Commit graph

7716 commits

Author SHA1 Message Date
Eelco Dolstra d1db7fa952
Merge pull request #3211 from zimbatm/gitignore-precompiled-headers
gitignore /precompiled-headers.h.gch
2019-11-08 16:23:57 +01:00
Jonas Chevalier a08f353922
gitignore /precompiled-headers.h.?ch 2019-11-08 14:48:52 +00:00
Eelco Dolstra 2c1e05ae93
Merge remote-tracking branch 'origin/master' into flakes 2019-11-08 15:22:54 +01:00
Eelco Dolstra 0d6774468c
Move editorFor srom libutil to nix
libutil should not depend on libexpr.
2019-11-08 15:13:32 +01:00
Eelco Dolstra 0bc0d35b6b
Merge remote-tracking branch 'origin/master' into flakes 2019-11-08 14:29:10 +01:00
matthew 6419f5028b use MixEnvironment in run and shell 2019-11-07 17:22:16 -06:00
matthew 75c897cf3d Factor out code to handle environment in run into MixEnvironment 2019-11-07 17:22:16 -06:00
matthew 693e8b1286 changes 2019-11-07 17:22:16 -06:00
matthew d2438f86d5 environment fixes in run
Move environment related code to a separate function. Create a new char** if ignoreEnvironment is set rather than calling clearEnv
2019-11-07 17:22:16 -06:00
Eelco Dolstra 48f0a76372
Fix installerScript job
https://hydra.nixos.org/build/105961653
2019-11-07 18:31:16 +01:00
Eelco Dolstra 4145cd2da0
Use upstream nlohmann_json 2019-11-07 18:23:17 +01:00
Eelco Dolstra 0ba8a4e942
Merge remote-tracking branch 'origin/master' into flakes 2019-11-07 13:56:41 +01:00
Eelco Dolstra e5bf81256c
Fix Perl bindings 2019-11-07 12:18:37 +01:00
Eelco Dolstra 6d2605500f
Fix macOS build 2019-11-07 11:53:28 +01:00
Eelco Dolstra f730841db4
Merge remote-tracking branch 'origin/master' into flakes 2019-11-07 11:44:02 +01:00
Eelco Dolstra 99af822004
Disable the evalNixOS test
It also OOMs.

https://hydra.nixos.org/build/105942679
2019-11-07 10:14:00 +01:00
Eelco Dolstra 04bf9acd22
Remove #include 2019-11-07 10:12:35 +01:00
Eelco Dolstra f5b7991e59
Revert "autoconf: Allow overriding CFLAGS/CXXFLAGS from outside."
This reverts commit 717e821b99. It's
much more convenient to do 'make OPTIMIZE=0'.
2019-11-07 10:12:35 +01:00
Eelco Dolstra 5ff4d77f55
Precompile headers
This cuts 'make install -j6' on my laptop from 170s to 134s.
2019-11-07 10:12:35 +01:00
Maximilian Bosch 52ffe2797a
doc: Document --dry-run option for nix-build 2019-11-07 00:11:57 +01:00
Eelco Dolstra 39a2e166dd
Cleanup 2019-11-06 16:53:02 +01:00
Eelco Dolstra 850f73045f
Fix GitHub test 2019-11-06 14:48:35 +01:00
Eelco Dolstra f01304b573
Fix build 2019-11-06 14:47:58 +01:00
Eelco Dolstra e491efe9fb
Use more stable registry URL 2019-11-06 14:20:16 +01:00
Eelco Dolstra d5f1cc3e94
Use revcount/last-modified for computing the flake fingerprint
The store path is not enough. For example, when we build a dirty tree,
commit, and build the clean tree, a re-evaluation is necessary because
the flake may depend on the lastModified or revCount attributes.
2019-11-06 12:01:37 +01:00
Eelco Dolstra 88c452d160
Merge remote-tracking branch 'origin/master' into flakes 2019-11-06 10:56:33 +01:00
Eelco Dolstra 35732a95bc
Disable the evalNixpkgs test
It constantly OOMs.

https://hydra.nixos.org/build/105784912
2019-11-06 10:36:06 +01:00
Eelco Dolstra 7614a127a0
Fix binaryTarball test 2019-11-06 10:35:50 +01:00
Eelco Dolstra 69326f3637
Recursive Nix: Handle concurrent client connections 2019-11-06 00:55:03 +01:00
Eelco Dolstra c119ab9db0
Enable recursive Nix using a feature
Derivations that want to use recursion should now set

  requiredSystemFeatures = [ "recursive-nix" ];

to make the daemon socket appear.

Also, Nix should be configured with "experimental-features =
recursive-nix".
2019-11-06 00:55:03 +01:00
Eelco Dolstra 2af9561316
Add a test for recursive Nix 2019-11-06 00:55:03 +01:00
Eelco Dolstra c921074c19
RestrictedStore: Implement addToStore() 2019-11-06 00:55:03 +01:00
Eelco Dolstra c4d7c76b64
Recursive Nix support
This allows Nix builders to call Nix to build derivations, with some
limitations.

Example:

  let nixpkgs = fetchTarball channel:nixos-18.03; in

  with import <nixpkgs> {};

  runCommand "foo"
    {
      buildInputs = [ nix jq ];
      NIX_PATH = "nixpkgs=${nixpkgs}";
    }
    ''
      hello=$(nix-build -E '(import <nixpkgs> {}).hello.overrideDerivation (args: { name = "hello-3.5"; })')

      $hello/bin/hello

      mkdir -p $out/bin
      ln -s $hello/bin/hello $out/bin/hello

      nix path-info -r --json $hello | jq .
    ''

This derivation makes a recursive Nix call to build GNU Hello and
symlinks it from its $out, i.e.

