Commit graph

17193 commits

Author SHA1 Message Date
Valentin Gagarin
13c2005e7d
add intermediate variables and clarifying comments (#9274)
* add intermediate variables and clarifying comments

Co-authored-by: Alexander Groleau <alex@proof.construction>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-04-12 17:43:35 +02:00
Théophane Hufschmitt
cef677ddbc Test the inclusion of transitive symlinks in the sandbox 2024-04-12 16:10:22 +02:00
Théophane Hufschmitt
acbb1523c1 Fix the access of symlinks to host files in the sandbox
https://github.com/NixOS/nix/pull/10456 fixed the addition of symlink
store paths to the sandbox, but also made it so that the hardcoded
sandbox paths (like `/etc/hosts`) were now bind-mounted without
following the possible symlinks. This made these files unreadable if
there were symlinks (because the sandbox would now contain a symlink to
an unreachable file rather than the underlying file).
In particular, this broke FOD derivations on NixOS as `/etc/hosts` is a
symlink there.

Fix that by canonicalizing all these hardcoded sandbox paths before
adding them to the sandbox.
2024-04-12 15:57:53 +02:00
John Ericson
5b9cb8b372
Merge pull request #10412 from roberth/c-string-context
C API: Add `nix_string_realise`
2024-04-11 12:07:31 -04:00
Robert Hensing
f2522d4ecd libexpr-c: Add nix_store_path_name 2024-04-11 17:39:21 +02:00
Robert Hensing
a512f4eebc test/libutil: Add OBSERVE_STRING macro
Makes string callback easier to pass, without mistakes.
2024-04-11 17:39:21 +02:00
Robert Hensing
876e70bc9a tests/unit/libexpr/local.mk
A proper build system would catch errors like this.
2024-04-11 17:39:21 +02:00
Robert Hensing
1233bcde37 libstore-c: Add nix_store_path_clone 2024-04-11 17:39:21 +02:00
Robert Hensing
48808a5320 tests/unit/libexpr: Enable nix_store_realise test, and add docs 2024-04-11 17:39:21 +02:00
Robert Hensing
94d9819bdc tests/unit/libexpr/main: Fix realisation 2024-04-11 17:39:19 +02:00
Robert Hensing
ed13cf05a2 build-hook: Allow empty
Like always declining; local builds only, as can be inferred from the
docs. (Not worth spending too many words on this pretty obvious
behavior, I think. Also, plans to remove it? https://github.com/NixOS/nix/issues/1221)
2024-04-11 17:39:16 +02:00
Théophane Hufschmitt
db6335d099
Merge pull request #10244 from bouk/submodule-fetch-default-method
git fetcher: fix resolveSubmoduleUrl to work with all repo URLs
2024-04-11 16:58:28 +02:00
Bouke van der Bijl
1e4f902b28 Add gitSubmodules test to github actions 2024-04-11 15:55:09 +02:00
Bouke van der Bijl
cd06193d13 Add nixos test 2024-04-11 15:28:38 +02:00
Bouke van der Bijl
1a76ca4161 Set the origin instead of hacking in the URL resolving 2024-04-11 14:22:12 +02:00
Bouke van der Bijl
1f73de2629 git fetcher: relax absolute URL check of resolveSubmoduleUrl
This matches up the behavior with the internals of libgit2

Fixes #9979
2024-04-11 14:22:12 +02:00
Théophane Hufschmitt
da1e977bf4
Merge pull request #10456 from NixOS/fixpermdeniedbind
Fix adding symlink to the sandbox paths
2024-04-11 13:41:49 +02:00
Eelco Dolstra
26a4688a86 nix shell: Test that store paths cannot link outside of the store 2024-04-11 11:06:35 +02:00
Eelco Dolstra
9d50f57fa3 Doh 2024-04-11 09:00:47 +02:00
Théophane Hufschmitt
def00d7b52
Merge pull request #10455 from tie/structured-attrs-get-env
Do not rely on $stdenv/setup to set output variables
2024-04-11 06:48:36 +02:00
Eelco Dolstra
85b9f4ef4f nix shell: Handle output paths that are symlinks
This requires moving resolveSymlinks() into SourceAccessor. Also, it
requires LocalStoreAccessor::maybeLstat() to work on parents of the
store (to avoid an error like "/nix is not in the store").

