Théophane Hufschmitt
a8d5bb5e7e
Merge pull request #8342 from NixLayeredStore/best-effort-supplementary-groups
...
Best effort supplementary groups
2023-07-17 20:58:17 +02:00
Sinan Mohd
a5c88f8609
Nix Reference Manual: keep nix expressions uptodate with nixpkgs ( #8703 )
2023-07-16 09:25:11 +00:00
John Ericson
bc499b2e4e
Merge pull request #8696 from NixLayeredStore/nested-sandboxing
...
Test nested sandboxing, and make nicer error
2023-07-14 10:25:38 -04:00
John Ericson
0f7242ff87
Test nested sandboxing, and make nicer error
...
We were bedeviled by sandboxing issues when working on the layered
store. The problem ended up being that when we have nested nix builds,
and the inner store is inside the build dir (e.g. store is
`/build/nix-test/$name/store`, build dir is `/build`) bind mounts
clobber each other and store paths cannot be found.
After thoroughly cleaning up `local-derivation-goal.cc`, we might be
able to make that work. But that is a lot of work. For now, we just fail
earlier with a proper error message.
Finally, test this: nested sandboxing without the problematic store dir
should work, and with should fail with the expected error message.
Co-authored-by: Dylan Green <67574902+cidkidnix@users.noreply.github.com>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-14 09:40:24 -04:00
Robert Hensing
6d9f1a8dcc
Merge pull request #8691 from obsidiansystems/built-path
...
Move `BuiltPath` to its own header/C++ file in libcmd
2023-07-14 13:12:16 +02:00
cidkidnix
adb28d4a26
move unset NIX_STORE_DIR in supplementary-groups.sh
...
to inside the unshare
2023-07-13 14:23:24 -05:00
cidkidnix
1a13757880
Add comment regarding the unset of NIX_STORE_DIR
...
in build-remote.sh and supplementary-groups.sh
2023-07-13 14:18:12 -05:00
John Ericson
84c4e6f0ac
Revert "Skip build-remote-trustless unless sandbox is supported."
...
This reverts commit 41412dc4ae
.
2023-07-13 15:06:50 -04:00
John Ericson
9e64f24340
Revert "Check _NIX_TEST_NO_SANDBOX when setting _canUseSandbox."
...
This reverts commit c1d39de1fb
.
2023-07-13 15:06:34 -04:00
John Ericson
ddc0a2050b
Merge remote-tracking branch 'upstream/master' into best-effort-supplementary-groups
2023-07-13 15:06:08 -04:00
John Ericson
bbc08a11f4
Merge pull request #8694 from obsidiansystems/fix-lang-tests
...
Fix race condition in the language tests
2023-07-13 09:13:25 -04:00
John Ericson
e072e18475
Fix race condition in the language tests
...
When we pipe to `>(...)` like that, we unfortunately don't wait for the
process to finish. Better to just substitute the file.
Also, use the "unified" diff output that people (including myself) are
more familiar with, thanks to Git.
2023-07-13 08:09:03 -04:00
John Ericson
2c3fb0eb33
Move BuiltPath
to its own header/C++ file in libcmd
...
It is less important, and used less widely, than `DerivedPath`.
2023-07-12 23:01:10 -04:00
Ben Radford
a2acd23466
Update src/libstore/globals.hh
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-12 12:33:05 +01:00
Ben Radford
0309f6b5b8
Update src/libstore/globals.hh
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-12 12:32:57 +01:00
John Ericson
cafb5e8a17
Merge pull request #7954 from obsidiansystems/lang-test-improvements
...
Language test improvements
2023-07-11 22:24:02 -04:00
Mathnerd314
c70484454f
Expanded test suite
...
* Lang now verifies errors and parse output
* Some new miscellaneous tests
* Easy way to update the tests
* Document workflow in manual
* Use `!` not `~` as separater char for sed
It is confusing to use `~` when we are talking about paths and home
directories!
* Test test suite itself (`test/lang-test/infra.sh`)
Additionally, run shellcheck on `tests/lang.sh` to help ensure it is
correct, now that is is more complex.
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-11 21:43:09 -04:00
Ben Radford
41412dc4ae
Skip build-remote-trustless unless sandbox is supported.
2023-07-11 12:52:59 +01:00
Ben Radford
c1d39de1fb
Check _NIX_TEST_NO_SANDBOX when setting _canUseSandbox.
2023-07-11 12:08:33 +01:00
Ben Radford
b8e8dfc3e8
Say a bit about default value in setting description.
2023-07-11 11:25:49 +01:00
Ben Radford
a193ec4052
Default should depend on whether we are root.
2023-07-11 11:14:13 +01:00
Ben Radford
2b4c59dd99
Be clearer about the security implications.
2023-07-11 11:09:25 +01:00
Ben Radford
0caf28f238
Update description for require-drop-supplementary-groups.
2023-07-11 10:57:14 +01:00
Ben Radford
07dabcc90e
Always attempt setgroups but allow failure to be ignored.
