufschmitt/verbose-doctor
doctor: Always show the output
2022-04-05 17:33:10 +02:00
Eelco Dolstra 71c07ac0e7
Merge pull request #6363 from thufschmitt/definition-list-in-nix.conf-manual
Add anchors to the nix.conf options in the manual
2022-04-05 17:32:48 +02:00
Eelco Dolstra 5fe4fe823c
Merge pull request #6365 from edolstra/update-nixpkgs
Update to latest Nixpkgs 21.05
2022-04-05 17:23:23 +02:00
Eelco Dolstra 8d6c937d6a flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/82891b5e2c2359d7e58d08849e4c89511ab94234' (2021-09-28)
  → 'github:NixOS/nixpkgs/530a53dcbc9437363471167a5e4762c5fcfa34a1' (2022-02-19)
2022-04-05 16:41:40 +02:00
Eelco Dolstra f98d76ff1a rl-2.7.md: Fix title 2022-04-05 14:13:26 +02:00
Théophane Hufschmitt 9a640afc1e doctor: Always show the output
Fix https://github.com/NixOS/nix/issues/6342
2022-04-05 14:04:01 +02:00
Théophane Hufschmitt 660c19eb49 manual: Add some anchor targets for the nix.conf options
For each `nix.conf` option, add an empty html node with a unique `id`
that can be used as an anchor target. Also make the name of the option
be a link to that target so that it’s easily discoverable.

We can’t rewrite the whole list as an html definition list like it’s
done for the builtins because these options also appear in a man page,
and the manpage renderer (lowdown) can’t render arbitrary html. But the
hack here allows to keep the manpage and have the links in the html
version.

Fix https://github.com/NixOS/nix/issues/5745
2022-04-05 13:50:42 +02:00
Eelco Dolstra ec90fc4d1f
Merge pull request #6360 from thufschmitt/flake-check-accept-welcomeText
Allow `welcomeText` when checking a flake template
2022-04-05 11:50:45 +02:00
Théophane Hufschmitt 5abe3f4aa6 Allow welcomeText when checking a flake template
Fix https://github.com/NixOS/nix/issues/6321
2022-04-05 11:03:43 +02:00
Eelco Dolstra a4a1de69dc Add missing #include 2022-04-04 16:49:39 +02:00
Eelco Dolstra e496241413
Merge pull request #6350 from flox/lock_installable
fix(run): set applyNixConfig lockFlag
2022-04-04 10:50:17 +02:00
Tom Bereknyei c1e2ce4515 fix(run): set applyNixConfig lockFlag 2022-04-01 23:41:34 -04:00
Eelco Dolstra bf4895961d
Merge pull request #6344 from flox/profile_url_uri
profile!: consistent use of url/uri. create new version
2022-04-01 14:38:32 +02:00
Eelco Dolstra c74eac9fde
Merge pull request #6347 from edolstra/fix-output-hash-algo
Fix handling of outputHash when outputHashAlgo is not specified
2022-04-01 13:18:26 +02:00
Eelco Dolstra fdfe737867 Fix handling of outputHash when outputHashAlgo is not specified
https://hydra.nixos.org/build/171351131
2022-04-01 12:40:49 +02:00
Théophane Hufschmitt a24d0777b0
Merge pull request #6343 from Artturin/anothertypo
scripts/install-systemd-multi-user.sh: fix another typo
2022-04-01 11:44:58 +02:00
Artturin 7492030ed7 scripts/install-systemd-multi-user.sh: fix another typo 2022-03-31 22:14:53 +03:00
Eelco Dolstra c9a29d0d92
Merge pull request #6227 from NixOS/impure-derivations-ng
Impure derivations
2022-03-31 19:58:35 +02:00
Eelco Dolstra 6377442c98 tests/impure-derivations.sh: Ensure that inputAddressed build fails 2022-03-31 17:38:15 +02:00
Eelco Dolstra d63a5f5dd3 Update release notes 2022-03-31 17:33:06 +02:00
Eelco Dolstra 7537097284 Provide default values for outputHashAlgo and outputHashMode 2022-03-31 16:56:44 +02:00
Eelco Dolstra a99af85a77 Fix macOS build 2022-03-31 16:39:18 +02:00
Eelco Dolstra 6051cc954b Rename 'pure' -> 'sandboxed' for consistency 2022-03-31 16:12:25 +02:00
Eelco Dolstra e279fbb16a needsNetworkAccess() -> isSandboxed() 2022-03-31 16:06:40 +02:00
Eelco Dolstra 4e043c2f32 Document isPure() 2022-03-31 16:01:50 +02:00
Eelco Dolstra d7fc33c842 Fix macOS build 2022-03-31 15:59:14 +02:00
Eelco Dolstra 162beb2595 Fix test 2022-03-31 13:43:20 +02:00
Eelco Dolstra b2ae922747 tests/impure-derivations.sh: Restart daemon 2022-03-31 13:43:20 +02:00
Eelco Dolstra 18935e8b9f Support fixed-output derivations depending on impure derivations 2022-03-31 13:43:20 +02:00
Eelco Dolstra 5cd72598fe Add support for impure derivations
Impure derivations are derivations that can produce a different result
every time they're built. Example:

  stdenv.mkDerivation {
    name = "impure";
    __impure = true; # marks this derivation as impure
    outputHashAlgo = "sha256";
    outputHashMode = "recursive";
    buildCommand = "date > $out";
  };

Some important characteristics:

* This requires the 'impure-derivations' experimental feature.

