Commit graph

15623 commits

Author SHA1 Message Date
John Ericson ce4ca574d2 Clarify SourceAccessor methods should never implicitly follow symlinks
The code has already been fixed (yay!) so what is left of this commit is
just updating the API docs.

Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2023-12-08 20:00:47 -05:00
Robert Hensing d4f6b1d38b
Merge pull request #9497 from edolstra/move-access-control
Move restricted/pure-eval access control out of the evaluator and into the accessor
2023-12-08 22:21:50 +01:00
John Ericson 762af72728
Merge pull request #9564 from NixOS/fix-clang-build
Avoid `std::strstream`, fix the clang build
2023-12-08 15:07:36 -05:00
Théophane Hufschmitt 36ca6adc60
Merge pull request #9563 from obsidiansystems/tryResolve-evalStore
Give `Derivation::tryResolve` an `evalStore` argument
2023-12-08 19:21:35 +01:00
John Ericson f9ee1bedcf Avoid std::strstream, fix the clang build
According https://en.cppreference.com/w/cpp/io/strstream, it has been
deprecated since C++98! The Clang + Linux build systems to not have it
at all, or at least be hiding it.

We can just use `std::stringstream` instead, I think.
2023-12-08 13:18:52 -05:00
Rebecca Turner f0ac2a35d5
Print the value in error: cannot coerce messages (#9553)
* Print the value in `error: cannot coerce` messages

This extends the `error: cannot coerce a TYPE to a string` message
to print the value that could not be coerced. This helps with debugging
by making it easier to track down where the value is being produced
from, especially in errors with deep or unhelpful stack traces.

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-12-08 16:36:57 +00:00
John Ericson 139982997e
Merge pull request #9560 from obsidiansystems/serve-proto-unkeyed-valid-path-info-serializer
Factor out `ServeProto::Serialiser<UnkeyedValidPathInfo>` and test
2023-12-08 11:33:24 -05:00
John Ericson 96dd757b0c Give Derivation::tryResolve an evalStore argument
This is needed for building CA deriations with a src store / dest store
split. In particular it is needed for Hydra.

https://github.com/NixOS/hydra/issues/838 currently puts realizations,
and thus build outputs, in the local store, but it should not.
2023-12-08 10:01:05 -05:00
John Ericson a5521b7d94 Factor out ServeProto::Serialiser<UnkeyedValidPathInfo> and test
In the process, partially undo e89b5bd0bf
in that the ancient < 2.4 version is now supported again by the
serializer again. `LegacySSHStore`, instead of also asserting that the
version is at least 4, just checks that `narHash` is set.

This allows us to better test the serializer in isolation for both
versions (< 4 and >= 4).
2023-12-07 11:34:18 -05:00
Eelco Dolstra c3827ff634
Merge pull request #9557 from bryanhonof/bryanhonof.fix-apple-double-shenanigans
Add option to libarchive so it behaves correctly
2023-12-07 12:33:02 +01:00
Bryan Honof bf00d5ecef
fix(libutil/tarfile): add option to libarchive so it behaves correctly with AppleDouble files
AppleDouble files were extracted differently on macOS machines than on other
UNIX's.
Setting `archive_read_set_format_option(this->archive, NULL ,"mac-ext",NULL)`
fixes this problem, since it just ignores the AppleDouble file and treats it as
a normal one.
This was a problem since it caused source archives to be different between macOS
and Linux.

Ref: nixos/nix#9290
2023-12-07 11:35:15 +01:00
tomberek 82449a455f
Merge pull request #9452 from kolloch/feature/nix-hash-convert
Add nix hash convert
2023-12-06 19:47:53 -05:00
Peter Kolloch 9a1a3c43bf Store.xs: fix references to HashFormat::Nix32
https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch e9a5365db6 hash.sh: Make failure tests more tolerant of additional output
"warning: you don'\''t have Internet access; disabling some network-dependent features" ...

https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch bbba2055f0 Refactor concurrently added tests to use HashAlgorithm.
https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch d38ec12855 Update src/libexpr/primops.cc
Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2023-12-06 23:43:42 +01:00
Peter Kolloch 8afeaf05c4 Add docs/rl-notes for nix hash convert / builtins.convertHash
https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch 7ff876b92b Add deprecation notice for old nix hash conversion subcommands.
(But not yet nix-hash since `nix hash` is still hidden behind a feature flag.)

https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch fc6f29053a Renamed HashFormat::Base32 to HashFormat::Nix32
...and also adjusted parsing accordingly.

Also added CLI completion for HashFormats.

https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch 837b889c41 Further HashType renaming + using mkHashAlgoOptFlag for new conversion
https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch 5334c9c792 HashType: Rename to HashAlgorithm
To be consistent with CLI, nix API
and many other references.

As part of this, we also converted it to a scoped enum.

https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch 0c2d5f7673 nix hash convert: s/--type/--algo/ + more functional tests
https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:42 +01:00
Peter Kolloch 6bbd900d4f nix hash convert: added
This deviated from the proposal! See comments on the issue.

https://github.com/NixOS/nix/issues/8876
2023-12-06 23:43:34 +01:00
Peter Kolloch 156ea78d74 CmdHashBase: doc comment 2023-12-06 23:41:07 +01:00
Peter Kolloch e7abf60a0c hash.cc/hash.h: Minor C++ improvements 2023-12-06 23:41:07 +01:00
Eelco Dolstra 3dcb83409d
Merge pull request #9509 from fricklerhandwerk/add-redirect
add redirect to new store page
2023-12-06 18:03:53 +01:00
Eelco Dolstra 9817788f6b
Merge pull request #9518 from NixOS/fix-static-build
Update Nixpkgs to fix static build
2023-12-06 18:02:30 +01:00
Eelco Dolstra 34a69976d9
Merge pull request #9545 from NixOS/update-labeler-config
Fix the labeler.yml config file
2023-12-06 18:01:02 +01:00
Théophane Hufschmitt 7fff625e39
Improve the error message for “multicommands” commands (#9510)
* Factor out the default `MultiCommand` behavior

All the `MultiCommand`s had (nearly) the same behavior when called
without a subcommand.
Factor out this behavior into the `NixMultiCommand` class.

