Eelco Dolstra
92aee1b7d6
Remove some release-critical jobs
...
The release does not in fact depend on Ubuntu/Fedora builds (we don't
publish the build results).
2018-03-22 13:03:56 +01:00
Eelco Dolstra
78d0c72b52
Fix coverage job
2018-03-20 14:55:47 +01:00
Eelco Dolstra
44a1b6c026
Fix build on non-x86_64-linux
2018-03-19 11:57:34 +01:00
Eelco Dolstra
c04bca3401
Factor out commonality between release.nix and shell.nix
2018-03-14 19:25:09 +01:00
Eelco Dolstra
ca14b14200
Use boost::format from the boost package
...
Note that this only requires headers from boost so it doesn't add a
runtime dependency.
Also, use Nixpkgs 18.03.
2018-03-14 19:24:04 +01:00
Will Dietz
e9a5ce9b07
release.nix: don't try to use nix-2.0 branch, no longer exists
...
Probably should point at the 18.03 release branch once that's made.
2018-03-03 13:48:54 -06:00
Eelco Dolstra
cea4fb3a31
Fix evaluation of binaryTarball.aarch64-linux
2018-02-20 12:33:32 +01:00
Eelco Dolstra
cfdfad5c34
Simplify
2018-02-07 14:15:20 +01:00
Eelco Dolstra
0f3dae1064
Merge branch 'fix-aarch64-test' of https://github.com/grahamc/nix
2018-02-07 14:12:15 +01:00
Eelco Dolstra
0c95776c3e
Don't define builtins.{currentSystem,currentTime} in pure mode
...
This makes it easier to provide a default, e.g.
system = builtins.currentSystem or "x86_64-linux";
2018-01-18 16:38:48 +01:00
Eelco Dolstra
d4dcffd643
Add pure evaluation mode
...
In this mode, the following restrictions apply:
* The builtins currentTime, currentSystem and storePath throw an
error.
* $NIX_PATH and -I are ignored.
* fetchGit and fetchMercurial require a revision hash.
* fetchurl and fetchTarball require a sha256 attribute.
* No file system access is allowed outside of the paths returned by
fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is
not allowed.
Thus, the evaluation result is completely reproducible from the
command line arguments. E.g.
nix build --pure-eval '(
let
nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git ; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; };
nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git ; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; };
in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux
)'
The goal is to enable completely reproducible and traceable
evaluation. For example, a NixOS configuration could be fully
described by a single Git commit hash. 'nixos-rebuild' would do
something like
nix build --pure-eval '(
(import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system
')
where the Git repository /my-nixos-config would use further fetchGit
calls or Git externals to fetch Nixpkgs and whatever other
dependencies it has. Either way, the commit hash would uniquely
identify the NixOS configuration and allow it to reproduced.
2018-01-16 19:23:18 +01:00
Will Dietz
435ccc7980
release: access fetchGit from builtins to fix eval w/1.11 (<1.12)
2018-01-10 14:19:29 -06:00
Benjamin Hipple
1882e802e7
Fix Fedora 25 i386 RPM build
2018-01-04 19:44:32 -05:00
Benjamin Hipple
4cb5c51375
Fix RPM builds by increasing VM memory size
...
The VM was running out of RAM while handling debug symbols, which caused the
eu-strip to fail while separating debug symbols.
2018-01-02 23:39:42 -05:00
Eelco Dolstra
4801420893
Remove debug line
2017-12-25 14:53:15 +01:00
Eelco Dolstra
6d80870832
release.nix: Use fetchTarball and fetchGit
...
In particular, using fetchGit means we don't need hackery to clean the
source tree when building from an unclean tree.
2017-12-22 11:35:32 +01:00
Graham Christensen
e4ece83b1a
tests.setuid: only on i686 and x86_64 linuxs
2017-12-12 08:31:31 -05:00
Eelco Dolstra
7f2c324ed1
Simplify build by including nlohmann/json.hpp
2017-12-04 17:11:36 +01:00
Eelco Dolstra
2f5789c5d6
Add dependencies for coverage test
2017-11-14 18:47:44 +01:00
Eelco Dolstra
4b45d8c95a
Update lcov filter
2017-11-14 18:47:37 +01:00
Eelco Dolstra
c0d93a01ee
Remove ncurses-bin
2017-11-14 14:16:16 +01:00
Eelco Dolstra
4dee01da7c
fetchGit: Add a test
2017-11-03 13:55:30 +01:00
Eelco Dolstra
1969f357b7
Add fetchMercurial primop
...
E.g.
$ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello )'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; }
$ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello ; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; }
$ nix eval '(fetchMercurial /tmp/unclean-hg-tree)'
{ branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
2017-11-01 17:45:32 +01:00
Jörg Thalheim
e94fc238cf
fixing bashisms in test code
...
