Commit graph

8179 commits

Author SHA1 Message Date
Eelco Dolstra 160edd3f5d
Merge pull request #3440 from gnprice/pr-install-ro
installer: Set files read-only when copying into store
2020-03-23 09:14:12 +01:00
Eelco Dolstra 5885e20404
Merge pull request #3429 from LnL7/darwin-sandbox
darwin sandbox
2020-03-23 09:13:36 +01:00
Greg Price 26851dd2c2 installer: Set files read-only when copying into store
After installing Nix, I found that all the files and directories
initially copied into the store were writable, with mode 644 or 755:

  drwxr-xr-x 9 root root 4096 Dec 31  1969 /nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3

The reason is that that's how they were in the unpacked tarball, and
the install-multi-user script used `rsync -p` without doing anything
else to affect the permissions.

The plain `install` script for a single-user install takes care to
do a `chmod -R a-w` on each store path copied.  We could do the same
here with one more command; or we can pass `--chmod` to rsync, to
have it write the files with the desired modes in the first place.

Tested the new `rsync` command on both a Linux machine with a
reasonably-modern rsync (3.1.3) and a Mac with its default, ancient,
rsync 2.6.9, and it works as expected on both.  Thankfully the latter
is just new enough to have `--chmod`, which dates to rsync 2.6.7.
2020-03-22 23:07:20 -07:00
Ben Burdette f694f43d7d straightforward port of rust mockup code 2020-03-22 12:25:47 -06:00
Domen Kožar 7bc1961e1f
Merge pull request #3431 from pmiddend/install-script-test-for-xz
installer: also test for xz to unpack
2020-03-21 10:40:16 +01:00
Philipp Middendorf 9450dece24 installer: also test for xz to unpack 2020-03-21 09:31:39 +01:00
Daiderd Jordan 2e9bc1245c
sandbox: fix /bin/sh on catalina
Sadly 10.15 changed /bin/sh to a shim which executes bash, this means it
can't be used anymore without also opening up the sandbox to allow bash.

    Failed to exec /bin/bash as variant for /bin/sh (1: Operation not permitted).
2020-03-20 22:12:30 +01:00
Daiderd Jordan f6c122aaeb
sandbox: allow pty devices
Nix now runs builds with a pseudo-terminal to enable colored build
output.
2020-03-20 21:58:45 +01:00
Daiderd Jordan 7f2df903d9
libstore: relax default sandbox-paths on darwin 2020-03-20 21:31:20 +01:00
Daiderd Jordan afb78ebd34
libstore: disable resolve-system-dependencies hook
This is used to determine the dependency tree of impure libraries so nix
knows what paths to open in the sandbox.  With the less restrictive
defaults it isn't needed anymore.
2020-03-20 21:21:56 +01:00
Eelco Dolstra 4e67f89f38 Fix GitHub VM test 2020-03-20 15:03:18 +01:00
Eelco Dolstra bc5d4843a9 Fix coverage job 2020-03-20 13:39:39 +01:00
Eelco Dolstra 1537e270fb Merge remote-tracking branch 'origin/master' into flakes 2020-03-20 13:15:11 +01:00
Eelco Dolstra 1e6e673eb7 flake.nix: Switch to 20.03 2020-03-20 13:09:20 +01:00
Eelco Dolstra 4ef43198f3
Merge pull request #3426 from jakobrs/remote-gc-delete-opt
Remove the --delete option for --gc. Fixes #3343
2020-03-20 09:34:20 +01:00
jakobrs c5a488afc0 Remove the --delete option for --gc
Running `nix-store --gc --delete` will, as of Nix 2.3.3, simply fail
because the --delete option conflicts with the --delete operation.

  $ nix-store --gc --delete
  error: only one operation may be specified
  Try 'nix-store --help' for more information.

Furthermore, it has been broken since at least Nix 0.16 (which was
released sometime in 2010), which means that any scripts which depend
on it should have been broken at least nine years ago. This commit
simply formally removes the option. There should be no actual difference
in behaviour as far as the user is concerned: it errors with the exact
same error message. The manual has been edited to remove any references
to the (now gone) --delete option.

Other information:
* Path for Nix 0.16 used:
  /nix/store/rp3sgmskn0p0pj1ia2qwd5al6f6pinz4-nix-0.16
2020-03-19 19:41:23 +01:00
Eelco Dolstra ef74fafc03
nix repl: Put EvalState on the heap
See 0629601da1.
2020-03-19 13:52:28 +01:00
Eelco Dolstra b244e65cdb
nix repl: Scan NixRepl for GC roots
Fixes #3175.
2020-03-19 13:50:01 +01:00
Eelco Dolstra 8aa354fdfd
Register flake-registry.json as a GC root again 2020-03-19 11:45:34 +01:00
Eelco Dolstra 1c127e6a82
downloadFile(): Use expired file if the download fails 2020-03-19 11:42:50 +01:00
Eelco Dolstra f6ddf48882
Get rid of downloadCached()
Everything uses the generic caching system now.
2020-03-18 17:24:19 +01:00
Eelco Dolstra c5ec95e2c7
tarball.cc: Use ETags 2020-03-18 15:14:23 +01:00
Eelco Dolstra 1b49479836
Remove flake closure caching
This is not compatible with lazy flake input fetching.
2020-03-18 14:11:58 +01:00
Eelco Dolstra 1e7ce1d6da
tarball / github fetchers: Use generic caching system 2020-03-18 14:08:25 +01:00
Eelco Dolstra 38e360154d
Git: Use unified caching system 2020-03-17 22:35:29 +01:00
Eelco Dolstra d1165d8791
Require shallow clones to be requested explicitly
If you do a fetchTree on a Git repository, whether the result contains
a revCount attribute should not depend on whether that repository
happens to be a shallow clone or not. That would complicate caching a
lot and would be semantically messy. So applying fetchTree/fetchGit to
a shallow repository is now an error unless you pass the attribute
'shallow = true'. If 'shallow = true', we don't return revCount, even
if the repository is not actually shallow.

