Commit graph

18167 commits

Author SHA1 Message Date
Robert Hensing
9385383347 Revert "Remove unit tests from old build system"
`make check` was reverted too soon. The hacking guide wasn't brought
up to date with the new workflow, and it's not clear how to use
meson for everything.

This reverts commit 6f3045c2a2.
2024-08-19 15:18:02 +02:00
tomberek
1c5ad159d6
Merge pull request #10980 from kjeremy/flake-show-description
nix flake show: add the description if it exists
2024-08-18 16:31:44 -04:00
Sandro
67de193277
Remove duplicated section (#11324) 2024-08-18 18:44:59 +02:00
Robert Hensing
c458598647
Merge pull request #11297 from shivaraj-bh/flake-apps-description
`nix flake show`: Support `meta` attribute for `apps`
2024-08-17 13:12:01 +02:00
shivaraj-bh
2ab93fd5fd nix flake check: Add functional tests for apps and formatter 2024-08-17 15:50:06 +05:30
shivaraj-bh
adabca6e4f nix flake check: Add apps check; Check if formatter is a derivation 2024-08-17 15:50:06 +05:30
shivaraj-bh
a5f6ee8550 nix flake show: Support meta attribute for apps
Metadata information for flake apps will be useful while exploring a
flake using `nix flake show`
2024-08-17 15:50:06 +05:30
tomberek
b7d80d002f
Merge pull request #11320 from tomberek/tomberek.fix_container_release
ci: use attribute with version for docker
2024-08-17 03:40:33 -04:00
Tom Bereknyei
4ba57c9eb2 ci: use attribute with version for docker 2024-08-17 02:46:58 -04:00
tomberek
b62e5e889a
Merge pull request #11279 from NixOS/contributing
Urge contributors to read the contributing page + link to matrix
2024-08-16 23:22:08 -04:00
tomberek
9e37a93229
Merge pull request #11270 from amarshall/fix-darwin-sandbox-local-networking
libstore: fix port binding in __darwinAllowLocalNetworking sandbox
2024-08-16 23:17:21 -04:00
tomberek
92df2a7cb2
Merge pull request #11285 from DeterminateSystems/downloadTarball-cacheable
fetchers::downloadTarball(): Return a cacheable accessor
2024-08-16 23:05:49 -04:00
tomberek
15a2457607
Merge pull request #11303 from NixOS/always-quick-build
Use nixosTest.quickBuild behavior by default
2024-08-16 22:07:05 -04:00
Robert Hensing
d4aa7d5dc7 Use nixosTest.quickBuild behavior by default
This wasn't the default behaviour because:

> We don't enable this by default to avoid the mostly unnecessary work of
> performing an additional build of the package in cases where we build
> the package normally anyway, such as in our pre-merge CI.

Since we have a componentized build, we've solved the duplication.

In the new situation, building both with and without unit tests
isn't any slow than just a build with unit tests, so there's no
point in using the unit-tested build anymore.

By using the otherwise untested build, we reduce the minimum build
time towards the NixOS test, at no cost.

If you want to run all tests, build all attributes.
2024-08-16 21:25:48 -04:00
Eelco Dolstra
b02601cd0c
Merge pull request #11311 from cole-h/update-nixpkgs-input-fix-darwin
Update nixpkgs input to fix darwin ccache evaluation, have CI check that all outputs on all systems evaluate
2024-08-16 20:43:59 +02:00
Cole Helbling
aa3d35c1f4 ci: check that all outputs for all systems can evaluate 2024-08-16 07:22:30 -07:00
Cole Helbling
8866d2cd83 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/63d37ccd2d178d54e7fb691d7ec76000740ea24a?narHash=sha256-7cCC8%2BTdq1%2B3OPyc3%2BgVo9dzUNkNIQfwSDJ2HSi2u3o%3D' (2024-07-21)
  → 'github:NixOS/nixpkgs/c3d4ac725177c030b1e289015989da2ad9d56af0?narHash=sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz%2BNG82pbdg%3D' (2024-08-15)
2024-08-16 07:09:27 -07:00
Robert Hensing
31f3f23ee6
Merge pull request #11305 from NixOS/doc-apply
Document function application operator
2024-08-15 19:43:19 +02:00
Robert Hensing
06b18cff20
doc: Edit language/operators
Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
Co-authored-by: Valentin Gagarin <valentin@gagarin.work>
2024-08-15 18:53:42 +02:00
Valentin Gagarin
ce62b766ef
fix link from the readme (#11307) 2024-08-15 15:25:50 +02:00
Robert Hensing
e225b63062 doc: Document function application operator 2024-08-15 13:55:41 +02:00
John Ericson
d8c1550189
Merge pull request #11301 from obsidiansystems/no-make-unittests
No make unittests
2024-08-15 03:21:39 -05:00
John Ericson
b41cc1a755 Make wrapper derivation
This ensures just `nix build`-ing the flake doesn't forget to run all
tests. One can still specifiy specific attributes to just build one
thing.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-14 18:04:38 -04:00
John Ericson
6f3045c2a2 Remove unit tests from old build system
Now that we can run all tests with Meson, we want developers making code
changes to use it.

(Only the manual needs to be built with the build system, and that will
change shortly.)

