Commit graph

6599 commits

Author SHA1 Message Date
Eelco Dolstra 64d7d1a884
Update release notes 2018-08-30 15:28:18 +02:00
Eelco Dolstra 245d01701d
upload-release.pl: Handle prerelease versions 2018-08-30 15:21:58 +02:00
Eelco Dolstra 1286d86b95
Merge pull request #2336 from ivan/repl-trailing-spaces
repl: don't add trailing spaces to history lines
2018-08-29 18:13:29 +02:00
Domen Kožar d16ff76c69
nix.conf: clarify -j0 doesn't affect preferLocalBuild 2018-08-29 14:33:14 +01:00
Eelco Dolstra 20d74a3257
Merge pull request #2378 from aszlig/int64
libexpr: Use int64_t for NixInt
2018-08-29 13:30:50 +02:00
Domen Kožar 54df4bb0b5
nix.conf: mention -j0 is useful 2018-08-29 11:51:51 +01:00
aszlig 0ad643ed5c
libexpr: Use int64_t for NixInt
Using a 64bit integer on 32bit systems will come with a bit of a
performance overhead, but given that Nix doesn't use a lot of integers
compared to other types, I think the overhead is negligible also
considering that 32bit systems are in decline.

The biggest advantage however is that when we use a consistent integer
size across all platforms it's less likely that we miss things that we
break due to that. One example would be:

https://github.com/NixOS/nixpkgs/pull/44233

On Hydra it will evaluate, because the evaluator runs on a 64bit
machine, but when evaluating the same on a 32bit machine it will fail,
so using 64bit integers should make that consistent.

While the change of the type in value.hh is rather easy to do, we have a
few more options available for doing the conversion in the lexer:

  * Via an #ifdef on the architecture and using strtol() or strtoll()
    accordingly depending on which architecture we are. For the #ifdef
    we would need another AX_COMPILE_CHECK_SIZEOF in configure.ac.
  * Using istringstream, which would involve copying the value.
  * As we're already using boost, lexical_cast might be a good idea.

Spoiler: I went for the latter, first of all because lexical_cast does
have an overload for const char* and second of all, because it doesn't
involve copying around the input string. Also, because istringstream
seems to come with a bigger overhead than boost::lexical_cast:

https://www.boost.org/doc/libs/release/doc/html/boost_lexical_cast/performance.html

The first method (still using strtol/strtoll) also wasn't something I
pursued further, because it is also locale-aware which I doubt is what
we want, given that the regex for int is [0-9]+.

Signed-off-by: aszlig <aszlig@nix.build>
Fixes: #2339
2018-08-29 01:05:52 +02:00
Daiderd Jordan d85bb4814f
upgrade-nix: resolve profile symlinks
The profile present in PATH is not necessarily the actual profile
location. User profiles are generally added as $HOME/.nix-profile
in which case the indirect profile link needs to be resolved first.

/home/user/.nix-profile -> /nix/var/nix/profiles/per-user/user/profile
/nix/var/nix/profiles/per-user/user/profile -> profile-15-link
/nix/var/nix/profiles/per-user/user/profile-14-link -> /nix/store/hyi4kkjh3bwi2z3wfljrkfymz9904h62-user-environment
/nix/var/nix/profiles/per-user/user/profile-15-link -> /nix/store/6njpl3qvihz46vj911pwx7hfcvwhifl9-user-environment

To upgrade nix here we want /nix/var/nix/profiles/per-user/user/profile-16-link
instead of /home/user/.nix-profile-1-link. The latter is not a gcroot
and would be garbage collected, resulting in a broken profile.

Fixes #2175
2018-08-25 20:50:44 +02:00
Daiderd Jordan 414397759a
upgrade-nix: add --dry-run 2018-08-25 20:25:43 +02:00
Eelco Dolstra c651b7bdc9
Revert "Fix parser/lexer generation with parallel make"
This reverts commit d277442df5.

Make sucks.
2018-08-23 00:23:35 +02:00
Eelco Dolstra 1b01954a3d
Merge pull request #2368 from dezgeg/drop-dead-code
Drop dead code
2018-08-22 21:32:49 +02:00
Erik Arvstedt 8ad2defdf0 Docs: Fix install prefix
shell.nix defines the install prefix as $(pwd)/inst
2018-08-21 21:46:43 +02:00
Eelco Dolstra 954d1f4d0a
Disable the Ubuntu 17.10 build
Ubuntu 17.10 doesn't have libbrotli.

