Commit graph

4488 commits

Author SHA1 Message Date
John Ericson
2aa9cf34dd Move uriSchemes to *StoreConfig
It is a property of the configuration of a store --- how a store URL is
parsed into a store config, not a store itself.

Progress towards #10766
2024-07-17 23:48:19 -04:00
Farid Zakaria
57399bfc0e
Refactor unix domain socket store config (#11109)
Following what is outlined in #10766 refactor the uds-remote-store such
that the member variables (state) don't live in the store itself but in
the config object.

Additionally, the config object includes a new necessary constructor
that takes a scheme & authority.

Tests are commented out because of linking errors with the current config system.
When there is a new config system we can reenable them.

Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2024-07-17 23:32:27 -04:00
Eelco Dolstra
87f8ff23fe BasicClientConnection::handshake(): Don't send our version twice
This was accidentally introduced
in f71b4da0b3.  We didn't notice this
because the version got interpreted by the daemon as the obsolete "CPU
affinity will follow" field, and being non-zero, it would then read
another integer for the ignored CPU affinity.
2024-07-17 16:51:53 +02:00
Robert Hensing
b230c01f73
Merge pull request #11014 from obsidiansystems/plugins-libmain
Move plugins infra to `libnixmain`
2024-07-17 09:42:09 +02:00
Las Safin
a1f3f103bc
Check if drv is initialized in DerivationGoal::waiteeDone
It might not be set, in which case we shouldn't do anything.
Surprisingly, this somehow did not cause segfaults before?

Caught by UBSan.
2024-07-16 22:01:39 +00:00
John Ericson
808082ea03 Ensure we can construct remote store configs in isolation
Progress towards #10766

I thought that #10768 achieved, but when I went to use this stuff (in
Hydra), turns out it did not. (Those `using FooConfig;` lines were not
working --- they are so finicky!) This PR gets the job done, and adds
some trivial unit tests to make sure I did what I intended.

I had to add add a header to expose `SSHStoreConfig`, after which the
preexisting `ssh-store-config.*` were very confusingly named files, so I
renamed them to `common-ssh-store-config.hh` to match the type defined
therein.
2024-07-15 17:32:49 -04:00
John Ericson
0feeab755a Move plugins infra to libnixmain
They are not actually part of the store layer, but instead part of the
Nix executable infra (libraries don't need plugins, executables do).

This is part of a larger project of moving all of our legacy settings
infra to libmain, and having the underlying libraries just have plain
configuration structs detached from any settings infra / UI layer.

Progress on #5638
2024-07-15 17:26:03 -04:00
John Ericson
1a273a623f Inline settings.pluginFiles.name
In theory the warning is more noisy now, but in practice this will not
happen unless the client is older than 2.14 (highly unlikely).
2024-07-15 16:50:57 -04:00
Las Safin
846869da0e
Make goals use C++20 coroutines (#11005)
undefined
2024-07-15 16:49:15 -04:00
Robert Hensing
7e604f716c concatStrings: Give compiler access to definition for inlining
... at call sites that are may be in the hot path.

I do not know how clever the compiler gets at these sites.
My primary concern is to not regress performance and I am confident
that this achieves it the easy way.
2024-07-14 12:20:45 +02:00
Robert Hensing
e64643bf63 dropEmptyInitThenConcatStringsSep -> concatStringSep: feature should not be empty
(System) features are unlikely to be empty strings, but when they
come in through structuredAttrs, they probably can.
I don't think this means we should drop them, but most likely they
will be dropped after this because next time they'll be parsed with
tokenizeString.

TODO: We should forbid empty features.
2024-07-13 03:06:24 +02:00
Robert Hensing
f1966e22d9 dropEmptyInitThenConcatStringsSep -> concatStringSep: store paths are not empty 2024-07-13 03:06:24 +02:00
Robert Hensing
49d100ba8b dropEmptyInitThenConcatStringsSep -> concatStringSep: output name empty not feasible
I don't think it's completely impossible, but I can't construct
one easily as derivationStrict seems to (re)tokenize the outputs
attribute, dropping the empty output.

It's not a scenario we have to account for here.
2024-07-13 03:06:24 +02:00
Robert Hensing
d3e49ac881 dropEmptyInitThenConcatStringsSep -> concatStringSep: shortRefs are not empty 2024-07-13 03:06:24 +02:00
Robert Hensing
608a425550 dropEmptyInitThenConcatStringsSep -> concatStringSep: diag 2024-07-13 03:06:24 +02:00
Robert Hensing
75dde71ff9 dropEmptyInitThenConcatStringsSep -> concatStringSep: sigs are non-empty
The sigs field is produced by tokenizeStrings, which does not return
empty strings.
2024-07-13 03:06:24 +02:00
Robert Hensing
3f37785afd NIX_REMOTE_SYSTEMS: actually support multiple :-separated entries
Bug not reported in 6 years, but here you go.

Also it is safe to switch to normal concatStringsSep behavior
because tokenizeString does not produce empty items.
2024-07-13 03:06:24 +02:00
Robert Hensing
ea966a70fc dropEmptyInitThenConcatStringsSep -> concatStringSep: diagnostics and docs
These are non-critical, so their behavior is ok to change.
Dropping empty items is not needed and usually not expected.
2024-07-13 03:06:24 +02:00
Robert Hensing
1a8defd06f Refactor: rename C++ concatStringsSep -> dropEmptyInitThenConcatStringsSep 2024-07-13 03:05:50 +02:00
John Ericson
bc83b9dc1f Remove comparator.hh and switch to <=> in a bunch of places
Known behavior changes:

- `MemorySourceAccessor`'s comparison operators no longer forget to
  compare the `SourceAccessor` base class.