Fixes #10375.
2024-04-10 23:49:19 +02:00
Nikhil Dhiman
19c8867d2a
Fix store-path.md (#10457)
Co-authored-by: John Ericson <git@JohnEricson.me>
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
2024-04-10 21:11:57 +00:00
John Ericson
021488497d
Merge pull request #10464 from obsidiansystems/nar-format-docs
Document the Nix Archive format
2024-04-10 16:26:27 -04:00
Eelco Dolstra
74aab19c4b
Merge pull request #10458 from Ma27/rl-2.20-followup
doc/rl-2.20: clarify builders-use-substitutes vs. substitute-on-destion
2024-04-10 22:22:49 +02:00
John Ericson
3e5797e97f Document the Nix Archive format
This is adopted from Eelco's PhD thesis.
2024-04-10 15:21:22 -04:00
Ivan Trubach
664532c533 Do not rely on $stdenv/setup to set output variables
Instead of relying on setup script to set output variables when
structured attributes are enabled, iterate over the values of an
outputs associative array.

See also
374fa3532e/pkgs/stdenv/generic/setup.sh (L23-L26)
2024-04-10 19:50:19 +03:00
Maximilian Bosch
50557adb3b
doc/rl-2.20: clarify builders-use-substitutes vs. substitute-on-destination
...as this lead to confusion before.
2024-04-10 17:26:58 +02:00
Théophane Hufschmitt
a268c0de71
Merge pull request #10413 from Ma27/path-info-all-binary-cache
path-info: print correct path when using `nix path-info --store file://... --all --json`
2024-04-10 15:25:50 +02:00
Théophane Hufschmitt
ae4737294e doBind: Use our own lstat wrapper
Doesn't change much, but brings a bit more consistency to the code
2024-04-10 15:20:10 +02:00
Théophane Hufschmitt
913db9f738 Fix permission denied when building symlink derivation which points to a symlink out of the store
Bind-mounting symlinks is apparently not possible, which is why the
thing was failing.

Fortunately, symlinks are small, so we can fallback to copy them at no cost.

Fix https://github.com/NixOS/nix/issues/9579

Co-authored-by: Artturin <Artturin@artturin.com>
2024-04-10 15:19:18 +02:00
Théophane Hufschmitt
872d93eb13 Add a test for depending on a symlink store path
Regression test for https://github.com/NixOS/nix/issues/9579
2024-04-10 15:17:39 +02:00
Théophane Hufschmitt
65d711351e
Merge pull request #10449 from Ma27/rl-2.20-nix-copy-ssh-ng
doc/rl-2.20: add missing entry about `nix copy --to ssh-ng://...`
2024-04-10 11:44:31 +02:00
Eelco Dolstra
3fd8dfec4d
Merge pull request #10021 from obsidiansystems/ca-type-names
Make `outputHashAlgo` accept `"nar"`, stay in sync
2024-04-09 23:06:43 +02:00
John Ericson
93d68e18e5 Make outputHashAlgo accept "nar", stay in sync
Now that we have a few things identifying content address methods by
name, we should be consistent about it.

Move up the `parseHashAlgoOpt` for tidiness too.

Discussed this change for consistency's sake as part of #8876

Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2024-04-09 16:17:23 -04:00
Maximilian Bosch
f34b8de5b2
doc/rl-2.20: add missing entry about nix copy --to ssh-ng://...
This requires `--substitute-on-destination` if you want the remote side
to substitute instead of copying if possible.

For completeness sake, document it here.

Also, the stable Nix from nixpkgs is still 2.18, so more folks may
stumble upon this when this is bumped, so I'd expect this to be actually
useful.