https://hydra.nixos.org/build/79867741
2018-08-21 15:33:29 +02:00
Eelco Dolstra ebe3d2d370 Improve 'coroutine has finished' error message 2018-08-21 15:22:04 +02:00
Eelco Dolstra 6317c65937 Fix warnings in compression.cc 2018-08-21 15:20:23 +02:00
Eelco Dolstra 17a92dfb7d Fix another 'coroutine has finished' during decompression
https://hydra.nixos.org/build/79867739
2018-08-21 15:19:20 +02:00
Tuomas Tynkkynen 2894197de7 Drop all references to NIX_INDENT_MAKE
Dead code since 6669a3b477
2018-08-20 02:01:59 +03:00
Tuomas Tynkkynen 458282be59 Drop all references to --disable-init-state
It's all dead code since 2014 (commit 0c6d62cf27).
2018-08-20 01:51:23 +03:00
Eelco Dolstra cc7b4386b1
nix run: Restore CPU affinity
Fixes #2359.
2018-08-19 12:05:08 +02:00
Eelco Dolstra 9b1bdf2db8
FIx floating point evaluation
Fixes #2361.
2018-08-19 11:59:49 +02:00
Graham Christensen 02098d2073 fetchGit: use a better caching scheme
The current usage technically works by putting multiple different
repos in to the same git directory. However, it is very slow as
Git tries very hard to find common commits between the two
repositories. If the two repositories are large (like Nixpkgs and
another long-running project,) it is maddeningly slow.

This change busts the cache for existing deployments, but users
will be promptly repaid in per-repository performance.
2018-08-17 11:27:34 -04:00
Eelco Dolstra d277442df5
Fix parser/lexer generation with parallel make
Fun fact: rules with multiple targets don't work properly with 'make
-j'. For example, a rule like

  a b: c
    touch a b

is equivalent to

  a: c
    touch a b

  b: c
    touch a b

so with 'make -j', the 'touch' command will be run twice. See
e.g. https://stackoverflow.com/questions/2973445/gnu-makefile-rule-generating-a-few-targets-from-a-single-source-file.
2018-08-17 12:59:23 +02:00
Eelco Dolstra 19265ed26c
Merge pull request #2351 from volth/update-config
update config/config.{sub,guess}
2018-08-13 22:24:22 +02:00
Eelco Dolstra 746cf2d27e
Merge pull request #2350 from symphorien/xattr-cifs
ignore when listxattr fails with ENODATA
2018-08-13 22:20:04 +02:00
volth bad27dc475 update config/config.{sub,guess}
Just
curl 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD'   > config/config.sub
curl 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD' > config/config.guess

Those files are 5 years old and failed to guess new archs ("ppc64-linux")
2018-08-13 20:00:17 +00:00
Symphorien Gibol 5b19a6663b ignore when listxattr fails with ENODATA
This happens on CIFS and means the remote filesystem has no extended
attributes.
2018-08-13 21:11:36 +02:00
Linus Heckemann d7402c9cd5 dirOf: allow use on non-absolute paths 2018-08-13 11:27:35 +02:00
Eelco Dolstra f72c907ad8
Slightly questionable workaround for #2342 2018-08-10 11:34:41 +02:00
Eelco Dolstra ada4e90267
S3BinaryCacheStore: Share TransferManager
TransferManager allocates a lot of memory (50 MiB by default), and it
might leak but I'm not sure about that. In any case it was causing
OOMs in hydra-queue-runner. So allocate only one TransferManager per
S3BinaryCacheStore.

Hopefully fixes https://github.com/NixOS/hydra/issues/586.
2018-08-09 20:48:45 +02:00
Eelco Dolstra c87f4b9324
nix run: Respect propagated-user-env-packages
Also, add $path/bin to $PATH even if it doesn't exist. This makes
'man' work properly (since it looks for ../share/man relative to $PATH
entries).
2018-08-09 13:01:03 +02:00
Eelco Dolstra a0b971dd9c
S3BinaryCacheStore: Don't use the transfer status callback
This callback is executed on a different thread, so exceptions thrown
from the callback are not caught:

  Aug 08 16:25:48 chef hydra-queue-runner[11967]: terminate called after throwing an instance of 'nix::Error'
  Aug 08 16:25:48 chef hydra-queue-runner[11967]:   what():  AWS error: failed to upload 's3://nix-cache/19dbddlfb0vp68g68y19p9fswrgl0bg7.ls'

Therefore, just check the transfer status after it completes. Also
include the S3 error message in the exception.
2018-08-08 21:39:11 +02:00
Ivan Kozik ec49ea28dc repl: don't add trailing spaces to history lines 2018-08-07 03:59:34 +00:00
Eelco Dolstra 103ad1598c
Merge pull request #2334 from dtzWill/fix/revert-progress-bar-refresh-for-now
Revert "progress-bar: re-draw last update if nothing new for 1sec."
2018-08-06 19:01:08 +02:00
Eelco Dolstra ed6c646f44
Doh 2018-08-06 17:27:08 +02:00
Eelco Dolstra 7de3e00ad9
Fix setting Content-Encoding in S3 uploads
Fixes https://github.com/NixOS/nix/issues/2333 and https://github.com/NixOS/nixpkgs/issues/44337.
2018-08-06 17:20:23 +02:00
Eelco Dolstra d3761f5f8b
Fix Brotli decompression in 'nix log'
This didn't work anymore since decompression was only done in the
non-coroutine case.

