Commit graph

18133 commits

Author SHA1 Message Date
Qyriad
8ff169715d docs: clarify how the different kinds of installables are selected
Change-Id: I146736bb97ebe035e04be69ce9fb60a557e38c6c
2024-07-31 22:27:58 +02:00
Eelco Dolstra
f136ec5290 Add contributors 2024-07-31 22:16:44 +02:00
Eelco Dolstra
22ad0e653f Edit release notes 2024-07-31 22:14:27 +02:00
John Ericson
733c816d34
Small windows cross fixes (#11230) 2024-07-31 20:04:18 +00:00
Eelco Dolstra
c952d933e5 release notes: 2.24.0 2024-07-31 21:57:31 +02:00
Valentin Gagarin
db5bacb637
reword documentation on nix-path config option (#7772)
* docs: unify documentation on search paths

- put all the information on search path semantics into `builtins.findFile`
- put all the information on determining the value of `builtins.nixPath` into the
  `nix-path` setting

  maybe `builtins.nixPath` is a better place for this, but those bits
  can still be moved around now that it's all next to each other.
- link to the syntax page for lookup paths from all places that are
  concerned with it
- add or clarify examples
- add a test verifying a claim from documentation
2024-07-31 21:41:26 +02:00
Eelco Dolstra
e8b37e9e70
Merge pull request #11220 from NixOS/release-credits
Credit all contributors in release notes
2024-07-31 21:12:03 +02:00
Eelco Dolstra
ed0934b884
Merge pull request #11140 from DeterminateSystems/protocol-features
WorkerProto: Support fine-grained protocol feature negotiation
2024-07-31 17:47:38 +02:00
Eelco Dolstra
69fb2848a5
Merge pull request #11170 from NixOS/release-notes-2.24
Release notes for 2.24
2024-07-31 17:06:49 +02:00
tomberek
4c007bf88f
Merge pull request #11216 from tomberek/tomberek.add_flake_headers
fix: add flake headers
2024-07-30 21:19:14 -04:00
Jade Lovelace
5878b1475f doc: release notes for banning integer overflow
Change-Id: Ib75ab5b8b4d879035d7ee7678f9cd0c491a39c0a
2024-07-30 18:13:05 -07:00
Jade Lovelace
bf050d9e96 docs: update to define integer overflow
Change-Id: Ie8a1b31035f2d27a220e5df2e9e178ec3b39ee68
2024-07-30 18:13:05 -07:00
Jade Lovelace
7b6622d733 language: cleanly ban integer overflows
This also bans various sneaking of negative numbers from the language
into unsuspecting builtins as was exposed while auditing the
consequences of changing the Nix language integer type to a newtype.

It's unlikely that this change comprehensively ensures correctness when
passing integers out of the Nix language and we should probably add a
checked-narrowing function or something similar, but that's out of scope
for the immediate change.

During the development of this I found a few fun facts about the
language:
- You could overflow integers by converting from unsigned JSON values.
- You could overflow unsigned integers by converting negative numbers
  into them when going into Nix config, into fetchTree, and into flake
  inputs.

  The flake inputs and Nix config cannot actually be tested properly
  since they both ban thunks, however, we put in checks anyway because
  it's possible these could somehow be used to do such shenanigans some
  other way.

Note that Lix has banned Nix language integer overflows since the very
first public beta, but threw a SIGILL about them because we run with
-fsanitize=signed-overflow -fsanitize-undefined-trap-on-error in
production builds. Since the Nix language uses signed integers, overflow
was simply undefined behaviour, and since we defined that to trap, it
did.

Trapping on it was a bad UX, but we didn't even entirely notice
that we had done this at all until it was reported as a bug a couple of
months later (which is, to be fair, that flag working as intended), and
it's got enough production time that, aside from code that is IMHO buggy
(and which is, in any case, not in nixpkgs) such as
https://git.lix.systems/lix-project/lix/issues/445, we don't think
anyone doing anything reasonable actually depends on wrapping overflow.

Even for weird use cases such as doing funny bit crimes, it doesn't make
sense IMO to have wrapping behaviour, since two's complement arithmetic
overflow behaviour is so *aggressively* not what you want for *any* kind
of mathematics/algorithms. The Nix language exists for package
management, a domain where bit crimes are already only dubiously in
scope to begin with, and it makes a lot more sense for that domain for
the integers to never lose precision, either by throwing errors if they
would, or by being arbitrary-precision.

Fixes: https://github.com/NixOS/nix/issues/10968
Original-CL: https://gerrit.lix.systems/c/lix/+/1596

Change-Id: I51f253840c4af2ea5422b8a420aa5fafbf8fae75
2024-07-30 18:13:05 -07:00
Jade Lovelace
e28cb67d41 libutil: add checked arithmetic tools
This is in preparation for adding checked arithmetic to the evaluator.

