Théophane Hufschmitt
70083218b3
Restrict the permissions of the CI
2022-07-05 16:01:20 +02:00
Théophane Hufschmitt
057b02fd25
Merge pull request #6746 from turrisxyz/Pinned-Dependencies-GitHub
...
chore: Set permissions for GitHub actions
2022-07-05 16:00:39 +02:00
Théophane Hufschmitt
d63cd77549
Merge pull request #6664 from Ma27/innixshell-backwards-compat
...
nix-shell: restore backwards-compat with old nixpkgs
2022-07-05 15:57:20 +02:00
Rok Garbas
8a3d34e974
Merge pull request #6749 from centromere/docker-extra-pkgs-layers
...
Allow specification of extra packages, maxLayers in Docker image
2022-07-05 12:42:49 +02:00
Alex Wied
07416a6005
Allow specification of extra packages, maxLayers in Docker image
2022-07-01 17:53:14 -04:00
naveen
d31c520f40
chore: Set permissions for GitHub actions
...
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ )
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-07-01 00:29:30 +00:00
Travis A. Everett
649c9d9b4c
doc: acknowledge post-rsync reality
...
Before #5150 the copy-to-store phase of the install was idempotent,
but the recursive cp isn't. This is probably baiting a few people
into trying corrective installs that will fail.
2022-06-30 13:31:04 -05:00
Théophane Hufschmitt
b7eb4ac169
Merge pull request #6699 from tennox/better-flake-new-error-message
...
flakes: apply templates partially on conflicts
2022-06-29 18:21:07 +02:00
Théophane Hufschmitt
4c8210095e
Merge pull request #6233 from flox/nix-repl-flakes
...
Nix repl flakes
2022-06-29 17:59:22 +02:00
Théophane Hufschmitt
3b18058969
Merge pull request #6674 from virusdave/dnicponski/scratch/dont_capture_stdout_in_nix_repl_master
...
Don't capture `stdout` when launching subshells in `nix repl`
2022-06-29 17:54:41 +02:00
Théophane Hufschmitt
83f96e61a4
Add some test for nix flake init
with conflicts
2022-06-29 17:08:03 +02:00
Eelco Dolstra
4248174e71
Merge pull request #6702 from ncfavier/develop-prepend-vars
...
nix develop: save XDG_DATA_DIRS for loadable completion
2022-06-29 14:49:31 +02:00
Théophane Hufschmitt
f8fea9075c
Merge remote-tracking branch 'origin/master' into better-flake-new-error-message
2022-06-29 13:44:14 +02:00
Eelco Dolstra
7633764342
Merge pull request #6739 from edolstra/ignore-chroot-error
...
Don't fail if we can't create ~/.local/share/nix/root
2022-06-29 13:06:35 +02:00
Eelco Dolstra
6cab528461
Don't fail if we can't create ~/.local/share/nix/root
...
https://hydra.nixos.org/build/182135943
2022-06-29 12:16:51 +02:00
Eelco Dolstra
865af66112
Merge pull request #6738 from edolstra/quote
...
src/libexpr/tests/primops.cc: Quote Nix expressions
2022-06-29 12:16:15 +02:00
Eelco Dolstra
455177cbe0
src/libexpr/tests/primops.cc: Quote Nix expressions
...
Otherwise they don't survive reformatting, see the failure in
https://github.com/NixOS/nix/pull/6721 .
2022-06-29 11:37:25 +02:00
Eelco Dolstra
3c1814423b
Merge pull request #6737 from centromere/fix-typo
...
doc: Fix typo
2022-06-29 11:02:46 +02:00
Théophane Hufschmitt
56cf96a1b9
Merge pull request #6706 from lheckemann/cache-info-cache-invalidation
...
nar-info-disk-cache: refresh nix-cache-info weekly
2022-06-29 07:56:27 +02:00
Alex Wied
cd361b31fa
doc: Fix typo
2022-06-28 22:43:37 -04:00
Eelco Dolstra
6cb41288ac
Merge pull request #6727 from symphorien/shallow-doc
...
fetchGit: document `shallow` argument
2022-06-27 14:11:37 +02:00
Manu [tennox]
ae4c9ef8e2
#6699 flake init: fix trying to add unchanged file
...
After skipping because of being of identical content it tried to git add it.
2022-06-26 21:35:21 +01:00
Manu [tennox]
4374e3ec67
#6699 flake init: Apply suggestions of @thufschmitt
2022-06-26 18:12:30 +01:00
Manuel
58cbbdc5e7
Update src/nix/flake.cc
...
https://github.com/NixOS/nix/pull/6699#discussion_r904097147
Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2022-06-26 18:00:57 +01:00
Manuel
117baee1b7
Update src/nix/flake.cc
...
https://github.com/NixOS/nix/pull/6699#discussion_r904096906
Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2022-06-26 18:00:34 +01:00
Guillaume Girol
e8109cf405
fetchGit: document shallow
argument
2022-06-26 12:00:00 +00:00
Eelco Dolstra
49c4a37efc
Merge pull request #6717 from edolstra/move-flake-registry
...
