Commit graph

11337 commits

Author SHA1 Message Date
Greg Price
26851dd2c2 installer: Set files read-only when copying into store
After installing Nix, I found that all the files and directories
initially copied into the store were writable, with mode 644 or 755:

  drwxr-xr-x 9 root root 4096 Dec 31  1969 /nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3

The reason is that that's how they were in the unpacked tarball, and
the install-multi-user script used `rsync -p` without doing anything
else to affect the permissions.

The plain `install` script for a single-user install takes care to
do a `chmod -R a-w` on each store path copied.  We could do the same
here with one more command; or we can pass `--chmod` to rsync, to
have it write the files with the desired modes in the first place.

Tested the new `rsync` command on both a Linux machine with a
reasonably-modern rsync (3.1.3) and a Mac with its default, ancient,
rsync 2.6.9, and it works as expected on both.  Thankfully the latter
is just new enough to have `--chmod`, which dates to rsync 2.6.7.
2020-03-22 23:07:20 -07:00
Ben Burdette
f694f43d7d straightforward port of rust mockup code 2020-03-22 12:25:47 -06:00
Domen Kožar
7bc1961e1f
Merge pull request #3431 from pmiddend/install-script-test-for-xz
installer: also test for xz to unpack
2020-03-21 10:40:16 +01:00
Philipp Middendorf
9450dece24 installer: also test for xz to unpack 2020-03-21 09:31:39 +01:00
Daiderd Jordan
2e9bc1245c
sandbox: fix /bin/sh on catalina
Sadly 10.15 changed /bin/sh to a shim which executes bash, this means it
can't be used anymore without also opening up the sandbox to allow bash.

    Failed to exec /bin/bash as variant for /bin/sh (1: Operation not permitted).
2020-03-20 22:12:30 +01:00
Daiderd Jordan
f6c122aaeb
sandbox: allow pty devices
Nix now runs builds with a pseudo-terminal to enable colored build
output.
2020-03-20 21:58:45 +01:00
Daiderd Jordan
7f2df903d9
libstore: relax default sandbox-paths on darwin 2020-03-20 21:31:20 +01:00
Daiderd Jordan
afb78ebd34
libstore: disable resolve-system-dependencies hook
This is used to determine the dependency tree of impure libraries so nix
knows what paths to open in the sandbox.  With the less restrictive
defaults it isn't needed anymore.
2020-03-20 21:21:56 +01:00
Eelco Dolstra
4e67f89f38 Fix GitHub VM test 2020-03-20 15:03:18 +01:00
Eelco Dolstra
bc5d4843a9 Fix coverage job 2020-03-20 13:39:39 +01:00
Eelco Dolstra
1537e270fb Merge remote-tracking branch 'origin/master' into flakes 2020-03-20 13:15:11 +01:00
Eelco Dolstra
1e6e673eb7 flake.nix: Switch to 20.03 2020-03-20 13:09:20 +01:00
Eelco Dolstra
4ef43198f3
Merge pull request #3426 from jakobrs/remote-gc-delete-opt
Remove the --delete option for --gc. Fixes #3343
2020-03-20 09:34:20 +01:00
John Ericson
e317324236
Apply suggestions from code review 2020-03-19 23:38:51 -04:00
John Ericson
d5b3328dd1
Apply suggestions from code review
Co-Authored-By: Cole Helbling <cole.e.helbling@outlook.com>
2020-03-19 23:37:52 -04:00
jakobrs
c5a488afc0 Remove the --delete option for --gc
Running `nix-store --gc --delete` will, as of Nix 2.3.3, simply fail
because the --delete option conflicts with the --delete operation.

  $ nix-store --gc --delete
  error: only one operation may be specified
  Try 'nix-store --help' for more information.

Furthermore, it has been broken since at least Nix 0.16 (which was
released sometime in 2010), which means that any scripts which depend
on it should have been broken at least nine years ago. This commit
simply formally removes the option. There should be no actual difference
in behaviour as far as the user is concerned: it errors with the exact
same error message. The manual has been edited to remove any references
to the (now gone) --delete option.

Other information:
* Path for Nix 0.16 used:
  /nix/store/rp3sgmskn0p0pj1ia2qwd5al6f6pinz4-nix-0.16
2020-03-19 19:41:23 +01:00
John Ericson
f1cf3ab870 hashDerivationModulo: Generalize for multiple fixed ouputs per drv
See documentattion in header and comments in implementation for details.

This is actually done in preparation for floating ca derivations, not
multi-output fixed ca derivations, but the distinction doesn't yet
mattter.

Thanks @cole-h for finding and fixing a bunch of typos.
2020-03-19 10:30:49 -04:00
Eelco Dolstra
ef74fafc03
nix repl: Put EvalState on the heap
See 0629601da1.
2020-03-19 13:52:28 +01:00
Eelco Dolstra
b244e65cdb
nix repl: Scan NixRepl for GC roots
Fixes #3175.
2020-03-19 13:50:01 +01:00
Eelco Dolstra
8aa354fdfd
Register flake-registry.json as a GC root again 2020-03-19 11:45:34 +01:00
Eelco Dolstra
1c127e6a82
downloadFile(): Use expired file if the download fails 2020-03-19 11:42:50 +01:00
John Ericson
049179ba07
Fix typos
Thanks @asymmetric

