Commit graph

8387 commits

Author SHA1 Message Date
Robert Hensing
19b495a48a NarInfoDiskCache: Also test id consistency with updated fields
And clarify test
2023-02-07 23:34:36 +01:00
Robert Hensing
fb94d5cabd NarInfoDiskCache: Keep BinaryCache.id stable and improve test
Fixes #3898

The entire `BinaryCaches` row used to get replaced after it became
stale according to the `timestamp` column. In a concurrent scenario,
this leads to foreign key conflicts as different instances of the
in-process `state.caches` cache now differ, with the consequence that
the older process still tries to use the `id` number of the old record.

Furthermore, this phenomenon appears to have caused the cache for
actual narinfos to be erased about every week, while the default
ttl for narinfos was supposed to be 30 days.
2023-02-07 23:34:36 +01:00
Robert Hensing
2ceece3ef3 NarInfoDiskCache: Prepare reproducer for #3898 2023-02-07 23:34:36 +01:00
Robert Hensing
79f62d2dda NarInfoDiskCacheImpl: Make dbPath a parameter
This allows testing with a clean database.
2023-02-07 23:34:36 +01:00
Robert Hensing
29f0b196f4 NarInfoDiskCache: Rename cacheExists -> upToDateCacheExists
This is slightly more accurate considering that an outdated record
may exist in the persistent cache. Possibly-outdated records are
quite relevant as they may be foreign keys to more recent information
that we want to keep, but we will not return them here.
2023-02-07 23:34:36 +01:00
Robert Hensing
8a0ef5d58e sqlite.cc: Add SQL tracing
Set environment variable NIX_DEBUG_SQLITE_TRACES=1 to log all sql statements.
2023-02-07 23:34:36 +01:00
Eelco Dolstra
dbe0748f97
Merge pull request #7739 from obsidiansystems/user-settings
Move `trustedUsers` and `allowedUsers` to separate config struct
2023-02-03 11:55:37 +01:00
John Ericson
a47e055e09 Move trustedUsers and allowedUsers to separate config struct
These settings are not needed for libstore at all, they are just used by
the nix daemon *command* for authorization on unix domain sockets. My
moving them to a new configuration struct just in that file, we avoid
them leaking anywhere else.

Also, it is good to break up the mammoth `Settings` struct in general.
Issue #5638 tracks this.

The message is not changed because I do not want to regress in
convenience to the user. Just saying "this connection is not trusted"
doesn't tell them out to fix the issue. The ideal thing to do would be
to somehow parameterize `processCommand` on how the error should be
displayed, so different sorts of connections can display different
information to the user based on how authentication is performed for the
connection in question. This, however, is a good bit more work, so it is
left for the future.

This came up with me thinking about the tcp:// store (#5265). The larger
project is not TCP *per se*, but the idea that it should be possible for
something else to manage access control to services like the Nix Daemon,
and those services simply trust or trust the incoming connection as they
are told. This is a more capability-oriented way of thinking about trust
than "every server implements its own auth separately" as we are used to today.

Its very great that libstore itself already implements just this model,
and so via this refactor I basically want to "enshrine" that so it
continues to be the case.
2023-02-02 14:17:24 -05:00
John Ericson
479c011784 Get rid of the authHook parameter on processConnection
This is (morally) dead code.

As @edolstra pointed out in
https://github.com/NixOS/nix/pull/5226#discussion_r1073470813, this is
no longer needed.

I created this in 8d4162ff9e, so it is
fitting that I now destroy it :).
2023-02-02 12:02:03 -05:00
Eelco Dolstra
b574c70ccb
Merge pull request #7736 from shlevy/plugin-files-daemon
Don't send plugin-files to the daemon.
2023-02-02 12:35:51 +01:00
Shea Levy
895c525d04
daemon: Warn on old clients passing unexpected plugin-files.
The setting itself was already ignored due to exception trying to set pluginFiles.
2023-02-02 06:03:45 -05:00
Shea Levy
92edc38369
Don't send plugin-files to the daemon.
This is radically unsafe and the daemon has already loaded its plugins
anyway.

