Commit graph

508 commits

Author SHA1 Message Date
ktemkin 220e252230 upload a baseline that's been de-detsys'd 2024-04-02 15:40:06 -06:00
Eelco Dolstra 41dc9fecde
Mark release (#885) 2024-03-07 20:47:08 +01:00
Eelco Dolstra 79e3aa2beb
Upgrade to Nix 2.20.5 (CVE-2024-27297) (#882) 2024-03-07 19:51:15 +01:00
Graham Christensen 06eaf882e6
Correct privacy policy link (#863) 2024-02-25 16:45:14 -05:00
Cole Helbling 9c109b71d1
Bump version to 0.17.1-unreleased (#861) 2024-02-23 14:12:58 -08:00
Cole Helbling e6117e8741
Release v0.17.0 (#859) 2024-02-23 12:26:10 -08:00
Cole Helbling bb665028de
Update dependencies (#858)
* flake.lock: Update, exclude Nixpkgs

Updating Nixpkgs seems to break the Nix build somehow (even though we
don't use the Nix input except for its `binaryTarball` job...).

Flake lock file updates:

• Updated input 'fenix':
    'https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.1727%2Brev-66fc1883c34c42df188b83272445aedb26bb64b5/018cc416-f0ae-724d-989f-aa4ded05d885/source.tar.gz?narHash=sha256-Vti1mv4WhmXHPNcFgUiJyt4OKLvsvLzM2eKS4bEegf0%3D' (2024-01-01)
  → 'https://api.flakehub.com/f/pinned/nix-community/fenix/0.1.1762%2Brev-668102037129923cd0fc239d864fce71eabdc6a3/018d63bb-6455-7a2f-98c6-74a36b8216a4/source.tar.gz?narHash=sha256-4o6TMpzBHO659EiJTzd/EGQGUDdbgwKwhqf3u6b23U8%3D' (2024-02-01)
• Updated input 'fenix/rust-analyzer-src':
    'github:rust-lang/rust-analyzer/cf52c4b2b3367ae7355ef23393e2eae1d37de723' (2023-12-31)
  → 'github:rust-lang/rust-analyzer/42cb1a2bd79af321b0cc503d2960b73f34e2f92b' (2024-01-31)
• Updated input 'nix/libgit2':
    'github:libgit2/libgit2/8fd4f83e8acf5ee813191f08c3433e77200ea38b' (2024-02-22)
  → 'github:libgit2/libgit2/45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5' (2023-10-18)

* Cargo.lock: update

* fixup: indexmap deprecation warnings

* Cargo.toml: bump strum to 0.26.1, which to 6.0.0

* CONTRIBUTING: update with more specific commands
2024-02-23 09:27:43 -08:00
Ana Hobden 40740423ca
Don't check /run for systemd if we're not starting the daemon (#853)
* Don't check /run for systemd if we're not starting the daemon

* Add a note about start_daemon and checking /run/systemd/system
2024-02-23 08:41:41 -08:00
Cole Helbling 09ddc9be6b
Nix 2.20.3 (#856) 2024-02-23 07:49:07 -08:00
Cole Helbling f2cf30ecd6
README updates from amazing contributors (#854)
* Document nix version pinning more explicitly

https://github.com/DeterminateSystems/nix-installer/issues/387#issuecomment-1581743074

