Eelco Dolstra
67bcb99700
Add a setting for enabling cgroups
2022-11-28 21:54:02 +01:00
Eelco Dolstra
ff12d1c1a1
Check that auto-allocated UIDs don't clash with existing accounts
2022-11-28 20:49:17 +01:00
Eelco Dolstra
dbf78a7ada
Merge pull request #7313 from yorickvP/nlohmann-everywhere
...
Replace src/libutil/json.cc with nlohmann
2022-11-28 15:03:48 +01:00
Naïm Favier
9b35cc716b
use logger->cout
...
in order to avoid potential problems with the progress bar
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2022-11-28 14:59:06 +01:00
Naïm Favier
04ec157517
repl: print a newline on ctrl-D
2022-11-28 10:38:23 +01:00
Eelco Dolstra
fc14585610
Fix evaluation
2022-11-27 18:58:21 +01:00
Eelco Dolstra
f1b5c6876b
Add tests for auto-uid-allocation, uid-range and cgroups
2022-11-27 16:38:34 +01:00
Eelco Dolstra
cc308ee93d
Merge pull request #7353 from edolstra/gc-shutdown
...
Fix random client failures during GC server shutdown
2022-11-27 13:30:26 +01:00
Eelco Dolstra
5b798f6cae
Fix random client failures during GC server shutdown
...
We need to close the GC server socket before shutting down the active
GC client connections, otherwise a client may (re)connect and get
ECONNRESET. But also handle ECONNRESET for resilience.
Fixes random failures like
GC socket disconnected
connecting to '/tmp/nix-shell.y07M0H/nix-test/default/var/nix/gc-socket/socket'
sending GC root '/tmp/nix-shell.y07M0H/nix-test/default/store/kb5yzija0f1x5xkqkgclrdzldxj6nnc6-non-blocking'
reading GC root from client: error: unexpected EOF reading a line
1 store paths deleted, 0.00 MiB freed
error: reading from file: Connection reset by peer
in gc-non-blocking.sh.
2022-11-27 12:57:18 +01:00
Eelco Dolstra
534332c8a0
Merge pull request #7350 from edolstra/remove-strndup
...
Don't use GC_STRNDUP
2022-11-26 08:50:54 +01:00
Eelco Dolstra
0b4c4d7434
Don't use GC_STRNDUP
...
It calls strlen() on the input (rather than simply copying at most
`size` bytes), which can fail if the input is not zero-terminated and
is inefficient in any case.
Fixes #7347 .
2022-11-25 22:30:56 +01:00
Valentin Gagarin
d6318e1638
refactor rendering documentation of builtins
...
as in [1], make the document structure visible, like in a template
[1]: 4655563470
2022-11-24 14:15:43 +01:00
Valentin Gagarin
341a807444
the point is setting a default reviewer, not notifications
2022-11-24 11:33:59 +01:00
Théophane Hufschmitt
bc9692a6b7
Merge pull request #7337 from Radvendii/why-depends-ca
...
Fix why-depends for CA derivations
2022-11-23 20:16:14 +01:00
Taeer Bar-Yam
bd8571a5c3
add explanation and test
2022-11-23 12:06:47 -05:00
Taeer Bar-Yam
b13fd4c58e
Fix why-depends for CA derivations
...
why-depends assumed that we knew the output path of the second argument.
For CA derivations, we might not know until it's built. One way to solve
this would be to build the second installable to get the output path.
In this case we don't need to, though. If the first installable (A)
depends on the second (B), then getting the store path of A will
necessitate having the store path B. The contrapositive is, if the store
path of B is not known (i.e. it's a CA derivation which hasn't been
built), then A does not depend on B.
2022-11-23 11:39:50 -05:00
Eelco Dolstra
2aa3f2e810
Include UID in hex
2022-11-23 17:07:59 +01:00
Eelco Dolstra
989fc8a8b9
Add release notes
2022-11-23 15:24:50 +01:00
Eelco Dolstra
6292d5616e
Merge remote-tracking branch 'origin/master' into auto-uid-allocation
2022-11-23 11:16:09 +01:00
Eelco Dolstra
05d0892443
Merge pull request #7328 from edolstra/nix-build-stats
...
nix build --json: Include build statistics
2022-11-22 14:41:15 +01:00
Eelco Dolstra
96a9511a9c
Merge pull request #7333 from fricklerhandwerk/language-overview
...
fix error in language overview
2022-11-22 11:18:53 +01:00
Valentin Gagarin
52f0c80917
fix error in language overview
...
it is not possible to antiquote numbers.
2022-11-22 10:36:21 +01:00
Eelco Dolstra
3d23b9d032
SimpleUserLock::getSupplementaryGIDs(): Filter out main gid
...
This avoids having the user's gid in the supplementary group list as
well.
2022-11-22 10:26:17 +01:00
Eelco Dolstra
b37c2d84b6
Always call setgroups()
...
We shouldn't skip this if the supplementary group list is empty,
because then the sandbox won't drop the supplementary groups of the
parent (like "root").
2022-11-22 10:26:17 +01:00
Eelco Dolstra
02c02ee7c3
Merge pull request #6456 from amjoseph-nixpkgs/seccomp-mips
...
local-derivation-goal.cc: enable seccomp filters for mips{32,64}
2022-11-21 23:03:00 +01:00
Eelco Dolstra
c776dfbb35
Use hex for startId
...
