Commit graph

7769 commits

Author SHA1 Message Date
Dave Nicponski ca2be509b9 Verify $HOME is owned by current user in getHome(), if it exists.
Useful because a default `sudo` on darwin doesn't clear `$HOME`, so things like `sudo nix-channel --list`
will surprisingly return the USER'S channels, rather than `root`'s.

Other counterintuitive outcomes can be seen in this PR description:
  https://github.com/NixOS/nix/pull/6622
2022-06-17 17:42:08 -04:00
Eelco Dolstra 9f58df4c91
Merge pull request #6619 from Jonpez2/patch-1
Add security.csm to ignored-acls
2022-06-13 16:23:13 +02:00
Eelco Dolstra 798efdf10b
Merge pull request #6027 from Ma27/pure-repl
repl: `--option pure-eval true` actually enables pure eval mode
2022-06-13 16:11:46 +02:00
Eelco Dolstra 2fef24f528
Merge pull request #6634 from lovesegfault/fix-getgrouplist
fix(libstore/lock): support users that belong to more than 10 groups
2022-06-13 15:45:09 +02:00
Eelco Dolstra 95eccfd5db
Merge pull request #6648 from andersk/missing-rethrow
Add missing rethrows in conditional exception handlers
2022-06-13 15:37:38 +02:00
Théophane Hufschmitt 03226aa053
Merge pull request #6651 from ncfavier/nix-build-stop-logger
nix-build: stop logger when appropriate
2022-06-13 10:43:14 +02:00
Gabriel Fontes 9f6b4639c2
fix sourcehut brach/tag resolving regression
nixos/nix#6290 introduced a regex pattern to account for tags when
resolving sourcehut refs. nixos/nix#4638 reafactored the code,
accidentally treating the pattern as a regular string, causing all
non-HEAD ref resolving to break.

This fixes the regression and adds more test cases to avoid future
breakage.
2022-06-11 16:52:20 -03:00
Naïm Favier 502d7d9092
nix-build: stop logger when appropriate
Reverts b944b588fa in `nix-build.cc`.
2022-06-11 15:17:35 +02:00
Anders Kaseorg 754cd53faf Add missing rethrows in conditional exception handlers
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-06-10 10:52:41 -07:00
Yuriy Taraday 65d09fce22 Mention that -f implies --impure for eval in docs
Right now this is not mentioned anywhere and it is unexpected.
2022-06-10 19:16:17 +04:00
Théophane Hufschmitt 45ebaab665
Merge pull request #6643 from ncfavier/fix-git-again
libfetchers/git: add missing `--git-dir` flags
2022-06-10 14:33:32 +02:00
Naïm Favier da8f8668ca
libfetchers/git: add missing --git-dir flags 2022-06-10 12:57:13 +02:00
Sidharth Kshatriya 7868405d58 nix-env: A small std::move() optimization
Avoids doing a O(n) copy of Strings i.e. std::list<std::string>
2022-06-09 20:01:01 +05:30
Sidharth Kshatriya 3efea3d28a nix-store: small std::move() optimization 2022-06-09 16:25:26 +05:30
Bernardo Meurer 931930feb1 fix(libstore/lock): support users that belong to more than 10 groups
The manpage for `getgrouplist` says:

> If the number of groups of which user is a member is less than or
> equal to *ngroups, then the value *ngroups is returned.
>
> If the user is a member of more than *ngroups groups, then
> getgrouplist() returns -1.  In this case, the value returned in
> *ngroups can be used to resize the buffer passed to a further
> call getgrouplist().

In our original code, however, we allocated a list of size `10` and, if
`getgrouplist` returned `-1` threw an exception. In practice, this
caused the code to fail for any user belonging to more than 10 groups.

While unusual for single-user systems, large companies commonly have a
huge number of POSIX groups users belong to, causing this issue to crop
up and make multi-user Nix unusable in such settings.

