Commit graph

17035 commits

Author SHA1 Message Date
Eelco Dolstra
1ee42c5b88 builtin:fetchurl: Ensure a fixed-output derivation
Previously we didn't check that the derivation was fixed-output, so
you could use builtin:fetchurl to impurely fetch a file.
2024-02-01 21:46:01 +01:00
John Ericson
dc439eaf23 Fill in missing markdown link dest 2024-02-01 11:20:19 -05:00
John Ericson
31881d651a Merge remote-tracking branch 'upstream/master' into overlayfs-store 2024-02-01 11:07:47 -05:00
Eelco Dolstra
ef6d055ace
Merge pull request #9896 from hercules-ci/tidy-tidy
Disable a slightly annoying clang-tidy check
2024-02-01 09:02:46 +01:00
Robert Hensing
58c26dd0f0 Add .clang-tidy 2024-02-01 01:01:39 +01:00
Robert Hensing
0f2e9e6bd2 Typo 2024-02-01 01:01:04 +01:00
Robert Hensing
4072a8fea0
Merge pull request #9867 from hercules-ci/issue-912
#912 allow leading period
2024-01-31 19:10:59 +01:00
Robert Hensing
7c9ed1b1a3
Merge pull request #9890 from obsidiansystems/remove-unneeded-toRealPath
Change an `allowPath` call to take a store path again
2024-01-31 18:45:19 +01:00
Robert Hensing
f1b4663805 Disallow store path names that are . or .. (plus opt. -)
As discussed in the maintainer meeting on 2024-01-29.

Mainly this is to avoid a situation where the name is parsed and
treated as a file name, mostly to protect users.
.-* and ..-* are also considered invalid because they might strip
on that separator to remove versions. Doesn't really work, but that's
what we decided, and I won't argue with it, because .-* probably
doesn't seem to have a real world application anyway.
We do still permit a 1-character name that's just "-", which still
poses a similar risk in such a situation. We can't start disallowing
trailing -, because a non-zero number of users will need it and we've
seen how annoying and painful such a change is.

What matters most is preventing a situation where . or .. can be
injected, and to just get this done.
2024-01-31 18:35:19 +01:00
Robert Hensing
8406da2877 test: Generate distinct hashes
Gen::just is the constant generator. Don't just return that!
2024-01-31 18:35:19 +01:00
Robert Hensing
69bbd5852a test: Generate distinct path names
Gen::just is the constant generator. Don't just return that!
2024-01-31 18:35:19 +01:00
Robert Hensing
b13e6a76b4 parseStorePath: Support leading period 2024-01-31 18:35:19 +01:00
John Ericson
caea7dcb7e Change an allowPath call to take a store path again
This looks like a revert of #5844, but is not.

That one was needed because
d90f9d4b99 (diff-0f59bb6f197822ef9f19ceae9624989499d170c84dfdc1f486a8959bb4588cafR85)
changed the type of the argument to `allowPath` from a `StorePath` to a
`Path`. But since
caabc4f648 (diff-0f59bb6f197822ef9f19ceae9624989499d170c84dfdc1f486a8959bb4588cafL100-R92),
it is a `StorePath` again.

I think this is worth changing because we want to be very careful about
`toRealPath` and the evaluator --- ideally the choice of real path does
not affect evaluation at all. So using it fewer times is better.
2024-01-31 11:44:06 -05:00
John Ericson
75ebb90a70
Merge pull request #9884 from edolstra/resolve-symlinks
Resolve symlinks in a few more places
2024-01-30 10:42:54 -05:00
Eelco Dolstra
d661a89398
Merge pull request #9880 from NixOS/dependabot/github_actions/zeebe-io/backport-action-2.4.1
build(deps): bump zeebe-io/backport-action from 2.4.0 to 2.4.1
2024-01-30 15:37:25 +01:00
Eelco Dolstra
b36ff47e7c Resolve symlinks in a few more places
Fixes #9882.
2024-01-30 15:35:31 +01:00
Eelco Dolstra
a7db7b6e44
Merge pull request #9879 from NixOS/bump-2.21.0
Bump version
2024-01-30 10:13:42 +01:00
dependabot[bot]
a3aae7beef
build(deps): bump zeebe-io/backport-action from 2.4.0 to 2.4.1
Bumps [zeebe-io/backport-action](https://github.com/zeebe-io/backport-action) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/zeebe-io/backport-action/releases)
- [Commits](https://github.com/zeebe-io/backport-action/compare/v2.4.0...v2.4.1)

