Commit graph

7240 commits

Author SHA1 Message Date
Daiderd Jordan 97baf32fbc
build: add exit code for hash and check mismatches
Makes it easier to identify the failure reason in other tooling, eg.
differentiate between a non-deterministic --check vs a failed build.

	$ nix-build '<nix/fetchurl.nix>' --argstr url http://example.org --argstr sha256 0000000000000000000000000000000000000000000000000000
	hash mismatch in fixed-output derivation '/nix/store/nzi9ck45rwlxzcwr25is7qlf3hs5xl83-example.org':
	  wanted: sha256:0000000000000000000000000000000000000000000000000000
	  got:    sha256:08y4734bm2zahw75b16bcmcg587vvyvh0n11gwiyir70divwp1rm
	$ echo $?
	102

	$ nix-build -E 'with import <nixpkgs> {}; runCommand "foo" {} "date +%s > $out"' --check
	warning: rewriting hashes in '/nix/store/g3k47g0399fvjmbm0p0mnad74k4w8vkz-foo'; cross fingers
	error: derivation '/nix/store/mggc8dz13ackb49qca6m23zq4fpq132q-foo.drv' may not be deterministic: output '/nix/store/g3k47g0399fvjmbm0p0mnad74k4w8vkz-foo' differs
	$ echo $?
	104
2019-07-02 00:12:34 +02:00
Eelco Dolstra 5c8f477283
Merge pull request #2977 from aniketd/2971-cannot-disable-http2
Fix `http2 = false` having no effect.
2019-06-28 19:58:42 +02:00
Aniket Deshpande ec58ba38c5
Fix http2 = false having no effect. Fixes #2971.
Setting `http2 = false` in nix config (e.g. /etc/nix/nix.conf)
had no effect, and `nix-env -vvvvv -i hello` still downloaded .nar
packages using HTTP/2.

In `src/libstore/download.cc`, the `CURL_HTTP_VERSION_2TLS` option was
being explicitly set when `downloadSettings.enableHttp2` was `true`,
but, `CURL_HTTP_VERSION_1_1` option was not being explicitly set when
`downloadSettings.enableHttp2` was `false`.

This may be because `https://curl.haxx.se/libcurl/c/libcurl-env.html` states:
"You have to set this option if you want to use libcurl's HTTP/2 support."
but, also, in the changelog, states:
"DEFAULT
Since curl 7.62.0: CURL_HTTP_VERSION_2TLS
Before that: CURL_HTTP_VERSION_1_1"

So, the default setting for `libcurl` is HTTP/2 for version >= 7.62.0.

In this commit, option `CURLOPT_HTTP_VERSION` is explicitly set to
`CURL_HTTP_VERSION_1_1` when `downloadSettings.enableHttp2` nix config
setting is `false`.

This can be tested by running `nix-env -vvvvv -i hello | grep HTTP`
2019-06-28 20:44:46 +05:30
Eelco Dolstra 6847c92788
Fix macOS build failure
Issue #2976.
2019-06-28 15:38:23 +02:00
Matthew Bauer ec0087df0a Don’t use entire /etc/nsswitch.conf file
The default nsswitch.conf(5) file in most distros can handle many
different things including host name, user names, groups, etc. In Nix,
we want to limit the amount of impurities that come from these things.
As a result, we should only allow nss to be used for gethostbyname(3)
and getservent(3).

/cc @Ericson2314
2019-06-27 14:31:29 -04:00
Eelco Dolstra 324a5dc92f
ProgressBar: Fix updating
'updateCV.notify_one()' does nothing if the update thread is not
waiting for updateCV (in particular this happens when it is sleeping
on quitCV). So also set a variable to ensure that the update isn't
lost.
2019-06-25 21:59:20 +02:00
Eelco Dolstra 88571219d9
nix-channel: Don't fetch binary-cache-url
This has been ignored since the Perl->C++ rewrite.
2019-06-25 13:27:16 +02:00
Eelco Dolstra 09dde33c19
Automatically use --no-net if there are no network interfaces
(cherry picked from commit 04a5976996)
2019-06-25 12:45:59 +02:00
Eelco Dolstra 5600b070a7
Add "warning" verbosity level
This ensures that "nix" shows warnings. Previously these were hidden
because they were at "info" level.

