about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2016-01-05 Verify TLS certificate before downloading binariesPhilip Potter2-3/+2
The --insecure flag to curl tells curl not to bother checking if the TLS certificate presented by the server actually matches the hostname requested, and actually is issued by a trusted CA chain. This almost entirely negates any benefit from using TLS in the first place. This removes the --insecure flag to ensure we actually have a secure connection to the intended hostname before downloading binaries. Manually tested locally within a dev-shell; was able to download binaries from https://cache.nixos.org without issue. [Note: --insecure was only used for fetching NARs, whose integrity is verified by Nix anyway using the hash from the .narinfo. But if we can fetch the .narinfo without --insecure, we can also fetch the .nar, so there is not much point to using --insecure. --Eelco]
2016-01-05 Better error messageFabian Schmitthenner1-1/+1
Also show types when nix cannot compare values of different types. This is also more consistent since types are already shown when comparing values of the same not comparable type.
2016-01-05 propagate NIX_BUILD_SHELL also in pure builds document NIX_BUILD_SHELL in ↵Fabian Schmitthenner2-1/+17
the nix-shell command documentation
2016-01-05 Do not override environment CFLAGS and CXXFLAGSIlya Novoselov1-2/+0
Looks like 5a05cf4063fc6ea666f3e24c60bd2e9e5526ef4e removed usage of environment CFLAGS and CXXFLAGS by mistake. That change broke building of nix on fedora core 23.
2016-01-05 Fix compilationEelco Dolstra1-1/+7
2016-01-05 Use __toString when coercing sets to strings.Shea Levy2-2/+10
For example, "${{ foo = "bar"; __toString = x: x.foo; }}" evaluates to "bar". With this, we can delay calling functions like mkDerivation, buildPythonPackage, etc. until we actually need a derivation, enabling overrides and other modifications to happen by simple attribute set update.
2016-01-05 Merge pull request #685 from vizanto/masterEelco Dolstra3-1/+8
POSIX compliant directory access (fixes build on Solaris)
2016-01-05 doc: Clarify why multiple arguments are not supported in shebang lineTim Cuthbertson1-2/+2
It's not a limitation of `/usr/bin/env`, it's just how the OS processes shebang lines (see http://stackoverflow.com/a/4304187)
2016-01-05 Fixed unresolved 'BUFSIZ'FrankHB1-0/+1
`BUFSIZ` is defined in header `<cstdio>`.
2016-01-05 Fix non-Darwin buildEelco Dolstra1-0/+2
2016-01-05 manual: document builtins.functionArgsVladimír Čunát2-2/+20
The text is just a conversion of comment from src/libexpr/primops.cc
2016-01-05 doc: fixes #727 broken linkdavidak1-1/+1
2016-01-05 libstore: mmap() returns MAP_FAILED, not NULL on failureTuomas Tynkkynen1-1/+1
2016-01-04 Don't allow sandbox profile except in relaxed modeEelco Dolstra1-5/+10
This makes Darwin consistent with Linux: Nix expressions can't break out of the sandbox unless relaxed sandbox mode is enabled. For the normal sandbox mode this will require fixing #759 however.
2016-01-04 Use sensible date formatEelco Dolstra29-55/+57
2016-01-04 Update release notesEelco Dolstra1-3/+85
2016-01-04 ~PathLocks(): Handle exceptionsEelco Dolstra1-1/+5
Otherwise, since the call to write a "d" character to the lock file can fail with ENOSPC, we can get an unhandled exception resulting in a call to terminate().
2015-12-29 Fix regression in passAsFileEelco Dolstra1-2/+3
Caused by 8063fc497ab78fa72962b93874fe25dcca2b55ed. If tmpDir != tmpDirInSandbox (typically when there are multiple concurrent builds with the same name), the *Path attribute would not point to an existing file. This caused Nixpkgs' writeTextFile to write an empty file. In particular this showed up as hanging VM builds (because it would run an empty run-nixos-vm script and then wait for it to finish booting).
2015-12-22 Handle /tmp being a symlinkEelco Dolstra1-1/+1
Hopefully fixes Darwin sandbox regression introduced in 8063fc497ab78fa72962b93874fe25dcca2b55ed.
2015-12-22 Don't ignore sodium_init() return valueEelco Dolstra1-1/+2
2015-12-22 Fix bad error message in Darwin chrootsEelco Dolstra1-1/+3
2015-12-17 showId: Handle empty attribute namesEelco Dolstra1-2/+3
We should probably disallow these, but until then, we shouldn't barf with an assertion failure. Fixes #738.
2015-12-15 Merge pull request #742 from garrison/debian-curl-nssEelco Dolstra1-1/+1
Make Debian package depend on libcurl3-nss
2015-12-14 Make Debian package depend on libcurl3-nssJim Garrison1-1/+1
Otherwise nix-env fails to start if it is not installed
2015-12-14 Merge pull request #732 from puffnfresh/patch-1Eelco Dolstra1-1/+2
Use shellwords for nix-shell shebang
2015-12-10 Fix coverage buildEelco Dolstra1-1/+1
2015-12-10 Build sandbox support etc. unconditionally on LinuxEelco Dolstra4-70/+24
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent ambiguity.
