Eelco Dolstra
4f762e2b02
Restore ownership of / for non-uid-range builds
2022-11-29 13:10:53 +01:00
Eelco Dolstra
7dd3e1fec4
Add example
2022-11-28 22:04:51 +01:00
Eelco Dolstra
67bcb99700
Add a setting for enabling cgroups
2022-11-28 21:54:02 +01:00
Eelco Dolstra
ff12d1c1a1
Check that auto-allocated UIDs don't clash with existing accounts
2022-11-28 20:49:17 +01:00
Eelco Dolstra
fc14585610
Fix evaluation
2022-11-27 18:58:21 +01:00
Eelco Dolstra
f1b5c6876b
Add tests for auto-uid-allocation, uid-range and cgroups
2022-11-27 16:38:34 +01:00
Eelco Dolstra
2aa3f2e810
Include UID in hex
2022-11-23 17:07:59 +01:00
Eelco Dolstra
989fc8a8b9
Add release notes
2022-11-23 15:24:50 +01:00
Eelco Dolstra
6292d5616e
Merge remote-tracking branch 'origin/master' into auto-uid-allocation
2022-11-23 11:16:09 +01:00
Eelco Dolstra
05d0892443
Merge pull request #7328 from edolstra/nix-build-stats
...
nix build --json: Include build statistics
2022-11-22 14:41:15 +01:00
Eelco Dolstra
96a9511a9c
Merge pull request #7333 from fricklerhandwerk/language-overview
...
fix error in language overview
2022-11-22 11:18:53 +01:00
Valentin Gagarin
52f0c80917
fix error in language overview
...
it is not possible to antiquote numbers.
2022-11-22 10:36:21 +01:00
Eelco Dolstra
3d23b9d032
SimpleUserLock::getSupplementaryGIDs(): Filter out main gid
...
This avoids having the user's gid in the supplementary group list as
well.
2022-11-22 10:26:17 +01:00
Eelco Dolstra
b37c2d84b6
Always call setgroups()
...
We shouldn't skip this if the supplementary group list is empty,
because then the sandbox won't drop the supplementary groups of the
parent (like "root").
2022-11-22 10:26:17 +01:00
Eelco Dolstra
02c02ee7c3
Merge pull request #6456 from amjoseph-nixpkgs/seccomp-mips
...
local-derivation-goal.cc: enable seccomp filters for mips{32,64}
2022-11-21 23:03:00 +01:00
Eelco Dolstra
c776dfbb35
Use hex for startId
...
Co-authored-by: Linus Heckemann <git@sphalerite.org>
2022-11-21 18:46:55 +01:00
Eelco Dolstra
9d17ce07e8
AutoUserLock: If sandboxing is disabled, use the build users group
...
We have to use a gid that has write access to the Nix store.
2022-11-21 12:55:49 +01:00
Eelco Dolstra
f0baa5c128
nix build --json: Include build statistics
...
Example:
# nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
[
{
"cpuSystem": 1.911431,
"cpuUser": 1.214249,
"drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
"outputs": {
"out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
},
"startTime": 1669024076,
"stopTime": 1669024079
}
]
2022-11-21 12:06:01 +01:00
Eelco Dolstra
e7a5b76844
Rename derivedPathsWithHintsToJSON -> builtPathsToJSON
2022-11-21 11:56:20 +01:00
Eelco Dolstra
82d5cf2a76
Fix macOS build
2022-11-21 11:45:41 +01:00
Eelco Dolstra
653b32a78f
Merge remote-tracking branch 'origin/master' into auto-uid-allocation
2022-11-21 11:33:23 +01:00
Eelco Dolstra
ec45f4b82e
Fix indentation
2022-11-21 11:12:45 +01:00
Eelco Dolstra
300753d594
nix build --json: Include build statistics
...
Example:
# nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
[
{
"cpuSystem": 1.911431,
"cpuUser": 1.214249,
"drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
"outputs": {
"out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
},
"startTime": 1669024076,
"stopTime": 1669024079
}
]
2022-11-21 10:49:01 +01:00
Eelco Dolstra
f538ee4342
Rename derivedPathsWithHintsToJSON -> builtPathsToJSON
2022-11-21 09:38:08 +01:00
Eelco Dolstra
e6b71f84a0
Use cgroup.kill to quickly kill cgroups
2022-11-18 16:59:36 +01:00
Eelco Dolstra
fa68eb367e
Get CPU stats from the cgroup
2022-11-18 13:40:59 +01:00
Eelco Dolstra
20f66c6889
Indentation
2022-11-18 13:40:48 +01:00
Eelco Dolstra
128910ba23
Separate cgroup support from auto-uid-allocation
...
