about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Makefile.am6
-rw-r--r--nix.conf.example181
-rw-r--r--nix.spec.in5
3 files changed, 2 insertions, 190 deletions
diff --git a/Makefile.am b/Makefile.am
index f50cdf19b216..c97d0e266cd7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,6 @@
 SUBDIRS = src perl scripts corepkgs doc misc tests
 EXTRA_DIST = substitute.mk nix.spec nix.spec.in bootstrap.sh \
-  nix.conf.example NEWS version misc/systemd/nix-worker.service
+  NEWS version misc/systemd/nix-worker.service
 
 pkginclude_HEADERS = config.h
 
@@ -10,10 +10,6 @@ nix.spec: nix.spec.in
 
 install-data-local: init-state
 	$(INSTALL) -d $(DESTDIR)$(sysconfdir)/nix
-	$(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix
-	if ! test -e $(DESTDIR)$(sysconfdir)/nix/nix.conf; then \
-		$(INSTALL_DATA) $(srcdir)/nix.conf.example $(DESTDIR)$(sysconfdir)/nix/nix.conf; \
-	fi
 	$(INSTALL) -d $(DESTDIR)$(docdir)
 	$(INSTALL_DATA) README $(DESTDIR)$(docdir)/
 
diff --git a/nix.conf.example b/nix.conf.example
deleted file mode 100644
index 3c55b570e60f..000000000000
--- a/nix.conf.example
+++ /dev/null
@@ -1,181 +0,0 @@
-### Option `gc-keep-outputs'
-#
-# If `true', the garbage collector will keep the outputs of
-# non-garbage derivations.  If `false' (default), outputs will be
-# deleted unless they are GC roots themselves (or reachable from other
-# roots).
-# 
-# In general, outputs must be registered as roots separately.
-# However, even if the output of a derivation is registered as a root,
-# the collector will still delete store paths that are used only at
-# build time (e.g., the C compiler, or source tarballs downloaded from
-# the network).  To prevent it from doing so, set this option to
-# `true'.
-#gc-keep-outputs = false
-
-
-### Option `gc-keep-derivations'
-#
-# If `true' (default), the garbage collector will keep the derivations
-# from which non-garbage store paths were built.  If `false', they
-# will be deleted unless explicitly registered as a root (or reachable
-# from other roots).
-#
-# Keeping derivation around is useful for querying and traceability
-# (e.g., it allows you to ask with what dependencies or options a
-# store path was built), so by default this option is on.  Turn it off
-# to safe a bit of disk space (or a lot if `gc-keep-outputs' is also
-# turned on).
-#gc-keep-derivations = true
-
-
-### Option `env-keep-derivations'
-#
-# If `false' (default), derivations are not stored in Nix user
-# environments.  That is, the derivation any build-time-only
-# dependencies may be garbage-collected.
-#
-# If `true', when you add a Nix derivation to a user environment, the
-# path of the derivation is stored in the user environment.  Thus, the
-# derivation will not be garbage-collected until the user environment
-# generation is deleted (`nix-env --delete-generations').  To prevent
-# build-time-only dependencies from being collected, you should also
-# turn on `gc-keep-outputs'.
-#
-# The difference between this option and `gc-keep-derivations' is that
-# this one is `sticky': it applies to any user environment created
-# while this option was enabled, while `gc-keep-derivations' only
-# applies at the moment the garbage collector is run.
-#env-keep-derivations = false
-
-
-### Option `build-max-jobs'
-#
-# This option defines the maximum number of jobs that Nix will try to
-# build in parallel.  The default is 1.  You should generally set it
-# to the number of CPUs in your system (e.g., 2 on a Athlon 64 X2).
-# It can be overriden using the `--max-jobs' / `-j' command line
-# switch.
-#build-max-jobs = 1
-
-
-### Option `build-cores'
-#
-# This option defines the number of CPU cores to utilize in parallel
-# within a build job, i.e. by passing an appropriate `-jN' flag to GNU
-# Make. The default is 1, meaning that parallel building within jobs
-# is disabled.  Passing the special value `0' causes Nix to try and
-# auto-detect the number of available cores on the local host.  This
-# setting can be overridden using the `--cores' command line switch.
-#build-cores = 1
-
-
-### Option `build-max-silent-time'
-#
-# This option defines the maximum number of seconds that a builder can
-# go without producing any data on standard output or standard error.
-# This is useful (for instance in a automated build system) to catch
-# builds that are stuck in an infinite loop, or to catch remote builds
-# that are hanging due to network problems.  It can be overriden using
-# the `--max-silent-time' command line switch.
-#
-# The value 0 means that there is no timeout.  This is also the
-# default.
-#
-# Example:
-#   build-max-silent-time = 600 # = 10 minutes