Fixes cachix/devenv#276
2023-02-01 20:05:56 -05:00
Jamie Quigley
32ca59649b
nix-shell: Colour the prompt red if the user is root
This matches the nixos prompt colours - green for standard user, red for
root
2023-02-01 20:50:44 +00:00
Eelco Dolstra
e8ca49f6ef Fix clang compilation 2023-02-01 20:34:44 +01:00
Eelco Dolstra
57a4258426 Remove an unused capture 2023-02-01 20:27:35 +01:00
Eelco Dolstra
7a09bfbcb6
Merge pull request #7723 from yorickvP/nix-store-ping-json
nix store ping: add --json flag
2023-02-01 17:11:34 +01:00
Théophane Hufschmitt
518da6c6a3
Merge pull request #7716 from obsidiansystems/small-storePath-cleanups
Separate `path.hh` from `content-address.hh`
2023-02-01 16:00:28 +01:00
Eelco Dolstra
b55a946d8d
Merge pull request #7717 from obsidiansystems/delete-dead-code
Delete dead code
2023-02-01 15:57:04 +01:00
Théophane Hufschmitt
e32c5c2c77
Merge pull request #7667 from dramforever/flake-search-attr
Better error message for nix search when attr is not found
2023-02-01 15:56:22 +01:00
Eelco Dolstra
845b7f067d
Merge pull request #7726 from hercules-ci/flake-show-when-empty-hide
nix flake show: Ignore empty attrsets
2023-02-01 15:49:13 +01:00
Eelco Dolstra
14b0b9ea5a
Merge pull request #7203 from graham33/feature/cpp20
Proposal: Use C++20
2023-02-01 15:41:04 +01:00
Robert Hensing
60d48eda23 nix flake show: Ignore empty attrsets
For frameworks it's important that structures are as lazy as possible
to prevent infinite recursions, performance issues and errors that
aren't related to the thing to evaluate. As a consequence, they have
to emit more attributes than strictly (sic) necessary.
However, these attributes with empty values are not useful to the user
so we omit them.
2023-01-31 18:20:26 +01:00
Yorick van Pelt
4f4a6074e4
nix store ping: try to print json if connect() fails aswell 2023-01-31 15:10:39 +01:00
Yorick van Pelt
28648ed784
nix store ping: add --json flag 2023-01-31 13:24:23 +01:00
Robert Hensing
c9b9260f34
Merge pull request #7713 from obsidiansystems/more-rapid-check
Add more property tests
2023-01-30 18:54:53 +01:00
John Ericson
e21aa43212 Delete dead code
The references set seems to have been unused since `LegacySSHStore`
references were first created in
caa5793b4a.

The method decls never were upstream, and accidentally added by me in
062533f7cd (probably due to `git rerere`).
Sorry!

This reduces the diff from #3746.
2023-01-30 11:29:01 -05:00
dramforever
6b779e4b07 Fix extra "." in CmdSearch::getDefaultFlakeAttrPaths
No other getDefaultFlakeAttrPaths implementation has this trailing dot,
and the dot can show up in error messages like:

  error: flake '...' does not provide attribute 'packages.x86_64-linux.', ...
2023-01-31 00:04:05 +08:00
dramforever
377d5eb388 Installable::getCursors: Cleanup
- Clarify doc comments, Installables::getCursors returns non-empty
  vector
- Use vector::at in Installable::getCursor instead of checking for empty
  vector and throwing an exception with error message.
2023-01-31 00:04:05 +08:00
dramforever
b26562c629 InstallableFlake: Handle missing attr in getCursors
Handle the case where none of getActualAttrPaths() actually exists,
in which case instead of returning an empty vector.

This fixes the case where the user misspells the attribute name in nix
search. Instead of getting no search results, now it shows an error with
suggestions.

Also remove InstallableFlake::getCursor() override since it's now
equivalent to the base class version.
2023-01-30 23:59:09 +08:00
John Ericson
560142fec0 Make per-variant Arbitrary impls too
This is a nice idea that @roberth requested. If we could factor our a
generic `std::variant` impl as a follow-up it would be even better!
2023-01-30 10:56:00 -05:00
John Ericson
02e745ba5b Separate path.hh from content-address.hh
It is good to separate concerns; `StorePath` (in general) has nothing to
do with `ContentAddress` anyways.

