John Ericson
52bfccf8d8
No global eval settings in libnixexpr
...
Progress on #5638
There is still a global eval settings, but it pushed down into
`libnixcmd`, which is a lot less bad a place for this sort of thing.
2024-06-24 12:15:16 -04:00
Robert Hensing
5a7ccd6580
tests/functional: Print all args of fail()
2024-06-24 18:11:58 +02:00
Robert Hensing
d4ca634508
tests/functional: Differentiate die and fail
2024-06-24 18:11:10 +02:00
John Ericson
cb0c868da4
Allow loading config files into other config objects
...
This gives us some hope of moving away from global variables.
2024-06-24 12:07:56 -04:00
John Ericson
b46e13840b
Format config-global.{cc,hh}
...
Since the code is factored out, it is no longer avoding the formatter.
2024-06-24 12:07:56 -04:00
Robert Hensing
602c444411
Merge remote-tracking branch 'upstream/master' into functional-tests-on-nixos
2024-06-24 18:07:21 +02:00
John Ericson
1620ad4587
Split out GlobalConfig
into its own header
...
This makes it easier to understand the reach of global variables /
global state in the config system.
2024-06-24 11:36:21 -04:00
Robert Hensing
ce4bcef830
Merge pull request #10745 from obsidiansystems/ca-cleanup
...
Cleanup `ContentAddressMethod` to match docs
2024-06-24 17:25:45 +02:00
John Ericson
b51e161af5
Cleanup ContentAddressMethod
to match docs
...
The old `std::variant` is bad because we aren't adding a new case to
`FileIngestionMethod` so much as we are defining a separate concept ---
store object content addressing rather than file system object content
addressing. As such, it is more correct to just create a fresh
enumeration.
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-06-24 10:24:06 -04:00
John Ericson
64e599ebe1
Rename Recursive
-> NixArchive
...
For enums:
- `FileIngestionMethod`
- `FileSerialisationMethod`
2024-06-24 10:24:06 -04:00
Eelco Dolstra
903acc7c0f
Merge pull request #10873 from siddhantk232/rm-createdirs
...
use `std::filesystem::create_directories` for createDirs
2024-06-24 14:54:37 +02:00
Eelco Dolstra
bc21c54565
Merge pull request #10943 from pineapplehunter/master
...
Accept response from gitlab api with more than one entry in json
2024-06-24 14:23:47 +02:00
Robert Hensing
6f64154eea
Merge pull request #10884 from tomberek/tomberek.warn_structuredAttrs_advanced
...
fix: warn and document when advanced attributes will have no impact d…
2024-06-24 07:56:26 +02:00
John Ericson
927b719bce
Merge pull request #10874 from haenoe/derivation-tests
...
Tests for derivation "advanced attrs"
2024-06-23 22:09:10 -04:00
HaeNoe
7fb14201af
Unit test for derivation "advanced attrs"
...
This tests the parser and JSON format using the DRV files from the tests
added in the previous commit.
Co-Authored-By: John Ericson <John.Ericson@Obsidian.Systems>
2024-06-23 21:42:56 -04:00
HaeNoe
9f9984e4d0
Functional test for derivation "advanced attrs"
...
This tests the Nix language side of things.
We are purposely skipping most of `common.sh` because it is overkill for
this test: we don't want to have an "overfit" test environment.
Co-Authored-By: John Ericson <John.Ericson@Obsidian.Systems>
2024-06-23 21:42:56 -04:00
John Ericson
490ca93cf8
Factor out a bit more language testings infra
...
Will be used in a second test after `lang.sh`.
2024-06-23 15:33:45 -04:00
John Ericson
df068734ac
Merge pull request #10769 from poweredbypie/mingw-spawn
...
Implement runProgram for Windows
2024-06-23 14:12:36 -04:00
Shogo Takata
0468061dd2
accept response from gitlab with more than one entry
2024-06-23 00:52:19 +09:00
Eelco Dolstra
d54590fdf3
Fix --no-sandbox
...
When sandboxing is disabled, we cannot put $TMPDIR underneath an
inaccessible directory.
2024-06-21 17:06:19 +02:00
Eelco Dolstra
58b7b3fd15
Formatting
2024-06-21 17:06:19 +02:00
Eelco Dolstra
ede95b1fc1
Put the chroot inside a directory that isn't group/world-accessible
...
Previously, the .chroot directory had permission 750 or 755 (depending
on the uid-range system feature) and was owned by root/nixbld. This
makes it possible for any nixbld user (if uid-range is disabled) or
any user (if uid-range is enabled) to inspect the contents of the
chroot of an active build and maybe interfere with it (e.g. via /tmp
in the chroot, which has 1777 permission).
To prevent this, the root is now a subdirectory of .chroot, which has
permission 700 and is owned by root/root.
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
d99c868b04
Add a release note for the build-dir hardening
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
1d3696f0fb
Run the builds in a daemon-controled directory
...