-#build-max-silent-time = 0
-
-
-### Option `build-users-group'
-#
-# This options specifies the Unix group containing the Nix build user
-# accounts.  In multi-user Nix installations, builds should not
-# be performed by the Nix account since that would allow users to
-# arbitrarily modify the Nix store and database by supplying specially
-# crafted builders; and they cannot be performed by the calling user
-# since that would allow him/her to influence the build result.
-#
-# Therefore, if this option is non-empty and specifies a valid group,
-# builds will be performed under the user accounts that are a member
-# of the group specified here (as listed in /etc/group).  Those user
-# accounts should not be used for any other purpose!
-#
-# Nix will never run two builds under the same user account at the
-# same time.  This is to prevent an obvious security hole: a malicious
-# user writing a Nix expression that modifies the build result of a
-# legitimate Nix expression being built by another user.  Therefore it
-# is good to have as many Nix build user accounts as you can spare.
-# (Remember: uids are cheap.)
-#
-# The build users should have permission to create files in the Nix
-# store, but not delete them.  Therefore, /nix/store should be owned
-# by the Nix account, its group should be the group specified here,
-# and its mode should be 1775.
-#
-# If the build users group is empty, builds will be performed under
-# the uid of the Nix process (that is, the uid of the caller if
-# $NIX_REMOTE is empty, the uid under which the Nix daemon runs if
-# $NIX_REMOTE is `daemon', or the uid that owns the setuid nix-worker
-# program if $NIX_REMOTE is `slave').  Obviously, this should not be
-# used in multi-user settings with untrusted users.
-#
-# The default is empty.
-#
-# Example:
-#   build-users-group = nix-builders
-#build-users-group =
-
-
-### Option `build-use-chroot'
-#
-# If set to `true', builds will be performed in a chroot environment,
-# i.e., the build will be isolated from the normal file system
-# hierarchy and will only see the Nix store, the temporary build
-# directory, and the directories configured with the
-# `build-chroot-dirs' option (such as /proc and /dev).  This is useful
-# to prevent undeclared dependencies on files in directories such as
-# /usr/bin.
-#
-# The use of a chroot requires that Nix is run as root (but you can
-# still use the "build users" feature to perform builds under
-# different users than root).  Currently, chroot builds only work on
-# Linux because Nix uses "bind mounts" to make the Nix store and other
-# directories available inside the chroot.
-#
-# The default is `false'.
-#
-# Example:
-#   build-use-chroot = true
-#build-use-chroot = false
-
-
-### Option `build-chroot-dirs'
-#
-# When builds are performed in a chroot environment, Nix will mount
-# (using `mount --bind' on Linux) some directories from the normal
-# file system hierarchy inside the chroot.  These are the Nix store,
-# the temporary build directory (usually /tmp/nix-<pid>-<number>) and
-# the directories listed here.  The default is "/dev /dev/pts /proc".
-# Files in /dev (such as /dev/null) are needed by many builds, and
-# some files in /proc may also be needed occasionally.
-#
-# Example:
-#   build-use-chroot = /dev /proc /bin
-#build-chroot-dirs = /dev /dev/pts /proc
-
-
-### Option `build-cache-failure'
-#
-# If this option is enabled, Nix will do negative caching; that is, it
-# will remember failed builds, and won't attempt to try to build them
-# again if you ask for it.  Negative caching is disabled by default
-# because Nix cannot distinguish between permanent build errors (e.g.,
-# a syntax error in a source file) and transient build errors (e.g., a
-# full disk), as they both cause the builder to return a non-zero exit
-# code.  You can clear the cache by doing `rm -f
-# /nix/var/nix/db/failed/*'.
-#
-# Example:
-#   build-cache-failure = true
-#build-cache-failure = false
diff --git a/nix.spec.in b/nix.spec.in
index 44ea8d7c9476..29e53c0c350e 100644
--- a/nix.spec.in
+++ b/nix.spec.in
@@ -121,10 +121,7 @@ ln -sf %{_libdir}/nix/libNixStore.so.0 Store.so
 popd
 
 # Specify build users group
-sed -i "s|#build-users-group =$|build-users-group = %{nixbld_group}|" \
-  $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf
-# ... and delete the example configuration
-rm $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf.example
+echo "build-users-group = %{nixbld_group}" > $RPM_BUILD_ROOT%{_sysconfdir}/nix/nix.conf
 
 # make per-user directories
 for d in profiles gcroots;
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-07-30T19ยท29+0000