Co-authored-by: Ana Hobden <operator@hoverbear.org>

* Fixed a single typo in README.md

* Link to nixos.org to explain Nix

* README: Delete now-incorrect link listing installed `nix` versions

---------

Co-authored-by: Peter Kolloch <peter.kolloch@nexxiot.com>
Co-authored-by: Ana Hobden <operator@hoverbear.org>
Co-authored-by: Mikko Lukas Räsänen <1522239+mikkolukas@users.noreply.github.com>
Co-authored-by: Mauricio Scheffer <mauricioscheffer@gmail.com>
Co-authored-by: Ilya Grigoriev <ilyagr@users.noreply.github.com>
2024-02-22 17:28:07 +00:00
Ana Hobden 58303b5598
Document how to get started on GitLab (#841) 2024-02-09 13:54:51 -08:00
Cole Helbling 15802f0730
Cargo.lock: update h2 (#830) 2024-01-31 16:32:12 +00:00
Ana Hobden d6c5e1f114
0.16.2-unreleased (#827) 2024-01-26 12:31:41 -08:00
Ana Hobden 7119f93bd0
Release v0.16.1 (#826) 2024-01-26 08:44:39 -08:00
Ana Hobden 769d5c72fa
Bump to Nix 2.19.3 (#820) 2024-01-25 09:37:18 -08:00
Cole Helbling 62afef6e3c
fixup uninstall tag links (#812)
We tag with a leading `v`, but the messages did not have this.
2024-01-10 20:55:56 +00:00
Ana Hobden dc241f2853
Add readme entry for PR 772 (#809) 2024-01-08 18:50:10 +00:00
Ana Hobden 2477de21eb
Bump to 0.16.1-unreleased (#808) 2024-01-08 18:43:45 +00:00
Ana Hobden fb4401df00
Release v0.16.0 (#804) 2024-01-08 08:41:39 -08:00
Ana Hobden 83a0da10c4
Fix adduser so it doesn't create the home (#801) 2024-01-05 11:45:06 -08:00
Ana Hobden e48a8962b5
Bump dependencies (#800) 2024-01-04 11:17:58 -08:00
Ana Hobden 7011c077ec
fix create build users action description (#788)
Co-authored-by: Michael Gallagher <mjgallag@gmail.com>
2024-01-03 20:01:11 +00:00
Ana Hobden e815280881
Fix arm64 darwin install (#789)
* fix: workaround for lies from uname -m

On an arm64 mac, `uname -m` returns x86_64 which causes install script to install with the wrong architecture

* refactor: use same logic from rustup

* Tweak credit comment

* Prod ci

---------

Co-authored-by: oz <otech47@gmail.com>
2024-01-03 12:00:51 -08:00
Graham Christensen 0b0172547c
Fetch updates from i.d.s by default (#772)
* Fetch updates from i.d.s by default

Our goal is to deliver a solid experience with Nix flakes, including an upgrade path that is safe. Occasionally, the upstream Nix project may introduce regressions for the common flake path. This is not desirable for our users, who depend on a consistent and stable flakes experience.

Additionally, the Nix project isn't directly responsible for delivering updates to users as that role is delegated to the Nixpkgs project.

Overall, this means upgrades are not consistently delivered to users.

This update directs future update requests to install.determinate.systems, which we will upgrade as part of our standard release process.

Our standard release process includes proactive testing: validating our installer and Nix's behavior across a wide variety of platforms and scenarios.

After an update passes our proactive validation, we do a phased rollout of reactive monitoring: the update is released to a small percentage of users on GitHub Actions. We monitor the failure rate of the installer and overall workflows to ensure the updated Nix isn't causing widespread failure we weren't able to identify ahead of time.

Only after a release passes both proactive and reactive validation, our macOS .pkg and nix-upgrade paths are bumped to the most recent release. This gives user the confidence they're looking for that the Nix release they're getting is safe.

* Universal -> universal
2023-12-08 03:45:05 +00:00
Ana Hobden 8c9e64d2a3
Update deps (#771) 2023-12-05 15:19:43 -08:00
Ana Hobden b84ebf0841
Don't modify shell profile files if they are symlinks (#767)
* Don't modify shell profile files if they are symlinks

* Fixup remote building step
2023-12-05 11:14:46 -08:00
Ana Hobden 0419422de0
nix-2.19.2 (#756)
* nix-2.19.2

* Fix speeling
2023-11-30 16:51:41 -08:00
Ana Hobden a176784a03
0.15.1-unreleased (#755) 2023-11-30 18:59:40 +00:00
Ana Hobden cd61f98c90
MacOS installer does not honor case sensitive setting (#748)
* MacOS should respect case-sensitivity setting

* Fix warning
2023-11-28 09:22:01 -08:00
Graham Christensen 41a96f49fc
Clippy nits while hacking around (#737)
* clippy: unnecessary guard

* create merge nix config clippy nit, old

* Clean up a clippy nit on an extra clone

* clippy nit legacy wsl detection error
2023-11-22 14:50:25 -05:00
Ana Hobden df9610edba
Release v0.15.1 (#729) 2023-11-14 19:04:27 -08:00
Ana Hobden b48c7204bc
Release v0.15.0 (#728) 2023-11-14 16:05:36 -08:00
Graham Christensen 0c01adc852
Nix config: add extra newlines after the initial comment (#719)
* Nix config: add extra newlines after the initial comment

Otherwise the extra-config option will get swallowed.

