John Ericson
65d7c80365
Merge pull request #10955 from NixOS/meson-nix-util-c
...
Build nix-util-c with meson + unit tests
2024-06-25 19:06:06 -04:00
Ryan Hendrickson
fba81cf74b
docs: internal documentation touchup
...
Make two comments more accurate for the next reader.
2024-06-25 18:44:56 -04:00
Robert Hensing
ae3304bde9
Test static build of nix-util on non-darwin
2024-06-25 21:35:23 +02:00
Robert Hensing
1eaddb209d
TMP: disable static meson build on darwin
2024-06-25 21:35:23 +02:00
Robert Hensing
6a28566db6
refact: concatMapAttrs -> flatMapAttrs
...
This should be slightly easier to read.
We could apply this to all concatMapAttrs calls.
2024-06-25 21:35:23 +02:00
Robert Hensing
ac89828b5a
Build nix-util-c with meson and unit test
2024-06-25 21:35:23 +02:00
John Ericson
ccb679ee01
Merge pull request #10941 from hercules-ci/check-derivation-name
...
Improve error messages for invalid derivation names
2024-06-25 14:11:34 -04:00
Robert Hensing
7df9d6da65
Improve error messages for invalid derivation names
2024-06-25 19:41:29 +02:00
John Ericson
5f4f789144
Merge pull request #10954 from NixOS/ci-meson
...
ci.yml: Add meson_build
2024-06-25 09:02:33 -04:00
John Ericson
d02d38f16d
Merge pull request #7048 from puffnfresh/lutimes
...
Guard uses of lutimes, for portability
2024-06-25 06:06:45 -04:00
Robert Hensing
0674be8d49
nix-util: Fix build
2024-06-25 10:26:57 +02:00
Robert Hensing
1801119e29
ci.yml: Add meson_build
...
Restore meson CI after https://github.com/NixOS/nix/pull/10929
2024-06-25 10:15:28 +02:00
Brian McKenna
5be44d235a
Guard uses of lutimes, for portability
2024-06-24 17:35:34 -04:00
John Ericson
05580a373f
Fix error in the no-GC build
2024-06-24 17:18:16 -04:00
John Ericson
5c497a992b
Merge pull request #10922 from hercules-ci/functional-tests-on-nixos
...
Run the functional tests in a NixOS environment
2024-06-24 13:36:13 -04:00
Robert Hensing
445a4a0298
ci.yml: Add swap and monitor it
2024-06-24 19:05:30 +02:00
Robert Hensing
c66f1e7660
Merge pull request #10913 from NixOS/no-global-eval-settings-in-libexpr
...
No global eval settings in `libnixexpr`
2024-06-24 18:52:19 +02:00
John Ericson
fda4c78921
Merge pull request #10951 from obsidiansystems/load-just-one-config
...
Small global config refactors
2024-06-24 12:38:04 -04:00
John Ericson
52bfccf8d8
No global eval settings in libnixexpr
...
Progress on #5638
There is still a global eval settings, but it pushed down into
`libnixcmd`, which is a lot less bad a place for this sort of thing.
2024-06-24 12:15:16 -04:00
Robert Hensing
5a7ccd6580
tests/functional: Print all args of fail()
2024-06-24 18:11:58 +02:00
Robert Hensing
d4ca634508
tests/functional: Differentiate die and fail
2024-06-24 18:11:10 +02:00
John Ericson
cb0c868da4
Allow loading config files into other config objects
...
This gives us some hope of moving away from global variables.
2024-06-24 12:07:56 -04:00
John Ericson
b46e13840b
Format config-global.{cc,hh}
...
Since the code is factored out, it is no longer avoding the formatter.
2024-06-24 12:07:56 -04:00
Robert Hensing
602c444411
Merge remote-tracking branch 'upstream/master' into functional-tests-on-nixos
2024-06-24 18:07:21 +02:00
John Ericson
1620ad4587
Split out GlobalConfig
into its own header
...
This makes it easier to understand the reach of global variables /
global state in the config system.
2024-06-24 11:36:21 -04:00
Robert Hensing
ce4bcef830
Merge pull request #10745 from obsidiansystems/ca-cleanup
...
Cleanup `ContentAddressMethod` to match docs
2024-06-24 17:25:45 +02:00
John Ericson
b51e161af5
Cleanup ContentAddressMethod
to match docs
...
The old `std::variant` is bad because we aren't adding a new case to
`FileIngestionMethod` so much as we are defining a separate concept ---
store object content addressing rather than file system object content
addressing. As such, it is more correct to just create a fresh
enumeration.
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-06-24 10:24:06 -04:00
John Ericson
64e599ebe1
Rename Recursive
-> NixArchive
...