This fixed the build on ubuntu/debian, where dash is the sh.
2017-10-06 06:12:33 -05:00
Eelco Dolstra
346aeee1cb
Remove Debian 8 and Ubuntu 14.10
...
These have a GCC (4.9) that is too old.
https://hydra.nixos.org/eval/1391740
2017-09-14 18:56:33 +02:00
Eelco Dolstra
4af2611bd1
Allow builders to create activities
...
Actually, currently they can only create download activities. Thus,
downloads by builtins.fetchurl show up in the progress bar.
2017-08-21 12:18:46 +02:00
Matthew Bauer
2c75945de5
Remove nix-mode.el from Nix.
...
This removes the file nix-mode.el from Nix. The file is now available within the
repository https://github.com/NixOS/nix-mode .
Fixes #662
Fixes #1040
Fixes #1054
Fixes #1055
Closes #1119
Fixes #1419
NOTE: all of the above should be fixed within NixOS/nix-mode. If one of those
hasn’t please reopen within NixOS/nix-mode and not within NixOS/nix.
2017-08-19 21:16:30 -07:00
Graham Christensen
fb40d73e23
Switch to a fancy multi-user installer on Darwin
2017-07-14 12:10:44 -04:00
Graham Christensen
a0ad8ba12e
Shellcheck the existing installer
2017-07-14 11:42:33 -04:00
Eelco Dolstra
38374a9d35
Tarball job: Include libseccomp on Linux only
2017-07-14 11:41:37 +02:00
Shea Levy
04ed11a978
Let hydra choose an alternate list of systems
2017-06-19 14:21:06 -04:00
Eelco Dolstra
b4b1f4525f
Fix coverage job
2017-06-01 14:43:15 +02:00
Eelco Dolstra
ab5834f7a1
RPM, Deb: Add dependency on libseccomp
2017-06-01 14:28:21 +02:00
Eelco Dolstra
1d9ab273ba
Add test for setuid seccomp filter
2017-05-29 16:14:10 +02:00
Eelco Dolstra
6cc6c15a2d
Add a seccomp filter to prevent creating setuid/setgid binaries
...
This prevents builders from setting the S_ISUID or S_ISGID bits,
preventing users from using a nixbld* user to create a setuid/setgid
binary to interfere with subsequent builds under the same nixbld* uid.
This is based on aszlig's seccomp code
(47f587700d
).
Reported by Linus Heckemann.
2017-05-29 16:14:10 +02:00
Eelco Dolstra
a2d92bb20e
Add --with-sandbox-shell configure flag
...
And add a 116 KiB ash shell from busybox to the release build. This
helps to make sandbox builds work out of the box on non-NixOS systems
and with diverted stores.
2017-05-15 17:36:32 +02:00
Eelco Dolstra
c5f23f10a8
Replace readline by linenoise
...
Using linenoise avoids a license compatibility issue (#1356 ), is a lot
smaller and doesn't pull in ncurses.
2017-05-10 18:37:42 +02:00
Eelco Dolstra
44309c5067
Fix Ubuntu 16.10 build
...
http://hydra.nixos.org/build/52420073
2017-05-03 18:30:47 +02:00
Eelco Dolstra
d3dcdfa006
Fix perlBindings.x86_64-darwin
...
http://hydra.nixos.org/build/52401151
2017-05-03 11:30:22 +02:00
Eelco Dolstra
73bba12d8b
Check for libreadline
2017-04-28 16:53:56 +02:00
Eelco Dolstra
921a2aeb05
Make "nix repl" build
2017-04-25 18:48:40 +02:00
Eelco Dolstra
da76c72bc9
Build on aarch64-linux
2017-04-14 14:02:43 +02:00
Eelco Dolstra
b134c2d052
Drop WWW::Curl dependency
...
Somehow this came back after d1da6967b8
.
2017-04-11 15:41:50 +02:00
Eelco Dolstra
b9b8b8a63b
Fix evaluation error
2017-03-31 15:54:15 +02:00
Eelco Dolstra
c0745a2531
Merge branch 'remove-perl' of https://github.com/shlevy/nix
2017-03-31 14:13:32 +02:00
Shea Levy
a75475ca61
Remove tabs
2017-03-30 16:51:50 -04:00
Eelco Dolstra
e8186085e0
Add support for brotli compression
...
Build logs on cache.nixos.org are compressed using Brotli (since this
allows them to be decompressed automatically by Chrome and Firefox),
so it's handy if "nix log" can decompress them.