Closes #717

* Push individual strs
2023-11-14 08:27:11 -08:00
Graham Christensen 01a3447b83
Remove the writable flag, don't set too many permission bits (#718)
Making everything 0o555 is too much, since many files in the store
are not supposed to be executable. Those should be 0o444. Instead
of splatting 0o555 out, take a more measured approach and remove
the writable flag from the on-disk mode.
2023-11-14 08:26:23 -08:00
Graham Christensen dac0adca28
Support remote-building to macOS hosts (#714)
* Support remote-building to macOS hosts

Our README has long featured a snippet to add to the zshenv, with a
caevat that it might behave strangely if you're writing a script with an
empty PATH.

It is pretty straightforward to eliminate those caveats while still
providing remote building for Nix to macOS hosts.

Co-authored-by: Ana Hobden <operator@hoverbear.org>
2023-11-10 19:02:19 +00:00
Matthew Kenigsberg 6ca2c68e31
Document max-jobs=auto (#712)
max-jobs is set to auto as of
https://github.com/DeterminateSystems/nix-installer/pull/627
2023-11-10 07:59:42 -08:00
Graham Christensen a026cc2224
Don't include the version number in the nix config, for reproducibility. Closes #580 (#710) 2023-11-08 19:00:41 +00:00
Timothy Sutton dda36c4a22
Add 'sudo' to suggestions for launchd-related config fixes (#706) 2023-11-06 10:09:58 -08:00
Ana Hobden ccae8a097d
Document the known nix-darwin related uninstall issue (#687)
* Document the known nix-darwin related uninstall issue

* Fix nits

* Update README.md

Co-authored-by: Cole Helbling <cole.helbling@determinate.systems>

---------

Co-authored-by: Cole Helbling <cole.helbling@determinate.systems>
2023-10-24 18:55:51 +00:00
Graham Christensen 93cdd9bcb0
create /etc/tmpfiles.d on ostree (#686) 2023-10-24 10:34:41 -07:00
Ana Hobden 2dd40810fb
Fix exit code inconsistency (#684) 2023-10-23 13:52:42 -07:00
Ana Hobden c79dcb91ae
Release v0.14.0 (#679) 2023-10-18 10:18:59 -07:00
Graham Christensen 32dcdb7550
Make our Nix installation immune to macOS upgrades (#672)
* Add cargo-watch

* clippy: the borrowed expression implements the required traits

* clippy: expression creates a reference which is immediately dereferenced by the compiler

* clippy: redundant closure

* clippy: this if-then-else expression returns a bool literal

* clippy: explicit call to .into_iter() in function argument accepting IntoIterator

* Clippy: an implementation of From is preferred since it gives you Into<_> for free where the reverse isn't true

* Support cargo building on a mac

* Create a nix-hook service on macos to inject the shell at startup

* Introduce nix-installe restore-shell to fix the init scripts, called by the nix-hook plist on every login

* Wait for /nix to be there, and restart the hook until it works

* Back to run-at-load hoping that works

* Revert "Back to run-at-load hoping that works"

This reverts commit cccb8bcd971e296fecc0a2dba4f1101795bcd5ba.

It starts too early, fails, and then aborts. When it fails,
launchd says the service failed to initialize and that the system
is read-only.

* nits

* rename to repair

* Handle --no-modify-profile

* fmt

---------

Co-authored-by: Ana Hobden <operator@hoverbear.org>
2023-10-16 11:50:33 -07:00
Daniel Flanagan 5e06d6fcd2
Update ssl-cert-file docs (#671) 2023-10-10 09:21:22 -07:00
Ana Hobden 201fd4a0a7
Release v0.13.1 (#666) 2023-10-04 09:08:02 -07:00
Ana Hobden 917c0e89e7
Use Nix 2.17.0 (#665) 2023-10-03 19:03:44 +00:00
Ana Hobden 5eedbab041
Update nix-config-parser (#664) 2023-10-03 18:09:37 +00:00
Graham Christensen 95045cf8c0
flake-compat: use flakehub (#663) 2023-10-03 10:47:17 -07:00
Ana Hobden b68cf8b56c
Upgrade to Nix 2.18.1 (#661) 2023-10-03 10:07:35 -07:00
Ana Hobden 25ed45fc1b
Unmount apfs volumes before deleting them (#662) 2023-10-03 10:07:17 -07:00