Commit graph

9315 commits

Author SHA1 Message Date
Ersin Akinci f107a27002 Tweak path hint 2019-10-21 14:16:55 -07:00
Eelco Dolstra 1e23b82a53 exportGitHub(): Don't rely on the ETag from GitHub
We relied on it being the Git revision, but that stopped being the
case.
2019-10-21 23:14:29 +02:00
Ersin Akinci b7a936224e Add hint about path in builtins.import 2019-10-21 14:11:26 -07:00
Ersin Akinci 9be7787ec0 Revert "Document import <path> syntax"
This reverts commit d8730fb86f.
2019-10-21 13:12:41 -07:00
Eelco Dolstra 45b740c18b Use upstream json_fwd.hpp to speed up compilation 2019-10-21 22:11:21 +02:00
Eelco Dolstra cb1a79a96a Fix build 2019-10-21 18:58:38 +02:00
Eelco Dolstra 9a18f544ac Merge remote-tracking branch 'origin/master' into flakes 2019-10-21 18:48:21 +02:00
Eelco Dolstra 629b9b0049 Mark content-addressable paths with references as experimental 2019-10-21 18:05:31 +02:00
Eelco Dolstra e68736936a nix make-content-addressable: Add examples 2019-10-21 17:58:17 +02:00
Eelco Dolstra d77970fde7 Fix build 2019-10-21 17:49:16 +02:00
Eelco Dolstra 0abb3ad537 Allow content-addressable paths to have references
This adds a command 'nix make-content-addressable' that rewrites the
specified store paths into content-addressable paths. The advantage of
such paths is that 1) they can be imported without signatures; 2) they
can enable deduplication in cases where derivation changes do not
cause output changes (apart from store path hashes).

For example,

  $ nix make-content-addressable -r nixpkgs.cowsay
  rewrote '/nix/store/g1g31ah55xdia1jdqabv1imf6mcw0nb1-glibc-2.25-49' to '/nix/store/48jfj7bg78a8n4f2nhg269rgw1936vj4-glibc-2.25-49'
  ...
  rewrote '/nix/store/qbi6rzpk0bxjw8lw6azn2mc7ynnn455q-cowsay-3.03+dfsg1-16' to '/nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16'

We can then copy the resulting closure to another store without
signatures:

  $ nix copy --trusted-public-keys '' ---to ~/my-nix /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16

In order to support self-references in content-addressable paths,
these paths are hashed "modulo" self-references, meaning that
self-references are zeroed out during hashing. Somewhat annoyingly,
this means that the NAR hash stored in the Nix database is no longer
necessarily equal to the output of "nix hash-path"; for
content-addressable paths, you need to pass the --modulo flag:

  $ nix path-info --json /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16  | jq -r .[].narHash
  sha256:0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw

  $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16
  1ggznh07khq0hz6id09pqws3a8q9pn03ya3c03nwck1kwq8rclzs

  $ nix hash-path --type sha256 --base32 /nix/store/iq6g2x4q62xp7y7493bibx0qn5w7xz67-cowsay-3.03+dfsg1-16 --modulo iq6g2x4q62xp7y7493bibx0qn5w7xz67
  0ri611gdilz2c9rsibqhsipbfs9vwcqvs811a52i2bnkhv7w9mgw
2019-10-21 17:47:24 +02:00
Eelco Dolstra b82f75464d buildenv: Eliminate global variables, other cleanup 2019-10-21 17:40:40 +02:00
Eelco Dolstra a7aabd7cc7 Add getDefaultProfile() function 2019-10-21 16:07:19 +02:00
Eelco Dolstra a07da2fd7a Don't ignore revs/refs of local flakerefs
Fixes

  error: the content hash of flake '/home/eelco/Dev/nixpkgs-flake?ref=HEAD&rev=0000000000000000000000000000000000000000' doesn't match the hash recorded in the referring lockfile
2019-10-21 14:57:01 +02:00
Eelco Dolstra 4a1cd10495 Merge remote-tracking branch 'origin/master' into flakes 2019-10-21 13:52:55 +02:00
Eelco Dolstra aabf5c86c9
Add experimental-features setting
Experimental features are now opt-in. There is currently one
experimental feature: "nix-command" (which enables the "nix"
command. This will allow us to merge experimental features more
quickly, without committing to supporting them indefinitely.

Typical usage:

$ nix build --experimental-features 'nix-command flakes' nixpkgs#hello

(cherry picked from commit 8e478c2341,
without the "flakes" feature)
2019-10-21 13:34:44 +02:00
Eelco Dolstra 389a2cebed
SourceExprCommand::getSourceExpr(): Allocate more space
Fixes #3140.
2019-10-21 13:14:39 +02:00
Eelco Dolstra 37e45dac8c
Merge pull request #3158 from steshaw/master
Fix unset variable in installer
2019-10-21 12:33:01 +02:00
Ersin Akinci d8730fb86f Document import <path> syntax 2019-10-20 19:08:05 -07:00
Eelco Dolstra 8426d99b0e Fix InstallableFlake::what() 2019-10-20 16:43:00 +02:00
Steven Shaw f0ec4b4ce4
Fix unset variable in installer 2019-10-19 13:26:06 +10:00
xbreak 7c568d4c6e Downloader: Warn if no trusted CA file has been configured 2019-10-18 19:08:33 +00:00
Eelco Dolstra ab4dd1d783
Merge pull request #2291 from Taneb/master
nix-channel documentation: don't suggest deprecated function
2019-10-17 12:53:42 +02:00
Eelco Dolstra 8e478c2341
Add experimental-features setting
Experimental features are now opt-in. There are currently two
experimental features: "nix-command" (which enables the "nix"
command), and "flakes" (which enables support for flakes). This will
allow us to merge experimental features more quickly, without
committing to supporting them indefinitely.