* Impure derivations are not "cached". Thus, running "nix-build" on
  the example above multiple times will cause a rebuild every time.

* They are implemented similar to CA derivations, i.e. the output is
  moved to a content-addressed path in the store. The difference is
  that we don't register a realisation in the Nix database.

* Pure derivations are not allowed to depend on impure derivations. In
  the future fixed-output derivations will be allowed to depend on
  impure derivations, thus forming an "impurity barrier" in the
  dependency graph.

* When sandboxing is enabled, impure derivations can access the
  network in the same way as fixed-output derivations. In relaxed
  sandboxing mode, they can access the local filesystem.
2022-03-31 13:43:20 +02:00
Eelco Dolstra 0fe8849914
Merge pull request #6337 from danpls/fix-to-json-repl
libexpr: Throw the correct error in toJSON
2022-03-31 11:33:16 +02:00
Eelco Dolstra 28309352d9 replaceEnv(): Pass newEnv by reference 2022-03-31 10:39:53 +02:00
Eelco Dolstra 212623195c
Merge pull request #6339 from flox/bundler_default
bundler: update default bundler to support new bundler API
2022-03-31 10:10:11 +02:00
Tom Bereknyei 50f9f335c9 profile!: consistent use of url/uri. create new version 2022-03-30 16:35:26 -04:00
Tom Bereknyei d77823b502 bundler: update default bundler to support new bundler API 2022-03-30 16:10:42 -04:00
Daniel Pauls 629edd43ba libutil: Change return value of addTrace to void
The return value of BaseError::addTrace(...) is never used and
error-prone as subclasses calling it will return a BaseError instead of
the subclass.
This commit changes its return value to be void.
2022-03-30 18:37:32 +02:00
Daniel Pauls fa83b865a2 libexpr: Throw the correct error in toJSON
BaseError::addTrace(...) returns a BaseError, but we want to
throw a TypeError instead.

Fixes #6336.
2022-03-30 15:50:13 +02:00
Eelco Dolstra 22522722a6
Merge pull request #6335 from thufschmitt/gitignore-stray-files
Gitignore or don’t create some build outputs
2022-03-30 14:49:15 +02:00
Théophane Hufschmitt 87f867ef62 Gitignore the generated systemd nix-daemon conf file 2022-03-30 11:43:08 +02:00
Théophane Hufschmitt 8dee15cd31 Don’t create a file in the worktree in the fetchPath test 2022-03-30 11:42:47 +02:00
Eelco Dolstra ed581e51cc
Merge pull request #6334 from NixOS/require-mounts-for-db
nix-daemon.service: require mounts for /nix/var/nix/db
2022-03-30 11:40:38 +02:00
Graham Christensen 3b26dd51ff
nix-daemon.service: require mounts for /nix/var/nix/db
Users may want to mount a filesystem just for the Nix database, with
the filesystem's parameters specially tuned for sqlite. For example, on
ZFS you might set the recordsize to 64k after changing the database's
page size to 65536.
2022-03-29 21:05:57 -04:00
Eelco Dolstra 03be091e0a
Merge pull request #6268 from thufschmitt/remove-the-variant-in-hashmodulo
Simplify the handling of the hash modulo
2022-03-29 20:26:47 +02:00
Théophane Hufschmitt 390269ed87 Simplify the handling of the hash modulo
Rather than having four different but very similar types of hashes, make
only one, with a tag indicating whether it corresponds to a regular of
deferred derivation.

This implies a slight logical change: The original Nix+multiple-outputs
model assumed only one hash-modulo per derivation. Adding
multiple-outputs CA derivations changed this as these have one
hash-modulo per output. This change is now treating each derivation as
having one hash modulo per output.
This obviously means that we internally loose the guaranty that
all the outputs of input-addressed derivations have the same hash
modulo. But it turns out that it doesn’t matter because there’s nothing
in the code taking advantage of that fact (and it probably shouldn’t
anyways).

The upside is that it is now much easier to work with these hashes, and
we can get rid of a lot of useless `std::visit{ overloaded`.

Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2022-03-29 18:17:35 +02:00
Théophane Hufschmitt 2d572a250f
Merge pull request #6330 from edolstra/run-remote-store
nix {run,shell}: Print a better error message if the store is not local
2022-03-28 17:57:37 +02:00