Commit graph

10094 commits

Author SHA1 Message Date
Eelco Dolstra 91ea9c52ee
Merge pull request #4624 from NixOS/ca/realisation-nix-command
Add a `nix realisation` command for working on realisations
2021-03-15 16:37:09 +01:00
Eelco Dolstra a5e21aa13c
Merge pull request #4618 from NixOS/ca/sign-drvoutputs
Sign the derivation outputs
2021-03-15 16:35:41 +01:00
regnat 703c98c6cb Properly sign the unresolved drvs
Don't let them inherit the signature from the parent one (because it
makes no sense to do so), but re-sign them after they have been built
2021-03-15 16:35:17 +01:00
regnat 54ced9072b Check the signatures when copying store paths around
Broken atm
2021-03-15 16:35:14 +01:00
regnat 3e6017f911 pathInfoIsTrusted -> pathInfoIsUntrusted
I guess the rationale behind the old name wath that
`pathInfoIsTrusted(info)` returns `true` iff we would need to `blindly`
trust the path (because it has no valid signature and `requireSigs` is
set), but I find it to be a really confusing footgun because it's quite
natural to give it the opposite meaning.
2021-03-15 16:34:49 +01:00
regnat 826877cabf Add some logic for signing realisations
Not exposed anywhere, but built realisations are now signed (and this
should be forwarded when copy-ing them around)
2021-03-15 16:34:49 +01:00
Eelco Dolstra 306c154632
Merge pull request #4592 from NixOS/ca/remote-cache
Substitute content-addressed derivations
2021-03-15 16:22:42 +01:00
Domen Kožar 8127094f76
Merge pull request #4577 from abathur/simplify_install_tests
simplify changing cachix cache for install tests
2021-03-11 15:32:13 +00:00
Eelco Dolstra 3bb1becdbb
Merge pull request #4566 from orbekk/master
Add support for bare git repositories when using git+file
2021-03-11 10:38:07 +01:00
regnat 89013bdd7e Add a nix realisation command for working on realisations
Currently only has `nix realisation info`, more to come probably
2021-03-09 10:16:44 +01:00
Eelco Dolstra 1c0e3e453d
Merge pull request #4601 from lovesegfault/fix-4598
nix-build: check that envCommand exists
2021-03-08 10:13:39 +01:00
Eelco Dolstra 8ce2045ecc
Merge pull request #4614 from abathur/patch-1
remove doc for obsolete --no-build-hook flag
2021-03-08 10:07:17 +01:00
Eelco Dolstra c5a232dda7
Merge pull request #4615 from NixOS/nix-show-stats-with-nix-cmd
Make NIX_SHOW_STATS work with new-style commands
2021-03-08 09:56:59 +01:00
Travis A. Everett ac8ba2eae4
remove doc for obsolete --no-build-hook flag
`--no-build-hook` appears to have been removed in 25f32625e2
2021-03-06 19:51:29 -06:00
Eelco Dolstra 52b6e0f837
Merge pull request #4606 from obsidiansystems/avoid-stringify-store-path
Avoid some StorePath -> Path -> StorePath roundtrips
2021-03-05 11:18:14 +01:00
Bernardo Meurer 6e849e3b0a
nix-build: set execfail
When starting a nix-shell with `-i` it was previously possible for it to
silently fail in the scenario where the specified interpreter didn't
exist. This happened due to the `exec` call masking the issue.

With this change we enable `execfail`, which causes the script using
`nix-shell` as interpreter to correctly exit with code 127.

Fixes: #4598
2021-03-04 18:54:45 -08:00
John Ericson 6212e89bf6 Avoid some StorePath -> Path -> StorePath roundtrips
There were done when StorePath was defined in Rust and there were some
FFI issues. This is no longer an issue.
2021-03-05 00:49:46 +00:00
Eelco Dolstra 665d4ec2da nix repl :doc: Don't return docs for partially applied primops
This gives misleading results for Nixpkgs functions like lib.toUpper.

Fixes #4596.
2021-03-03 17:52:57 +01:00
Eelco Dolstra 1b2f5786d1
Merge pull request #4595 from dramforever/fetcher-http-redirect
libfetchers/tarball: Lock on effectiveUrl
2021-03-02 16:38:19 +01:00
regnat 7331da99ab Make NIX_SHOW_STATS work with new-style commands 2021-03-02 14:59:12 +01:00
dramforever fc6bfb261d libfetchers/tarball: Lock on effectiveUrl
Basically, if a tarball URL is used as a flake input, and the URL leads
to a redirect, the final redirect destination would be recorded as the
locked URL.

This allows tarballs under https://nixos.org/channels to be used as
flake inputs. If we, as before, lock on to the original URL it would
break every time the channel updates.
2021-03-02 21:56:50 +08:00
Kjetil Orbekk 92a234322f Add test for git+file with bare repository 2021-03-01 09:03:25 -05:00
Kjetil Orbekk 9931f18c2d Add support for bare git repositories with git+file
Local git repositories are normally used directly instead of
cloning. This commit checks if a repo is bare and forces a
clone.