Decompressors are now sinks, just like compressors.

Also fixed a bug in bzip2 API handling (we have to handle BZ_RUN_OK
rather than BZ_OK), which we didn't notice because there was a missing
'throw':

  if (ret != BZ_OK)
      CompressionError("error while compressing bzip2 file");
2018-08-06 15:40:29 +02:00
Eelco Dolstra fa4def3d46
Require libbrotli 2018-08-06 14:06:54 +02:00
Eelco Dolstra 4361a4331f
Fix reporting of HTTP body size when a result callback is used 2018-08-06 11:31:14 +02:00
Eelco Dolstra 2825e05d21
Make adding paths via nix-store --serve run in constant memory
It adds a new operation, cmdAddToStoreNar, that does the same thing as
the corresponding nix-daemon operation, i.e. call addToStore(). This
replaces cmdImportPaths, which has the major issue that it sends the
NAR first and the store path second, thus requiring us to store the
incoming NAR either in memory or on disk until we decide what to do
with it.

For example, this reduces the memory usage of

  $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' /nix/store/95cwv4q54dc6giaqv6q6p4r02ia2km35-blender-2.79

from 267 MiB to 12 MiB.

Probably fixes #1988.
2018-08-03 21:21:16 +02:00
Eelco Dolstra 34c17fdae5
Add a test for LegacySSHStore that doesn't require a VM 2018-08-03 21:20:38 +02:00
Eelco Dolstra eeebe4cdc5
cmdDumpStorePath: Support chroot stores 2018-08-03 21:20:38 +02:00
Eelco Dolstra 848a9375c3
Support escaping in store URIs 2018-08-03 21:20:38 +02:00
Eelco Dolstra 4e7d5f660c
SSHMaster: Bypass SSH when connecting to localhost
This is primarily useful for testing since it removes the need to have
SSH working.
2018-08-03 21:20:38 +02:00
Eelco Dolstra e268bbc054
LegacySSHStore: Add remote-store option
This is primarily useful for testing, e.g.

  $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' ...
2018-08-03 21:20:38 +02:00
Eelco Dolstra 25da1c64f9
Merge pull request #2327 from NixOS/grahamc-patch-1
2.1 release notes: Add note about s3-compatible stores
2018-08-03 17:33:34 +02:00
Graham Christensen 06080e4abc
2.1 release notes: Add note about s3-compatible stores 2018-08-03 11:09:31 -04:00
Eelco Dolstra 87356cc8a4
Add Nix 2.1 release notes 2018-08-03 17:05:17 +02:00
Eelco Dolstra bc65e02d96
Merge pull request #2326 from aszlig/fix-symlink-leak
Fix symlink leak in restricted eval mode
2018-08-03 17:01:34 +02:00
Eelco Dolstra 122e1a61f8
Merge pull request #2323 from samueldr/feature/selective-impurity
Allows selectively adding environment variables to pure shells.
2018-08-03 16:58:18 +02:00
aszlig 43e28a1b75
Fix symlink leak in restricted eval mode
In EvalState::checkSourcePath, the path is checked against the list of
allowed paths first and later it's checked again *after* resolving
symlinks.

The resolving of the symlinks is done via canonPath, which also strips
out "../" and "./". However after the canonicalisation the error message
pointing out that the path is not allowed prints the symlink target in
the error message.

Even if we'd suppress the message, symlink targets could still be leaked
if the symlink target doesn't exist (in this case the error is thrown in
canonPath).

So instead, we now do canonPath() without symlink resolving first before
even checking against the list of allowed paths and then later do the
symlink resolving and checking the allowed paths again.

The first call to canonPath() should get rid of all the "../" and "./",
so in theory the only way to leak a symlink if the attacker is able to
put a symlink in one of the paths allowed by restricted evaluation mode.

For the latter I don't think this is part of the threat model, because
if the attacker can write to that path, the attack vector is even
larger.

Signed-off-by: aszlig <aszlig@nix.build>
2018-08-03 06:46:43 +02:00