Eelco Dolstra
ba9b6b29b7
Merge pull request #10111 from obsidiansystems/git-objects
...
Support symlinks properly with `git-hashing` experimental feature
2024-03-01 15:00:43 +01:00
Eelco Dolstra
8ce1f6800b
Add --arg-from-stdin to read an argument from stdin
2024-03-01 14:39:42 +01:00
Eelco Dolstra
291b10c607
Add --arg-from-file for reading a string from a file
2024-03-01 14:35:27 +01:00
Eelco Dolstra
d72ee91d07
Clean up --arg processing
2024-03-01 14:14:14 +01:00
Théophane Hufschmitt
cd9baa1809
Add release notes
2024-03-01 09:39:50 +01:00
Théophane Hufschmitt
65b79c52c6
Fix a typo in a test comment
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-03-01 09:31:28 +01:00
Théophane Hufschmitt
c3878f510e
Copy the output of fixed-output derivations before registering them
...
It is possible to exfiltrate a file descriptor out of the build sandbox
of FODs, and use it to modify the store path after it has been
registered.
To avoid that issue, don't register the output of the build, but a copy
of it (that will be free of any leaked file descriptor).
2024-03-01 09:31:28 +01:00
Théophane Hufschmitt
a55c6a0f47
Add a NixOS test for the sandbox escape
...
Test that we can't leverage abstract unix domain sockets to leak file
descriptors out of the sandbox and modify the path after it has been
registered.
2024-03-01 09:31:28 +01:00
John Ericson
5a2985431c
Revert "Revert "Merge pull request #9546 from NixOS/nixos-23.11""
...
This reverts commit d6d7d2cb46
.
2024-02-29 14:52:31 -05:00
John Ericson
d6d7d2cb46
Revert "Merge pull request #9546 from NixOS/nixos-23.11"
...
This reverts commit 587c7dcb2b
, reversing
changes made to 864fc85fc8
.
2024-02-29 14:39:29 -05:00
John Ericson
bcd6b33dbc
Polish local overlay store docs
2024-02-29 11:58:53 -05:00
John Ericson
9b506ff0c1
Activate hermetic.nix
variation only for new layered store tests
2024-02-29 10:06:53 -05:00
Théophane Hufschmitt
bf48501194
Merge pull request #10112 from edolstra/fix-gcc12-warnings
...
Fix gcc 12 warnings
2024-02-29 15:55:59 +01:00
John Ericson
cb4f85f11c
Merge branch 'master' into overlayfs-store
2024-02-29 09:54:21 -05:00
Eelco Dolstra
b1586a6799
Merge pull request #10090 from bobvanderlinden/profile-error-install-twice
...
profile install: warn on installing package twice
2024-02-29 10:04:08 +01:00
Bob van der Linden
14adff1711
profile install: skip and warn on installing package twice
2024-02-29 08:29:38 +01:00
tomberek
ffe67c86a8
Merge pull request #9915 from 9999years/evaluating-attribute-position
...
Add position information to `while evaluating the attribute` errors in the debugger
2024-02-28 18:11:07 -05:00
Eelco Dolstra
65bb12ba78
Fix gcc 12 warnings
2024-02-28 22:59:20 +01:00
Théophane Hufschmitt
90ec015d61
Merge pull request #10070 from ramboman/fix-proxy-installer
...
`install-multi-user.sh`: `_sudo`: add proxy variables to sudo
2024-02-28 22:00:15 +01:00
Jade Lovelace
f6158ea53b
finally.hh: include works by itself; mark as nodiscard
2024-02-28 11:40:32 -08:00
Robert Hensing
bd21b4b134
Merge pull request #10110 from hercules-ci/bump-actions-docker
...
actions docker_push_image: Update nix 2.13.3 -> 2.20.3
2024-02-28 20:27:54 +01:00
Robert Hensing
4d769e7a76
actions docker_push_image: Update nix 2.13.3 -> 2.20.3
2024-02-28 19:54:17 +01:00
John Ericson
bcb5f235f9
Support symlinks properly with git-hashing
experimental feature
...
Before, they would not be written to a file `FileSystemObjectSink`
correctly.
2024-02-28 12:24:45 -05:00
Robert Hensing
587c7dcb2b
Merge pull request #9546 from NixOS/nixos-23.11
...
Update to nixos-23.11
2024-02-28 17:51:16 +01:00
Théophane Hufschmitt
864fc85fc8
Merge pull request #10010 from 9999years/fix-9941
...
Fix "Failed tcsetattr(TCSADRAIN)" when `nix repl` is not a TTY
2024-02-28 14:25:58 +01:00
Théophane Hufschmitt
f6142cd0d1
unset NIX_HARDENING_ENABLE
in fast build mode
...
`NIX_HARDENING_ENABLE` causes `_FORTIFY_SOURCE` to be defined.
This isn't compatible with `-O0`, and the compiler will happily remind
us about it at every call, spamming the terminal with warnings and stack
traces.
We don't really care hardening in that case, so just disable it if we
pass `OPTIMIZE=0`.
2024-02-28 08:07:51 +01:00
Théophane Hufschmitt
da90be789d
Fix a too smart implicit cast
...
Apparently gcc is able to implicitly cast from `FileIngestionMethod` to
`ContentAddressMethod`, but clang isn't. So explicit the cast
2024-02-28 08:00:17 +01:00
Théophane Hufschmitt
6147d27afb
Bump the required daemon version for the git hashing tests
...