* Display the list of available subcommands when none is specified

Whenever a user runs a command that excepts a subcommand, add the list
of available subcommands to the error message.

* Print the multi-command lists as Markdown lists

This takes more screen real estate, but is also much more readable than
a comma-separated list
2023-12-06 13:13:45 +00:00
Eelco Dolstra 2bd8322500
Update src/libfetchers/filtering-input-accessor.hh
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-12-06 14:08:40 +01:00
Théophane Hufschmitt ee8540ae90
Fix the labeler.yml config file
labeler 5.0 changed the configuration file in a non-backwards-compatible way (https://github.com/actions/labeler/tree/main#breaking-changes-in-v5), so update our config file to match that (because all the CIs are red otherwise 😬 ).
2023-12-06 14:07:08 +01:00
Eelco Dolstra 53ab5d87c2 Use expectStderr 2023-12-06 14:05:32 +01:00
Eelco Dolstra 57246c4c38 PosixSourceAccessor: Cache lstat() calls
Since we're doing a lot of them in assertNoSymlinks().
2023-12-06 13:55:54 +01:00
Eelco Dolstra 504e4fc457 CanonPath: Support std::hash 2023-12-06 13:45:59 +01:00
John Ericson fbc855b3c3
Merge pull request #9542 from NixOS/pthread-fix-netbsd
Add missing `-pthread` for test support libraries
2023-12-05 18:44:25 -05:00
John Ericson b23273f6a2 Add missing -pthread for test support libraries
This is good in general (see how the other libraries also have long had
it, since 49fe9592a4) but in particular
needed to fix the NetBSD build.
2023-12-05 18:18:30 -05:00
John Ericson 96fdea3394
Merge pull request #9541 from obsidiansystems/config-buildprefix-fix
Including `config.h` also needs `$(buildprefix)`
2023-12-05 17:16:57 -05:00
Eelco Dolstra 83c067c0fa PosixSourceAccessor: Don't follow any symlinks
All path components must not be symlinks now (so the user needs to
call `resolveSymlinks()` when needed).
2023-12-05 23:02:59 +01:00
John Ericson 733333e87d Including config.h also needs $(buildprefix)
Per the instruction in the manual, we want to run configure in a
different directory so that we can configure + build for multiple
platforms. That means `config.h` will be in the build directory. This is
just like `Makefile.config`, which already is used with
`$(buildprefix)`.
2023-12-05 16:36:12 -05:00
Robert Hensing efc65ef122
Merge pull request #9505 from fricklerhandwerk/quick-start
shorten the quick start chapter
2023-12-05 19:52:03 +01:00
Eelco Dolstra 345f79d016 Check that we can't follow symlinks outside of the allowed paths 2023-12-05 16:33:02 +01:00
Eelco Dolstra d54f847682
Merge pull request #9520 from fricklerhandwerk/fix-links-stores-overview
fix links in stores overview
2023-12-05 14:46:54 +01:00
Eelco Dolstra 2f9bc1ecda
Merge pull request #9536 from NixOS/dependabot/github_actions/zeebe-io/backport-action-2.2.0
Bump zeebe-io/backport-action from 2.1.1 to 2.2.0
2023-12-05 14:14:22 +01:00
Eelco Dolstra a4b3a63b1c
Merge pull request #9537 from NixOS/dependabot/github_actions/cachix/install-nix-action-24
Bump cachix/install-nix-action from 23 to 24
2023-12-05 14:14:10 +01:00
Eelco Dolstra 4931697825
Merge pull request #9538 from NixOS/dependabot/github_actions/cachix/cachix-action-13
Bump cachix/cachix-action from 12 to 13
2023-12-05 14:13:59 +01:00
Eelco Dolstra 6278e264f7
Merge pull request #9539 from NixOS/dependabot/github_actions/actions/labeler-5
Bump actions/labeler from 4 to 5
2023-12-05 14:13:47 +01:00
dependabot[bot] e488a43f45
Bump actions/labeler from 4 to 5
Bumps [actions/labeler](https://github.com/actions/labeler) from 4 to 5.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 22:09:25 +00:00
dependabot[bot] e6a3cbfceb
Bump cachix/cachix-action from 12 to 13
Bumps [cachix/cachix-action](https://github.com/cachix/cachix-action) from 12 to 13.
- [Release notes](https://github.com/cachix/cachix-action/releases)
- [Commits](https://github.com/cachix/cachix-action/compare/v12...v13)

---
updated-dependencies:
- dependency-name: cachix/cachix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 22:09:18 +00:00
dependabot[bot] c446e5294d
Bump cachix/install-nix-action from 23 to 24
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 23 to 24.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v23...v24)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 22:09:14 +00:00
dependabot[bot] 823512c1e7
Bump zeebe-io/backport-action from 2.1.1 to 2.2.0
Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 2.1.1 to 2.2.0.
- [Release notes](https://github.com/zeebe-io/backport-action/releases)
- [Commits](https://github.com/zeebe-io/backport-action/compare/v2.1.1...v2.2.0)

---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-12-04 22:09:10 +00:00