diff options
| -rw-r--r-- | doc/manual/expressions/advanced-attributes.xml | 8 | ||||
| -rw-r--r-- | misc/docker/Dockerfile | 4 | ||||
| -rw-r--r-- | misc/docker/README.md | 8 | ||||
| -rw-r--r-- | nix.spec.in | 61 | ||||
| -rw-r--r-- | src/libexpr/eval.cc | 12 | ||||
| -rw-r--r-- | src/libstore/build.cc | 2 | ||||
| -rwxr-xr-x | src/nix-build/nix-build.cc | 2 |
7 files changed, 71 insertions, 26 deletions
diff --git a/doc/manual/expressions/advanced-attributes.xml b/doc/manual/expressions/advanced-attributes.xml index f3cf98371302..dfd013b5cf31 100644 --- a/doc/manual/expressions/advanced-attributes.xml +++ b/doc/manual/expressions/advanced-attributes.xml @@ -112,7 +112,13 @@ impureEnvVars = [ "http_proxy" "https_proxy" <replaceable>...</replaceable> ]; linkend="fixed-output-drvs">fixed-output derivations</link>, where impurities such as these are okay since (the hash of) the output is known in advance. It is ignored for all other - derivations.</para></listitem> + derivations.</para> + + <warning><para><varname>impureEnvVars</varname> implementation takes + environment variables from the current builder process. When a daemon is + building its environmental variables are used. Without the daemon, the + environmental variables come from the environment of the + <command>nix-build</command>.</para></warning></listitem> </varlistentry> diff --git a/misc/docker/Dockerfile b/misc/docker/Dockerfile index 2f8e3dd7a679..0f69d02df25f 100644 --- a/misc/docker/Dockerfile +++ b/misc/docker/Dockerfile @@ -4,8 +4,8 @@ FROM alpine RUN apk add --update openssl # Download Nix and install it into the system. -RUN wget https://nixos.org/releases/nix/nix-2.0/nix-2.0-x86_64-linux.tar.bz2 \ - && echo "6312837aee33306cdbb351b75ba1638b89d21b30f0caf0346f9a742425f197ee nix-2.0-x86_64-linux.tar.bz2" | sha256sum -c \ +RUN wget https://nixos.org/releases/nix/nix-2.0.2/nix-2.0.2-x86_64-linux.tar.bz2 \ + && echo "d0c2492d7d8f824e3b1ace15a1a58f64a0a8faacc59936ebedfe18905d982d7c nix-2.0.2-x86_64-linux.tar.bz2" | sha256sum -c \ && tar xjf nix-*-x86_64-linux.tar.bz2 \ && addgroup -g 30000 -S nixbld \ && for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \ diff --git a/misc/docker/README.md b/misc/docker/README.md new file mode 100644 index 000000000000..491be7408964 --- /dev/null +++ b/misc/docker/README.md @@ -0,0 +1,8 @@ +To update https://hub.docker.com/r/nixos/nix/ + + $ docker build . -t nixos/nix:2.0 + $ docker tag nixos/nix:2.0 nixos/nix:latest + $ docker push nixos/nix:latest + $ docker push nixos/nix:2.0 + +Write access: @domenkozar diff --git a/nix.spec.in b/nix.spec.in index d962bcc857b9..cd053dbfce5c 100644 --- a/nix.spec.in +++ b/nix.spec.in @@ -3,33 +3,47 @@ %global nixbld_user "nix-builder-" %global nixbld_group "nixbld" +# NOTE: BUILD on EL7 requires +# - Centos / RHEL7 software collection repository +# yum install centos-release-scl +# +# - Recent boost backport +# curl https://copr.fedorainfracloud.org/coprs/whosthere/boost/repo/epel-7/whosthere-boost-epel-7.repo -o /etc/yum.repos.d/whosthere-boost-epel-7.repo +# + +# Disable documentation generation +# necessary on some platforms +%bcond_without docgen + Summary: The Nix software deployment system Name: nix Version: @PACKAGE_VERSION@ Release: 2%{?dist} License: LGPLv2+ -%if 0%{?rhel} && 0%{?rhel} < 7 Group: Applications/System -%endif URL: http://nixos.org/ Source0: %{name}-%{version}.tar.bz2 -%if 0%{?el5} -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) -%endif + Requires: curl Requires: bzip2 Requires: gzip Requires: xz -Requires: libseccomp -Requires: boost-context +BuildRequires: bison +BuildRequires: boost-devel >= 1.60 BuildRequires: bzip2-devel -BuildRequires: sqlite-devel + +# for RHEL <= 7, we need software collections for a C++14 compatible compatible compiler +%if 0%{?rhel} +BuildRequires: devtoolset-7-gcc +BuildRequires: devtoolset-7-gcc-c++ +%endif + +BuildRequires: flex BuildRequires: libcurl-devel BuildRequires: libseccomp-devel -BuildRequires: boost-devel - -# Hack to make that shitty RPM scanning hack shut up. -Provides: perl(Nix::SSH) +BuildRequires: openssl-devel +BuildRequires: sqlite-devel +BuildRequires: xz-devel %description Nix is a purely functional package manager. It allows multiple @@ -41,9 +55,6 @@ it can be used equally well under other Unix systems. %package devel Summary: Development files for %{name} -%if 0%{?rhel} && 0%{?rhel} < 7 -Group: Development/Libraries -%endif Requires: %{name}%{?