max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-10 08:16:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
17740 commits 7 branches 0 tags 62 MiB
Commit graph

17740 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robert Hensing
3e424b1040 Merge branch 'nix-shell-lookup-shell-nix' into more-nix-shell 2024-07-07 14:16:15 +02:00
Robert Hensing
e1106b45a3 tests/functional/nix-shell.sh: Fix Polo test for VM test 
It is unclear to me why this worked when not in a VM test, but the
explanation would be in the part of nix-shell we're getting rid of
with the devShell attribute.
 2024-07-07 13:03:19 +02:00
Robert Hensing
0f8a655023 tests/functional/shell.nix: Implement runHook for dummy stdenv 2024-07-07 13:02:21 +02:00
Robert Hensing
c4a20a4101 rl-next: Add note about shell.nix lookups 2024-07-07 01:22:00 +02:00
Robert Hensing
2f1fada76b Add legacy setting: nix-shell-always-looks-for-shell-nix 2024-07-07 01:22:00 +02:00
Robert Hensing
73602a7c6f nix-shell: Look for shell.nix when directory is specified 2024-07-07 01:22:00 +02:00
Robert Hensing
63262e78c7 Add opt-out: nix-shell-shebang-arguments-relative-to-script 2024-07-07 00:55:33 +02:00
Robert Hensing
4c59d6e9f5 Merge branch 'nix-shell-lookup-shell-nix' into more-nix-shell 2024-07-07 00:27:07 +02:00
Robert Hensing
6959ac157b rl-next: Add note about shell.nix lookups 2024-07-07 00:25:56 +02:00
Robert Hensing
6c6d5263e2 Add legacy setting: nix-shell-always-looks-for-shell-nix 2024-07-07 00:25:56 +02:00
Robert Hensing
f5b59fbc64 Fix and extend nix-shell baseDir test 2024-07-07 00:23:22 +02:00
Robert Hensing
d5854f33e2 rl-next: Typo 2024-07-07 00:18:26 +02:00
Robert Hensing
8838f5c746 Merge remote-tracking branch 'matthewbauer/nix-shell-relative-shebang' into more-nix-shell 2024-07-07 00:18:03 +02:00
Robert Hensing
afbe7c3d08 rl-next: Enter PR 2024-07-06 23:15:01 +02:00
Robert Hensing
b865625a8e nix-shell: Look for shell.nix when directory is specified 2024-07-06 23:05:34 +02:00
Robert Hensing
a22f8b5276 rl-next: Add note about shell.nix lookups 2024-07-06 23:05:34 +02:00
Robert Hensing
32fb127b9c Add legacy setting: nix-shell-always-looks-for-shell-nix 2024-07-06 23:05:34 +02:00
Robert Hensing
76245ffbeb nix-build.cc: Refactor: extract sourcePath, resolvedPath variables 2024-07-06 20:55:27 +02:00
Robert Hensing
e9479b272f nix-build.cc: Refactor: extract baseDir variable 2024-07-06 20:51:45 +02:00
Robert Hensing
5c367ece89 Refactor: rename left -> remainingArgs 2024-07-06 20:03:30 +02:00
Robert Hensing
13181356fc Refactor: rename runEnv -> isNixShell 2024-07-06 20:01:46 +02:00
Robert Hensing
896eb7a44b
Merge pull request #11034 from obsidiansystems/meson-nix 
Package libnixmain and libnixcmd with Meson
 2024-07-06 01:26:59 +02:00
John Ericson
3acf3fc746 Package libnixmain and libnixcmd with Meson 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-07-05 16:40:55 -04:00
Robert Hensing
0b901e10ee
Merge pull request #11050 from hercules-ci/issue-10677 
Explain when `man` is missing
 2024-07-05 22:25:38 +02:00
John Ericson
ff9b6d0e1f
Merge pull request #11037 from fricklerhandwerk/document-config-parsing 
use self-descriptive name for config file parser, document
 2024-07-05 15:21:26 -04:00
Eelco Dolstra
d5461b9009
Merge pull request #11051 from Mic92/fix-prefetch 
src/nix/prefetch: fix prefetch containing current directory instead o…
 2024-07-05 20:33:05 +02:00
Robert Hensing
ddff76f667
Merge pull request #10973 from NixOS/meson-libexpr 
Meson build for libexpr libflake, external C API, unit tests
 2024-07-05 20:27:12 +02:00
Jörg Thalheim
05381c0b30
Update src/nix/prefetch.cc 
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
 2024-07-05 19:45:03 +02:00
Jörg Thalheim
8cea1fbd97 src/nix/prefetch: fix prefetch containing current directory instead of tarball 
When --unpack was used the nix would add the current directory to the
nix store instead of the content of unpacked.
The reason for this is that std::distance already consumes the iterator.
To fix this we re-instantiate the directory iterator in case the
directory only contains a single entry.
 2024-07-05 19:18:49 +02:00
Robert Hensing
6ef00a503a Explain when man is missing 
Have you seen this man?

