nrabulinski/attic
1
1
Fork 1
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: nrabulinski:e6bedf1869f382cfc51b69848d6e09d51585ead6
Branches Tags
nrabulinski:main
...
compare: nrabulinski:4dbdbee45728d8ce5788db6461aaaa89d98081f0
Branches Tags
nrabulinski:main

10 commits
e6bedf1869 ... 4dbdbee457

Author SHA1 Message Date
Zhaofeng Li 4dbdbee457
Merge pull request #123 from winterqt/fix-build-on-newer-nix 
Fix build on Nix 2.19+
 2024-03-29 14:01:00 -06:00
Winter Cute 657db64e51 Fix build on Nix 2.19+ 
Nix 2.19 introduced a change [0] that broke how we compile our libnixstore
bindings, which requires adding an additional include directory when
we compile them.

[0]: b461cac21a
 2024-03-29 11:59:20 -06:00
Winter Cute 8e64f8ba45 Revert "Fix build on Darwin" 
This reverts commit bdafd64910, as this
workaround is no longer required on newer Nixpkgs.
 2024-03-27 17:20:19 -04:00
Winter Cute 60db437df0 Update nixpkgs 2024-03-27 17:20:19 -04:00
Zhaofeng Li 6eabc3f02f
Merge pull request #111 from jsoo1/restart-atticd-on-failure 
nixos: restart atticd on failure
 2024-02-14 07:47:33 -07:00
John Soo 8f5e3c1035
nixos: restart atticd on failure 2024-02-08 11:39:38 -07:00
Zhaofeng Li fbe252a5c2
Merge pull request #105 from JRMurr/fix-lint 
Remove un-used import
 2024-01-18 15:31:32 -07:00
Zhaofeng Li a7c878bffc
Merge pull request #49 from icewind1991/module-readwritepaths 
nixos: add storage path to ReadWritePaths
 2024-01-18 15:30:49 -07:00
John Murray 857c71671c
fix lint 2024-01-14 15:32:42 -05:00
Robin Appelman c98be70263 nixos: Add non-default storage path to ReadWritePaths 
This prevents "read-only storage" errors when setting a non-default
local storage path. The non-default path must exist beforehand.

Co-authored-by: Zhaofeng Li <hello@zhaofeng.li>
 2024-01-13 14:23:32 -07:00
7 changed files with 26 additions and 20 deletions
Show stats Expand all files Collapse all files

3
attic/build.rs
View file

@ -24,6 +24,9 @@ fn build_bridge() {
.flag("nix/config.h")
.flag("-idirafter")
.flag(hacky_include.path().to_str().unwrap())
// In Nix 2.19+, nix/args/root.hh depends on being able to #include "root.hh" (which is in its parent directory), for some reason
.flag("-I")
.flag(concat!(env!("NIX_INCLUDE_PATH"), "/nix"))
.compile("nixbinding");
println!("cargo:rerun-if-changed=src/nix_store/bindings");

2
client/src/cache.rs
View file

@ -14,7 +14,7 @@ use std::str::FromStr;
use anyhow::{anyhow, Result};
use serde::{Deserialize, Serialize};
pub use attic::cache::{CacheName, CacheNamePattern};
pub use attic::cache::{CacheName};
/// A reference to a cache.
#[derive(Debug, Clone)]

14
crane.nix
View file

@ -62,10 +62,8 @@ let
ATTIC_DISTRIBUTOR = "attic";
# Workaround for https://github.com/NixOS/nixpkgs/issues/166205
env = lib.optionalAttrs stdenv.cc.isClang {
NIX_LDFLAGS = "-l${stdenv.cc.libcxx.cxxabi.libName}";
};
# See comment in `attic/build.rs`
NIX_INCLUDE_PATH = "${lib.getDev nix}/include";
# See comment in `attic-tests`
doCheck = false;
@ -135,17 +133,15 @@ let
nativeBuildInputs = nativeBuildInputs ++ [ jq ];
# Workaround for https://github.com/NixOS/nixpkgs/issues/166205
env = lib.optionalAttrs stdenv.cc.isClang {
NIX_LDFLAGS = "-l${stdenv.cc.libcxx.cxxabi.libName}";
};
doCheck = true;
buildPhaseCargoCommand = "";
checkPhaseCargoCommand = "cargoWithProfile test --no-run --message-format=json >cargo-test.json";
doInstallCargoArtifacts = false;
# See comment in `attic/build.rs`
NIX_INCLUDE_PATH = "${lib.getDev nix}/include";
installPhase = ''
runHook preInstall

12
flake.lock
View file

@ -53,11 +53,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1702539185,
"narHash": "sha256-KnIRG5NMdLIpEkZTnN5zovNYc0hhXjAgv6pfd5Z4c7U=",
"lastModified": 1711401922,
"narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "aa9d4729cbc99dabacb50e3994dcefb3ea0f7447",
"rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
"type": "github"
},
"original": {
@ -69,11 +69,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702780907,
"narHash": "sha256-blbrBBXjjZt6OKTcYX1jpe9SRof2P9ZYWPzq22tzXAA=",
"lastModified": 1711460390,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1e2e384c5b7c50dbf8e9c441a9e58d85f408b01f",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
"type": "github"
},
"original": {

3
flake.nix
View file

@ -130,6 +130,9 @@
NIX_PATH = "nixpkgs=${pkgs.path}";
RUST_SRC_PATH = "${pkgs.rustPlatform.rustcSrc}/library";
# See comment in `attic/build.rs`
NIX_INCLUDE_PATH = "${lib.getDev pkgs.nix}/include";
ATTIC_DISTRIBUTOR = "dev";
};

6
nixos/atticd.nix
View file

@ -199,10 +199,16 @@ in
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
Restart = "on-failure";
RestartSec = 10;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
ReadWritePaths = let
path = cfg.settings.storage.path;
isDefaultStateDirectory = path == "/var/lib/atticd" || lib.hasPrefix "/var/lib/atticd/" path;
in lib.optionals (cfg.settings.storage.type or "" == "local" && !isDefaultStateDirectory) [ path ];
};
};

6
package.nix
View file

@ -49,10 +49,8 @@ in rustPlatform.buildRustPackage rec {
ATTIC_DISTRIBUTOR = "attic";
# Workaround for https://github.com/NixOS/nixpkgs/issues/166205
env = lib.optionalAttrs stdenv.cc.isClang {
NIX_LDFLAGS = "-l${stdenv.cc.libcxx.cxxabi.libName}";
};
# See comment in `attic/build.rs`
NIX_INCLUDE_PATH = "${lib.getDev nix}/include";
# Recursive Nix is not stable yet
doCheck = false;