2023-07-11 10:44:05 +01:00
Ben Radford
25b20b4ad2
Merge remote-tracking branch 'origin/master' into best-effort-supplementary-groups
2023-07-11 09:38:34 +01:00
John Ericson
c2c8187118
Fix test file name
...
It's UTF-8, not UFT-8.
2023-07-10 20:58:19 -04:00
John Ericson
4a880c3cc0
Merge pull request #8579 from obsidiansystems/findPath-cleanup-2
...
Further search path cleanups
2023-07-10 09:59:01 -04:00
Eelco Dolstra
fea7d3b1cd
Merge pull request #8681 from inclyc/libexpr/parser-move-noeffect
...
libexpr: remove std::move() for `basePath` in parser, it has no effect
2023-07-10 13:30:42 +02:00
Eelco Dolstra
7bb8d16fcc
Merge pull request #8660 from Hoverbear/nix-daemon.service-tasksmax-infinity
...
nix-daemon.service: Add TasksMax=1048576
2023-07-10 13:09:51 +02:00
Bader AlAttar
3fa0266e7a
Fix some grammar in installables doc ( #8682 )
2023-07-10 09:33:04 +00:00
Yingchi Long
3d74e7b811
libexpr: remove std::move() for basePath
in parser, it has no effect
2023-07-10 12:02:29 +08:00
John Ericson
028b26a77f
Merge pull request #8370 from hercules-ci/fetchClosure-input-addressed
...
`fetchClosure`: input addressed and pure
2023-07-09 23:41:22 -04:00
John Ericson
be518e73ae
Clean up SearchPath
...
- Better types
- Own header / C++ file pair
- Test factored out methods
- Pass parsed thing around more than strings
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-09 23:22:22 -04:00
John Ericson
87dcd09047
Clean up resolveSearchPathElem
...
We should use `std::optional<std::string>` not `std::pair<bool,
std::string>` for an optional string.
2023-07-09 23:13:30 -04:00
Robert Hensing
8d871e1822
Merge pull request #8612 from NixOS/labeler-tests-to-with-tests
...
labeler.yml: tests -> with-tests
2023-07-08 19:21:25 +02:00
Ana Hobden
d76bf29c5f
Choose a reasonable number similar to LimitNOFile
2023-07-07 07:52:16 -07:00
Robert Hensing
9fc82de493
signing.sh: Revert test improvement because it fails on GHA + macOS
2023-07-07 15:37:09 +02:00
Robert Hensing
b4b02d084f
fetchClosure: Interleave the examples in the docs
2023-07-07 11:40:40 +02:00
Robert Hensing
537e8beb77
fetchClosure: Apply suggestions from code review
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-07 11:00:40 +02:00
Ana Hobden
4b2f155f0a
nix-daemon.service: Add TasksMax=infinity
2023-07-06 09:02:27 -07:00
Eelco Dolstra
6db66ebfc5
Merge pull request #8631 from iFreilicht/profile-list
...
Profile list improvements
2023-07-05 16:06:17 +02:00
Théophane Hufschmitt
82d6699976
Document the path flakeref format ( #8640 )
...
* Document the path flakeref format
Fix https://github.com/NixOS/nix/issues/8482
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-04 08:39:08 +00:00
Eelco Dolstra
2898dc71a8
Merge pull request #8633 from inclyc/libexpr/fix-data-race-in-lexer.l
...
libexpr: use `thread_local` to make the parser thread-safe
2023-07-03 13:29:47 +02:00
Eelco Dolstra
5fbfbb4c7c
Fix test
2023-07-03 12:23:57 +02:00
Eelco Dolstra
a353412c43
nix profile list: Add --json flag
...
This just dumps the profile manifest to stdout.
2023-07-03 12:23:57 +02:00
Eelco Dolstra
b8e8f27159
Rename 'resolvedRef' to 'lockedRef'
...
'resolvedRef' was incorrect, since a resolved ref is one after
registry resolution, which may still be unlocked (e.g. 'nixpkgs' ->
'github:NixOS/nixpkgs').
2023-07-03 12:23:57 +02:00
Yingchi Long
3c90340fe6
libexpr: use thread_local
to make the parser thread-safe
...
If we call `adjustLoc`, the global variable `prev_yylloc` is shared
between threads and racy.
Currently, nix itself does not concurrently parsing files, but this is
helpful for libexpr users. (The parser is thread-safe except this.)
2023-07-03 16:05:43 +08:00
Eelco Dolstra
87b82db881
nix profile list: Improve readability of the output
2023-07-02 16:17:09 +02:00
Robert Hensing
7b39a388b3
Merge pull request #8566 from inclyc/nixd/value-print-depth
...
libexpr: extend `Value::print` to allow limited depth
2023-07-01 20:08:52 +02:00
Robert Hensing
d05d175ddf
Merge pull request #8619 from hercules-ci/issue-8616-dont-install-test-program
...
tests: Don't install test-libstoreconsumer program
2023-07-01 00:17:07 +02:00