2017-03-15 16:49:06 +01:00
Shea Levy
b667abc699
Add signing and s3 support on darwin
2017-03-05 07:39:10 -05:00
Eelco Dolstra
fe2db1dae5
Doh
2017-02-22 15:39:17 +01:00
Eelco Dolstra
b8ce649a35
Fix 32-bit RPM/Deb builds
...
http://hydra.nixos.org/build/49130529
2017-02-22 13:54:11 +01:00
Eelco Dolstra
1a57f499b0
Drop some Ubuntu releases
2017-02-21 15:20:40 +01:00
Eelco Dolstra
b95ce3194d
Debian build: Use parallel make and add Ubuntu 16.10
2017-02-21 15:03:23 +01:00
Eelco Dolstra
e4dd7dadf4
RPM build: Use parallel make
2017-02-21 14:52:36 +01:00
Eelco Dolstra
bb6656b8a2
Build RPMs for Fedora 25
...
Disabled hardened build because it makes the linker fail with messages like
relocation R_X86_64_PC32 against undefined symbol `BZ2_bzWriteOpen' can not be used when making a shared object; recompile with -fPIC
See https://fedoraproject.org/wiki/Changes/Harden_All_Packages .
2017-02-21 14:26:23 +01:00
Shea Levy
f7b7df8d1f
Add nix-perl package for the perl bindings
2017-02-07 15:56:32 -05:00
Shea Levy
418a837897
Remove perl dependency.
...
Fixes #341
2017-02-07 15:56:32 -05:00
Eelco Dolstra
583ff4ec46
release.nix: Drop nix-shell references
2017-01-27 16:13:22 +01:00
Eelco Dolstra
3a4bd320c2
Revert "Merge branch 'seccomp' of https://github.com/aszlig/nix "
...
This reverts commit 9f3f2e21ed
, reversing
changes made to 47f587700d
.
2016-12-19 11:52:57 +01:00
Eelco Dolstra
9f3f2e21ed
Merge branch 'seccomp' of https://github.com/aszlig/nix
2016-12-15 12:04:45 +01:00
Eelco Dolstra
d1da6967b8
Drop unused WWW::Curl dependency
2016-12-06 17:17:29 +01:00
aszlig
651a18dd24
release.nix: Add a test for sandboxing
...
Right now it only tests whether seccomp correctly forges the return
value of chown, but the long-term goal is to test the full sandboxing
functionality at some point in the future.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:34 +01:00
aszlig
1c52e344c4
Add build dependency for libseccomp
...
We're going to use libseccomp instead of creating the raw BPF program,
because we have different syscall numbers on different architectures.
Although our initial seccomp rules will be quite small it really doesn't
make sense to generate the raw BPF program because we need to duplicate
it and/or make branches on every single architecture we want to suuport.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:26 +01:00
Eelco Dolstra
21c55ab3b5
Implement backwards-compatible RemoteStore::addToStore()
...
The SSHStore PR adds this functionality to the daemon, but we have to
handle the case where the Nix daemon is 1.11.
Also, don't require signatures for trusted users. This restores 1.11
behaviour.
Fixes https://github.com/NixOS/hydra/issues/398 .
2016-11-09 18:45:06 +01:00
Eelco Dolstra
dd85fc1c5a
Drop Fedora 19/20 builds
...
These don't support regex_replace either.
2016-08-30 14:36:04 +02:00
Eelco Dolstra
042c060f78
Drop Ubuntu 13.10, 14.04 builds
...
These don't support regex_replace.
http://hydra.nixos.org/build/39363999
http://hydra.nixos.org/build/39363981
2016-08-30 13:26:08 +02:00
Eelco Dolstra
2fad86f361
Remove $NIX_DB_DIR
...
This variable has no reason to exist, given $NIX_STATE_DIR.
2016-08-10 18:05:35 +02:00
Eelco Dolstra
1b5b654fe2
Fix OOM in the installer test
...
http://hydra.nixos.org/build/36462209
2016-05-31 15:16:21 +02:00
Eelco Dolstra
0a9d627e50
Doh
2016-05-31 13:38:36 +02:00
Eelco Dolstra
88b79cd55c
Fix Debian 8 build
...
http://hydra.nixos.org/build/36462150
2016-05-31 13:37:33 +02:00
Eelco Dolstra
10f3a2e5f2
Fix clang build failure
...
Apparently opinion is divided on whether [[noreturn]] is allowed on a
lambda: http://stackoverflow.com/questions/26888805/how-to-declare-a-lambdas-operator-as-noreturn
http://hydra.nixos.org/build/36462100
2016-05-31 13:23:54 +02:00
Eelco Dolstra
75d2492f20
Make the aws-cpp-sdk dependency optional
2016-05-04 17:16:48 +02:00
Eelco Dolstra
0f4dd4417e
Merge pull request #892 from domenkozar/ubuntu1604
...
add Ubuntu 16.03 .deb builds
2016-05-02 15:36:58 +02:00
Domen Kožar
bf386de9f2
add Ubuntu 16.03 .deb builds
2016-04-29 16:11:51 +01:00
Eelco Dolstra
d155d80155
Move S3BinaryCacheStore from Hydra
...