Change-Id: I6e115ce8f5411feda1706624977a4dcd5efd4d13
2024-07-30 18:13:05 -07:00
Jade Lovelace
dd75711895 Use std::strong_ordering for version comparison
The actual motive here is the avoidance of integer overflow if we were
to make these use checked NixInts and retain the subtraction.

However, the actual *intent* of this code is a three-way comparison,
which can be done with operator<=>, so we should just do *that* instead.

Change-Id: I7f9a7da1f3176424b528af6d1b4f1591e4ab26bf
2024-07-30 18:13:05 -07:00
Tom Bereknyei
ef80217448 fix: add flake headers 2024-07-30 13:19:55 -04:00
Robert Hensing
f011cfd28d maintainers/release-*: Add mode line
This lets various tools figure out the language more easily.
2024-07-30 17:54:37 +02:00
Corbin Simpson
ee86e7f361
doc/command-ref/nix-shell: Shebangs can occur anywhere (#11202)
Co-authored-by: Valentin Gagarin <valentin@gagarin.work>
2024-07-30 12:51:47 +00:00
Eelco Dolstra
c77b671a66
Merge pull request #11221 from pinotree/hurd-fixes
Some fixes for GNU/Hurd
2024-07-30 13:59:19 +02:00
Pino Toscano
a1ccf60613 tests: define fallback PATH_MAX
Few filesystem-related tests rely on PATH_MAX for buffers, and PATH_MAX
is optional in POSIX (and not available on the Hurd). To make them build
and pass, provide a fallback definition of PATH_MAX in case not
available.

Ideally speaking, the tests ought to not unconditionally rely on
PATH_MAX, do alternative strategies (e.g. dynamically allocate buffers,
expand them as needed, etc); OTOH this is test code, so it would be more
work that what it would be worth, so IMHO the define fallback is good
enough.
2024-07-30 05:34:34 +02:00
Pino Toscano
7442f4a161 libutil: use /proc/self/exe on Hurd as well
Rely on the Linux-compatible procfs available on the Hurd to get the
path of the current executable.
2024-07-30 05:31:42 +02:00
Pino Toscano
d7f46cf28e makefiles: recognize GNU/Hurd
Set HOST_HURD & HOST_UNIX for GNU/Hurd in the makefile-based build
system; the latter variable is important as it will include all the
commit Unix bits.
2024-07-30 05:29:32 +02:00
John Ericson
2b78561335
Merge pull request #11219 from obsidiansystems/better-warning-solution
Make sure we use `-isystem` with Meson on some deps
2024-07-29 17:57:36 -05:00
Robert Hensing
850e4779d6 release-credits: Remove bots 2024-07-30 00:15:49 +02:00
Robert Hensing
f380becffa Credit all contributors in release notes 2024-07-29 23:58:38 +02:00
John Ericson
12717325cc Make sure we use -isystem with Meson on some deps
Otherwise we get warnings on external code.
2024-07-29 13:06:26 -04:00
Eelco Dolstra
0b96c586e0
Merge pull request #11195 from DeterminateSystems/tarball-roots
Improve handling of tarballs that don't consist of a single top-level directory
2024-07-29 16:58:59 +02:00
Eelco Dolstra
84243027ec
Merge pull request #11127 from NixOS/issue-10635-c-api-error-enum
C API: Make nix_err an enum
2024-07-29 16:00:58 +02:00
Eelco Dolstra
f9d55b4d51
Merge pull request #11191 from DeterminateSystems/hash-symbol
Use std::unordered_map for ValueMap
2024-07-29 15:30:37 +02:00
Eelco Dolstra
a3171cec54
Update src/libfetchers/git-utils.hh
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-29 15:12:01 +02:00
Eelco Dolstra
e8bf2e74a5 Add release note 2024-07-29 15:09:06 +02:00
Eelco Dolstra
71865dee2d Fix fetchTarball docs 2024-07-29 15:04:55 +02:00
Robert Hensing
6e3bba5e26
Merge pull request #11171 from DeterminateSystems/speed-up-tarball-downloads
Increase download buffer size and improve tarball import logging
2024-07-29 15:02:35 +02:00
Eelco Dolstra
7c18b4d060 Don't dereference top-level regular files
Since this yielded an empty directory as far back as Nix 2.3, we don't
really need special handling for executables vs non-executables.
2024-07-29 14:34:02 +02:00
Eelco Dolstra
e0012b97ab Split tarball-specific logic from GitFileSystemObjectSink 2024-07-29 14:26:25 +02:00
Eelco Dolstra
3c0963487e
Merge pull request #11196 from NixOS/rename-lock-read
Rename SyncBase::read() -> readLock()
2024-07-29 14:10:46 +02:00
Eelco Dolstra
836d24d6e8
Merge pull request #11209 from pinotree/libutil-current-process-includes
libutil: fix/improve includes in current-process.cc
2024-07-29 14:01:02 +02:00
Eelco Dolstra
9e2bed7827
Merge pull request #11206 from tie/getxattr-enotsup
libstore: return ENOTSUP for getxattr functions
2024-07-29 14:00:36 +02:00
Eelco Dolstra
3faa77bb82
Merge pull request #11200 from NixOS/buildNoTests-no-unit-tests
buildNoTests: Disable unit tests
2024-07-29 13:57:23 +02:00
Eelco Dolstra
673f2dcadb
Merge pull request #11203 from pinotree/libutil-ctor-remove-template-id
libutil: remove template id from constructors
2024-07-29 13:56:55 +02:00
Pino Toscano
c34077578e libutil: fix/improve includes in current-process.cc
- move <sys/resource.h> from a __linux__ block to a !_WIN32 block: this
  matches what the actual code does, using getrlimit() & setrlimit() in
  !_WIN32 blocks
- drop <sys/mount.h>, which is not portable, and it is not used
2024-07-28 17:33:24 +02:00
Pino Toscano
96e06b2b06 libutil: remove template id from constructors
This is not allowed in C++20, and GCC 14 warns about it:

../src/libutil/ref.hh:26:20: warning: template-id not allowed for constructor in C++20 [-Wtemplate-id-cdtor]
   26 |     explicit ref<T>(const std::shared_ptr<T> & p)
      |                    ^
../src/libutil/ref.hh:26:20: note: remove the '< >'
../src/libutil/ref.hh:33:21: warning: template-id not allowed for constructor in C++20 [-Wtemplate-id-cdtor]
   33 |     explicit ref<T>(T * p)
      |                     ^
../src/libutil/ref.hh:33:21: note: remove the '< >'
2024-07-28 16:35:09 +02:00
Robert Hensing
0e151bcbf0
Merge pull request #11204 from pinotree/libcmd-editline-helpers
libcmd: do not compile editline helpers when building w/ readline
2024-07-28 16:10:32 +02:00
Valentin Gagarin
933f2c086a
docs: fix link to building instructions (#11207) 2024-07-28 13:34:48 +00:00
Ivan Trubach
1b47748e5a libstore: return ENOTSUP for getxattr functions
This change updates the seccomp profile to return ENOTSUP for getxattr
functions family. This reflects the behavior of filesystems that don’t
support extended attributes (or have an option to disable them), e.g.
ext2.

The current behavior is confusing for some programs because we can read
extended attributes, but only get to know that they are not supported
when setting them. In addition to that, ACLs on Linux are implemented
via extended attributes internally and if we don’t return ENOTSUP, acl
library converts file mode to ACL.
https://git.savannah.nongnu.org/cgit/acl.git/tree/libacl/acl_get_file.c?id=d9bb1759d4dad2f28a6dcc8c1742ff75d16dd10d#n69
2024-07-28 13:28:52 +03:00
Pino Toscano
e0198c513a libcmd: do not compile editline helpers when building w/ readline
The internal "completionCallback" and "listPossibleCallback" helpers
are used only when building with editline; hence, do not build then
when using readline, matching their usage in
"ReadlineLikeInteracter::init()".
2024-07-28 11:40:16 +02:00
Robert Hensing
aa2b1d10e2
Update doc/manual/rl-next/10734-nix3-build-show-all-fod-errors-with-keep-going.md 2024-07-27 14:58:57 +02:00
Robert Hensing
9f1e73ed37
Merge pull request #11199 from NixOS/troubleshoot-remote-build-tests
Troubleshoot remote build tests
2024-07-27 14:25:10 +02:00
Robert Hensing
cc5b8cdc85 buildNoTests: Disable unit tests
This seems to have been the intent all along.

The odd combination of unit tests, but no functional tests caused a
build error where some data for the unit test was source-filtered out.
Apparently. It's unclear to me why that happened, so I'm proposing this
alternate "fix" to get the buildNoTests to pass.

It would be nice to test more configurations, but this mode of building
is on the way out anyway, so let's just make it pass and see what
configurations make sense to test as part of the meson migration.
2024-07-27 13:42:03 +02:00
Robert Hensing
7c5a0b06a4 tests/nixos/remote-builds: Wait for multi-user
This should make the test more robust, considering the strange hang
in https://hydra.nixos.org/build/267517233/nixlog/8

`builder` seems to have reached `multi-user.target` before the
SSH connection was established, but this seems to be coincidental.
This does tell us that enforcing this has a minimal cost in terms
of runtime.

Waiting for `multi-user.target` on the client is honestly paranoid,
but flaky tests are very bad for productivity.
2024-07-27 13:08:30 +02:00