Progress on #10832

What remains for that issue is hopefully much easier!
2024-07-12 14:54:18 -04:00
Robert Hensing
11a6db5993 Remove unused operator<=>'s that darwin can't generate
It was complaining *a lot*, with dozens of MB of logs.
2024-07-12 17:37:27 +02:00
Robert Hensing
27eaeebc41 nar-accessor.cc: Silence unused variable warning 2024-07-12 15:38:17 +02:00
Robert Hensing
8df041cbc6 Solve unused header warnings reported by clangd 2024-07-12 15:37:54 +02:00
John Ericson
6e5cec292b Use a meson "generator" to deduplicate .gen.hh creation 2024-07-08 11:13:11 -04:00
John Ericson
d8850618b6
Merge pull request #11059 from rhendric/rhendric/reference-manual
docs: merge builtin-constants into builtins
2024-07-07 21:47:33 -04:00
Ryan Hendrickson
95890b3e1d docs: merge builtin-constants into builtins 2024-07-07 15:57:23 -04:00
Robert Hensing
a9592077fb
Merge pull request #11055 from NixOS/packaging-for-nixpkgs
Indirections for packaging meson-based granular build for Nixpkgs
2024-07-07 21:33:01 +02:00
Romain NEIL
514062c227 feat: configure aws s3 lib to use system defined proxy, if existent 2024-07-06 21:46:58 +02:00
Robert Hensing
0729f0a113 packaging: Pass version directly 2024-07-06 17:52:57 +02:00
Robert Hensing
ddff76f667
Merge pull request #10973 from NixOS/meson-libexpr
Meson build for libexpr libflake, external C API, unit tests
2024-07-05 20:27:12 +02:00
Robert Hensing
a476383f46
Merge pull request #11031 from emilazy/push-xsrvoyspsvqx
libstore: fix sandboxed builds on macOS
2024-07-05 17:08:39 +02:00
John Ericson
e4056b9afd
Apply suggestions from code review
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-04 17:48:27 -04:00
Emily
af2e1142b1 libstore: fix sandboxed builds on macOS
The recent fix for CVE-2024-38531 broke the sandbox on macOS
completely. As it’s not practical to use `chroot(2)` on
macOS, the build takes place in the main filesystem tree, and the
world‐unreadable wrapper directory prevents the build from accessing
its `$TMPDIR` at all.

The macOS sandbox probably shouldn’t be treated as any kind of a
security boundary in its current state, but this specific vulnerability
wasn’t possible to exploit on macOS anyway, as creating `set{u,g}id`
binaries is blocked by sandbox policy.

Locking down the build sandbox further may be a good idea in future,
but it already has significant compatibility issues. For now, restore
the previous status quo on macOS.

Thanks to @alois31 for helping me come to a better understanding of
the vulnerability.

Fixes: 1d3696f0fb
Closes: #11002
2024-07-04 16:28:37 +01:00
Emily
76e4adfaac libstore: clean up the build directory properly
After the fix for CVE-2024-38531, this was only removing the nested
build directory, rather than the top‐level temporary directory.

Fixes: 1d3696f0fb
2024-07-04 16:22:02 +01:00
John Ericson
30de61f16d
Merge pull request #11018 from siddhantk232/canonpath-fs-sink
Use `CanonPath` in `fs-sink.hh`
2024-07-03 10:36:18 -04:00
siddhantCodes
2cf24a2df0 fix tests and minor changes
- use the iterator in `CanonPath` to count `level`
- use the `CanonPath::basename` method
- use `CanonPath::root` instead of `CanonPath{""}`
- remove `Path` and `PathView`, use `std::filesystem::path` directly
2024-07-03 17:43:55 +05:30
John Ericson
4d6bc61b8d Fix things 2024-07-02 09:26:22 -04:00
John Ericson
513f6b9718 meson: Prelink links to avoid missing C++ initializers
This is the same as what the old build system did in
7eca8a16ea, done for the same reasons.
2024-07-02 09:26:22 -04:00
John Ericson
f7ce10dbc1 Fix static build 2024-07-02 09:26:22 -04:00
John Ericson
479befa76d More fixes 2024-07-02 09:26:22 -04:00
John Ericson
6a0582d9fd Rename file to avoid reserved name 2024-07-02 09:26:22 -04:00
John Ericson
0b539dea4a Improve boost hacks 2024-07-02 09:26:22 -04:00
John Ericson
8399bd6b8f Dedup 2024-07-02 09:26:21 -04:00
John Ericson
8198888bc4 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
d6f57f3260 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
c88f83b471 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
d902481a36 Better org 2024-07-02 09:23:25 -04:00
John Ericson
a81e319528 Deduplicating 2024-07-02 09:23:24 -04:00
John Ericson
4fa8068b78 Mesonify other external API 2024-07-02 09:23:24 -04:00
John Ericson
31257009e1 Meson build for libexpr and libflake 2024-07-02 09:23:24 -04:00