I failed to do them all in one batch

Co-Authored-By: asymmetric <lorenzo@mailbox.org>
2020-03-18 19:07:05 -04:00
Eelco Dolstra
f6ddf48882
Get rid of downloadCached()
Everything uses the generic caching system now.
2020-03-18 17:24:19 +01:00
Eelco Dolstra
c5ec95e2c7
tarball.cc: Use ETags 2020-03-18 15:14:23 +01:00
Eelco Dolstra
1b49479836
Remove flake closure caching
This is not compatible with lazy flake input fetching.
2020-03-18 14:11:58 +01:00
Eelco Dolstra
1e7ce1d6da
tarball / github fetchers: Use generic caching system 2020-03-18 14:08:25 +01:00
Eelco Dolstra
38e360154d
Git: Use unified caching system 2020-03-17 22:35:29 +01:00
Eelco Dolstra
d1165d8791
Require shallow clones to be requested explicitly
If you do a fetchTree on a Git repository, whether the result contains
a revCount attribute should not depend on whether that repository
happens to be a shallow clone or not. That would complicate caching a
lot and would be semantically messy. So applying fetchTree/fetchGit to
a shallow repository is now an error unless you pass the attribute
'shallow = true'. If 'shallow = true', we don't return revCount, even
if the repository is not actually shallow.

Note that Nix itself is not doing shallow clones at the moment. But it
could do so as an optimisation if the user specifies 'shallow = true'.

Issue #2988.
2020-03-17 22:35:29 +01:00
Eelco Dolstra
2a4e4f6a6e
Unified fetcher caching system 2020-03-17 22:35:29 +01:00
John Ericson
e5178fd22d
Fix typos
Thanks @asymmetric!

Co-Authored-By: asymmetric <lorenzo@mailbox.org>
2020-03-16 16:40:13 -04:00
Eelco Dolstra
fbcb897e21
Add a test for shallow Git clones
Also, don't return a revCount anymore for shallow or dirty Git trees,
since it's incorrect.

Closes #2988.
2020-03-16 13:20:32 +01:00
Eelco Dolstra
34c7645a58
Fix re-running the fetchGit.sh test 2020-03-16 12:30:11 +01:00
John Ericson
2be64efb02 Generalize isFixedOutput in preparation for CA drvs
Today's fixed output derivations and regular derivations differ in a few
ways which are largely orthogonal. This replaces `isFixedOutput` with a
`type` that returns an enum of possible combinations.
2020-03-15 11:05:37 -04:00
Eelco Dolstra
b79b81dd2d
Merge pull request #3413 from Ericson2314/include-regex
Add missing `#include <regex>`
2020-03-14 09:25:06 +01:00
John Ericson
68fe0d9809 Add missing #include <regex> 2020-03-13 21:24:35 -04:00
Eelco Dolstra
779ef8f5ef
Merge pull request #3380 from contrun/no-attr-path-for-installed
display attr-path only when queried available
2020-03-13 19:26:20 +01:00
Eelco Dolstra
59c37112a9 README.md: Remove reference to OpenSSL
The OpenSSL files were removed in a6ca68a70c.

https://salsa.debian.org/debian/nix/issues/3
2020-03-13 18:42:53 +01:00
Eelco Dolstra
7304f9f145 Merge remote-tracking branch 'origin/master' into flakes 2020-03-13 18:36:47 +01:00
Eelco Dolstra
5392884eb1 Remove the 'release' job
Unless the 'tested' job in the Nixpkgs/NixOS jobsets, this job isn't
actually used for anything (e.g. we don't update a channel based on
whether 'release' succeeds).
2020-03-13 18:34:10 +01:00
Eelco Dolstra
db34445c5e Build vendoredCrates in the overlay
This makes it build on non-x86_64-linux systems (needed in GitHub
actions).
2020-03-13 18:31:16 +01:00
Eelco Dolstra
3e1abf4f05 Merge remote-tracking branch 'origin/master' into flakes 2020-03-13 18:28:01 +01:00
Eelco Dolstra
a692f90c80
Merge pull request #3410 from edolstra/no-tarball
Remove the tarball job
2020-03-13 18:20:09 +01:00
Eelco Dolstra
7c39201bcb
Remove the tarball job
Source tarballs are not very useful anymore. People who want to build
from source can also just build from the Git repository. Once upon a
time, the source tarball also saved users from needing a few
dependencies (e.g. bison and flex) but those are dwarfed by the other
dependencies, so it's no longer worth it.

Note: the release script should be updated to copy the vendoredCrates
tarball.
2020-03-13 18:05:22 +01:00
YI
b6d794fb8d display attr-path only when queried available 2020-03-14 00:36:26 +08:00
Eelco Dolstra
073650db01 Do a deep fetch
Currently the build fails with

  warning: reject refs/heads/HEAD because shallow roots are not allowed to be updated
  error: Could not read 0c2088d438
  fatal: Failed to traverse parents of commit ea1803efdc
  error: program 'git' failed with exit code 128
2020-03-13 17:25:47 +01:00
Eelco Dolstra
ea1803efdc Run checks 2020-03-13 17:13:54 +01:00
Eelco Dolstra
0c2088d438 Merge remote-tracking branch 'origin/master' into flakes 2020-03-13 17:03:30 +01:00
Eelco Dolstra
eab7d790a3
Merge pull request #3409 from NixOS/github-actions
Add CI with github actions
2020-03-13 16:53:35 +01:00
Eelco Dolstra
c0a3ff7d47
Fix macOS 2020-03-13 16:39:35 +01:00
Eelco Dolstra
858ad7a4b3 Remove callout graphics
Fixes #3396.
2020-03-13 16:32:43 +01:00