Commit graph

18277 commits

Author SHA1 Message Date
tomberek
92df2a7cb2
Merge pull request #11285 from DeterminateSystems/downloadTarball-cacheable
fetchers::downloadTarball(): Return a cacheable accessor
2024-08-16 23:05:49 -04:00
tomberek
15a2457607
Merge pull request #11303 from NixOS/always-quick-build
Use nixosTest.quickBuild behavior by default
2024-08-16 22:07:05 -04:00
Robert Hensing
d4aa7d5dc7 Use nixosTest.quickBuild behavior by default
This wasn't the default behaviour because:

> We don't enable this by default to avoid the mostly unnecessary work of
> performing an additional build of the package in cases where we build
> the package normally anyway, such as in our pre-merge CI.

Since we have a componentized build, we've solved the duplication.

In the new situation, building both with and without unit tests
isn't any slow than just a build with unit tests, so there's no
point in using the unit-tested build anymore.

By using the otherwise untested build, we reduce the minimum build
time towards the NixOS test, at no cost.

If you want to run all tests, build all attributes.
2024-08-16 21:25:48 -04:00
Eelco Dolstra
b02601cd0c
Merge pull request #11311 from cole-h/update-nixpkgs-input-fix-darwin
Update nixpkgs input to fix darwin ccache evaluation, have CI check that all outputs on all systems evaluate
2024-08-16 20:43:59 +02:00
Cole Helbling
aa3d35c1f4 ci: check that all outputs for all systems can evaluate 2024-08-16 07:22:30 -07:00
Cole Helbling
8866d2cd83 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/63d37ccd2d178d54e7fb691d7ec76000740ea24a?narHash=sha256-7cCC8%2BTdq1%2B3OPyc3%2BgVo9dzUNkNIQfwSDJ2HSi2u3o%3D' (2024-07-21)
  → 'github:NixOS/nixpkgs/c3d4ac725177c030b1e289015989da2ad9d56af0?narHash=sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz%2BNG82pbdg%3D' (2024-08-15)
2024-08-16 07:09:27 -07:00
Robert Hensing
a03bb4455c Fix SSH invocation when local SHELL misbehaves
Setting it to /bin/sh will make it more predictable when users have
their favorite shell in SHELL, which might not behave as expected.
For instance, a bad rc file could send something to stdout before
our LocalCommand gets to write "started".

This may help https://github.com/NixOS/nix/issues/11010
2024-08-16 15:53:30 +02:00
Robert Hensing
c4192a6617 Add nix::execvpe 2024-08-16 15:53:30 +02:00
Michael Gallagher
30af4a9e27
nix-daemon.sh profile script: operate under set -u in bash
see d459d3307c
2024-08-15 17:56:05 -07:00
Robert Hensing
31f3f23ee6
Merge pull request #11305 from NixOS/doc-apply
Document function application operator
2024-08-15 19:43:19 +02:00
Robert Hensing
06b18cff20
doc: Edit language/operators
Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
Co-authored-by: Valentin Gagarin <valentin@gagarin.work>
2024-08-15 18:53:42 +02:00
Valentin Gagarin
ce62b766ef
fix link from the readme (#11307) 2024-08-15 15:25:50 +02:00
Robert Hensing
e225b63062 doc: Document function application operator 2024-08-15 13:55:41 +02:00
Robert Hensing
72a4d1f52d Add :doc support for __functor 2024-08-15 13:04:34 +02:00
Robert Hensing
6068e32aa7 refactor: Extract EvalState::addCallDepth 2024-08-15 13:04:34 +02:00
John Ericson
d8c1550189
Merge pull request #11301 from obsidiansystems/no-make-unittests
No make unittests
2024-08-15 03:21:39 -05:00
Travis A. Everett
0fabb348ba add script to migrate macOS 15 Sequoia nixbld UIDs
While we don't have any easy way to forcibly notify everyone about the
impending breakage (or forcibly migrate the users on their system),
this script enables those who do hear about the problem to migrate
their systems before they take the macOS update.

It should also enable people who only discover it after the update
when a build fails to ~fix their installs without a full reinstall.
2024-08-14 20:58:26 -05:00
John Ericson
b41cc1a755 Make wrapper derivation
This ensures just `nix build`-ing the flake doesn't forget to run all
tests. One can still specifiy specific attributes to just build one
thing.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-14 18:04:38 -04:00
John Ericson
6f3045c2a2 Remove unit tests from old build system
Now that we can run all tests with Meson, we want developers making code
changes to use it.

(Only the manual needs to be built with the build system, and that will
change shortly.)

This reverts commit b0bc2a97bf.
2024-08-14 16:38:00 -04:00
John Ericson
b8a09bd167
Merge pull request #11073 from obsidiansystems/meson-functional-tests
Meson functional tests
2024-08-14 15:33:36 -05:00
John Ericson
34fe2478a2 Build Functional tests with Meson
Co-Authored-By: Qyriad <qyriad@qyriad.me>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-14 15:35:40 -04:00
John Ericson
d434a54b6c
Merge pull request #11241 from bryanhonof/master
Fix a few shellcheck tests
2024-08-14 14:11:31 -05:00
John Ericson
66a6eac379
Merge pull request #11280 from NixOS/contributing-attribution
CONTRIBUTING.md: Add attribution and context rules
2024-08-14 14:09:52 -05:00
John Ericson
982adb151a
Merge pull request #11291 from obsidiansystems/coarse-version
Coarse versions for constituent packages
2024-08-14 12:18:11 -05:00
John Ericson
93f58150c9 Coarse versions for constituent packages
As discussed in our meeting, we should use a simplified version for the
libraries without the date or commit hash. This will make rebuilding a
lot faster in many cases.