The required version check was a bit too lenient, and
`nixpkgs#nixUnstable` was considered valid while it didn't have the fix.
2024-02-28 07:11:22 +01:00
Robert Hensing
8dc4b41c7f
flake.lock: Strip out treeHash. Too soon...
...
I hate this.
We should have it, but for now we can't.
2024-02-28 07:08:21 +01:00
Robert Hensing
945940f2ef
nixpkgs: nixos-23.11-small -> release-23.11
...
Flake lock file updates:
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/4dd376f7943c64b522224a548d9cab5627b4d9d6' (2024-02-26)
→ 'github:NixOS/nixpkgs/b550fe4b4776908ac2a861124307045f8e717c8e' (2024-02-28)
2024-02-28 07:08:21 +01:00
Théophane Hufschmitt
cf3ef060ff
Disable the “static” darwin stdenvs
...
Don't evaluate, and probably not really useful (if at all)
2024-02-28 07:08:21 +01:00
Théophane Hufschmitt
a0cb75d96f
Disable bear on all the things with darwin as hostPlatform
...
Just `stdenv.isDarwin` isn't enough because it doesn't apply to the
build platform, which mean that cross packages building from darwin to
another platform will have `isDarwin` set to false.
Replace it by `stdenv.buildPlatform.isDarwin`.
2024-02-28 07:08:21 +01:00
Théophane Hufschmitt
bbef03872b
Bump the required daemon version for the impure-env test
...
The required version check was a bit too lenient, and
`nixpkgs#nixUnstable` was considered valid while it didn't have the fix.
2024-02-28 07:08:21 +01:00
Théophane Hufschmitt
44f10f000a
flake: Update to NixOS 23.11
...
About time :)
This required disabling `bear` on darwin as it's currently broken (fixed
on master, but not yet on 23.11).
2024-02-28 07:08:21 +01:00
John Ericson
f489a6e42d
Merge pull request #8918 from obsidiansystems/git-objects
...
Git object hashing in libstore
2024-02-27 19:02:22 -05:00
John Ericson
d4ad1fcf30
Avoid creating temporary store object for git over the wire
...
Instead, serialize as NAR and send that over, then rehash sever side.
This is alorithmically simpler, but comes at the cost of a newer
parameter to `Store::addToStoreFromDump`.
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2024-02-27 11:27:34 -05:00
John Ericson
201551c937
Add Git object hashing to the store layer
...
Part of RFC 133
Extracted from our old IPFS branches.
Co-Authored-By: Matthew Bauer <mjbauer95@gmail.com>
Co-Authored-By: Carlo Nucera <carlo.nucera@protonmail.com>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
Co-authored-by: Florian Klink <flokli@flokli.de>
2024-02-27 11:27:34 -05:00
John Ericson
04836c73e5
Merge nativeCheckInputs
into nativeBuildInputs
...
They were getting skipped for the test-against checks.
2024-02-27 11:27:34 -05:00
Eelco Dolstra
c3e9e3d0c3
Merge pull request #9767 from obsidiansystems/canon-path-split
...
Support Windows paths in `canonPath` and `absPath`
2024-02-27 17:12:29 +01:00
John Ericson
354ba27296
Merge pull request #10093 from NixOS/revert-10084-remove-dead-git-code
...
Revert "Remove dead Git code"
2024-02-27 09:54:25 -05:00
Eelco Dolstra
5b0d78ec73
Merge pull request #10091 from bobvanderlinden/default-package-name
...
Fix extraction of name for defaultPackage URLs
2024-02-27 15:14:20 +01:00
Bob van der Linden
e5d9130a5b
Fix extraction of name for defaultPackage URLs
2024-02-27 07:53:05 +01:00
Théophane Hufschmitt
be0052b45f
Revert "Remove dead Git code"
2024-02-27 06:39:30 +01:00
Bob van der Linden
d28a240aa6
profile: extract getNameFromElement
2024-02-26 21:07:18 +01:00
Robert Hensing
4c7f0ef6ca
Merge pull request #9847 from pennae/inherit-from-dedup
...
deduplicate inherit-from source expr work
2024-02-26 20:25:58 +01:00
Théophane Hufschmitt
c10025d8ca
Merge pull request #10084 from tweag/remove-dead-git-code
...
Remove dead Git code
2024-02-26 19:49:14 +01:00
pennae
f24e445bc0
add doc comment justifying ExprInheritFrom
...
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-02-26 19:07:08 +01:00
pennae
1cd87b7042
remove ExprAttrs::AttrDef::inherited
...
it's no longer widely used and has a rather confusing meaning now that
inherit-from is handled very differently.
2024-02-26 19:07:08 +01:00
pennae
cefd0302b5
evaluate inherit (from) exprs only once per directive
...
desugaring inherit-from to syntactic duplication of the source expr also
duplicates side effects of the source expr (such as trace calls) and
expensive computations (such as derivationStrict).
2024-02-26 19:07:08 +01:00
Eelco Dolstra
598deb2b23
Use SourcePath for reading flake.{nix,lock}
...
Flakes still reside in the Nix store (so there shouldn't be any change
in behaviour), but they are now accessed via the rootFS
accessor. Since rootFS implements access checks, we no longer have to
worry about flake.{nix,lock} or their parents being symlinks that
escape from the flake.
Extracted from the lazy-trees branch.
2024-02-26 15:14:18 +01:00