John Ericson
a83694c7a1
Use RemoteStore
to open connection for proxying daemon
...
Removes duplicate websocket opening code, and also means we should be
able to to ssh-ssh-... daemon relays, not just uds-uds-... ones.
2020-08-19 19:34:47 +00:00
Eelco Dolstra
b4ef3d7078
Revert "Add a separate manual job"
...
This reverts commit 5e3ad1dde0
. Manual
generation now depends on the 'nix' command.
2020-08-19 21:00:57 +02:00
Eelco Dolstra
c3e20d8c28
Consistency
2020-08-19 18:30:17 +02:00
Eelco Dolstra
c8fa39324a
Generate the nix.conf docs from the source code
...
This means we don't have two (divergent) sets of option descriptions
anymore.
2020-08-19 18:28:04 +02:00
John Ericson
d5af5763cf
Merge branch 'master' of github.com:NixOS/nix into remove-storetype-delegate-regStore
2020-08-19 15:54:50 +00:00
Eelco Dolstra
34b22e0123
Change option descriptions to Markdown
2020-08-19 14:21:27 +02:00
Eelco Dolstra
8a97b11374
Improve margins between sections
...
The default CSS puts almost no space between sections, but a lot of
space between subsections. This flips that around.
2020-08-19 12:31:18 +02:00
John Ericson
be0d429b95
Merge branch 'master' of github.com:NixOS/nix into templated-daemon-protocol
2020-08-19 03:17:41 +00:00
John Ericson
950ddfdb82
Merge remote-tracking branch 'upstream/master' into derivation-header-include-order
2020-08-18 14:36:44 +00:00
John Ericson
c08514c589
Merge remote-tracking branch 'upstream/master' into trustless-remote-builder-simple
2020-08-18 14:28:48 +00:00
Eelco Dolstra
1c8b550e34
Merge pull request #3917 from obsidiansystems/output-env-var-unconditional
...
Simplify code as output env vars are unconditional
2020-08-18 16:21:17 +02:00
Eelco Dolstra
0c9365c6ba
Merge pull request #3940 from obsidiansystems/fixed-output-remote-builder-test
...
Add commented-out test for remote building with fixed output derivations
2020-08-18 16:12:35 +02:00
Eelco Dolstra
dfeb76dbf9
Merge pull request #3930 from obsidiansystems/legacy-ssh-build-paths
...
Define `LegacySSHStore::buildPaths` using `cmdBuildPaths`
2020-08-18 16:07:40 +02:00
John Ericson
7c4f383b37
Merge branch 'fixed-output-remote-builder-test' of github.com:obsidiansystems/nix into trustless-remote-builder-simple
2020-08-18 13:56:00 +00:00
Eelco Dolstra
069340179e
Improve nix.1 manpage generator
2020-08-18 15:15:35 +02:00
Carlo Nucera
07975979aa
Comment out fixed content address test
2020-08-17 15:04:54 -04:00
John Ericson
36758a1a09
But back check.sh
...
Whether it fails or not, it is no a new test so we have to leave it.
2020-08-17 18:01:38 +00:00
Eelco Dolstra
6f19c776db
Start generation of the nix.1 manpage
2020-08-17 19:33:18 +02:00
Carlo Nucera
1bf31bad5f
Disable failing tests
2020-08-17 13:15:08 -04:00
Eelco Dolstra
a72a20d68f
Add 'nix dump-args' to dump all commands/flags for manpage generation
2020-08-17 17:44:52 +02:00
John Ericson
66321463e1
Merge remote-tracking branch 'upstream/master' into trustless-remote-builder-simple
2020-08-17 13:07:28 +00:00
Eelco Dolstra
7cdc739ece
Merge remote-tracking branch 'origin/master' into markdown
2020-08-17 13:43:39 +02:00
Eelco Dolstra
e849b19872
Merge pull request #3932 from chkno/no-show-signature
...
Don't try to parse signature check as commit timestamp
2020-08-17 11:00:24 +02:00
Eelco Dolstra
847a5392f4
Merge branch 'ca-no-need-trust' of https://github.com/obsidiansystems/nix
2020-08-17 10:57:02 +02:00
Eelco Dolstra
3c619f6290
Merge branch 'test-RemoteStore-buildDerivation' of https://github.com/obsidiansystems/nix
2020-08-17 10:53:18 +02:00
John Ericson
767e0b7726
Merge branch 'fixed-output-remote-builder-test' into trustless-remote-builder-simple
2020-08-16 18:54:12 +00:00
John Ericson
dbf96e10ec
Test remote building with fixed output derivations
2020-08-16 17:38:12 +00:00
John Ericson
9dd28a65c8
Merge remote-tracking branch 'upstream/master' into trustless-remote-builder-simple
2020-08-16 16:05:54 +00:00
John Ericson
6f7ac5e865
Remove extra closing paren
2020-08-14 21:59:31 +00:00
John Ericson
f899a7c6d7
Work around clang bug
2020-08-14 18:51:31 +00:00
John Ericson
3c8b5b6219
Merge remote-tracking branch 'upstream/master' into single-ca-drv-build
2020-08-14 17:00:13 +00:00
John Ericson
4b571ea321
Update src/libstore/daemon.cc
...