The new experimental feature 'cgroups' enables the use of cgroups for
all builds. This allows better containment and enables setting
resource limits and getting some build stats.
2022-11-18 10:39:28 +01:00
Eelco Dolstra
f1ab082ac4
createTempDir(): Use std::atomic
2022-11-18 09:37:11 +01:00
Eelco Dolstra
f423d4425f
Fix segfault in unprivileged mode
2022-11-17 11:56:45 +01:00
Théophane Hufschmitt
62960f3291
Merge pull request #7134 from yorickvP/disable-dbg-on-complete
...
Temporarily disable the debugger during completion evaluation
2022-11-16 11:28:40 +01:00
Théophane Hufschmitt
60dea270d0
Swallow the error in a more idiomatic way
2022-11-16 10:34:32 +01:00
Théophane Hufschmitt
4bf70b74a7
Merge pull request #7294 from tobim/support-aws-sdk-1.10
...
libstore: link to aws-crt-cpp
2022-11-15 16:51:09 +01:00
Théophane Hufschmitt
3ade5f5d60
Merge pull request #7283 from hercules-ci/issue-6572
...
Fix #6572 `requires non-existent output`
2022-11-15 16:24:24 +01:00
Théophane Hufschmitt
daf1423a4a
Merge pull request #7260 from ncfavier/readFile-scan-references
...
Restrict `readFile` context to references that appear in the string
2022-11-15 16:22:28 +01:00
c279ddb18c
tests: Reproduce #6572
2022-11-14 18:03:29 +01:00
7e162c69fe
derivation-goal: Fix requires non-existing output
error
...
It occurred when a output of the dependency was already available,
so it didn't need rebuilding and didn't get added to the
inputDrvOutputs.
This process-related info wasn't suitable for the purpose of finding
the actual input paths for the builder. It is better to do this in
absolute terms by querying the store.
2022-11-14 17:52:55 +01:00
Théophane Hufschmitt
cb39e9a99e
Test that the result of readFile
gets ref-scanned
2022-11-14 16:13:26 +01:00
Eelco Dolstra
0efc314d4d
Merge pull request #7295 from Et7f3/pkg-config-lowdown
...
build: use pkg-config for lowdown
2022-11-14 16:12:09 +01:00
Théophane Hufschmitt
6bf8736517
Add release-notes for the context-restriction in readFile
2022-11-14 15:03:53 +01:00
Théophane Hufschmitt
8b4352d79b
Merge remote-tracking branch 'nixos/master' into readFile-scan-references
2022-11-14 15:00:05 +01:00
Et7f3
efadeee8fd
build: use pkg-config for lowdown
2022-11-12 23:04:58 +01:00
Tobias Mayer
07f2cb1e8f
libstore: link to aws-crt-cpp
...
This change is needed to support aws-sdk-cpp 1.10 and newer.
I opted not to make this dependent on the sdk version because
the crt dependency has been in the interface of the older
sdk as well, and it was only coincidence that libstore didn't
make use of any privately defined symbols directly.
2022-11-12 14:34:23 +01:00
Théophane Hufschmitt
302ddee749
Merge pull request #7279 from fricklerhandwerk/uninstall
...
add removing users to uninstall instructions
2022-11-11 14:39:07 +01:00
Valentin Gagarin
2af036e5a3
remove stray comma
2022-11-11 14:01:13 +01:00
Valentin Gagarin
bb279257b3
Merge pull request #7229 from Mic92/ci
...
Auto-assign reviewers by file
2022-11-11 13:39:46 +01:00
Naïm Favier
e7ed9ae0c7
Restrict readFile
context to references that appear in the string
...
When calling `builtins.readFile` on a store path, the references of that
path are currently added to the resulting string's context.
This change makes those references the *possible* context of the string,
but filters them to keep only the references whose hash actually appears
in the string, similarly to what is done for determining the runtime
references of a path.
2022-11-11 13:04:34 +01:00
Théophane Hufschmitt
9550b1d519
Merge pull request #7258 from ncfavier/fix-eval-error-fmt
...
Fix printing of eval errors with two format placeholders
2022-11-10 18:41:16 +01:00
Eelco Dolstra
6c6eff8ac4
Remove the SystemdCgroup feature
2022-11-10 17:24:12 +01:00
Théophane Hufschmitt
f225f43076
Merge pull request #7006 from fricklerhandwerk/redirects
...
manual: generalize anchor redirects
2022-11-09 11:23:26 +01:00