Théophane Hufschmitt
686405ef41
Fix sudo in the darwin installer ( #10128 )
2024-03-06 22:36:37 +01:00
Robert Hensing
2a34510776
package.nix: Apply OBJC_DISABLE_INITIALIZE_FORK_SAFETY workaround
...
This was previously already used in the launchd configuration for
nix-daemon.
(cherry picked from commit 855741aea57cd413a5da524169794a6790162d18)
2024-03-06 22:07:05 +01:00
Théophane Hufschmitt
67f95755d6
Merge pull request #10155 from NixOS/warn-against-changing-profile-version-number
...
Add a warning against carelessly changing the profile version number
2024-03-06 06:43:36 +01:00
Théophane Hufschmitt
0d26358bda
Merge pull request #10151 from edolstra/fix-lstat-cache
...
PosixSourceAccessor::cachedLstat(): Use absolute path
2024-03-05 08:59:30 +01:00
Théophane Hufschmitt
7161ef14a2
Add a warning against carelessly changing the profile version number
...
Try and prevent the situation of https://github.com/NixOS/nix/issues/10109 to happen again in the future
2024-03-05 08:07:58 +01:00
Théophane Hufschmitt
e164b39ee9
Merge pull request #9920 from 9999years/forbid-nested-debuggers
...
Forbid nested debuggers
2024-03-05 06:58:29 +01:00
Eelco Dolstra
0e07f81d2b
Fetcher cleanups
...
* Convert all InputScheme::fetch() methods to getAccessor().
* Add checkLocks() method for checking lock attributes.
* Rename fetch() to fetchToStore().
2024-03-04 22:24:55 +01:00
Eelco Dolstra
4967c5ff6b
Fix macOS build
2024-03-04 22:24:12 +01:00
Eelco Dolstra
9ee590e113
PosixSourceAccessor::cachedLstat(): Use absolute path
...
Using the relative path can cause collisions between cache entries for
PosixSourceAccessors with different roots.
2024-03-04 21:54:35 +01:00
Eelco Dolstra
6b976a1898
Merge pull request #10143 from fricklerhandwerk/test-help
...
add tests for showing help
2024-03-04 20:29:03 +01:00
Eelco Dolstra
32bf39c73a
nix flake metadata: Don't show locked URL if it's not locked
...
This is the case for e.g. dirty Git workdirs, where we would get
$ nix flake metadata
Resolved URL: git+file:///home/eelco/Dev/nix-master
Locked URL: git+file:///home/eelco/Dev/nix-master
2024-03-04 19:37:43 +01:00
Eelco Dolstra
2306e96767
nix profile upgrade: Always upgrade unlocked flakerefs
...
The "lockedRef" field is a misnomer, since it can be unlocked
(e.g. for a dirty Git workdir). In that case, `nix profile upgrade`
needs to assume that the package can have changed, and perform an
upgrade.
2024-03-04 19:30:38 +01:00
Valentin Gagarin
8d23847571
fix indentation
...
Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2024-03-04 19:25:44 +01:00
Valentin Gagarin
8a6ef3bae5
less scary jq
...
Co-authored-by: Théophane Hufschmitt <7226587+thufschmitt@users.noreply.github.com>
2024-03-04 19:25:28 +01:00
Eelco Dolstra
6558da45f5
LockedFlake::getFingerprint(): Use Input::getFingerprint()
2024-03-04 19:22:23 +01:00
Eelco Dolstra
29049d2653
Implement getFingerprint() for store paths
2024-03-04 19:21:31 +01:00
Rebecca Turner
2e8f4faa10
Fix build
...
Not sure why that was giving a duplicate symbol error, or why marking it
inline fixes it. Here it is!
2024-03-04 09:32:06 -08:00
Rebecca Turner
14b0356dc5
Forbid nested debuggers
2024-03-04 09:24:57 -08:00
Rebecca Turner
4ee5433919
Add release note
2024-03-04 09:24:56 -08:00
Valentin Gagarin
4b15ca2ffb
add tests for showing help
2024-03-04 16:14:00 +01:00
Théophane Hufschmitt
eaa6c26189
Merge pull request #10088 from edolstra/flake-source-path
...
Use SourcePath for reading flake.{nix,lock}
2024-03-04 14:40:40 +01:00
Théophane Hufschmitt
7764edf0e4
Merge pull request #10078 from szlend/fix-macos-local-network-sandbox
...
Fix `__darwinAllowLocalNetworking` sandbox
2024-03-04 14:34:57 +01:00
Eelco Dolstra
438855952b
Merge pull request #10122 from edolstra/arg-from-file
...
Add --arg-from-file and --arg-from-stdin
2024-03-04 13:29:58 +01:00
Eelco Dolstra
cbfd211b39
Fix build
2024-03-04 12:49:32 +01:00
Eelco Dolstra
e6b9432542
Add release note
2024-03-04 12:48:21 +01:00
Théophane Hufschmitt
8a9eec375c
Merge pull request #10073 from olmokramer/nix-flake-update-multiple-inputs
...
Accept multiple inputs in `nix flake update`
2024-03-04 09:13:26 +01:00
Eelco Dolstra
75c5e1a5cc
Merge pull request #10126 from lf-/jade/kill-ndebug
...