Co-authored-by: Linus Heckemann <git@sphalerite.org>
2022-11-21 18:46:55 +01:00
Valentin Gagarin
44dc5c6c13
reword
2022-11-21 15:13:19 +01:00
Valentin Gagarin
a4af966d5d
add maintainers' handbook
...
write down the process we have been developing and following so far.
Co-Authored-By: Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
Co-Authored-By: John Ericson <John.Ericson@Obsidian.Systems>
2022-11-21 14:35:01 +01:00
Eelco Dolstra
9d17ce07e8
AutoUserLock: If sandboxing is disabled, use the build users group
...
We have to use a gid that has write access to the Nix store.
2022-11-21 12:55:49 +01:00
Eelco Dolstra
f0baa5c128
nix build --json: Include build statistics
...
Example:
# nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
[
{
"cpuSystem": 1.911431,
"cpuUser": 1.214249,
"drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
"outputs": {
"out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
},
"startTime": 1669024076,
"stopTime": 1669024079
}
]
2022-11-21 12:06:01 +01:00
Eelco Dolstra
e7a5b76844
Rename derivedPathsWithHintsToJSON -> builtPathsToJSON
2022-11-21 11:56:20 +01:00
Eelco Dolstra
82d5cf2a76
Fix macOS build
2022-11-21 11:45:41 +01:00
Eelco Dolstra
653b32a78f
Merge remote-tracking branch 'origin/master' into auto-uid-allocation
2022-11-21 11:33:23 +01:00
Eelco Dolstra
ec45f4b82e
Fix indentation
2022-11-21 11:12:45 +01:00
Eelco Dolstra
300753d594
nix build --json: Include build statistics
...
Example:
# nix build -L --extra-experimental-features cgroups --impure --expr 'with import <nixpkgs> {}; runCommand "foo" {} "dd if=/dev/urandom bs=1M count=1024 | md5sum; mkdir $out"' --json
[
{
"cpuSystem": 1.911431,
"cpuUser": 1.214249,
"drvPath": "/nix/store/xzdqz67xba18hljhycp0hwfigzrs2z69-foo.drv",
"outputs": {
"out": "/nix/store/rh9mc9l2gkpq8kn2sgzndr6ll7ffjh6l-foo"
},
"startTime": 1669024076,
"stopTime": 1669024079
}
]
2022-11-21 10:49:01 +01:00
Eelco Dolstra
f538ee4342
Rename derivedPathsWithHintsToJSON -> builtPathsToJSON
2022-11-21 09:38:08 +01:00
Eelco Dolstra
e6b71f84a0
Use cgroup.kill to quickly kill cgroups
2022-11-18 16:59:36 +01:00
Eelco Dolstra
fa68eb367e
Get CPU stats from the cgroup
2022-11-18 13:40:59 +01:00
Eelco Dolstra
20f66c6889
Indentation
2022-11-18 13:40:48 +01:00
Eelco Dolstra
128910ba23
Separate cgroup support from auto-uid-allocation
...
The new experimental feature 'cgroups' enables the use of cgroups for
all builds. This allows better containment and enables setting
resource limits and getting some build stats.
2022-11-18 10:39:28 +01:00
Eelco Dolstra
f1ab082ac4
createTempDir(): Use std::atomic
2022-11-18 09:37:11 +01:00
Eelco Dolstra
f423d4425f
Fix segfault in unprivileged mode
2022-11-17 11:56:45 +01:00
Yorick
09f00dd4d0
Replace src/libutil/json.cc with nlohmann json generation
2022-11-16 16:50:50 +01:00
Théophane Hufschmitt
62960f3291
Merge pull request #7134 from yorickvP/disable-dbg-on-complete
...
Temporarily disable the debugger during completion evaluation
2022-11-16 11:28:40 +01:00
Théophane Hufschmitt
60dea270d0
Swallow the error in a more idiomatic way
2022-11-16 10:34:32 +01:00
Théophane Hufschmitt
4bf70b74a7
Merge pull request #7294 from tobim/support-aws-sdk-1.10
...
libstore: link to aws-crt-cpp
2022-11-15 16:51:09 +01:00
Théophane Hufschmitt
3ade5f5d60
Merge pull request #7283 from hercules-ci/issue-6572
...
Fix #6572 `requires non-existent output`
2022-11-15 16:24:24 +01:00
Théophane Hufschmitt
daf1423a4a
Merge pull request #7260 from ncfavier/readFile-scan-references
...
Restrict `readFile` context to references that appear in the string
2022-11-15 16:22:28 +01:00
Robert Hensing
c279ddb18c
tests: Reproduce #6572
2022-11-14 18:03:29 +01:00
Robert Hensing
7e162c69fe
derivation-goal: Fix requires non-existing output
error
...
It occurred when a output of the dependency was already available,
so it didn't need rebuilding and didn't get added to the
inputDrvOutputs.
This process-related info wasn't suitable for the purpose of finding
the actual input paths for the builder. It is better to do this in
absolute terms by querying the store.
2022-11-14 17:52:55 +01:00