Ben Radford
c1d39de1fb
Check _NIX_TEST_NO_SANDBOX when setting _canUseSandbox.
2023-07-11 12:08:33 +01:00
Ben Radford
b8e8dfc3e8
Say a bit about default value in setting description.
2023-07-11 11:25:49 +01:00
Ben Radford
a193ec4052
Default should depend on whether we are root.
2023-07-11 11:14:13 +01:00
Ben Radford
2b4c59dd99
Be clearer about the security implications.
2023-07-11 11:09:25 +01:00
Ben Radford
0caf28f238
Update description for require-drop-supplementary-groups.
2023-07-11 10:57:14 +01:00
Ben Radford
07dabcc90e
Always attempt setgroups but allow failure to be ignored.
2023-07-11 10:44:05 +01:00
Ben Radford
25b20b4ad2
Merge remote-tracking branch 'origin/master' into best-effort-supplementary-groups
2023-07-11 09:38:34 +01:00
John Ericson
c2c8187118
Fix test file name
...
It's UTF-8, not UFT-8.
2023-07-10 20:58:19 -04:00
John Ericson
4a880c3cc0
Merge pull request #8579 from obsidiansystems/findPath-cleanup-2
...
Further search path cleanups
2023-07-10 09:59:01 -04:00
Eelco Dolstra
fea7d3b1cd
Merge pull request #8681 from inclyc/libexpr/parser-move-noeffect
...
libexpr: remove std::move() for `basePath` in parser, it has no effect
2023-07-10 13:30:42 +02:00
Eelco Dolstra
7bb8d16fcc
Merge pull request #8660 from Hoverbear/nix-daemon.service-tasksmax-infinity
...
nix-daemon.service: Add TasksMax=1048576
2023-07-10 13:09:51 +02:00
Bader AlAttar
3fa0266e7a
Fix some grammar in installables doc ( #8682 )
2023-07-10 09:33:04 +00:00
Yingchi Long
3d74e7b811
libexpr: remove std::move() for basePath
in parser, it has no effect
2023-07-10 12:02:29 +08:00
John Ericson
028b26a77f
Merge pull request #8370 from hercules-ci/fetchClosure-input-addressed
...
`fetchClosure`: input addressed and pure
2023-07-09 23:41:22 -04:00
John Ericson
be518e73ae
Clean up SearchPath
...
- Better types
- Own header / C++ file pair
- Test factored out methods
- Pass parsed thing around more than strings
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-09 23:22:22 -04:00
John Ericson
87dcd09047
Clean up resolveSearchPathElem
...
We should use `std::optional<std::string>` not `std::pair<bool,
std::string>` for an optional string.
2023-07-09 23:13:30 -04:00
Robert Hensing
8d871e1822
Merge pull request #8612 from NixOS/labeler-tests-to-with-tests
...
labeler.yml: tests -> with-tests
2023-07-08 19:21:25 +02:00
Ana Hobden
d76bf29c5f
Choose a reasonable number similar to LimitNOFile
2023-07-07 07:52:16 -07:00
9fc82de493
signing.sh: Revert test improvement because it fails on GHA + macOS
2023-07-07 15:37:09 +02:00
John Ericson
903700c5e1
Simplify ContentAddress
...
Whereas `ContentAddressWithReferences` is a sum type complex because different
varieties support different notions of reference, and
`ContentAddressMethod` is a nested enum to support that,
`ContentAddress` can be a simple pair of a method and hash.
`ContentAddress` does not need to be a sum type on the outside because
the choice of method doesn't effect what type of hashes we can use.
Co-Authored-By: Cale Gibbard <cgibbard@gmail.com>
2023-07-07 07:30:01 -04:00
b4b02d084f
fetchClosure: Interleave the examples in the docs
2023-07-07 11:40:40 +02:00
Robert Hensing
537e8beb77
fetchClosure: Apply suggestions from code review
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-07 11:00:40 +02:00
Ana Hobden
4b2f155f0a
nix-daemon.service: Add TasksMax=infinity
2023-07-06 09:02:27 -07:00
Eelco Dolstra
6db66ebfc5
Merge pull request #8631 from iFreilicht/profile-list
...
Profile list improvements
2023-07-05 16:06:17 +02:00
Théophane Hufschmitt
82d6699976
Document the path flakeref format ( #8640 )
...
* Document the path flakeref format
Fix https://github.com/NixOS/nix/issues/8482
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-04 08:39:08 +00:00
Eelco Dolstra
2898dc71a8
Merge pull request #8633 from inclyc/libexpr/fix-data-race-in-lexer.l
...
libexpr: use `thread_local` to make the parser thread-safe
2023-07-03 13:29:47 +02:00
Eelco Dolstra
5fbfbb4c7c
Fix test
2023-07-03 12:23:57 +02:00
Eelco Dolstra
a353412c43
nix profile list: Add --json flag
...
