Commit graph

12637 commits

Author SHA1 Message Date
John Ericson 75c5191a1f Update doc/manual/src/design/overview.md
Co-authored-by: Valentin Gagarin <valentin@fricklerhandwerk.de>
2022-08-04 12:37:46 +02:00
John Ericson a04340f9a1 Update doc/manual/src/design/overview.md
Co-authored-by: Valentin Gagarin <valentin@fricklerhandwerk.de>
2022-08-04 12:37:46 +02:00
John Ericson f5386d7059 Fix stub file's name 2022-08-04 12:37:46 +02:00
John Ericson 678d75baea Start on the derivations section 2022-08-04 12:37:46 +02:00
John Ericson e3a0209a9e Move the bits on relocating store entires to the end
They are too advanced for up front.
2022-08-04 12:37:46 +02:00
John Ericson a210504bc7 Apply suggestions from code review 2022-08-04 12:37:46 +02:00
John Ericson e64633f98f Flesh out TOC 2022-08-04 12:37:46 +02:00
John Ericson a2b3160f28 Briefly describe the digest of a store path 2022-08-04 12:37:46 +02:00
John Ericson 523359d133 WIP: Document the design of Nix
The current docs are all "how to do things" and no "what is Nix" or "why
are things the way they are".

I see lots of misconception on the wider internet, and I also think we
would benefit from a "living document" to answer some questions people
currently turn to the thesis for.

I think a new section of the manual can address all these issues.
2022-08-04 12:37:46 +02:00
Valentin Gagarin 499ed26508 manual: remove "Writing Nix Expressions" chapter
it is out of date, all over the place in level of detail, is really
about `nixpkgs`, and in general instructions should not be part of
a reference manual.

also:
- update redirects and internal links
- use "Nix language" consistently
2022-08-04 11:59:25 +02:00
Erik Arvstedt 4c8441be0a docs/flake-update: fix example 2022-08-04 09:45:30 +02:00
Erik Arvstedt 53833dfb40 libexpr/flake: remove FIXME
Line 593 checks that all overrides (i.e. all elements of
`lockFlags.inputOverrides`) are members of `overridesUsed`.
2022-08-04 09:45:29 +02:00
Erik Arvstedt c9f446ede1 flakeref: fix comment 2022-08-04 09:45:28 +02:00
Eelco Dolstra 075bf6e556
Merge pull request #6861 from edolstra/fix-count-calls
Fix NIX_COUNT_CALLS=1
2022-08-03 18:26:01 +02:00
Eelco Dolstra ccbd906c86 Fix NIX_COUNT_CALLS=1
Also, make the JSON writer support std::string_view.

Fixes #6857.
2022-08-03 17:46:51 +02:00
Théophane Hufschmitt 7d1ccd9105
Merge pull request #6846 from fricklerhandwerk/values
manual: use subheadings for primitive types
2022-08-03 14:50:41 +02:00
Théophane Hufschmitt c55bea4204 Fix the html id of the list headers 2022-08-03 14:16:00 +02:00
Valentin Gagarin ceed4d4142 encode primitive as list with anchors
to make it consistent with builtins and configuration options
2022-08-03 11:25:41 +02:00
Théophane Hufschmitt 780a479386
Merge pull request #6851 from K900/patch-1
doc/distributed-builds: don't use deprecated alias
2022-08-02 07:17:09 +02:00
Ilya K f675ba5331
doc/distributed-builds: don't use deprecated alias
`nix ping-store` -> `nix store ping`.
2022-08-01 13:50:35 +03:00
Jeremy Fleischman 297f6b5d56
Fix link to hacking doc
Right now,
https://hydra.nixos.org/job/nix/master/build.x86_64-linux/latest/download-by-type/doc/manual/contributing/hacking.html
redirects to
https://hydra.nixos.org/build/183877779/download/1/manual/contributing/hacking.html,
which gives me a "500 Internal Server Error". Not super useful =(

Feel free to ignore if someone's working to fix the 500 I was running
into.
2022-07-30 09:12:50 -07:00
Rok Garbas e9178d7d4a
Merge pull request #6844 from centromere/custom-nix-conf
docker.nix: Allow Nix configuration to be customized
2022-07-29 13:47:24 +02:00
Valentin Gagarin 27138f1ec6
manual: use singular in body, too
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2022-07-28 23:30:07 +02:00
Valentin Gagarin 41a3b315fd manual: values -> data types 2022-07-28 17:25:25 +02:00
Valentin Gagarin 8f4fab8fab manual: use singular for headings 2022-07-28 17:25:18 +02:00
Valentin Gagarin 4ff48854b8 manual: simple values -> primitives
"simple" is a loaded term
2022-07-28 17:23:57 +02:00
Valentin Gagarin 3063e5b94c manual: use subheadings for primitive types
this gives us HTML anchors for each of them
2022-07-28 17:23:57 +02:00
Eelco Dolstra 86fcd4f692
Merge pull request #6845 from fricklerhandwerk/attrset
manual: set -> attribute set
2022-07-28 16:55:03 +02:00
Valentin Gagarin 85cdaebcd6 manual: set -> attribute set
reword description to have shorter sentences.
2022-07-28 16:10:24 +02:00
Valentin Gagarin be4654c344 manual: fix section title in table of contents 2022-07-28 15:55:41 +02:00
Alex Wied 228028fc1a docker.nix: Allow Nix configuration to be customized 2022-07-28 03:36:39 -04:00
Théophane Hufschmitt 2805439335
Merge pull request #6814 from amjoseph-nixpkgs/pr/sandbox-error-messages
local-derivation-goal.cc: improve error messages when sandboxing fails
2022-07-22 13:27:52 +02:00
Théophane Hufschmitt e10807cdbb
Merge pull request #6813 from centromere/cgroup-cpu-detection
libstore/globals.cc: Automatically set cores based on cgroup CPU limit
2022-07-22 10:15:32 +02:00
Alex Wied 722de8ddcc libstore/globals.cc: Move cgroup detection to libutil 2022-07-19 16:25:53 -04:00
Alex Wied 1af5d798a4 libstore/globals.cc: Automatically set cores based on cgroup CPU limit
By default, Nix sets the "cores" setting to the number of CPUs which are
physically present on the machine. If cgroups are used to limit the CPU
and memory consumption of a large Nix build, the OOM killer may be
invoked.

