about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2014-01-14 Allow "bare" dynamic attrsShea Levy4-0/+21
Now, in addition to a."${b}".c, you can write a.${b}.c (applicable wherever dynamic attributes are valid). Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-13 Document nullsEelco Dolstra1-0/+3
2014-01-13 nix-shell: Don't set NIX_INDENT_MAKEEelco Dolstra1-0/+1
It generally is not useful in interactive environments (and messes up some non-ANSI-compliant terminals).
2014-01-13 nix-shell: Set $IN_NIX_SHELL before evaluatingEelco Dolstra1-2/+2
2014-01-08 Fix signed-binary-caches testEelco Dolstra1-1/+4
2014-01-08 Test whether Nix correctly checks the hash of downloaded NARsEelco Dolstra1-0/+14
2014-01-08 Fix checking of NAR hashesEelco Dolstra1-0/+1
*headdesk* *headdesk* *headdesk* So since commit 22144afa8d9f8968da351618a1347072a93bd8aa, Nix hasn't actually checked whether the content of a downloaded NAR matches the hash specified in the manifest / NAR info file. Urghhh...
2014-01-08 Support cryptographically signed binary cachesEelco Dolstra8-12/+126
NAR info files in binary caches can now have a cryptographic signature that Nix will verify before using the corresponding NAR file. To create a private/public key pair for signing and verifying a binary cache, do: $ openssl genrsa -out ./cache-key.sec 2048 $ openssl rsa -in ./cache-key.sec -pubout > ./cache-key.pub You should also come up with a symbolic name for the key, such as "cache.example.org-1". This will be used by clients to look up the public key. (It's a good idea to number keys, in case you ever need to revoke/replace one.) To create a binary cache signed with the private key: $ nix-push --dest /path/to/binary-cache --key ./cache-key.sec --key-name cache.example.org-1 The public key (cache-key.pub) should be distributed to the clients. They should have a nix.conf should contain something like: signed-binary-caches = * binary-cache-public-key-cache.example.org-1 = /path/to/cache-key.pub If all works well, then if Nix fetches something from the signed binary cache, you will see a message like: *** Downloading ‘http://cache.example.org/nar/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’ (signed by ‘cache.example.org-1’) to ‘/nix/store/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’... On the other hand, if the signature is wrong, you get a message like NAR info file `http://cache.example.org/7dppcj5sc1nda7l54rjc0g5l1hamj09j.narinfo' has an invalid signature; ignoring Signatures are implemented as a single line appended to the NAR info file, which looks like this: Signature: 1;cache.example.org-1;HQ9Xzyanq9iV...muQ== Thus the signature has 3 fields: a version (currently "1"), the ID of key, and the base64-encoded signature of the SHA-256 hash of the contents of the NAR info file up to but not including the Signature line. Issue #75.
2014-01-06 Revert "nix-shell: Set $IN_NIX_SHELL before evaluation"Eelco Dolstra1-2/+2
This reverts commit 0c1198cf08576f16633b2344dc6513cefb567cfc.
2014-01-06 Merge branch 'dynamic-attrs-no-sugar' of github.com:shlevy/nixEelco Dolstra10-63/+249
2014-01-06 wordingDomen Kožar1-1/+1
2014-01-06 Disable FreeBSD tests for nowEelco Dolstra1-5/+5
The FreeBSD machines in the build farm are currently unreachable.
2014-01-06 Disable the tail call testEelco Dolstra1-0/+0
On i686-linux, GCC stubbornly refuses to do tail-call optimisation. Don't know why. http://hydra.nixos.org/build/7300170
2013-12-31 Don't use any syntactic sugar for dynamic attrsShea Levy4-128/+68
This doesn't change any functionality but moves some behavior out of the parser and into the evaluator in order to simplify the code. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-31 Fold dynamic binds handling into addAttrShea Levy3-55/+37
Since addAttr has to iterate through the AttrPath we pass it, it makes more sense to just iterate through the AttrNames in addAttr instead. As an added bonus, this allows attrsets where two dynamic attribute paths have the same static leading part (see added test case for an example that failed previously). Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-31 Dynamic attrsShea Levy6-23/+256
This adds new syntax for attribute names: * attrs."${name}" => getAttr name attrs * attrs ? "${name}" => isAttrs attrs && hasAttr attrs name * attrs."${name}" or def => if attrs ? "${name}" then attrs."${name}" else def * { "${name}" = value; } => listToAttrs [{ inherit name value; }] Of course, it's a bit more complicated than that. The attribute chains can be arbitrarily long and contain combinations of static and dynamic parts (e.g. attrs."${foo}".bar."${baz}" or qux), which is relatively straightforward for the getAttrs/hasAttrs cases but is more complex for the listToAttrs case due to rules about duplicate attribute definitions. For attribute sets with dynamic attribute names, duplicate static attributes are detected at parse time while duplicate dynamic attributes are detected when the attribute set is forced. So, for example, { a = null; a.b = null; "${"c"}" = true; } will be a parse-time error, while { a = {}; "${"a"}".b = null; c = true; } will be an eval-time error (technically that case could theoretically be detected at parse time, but the general case would require full evaluation). Moreover, duplicate dynamic attributes are not allowed even in cases where they would be with static attributes ({ a.b.d = true; a.b.c = false; } is legal, but { a."${"b"}".d = true; a."${"b"}".c = false; } is not). This restriction might be relaxed in the future in cases where the static variant would not be an error, but it is not obvious that that is desirable. Finally, recursive attribute sets with dynamic attributes have the static attributes in scope but not the dynamic ones. So rec { a = true; "${"b"}" = a; } is equivalent to { a = true; b = true; } but rec { "${"a"}" = true; b = a; } would be an error or use a from the surrounding scope if it exists. Note that the getAttr, getAttr or default, and hasAttr are all implemented purely in the parser as syntactic sugar, while attribute sets with dynamic attribute names required changes to the AST to be implemented cleanly. This is an alternative solution to and closes #167 Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-31 Add the ExprBuiltin Expr type to the ASTShea Levy6-9/+40
Certain desugaring schemes may require the parser to use some builtin function to do some of the work (e.g. currently `throw` is used to lazily cause an error if a `<>`-style path is not in the search path) Unfortunately, these names are not reserved keywords, so an expression that uses such a syntactic sugar will not see the expected behavior (see tests/lang/eval-okay-redefine-builtin.nix for an example). This adds the ExprBuiltin AST type, which when evaluated uses the value from the rootmost variable scope (which of course is initialized internally and can't shadow any of the builtins). Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-30 nix-shell --pure: Don't clear IN_NIX_SHELLShea Levy1-1/+1
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-20 Revert "Scan /proc/<pid>/cmdline for GC roots"Eelco Dolstra1-8/+4
This reverts commit 194e3374b89b8b2dec6296923877304bdb5c6ae2. Checking the command line for GC roots means that $ nix-store --delete $path will fail because $path is now a root because it's mentioned on the command line.
