about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2017-10-30 Merge pull request #1646 from copumpkin/optional-sandbox-local-networkEelco Dolstra2-5/+33
Allow optional localhost network access to sandboxed derivations
2017-10-30 Allow optional localhost network access to sandboxed derivationsDan Peebles2-5/+33
This will allow bind and connect to 127.0.0.1, which can reduce purity/ security (if you're running a vulnerable service on localhost) but is also needed for a ton of test suites, so I'm leaving it turned off by default but allowing certain derivations to turn it on as needed. It also allows DNS resolution of arbitrary hostnames but I haven't found a way to avoid that. In principle I'd just want to allow resolving localhost but that doesn't seem to be possible. I don't think this belongs under `build-use-sandbox = relaxed` because we want it on Hydra and I don't think it's the end of the world.
2017-10-30 Don't parse "x:x" as a URIEelco Dolstra3-3/+4
URIs now have to contain "://" or start with "channel:".
2017-10-30 nix-build: Fix --hashEelco Dolstra1-0/+3
2017-10-30 Make "fetchGit /path" workEelco Dolstra1-5/+5
2017-10-30 fetchGit: Fix broken assertionEelco Dolstra1-1/+1
Different URIs can map to the same cache entry if they have the same revision.
2017-10-30 Add option allowed-urisEelco Dolstra8-7/+67
This allows network access in restricted eval mode.
2017-10-30 fetchurl/fetchTarball are *not* allowed in restricted modeEelco Dolstra1-2/+1
Accidentally committed this change as part of f9686885be54a9b0f8947713a414de4ad3182037. Restricted mode != pure mode.
2017-10-30 Merge pull request #1633 from orivej/docDomen Kožar3-15/+54
Update the language documentation
2017-10-30 builtins.fetchGit: Return an attrset with revision infoEelco Dolstra3-18/+54
This adds rev, shortRev and revCount attributes, equal to what Hydra provides. E.g. $ nix eval '(fetchGit https://github.com/NixOS/patchelf.git)' { outPath = "/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source"; rev = "29c085fd9d3fc972f75b3961905d6b4ecce7eb2b"; revCount = 303; shortRev = "29c085f"; }
2017-10-30 enable-http2 -> http2Eelco Dolstra2-2/+2
2017-10-30 fetchgit -> fetchGitEelco Dolstra2-5/+5
Almost all other primops are camelCase so no reason not to use that here.
2017-10-30 fetchTarball: Use "source" as the default nameEelco Dolstra1-4/+4
This ensures that it produces the same output as fetchgit: $ nix eval --raw '(builtins.fetchgit https://github.com/NixOS/patchelf.git)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source $ nix eval --raw '(fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
2017-10-30 fetchurl/fetchTarball: Respect name changesEelco Dolstra2-2/+4
The computation of urlHash didn't take the name into account, so subsequent fetchurl calls with the same URL but a different name would resolve to the same cached store path.
2017-10-30 builtins.fetchgit: Don't mess up the progress indicatorEelco Dolstra1-3/+5
2017-10-30 builtins.fetchgit: Support a "name" attributeEelco Dolstra2-11/+18
The "name" attribute defaults to "source", which we should use for all similar functions (e.g. fetchTarball and in Hydra) to ensure that we get a consistent store path regardless of how the tree is fetched. "source" is not necessarily a correct label, but using an empty name is problematic: you get an ugly store path ending in a dash, and it's impossible to have a fixed-output derivation that produces that path because ".drv" is not a valid store name. Fixes #904.
2017-10-29 nix repl :t: Indicate strings that have a contextEelco Dolstra1-1/+1
2017-10-26 Clarify indented string escaping rulesOrivej Desh1-5/+9
2017-10-26 Describe "with" scoping precedenceOrivej Desh1-1/+14
2017-10-26 Describe arithmetic operatorsOrivej Desh1-9/+31
2017-10-25 Fix building on clangEelco Dolstra1-2/+2
https://hydra.nixos.org/build/62945761
2017-10-25 exportReferencesGraph: Allow exporting a list of store pathsEelco Dolstra2-15/+23
2017-10-25 Bump language versionEelco Dolstra1-1/+1
2017-10-25 Fix exportReferencesGraph in the structured attrs caseEelco Dolstra2-69/+87
2017-10-25 Pass lists/attrsets to bash as (associative) arraysEelco Dolstra10-26/+166
2017-10-24 Fix RPM buildEelco Dolstra1-0/+1
2017-10-24 Add --store argument to legacy commandsEelco Dolstra1-0/+6
2017-10-24 Allow shorter syntax for chroot storesEelco Dolstra5-11/+23
You can now say '--store /tmp/nix' instead of '--store local?root=/tmp/nix'.
