max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-15 02:36:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
18558 commits 7 branches 0 tags 64 MiB
Commit graph

18558 commits

This branch
This branch
All branches
Author SHA1 Message Date
Robert Hensing
f733553061 packaging: Add darwin -lsandbox in meson 2024-10-22 15:30:03 +02:00
Puck Meerburg
d2c880b03f fix: Run all derivation builders inside the sandbox on macOS 2024-10-22 15:30:03 +02:00
Robert Hensing
766263d53a Fix meson build on darwin 
std::stringbuf is defined in <sstream>
 2024-10-22 15:30:03 +02:00
Eelco Dolstra
eaae19403d
Merge pull request #11706 from ivan-tkatchev/fix-11704 
nix shell/run: Use overlayfs
 2024-10-22 14:17:28 +02:00
Eelco Dolstra
c2cf01a21e
Merge pull request #11713 from Mic92/env-vars 
fix env-vars beeing written to `/tmp`
 2024-10-22 14:12:36 +02:00
Robert Hensing
0941a3a8ac
Merge pull request #11727 from Mic92/doxygen 
make doxygen build more silent
 2024-10-22 12:56:32 +02:00
Jörg Thalheim
2105574702 fix env-vars beeing written to /tmp 
This overall seems like insecure tmp file handling to me. Because other
users could replace files in /tmp with a symlink and make the nix-shell
override other files.

fixes https://github.com/NixOS/nix/issues/11470
 2024-10-22 08:21:18 +00:00
Jörg Thalheim
48a7ac23bc make doxygen build more silent 
The buildoutput of doxygen often hides important build warnings and
errors behind a wall of text.
 2024-10-22 09:53:49 +02:00
tomberek
1ed166315c
Merge pull request #11717 from llakala/patch-1 
docs: clarify syntax for escaping dollar curlies
 2024-10-21 08:34:39 -04:00
tomberek
63e6672251
Merge pull request #11723 from roberth/doc-tryEval 
doc: Explain why tryEval does not return the message
 2024-10-21 08:33:07 -04:00
Jörg Thalheim
b93b910fec
Merge pull request #11718 from xokdvium/dev/move-create-directory-out-of-assert 
fix(nix/eval.cc): move call to `fs::create_directory` out of `assert`
 2024-10-21 14:22:40 +02:00
Robert Hensing
90d257b771 doc: Explain why tryEval does not return the message 2024-10-20 19:31:16 +02:00
Sergei Zimmerman
8277b50b6f fix(nix/eval.cc): move call to fs::create_directory out of assert 
If the call is inside the assertion, then in non-assert builds
the call would be stripped out. This is highly unexpected.
 2024-10-19 00:40:14 +03:00
Eman Resu
defff01a51
docs: clarify syntax for escaping dollar curlies 2024-10-18 13:26:38 -04:00
John Ericson
694c378d14
Merge pull request #11708 from obsidiansystems/move-tests 
Move unit tests to the location Meson expects them to be
 2024-10-17 16:15:34 -04:00
John Ericson
e65510da56 Move unit tests to the location Meson expects them to be 
Everything that is a separate subproject should live in the subprojects
directory.

Progress on #2503

This reverts commit 451f8a8c19.
 2024-10-17 15:42:16 -04:00
Eelco Dolstra
1cd48008f0
Merge pull request #11710 from NixOS/doc-onboarding 
maintainers/onboarding: Start documenting
 2024-10-17 11:06:23 +02:00
Eelco Dolstra
2e2c7f3b14
Merge pull request #11709 from DeterminateSystems/remove-team-list 
maintainers/README.md: Remove the list of team members
 2024-10-17 11:05:55 +02:00
Robert Hensing
c196011d23 maintainers/onboarding: Start documenting 2024-10-16 22:06:28 +02:00
Eelco Dolstra
7bd0c70b37 maintainers/README.md: Remove the list of team members 
Let's have one canonical location for the team membership.
 2024-10-16 22:03:44 +02:00
Robert Hensing
f51974d698
Merge pull request #11665 from roberth/fix-Interrupted-falling-out-of-thread 
Fix `Interrupted` falling out of thread crash
 2024-10-16 20:09:29 +02:00
Robert Hensing
ed184f0b61
Typo 
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
 2024-10-16 19:40:45 +02:00
Eelco Dolstra
facc502bc8
Merge pull request #11695 from DeterminateSystems/override-lastModified 
path fetcher: Allow the lastModified attribute to be overriden again
 2024-10-16 18:03:29 +02:00
Robert Hensing
fd8a4a86d9 ThreadPool: don't silently ignore non-std exceptions 
Introduced in 8f6b347abd without explanation.

