Commit graph

12311 commits

Author SHA1 Message Date
Bernardo Meurer 931930feb1 fix(libstore/lock): support users that belong to more than 10 groups
The manpage for `getgrouplist` says:

> If the number of groups of which user is a member is less than or
> equal to *ngroups, then the value *ngroups is returned.
>
> If the user is a member of more than *ngroups groups, then
> getgrouplist() returns -1.  In this case, the value returned in
> *ngroups can be used to resize the buffer passed to a further
> call getgrouplist().

In our original code, however, we allocated a list of size `10` and, if
`getgrouplist` returned `-1` threw an exception. In practice, this
caused the code to fail for any user belonging to more than 10 groups.

While unusual for single-user systems, large companies commonly have a
huge number of POSIX groups users belong to, causing this issue to crop
up and make multi-user Nix unusable in such settings.

The fix is relatively simple, when `getgrouplist` fails, it stores the
real number of GIDs in `ngroups`, so we must resize our list and retry.
Only then, if it errors once more, we can raise an exception.

This should be backported to, at least, 2.9.x.
2022-06-08 13:45:41 -04:00
Eelco Dolstra 12e86c0735
Merge pull request #6630 from edolstra/boost-dylib
Remove ${boost}/lib from the RPATH
2022-06-08 17:55:21 +02:00
Eelco Dolstra 7b968af930
Update docker.nix
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2022-06-08 17:41:31 +02:00
Eelco Dolstra 4a3f217bde
Remove ${boost}/lib from the RPATH 2022-06-08 15:51:35 +02:00
Théophane Hufschmitt 694b12052a
Merge pull request #6624 from NixOS/new-flake-style
flake.nix: Convert to new naming convention
2022-06-08 13:34:09 +02:00
Eelco Dolstra e88892dc21
Merge pull request #6627 from asymmetric/key-comment
Fix missing ` in key manual
2022-06-08 12:10:52 +02:00
Lorenzo Manacorda 814ddfa5f5 Fix missing ` in key manual 2022-06-08 11:46:50 +02:00
Jonpez2 a7d25d339d
Add security.csm to the default ignore list 2022-06-08 09:32:14 +01:00
Eelco Dolstra b2dea231cf
Merge pull request #6618 from afishhh/search-exclude
Add `-e`/`--exclude` flag to `nix search`
2022-06-07 19:01:36 +02:00
Fishhh 9ae22b1fde
Use grep -c instead of grep|wc -l in some nix search tests 2022-06-07 18:25:59 +02:00
Fishhh 0338cf5539
Add tests for --exclude flag in nix search 2022-06-07 18:25:52 +02:00
Fishhh e009367c8d
Remove redundant std::moves in calls to hiliteMatches 2022-06-07 18:25:52 +02:00
Fishhh b42358b9be
Add --exclude flag to nix search
If a package's attribute path, description or name contains matches for any of the
regexes specified via `-e` or `--exclude` that package is excluded from
the final output.
2022-06-07 18:25:48 +02:00
Eelco Dolstra 8977cdee6a
Merge pull request #6598 from cole-h/update-flake-for-real
flake: update to 22.05
2022-06-07 15:13:16 +02:00
Eelco Dolstra faf80fa920
Convert to new flake style
https://github.com/NixOS/nix/issues/5532
2022-06-07 14:36:23 +02:00
Eelco Dolstra 0f8754cd30
Fix 22.05 eval warnings 2022-06-07 14:27:10 +02:00
Eelco Dolstra 5a9d83aa59
Disable cross builds on platforms other than x86_64-linux
Needed because evaluation was broken on x86_64-darwin.
2022-06-07 14:27:06 +02:00
Eelco Dolstra 739c358c68
Merge pull request #6602 from cw789/patch-2
Explain exactly what nix-upgrade nix does
2022-06-07 13:08:56 +02:00
Malte Brandy bf2f25e3d8 respect print-missing variable in new-style build command
Currently nix-build prints the "printMissing" information by default,
nix build doesn’t.
People generally don‘t notice this because the standard log-format of
nix build would not display the printMissing
output long enough to perceive the information.