This reverts commit b0bc2a97bf.
2024-08-14 16:38:00 -04:00
John Ericson
b8a09bd167
Merge pull request #11073 from obsidiansystems/meson-functional-tests
Meson functional tests
2024-08-14 15:33:36 -05:00
John Ericson
34fe2478a2 Build Functional tests with Meson
Co-Authored-By: Qyriad <qyriad@qyriad.me>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-14 15:35:40 -04:00
John Ericson
d434a54b6c
Merge pull request #11241 from bryanhonof/master
Fix a few shellcheck tests
2024-08-14 14:11:31 -05:00
John Ericson
66a6eac379
Merge pull request #11280 from NixOS/contributing-attribution
CONTRIBUTING.md: Add attribution and context rules
2024-08-14 14:09:52 -05:00
John Ericson
982adb151a
Merge pull request #11291 from obsidiansystems/coarse-version
Coarse versions for constituent packages
2024-08-14 12:18:11 -05:00
John Ericson
93f58150c9 Coarse versions for constituent packages
As discussed in our meeting, we should use a simplified version for the
libraries without the date or commit hash. This will make rebuilding a
lot faster in many cases.

Progress on #10379

Co-Authored-By: Robert Hensing <robert@roberthensing.nl>
2024-08-14 12:23:01 -04:00
Bryan Honof
cc9fe4dee7
Fix a few shellcheck tests
Ref nixos/nix#10795
2024-08-14 15:16:06 +02:00
bryango
612fc76020
doc/manual: fix misaligned icons in custom.css (#11296) 2024-08-14 14:27:12 +02:00
Robert Hensing
622c402659
Merge pull request #11292 from tomberek/tomberek.symbolstring
fix: use SymbolStr in constructor
2024-08-13 23:57:59 +02:00
Valentin Gagarin
4956e7c44c
add cross-references to nix-path overriding (#11288)
* add cross-references to `nix-path` overriding

while this information is already present in the settings, it's more
likely to be first accessed through the "lookup path" page, which
currently requires following two links to get to the practically
important bits.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-13 19:22:32 +02:00
John Ericson
3bdfc827a8
Merge pull request #11287 from obsidiansystems/meson-nix-cli-symlinks
Fix Meson installation of the Nix CLI
2024-08-13 09:22:52 -05:00
John Ericson
95fe9f5ba1 Fix Meson installation of the Nix CLI
Co-Authored-By: Qyriad <qyriad@qyriad.me>
2024-08-13 09:22:06 -04:00
Tom Bereknyei
f22bf867eb fix: use SymbolStr in constructor 2024-08-12 22:18:14 -04:00
Jeremy Kolb
d49e14ba4a Take ANSI and tree characters into account 2024-08-12 14:49:52 -04:00
John Ericson
59def6c23b
Merge pull request #11178 from obsidiansystems/better-exe-lookup
Move `NIX_BIN_DIR` and all logic using it to the Nix executable itself
2024-08-12 12:21:56 -05:00
John Ericson
58b03ef1cd Move NIX_BIN_DIR and all logic using it to the Nix executable itself
This is because with the split packages of the Meson build, we simply
have no idea what directory the binaries will be installed in when we
build the library.

In the process of doing so, consolidate and make more sophisticated the
logic to cope with a few corner cases (e.g. `NIX_BIN_DIR` exists, but no
binaries are inside it).

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-12 12:29:17 -04:00
Eelco Dolstra
9f6ee93f48 fetchers::downloadTarball(): Return a cacheable accessor
downloadTarball() is used by `-I foo=<url>` etc. fetchToStore() needs
the accessor to have a fingerprint to enable caching.

Fixes #11271.
2024-08-12 15:48:26 +02:00
Robert Hensing
b64d6aa7b0
CONTRIBUTING.md: Clarify use of cherry-pick on forks 2024-08-11 18:07:19 +02:00
Robert Hensing
bd4e5a375b Refer contributors to the matrix room
We were basically sending contributors into the woods with that page.
2024-08-11 13:16:36 +02:00
Robert Hensing
b0b1938982 Urge contributors to read about contributing 2024-08-11 13:15:58 +02:00
Robert Hensing
f7c86d1a2f CONTRIBUTING.md: Add attribution and context rules
We've recently had an incident where these rules were not followed,
so let's add guidelines to increase the chances of contributors
getting this right.

Relevant discussion:
https://discourse.nixos.org/t/code-attribution-policy/50445/2
2024-08-11 12:47:35 +02:00
Robert Hensing
18485d2d53
Merge pull request #11188 from lf-/jade/kill-int-overflow
Ban integer overflow in the Nix language
2024-08-11 04:24:16 +02:00
Robert Hensing
3cc2e2a0ac
Edit docs 2024-08-11 03:31:44 +02:00
Jeremy Kolb
abbaba9122 Use the window size for the entire length 2024-08-08 14:47:57 -04:00
Andrew Marshall
00f6db36fd libstore: fix port binding in __darwinAllowLocalNetworking sandbox
In d60c3f7f7c, this was changed to close a
hole in the sandbox. Unfortunately, this was too restrictive such that it
made local port binding fail, thus making derivations that needed
`__darwinAllowLocalNetworking` gain nearly nothing, and thus largely
fail (as the primary use for it is to enable port binding).

This unfortunately does mean that a sandboxed build process can, in
coordination with an actor outside the sandbox, escape the sandbox by
binding a port and connecting to it externally to send data. I do not
see a way around this with my experimentation and understanding of the
(quite undocumented) macOS sandbox profile API. Notably it seems not
possible to use the sandbox to do any of:

- Restrict the remote IP of inbound network requests
- Restrict the address being bound to

As such, the `(local ip "*:*")` here appears to be functionally no
different than `(local ip "localhost:*")` (however it *should* be
different than removing the filter entirely, as that would make it also
apply to non-IP networking). Doing `(allow network-inbound (require-all
(local ip "localhost:*") (remote ip "localhost:*")))` causes listening
to fail.

Note that `network-inbound` implies `network-bind`.
2024-08-08 14:31:26 -04:00
John Ericson
cfe66dbec3
Merge pull request #11218 from obsidiansystems/better-executable-path
Factor out `lookupExecutable` and other PATH improvements
2024-08-07 23:21:19 -05:00