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2020-08-14 11:52:37 -04:00
Eelco Dolstra
13e49be660
Merge pull request #3875 from obsidiansystems/new-interface-for-path-pathOpt
...
Offer a safer interface for path and pathOpt
2020-08-14 17:19:19 +02:00
Eelco Dolstra
7714d9a943
Merge pull request #3924 from obsidiansystems/features-per-store
...
Make `system-features` a store setting
2020-08-14 17:13:07 +02:00
Eelco Dolstra
9b9d5297ba
Merge pull request #3909 from matthewbauer/readd-hashed-mirrors
...
Add hashed-mirrors back
2020-08-14 17:05:47 +02:00
Eelco Dolstra
d81f13f7cb
Merge pull request #3899 from obsidiansystems/make-narHash-not-optional
...
Make narHash in ValidPathInfo not optional
2020-08-14 17:00:18 +02:00
John Ericson
cbc4344297
Trustless remote building
...
Co-authored-by: Matthew Bauer <mjbauer95@gmail.com>
2020-08-14 04:53:58 +00:00
Chuck
ed026f7206
Don't try to parse signature check as commit timestamp
...
When the log.showSignature git setting is enabled, the output of
"git log" contains signature verification information in addition to the
timestamp GitInputScheme::fetch wants:
$ git log -1 --format=%ct
gpg: Signature made Sat 07 Sep 2019 02:02:03 PM PDT
gpg: using RSA key 0123456789ABCDEF0123456789ABCDEF01234567
gpg: issuer "user@example.com"
gpg: Good signature from "User <user@example.com>" [ultimate] 1567890123
1567890123
For folks that had log.showSignature set, this caused all nix operations
on flakes to fail:
$ nix build
error: stoull
2020-08-13 17:44:42 -07:00
John Ericson
53f92c779a
Merge branch 'legacy-ssh-build-paths' of github.com:obsidiansystems/nix into HEAD
2020-08-13 21:40:59 +00:00
John Ericson
e1308b1211
Define LegacySSHStore::buildPaths
using cmdBuildPaths
...
Evidentally this was never implemented because Nix switched to using
`buildDerivation` exclusively before `build-remote.pl` was rewritten.
The `nix-copy-ssh` test (already) tests this.
2020-08-13 21:27:55 +00:00
John Ericson
5ccd94501d
Allow trustless building of CA derivations
...
Include a long comment explaining the policy. Perhaps this can be moved
to the manual at some point in the future.
Also bump the daemon protocol minor version, so clients can tell whether
`wopBuildDerivation` supports trustless CA derivation building. I hope
to take advantage of this in a follow-up PR to support trustless remote
building with the minimal sending of derivation closures.
2020-08-13 18:15:57 +00:00
Eelco Dolstra
e11bbfb0ab
Merge pull request #3928 from obsidiansystems/more-tee
...
Use `TeeSink` and `TeeSouce` in a few more places
2020-08-13 17:19:50 +02:00
John Ericson
85aacbee64
Use TeeSink
and TeeSouce
in a few more places
2020-08-13 14:51:17 +00:00
Eelco Dolstra
859cd4acea
Merge pull request #3923 from obsidiansystems/daemon-auth-cleanup
...
Separate auth and logic for the daemon
2020-08-13 11:01:53 +02:00
John Ericson
d2f2be0f70
Test RemoteStore::buildDerivation
...
Fix `wopNarFromPath` which needed a `toRealPath`.
2020-08-13 04:07:14 +00:00
John Ericson
5d67f18c86
Merge branch 'daemon-auth-cleanup' of github.com:obsidiansystems/nix into HEAD
2020-08-12 18:22:31 +00:00
John Ericson
4720853129
Make system-features
a store setting
...
This seems more correct. It also means one can specify the features a
store should support with --store and remote-store=..., which is useful.
I use this to clean up the build remotes test.
2020-08-12 18:13:00 +00:00
John Ericson
8d4162ff9e
Separate auth and logic for the daemon
...
Before, processConnection wanted to know a user name and user id, and
`nix-daemon --stdio`, when it isn't proxying to an underlying daemon,
would just assume "root" and 0. But `nix-daemon --stdio` (no proxying)
shouldn't make guesses about who holds the other end of its standard
streams.
Now processConnection takes an "auth hook", so `nix-daemon` can provide
the appropriate policy and daemon.cc doesn't need to know or care what
it is.
2020-08-12 15:22:33 +00:00
John Ericson
5f80aea795
Break out lambda so output can be matched just once
...
This is much better.
2020-08-12 02:23:31 +00:00
John Ericson
18834f7764
Recheck path validity after acquiring lock
...
It might have changed, and in any event this is how the cod used to work
so let's just keep it.
2020-08-11 23:44:02 +00:00