For example, consider a GitLab CI pipeline which builds a large software
package. The GitLab runner spawns a container whose CPU is limited to 4
cores and whose memory is limited to 16 GiB. If the underlying machine
has 64 cores, Nix will invoke the build with -j64. In many cases, that
level of parallelism will invoke the OOM killer and the build will
completely fail.

This change sets the default value of "cores" to be
ceil(cpu_quota / cpu_period), with a fallback to
std:🧵:hardware_concurrency() if cgroups v2 is not detected.
2022-07-19 16:03:58 -04:00
Adam Joseph 36e1383b6b local-derivation-goal.cc: save global errno to the stack before performing tests which might clobber it 2022-07-19 03:53:20 -07:00
Adam Joseph a9e75eca00 error.hh: add additional constructor with explicit errno argument 2022-07-19 03:49:33 -07:00
Adam Joseph 99fcc91f67 as requested by @thufschmitt https://github.com/NixOS/nix/pull/6814#discussion_r924275777 2022-07-19 03:33:12 -07:00
Adam Joseph 5f51539f88 change warn() to notice() 2022-07-19 03:30:52 -07:00
Théophane Hufschmitt fbd0a6c6e2
Merge pull request #6784 from tweag/completion-test
Add some tests for the CLI completion
2022-07-18 20:32:14 +02:00
Eelco Dolstra 2584c151bd
Merge pull request #6812 from lovesegfault/rosetta-paths
fix(libstore): allow Nix to access all Rosetta 2 paths on MacOS
2022-07-18 14:09:54 +02:00
Adam Joseph c8c6203c2c local-derivation-goal.cc: detect unprivileged_userns_clone failure mode
The workaround for "Some distros patch Linux" mentioned in
local-derivation-goal.cc will not help in the `--option
sandbox-fallback false` case.  To provide the user more helpful
guidance on how to get the sandbox working, let's check to see if the
`/proc` node created by the aforementioned patch is present and
configured in a way that will cause us problems.  If so, give the user
a suggestion for how to troubleshoot the problem.
2022-07-17 01:27:22 -07:00
Adam Joseph 6fc56318bf local-derivation-goal.cc: add comment re: CLONE_NEWUSER
local-derivation-goal.cc contains a comment stating that "Some distros
patch Linux to not allow unprivileged user namespaces."  Let's give a
pointer to a common version of this patch for those who want more
details about this failure mode.
2022-07-17 01:23:32 -07:00
Adam Joseph 8d35f387dc local-derivation-goal.cc: warn if failing and /proc/self/ns/user missing
This commit causes nix to `warn()` if sandbox setup has failed and
`/proc/self/ns/user` does not exist.  This is usually a sign that the
kernel was compiled without `CONFIG_USER_NS=y`, which is required for
sandboxing.
2022-07-16 19:37:27 -07:00
Adam Joseph 90830b1074 local-derivation-goal.cc: warn if failing due to max_user_namespaces==0
This commit uses `warn()` to notify the user if sandbox setup fails
with errno==EPERM and /proc/sys/user/max_user_namespaces is missing or
zero, since that is at least part of the reason why sandbox setup
failed.

Note that `echo -n 0 > /proc/sys/user/max_user_namespaces` or
equivalent at boot time has been the recommended mitigation for
several Linux LPE vulnerabilities over the past few years.  Many users
have applied this mitigation and then forgotten that they have done
so.
2022-07-16 19:30:53 -07:00
Adam Joseph 8ea3a911aa local-derivation-goal.cc: improve error messages when sandboxing fails
The failure modes for nix's sandboxing setup are pretty complicated.
When nix is unable to set up the sandbox, let's provide more detail
about what went wrong.  Specifically:

* Make sure the error message includes the word "sandbox" so the user
  knows that the failure was related to sandboxing.

* If `--option sandbox-fallback false` was provided, and removing it
  would have allowed further attempts to make progress, let the user
  know.
2022-07-16 14:56:24 -07:00
Alex Wied b88fb50e21 fix(libstore): allow Nix to access all Rosetta 2 paths on MacOS
Fixes: #5884
2022-07-15 12:10:56 -07:00
Eelco Dolstra 59764eb842
Merge pull request #6810 from jfly/jfly/do-not-assume-savedvars-exist
nix develop: do not assume that saved vars are set
2022-07-15 13:59:25 +02:00
Eelco Dolstra 0621e99414
Merge pull request #6811 from edolstra/fix-auto-chroot
Disable auto-chroot if $NIX_STATE_DIR is set
2022-07-15 13:11:08 +02:00
Eelco Dolstra 3bcd7a5474 Disable auto-chroot if $NIX_STATE_DIR is set
Issue #6732.
2022-07-15 12:32:29 +02:00