(cherry picked from commit 615a9d031d)
2019-06-25 12:44:17 +02:00
Eelco Dolstra 64ec087f58
Fix 32-bit overflow with --no-net
--no-net causes tarballTtl to be set to the largest 32-bit integer,
which causes comparison like 'time + tarballTtl < other_time' to
fail on 32-bit systems. So cast them to 64-bit first.

https://hydra.nixos.org/build/95076624
(cherry picked from commit 29ccb2e969)
2019-06-24 22:16:43 +02:00
Eelco Dolstra f8b30338ac
Refactor downloadCached() interface
(cherry picked from commit df3f5a78d5)
2019-06-24 22:12:26 +02:00
Eelco Dolstra 7b9c68766d
Add '--no-net' convenience flag
This flag

* Disables substituters.

* Sets the tarball-ttl to infinity (ensuring e.g. that the flake
  registry and any downloaded flakes are considered current).

* Disables retrying downloads and sets the connection timeout to the
  minimum. (So it doesn't completely disable downloads at the moment.)

(cherry picked from commit 8ea842260b)
2019-06-24 22:07:29 +02:00
Eelco Dolstra 78fa47a7f0
Fix 'error 9 while decompressing xz file'
Once we've started writing data to a Sink, we can't restart a download
request, because then we end up writing duplicate data to the
Sink. Therefore we shouldn't handle retries in Downloader but at a
higher level (in particular, in copyStorePath()).

Fixes #2952.

(cherry picked from commit a67cf5a358)
2019-06-24 21:59:51 +02:00
Eelco Dolstra 2fef4dd296
Downloader: Propagate exceptions from decompressionSink->finish()
(cherry picked from commit 15fa70cd1b)
2019-06-24 21:59:31 +02:00
Eelco Dolstra b43e1e186e
CachedDownloadResult: Include store path
Also, make fetchGit and fetchMercurial update allowedPaths properly.

(Maybe the evaluator, rather than the caller of the evaluator, should
apply toRealPath(), but that's a bigger change.)

(cherry picked from commit 5c34d66538)
2019-06-24 21:59:27 +02:00
Eelco Dolstra dc29e9fb47
downloadCached: Return ETag
(cherry picked from commit 529add316c)
2019-06-24 21:58:33 +02:00
Eelco Dolstra 94f11d0a61
Fix abort in fromTOML
Fixes #2969.
2019-06-24 17:09:09 +02:00
Eelco Dolstra 99cec651c9
Add more fromTOML tests 2019-06-24 16:52:11 +02:00
Eelco Dolstra 8884c364ca
Merge pull request #2963 from backuitist/s3-sdk
Nix uses the CPP SDK, not Java
2019-06-20 15:49:34 +02:00
Bruno Bieth 74a65d313f Nix uses the CPP SDK, not Java 2019-06-20 14:47:45 +02:00
Eelco Dolstra 4b214e6e45
Merge pull request #2878 from NixOS/run-in-pts
Run builds in a pseudo-terminal
2019-06-17 14:44:40 +02:00
Eelco Dolstra 38a4d38bc3
Merge pull request #2746 from bjornfor/install-multi-user-defaults
install-multi-user: reduce max-jobs from 32 to 1
2019-06-17 10:17:40 +02:00
Eelco Dolstra 3cc1125595
Another attempt at getting pseudoterminals to work on macOS 2019-06-17 08:08:04 +02:00
Eelco Dolstra 2743bf0bb1 Hopefully fix macOS tests 2019-06-16 20:02:40 +02:00
Eelco Dolstra 82ca6ef390 Set $TERM 2019-06-16 17:36:30 +02:00
Eelco Dolstra e84c265645 Run builds in a pseudo-terminal
This allows many programs (e.g. gcc, clang, cmake) to print colorized
log output (assuming $TERM is set to a value like "xterm").

There are other ways to get colors, in particular setting
CLICOLOR_FORCE, but they're less widely supported and can break
programs that parse tool output.
2019-06-16 17:36:30 +02:00
Eelco Dolstra b693029ca0
Style fix 2019-06-16 09:43:20 +02:00
Eelco Dolstra 26bc876ae6
nix: Add -L alias for --print-build-logs 2019-06-15 16:45:00 +02:00
Eelco Dolstra 5064971ded
Fix test failures when $TMPDIR changes
(cherry picked from commit c38c726eb5)
2019-06-15 16:36:33 +02:00
Eelco Dolstra 34fa8ce917
nix: Support -j flag 2019-06-15 16:34:06 +02:00
Graham Christensen 7ce60a81ba
Merge pull request #2931 from NinjaTrappeur/nin-add-warning-setting-untrusted
Daemon: warn when an untrusted user cannot override a setting
2019-06-15 04:07:26 -04:00
Félix Baylac-Jacqué 9e0f5f803f
Daemon: warn when an untrusted user cannot override a setting
In a daemon-based Nix setup, some options cannot be overridden by a
client unless the client's user is considered trusted.