  # ll ./result/bin/
  lrwxrwxrwx 1 root root 63 Jan  1  1970 hello -> /nix/store/s0awxrs71gickhaqdwxl506hzccb30y5-hello-3.5/bin/hello

  # nix-store -qR ./result
  /nix/store/hwwqshlmazzjzj7yhrkyjydxamvvkfd3-glibc-2.26-131
  /nix/store/s0awxrs71gickhaqdwxl506hzccb30y5-hello-3.5
  /nix/store/sgmvvyw8vhfqdqb619bxkcpfn9lvd8ss-foo

This is implemented as follows:

* Before running the outer builder, Nix creates a Unix domain socket
  '.nix-socket' in the builder's temporary directory and sets
  $NIX_REMOTE to point to it. It starts a thread to process
  connections to this socket. (Thus you don't need to have nix-daemon
  running.)

* The daemon thread uses a wrapper store (RestrictedStore) to keep
  track of paths added through recursive Nix calls, to implement some
  restrictions (see below), and to do some censorship (e.g. for
  purity, queryPathInfo() won't return impure information such as
  signatures and timestamps).

* After the build finishes, the output paths are scanned for
  references to the paths added through recursive Nix calls (in
  addition to the inputs closure). Thus, in the example above, $out
  has a reference to $hello.

The main restriction on recursive Nix calls is that they cannot do
arbitrary substitutions. For example, doing

  nix-store -r /nix/store/kmwd1hq55akdb9sc7l3finr175dajlby-hello-2.10

is forbidden unless /nix/store/kmwd... is in the inputs closure or
previously built by a recursive Nix call. This is to prevent
irreproducible derivations that have hidden dependencies on
substituters or the current store contents. Building a derivation is
fine, however, and Nix will use substitutes if available. In other
words, the builder has to present proof that it knows how to build a
desired store path from scratch by constructing a derivation graph for
that path.

Probably we should also disallow instantiating/building fixed-output
derivations (specifically, those that access the network, but
currently we have no way to mark fixed-output derivations that don't
access the network). Otherwise sandboxed derivations can bypass
sandbox restrictions and access the network.

When sandboxing is enabled, we make paths appear in the sandbox of the
builder by entering the mount namespace of the builder and
bind-mounting each path. This is tricky because we do a pivot_root()
in the builder to change the root directory of its mount namespace,
and thus the host /nix/store is not visible in the mount namespace of
the builder. To get around this, just before doing pivot_root(), we
branch a second mount namespace that shares its /nix/store mountpoint
with the parent.

Recursive Nix currently doesn't work on macOS in sandboxed mode
(because we can't change the sandbox policy of a running build) and in
non-root mode (because setns() barfs).
2019-11-06 00:52:38 +01:00
Eelco Dolstra b874272f7a
Make --enable-gc the default 2019-11-06 00:46:37 +01:00
Eelco Dolstra d823381c0a
Merge branch 'fix/nix-doctor-output' of https://github.com/bhipple/nix 2019-11-05 16:04:40 +01:00
Eelco Dolstra b4e260d887
Disable shellcheck
It's broken at the moment: https://hydra.nixos.org/build/105746055

Also it pulls in GHC which is a pretty big dependency.
2019-11-05 16:00:30 +01:00
Eelco Dolstra 81a9b93689
Fix manual build 2019-11-05 11:21:32 +01:00
Eelco Dolstra 852554bb16
Merge branch 'nix-repl-e' of https://github.com/zimbatm/nix 2019-11-05 11:20:53 +01:00
Eelco Dolstra 7876027071
Merge pull request #3193 from matthewbauer/patch-11
Update man to show that nix-shell allows --arg
2019-11-05 11:18:24 +01:00
Eelco Dolstra 9ff4060d26
Merge pull request #3190 from mkenigs/examples
change deprecated attribute syntax in run examples
2019-11-05 11:17:54 +01:00
Eelco Dolstra 72748b4088
Merge pull request #3173 from mkenigs/typo
fix typo
2019-11-05 11:17:26 +01:00
Eelco Dolstra 78b8203e50
Merge pull request #3180 from kevinastock/patch-1
docs: fix upper bound on number of consumed cores
2019-11-05 11:17:02 +01:00
Eelco Dolstra 376802c9b8
Merge pull request #3199 from kevinastock/patch-2
docs: xref doesn't render in title
2019-11-05 11:16:15 +01:00
Eelco Dolstra e1725ba946
Fix VM tests 2019-11-05 11:12:25 +01:00
Eelco Dolstra 6b708711f5
Merge branch 'switch-to-19.09' of https://github.com/Ericson2314/nix 2019-11-05 10:32:11 +01:00
Eelco Dolstra 1b600ecd14
Don't use SOCK_CLOEXEC on macOS
https://hydra.nixos.org/build/105428308
2019-11-05 10:25:09 +01:00
Eelco Dolstra 3770f5c944
Merge pull request #3206 from kevinastock/patch-3
docs: correct default location of log directory
2019-11-04 22:30:07 +01:00
Eelco Dolstra b81d9d26f5
Merge remote-tracking branch 'origin/master' into flakes 2019-11-04 22:29:31 +01:00
Kevin Stock cea05e5ee7
docs: correct default location of log directory 2019-11-04 16:23:03 -05:00
Eelco Dolstra f5a46ef0b1
Merge pull request #3202 from kraem/master
Update nix eval --help msg to not include deprecated command
2019-11-04 09:34:30 +01:00