This just dumps the profile manifest to stdout.
2023-07-03 12:23:57 +02:00
Eelco Dolstra
b8e8f27159
Rename 'resolvedRef' to 'lockedRef'
...
'resolvedRef' was incorrect, since a resolved ref is one after
registry resolution, which may still be unlocked (e.g. 'nixpkgs' ->
'github:NixOS/nixpkgs').
2023-07-03 12:23:57 +02:00
Yingchi Long
3c90340fe6
libexpr: use thread_local
to make the parser thread-safe
...
If we call `adjustLoc`, the global variable `prev_yylloc` is shared
between threads and racy.
Currently, nix itself does not concurrently parsing files, but this is
helpful for libexpr users. (The parser is thread-safe except this.)
2023-07-03 16:05:43 +08:00
Eelco Dolstra
87b82db881
nix profile list: Improve readability of the output
2023-07-02 16:17:09 +02:00
Robert Hensing
7b39a388b3
Merge pull request #8566 from inclyc/nixd/value-print-depth
...
libexpr: extend `Value::print` to allow limited depth
2023-07-01 20:08:52 +02:00
Robert Hensing
d05d175ddf
Merge pull request #8619 from hercules-ci/issue-8616-dont-install-test-program
...
tests: Don't install test-libstoreconsumer program
2023-07-01 00:17:07 +02:00
a6c17097d2
tests: Don't install test-libstoreconsumer program
...
Sorry about that.
Fixes https://github.com/NixOS/nix/issues/8616
2023-06-30 23:36:27 +02:00
fefb947132
tests/signing.sh: Check signature checking error message
...
We should check error messages, so that we know the command fails for
the right reason.
Alternatively, a mere typo can run the test undetected.
2023-06-30 18:23:44 +02:00
1db81f7107
tests/fetchClosure: Improve coverage of new and some existing flows
2023-06-30 18:23:44 +02:00
Robert Hensing
40052c7613
fetchClosure: Docs and error message improvements
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-06-30 18:23:42 +02:00
50de11d662
doc: Improve fetchClosure
documentation
2023-06-30 18:23:24 +02:00
32c69e2b17
doc: Typo
2023-06-30 18:22:47 +02:00
dc79636007
fetchClosure: Refactor: replace enableRewriting
...
A single variable is nice and self-contained.
2023-06-30 18:22:47 +02:00
5bdca46117
fetchClosure: Split into three cases
2023-06-30 18:22:47 +02:00
55888633dd
makeContentAddressed: Add single path helper
2023-06-30 18:22:47 +02:00
8dca95386c
fetchClosure: Disallow toPath for inputAddressed = true
2023-06-30 18:22:47 +02:00
508aa58e67
fetchClosure: Always check that inputAddressed matches the result
2023-06-30 18:22:47 +02:00
ea30f152b7
fetchClosure: Allow input addressed paths in pure mode
...
When explicitly requested by the caller, as suggested in the meeting
(https://github.com/NixOS/nix/pull/8090#issuecomment-1531139324 )
> @edolstra: { toPath } vs { fromPath } is too implicit
I've opted for the `inputAddressed = true` requirement, because it
we did not agree on renaming the path attributes.
> @roberth : more explicit
> @edolstra: except for the direction; not immediately clear in which direction the rewriting happens
This is in fact the most explicit syntax and a bit redundant, which is
good, because that redundancy lets us deliver an error message that
reminds expression authors that CA provides a better experience to
their users.
2023-06-30 18:22:43 +02:00
7e5b6d2c45
fetchClosure: Refactor: rename toCA -> enableRewriting
2023-06-30 18:19:56 +02:00
0f6d596df5
fetchClosure: Factor out attribute hint
2023-06-30 18:19:56 +02:00
Eelco Dolstra
7b5ca7ebe2
Merge pull request #8614 from ShamrockLee/quickfix-exdev
...
linkOrCopy: Fallback upon cross-device link error (EXDEV)
2023-06-30 16:42:42 +02:00
Yueh-Shun Li
eebfe989a5
linkOrCopy: Fallback upon cross-device link error (EXDEV)
...
Fix building derivations in local chroot store on OpenAFS,
where hard linking accross directories causes cross-device link error
(EXDEV).
2023-06-30 21:12:26 +08:00
Robert Hensing
685f1bb386
labeler.yml: tests -> with-tests
2023-06-30 15:10:07 +02:00