Typical usage:

$ nix build --experimental-features 'nix-command flakes' nixpkgs#hello
2019-10-16 17:49:01 +02:00
Eelco Dolstra a56036fa87 Fix repeated fetchGit.sh test 2019-10-16 00:21:19 +02:00
Eelco Dolstra 0ab64729e9 Improve GitHub caching
In particular, when building a flake lock file, inputs like 'nixpkgs'
are now downloaded only once. Previously, it would fetch
https://api.github.com/repos/<owner>/<repo>/tarball/<ref> and then
later https://api.github.com/repos/<owner>/<repo>/tarball/<rev>, even
though they produce the same result.

Git and GitHub now also share a cache that maps revs to a store path
and other info.
2019-10-16 00:20:51 +02:00
Eelco Dolstra 14a89aa8cd Fix 'nix flake init' 2019-10-15 19:53:29 +02:00
Eelco Dolstra 7d38060a0d Support non-x86_64-linux system types in flakes
A command like

  $ nix run nixpkgs#hello

will now build the attribute 'packages.${system}.hello' rather than
'packages.hello'. Note that this does mean that the flake needs to
export an attribute for every system type it supports, and you can't
build on unsupported systems. So 'packages' typically looks like this:

  packages = nixpkgs.lib.genAttrs ["x86_64-linux" "i686-linux"] (system: {
    hello = ...;
  });

The 'checks', 'defaultPackage', 'devShell', 'apps' and 'defaultApp'
outputs similarly are now attrsets that map system types to
derivations/apps. 'nix flake check' checks that the derivations for
all platforms evaluate correctly, but only builds the derivations in
'checks.${system}'.

Fixes #2861. (That issue also talks about access to ~/.config/nixpkgs
and --arg, but I think it's reasonable to say that flakes shouldn't
support those.)

The alternative to attribute selection is to pass the system type as
an argument to the flake's 'outputs' function, e.g. 'outputs = { self,
nixpkgs, system }: ...'. However, that approach would be at odds with
hermetic evaluation and make it impossible to enumerate the packages
provided by a flake.
2019-10-15 18:16:29 +02:00
Eelco Dolstra 0bc8f1669d Move code around 2019-10-14 14:40:16 +02:00
Matthew Bauer 96c84937c4 Move tmpDirInSandbox to initTmpDir 2019-10-13 16:41:49 -04:00
Matthew Bauer 499b038875 Fix sandbox fallback settings
The tmpDirInSandbox is different when in sandboxed vs. non-sandboxed.
Since we don’t know ahead of time here whether sandboxing is enabled,
we need to reset all of the env vars we’ve set previously. This fixes
the issue encountered in https://github.com/NixOS/nixpkgs/issues/70856.
2019-10-12 19:22:13 -04:00
Eelco Dolstra 906d56a96b
ssh-ng: Don't set CPU affinity on the remote
Fixes #3138.
2019-10-11 18:49:46 +02:00
Eelco Dolstra 7d8c99eb43
Merge pull request #3114 from matthewbauer/add-libatomic
Add libatomic for 32-bit ARM
2019-10-11 11:01:37 +02:00
Eelco Dolstra 5446eae949
Merge remote-tracking branch 'origin/master' into flakes 2019-10-10 15:07:59 +02:00
Eelco Dolstra 90df25ef7e
Fix build 2019-10-10 15:07:50 +02:00
Eelco Dolstra 95cf23ee7c
nix verify: Fix uninitialized variable 2019-10-10 15:03:01 +02:00
Eelco Dolstra e99bb91217
Merge remote-tracking branch 'origin/master' into flakes 2019-10-10 12:54:37 +02:00
Eelco Dolstra c3aaf3b8da
nix-env: Ignore failures creating ~/.nix-profile and ~/.nix-defexpr
https://hydra.nixos.org/build/102803093
2019-10-10 09:14:05 +02:00
Eelco Dolstra bda64a2b0f
Doh
https://hydra.nixos.org/build/102803044
2019-10-10 00:12:30 +02:00
Eelco Dolstra 94dfb6b1fe
Merge pull request #3136 from NixOS/no-world-writable
Remove world-writability from {profiles,gcroots}/per-user
2019-10-09 23:35:45 +02:00
Eelco Dolstra 20eec802ff
Force per-user group to a known value 2019-10-09 23:35:02 +02:00
Eelco Dolstra 9277e72cb0
Typo 2019-10-09 23:35:02 +02:00
Eelco Dolstra d7bae5680f
Go back to 755 permission on per-user directories
700 is pointless since the store is world-readable anyway. And
per-user/root/channels must be world-readable.
2019-10-09 23:35:02 +02:00
Eelco Dolstra c9159f86cc
nix-env: Create ~/.nix-defexpr automatically 2019-10-09 23:35:02 +02:00
Eelco Dolstra 61a6176aca
nix-profile.sh: Remove coreutils dependency 2019-10-09 23:35:02 +02:00
Eelco Dolstra 9348f9291e
nix-env: Create ~/.nix-profile automatically 2019-10-09 23:35:01 +02:00
Eelco Dolstra 26762ceb86
nix-profile.sh: Don't create .nix-channels
This is already done by the installer, so no need to do it again.
2019-10-09 23:35:01 +02:00
Eelco Dolstra c43d9f6131
Remove some redundant initialization 2019-10-09 23:35:01 +02:00
Eelco Dolstra 5a303093dc
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.
2019-10-09 23:34:48 +02:00
Eelco Dolstra 4331eeb13d
Filter ANSI escape sequences in -L output
Otherwise, builds like NixOS VM tests may leave the terminal in a
weird state and do resets.
2019-10-09 23:25:06 +02:00