Currently, if an untrusted user tries to override one of those
options, we are silently ignoring it.

This can be pretty confusing in certain situations.

e.g. a user thinks he disabled the sandbox when in reality he did not.

We are now sending a warning message letting know the user some options
have been ignored.

Related to #1761.
2019-06-15 03:59:12 -04:00
Matthew Bauer 5011a52cf3 Just enable hack on macOS
This is not needed on linux at all! Tried to explain as much as I
understand with the problem.
2019-06-05 20:20:50 -04:00
Matthew Bauer 4a3e96281d Handle SIGWINCH in main thread
For the SIGWINCH signal to be caught, it needs to be set in sigaction
on the main thread. Previously, this was broken, and updateWindowSize
was never being called. Tested on macOS 10.14.
2019-06-05 00:40:45 -04:00
Eelco Dolstra fb0ad898ed
Merge pull request #2918 from JorisE/patch-1
Minor typo
2019-06-04 14:38:52 +02:00
JorisE 4b0d613383
Minor typo 2019-06-04 14:12:03 +02:00
Eelco Dolstra aec545c20b Fix segfault in builtin fetchurl with hashed mirrors + SRI hashes 2019-06-01 15:27:43 +02:00
Eelco Dolstra 5450af5d0d
Merge pull request #2910 from worldofpeace/funding
Add .github/FUNDING.yml
2019-06-01 09:56:48 +02:00
worldofpeace 2d34028b1e Add .github/FUNDING.yml 2019-05-31 22:19:46 -04:00
Eelco Dolstra 2b62928905
Merge pull request #2905 from ln-nl/patch-1
release-common: fix build with `config.allowAliases = false`
2019-05-31 09:56:47 +02:00
ln-nl 3b1cc8b0cb
release-common: fix build with config.allowAliases = false
```sh
> nix build -f release.nix build.x86_64-linux
error: undefined variable 'docbook5_xsl' at /vcs/nix/release-common.nix:45:7
```
2019-05-30 18:08:33 +03:00
Eelco Dolstra d8abee9bc6
Merge pull request #2892 from johannes-climacus/master
Replace `type` with `command -v` in install script
2019-05-30 14:15:23 +02:00
Johannes Climacus a8251ba2ed Replace type with command -v in install script
In POSIX sh, `type` is undefined.

cf. https://pubs.opengroup.org/onlinepubs/9699919799/utilities/command.html#tag_20_22_04
2019-05-29 10:08:21 -04:00
Eelco Dolstra 17ef3e6f41
Enable more fromTOML tests
cpptoml now parses almost all examples from the spec.
2019-05-29 12:22:52 +02:00
Eelco Dolstra cfd74aef1e
Fix eval-okay-fromTOML test
Turns out we were mis-parsing single-quoted attributes, e.g. 'key2'.
2019-05-29 12:12:02 +02:00
Ding Xiang Fei abdedcdb38 bump cpptoml to v0.1.1 2019-05-29 17:01:39 +08:00
Eelco Dolstra 22f2744afd
Iterate over references 2019-05-28 23:05:08 +02:00
Eelco Dolstra 9eaebbf575
Merge branch 'attrPaths' of https://github.com/NinjaTrappeur/nix 2019-05-28 22:59:05 +02:00
Eelco Dolstra bfc6bdf222
Merge pull request #2880 from Ma27/document-optional-attrs-with-at-pattern
doc: clarify that optional attrs in a function argument will be ignored unless specified
2019-05-22 14:14:56 +02:00
Maximilian Bosch b502b6682b
doc: clarify that optional attrs in a function argument will be ignored unless specified
In `args@{ a ? 1 }: /* ... */` the value `a` won't be a part of `args`
unless it's specified when calling the function, the default value will
be ignored in this case.

My personal point of view is that this behavior is a matter of taste, at
least I was pretty sure that unmatched arguments will be a part of
`args@` while debugging some Nix code last week.

I decided to add a warning to the docs which hopefully reduces the
confusion of further Nix developers who thought the same about `args@`.
2019-05-21 18:08:26 +02:00