_isa} = %{version}-%{release} %description devel @@ -53,9 +64,6 @@ developing applications that use %{name}. %package doc Summary: Documentation files for %{name} -%if 0%{?rhel} && 0%{?rhel} < 7 -Group: Documentation -%endif BuildArch: noarch Requires: %{name} = %{version}-%{release} @@ -67,20 +75,25 @@ The %{name}-doc package contains documentation files for %{name}. %build +%if 0%{?rhel} +source /opt/rh/devtoolset-7/enable +%endif extraFlags= # - override docdir so large documentation files are owned by the # -doc subpackage # - set localstatedir by hand to the preferred nix value %configure --localstatedir=/nix/var \ + %{!?without_docgen:--disable-doc-gen} \ --docdir=%{_defaultdocdir}/%{name}-doc-%{version} \ $extraFlags -make -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES +make V=1 %{?_smp_mflags} %install -%if 0%{?el5} -rm -rf $RPM_BUILD_ROOT +%if 0%{?rhel} +source /opt/rh/devtoolset-7/enable %endif + make DESTDIR=$RPM_BUILD_ROOT install find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' @@ -130,6 +143,7 @@ systemctl start nix-daemon.socket %endif %files +%license COPYING %{_bindir}/nix* %{_libdir}/*.so %{_prefix}/libexec/* @@ -138,9 +152,11 @@ systemctl start nix-daemon.socket %{_prefix}/lib/systemd/system/nix-daemon.service %endif %{_datadir}/nix +%if ! %{without docgen} %{_mandir}/man1/*.1* %{_mandir}/man5/*.5* %{_mandir}/man8/*.8* +%endif %config(noreplace) %{_sysconfdir}/profile.d/nix.sh %config(noreplace) %{_sysconfdir}/profile.d/nix-daemon.sh /nix @@ -149,6 +165,9 @@ systemctl start nix-daemon.socket %{_includedir}/nix %{_prefix}/lib/pkgconfig/*.pc + +%if ! %{without docgen} %files doc %docdir %{_defaultdocdir}/%{name}-doc-%{version} %{_defaultdocdir}/%{name}-doc-%{version} +%endif diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index a2cce162b90c..353097f89713 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -317,10 +317,20 @@ EvalState::EvalState(const Strings & _searchPath, ref<Store> store) if (settings.restrictEval || settings.pureEval) { allowedPaths = PathSet(); + for (auto & i : searchPath) { auto r = resolveSearchPathElem(i); if (!r.first) continue; - allowedPaths->insert(r.second); + + auto path = r.second; + + if (store->isInStore(r.second)) { + PathSet closure; + store->computeFSClosure(store->toStorePath(r.second), closure); + for (auto & path : closure) + allowedPaths->insert(path); + } else + allowedPaths->insert(r.second); } } diff --git a/src/libstore/build.cc b/src/libstore/build.cc index a2b24524028a..f70ab8108fd7 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -3249,6 +3249,8 @@ void DerivationGoal::registerOutputs() info.ultimate = true; worker.store.signPathInfo(info); + if (!info.references.empty()) info.ca.clear(); + infos.push_back(info); } diff --git a/src/nix-build/nix-build.cc b/src/nix-build/nix-build.cc index a63b3e07ae77..21d99878a518 100755 --- a/src/nix-build/nix-build.cc +++ b/src/nix-build/nix-build.cc @@ -354,7 +354,7 @@ void mainWrapped(int argc, char * * argv) // Build or fetch all dependencies of the derivation. for (const auto & input : drv.inputDrvs) if (std::all_of(envExclude.cbegin(), envExclude.cend(), [&](const string & exclude) { return !std::regex_search(input.first, std::regex(exclude)); })) - pathsToBuild.insert(input.first); + pathsToBuild.insert(makeDrvPathWithOutputs(input.first, input.second)); for (const auto & src : drv.inputSrcs) pathsToBuild.insert(src); |