2015-12-08 Merge pull request #734 from bjornfor/hash-mismatch-messageEelco Dolstra1-2/+2
Clarify error message for hash mismatches (again)
2015-12-08 Clarify error message for hash mismatches (again)Bjørn Forsman1-2/+2
This is arguably nitpicky, but I think this new formulation is even clearer. My thinking is that it's easier to comprehend when the calculated hash value is displayed close to the output path. (I think it is somewhat similar to eliminating double negatives in logic statements.) The formulation is inspired / copied from the OpenEmbedded build tool, bitbake.
2015-12-07 Use shellwords for nix-shell shebangBrian McKenna1-1/+2
Previously we can't have quoted arguments. This now allows us to use things like `ghcWithPackages`
2015-12-02 daemon: Add 'buildMode' parameter to 'buildPaths' RPCLudovic Courtès3-5/+20
2015-12-02 Use deterministic $TMPDIR in sandboxEelco Dolstra1-28/+36
Rather than using $<host-TMPDIR>/nix-build-<drvname>-<number>, the temporary directory is now always /tmp/nix-build-<drvname>-0. This improves bitwise-exact reproducibility for builds that store $TMPDIR in their build output. (Of course, those should still be fixed...)
2015-11-25 Use DT_UNKNOWN when dirent d_type extension is not supported.Danny Wilson1-5/+1
edolstra: “…since callers of readDirectory have to handle the possibility of DT_UNKNOWN anyway, and we don't want to do a stat call for every directory entry unless it's really needed.”
2015-11-25 Merge branch 'auto-call-functor'Shea Levy1-0/+11
autoCallFunction now auto-calls functors
2015-11-25 autoCallFunction: Auto-call functorsShea Levy1-0/+11
2015-11-25 Merge pull request #617 from Preston4tw/patch-1Eelco Dolstra1-0/+1
Update nix.spec.in
2015-11-25 Set default binary-caches-parallel-connections to 25Eelco Dolstra2-2/+2
Some benchmarking suggested this as a good value. Running $ benchmark -f ... -t 25 -- sh -c 'rm -f /nix/var/nix/binary-cache*; nix-store -r /nix/store/x5z8a2yvz8h6ccmhwrwrp9igg03575jg-nixos-15.09.git.5fd87e1M.drv --dry-run --option binary-caches-parallel-connections <N>' gave the following mean elapsed times for these values of N: N=10: 3.3541 N=20: 2.9320 N=25: 2.6690 N=30: 2.9417 N=50: 3.2021 N=100: 3.5718 N=150: 4.2079 Memory usage is also reduced (N=150 used 186 MB, N=25 only 68 MB). Closes #708.
2015-11-25 Fix Ubuntu/Debian/Fedora buildsEelco Dolstra1-3/+3
2015-11-25 Merge branch 'p/sandbox-rename-minimal' of https://github.com/vcunat/nixEelco Dolstra4-29/+62
2015-11-25 Remove sandboxProfile from release.nixEelco Dolstra1-4/+0
There is really no conceivable reason why building Nix would need access to the host's nix.conf. If it does, it's a bug, and we should fix that instead.
2015-11-25 Fix build failure introduced by #704Eelco Dolstra1-2/+3
Also, make the FreeBSD checks conditional on FreeBSD.
2015-11-25 Merge pull request #712 from pSub/print-meta-licenseEelco Dolstra1-0/+12
Print license information on '--xml --meta'
2015-11-24 Merge pull request #716 from ebzzry/masterEelco Dolstra1-1/+1
Fixed typo.
2015-11-24 Merge pull request #704 from ysangkok/freebsd-supportEelco Dolstra6-3/+16
FreeBSD support with knowledge about Linux emulation
2015-11-23 Fixed typo.Rommel M. Martinez1-1/+1
2015-11-21 Merge branch 'host-deps' of git://github.com/pikajude/nixShea Levy3-4/+3
Reintroduces the functionality that allows the baked-in pre-build-hook to find framework dependencies
2015-11-21 reintroduce host deps in tandem with sandbox profilesJude Taylor3-4/+3
2015-11-21 Revert "remove sandbox-defaults.sb"Shea Levy2-0/+64
As discussed in NixOS/nixpkgs#11001, we still need some of the old sandbox mechanism. This reverts commit d760c2638c9e1f4b8cd9b4ec90d68bf0c76a800b.
2015-11-21 Print license information on '--xml --meta'Pascal Wittmann1-0/+12
The nixpkgs manual prescribes the use of values from stdenv.lib.licenses for the meta.license attribute. Those values are attribute sets and currently skipped when running nix-env with '--xml --meta'. This has the consequence that also nixpkgs-lint will report missing licenses. With this commit nix-env with '--xml --meta' will print all attributes of an attribute set that are of type tString. For example the output for the package nixpkgs.hello is <meta name="license" type="strings"> <string type="url" value="http://spdx.org/licenses/GPL-3.0+" /> <string type="shortName" value="gpl3Plus" /> <string type="fullName" value="GNU General Public License v3.0 or later" /> <string type="spdxId" value="GPL-3.0+" /> </meta> This commit fixes nixpkgs-lint, too.
2015-11-19 re-fix permissions for GHCJude Taylor1-2/+5