Fetch flake-registry.json from channels.nixos.org
2022-06-25 21:17:57 +02:00
Eelco Dolstra
586fa707fc
Merge pull request #6714 from edolstra/auto-chroot-store
...
Automatically use a chroot store if /nix doesn't exist
2022-06-25 00:03:35 +02:00
Eelco Dolstra
30d4aa5dd6
Only do the auto chroot store on Linux
2022-06-24 23:35:21 +02:00
Eelco Dolstra
749d914d10
Add reminder to remove nix-static testing hack
...
https://github.com/NixOS/nix/pull/6708#issuecomment-1165912951
2022-06-24 23:14:56 +02:00
Tom Bereknyei
f801d70ba7
tests: enable ca-derivations for simple.nix in repl tests
2022-06-24 11:17:29 -04:00
Théophane Hufschmitt
f06b6fa4fa
Merge pull request #6698 from tweag/forbid-tilde-paths-in-pure-mode
...
Forbid the tilde expansion in pure eval mode
2022-06-24 10:02:40 +02:00
Dave Nicponski
c6f7726f48
Don't capture stdout when launching subshells in nix repl
2022-06-23 22:45:13 -04:00
Eelco Dolstra
2ef6785d8e
Merge pull request #6716 from Mindavi/bugfix/cast
...
eval-cache: cast rowId to correct type
2022-06-24 00:28:38 +02:00
Eelco Dolstra
ae2a8c0737
Merge pull request #6715 from cole-h/drop-narinfo-system
...
libstore/nar-info: drop unused system field
2022-06-24 00:03:50 +02:00
Eelco Dolstra
4b6cc3da62
Fetch flake-registry.json from channels.nixos.org
...
Using fastly is slightly faster, provides some resilience due to a
high stale TTL, and allows some usage metrics.
2022-06-23 23:56:26 +02:00
Rick van Schijndel
2beb929753
eval-cache: cast rowId to correct type
...
Prevents errors when running with UBSan:
/nix/store/j5vhrywqmz1ixwhsmmjjxa85fpwryzh0-gcc-11.3.0/include/c++/11.3.0/bits/stl_pair.h:353:4: runtime error: load of value 229, which is not a valid value for type 'AttrType'
2022-06-23 21:11:08 +02:00
Linus Heckemann
8cf26385cd
[fixup] handle cache expiration in sqlite query
2022-06-23 14:54:25 -04:00
Cole Helbling
561a258f1d
libstore/nar-info: drop unused system field
...
This was unused everywhere (and even the official NixOS binary cache
did not produce .narinfo files containing a "System:" field).
2022-06-23 14:25:10 -04:00
Eelco Dolstra
1cb376d60e
Fix typo
...
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2022-06-23 17:18:22 +02:00
Eelco Dolstra
2a9fddc0b1
Automatically use a chroot store if /nix doesn't exist
...
Specifically, if we're not root and the daemon socket does not exist,
then we use ~/.local/share/nix/root as a chroot store. This enables
non-root users to download nix-static and have it work out of the box,
e.g.
ubuntu@ip-10-13-1-146:~$ ~/nix run nixpkgs#hello
warning: '/nix' does not exists, so Nix will use '/home/ubuntu/.local/share/nix/root' as a chroot store
Hello, world!
2022-06-23 16:29:50 +02:00
Eelco Dolstra
3c57db1a0f
Merge pull request #6710 from edolstra/embedded-sandbox-shell
...
Embed the sandbox shell into the statically linked 'nix' binary
2022-06-23 15:34:16 +02:00
Eelco Dolstra
0b2ea0023c
Fix typo
2022-06-23 14:22:11 +02:00
Théophane Hufschmitt
027f6a735f
Merge pull request #6673 from asymmetric/warn
...
libstore: improve warning message on missing sig
2022-06-23 06:42:48 +02:00
Eelco Dolstra
925b975224
Embed the sandbox shell into the statically linked 'nix' binary
...
With this, Nix will write a copy of the sandbox shell to /bin/sh in
the sandbox rather than bind-mounting it from the host filesystem.
This makes /bin/sh work out of the box with nix-static, i.e. you no
longer get
/nix/store/qa36xhc5gpf42l3z1a8m1lysi40l9p7s-bootstrap-stage4-stdenv-linux/setup: ./configure: /bin/sh: bad interpreter: No such file or directory
2022-06-23 04:08:28 +02:00
Eelco Dolstra
eafa2721ca
Merge pull request #6709 from edolstra/fix-static-build-hook
...
Fix build-remote in nix-static
2022-06-23 02:12:55 +02:00
Eelco Dolstra
1e55ee2961
getSelfExe(): Support macOS
2022-06-23 01:32:46 +02:00
Eelco Dolstra
184f4e40de
Remove NIX_LIBEXEC_DIR
2022-06-23 01:32:46 +02:00
Eelco Dolstra
d3176ce076
Fix build-remote in nix-static
...
'build-remote' is now executed via /proc/self/exe so it always works.
2022-06-23 01:32:46 +02:00
Naïm Favier
155c57c171
nix develop: save XDG_DATA_DIRS for loadable completion
2022-06-23 01:11:33 +02:00