regnat
703c98c6cb
Properly sign the unresolved drvs
...
Don't let them inherit the signature from the parent one (because it
makes no sense to do so), but re-sign them after they have been built
2021-03-15 16:35:17 +01:00
regnat
54ced9072b
Check the signatures when copying store paths around
...
Broken atm
2021-03-15 16:35:14 +01:00
regnat
3e6017f911
pathInfoIsTrusted -> pathInfoIsUntrusted
...
I guess the rationale behind the old name wath that
`pathInfoIsTrusted(info)` returns `true` iff we would need to `blindly`
trust the path (because it has no valid signature and `requireSigs` is
set), but I find it to be a really confusing footgun because it's quite
natural to give it the opposite meaning.
2021-03-15 16:34:49 +01:00
regnat
826877cabf
Add some logic for signing realisations
...
Not exposed anywhere, but built realisations are now signed (and this
should be forwarded when copy-ing them around)
2021-03-15 16:34:49 +01:00
Eelco Dolstra
306c154632
Merge pull request #4592 from NixOS/ca/remote-cache
...
Substitute content-addressed derivations
2021-03-15 16:22:42 +01:00
Travis A. Everett
0431cf6d09
fix nixbld user name/uid for macOS
2021-03-11 10:16:34 -06:00
Domen Kožar
8127094f76
Merge pull request #4577 from abathur/simplify_install_tests
...
simplify changing cachix cache for install tests
2021-03-11 15:32:13 +00:00
Eelco Dolstra
3bb1becdbb
Merge pull request #4566 from orbekk/master
...
Add support for bare git repositories when using git+file
2021-03-11 10:38:07 +01:00
Yorick van Pelt
8a0c00b856
Use libarchive for all compression
2021-03-10 22:34:29 +01:00
Matthew Bauer
d5fd0f4745
Merge branch 'master' into cross-jobs
2021-03-09 11:40:16 -06:00
regnat
89013bdd7e
Add a nix realisation
command for working on realisations
...
Currently only has `nix realisation info`, more to come probably
2021-03-09 10:16:44 +01:00
Eelco Dolstra
1c0e3e453d
Merge pull request #4601 from lovesegfault/fix-4598
...
nix-build: check that envCommand exists
2021-03-08 10:13:39 +01:00
Eelco Dolstra
8ce2045ecc
Merge pull request #4614 from abathur/patch-1
...
remove doc for obsolete --no-build-hook flag
2021-03-08 10:07:17 +01:00
Eelco Dolstra
c5a232dda7
Merge pull request #4615 from NixOS/nix-show-stats-with-nix-cmd
...
Make NIX_SHOW_STATS work with new-style commands
2021-03-08 09:56:59 +01:00
Travis A. Everett
ac8ba2eae4
remove doc for obsolete --no-build-hook flag
...
`--no-build-hook` appears to have been removed in 25f32625e2
2021-03-06 19:51:29 -06:00
Eelco Dolstra
52b6e0f837
Merge pull request #4606 from obsidiansystems/avoid-stringify-store-path
...
Avoid some StorePath -> Path -> StorePath roundtrips
2021-03-05 11:18:14 +01:00
Bernardo Meurer
6e849e3b0a
nix-build: set execfail
...
When starting a nix-shell with `-i` it was previously possible for it to
silently fail in the scenario where the specified interpreter didn't
exist. This happened due to the `exec` call masking the issue.
With this change we enable `execfail`, which causes the script using
`nix-shell` as interpreter to correctly exit with code 127.
Fixes : #4598
2021-03-04 18:54:45 -08:00
John Ericson
6212e89bf6
Avoid some StorePath -> Path -> StorePath roundtrips
...
There were done when StorePath was defined in Rust and there were some
FFI issues. This is no longer an issue.
2021-03-05 00:49:46 +00:00
DavHau
e16431b466
improve man page for nix.conf (builders)
2021-03-04 16:14:23 +07:00
Eelco Dolstra
665d4ec2da
nix repl :doc: Don't return docs for partially applied primops
...
This gives misleading results for Nixpkgs functions like lib.toUpper.
Fixes #4596 .
2021-03-03 17:52:57 +01:00
Eelco Dolstra
1b2f5786d1
Merge pull request #4595 from dramforever/fetcher-http-redirect
...
libfetchers/tarball: Lock on effectiveUrl
2021-03-02 16:38:19 +01:00
regnat
7331da99ab
Make NIX_SHOW_STATS work with new-style commands
2021-03-02 14:59:12 +01:00
dramforever
fc6bfb261d
libfetchers/tarball: Lock on effectiveUrl
...
Basically, if a tarball URL is used as a flake input, and the URL leads
to a redirect, the final redirect destination would be recorded as the
locked URL.
This allows tarballs under https://nixos.org/channels to be used as
flake inputs. If we, as before, lock on to the original URL it would
break every time the channel updates.
2021-03-02 21:56:50 +08:00
John Ericson
7ce10924c7
Fix bad wanted output error as requested
...