Closes #10182
2024-04-09 21:27:00 +02:00
Eelco Dolstra
c313394ae9
Merge pull request #10432 from obsidiansystems/delete-resolve-system-dependencies
Remove `resolve-system-dependencies`
2024-04-08 18:41:14 +02:00
Eelco Dolstra
d29786f258 downloadFile(): Remove the "locked" (aka "immutable") flag
This was used in only one place, namely builtins.fetchurl with an
expected hash. Since this can cause similar issues as described
in #9814 and #9905 with the "locked" flag for fetchTarball and fetchTree,
let's just remove it.

Note that if an expected hash is given and the hash algorithm is
SHA-256, then we will never do a download anyway if the resulting
store path already exists. So removing the "locked" flag will only
cause potentially unnecessary HTTP requests (subject to the tarball
TTL) for non-SHA-256 hashes.
2024-04-08 15:56:16 +02:00
John Ericson
e68f24f1e0 Remove resolve-system-dependencies
Fix #9769

As Abathur reports, it seems to be unused since #3429 in 2020.
2024-04-08 09:55:42 -04:00
Eelco Dolstra
334874d101
Merge pull request #10433 from edolstra/run-mercurial-tests
Actually run the Mercurial tests
2024-04-08 15:52:13 +02:00
Eelco Dolstra
737ce5e81f Actually run the Mercurial tests 2024-04-08 15:21:57 +02:00
Eelco Dolstra
9d2b9ef92e
Merge pull request #10423 from AndrewDDavis/patch-1
Prevent `nix-daemon.sh` from leaking variable into user environment
2024-04-08 14:36:50 +02:00
Théophane Hufschmitt
c749c115ab
Merge pull request #10427 from lf-/jade/fix-nix-doctor
"but doctor, I AM the untrusted store": nix doctor had wrong trustedness
2024-04-08 11:29:43 +02:00
Théophane Hufschmitt
bd8c276ddb Improve the config check output for stores that don't know about trust
Make it proper english
2024-04-08 11:02:39 +02:00
Jade Lovelace
dea23c3c9b "but doctor, I AM the untrusted store": nix doctor had wrong trustedness
This probably snuck in in a refactor using truthiness or so. The
trustedness flag was having the optional fullness checked, rather than
the actual contained trust level.

Also adds some tests.

```
m1@6876551b-255d-4cb0-af02-8a4f17b27e2e ~ % nix store ping
warning: 'nix store ping' is a deprecated alias for 'nix store info'
Store URL: daemon
Version: 2.20.4
Trusted: 0
m1@6876551b-255d-4cb0-af02-8a4f17b27e2e ~ % nix doctor
warning: 'doctor' is a deprecated alias for 'config check'
[PASS] PATH contains only one nix version.
[PASS] All profiles are gcroots.
[PASS] Client protocol matches store protocol.
[INFO] You are trusted by store uri: daemon
```
2024-04-07 22:43:02 -07:00
John Ericson
fef952e258
Merge pull request #8397 from NixLayeredStore/overlayfs-store
Local Overlay Store
2024-04-07 22:57:01 -04:00
John Ericson
bd7c26bc7b Add comment explaining LIBMOUNT_FORCE_MOUNT2=always 2024-04-07 21:55:19 -04:00
Robert Hensing
5f9aaa86eb
Merge pull request #10416 from obsidiansystems/cgroup-linux-only
Make `cgroup.{cc,hh}` linux-only files
2024-04-07 16:52:31 +02:00
Andrew Davis
a2a633d332
Prevent nix-daemon.sh from leaking variable into user environment
The script at `/nix/store/...-nix-2.21.0/etc/profile.d/nix-daemon.sh`  was leaving behind a variable, which was visible in the user's shell environment, but not used outside the script.
2024-04-06 10:26:29 -04:00
Théophane Hufschmitt
2dc06b3969
Merge pull request #10420 from stuebinm/markdown-doc-formatting
fix codeblocks in the repl's `:doc`
2024-04-06 14:12:15 +02:00
cidkidnix
e73dc0e938 Use LIBMOUNT_FORCE_MOUNT2=always to workaround new mount API issues 2024-04-05 16:43:14 -05:00