The fix is relatively simple, when `getgrouplist` fails, it stores the
real number of GIDs in `ngroups`, so we must resize our list and retry.
Only then, if it errors once more, we can raise an exception.

This should be backported to, at least, 2.9.x.
2022-06-08 13:45:41 -04:00
Lorenzo Manacorda 814ddfa5f5 Fix missing ` in key manual 2022-06-08 11:46:50 +02:00
Jonpez2 a7d25d339d
Add security.csm to the default ignore list 2022-06-08 09:32:14 +01:00
Eelco Dolstra b2dea231cf
Merge pull request #6618 from afishhh/search-exclude
Add `-e`/`--exclude` flag to `nix search`
2022-06-07 19:01:36 +02:00
Fishhh e009367c8d
Remove redundant std::moves in calls to hiliteMatches 2022-06-07 18:25:52 +02:00
Fishhh b42358b9be
Add --exclude flag to nix search
If a package's attribute path, description or name contains matches for any of the
regexes specified via `-e` or `--exclude` that package is excluded from
the final output.
2022-06-07 18:25:48 +02:00
Eelco Dolstra 739c358c68
Merge pull request #6602 from cw789/patch-2
Explain exactly what nix-upgrade nix does
2022-06-07 13:08:56 +02:00
Fishhh d137ceccef
Fix incorrect comment in hiliteMatches 2022-06-05 20:30:18 +02:00
Eelco Dolstra 2097c30b08
Merge pull request #6600 from asymmetric/hash-comment
schema.sql: add comment about hash being in base16
2022-06-03 08:51:07 +02:00
Eelco Dolstra 28e08822a3
Avoid unnecessary string copy 2022-06-02 21:26:28 +02:00
Eelco Dolstra abb80cfa4c
Add operator for concatenating strings and string_views 2022-06-02 21:26:21 +02:00
Eelco Dolstra 81a486c607
Shut up clang warnings 2022-06-02 21:19:54 +02:00
Chris Wögi 51b3cc151e Explain exactly what nix-upgrade nix does 2022-06-02 15:05:27 +02:00
Théophane Hufschmitt a5f7b934bd
Merge branch 'master' into lto 2022-06-01 17:55:03 +02:00
Lorenzo Manacorda a9358a6097 schema.sql: add comment about hash being in base16 2022-06-01 14:59:57 +02:00
Maximilian Bosch 159b5815b5
repl: --option pure-eval true actually enables pure eval mode
To quote Eelco in #5867:

> Unfortunately we can't do
>
>     evalSettings.pureEval.setDefault(false);
>
> because then we have to do the same in main.cc (where
> pureEval is set to true), and that would allow pure-eval
> to be disabled globally from nix.conf.

Instead, a command should specify that it should be impure by
default. Then, `evalSettings.pureEval` will be set to `false;` unless
it's overridden by e.g. a CLI flag.

In that case it's IMHO OK to be (theoretically) able to override
`pure-eval` via `nix.conf` because it doesn't have an effect on commands
where `forceImpureByDefault` returns `false` (i.e. everything where pure
eval actually matters).

Closes #5867
2022-05-31 22:20:11 +02:00
Eelco Dolstra 078c80f750
Merge pull request #6582 from NixOS/debug-fetchgit-sigsev
Fix a segfault in the git fetcher
2022-05-31 17:17:37 +02:00
Eelco Dolstra af23d38019
Merge pull request #6590 from edolstra/fix-noexcept
Fix noexcept violations
2022-05-30 17:45:44 +02:00
Eelco Dolstra 6378f0bb32
RemoteStore::queryRealisationUncached(): Fix potential noexcept violation 2022-05-30 13:27:13 +02:00
Eelco Dolstra b8faa83742
HttpBinaryCacheStore::getFile(): Don't throw an exception
This violates the noexcept specification.