Ban building Nix with NDEBUG
2024-03-03 20:01:12 +01:00
Eelco Dolstra
fa17ec6b3e
Merge pull request #10130 from tweag/remove-autoconf-gen-files
...
Remove and gitignore the autoreconf generated files
2024-03-03 19:58:22 +01:00
Eelco Dolstra
dfb05f3957
Merge pull request #10129 from NixOS/fix-docker-push
...
Fix the docker push job
2024-03-03 19:57:23 +01:00
Olmo Kramer
b1ad729add
Add test for nix flake update
with multiple inputs
2024-03-03 13:59:39 +01:00
Jade Lovelace
2625e9fb0a
Ban building Nix with NDEBUG
...
When reviewing old PRs, I found that #9997 adds some code to ensure one
particular assert is always present. But, removing asserts isn't
something we do in our own release builds either in the flake here or in
nixpkgs, and is plainly a bad idea that increases support burden,
especially if other distros make bad choices of build flags in their Nix
packaging.
For context, the assert macro in the C standard is defined to do nothing
if NDEBUG is set.
There is no way in our build system to set -DNDEBUG without manually
adding it to CFLAGS, so this is simply a configuration we do not use.
Let's ban it at compile time.
I put this preprocessor directive in src/libutil.cc because it is not
obvious where else to put it, and it seems like the most logical file
since you are not getting a usable nix without it.
2024-03-02 11:22:46 -08:00
Ivan Shapovalov
c6f0407103
libutil/terminal: cache isTTY()
2024-03-02 16:32:04 +01:00
Ivan Shapovalov
8c1eeb4681
treewide: shouldANSI() -> isTTY()
2024-03-02 16:32:04 +01:00
Ivan Shapovalov
d9fc4bf5c5
treewide: replace usages of isatty(STDERR_FILENO) with shouldANSI()
2024-03-02 16:32:04 +01:00
Ivan Shapovalov
950b6401f9
libmain/progress-bar: try harder to avoid escape sequences if !isTTY
2024-03-02 16:31:51 +01:00
Théophane Hufschmitt
2f0bc6373c
Don't fail if a flakeref directly points to the flake.nix
...
Just warn and redirect it to the parent directory
2024-03-02 10:34:20 +01:00
Théophane Hufschmitt
11a1dcc43b
Properly fail on flakerefs that don't point to a directory
...
Directly fail if a flakeref points to something that isn't a directory
instead of falling back to the logic of trying to look up the hierarchy
to find a valid flake root.
Fix https://github.com/NixOS/nix/issues/9868
2024-03-02 10:24:20 +01:00
Théophane Hufschmitt
f8dc9bc563
Remove and gitignore the autoreconf generated files
...
No need to have them checked-in since we require running `autoreconf`
when building, and these are regenerated by the `autoreconf` script.
2024-03-02 10:18:47 +01:00
Théophane Hufschmitt
089d91ed4c
Fix the docker push job
...
After https://github.com/NixOS/nix/pull/10071 , the CI was trying to push
ghcr.io/nixos/nix:master for backwards-compatibility, but the image was
not tagged as such, causing the job to fail.
Fix this.
2024-03-02 09:00:42 +01:00
Théophane Hufschmitt
75101396dc
Merge pull request #10117 from med8bra/doc-xp-feature-issues
...
doc(xp-feature): add issue url in experimental feature details
2024-03-02 08:59:12 +01:00
med8bra
1bc89b588b
doc(xp-feature): add issue url in experimental feature details
2024-03-02 03:51:12 +01:00
Eelco Dolstra
ba9b6b29b7
Merge pull request #10111 from obsidiansystems/git-objects
...
Support symlinks properly with `git-hashing` experimental feature
2024-03-01 15:00:43 +01:00
Eelco Dolstra
8ce1f6800b
Add --arg-from-stdin to read an argument from stdin
2024-03-01 14:39:42 +01:00
Eelco Dolstra
291b10c607
Add --arg-from-file for reading a string from a file
2024-03-01 14:35:27 +01:00
Eelco Dolstra
d72ee91d07
Clean up --arg processing
2024-03-01 14:14:14 +01:00
Théophane Hufschmitt
cd9baa1809
Add release notes
2024-03-01 09:39:50 +01:00
Théophane Hufschmitt
65b79c52c6
Fix a typo in a test comment
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-03-01 09:31:28 +01:00
Théophane Hufschmitt
c3878f510e
Copy the output of fixed-output derivations before registering them
...
It is possible to exfiltrate a file descriptor out of the build sandbox
of FODs, and use it to modify the store path after it has been
registered.
To avoid that issue, don't register the output of the build, but a copy
of it (that will be free of any leaked file descriptor).
2024-03-01 09:31:28 +01:00
Théophane Hufschmitt
a55c6a0f47
Add a NixOS test for the sandbox escape
...
Test that we can't leverage abstract unix domain sockets to leak file
descriptors out of the sandbox and modify the path after it has been
registered.
2024-03-01 09:31:28 +01:00
Théophane Hufschmitt
bf48501194
Merge pull request #10112 from edolstra/fix-gcc12-warnings
...
Fix gcc 12 warnings
2024-02-29 15:55:59 +01:00