Fixes #10677
 2024-07-05 19:18:23 +02:00
Eelco Dolstra
8f280d72ff
Merge pull request #11019 from DeterminateSystems/fix-failed-to-open-archive 
Tarball fetcher: Fix handling of cached tarballs
 2024-07-05 17:10:02 +02:00
Robert Hensing
a476383f46
Merge pull request #11031 from emilazy/push-xsrvoyspsvqx 
libstore: fix sandboxed builds on macOS
 2024-07-05 17:08:39 +02:00
Eelco Dolstra
98bef7c38e
Merge pull request #11035 from siddhantk232/refactor 
Factor duplicate code into util function `append`
 2024-07-05 16:34:23 +02:00
Eelco Dolstra
61e1880847
Merge pull request #11041 from hercules-ci/trace-nix-env-attribute-names 
getDerivations: add attributes to trace
 2024-07-05 16:32:27 +02:00
Eelco Dolstra
e1b6b3ce27
Merge pull request #11020 from DeterminateSystems/fix-tarball-caching 
Tarball fetcher: Fix fetchToStore() and eval caching
 2024-07-05 16:30:12 +02:00
Eelco Dolstra
e7e070d36b Document 2024-07-05 16:29:16 +02:00
Robert Hensing
09763c7cad getDerivations: add attributes to trace 
This improves the error message of nix-env -qa, among others, which
is crucial for understanding some ofborg eval error reports, such as
https://gist.github.com/GrahamcOfBorg/89101ca9c2c855d288178f1d3c78efef

After this change, it will report the same trace, but also start with

```
error:
       … while evaluating the attribute 'devShellTools'

       … while evaluating the attribute 'nixos'

       … while evaluating the attribute 'docker-tools-nix-shell'

       … while evaluating the attribute 'aarch64-darwin'

       … from call site
         at /home/user/h/nixpkgs/outpaths.nix:48:6:
           47|   tweak = lib.mapAttrs
           48|     (name: val:
             |      ^
           49|       if name == "recurseForDerivations" then true

<same>
```
 2024-07-05 15:30:07 +02:00
John Ericson
e4056b9afd
Apply suggestions from code review 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-07-04 17:48:27 -04:00
Emily
af2e1142b1 libstore: fix sandboxed builds on macOS 
The recent fix for CVE-2024-38531 broke the sandbox on macOS
completely. As it’s not practical to use `chroot(2)` on
macOS, the build takes place in the main filesystem tree, and the
world‐unreadable wrapper directory prevents the build from accessing
its `$TMPDIR` at all.

The macOS sandbox probably shouldn’t be treated as any kind of a
security boundary in its current state, but this specific vulnerability
wasn’t possible to exploit on macOS anyway, as creating `set{u,g}id`
binaries is blocked by sandbox policy.

Locking down the build sandbox further may be a good idea in future,
but it already has significant compatibility issues. For now, restore
the previous status quo on macOS.

Thanks to @alois31 for helping me come to a better understanding of
the vulnerability.

Fixes: 1d3696f0fb
Closes: #11002
 2024-07-04 16:28:37 +01:00
Emily
76e4adfaac libstore: clean up the build directory properly 
After the fix for CVE-2024-38531, this was only removing the nested
build directory, rather than the top‐level temporary directory.

Fixes: 1d3696f0fb
 2024-07-04 16:22:02 +01:00
Valentin Gagarin
c66079f1e8 use self-descriptive name for config file parser, document 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-07-04 10:36:48 +02:00
siddhantCodes
976c05879f factor duplicate code into util function append 2024-07-04 11:09:23 +05:30
Eelco Dolstra
5b4102c3b2 Tarball fetcher: Include revCount/lastModified in the fingerprint 
This can influence the evaluation result so they should be included in
the fingerprint.
 2024-07-03 22:05:45 +02:00
John Ericson
509be0e77a
Merge pull request #11022 from obsidiansystems/fix-openbsd-socket-peercred 
Use proper struct sockpeercred for SO_PEERCRED for OpenBSD
 2024-07-03 11:56:39 -04:00
kn
10ccdb7a41 Use proper struct sockpeercred for SO_PEERCRED for OpenBSD 
getsockopt(2) documents this;  ucred is wrong ("cr_" member prefix, no pid).
 2024-07-03 11:16:39 -04:00
John Ericson
a09360400b Ident some CPP in nix daemon 
Makes it easier for me to read.
 2024-07-03 11:15:56 -04:00
Eelco Dolstra
1ff186fc6e nix flake metadata: Show flake fingerprint 
This is useful for testing/debugging and maybe for sharing eval caches
(since it tells you what file in ~/.cache/nix/eval-cache-v5 to copy).
 2024-07-03 17:00:30 +02:00
Eelco Dolstra
9d95c228ee Tarball fetcher: Fix fetchToStore() and eval caching 2024-07-03 16:50:45 +02:00
John Ericson
30de61f16d
Merge pull request #11018 from siddhantk232/canonpath-fs-sink 
Use `CanonPath` in `fs-sink.hh`
 2024-07-03 10:36:18 -04:00
Eelco Dolstra
8bdd0ecd80 Add a test 2024-07-03 15:57:05 +02:00