Co-authored-by: Théophane Hufschmitt <regnat@users.noreply.github.com>
2021-03-01 09:03:25 -05:00
regnat 93b5a59b67 Add a test for the remote caching of CA derivations 2021-03-01 14:00:17 +01:00
regnat df9d4f88d5 Allow substituting drv outputs when building 2021-03-01 14:00:17 +01:00
regnat 5d1c05b075 SubstitutionGoal -> PathSubstitutionGoal
To prepare for the upcoming DrvOutputSubstitutionGoal
2021-03-01 14:00:17 +01:00
Eelco Dolstra e64cf8e0a3
Merge pull request #4574 from grahamc/libstore-ssh-host-key
libstore: support passing a builder's public SSH host key
2021-03-01 13:12:18 +01:00
Eelco Dolstra 99b93773de
Merge pull request #4582 from puckipedia/cppflags
mk: add support for CPPFLAGS
2021-03-01 13:08:14 +01:00
Eelco Dolstra c32a7c3404 Merge remote-tracking branch 'origin/ca/move-tests-to-their-own-directory' 2021-03-01 12:57:29 +01:00
Eelco Dolstra 7d578aaba1
Merge pull request #4583 from puckipedia/revert-jar-support
Revert "Add support for building JARs from Java sources"
2021-03-01 11:56:26 +01:00
regnat 259d6778ef Move the CA tests to a sub-directory
Requires a slight update to the test infra to work properly, but
having the possibility to group tests that way makes the whole thing
quite cleaner imho
2021-03-01 11:08:01 +01:00
Domen Kožar 73b3e6cd46
Merge pull request #4581 from puckipedia/fix-libseccomp
Properly propagate libseccomp linker flags
2021-02-27 10:51:43 +00:00
Puck Meerburg 2d7917f035 Revert "Add support for building JARs from Java sources"
This reverts commit 259086de84.
2021-02-26 23:06:58 +00:00
Puck Meerburg 7241fdc3d2 Properly propagate libseccomp linker flags 2021-02-26 23:01:16 +00:00
Puck Meerburg bd0b0f9ab7 mk: add support for CPPFLAGS 2021-02-26 22:56:51 +00:00
Travis A. Everett 12ec962dd8 simplify changing cachix cache for install tests
- convert cachix cache name from an env into a secret so it (along
  with the token/key) can be set once per fork
- use CACHIX_AUTH_TOKEN in addition to CACHIX_SIGNING_KEY; it looks
  like cachix will try signing key first, then auth token.
2021-02-26 16:14:06 -06:00
Eelco Dolstra 6512be0a99
Merge pull request #4570 from obsidiansystems/split-building-planning
Split {,local-}derivation-goal.{cc,hh}
2021-02-26 20:00:02 +01:00
John Ericson 553b79f8c9 Remove unused redirectedBadOutputs 2021-02-26 16:10:54 +00:00
John Ericson d560311f76 Remove temporary #if 0...#endif from previous commit 2021-02-26 16:10:52 +00:00
John Ericson 68f4c728ec Split {,local-}derivation-goal.{cc,hh}
This separates the scheduling logic (including simple hook pathway) from
the local-store needing code.

This should be the final split for now. I'm reasonably happy with how
it's turning out, even before I'm done moving code into
`local-derivation-goal`. Benefits:

1. This will help "witness" that the hook case is indeed a lot simpler,
   and also compensate for the increased complexity that comes from
   content-addressed derivation outputs.

2. It also moves us ever so slightly towards a world where we could use
   off-the-shelf storage or sandboxing, since `local-derivation-goal`
   would be gutted in those cases, but `derivation-goal` should remain
   nearly the same.

The new `#if 0` in the new files will be deleted in the following
commit. I keep it here so if it turns out more stuff can be moved over,
it's easy to do so in a way that preserves ordering --- and thus
prevents conflicts.

N.B.
```sh
git diff HEAD^^ --color-moved --find-copies-harder --patience --stat
```
makes nicer output.
2021-02-26 16:10:26 +00:00
John Ericson 05cc5a8587 Copy {,local-}derivation-goal.{cc,h}
Doing this prior to splitting, so we get better diff with default
options (e.g. on GitHub).
2021-02-26 16:01:47 +00:00
Eelco Dolstra 94637cd7e5
Merge pull request #4477 from NixOS/ca/build-remote
Build ca derivations remotely
2021-02-26 16:54:44 +01:00
regnat f54976d77b Simplify the case where the drv is a purely input-addressed one 2021-02-26 16:35:05 +01:00
Eelco Dolstra 076d2b04da
Update src/libstore/build/derivation-goal.cc 2021-02-26 16:30:12 +01:00
Eelco Dolstra 17c98e03ea
Update src/build-remote/build-remote.cc 2021-02-26 16:29:37 +01:00
Eelco Dolstra 14f51880ba
Update src/build-remote/build-remote.cc 2021-02-26 16:29:30 +01:00
Eelco Dolstra 8d322f3c94 flake.lock: Update
Flake input changes:

* Updated 'nixpkgs': 'github:NixOS/nixpkgs/ad0d20345219790533ebe06571f82ed6b034db31' -> 'github:NixOS/nixpkgs/0e499fde7af3c28d63e9b13636716b86c3162b93'
2021-02-26 16:03:39 +01:00
Eelco Dolstra 453c3a603f nix flake update: Recreate the lock file
This is probably what most people expect it to do. Fixes #3781.

There is a new command 'nix flake lock' that has the old behaviour of
'nix flake update', i.e. it just adds missing lock file entries unless
overriden using --update-input.
2021-02-26 14:55:54 +01:00
Eelco Dolstra 20ea1de77d Use std::make_unique 2021-02-26 12:35:29 +01:00
Eelco Dolstra 73daffb81b Merge remote-tracking branch 'origin/deduplicate-static-hashes-computation' 2021-02-26 12:30:25 +01:00