---
updated-dependencies:
- dependency-name: zeebe-io/backport-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-29 22:14:10 +00:00
Eelco Dolstra
2f3fb6c12e Bump version 2024-01-29 22:57:25 +01:00
Eelco Dolstra
9b8e0a7790
Merge pull request #9877 from edolstra/release-notes
Nix 2.20 release notes
2024-01-29 18:29:33 +01:00
Eelco Dolstra
652f334f87 Edit release notes 2024-01-29 17:51:21 +01:00
Eelco Dolstra
9465c8cca1 nix hash convert: Add manpage 2024-01-29 17:51:01 +01:00
Eelco Dolstra
6f86f87043 Fix formatting of hash args 2024-01-29 17:50:25 +01:00
Eelco Dolstra
3089bce41b release notes: 2.20.0 2024-01-29 17:14:17 +01:00
Eelco Dolstra
0070400809 maintainers/release-notes: Include changelog-d
Otherwise it quietly generates an empty rl-<version>.md
2024-01-29 17:13:48 +01:00
Eelco Dolstra
1ef6bbb16d Update release-process.md 2024-01-29 17:12:22 +01:00
Eelco Dolstra
e9c8e859db
Merge pull request #9876 from edolstra/store-settings
Don't include store docs in every manpage
2024-01-29 17:01:24 +01:00
Eelco Dolstra
baff34d728 Don't include store docs in every manpage 2024-01-29 16:30:29 +01:00
Eelco Dolstra
f6719032cf Shut up a gcc warning 2024-01-29 15:22:44 +01:00
Valentin Gagarin
44a0d04483
add missing link (#9869) 2024-01-29 05:56:19 +01:00
Robert Hensing
40254092dd
Merge pull request #9770 from hercules-ci/refactor-rename-derivation-isPure
Refactor rename derivation type `isPure`
2024-01-27 11:24:20 +01:00
Robert Hensing
9ddd0f2af8 Revert "StorePath: reject names starting with '.'"
This reverts commit 24bda0c7b3.
2024-01-27 11:18:03 +01:00
Robert Hensing
6a99c18c30 doc/glossary: Define impure derivation 2024-01-27 11:00:10 +01:00
Robert Hensing
49b25ea85c refactor: Impure derivation type isPure -> isImpure
To quote the method doc:

Non-impure derivations can still behave impurely, to the degree permitted
by the sandbox. Hence why this method isn't `isPure`: impure derivations
are not the negation of pure derivations. Purity can not be ascertained
except by rather heavy tools.
2024-01-27 11:00:10 +01:00
John Ericson
b83a2fb6dd
Merge pull request #9776 from pennae/parser-refactor
Refactor the parser somewhat
2024-01-26 23:56:48 -05:00
John Ericson
365b831e6f
Minor formatting tweaks 2024-01-26 23:11:31 -05:00
John Ericson
4a2444b3f3
Merge pull request #9864 from obsidiansystems/rlim_t-header
Add missing `#include` for `rlim_t`
2024-01-26 22:57:42 -05:00
John Ericson
1aec7771d4 Add missing #include for rlim_t
My local build in the shell was failing while CI was fine; not sure why
that is but having the include here is definitely more correct.

Per the POSIX spec, this is where it is supposed to be gotten
https://pubs.opengroup.org/onlinepubs/009695399/basedefs/sys/resource.h.html
2024-01-26 22:34:31 -05:00
John Ericson
1dc55c0f2f
Merge pull request #9861 from 9999years/colored-diff-in-lang-tests
Color `diff` output in `tests/functional/lang` tests
2024-01-26 22:31:00 -05:00
John Ericson
efb91d5979
Merge pull request #9860 from 9999years/set-stack-darwin
Increase stack size on macOS as well as Linux
2024-01-26 13:35:10 -05:00
Rebecca Turner
772897a1cd
Color diff output in tests/functional/lang tests
Use `diff --color=always` to print colored output for language test
failures. I've also flipped the arguments so that expected lines missing
from the actual output will be marked with a red `-` and additional
lines found in the actual output will be marked with a green `+`.
Previously it was the other way around, which was very confusing.
2024-01-26 10:08:56 -08:00
Rebecca Turner
3a124d1e88
Increase stack size on macOS as well as Linux
The code works fine on macOS, but the default stack size we attempt to
set is larger than what my system will allow (Nix attempts to set the
stack size to 67108864, but the maximum allowed is 67092480), so I've
instead used the requested stack size or the maximum allowed, whichever
is smaller.

I've also added an error message if setting the stack size fails. It
looks like this:

> Failed to increase stack size from 8372224 to 67108864 (maximum
> allowed stack size: 67092480): Invalid argument
2024-01-26 09:40:41 -08:00
Valentin Gagarin
30bdee5c3b
update docs on fetchGit shallow clone behavior (#9704) 2024-01-26 17:26:08 +00:00
Théophane Hufschmitt
8df68a213f
Merge pull request #9849 from 13x1/patch-1
Fix typo in primops.cc (and therefore Nix docs)
2024-01-25 16:11:49 +01:00
Théophane Hufschmitt
5a9513cdba
Merge pull request #9848 from obsidiansystems/default-system-features-static
Make `StoreConfig::getDefaultSystemFeatures` a static method
2024-01-25 16:05:57 +01:00
lexi
08f38a3a40
Fix typo in primops.cc (and therefore Nix docs)
This also fixes the typo in the Nix docs at https://nixos.org/manual/nix/unstable/language/builtins.
2024-01-25 15:30:51 +01:00
John Ericson
a9e10a1dbd Make StoreConfig::getDefaultSystemFeatures a static method
This makes something in Hydra bit simpler. If someday the default
depends on the other config options, we can always change it back.
2024-01-24 21:34:31 -05:00
John Ericson
979b00bce9
Merge pull request #9844 from NixOS/pkg-config-gmock
Link both gmock and gtest, not just gtest
2024-01-24 19:33:54 -05:00
John Ericson
c817305411 Link both gmock and gtest, not just gtest
GMock is not entirely header-only, we're finding.
2024-01-24 10:10:42 -05:00
Robert Hensing
212ba69e6f
Merge pull request #9843 from hercules-ci/test-pr-9626
tests/functional/fetchGit.sh: Test fetchGit/fetchTree error message
2024-01-24 13:55:41 +01:00