Fixes #6445.
2022-05-30 13:24:04 +02:00
Eelco Dolstra 8e8e9d8705
Respect the outputSpecified attribute
E.g. 'nix build nixpkgs#libxml2.dev' will build the 'dev' output.
2022-05-30 11:34:47 +02:00
Théophane Hufschmitt 027fd45230 Fix a segfault in the git fetcher
The git fetcher code used to dereference the (potentially empty) `ref`
input attribute. This was magically working, probably because the
compiler somehow outsmarted us, but is now blowing up with newer nixpkgs
versions.

Fix that by not trying to access this field while we don't know for sure
that it has been defined.

Fix #6554
2022-05-27 16:15:28 +02:00
Eelco Dolstra ec07a70979
Style fix 2022-05-27 11:25:05 +02:00
Sergei Trofimovich b36d5172cb src/libutil/json.cc: add missing <cstdint> include for gcc-13
Without the change llvm build fails on this week's gcc-13 snapshot as:

    src/libutil/json.cc: In function 'void nix::toJSON(std::ostream&, const char*, const char*)':
    src/libutil/json.cc:33:22: error: 'uint16_t' was not declared in this scope
       33 |             put(hex[(uint16_t(*i) >> 12) & 0xf]);
          |                      ^~~~~~~~
    src/libutil/json.cc:5:1: note: 'uint16_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
        4 | #include <cstring>
      +++ |+#include <cstdint>
        5 |
2022-05-26 18:37:15 +01:00
Eelco Dolstra 1e67582d75
Merge pull request #6576 from hercules-ci/daemon-increase-socket-backlog
Fix `Connection refused` on daemon socket
2022-05-26 12:43:45 +02:00
Eelco Dolstra 9acc770ce4
Remove pre-C++11 hackiness 2022-05-26 12:40:01 +02:00
Robert Hensing c156155239 createUnixDomainSocket: listen(unix, 5 -> 100)
This solves the error

    error: cannot connect to socket at '/nix/var/nix/daemon-socket/socket': Connection refused

on build farm systems that are loaded but operating normally.

I've seen this happen on an M1 mac running a loaded hercules-ci-agent.
Hercules CI uses multiple worker processes, which may connect to
the Nix daemon around the same time. It's not unthinkable that
the Nix daemon listening process isn't scheduled until after 6
workers try to connect, especially on a system under load with
many workers.

Is the increase safe?

The number is the number of connections that the kernel will buffer
while the listening process hasn't `accept`-ed them yet.
It did not - and will not - restrict the total number of daemon
forks that a client can create.

History

The number 5 has remained unchanged since the introduction in
nix-worker with 0130ef88ea in 2006.
2022-05-26 11:24:04 +02:00
Eelco Dolstra 762fa2b2ff
Merge pull request #6570 from edolstra/eof-in-string
Handle EOFs in string literals correctly
2022-05-26 08:13:39 +02:00
Ben Burdette 9068d32e12 remove parens from repl help 2022-05-25 12:55:58 -06:00
Ben Burdette 9a5ea6c359
Merge branch 'master' into debug-exploratory-PR 2022-05-25 10:41:10 -06:00
Ben Burdette b4c24a29c6 back to ref<EvalState> in NixRepl 2022-05-25 10:21:20 -06:00
Eelco Dolstra 27ebb97d0a
Handle EOFs in string literals correctly
We can't return a STR token without setting a valid StringToken,
otherwise the parser will crash.

Fixes #6562.
2022-05-25 17:58:13 +02:00
Eelco Dolstra d8398d33c9
Typo 2022-05-25 15:29:27 +02:00
Eelco Dolstra 89a8955e79
Merge remote-tracking branch 'origin/file-fetcher' 2022-05-25 15:15:16 +02:00
Eelco Dolstra 2f8a34cddc
Fix warning 2022-05-25 15:05:39 +02:00
pennae b092afe77d
Merge branch 'master' into lto 2022-05-25 11:55:13 +00:00