Throwing anything that's not that is a programming mistake that we don't want
to ignore silently. A crash would be ok, because that means we/they can fix
the offending throw.
 2024-10-16 17:56:08 +02:00
Robert Hensing
16320f6d24 Handle ThreadPoolShutdown with normal catch 2024-10-16 17:56:08 +02:00
Robert Hensing
3f9ff10786 ThreadPool: catch Interrupted 2024-10-16 17:56:08 +02:00
Robert Hensing
de41e46175 Document recursive-nix startDaemon/stopDaemon 2024-10-16 17:56:08 +02:00
Robert Hensing
0e5a5303ad fix: Ignore Interrupted in recursive-nix daemon worker 
Otherwise, if checkInterrupt() in any of the supported store operations
would catch onto a user interrupt, the exception would bubble to the thread
start and be handled by std::terminate(): a crash.
 2024-10-16 17:56:08 +02:00
Eelco Dolstra
de1289229f
Merge pull request #11669 from obsidiansystems/doc-source-rename 
Make the subproject dir `src` again
 2024-10-16 17:30:40 +02:00
Eelco Dolstra
781ff7672e Add test 2024-10-16 17:18:07 +02:00
Ivan Tkachev
e33d6f24e3 #11704 2024-10-16 15:27:22 +03:00
Robert Hensing
806a91f7bf
Merge pull request #11688 from roberth/meson-tidy 
Clean up the `package.nix` files
 2024-10-14 17:40:46 +02:00
John Ericson
379ada42bc Make the subproject dir src again 
We got rid of this in c7ec33605e because
of bug https://github.com/mesonbuild/meson/issues/13774, but in the
previous commit we renamed the manual source directory, which avoids it.
Now we can change it back.
 2024-10-14 11:21:24 -04:00
John Ericson
eb7d7780b1 Rename doc/manual{src -> source} 
This is needed to avoid this
https://github.com/mesonbuild/meson/issues/13774 when we go back to
making our subproject directory `src`.
 2024-10-14 11:21:24 -04:00
Eelco Dolstra
5d35424445 path fetcher: Allow the lastModified attribute to be overriden again 
Fixes #11660.
 2024-10-14 16:17:18 +02:00
Eelco Dolstra
d5c45952ac
Merge pull request #11690 from DeterminateSystems/non-contiguous-tarballs 
Handle tarballs where directory entries are not contiguous
 2024-10-14 14:50:31 +02:00
Eelco Dolstra
b11c331c53
Merge pull request #11684 from geofft/real-root-mode-0500 
libstore: Make our sandbox pivot_root directory accessible to ourself
 2024-10-14 14:35:37 +02:00
Eelco Dolstra
a7b9877da9 Add a test 2024-10-14 14:10:36 +02:00
Eelco Dolstra
71c2d82302
Merge pull request #11677 from DeterminateSystems/fix-s3-crash 
builtins.fetchurl: Fix segfault on s3:// URLs
 2024-10-14 13:55:49 +02:00
Eelco Dolstra
4012954b59 Handle tarballs where directory entries are not contiguous 
I.e. when not all entries underneath a directory X follow eachother,
but there is some entry Y that isn't a child of X in between.

Fixes #11656.
 2024-10-14 13:53:54 +02:00
Eelco Dolstra
d2f4d07619 Add assert 2024-10-14 13:15:55 +02:00
Robert Hensing
15e3e1543b packaging: Add mkMeson{Library,Executable} 
and:
- move pkg-config out of mkMesonDerivation, for components that don't
  produce any executable code
 2024-10-13 23:17:54 +02:00
Robert Hensing
e10ff893e5 packaging: Factor out mkPackageBuilder 2024-10-13 22:43:06 +02:00
Robert Hensing
0aef34b790 packaging: Add mesonLayer 
... and remove a few unused arguments.

This adds pkg-config to a two or three packages that don't use it,
but we shouldn't let that bother us. It's like our personal stdenv.
 2024-10-13 22:39:53 +02:00
Robert Hensing
d21026b6f1 packaging: Remove package.nix from libexpr src 2024-10-13 22:18:57 +02:00
Robert Hensing
0a49d1e0d2 refactor: lib.composeManyExtensions 2024-10-13 22:03:52 +02:00
Robert Hensing
ab0f9f9089
Merge pull request #11680 from Mic92/git-utils 
git-utils: fix x86_64-w64-mingw32 build
 2024-10-13 13:09:00 +02:00
Valentin Gagarin
de0a34a362
doc: note that nix eval is eager (#11670) 
doc: note that `nix eval` is eager

---------

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-10-13 12:31:01 +02:00
Robert Hensing
3c59df412a nix/meson.build: Rename name_suffix -> executable_suffix 2024-10-13 12:29:48 +02:00
Geoffrey Thomas
5a794d9366 libstore: Make our sandbox pivot_root directory accessible to ourself 
If you have the Nix store mounted from a nonlocal filesystem whose
exporter is not running as root, making the directory mode 000 makes it
inaccessible to that remote unprivileged user and therefore breaks the
build. (Specifically, I am running into this with a virtiofs mount using
Apple Virtualization.framework as a non-root user, but I expect the
same thing would happen with virtiofs in qemu on Linux as a non-root
user or with various userspace network file servers.)

Make the directory mode 500 (dr-x------) to make the sandbox work in
this use case, which explicitly conveys our intention to read and search
the directory.  The code only works because root can already bypass
directory checks, so this does not actually grant more permissions to
the directory owner / does not make the sandbox less secure.
 2024-10-12 19:55:58 -04:00