This addresses https://github.com/NixOS/nix/issues/6561
2022-06-06 21:15:31 +02:00
Jonpez2 0cd560c95d
Add security.csm to ignored-acls
The security.csm ACL is, as far as I know, never reasonable to remove, so let's add it to the ignore-list in the vanilla nix image.  This makes this image usable on GKE.
2022-06-06 16:56:42 +01:00
Fishhh d137ceccef
Fix incorrect comment in hiliteMatches 2022-06-05 20:30:18 +02:00
Eelco Dolstra 1dd7253133
Merge pull request #6603 from abathur/installer_fix_vi_swapfile
darwin-install: work around existing vim swap files
2022-06-03 08:51:48 +02:00
Eelco Dolstra 2097c30b08
Merge pull request #6600 from asymmetric/hash-comment
schema.sql: add comment about hash being in base16
2022-06-03 08:51:07 +02:00
Eelco Dolstra b2edca1def
Merge pull request #6610 from edolstra/random-fixes
Random fixes/improvements from the lazy-trees branch
2022-06-03 08:50:16 +02:00
Eelco Dolstra 28e08822a3
Avoid unnecessary string copy 2022-06-02 21:26:28 +02:00
Eelco Dolstra abb80cfa4c
Add operator for concatenating strings and string_views 2022-06-02 21:26:21 +02:00
Eelco Dolstra 24b3a500a7
Typo 2022-06-02 21:21:10 +02:00
Eelco Dolstra 81a486c607
Shut up clang warnings 2022-06-02 21:19:54 +02:00
Eelco Dolstra 2868acb4a5
tests/flakes.sh: Fix some ignored breakage 2022-06-02 21:19:16 +02:00
Chris Wögi 51b3cc151e Explain exactly what nix-upgrade nix does 2022-06-02 15:05:27 +02:00
Théophane Hufschmitt 1892355766
Merge pull request #5813 from pennae/lto
enable LTO in optimized builds
2022-06-01 19:07:58 +02:00
Théophane Hufschmitt a5f7b934bd
Merge branch 'master' into lto 2022-06-01 17:55:03 +02:00
Travis A. Everett 505d6ee5e2 darwin-install: work around existing vim swapfiles
User on Matrix reported install problems which presented as
"vifs:editing error" which we traced back to vim griping about an
existing swap file. When opened interactively, it did this:

E325: ATTENTION
Found a swap file by the name "/etc/.fstab.swp"
owned by: root dated: Sön Apr 24 16:54:10 2022
file name: /private/etc/fstab
modified: YES
user name: root host name: MBP.local
process ID: 1698
While opening file "/etc/fstab"
dated: Sön Apr 24 16:56:27 2022
NEWER than swap file!
...
2022-06-01 09:41:00 -05:00
Lorenzo Manacorda a9358a6097 schema.sql: add comment about hash being in base16 2022-06-01 14:59:57 +02:00
Maximilian Bosch 159b5815b5
repl: --option pure-eval true actually enables pure eval mode
To quote Eelco in #5867:

> Unfortunately we can't do
>
>     evalSettings.pureEval.setDefault(false);
>
> because then we have to do the same in main.cc (where
> pureEval is set to true), and that would allow pure-eval
> to be disabled globally from nix.conf.

Instead, a command should specify that it should be impure by
default. Then, `evalSettings.pureEval` will be set to `false;` unless
it's overridden by e.g. a CLI flag.

In that case it's IMHO OK to be (theoretically) able to override
`pure-eval` via `nix.conf` because it doesn't have an effect on commands
where `forceImpureByDefault` returns `false` (i.e. everything where pure
eval actually matters).

Closes #5867
2022-05-31 22:20:11 +02:00
Cole Helbling dbf0d3a150 tests/nss-preload: move nix-fetch binding 2022-05-31 12:14:34 -07:00
Cole Helbling bd0192d0bb flake: update to 22.05
The static build works now :)
2022-05-31 11:51:17 -07:00
Eelco Dolstra 078c80f750
Merge pull request #6582 from NixOS/debug-fetchgit-sigsev
Fix a segfault in the git fetcher
2022-05-31 17:17:37 +02:00
Eelco Dolstra 04a699b8a9
Typo 2022-05-31 10:38:03 +02:00
Eelco Dolstra 403201e011
Merge pull request #6537 from cole-h/update-flake
flake: use github: reference to nixpkgs
2022-05-31 08:30:42 +02:00
Eelco Dolstra 929ab5b195
Bump version 2022-05-30 21:11:20 +02:00
Eelco Dolstra de13b44573
Branch 2.9 release notes 2022-05-30 20:42:55 +02:00
Eelco Dolstra af23d38019
Merge pull request #6590 from edolstra/fix-noexcept
Fix noexcept violations
2022-05-30 17:45:44 +02:00
Eelco Dolstra 452dba510d
Mark nix-perl as a Perl module
The call to perl.withPackages in nix-serve expects this.
2022-05-30 14:10:26 +02:00
Eelco Dolstra a72e75e6b6
Merge pull request #6589 from edolstra/respect-output-specified
Respect the outputSpecified attribute
2022-05-30 13:40:07 +02:00
Eelco Dolstra 948515efb7
Set meta.platforms
'nix-serve' in nixpkgs expects the nix package to set this.
2022-05-30 13:35:28 +02:00
Eelco Dolstra 6378f0bb32
RemoteStore::queryRealisationUncached(): Fix potential noexcept violation 2022-05-30 13:27:13 +02:00
Eelco Dolstra b8faa83742
HttpBinaryCacheStore::getFile(): Don't throw an exception
This violates the noexcept specification.

Fixes #6445.
2022-05-30 13:24:04 +02:00
Eelco Dolstra 8e8e9d8705
Respect the outputSpecified attribute
E.g. 'nix build nixpkgs#libxml2.dev' will build the 'dev' output.
2022-05-30 11:34:47 +02:00
Théophane Hufschmitt 027fd45230 Fix a segfault in the git fetcher
The git fetcher code used to dereference the (potentially empty) `ref`
input attribute. This was magically working, probably because the
compiler somehow outsmarted us, but is now blowing up with newer nixpkgs
versions.

Fix that by not trying to access this field while we don't know for sure
that it has been defined.

Fix #6554
2022-05-27 16:15:28 +02:00