For enums:
- `FileIngestionMethod`
- `FileSerialisationMethod`
2024-06-24 10:24:06 -04:00
Eelco Dolstra
903acc7c0f
Merge pull request #10873 from siddhantk232/rm-createdirs
...
use `std::filesystem::create_directories` for createDirs
2024-06-24 14:54:37 +02:00
Eelco Dolstra
bc21c54565
Merge pull request #10943 from pineapplehunter/master
...
Accept response from gitlab api with more than one entry in json
2024-06-24 14:23:47 +02:00
Robert Hensing
6f64154eea
Merge pull request #10884 from tomberek/tomberek.warn_structuredAttrs_advanced
...
fix: warn and document when advanced attributes will have no impact d…
2024-06-24 07:56:26 +02:00
John Ericson
927b719bce
Merge pull request #10874 from haenoe/derivation-tests
...
Tests for derivation "advanced attrs"
2024-06-23 22:09:10 -04:00
HaeNoe
7fb14201af
Unit test for derivation "advanced attrs"
...
This tests the parser and JSON format using the DRV files from the tests
added in the previous commit.
Co-Authored-By: John Ericson <John.Ericson@Obsidian.Systems>
2024-06-23 21:42:56 -04:00
HaeNoe
9f9984e4d0
Functional test for derivation "advanced attrs"
...
This tests the Nix language side of things.
We are purposely skipping most of `common.sh` because it is overkill for
this test: we don't want to have an "overfit" test environment.
Co-Authored-By: John Ericson <John.Ericson@Obsidian.Systems>
2024-06-23 21:42:56 -04:00
John Ericson
490ca93cf8
Factor out a bit more language testings infra
...
Will be used in a second test after `lang.sh`.
2024-06-23 15:33:45 -04:00
John Ericson
df068734ac
Merge pull request #10769 from poweredbypie/mingw-spawn
...
Implement runProgram for Windows
2024-06-23 14:12:36 -04:00
Shogo Takata
0468061dd2
accept response from gitlab with more than one entry
2024-06-23 00:52:19 +09:00
Eelco Dolstra
d54590fdf3
Fix --no-sandbox
...
When sandboxing is disabled, we cannot put $TMPDIR underneath an
inaccessible directory.
2024-06-21 17:06:19 +02:00
Eelco Dolstra
58b7b3fd15
Formatting
2024-06-21 17:06:19 +02:00
Eelco Dolstra
ede95b1fc1
Put the chroot inside a directory that isn't group/world-accessible
...
Previously, the .chroot directory had permission 750 or 755 (depending
on the uid-range system feature) and was owned by root/nixbld. This
makes it possible for any nixbld user (if uid-range is disabled) or
any user (if uid-range is enabled) to inspect the contents of the
chroot of an active build and maybe interfere with it (e.g. via /tmp
in the chroot, which has 1777 permission).
To prevent this, the root is now a subdirectory of .chroot, which has
permission 700 and is owned by root/root.
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
d99c868b04
Add a release note for the build-dir hardening
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
1d3696f0fb
Run the builds in a daemon-controled directory
...
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.
This achieves two things:
1. It prevents builders from making their build directory world-readable
(or even writeable), which would allow the outside world to interact
with them.
2. It prevents external processes running as the build user (either
because that somehow leaked, maybe as a consequence of 1., or because
`build-users` isn't in use) from gaining access to the build
directory.
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
717f3eea39
Add a test for the user sandboxing
2024-06-21 17:06:18 +02:00
Robert Hensing
d9684664c8
Revert "tests/functional/common/init.sh: Use parentheses around negation"
...
ShellCheck doesn't want us to add extra parentheses for show.
This reverts commit 7c9f3eeef8
.
2024-06-20 22:31:32 +02:00
siddhantCodes
85b7989764
fix: handle errors in nix::createDirs
...
the `std::filesystem::create_directories` can fail due to insufficient
permissions. We convert this error into a `SysError` and catch it
wherever required.
2024-06-20 19:53:25 +05:30
siddhantCodes
857e380c7d
Merge branch 'rm-createdirs' of github.com:siddhantk232/nix into rm-createdirs
2024-06-20 18:47:51 +05:30
Robert Hensing
dcee46a0ef
Apply suggestions from code review
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-06-20 14:54:11 +02:00
Robert Hensing
7c9f3eeef8
tests/functional/common/init.sh: Use parentheses around negation
...
roberth: Not strictly necessary, but probably a good habit
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2024-06-20 14:54:11 +02:00
Robert Hensing
648302b833
tests/functional: Enable more tests in NixOS VM
2024-06-20 14:54:11 +02:00
Robert Hensing
f0abe4d8f0
ci: Build tests.functional_user for PRs
2024-06-20 14:54:11 +02:00