Commit graph

17956 commits

Author SHA1 Message Date
Robert Hensing
4c59d6e9f5 Merge branch 'nix-shell-lookup-shell-nix' into more-nix-shell 2024-07-07 00:27:07 +02:00
Robert Hensing
6959ac157b rl-next: Add note about shell.nix lookups 2024-07-07 00:25:56 +02:00
Robert Hensing
6c6d5263e2 Add legacy setting: nix-shell-always-looks-for-shell-nix 2024-07-07 00:25:56 +02:00
Robert Hensing
f5b59fbc64 Fix and extend nix-shell baseDir test 2024-07-07 00:23:22 +02:00
Robert Hensing
d5854f33e2 rl-next: Typo 2024-07-07 00:18:26 +02:00
Robert Hensing
8838f5c746 Merge remote-tracking branch 'matthewbauer/nix-shell-relative-shebang' into more-nix-shell 2024-07-07 00:18:03 +02:00
Robert Hensing
afbe7c3d08 rl-next: Enter PR 2024-07-06 23:15:01 +02:00
John Ericson
41b6c735eb
Merge pull request #11054 from NixOS/meson-fixes
Meson fixes
2024-07-06 17:11:11 -04:00
Robert Hensing
b865625a8e nix-shell: Look for shell.nix when directory is specified 2024-07-06 23:05:34 +02:00
Robert Hensing
a22f8b5276 rl-next: Add note about shell.nix lookups 2024-07-06 23:05:34 +02:00
Robert Hensing
32fb127b9c Add legacy setting: nix-shell-always-looks-for-shell-nix 2024-07-06 23:05:34 +02:00
Romain NEIL
514062c227 feat: configure aws s3 lib to use system defined proxy, if existent 2024-07-06 21:46:58 +02:00
Robert Hensing
76245ffbeb nix-build.cc: Refactor: extract sourcePath, resolvedPath variables 2024-07-06 20:55:27 +02:00
Robert Hensing
e9479b272f nix-build.cc: Refactor: extract baseDir variable 2024-07-06 20:51:45 +02:00
Robert Hensing
5c367ece89 Refactor: rename left -> remainingArgs 2024-07-06 20:03:30 +02:00
Robert Hensing
13181356fc Refactor: rename runEnv -> isNixShell 2024-07-06 20:01:46 +02:00
Robert Hensing
bea54d116e Add resolvePath, filesetToSource indirections for Nixpkgs 2024-07-06 19:49:55 +02:00
Robert Hensing
da4c55995b ci.yml: Build non unit-tested components in meson_build 2024-07-06 19:15:53 +02:00
Robert Hensing
0729f0a113 packaging: Pass version directly 2024-07-06 17:52:57 +02:00
Robert Hensing
efd5f50f5e nix-perl: Add deps, use mkMesonDerivation 2024-07-06 17:52:57 +02:00
Robert Hensing
4c014e238b nix-main: Add openssl 2024-07-06 17:52:57 +02:00
Robert Hensing
4d0c55ae55 api docs: Use mkMesonDerivation 2024-07-06 17:52:57 +02:00
Robert Hensing
b7e5446b81 flake.nix: Remove unused binding 2024-07-06 17:52:57 +02:00
Robert Hensing
896eb7a44b
Merge pull request #11034 from obsidiansystems/meson-nix
Package libnixmain and libnixcmd with Meson
2024-07-06 01:26:59 +02:00
John Ericson
3acf3fc746 Package libnixmain and libnixcmd with Meson
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-05 16:40:55 -04:00
Robert Hensing
0b901e10ee
Merge pull request #11050 from hercules-ci/issue-10677
Explain when `man` is missing
2024-07-05 22:25:38 +02:00
John Ericson
ff9b6d0e1f
Merge pull request #11037 from fricklerhandwerk/document-config-parsing
use self-descriptive name for config file parser, document
2024-07-05 15:21:26 -04:00
Eelco Dolstra
d5461b9009
Merge pull request #11051 from Mic92/fix-prefetch
src/nix/prefetch: fix prefetch containing current directory instead o…
2024-07-05 20:33:05 +02:00
Robert Hensing
ddff76f667
Merge pull request #10973 from NixOS/meson-libexpr
Meson build for libexpr libflake, external C API, unit tests
2024-07-05 20:27:12 +02:00
Jörg Thalheim
05381c0b30
Update src/nix/prefetch.cc
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2024-07-05 19:45:03 +02:00
Jörg Thalheim
8cea1fbd97 src/nix/prefetch: fix prefetch containing current directory instead of tarball
When --unpack was used the nix would add the current directory to the
nix store instead of the content of unpacked.
The reason for this is that std::distance already consumes the iterator.
To fix this we re-instantiate the directory iterator in case the
directory only contains a single entry.
2024-07-05 19:18:49 +02:00
Robert Hensing
6ef00a503a Explain when man is missing
Have you seen this man?