This allows running arbitrary Nix commands against an S3 binary cache.
To do: make this a compile time option to prevent a dependency on
aws-sdk-cpp.
2016-04-21 16:08:51 +02:00
Eelco Dolstra
58e423ce32
Remove PDF manual
...
More spring cleaning.
2016-04-14 12:50:01 +02:00
Dan Peebles
c89783b6a7
Kill the temporary darwin-specific channel
...
The issues have been resolved upstream in the main nixpkgs channel now
2016-03-28 20:06:46 -04:00
Eelco Dolstra
7251a81bde
Drop all distros that are not down with C++11
2016-02-17 13:36:56 +01:00
Eelco Dolstra
da4495eb17
Fix eval
2016-01-20 00:26:51 +01:00
Eelco Dolstra
9fff492561
Add tests for Nixpkgs/NixOS evaluation
2016-01-19 21:10:32 +01:00
Eelco Dolstra
4202b17666
Temporarily do Darwin builds from a different Nixpkgs branch
2016-01-08 10:48:48 +01:00
Eelco Dolstra
10a6aa3ad4
Revert accidental disable of doInstallCheck
2016-01-07 16:05:02 +01:00
Eelco Dolstra
458711e4ee
Fix "Bad address" executing build hook
...
This was observed in the deb_debian7x86_64 build:
http://hydra.nixos.org/build/29973215
Calling c_str() on a temporary should be fine because the temporary
shouldn't be destroyed until after the execl() call, but who knows...
2016-01-07 15:10:14 +01:00
Jim Garrison
b07b3b0264
Make Debian package depend on libcurl3-nss
...
Otherwise nix-env fails to start if it is not installed
2015-12-14 19:42:42 -08:00
Eelco Dolstra
399397c907
Fix coverage build
2015-12-10 11:47:34 +01:00
Eelco Dolstra
efd6a8c9f6
Fix Ubuntu/Debian/Fedora builds
2015-11-25 16:12:30 +01:00
Eelco Dolstra
27d6ed5c68
Remove sandboxProfile from release.nix
...
There is really no conceivable reason why building Nix would need
access to the host's nix.conf. If it does, it's a bug, and we should
fix that instead.
2015-11-25 14:45:27 +01:00
Jude Taylor
279fa8f618
reintroduce host deps in tandem with sandbox profiles
2015-11-21 15:57:06 -08:00
Jude Taylor
4876bb012e
simplify build permissions
2015-11-14 14:11:03 -08:00
Jude Taylor
22dfd023fa
update sandbox profiles within nix
2015-11-14 14:11:03 -08:00
Eelco Dolstra
b83fb35f79
Fix tarball build
...
Fixes #671 .
2015-10-31 01:31:07 +01:00
Eelco Dolstra
1f735a3440
<nix/fetchurl.nix>: Support xz-compressed NARs
2015-10-30 12:34:30 +01:00
John Ericson
a7dd26961d
Don't depend on git when generating source tarball
2015-10-15 11:53:45 -07:00
John Ericson
164487a5ba
Simplify source tarball postUnpack cleanupx
2015-10-15 11:42:24 -07:00
Vladimír Čunát
fd74296e2f
release: fix #652 - PDF build after dblatex updates
...
... while not changing behavior when used with older nixpkgs.
2015-09-25 12:48:35 +02:00
Eelco Dolstra
0d4d92fcf9
Debian package: Declare runtime dependency on libsodium13
...
Fixes #558 .
2015-06-17 10:33:51 +02:00
Eelco Dolstra
898703e006
Build against libsodium on Ubuntu 15.04 and Debian 8
2015-06-02 13:14:31 +02:00
Benjamin Staffin
07c69aa03b
Add Debian 8.0 builds
...
Change-Id: I68a54a0c3f97da2d062f43b638de817fd40f2dcd
2015-05-29 11:54:37 +02:00
Eelco Dolstra
b2798902ea
Build on Ubuntu 15.04
2015-05-22 13:32:03 +02:00
Eelco Dolstra
be1ff23352
Add dependency on libcurl-dev
...
http://hydra.nixos.org/eval/1179370
2015-03-27 12:27:36 +01:00
Eelco Dolstra
5114a07d95
Improve setting the default chroot dirs
2015-03-24 11:57:46 +01:00