2017-10-24 More progress indicator improvementsEelco Dolstra3-14/+14
In particular, don't show superfluous "fetching path" and "building path(s)" messages, and show the current round (with --repeat).
2017-10-24 More progress indicator improvementsEelco Dolstra5-13/+27
Fixes #1599.
2017-10-24 Progress indicator: Show on what machine we're buildingEelco Dolstra3-4/+11
E.g. $ nix build nixpkgs.hello --builders 'root@wendy' [1/0/1 built] building hello-2.10 on ssh://root@wendy: checking for minix/config.h... no
2017-10-24 build-remote: Work properly on a chrooted storeEelco Dolstra1-1/+1
2017-10-24 Handle log messages from build-remoteEelco Dolstra4-124/+175
This makes the progress indicator show statuses like "connecting to 'root@machine'".
2017-10-24 nix: Respect -I, --arg, --argstrEelco Dolstra26-304/+354
Also, random cleanup to argument handling.
2017-10-24 Remove the remote-builds optionEelco Dolstra5-10/+8
This is superfluous since you can now just set "builders" to empty, e.g. "--builders ''".
2017-10-24 Remove the builder-files optionEelco Dolstra3-16/+21
You can now include files via the "builders" option, using the syntax "@<filename>". Having only one option makes it easier to override builders completely. For backward compatibility, the default is "@/etc/nix/machines", or "@<filename>" for each file name in NIX_REMOTE_SYSTEMS.
2017-10-23 NIX_BUILD_HOOK variable is goneEelco Dolstra1-1/+0
2017-10-23 Pass all settings to build-remoteEelco Dolstra7-82/+75
This ensures that command line flags such as --builders get passed correctly.
2017-10-23 Turn $NIX_REMOTE into a configuration optionEelco Dolstra4-7/+8
2017-10-23 Release note updatesEelco Dolstra1-36/+48
2017-10-23 build-remote: Put current load under the store state directoryEelco Dolstra1-2/+3
Fixes the error error: opening lock file '/nix/var/nix/current-load/main-lock': Permission denied when using a chroot store.
2017-10-20 Merge pull request #1616 from copumpkin/separate-darwin-sandboxEelco Dolstra2-13/+11
Shift Darwin sandbox to separate installed files
2017-10-20 Merge pull request #1622 from kini/c++14-prerequisiteEelco Dolstra1-2/+2
Mention C++14 dependency in the manual.
2017-10-19 Mention C++14 dependency in the manual.Keshav Kini1-2/+2
A couple makefiles in the sources have -std=c++14 in the CFLAGS.
2017-10-19 nix-shell: Fix file name resolution in shebangsShea Levy1-1/+1
2017-10-19 Revert "Let's not populate the NAR cache from hydra-queue-runner for now"Eelco Dolstra1-2/+2
This reverts commit 908590dc6cfcca3a98755b194d93b2da39aee95c. Since hydra-server can have a different store URI from hydra-queue-runner now, we don't really need this.
2017-10-18 Let's not populate the NAR cache from hydra-queue-runner for nowEelco Dolstra1-2/+2
2017-10-18 Errors writing to the NAR cache should not be fatalEelco Dolstra1-1/+5
2017-10-18 Suppress "copying 0 paths" messageEelco Dolstra1-0/+2
2017-10-17 Shift Darwin sandbox to separate installed filesDan Peebles2-13/+11
This makes it slightly more manageable to see at a glance what in a build's sandbox profile is unique to the build and what is standard. Also a first step to factoring more of our Darwin logic into scheme functions that will allow us a bit more flexibility. And of course less of that nasty codegen in C++! 😀