Note that Nix itself is not doing shallow clones at the moment. But it
could do so as an optimisation if the user specifies 'shallow = true'.

Issue #2988.
2020-03-17 22:35:29 +01:00
Eelco Dolstra 2a4e4f6a6e
Unified fetcher caching system 2020-03-17 22:35:29 +01:00
Eelco Dolstra fbcb897e21
Add a test for shallow Git clones
Also, don't return a revCount anymore for shallow or dirty Git trees,
since it's incorrect.

Closes #2988.
2020-03-16 13:20:32 +01:00
Eelco Dolstra 34c7645a58
Fix re-running the fetchGit.sh test 2020-03-16 12:30:11 +01:00
Eelco Dolstra b79b81dd2d
Merge pull request #3413 from Ericson2314/include-regex
Add missing `#include <regex>`
2020-03-14 09:25:06 +01:00
John Ericson 68fe0d9809 Add missing #include <regex> 2020-03-13 21:24:35 -04:00
Eelco Dolstra 779ef8f5ef
Merge pull request #3380 from contrun/no-attr-path-for-installed
display attr-path only when queried available
2020-03-13 19:26:20 +01:00
Eelco Dolstra 59c37112a9 README.md: Remove reference to OpenSSL
The OpenSSL files were removed in a6ca68a70c.

https://salsa.debian.org/debian/nix/issues/3
2020-03-13 18:42:53 +01:00
Eelco Dolstra 7304f9f145 Merge remote-tracking branch 'origin/master' into flakes 2020-03-13 18:36:47 +01:00
Eelco Dolstra 5392884eb1 Remove the 'release' job
Unless the 'tested' job in the Nixpkgs/NixOS jobsets, this job isn't
actually used for anything (e.g. we don't update a channel based on
whether 'release' succeeds).
2020-03-13 18:34:10 +01:00
Eelco Dolstra db34445c5e Build vendoredCrates in the overlay
This makes it build on non-x86_64-linux systems (needed in GitHub
actions).
2020-03-13 18:31:16 +01:00
Eelco Dolstra 3e1abf4f05 Merge remote-tracking branch 'origin/master' into flakes 2020-03-13 18:28:01 +01:00
Eelco Dolstra a692f90c80
Merge pull request #3410 from edolstra/no-tarball
Remove the tarball job
2020-03-13 18:20:09 +01:00
Eelco Dolstra 7c39201bcb
Remove the tarball job
Source tarballs are not very useful anymore. People who want to build
from source can also just build from the Git repository. Once upon a
time, the source tarball also saved users from needing a few
dependencies (e.g. bison and flex) but those are dwarfed by the other
dependencies, so it's no longer worth it.

Note: the release script should be updated to copy the vendoredCrates
tarball.
2020-03-13 18:05:22 +01:00
YI b6d794fb8d display attr-path only when queried available 2020-03-14 00:36:26 +08:00
Eelco Dolstra 073650db01 Do a deep fetch
Currently the build fails with

  warning: reject refs/heads/HEAD because shallow roots are not allowed to be updated
  error: Could not read 0c2088d438
  fatal: Failed to traverse parents of commit ea1803efdc
  error: program 'git' failed with exit code 128
2020-03-13 17:25:47 +01:00
Eelco Dolstra ea1803efdc Run checks 2020-03-13 17:13:54 +01:00
Eelco Dolstra 0c2088d438 Merge remote-tracking branch 'origin/master' into flakes 2020-03-13 17:03:30 +01:00
Eelco Dolstra eab7d790a3
Merge pull request #3409 from NixOS/github-actions
Add CI with github actions
2020-03-13 16:53:35 +01:00
Eelco Dolstra c0a3ff7d47
Fix macOS 2020-03-13 16:39:35 +01:00
Eelco Dolstra 858ad7a4b3 Remove callout graphics
Fixes #3396.
2020-03-13 16:32:43 +01:00
Eelco Dolstra 90b805ef25
Remove build and binaryTarball since they're included in installerScript 2020-03-13 15:56:25 +01:00
Domen Kožar 30962d21be
Add CI with github actions 2020-03-13 15:41:16 +01:00
Eelco Dolstra 9c7e90f414
style.css: Remove
This file is licensed under the GPL. Originally, Nix was also
GPL-licensed so that was fine. However, we later changed the license
to the LGPL but missed the fact that style.css has an incompatible
license.

Since the Nix manual at nixos.org uses its own styling, we can remove
this file.

Fixes #3392.
2020-03-13 15:02:32 +01:00
Eelco Dolstra cc5c81822d
mk/README.md: Remove
The make-rules repo is not maintained.
2020-03-13 14:50:51 +01:00