Progress on #10379

Co-Authored-By: Robert Hensing <robert@roberthensing.nl>
2024-08-14 12:23:01 -04:00
Bryan Honof
cc9fe4dee7
Fix a few shellcheck tests
Ref nixos/nix#10795
2024-08-14 15:16:06 +02:00
bryango
612fc76020
doc/manual: fix misaligned icons in custom.css (#11296) 2024-08-14 14:27:12 +02:00
Noam Yorav-Raphael
77d84a8d8b /homeless-shelter -> /proc/homeless/shelter
This makes it so even root can't create $HOME, for example by running `mkdir -p $HOME/.cache/foo`.
2024-08-14 14:35:42 +03:00
Robert Hensing
622c402659
Merge pull request #11292 from tomberek/tomberek.symbolstring
fix: use SymbolStr in constructor
2024-08-13 23:57:59 +02:00
Valentin Gagarin
4956e7c44c
add cross-references to nix-path overriding (#11288)
* add cross-references to `nix-path` overriding

while this information is already present in the settings, it's more
likely to be first accessed through the "lookup path" page, which
currently requires following two links to get to the practically
important bits.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-13 19:22:32 +02:00
John Ericson
3bdfc827a8
Merge pull request #11287 from obsidiansystems/meson-nix-cli-symlinks
Fix Meson installation of the Nix CLI
2024-08-13 09:22:52 -05:00
John Ericson
95fe9f5ba1 Fix Meson installation of the Nix CLI
Co-Authored-By: Qyriad <qyriad@qyriad.me>
2024-08-13 09:22:06 -04:00
Tom Bereknyei
f22bf867eb fix: use SymbolStr in constructor 2024-08-12 22:18:14 -04:00
Jeremy Kolb
d49e14ba4a Take ANSI and tree characters into account 2024-08-12 14:49:52 -04:00
John Ericson
59def6c23b
Merge pull request #11178 from obsidiansystems/better-exe-lookup
Move `NIX_BIN_DIR` and all logic using it to the Nix executable itself
2024-08-12 12:21:56 -05:00
John Ericson
58b03ef1cd Move NIX_BIN_DIR and all logic using it to the Nix executable itself
This is because with the split packages of the Meson build, we simply
have no idea what directory the binaries will be installed in when we
build the library.

In the process of doing so, consolidate and make more sophisticated the
logic to cope with a few corner cases (e.g. `NIX_BIN_DIR` exists, but no
binaries are inside it).

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-12 12:29:17 -04:00
Eelco Dolstra
9f6ee93f48 fetchers::downloadTarball(): Return a cacheable accessor
downloadTarball() is used by `-I foo=<url>` etc. fetchToStore() needs
the accessor to have a fingerprint to enable caching.

Fixes #11271.
2024-08-12 15:48:26 +02:00
Robert Hensing
b64d6aa7b0
CONTRIBUTING.md: Clarify use of cherry-pick on forks 2024-08-11 18:07:19 +02:00
siddhantCodes
d98e06a581 Use std::filesystem::path in more executables 2024-08-11 20:13:47 +05:30
siddhantCodes
8e70f6f850 Use std::filesystem::path in profile.cc ...
...and `run.cc`
2024-08-11 19:56:06 +05:30
siddhantCodes
0abc664a78 Use std::filesystem in eval and flake ...
... executables
2024-08-11 19:53:34 +05:30
siddhantCodes
2c12a6962e Remove unused variable 2024-08-11 19:18:04 +05:30
Robert Hensing
bd4e5a375b Refer contributors to the matrix room
We were basically sending contributors into the woods with that page.
2024-08-11 13:16:36 +02:00
Robert Hensing
b0b1938982 Urge contributors to read about contributing 2024-08-11 13:15:58 +02:00
siddhantCodes
70dde8c70c Use std::filesystem::path in build.cc 2024-08-11 16:30:59 +05:30
Robert Hensing
f7c86d1a2f CONTRIBUTING.md: Add attribution and context rules
We've recently had an incident where these rules were not followed,
so let's add guidelines to increase the chances of contributors
getting this right.

Relevant discussion:
https://discourse.nixos.org/t/code-attribution-policy/50445/2
2024-08-11 12:47:35 +02:00
Robert Hensing
18485d2d53
Merge pull request #11188 from lf-/jade/kill-int-overflow
Ban integer overflow in the Nix language
2024-08-11 04:24:16 +02:00
Robert Hensing
3cc2e2a0ac
Edit docs 2024-08-11 03:31:44 +02:00
Jeremy Kolb
abbaba9122 Use the window size for the entire length 2024-08-08 14:47:57 -04:00
Andrew Marshall
00f6db36fd libstore: fix port binding in __darwinAllowLocalNetworking sandbox
In d60c3f7f7c, this was changed to close a
hole in the sandbox. Unfortunately, this was too restrictive such that it
made local port binding fail, thus making derivations that needed
`__darwinAllowLocalNetworking` gain nearly nothing, and thus largely
fail (as the primary use for it is to enable port binding).

This unfortunately does mean that a sandboxed build process can, in
coordination with an actor outside the sandbox, escape the sandbox by
binding a port and connecting to it externally to send data. I do not
see a way around this with my experimentation and understanding of the
(quite undocumented) macOS sandbox profile API. Notably it seems not
possible to use the sandbox to do any of:

- Restrict the remote IP of inbound network requests
- Restrict the address being bound to

As such, the `(local ip "*:*")` here appears to be functionally no
different than `(local ip "localhost:*")` (however it *should* be
different than removing the filter entirely, as that would make it also
apply to non-IP networking). Doing `(allow network-inbound (require-all
(local ip "localhost:*") (remote ip "localhost:*")))` causes listening
to fail.

Note that `network-inbound` implies `network-bind`.
2024-08-08 14:31:26 -04:00