This reduces the diff from #3746.
2023-01-30 10:14:03 -05:00
John Ericson
f3e272ba02 Avoid some StorePath <-> Path round trips
Avoid needless work and throwing away invariants.

These conversions date back to when `StorePath` was in Rust and there
were issues with it missing utility methods.
2023-01-30 09:37:57 -05:00
Eelco Dolstra
c79b1582a7
Merge pull request #5226 from NixOS/client-side-profiles
Move the default profiles to the user’s home
2023-01-30 12:21:47 +01:00
Théophane Hufschmitt
575d0aea5d
Merge pull request #6988 from max-privatevoid/pr-flake-show-foreign
nix flake show: don't evaluate derivations for foreign systems by default
2023-01-30 12:06:37 +01:00
Théophane Hufschmitt
de1b593233
Merge pull request #7087 from ncfavier/referenceablePaths
Self-contained outputs
2023-01-30 11:06:54 +01:00
Théophane Hufschmitt
7cd08ae379
Merge pull request #7645 from typetetris/fix-url-parsing-file-as-application-scheme
Fix url parsing for urls using `file+`
2023-01-30 10:42:03 +01:00
Théophane Hufschmitt
4aaf0ee52e
Merge branch 'master' into referenceablePaths 2023-01-30 10:31:00 +01:00
Théophane Hufschmitt
d70b890488
Merge pull request #7689 from ncfavier/nix-path-restrict-eval
getDefaultNixPath: actually respect `{restrict,pure}-eval`
2023-01-30 10:03:17 +01:00
John Ericson
ecd3e4ebd7 More property tests
Also put proper comparison methods on `DerivedPath` and
`NixStringContextElem`, which is needed for the tests but good in
general.
2023-01-29 17:09:59 -05:00
John Ericson
ec0c0efec6 Allow unit test infra to be reused across libs' tests
This allows using Arbitrary "instances" defined in libstore-tests in
libexpr-tests, something we will leverage in a moment.
2023-01-29 13:52:57 -05:00
Max
02e81cdf62 apply showAllSystems to legacyPackages as well 2023-01-27 23:59:48 +01:00
Naïm Favier
dba9173a1d
Document default nix-path value 2023-01-27 15:25:07 +01:00
Naïm Favier
1cba5984a6
getDefaultNixPath: actually respect {restrict,pure}-eval
Previously, getDefaultNixPath was called too early: at initialisation
time, before CLI and config have been processed, when `restrictEval` and
`pureEval` both have their default value `false`. Call it when
initialising the EvalState instead, and use `setDefault`.
2023-01-27 13:28:57 +01:00
Théophane Hufschmitt
ab424a39a9 Merge remote-tracking branch 'nixos/master' into pr-flake-show-foreign 2023-01-27 09:46:46 +01:00
Solène Rapenne
6b2729c81e improve documentation about substituters and trusted users
Co-authored-by: Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
2023-01-26 09:56:44 +01:00
Solène Rapenne
64951d9125 Update src/libstore/daemon.cc
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-01-26 09:34:25 +01:00
Solène Rapenne
a96156c58f warnings: enhance the case of untrusted substituter for untrusted user 2023-01-26 09:34:25 +01:00
Guillaume Maudoux
734c5fdcd6 Fix 'destructor called on non-final ...' warning
clangStdenv compiles with a single warning:

```
warning: destructor called on non-final 'nix::PosAdapter' that has virtual functions but non-virtual destructor [-Wdelete-non-abstract-non-virtual-dtor]
```

This fixes the warning by making the destructor of PosAdapter virtual,
deffering to the correct destructor from the concrete child classes.
This has no impact in the end, as none of these classes have specific
destructors.

Technicaly, it may be faster not to have this indirection, but as per
the warning, there is only one place where we have to delete abstract
PosAdapter values.

Not worth bikesheding I guess.
2023-01-24 16:37:50 +01:00
Eelco Dolstra
f503ba1b8b
Merge pull request #7595 from cole-h/show-setting-value
nix/show-config: allow getting the value of a specific setting
2023-01-23 17:56:39 +01:00
Robert Hensing
9b56683398
Merge pull request #7447 from aakropotkin/read-file-type
Read file type
2023-01-23 17:37:22 +01:00