Fixes #10677
2024-07-05 19:18:23 +02:00
Eelco Dolstra
8f280d72ff
Merge pull request #11019 from DeterminateSystems/fix-failed-to-open-archive
Tarball fetcher: Fix handling of cached tarballs
2024-07-05 17:10:02 +02:00
Robert Hensing
a476383f46
Merge pull request #11031 from emilazy/push-xsrvoyspsvqx
libstore: fix sandboxed builds on macOS
2024-07-05 17:08:39 +02:00
Robert Hensing
d63bd8295e assert: Report why values aren't equal 2024-07-05 16:43:48 +02:00
Eelco Dolstra
98bef7c38e
Merge pull request #11035 from siddhantk232/refactor
Factor duplicate code into util function `append`
2024-07-05 16:34:23 +02:00
Eelco Dolstra
61e1880847
Merge pull request #11041 from hercules-ci/trace-nix-env-attribute-names
getDerivations: add attributes to trace
2024-07-05 16:32:27 +02:00
Eelco Dolstra
e1b6b3ce27
Merge pull request #11020 from DeterminateSystems/fix-tarball-caching
Tarball fetcher: Fix fetchToStore() and eval caching
2024-07-05 16:30:12 +02:00
Eelco Dolstra
e7e070d36b Document 2024-07-05 16:29:16 +02:00
Robert Hensing
09763c7cad getDerivations: add attributes to trace
This improves the error message of nix-env -qa, among others, which
is crucial for understanding some ofborg eval error reports, such as
https://gist.github.com/GrahamcOfBorg/89101ca9c2c855d288178f1d3c78efef

After this change, it will report the same trace, but also start with

```
error:
       … while evaluating the attribute 'devShellTools'

       … while evaluating the attribute 'nixos'

       … while evaluating the attribute 'docker-tools-nix-shell'

       … while evaluating the attribute 'aarch64-darwin'

       … from call site
         at /home/user/h/nixpkgs/outpaths.nix:48:6:
           47|   tweak = lib.mapAttrs
           48|     (name: val:
             |      ^
           49|       if name == "recurseForDerivations" then true

<same>
```
2024-07-05 15:30:07 +02:00
John Ericson
e4056b9afd
Apply suggestions from code review
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-04 17:48:27 -04:00
Emily
af2e1142b1 libstore: fix sandboxed builds on macOS
The recent fix for CVE-2024-38531 broke the sandbox on macOS
completely. As it’s not practical to use `chroot(2)` on
macOS, the build takes place in the main filesystem tree, and the
world‐unreadable wrapper directory prevents the build from accessing
its `$TMPDIR` at all.

The macOS sandbox probably shouldn’t be treated as any kind of a
security boundary in its current state, but this specific vulnerability
wasn’t possible to exploit on macOS anyway, as creating `set{u,g}id`
binaries is blocked by sandbox policy.

Locking down the build sandbox further may be a good idea in future,
but it already has significant compatibility issues. For now, restore
the previous status quo on macOS.

Thanks to @alois31 for helping me come to a better understanding of
the vulnerability.

Fixes: 1d3696f0fb
Closes: #11002
2024-07-04 16:28:37 +01:00
Emily
76e4adfaac libstore: clean up the build directory properly
After the fix for CVE-2024-38531, this was only removing the nested
build directory, rather than the top‐level temporary directory.

Fixes: 1d3696f0fb
2024-07-04 16:22:02 +01:00
Valentin Gagarin
c66079f1e8 use self-descriptive name for config file parser, document
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-04 10:36:48 +02:00
siddhantCodes
976c05879f factor duplicate code into util function append 2024-07-04 11:09:23 +05:30
Eelco Dolstra
5b4102c3b2 Tarball fetcher: Include revCount/lastModified in the fingerprint
This can influence the evaluation result so they should be included in
the fingerprint.
2024-07-03 22:05:45 +02:00
John Ericson
509be0e77a
Merge pull request #11022 from obsidiansystems/fix-openbsd-socket-peercred
Use proper struct sockpeercred for SO_PEERCRED for OpenBSD
2024-07-03 11:56:39 -04:00
kn
10ccdb7a41 Use proper struct sockpeercred for SO_PEERCRED for OpenBSD
getsockopt(2) documents this;  ucred is wrong ("cr_" member prefix, no pid).
2024-07-03 11:16:39 -04:00
John Ericson
a09360400b Ident some CPP in nix daemon
Makes it easier for me to read.
2024-07-03 11:15:56 -04:00
Eelco Dolstra
1ff186fc6e nix flake metadata: Show flake fingerprint
This is useful for testing/debugging and maybe for sharing eval caches
(since it tells you what file in ~/.cache/nix/eval-cache-v5 to copy).
2024-07-03 17:00:30 +02:00