- UsageError -> Error
- include drv path too
2021-03-01 15:07:09 +00:00
Kjetil Orbekk
92a234322f
Add test for git+file with bare repository
2021-03-01 09:03:25 -05:00
Kjetil Orbekk
9931f18c2d
Add support for bare git repositories with git+file
...
Local git repositories are normally used directly instead of
cloning. This commit checks if a repo is bare and forces a
clone.
Co-authored-by: Théophane Hufschmitt <regnat@users.noreply.github.com>
2021-03-01 09:03:25 -05:00
regnat
93b5a59b67
Add a test for the remote caching of CA derivations
2021-03-01 14:00:17 +01:00
regnat
df9d4f88d5
Allow substituting drv outputs when building
2021-03-01 14:00:17 +01:00
regnat
5d1c05b075
SubstitutionGoal -> PathSubstitutionGoal
...
To prepare for the upcoming DrvOutputSubstitutionGoal
2021-03-01 14:00:17 +01:00
Eelco Dolstra
e64cf8e0a3
Merge pull request #4574 from grahamc/libstore-ssh-host-key
...
libstore: support passing a builder's public SSH host key
2021-03-01 13:12:18 +01:00
Eelco Dolstra
99b93773de
Merge pull request #4582 from puckipedia/cppflags
...
mk: add support for CPPFLAGS
2021-03-01 13:08:14 +01:00
Eelco Dolstra
c32a7c3404
Merge remote-tracking branch 'origin/ca/move-tests-to-their-own-directory'
2021-03-01 12:57:29 +01:00
Eelco Dolstra
7d578aaba1
Merge pull request #4583 from puckipedia/revert-jar-support
...
Revert "Add support for building JARs from Java sources"
2021-03-01 11:56:26 +01:00
regnat
259d6778ef
Move the CA tests to a sub-directory
...
Requires a slight update to the test infra to work properly, but
having the possibility to group tests that way makes the whole thing
quite cleaner imho
2021-03-01 11:08:01 +01:00
John Ericson
4bbd80c536
Throw error for derivation goal with bogus wanted output
2021-02-28 00:19:35 +00:00
Domen Kožar
73b3e6cd46
Merge pull request #4581 from puckipedia/fix-libseccomp
...
Properly propagate libseccomp linker flags
2021-02-27 10:51:43 +00:00
John Ericson
7863036634
Merge remote-tracking branch 'obsidian/path-info' into ca-drv-exotic
2021-02-27 05:46:59 +00:00
John Ericson
f0ad29acc1
Merge remote-tracking branch 'upstream/master' into path-info
2021-02-27 05:42:13 +00:00
John Ericson
2dd11f0780
Reenable previously failing trustless remote builder tests
2021-02-27 05:33:47 +00:00
John Ericson
f6f19acd3f
Merge branch 'restore-test-build-remote-ca-fixed' into trustless-remote-builder-simple
2021-02-27 05:25:39 +00:00
John Ericson
ae1441e548
Fix testing fixed-output derivations in double sandboxes
...
What happened was that Nix was trying to unconditionally mount these
paths in fixed-output derivations, but since the outer derivation was
pure, those paths did not exist. The solution is to only mount those
paths when they exist.
2021-02-27 05:23:14 +00:00
John Ericson
e547fe12d1
Merge branch 'restore-test-build-remote-ca-fixed' into trustless-remote-builder-simple
2021-02-27 03:53:22 +00:00
Puck Meerburg
2d7917f035
Revert "Add support for building JARs from Java sources"
...
This reverts commit 259086de84
.
2021-02-26 23:06:58 +00:00
Puck Meerburg
7241fdc3d2
Properly propagate libseccomp linker flags
2021-02-26 23:01:16 +00:00
Puck Meerburg
bd0b0f9ab7
mk: add support for CPPFLAGS
2021-02-26 22:56:51 +00:00
Travis A. Everett
12ec962dd8
simplify changing cachix cache for install tests
...
- convert cachix cache name from an env into a secret so it (along
with the token/key) can be set once per fork
- use CACHIX_AUTH_TOKEN in addition to CACHIX_SIGNING_KEY; it looks
like cachix will try signing key first, then auth token.
2021-02-26 16:14:06 -06:00
Eelco Dolstra
6512be0a99
Merge pull request #4570 from obsidiansystems/split-building-planning
...
Split {,local-}derivation-goal.{cc,hh}
2021-02-26 20:00:02 +01:00
John Ericson
5b42e5b177
Restore now-working build-remote-content-addressed-fixed test
...
This was
- Added in dbf96e10ec
.
- Commented out in 07975979aa
, which I
believe only reached master by mistake.
- Deleted in c32168c9bc
, when
`tests/build-hook-ca.nix` was reused for a new test.
But the test works, and we ought to have it.
2021-02-26 16:32:52 +00:00
John Ericson
553b79f8c9
Remove unused redirectedBadOutputs
2021-02-26 16:10:54 +00:00
John Ericson
d560311f76
Remove temporary #if 0...#endif
from previous commit
2021-02-26 16:10:52 +00:00