2013-12-20 DohEelco Dolstra1-1/+1
2013-12-20 perl: Call loadConfFile() in doInit to avoid screwing sqlite journal mode.Petr Rockai1-0/+2
If the database is opened through perl bindings (and even though nix.conf has use-sqlite-wal set to false), the database is automatically converted into WAL mode. This makes the next nix process to access the database convert it back to "truncate". If the database is still open at the time in wal mode by the perl program, this fails and crashes the nix doing the wal -> truncate conversion.
2013-12-20 nix-env --set-flag: Barf if a selector doesn't match any installed packageEelco Dolstra1-5/+13
Fixes #184.
2013-12-20 Scan /proc/<pid>/cmdline for GC rootsEelco Dolstra1-4/+8
2013-12-20 nix-shell: Don't warn about the lack of a GC rootEelco Dolstra2-1/+6
2013-12-20 nix-shell: Set $IN_NIX_SHELL before evaluationEelco Dolstra1-2/+2
This has some hacky applications.
2013-12-20 nix-shell: Handle --option correctlyEelco Dolstra2-3/+7
Fixes #181.
2013-12-17 nix-shell --pure: Keep $TERMEelco Dolstra1-1/+1
2013-12-10 Bump language version for new storePath featureShea Levy1-1/+1
This will allow e.g. channel expressions to use builtins.storePath IFF it is safe to do so without knowing if the path is valid yet. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-10 builtins.storePath: Try to substitute the path if it is not yet validShea Levy1-2/+2
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-10 Garbage collector: Release locks on temporary root filesEelco Dolstra1-0/+1
This allows processes waiting for such locks to proceed during the trash deletion phase of the garbage collector.
2013-12-05 Print a trace message if a build fails due to the platform being unknownEelco Dolstra1-1/+4
2013-11-22 Include <cstring> for memsetEelco Dolstra1-0/+1
This should fix building on Illumos.
2013-11-19 Bump version numberEelco Dolstra1-1/+1
2013-11-19 Check meta values and warn about bad onesEelco Dolstra4-26/+54
2013-11-19 Generalise meta attributesEelco Dolstra5-204/+204
2013-11-19 Shorter error messageEelco Dolstra1-2/+1
2013-11-19 Drop support for user environment manifests in ATerm formatEelco Dolstra1-112/+1
2013-11-19 nix-env -q: Add a --json flagEelco Dolstra1-8/+45
2013-11-19 Refactor JSON outputEelco Dolstra2-13/+56
2013-11-19 Add a toJSON primopEelco Dolstra10-24/+179
2013-11-18 Add a primop unsafeGetAttrPos to return the position of an attributeEelco Dolstra6-6/+44
2013-11-18 Add a symbol __curPos that expands to the current source locationEelco Dolstra7-2/+43
I.e. an attribute set { file = <string>; line = <int>; column = <int>; }.
2013-11-18 Support quoted attribute names in -AEelco Dolstra3-14/+38
This is requires if you have attribute names with dots in them. So you can now say: $ nix-instantiate '<nixos>' -A 'config.systemd.units."postgresql.service".text' --eval-only Fixes #151.
2013-11-14 Remove nix-setuid-helperEelco Dolstra13-526/+50
AFAIK, nobody uses it, it's not maintained, and it has no tests.
2013-11-12 Make function calls show up in stack traces againEelco Dolstra4-26/+35
Note that adding --show-trace prevents functions calls from being tail-recursive, so an expression that evaluates without --show-trace may fail with a stack overflow if --show-trace is given.
2013-11-12 Add a test to check that tail calls run in bounded stack spaceEelco Dolstra2-0/+4
2013-11-12 Make function calls tail-recursiveEelco Dolstra4-40/+65
2013-11-12 Make ifs and asserts tail-recursiveEelco Dolstra2-4/+11
The local Value object prevented g++ from making a tail call. Not clear why. In any case, not using a temporary makes g++ do the tail call.
2013-11-12 Get rid of an intermediary on the stackEelco Dolstra2-13/+17
2013-10-28 Fix building without a garbage collectorEelco Dolstra1-5/+5
http://hydra.nixos.org/build/6695350