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.
This achieves two things:
1. It prevents builders from making their build directory world-readable
(or even writeable), which would allow the outside world to interact
with them.
2. It prevents external processes running as the build user (either
because that somehow leaked, maybe as a consequence of 1., or because
`build-users` isn't in use) from gaining access to the build
directory.
2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
717f3eea39
Add a test for the user sandboxing
2024-06-21 17:06:18 +02:00
Robert Hensing
d9684664c8
Revert "tests/functional/common/init.sh: Use parentheses around negation"
...
ShellCheck doesn't want us to add extra parentheses for show.
This reverts commit 7c9f3eeef8
.
2024-06-20 22:31:32 +02:00
siddhantCodes
85b7989764
fix: handle errors in nix::createDirs
...
the `std::filesystem::create_directories` can fail due to insufficient
permissions. We convert this error into a `SysError` and catch it
wherever required.
2024-06-20 19:53:25 +05:30
siddhantCodes
857e380c7d
Merge branch 'rm-createdirs' of github.com:siddhantk232/nix into rm-createdirs
2024-06-20 18:47:51 +05:30
Robert Hensing
dcee46a0ef
Apply suggestions from code review
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-06-20 14:54:11 +02:00
Robert Hensing
7c9f3eeef8
tests/functional/common/init.sh: Use parentheses around negation
...
roberth: Not strictly necessary, but probably a good habit
Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2024-06-20 14:54:11 +02:00
Robert Hensing
648302b833
tests/functional: Enable more tests in NixOS VM
2024-06-20 14:54:11 +02:00
Robert Hensing
f0abe4d8f0
ci: Build tests.functional_user for PRs
2024-06-20 14:54:11 +02:00
Robert Hensing
fca160fbcd
doc/contributing/testing: Describe functional VM tests and quickBuild
2024-06-20 14:54:11 +02:00
Robert Hensing
d208e9dd9f
tests: Add quickBuild to all VM tests
2024-06-20 14:54:11 +02:00
Robert Hensing
8557d79650
tests/functional: Skip tests that don't work in NixOS environment yet
2024-06-20 14:54:11 +02:00
Robert Hensing
211aec473e
tests/functional/timeout.sh: Find missing test case
...
This reproduces an instance of
https://github.com/NixOS/nix/issues/4813
2024-06-20 14:54:11 +02:00
Robert Hensing
439022c5ac
tests: Add hydraJobs.tests.functional_*
2024-06-20 14:54:11 +02:00
Robert Hensing
dc720f89f2
flake.nix: Factor pkgs.nix_noTests out of buildNoTests
...
This is useful when iterating on the functional tests when trying
to run them in a VM test, for example.
2024-06-20 14:54:10 +02:00
Valentin Gagarin
1c131ec2b7
Port C API docs to Meson ( #10936 )
...
* Port C API docs to Meson
* don't cross-compile the docs
2024-06-19 22:43:54 +02:00
John Ericson
0c6029669d
Merge pull request #10935 from fricklerhandwerk/cli-docs-formatting
...
use separate paragraphs inside list items
2024-06-18 15:24:44 -04:00
John Ericson
613d598daa
Merge pull request #10934 from Artoria2e5/patch-1
...
optimize-store.cc: Update macos exclusion comments
2024-06-18 15:15:45 -04:00
Valentin Gagarin
b975151c09
dedent lists
...
this indentation is unnecessary and probably an artefact from the
migration off XML.
2024-06-18 11:26:09 +02:00
PoweredByPie
8b81d083a7
Remove lookupPathForProgram and implement initial runProgram test
...
Apparently, CreateProcessW already searches path, so manual path search
isn't really necessary.
2024-06-18 01:01:52 -07:00
PoweredByPie
fcb92b4fa4
Fix DWORD vs. int comparison warning
2024-06-17 22:14:38 -07:00
Mingye Wang
ff1fc780d2
optimize-store.cc: Update macos exclusion comments
...
#2230 broadened the scope of macOS hardlink exclusion but did not change the comments. This was a little confusing for me, so I figured the comments should be updated.
2024-06-18 12:05:59 +08:00
PoweredByPie
4f6e3b9402
Implement tests for lookupPathForProgram and fix bugs caught by tests
2024-06-17 18:46:08 -07:00
PoweredByPie
d7537f6955
Implement initial spawn tests (just testing windowsEscape for now)
2024-06-17 14:58:17 -07:00
PoweredByPie
4662e7d856
Implement windowsEscape
2024-06-17 14:57:57 -07:00
John Ericson
daf1b6b23a
Merge pull request #10933 from NixOS/meson-libfetchers
...
Meson for libfetchers
2024-06-17 17:56:11 -04:00
Tom Bereknyei
706edf26eb
build: meson for libfetchers
2024-06-17 17:25:56 -04:00