Age | Commit message (Collapse) | Author | Files | Lines |
|
`s3:ListObjects` isn't a real IAM action, but _is_ the name of an S3 API method. `s3:ListBucket` is the relevant action for that method.
https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html
(cherry picked from commit c92ea927e508f3c06b6b3ee68e1f0565264cac2c)
|
|
(cherry picked from commit f107a270026596e525bdf8df0e2d331783ec4a10)
|
|
(cherry picked from commit b7a936224ee6e1ad9c842f618bbd5bc1864ebd54)
|
|
This reverts commit d8730fb86facadbef22d3df7f8a743a56e7ed53c.
(cherry picked from commit 9be7787ec04d604a4e65a22a6b9ae56567aaf618)
|
|
(cherry picked from commit f0ec4b4ce478a8d2760203e8192275b88c770e1c)
|
|
We're calling `wait4path` on the full, resolved `@bindir@/nix-daemon` path.
That means we're hardcoding something like:
/bin/wait4path /nix/store/zs9c5xhp3zv9p23qnjxp87nl5injsi1i-nix-2.3/bin/nix-daemon && /nix/var/nix/profiles/default/bin/nix-daemon
That seems unnecessarily fragile.
It might be better to wait4path on the path we intend to call.
(cherry picked from commit 8c4a5e7ba1990348b9497c0fc4dc236dda3e7986)
|
|
On Catalina, the /nix filesystem might not be mounted at start time.
To avoid this service not starting, we need to keep the launch agent
outside of the Nix store. A wait4pid will hold for our /nix dir to be
mounted.
Fixes #3125.
(cherry picked from commit 0847f2f1b3145a62dc34707ba788275ce6b6fc57)
|
|
|
|
It also OOMs.
https://hydra.nixos.org/build/105942679
(cherry picked from commit 99af822004418b25b6d04eca67949c62e770c16b)
|
|
It constantly OOMs.
https://hydra.nixos.org/build/105784912
(cherry picked from commit 35732a95bcdc0a4b4492845205e6283fcc88fd0d)
|
|
(cherry picked from commit 96c84937c49435525d0733437aa88902b2c8caf6)
|
|
The tmpDirInSandbox is different when in sandboxed vs. non-sandboxed.
Since we don’t know ahead of time here whether sandboxing is enabled,
we need to reset all of the env vars we’ve set previously. This fixes
the issue encountered in https://github.com/NixOS/nixpkgs/issues/70856.
(cherry picked from commit 499b0388759db0f9f385da402a4bba551268aa99)
|
|
Fixes #3138.
(cherry picked from commit 906d56a96b442d4dd8f924c1ce0d1eec0e214af3)
|
|
Fixes #3140.
(cherry picked from commit 389a2cebed7cd72bda524ece0a56af2888cd80b6)
|
|
(cherry picked from commit d8730fb86facadbef22d3df7f8a743a56e7ed53c)
|
|
Fixes #3186
(cherry picked from commit b811bd2172bc9796f42b87996f455d4e5e4382ba)
|
|
The intent of the code was that if the window size cannot be determined,
it would be treated as having the maximum possible size. Because of a
missing assignment, it was actually treated as having a width of 0.
The reason the width could not be determined was because it was obtained
from stdout, not stderr, even though the printing was done to stderr.
This commit addresses both issues.
(cherry picked from commit c935ad3f025d5c3d8026711a1eb50b2917b61d59)
|
|
(cherry picked from commit 8737980e75bf14cae278f596ac26577bec94b3f9)
|
|
The FunctionCallTrace object consumes a few hundred bytes of stack
space, even when tracing is disabled. This was causing stack overflows:
$ nix-instantiate '<nixpkgs> -A texlive.combined.scheme-full --dry-run
error: stack overflow (possible infinite recursion)
This is with the default stack size of 8 MiB.
Putting the object on the heap reduces stack usage to < 5 MiB.
(cherry picked from commit 98ef11677c43db9aa669768d9f0cbec704e8831c)
|
|
(cherry picked from commit 95cf23ee7c5b0fd69b21811989a5668f4261fd51)
|
|
https://hydra.nixos.org/build/102803093
(cherry picked from commit c3aaf3b8da1a925c569389f13a861816a781a3c8)
|
|
https://hydra.nixos.org/build/102803044
(cherry picked from commit bda64a2b0f79346012332ed18f5a76388e6d9bae)
|
|
(cherry picked from commit c9159f86cc9a2fc07e2ab1217c2d8a8824123df4)
|
|
(cherry picked from commit 9348f9291e5d9e4ba3c4347ea1b235640f54fd79)
|
|
(cherry picked from commit 20eec802ff11dd2b152715cd5c81b756d318219d)
|
|
(cherry picked from commit 9277e72cb0aac72100c01334fdf25ea79d19052e)
|
|
700 is pointless since the store is world-readable anyway. And
per-user/root/channels must be world-readable.
(cherry picked from commit d7bae5680fc26303acb9a9ee1a202f537841a624)
|
|
(cherry picked from commit 61a6176acaa8522cbcf091a34a663ef45307fef7)
|
|
This is already done by the installer, so no need to do it again.
(cherry picked from commit 26762ceb8629af95300c0cc8c372a99282060dc1)
|
|
(cherry picked from commit c43d9f6131102f2761f22b1ec26f345d357f169c)
|
|
'nix-daemon' now creates subdirectories for users when they first
connect.
Fixes #509 (CVE-2019-17365).
Should also fix #3127.
(cherry picked from commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d)
|
|
Otherwise, builds like NixOS VM tests may leave the terminal in a
weird state and do resets.
(cherry picked from commit 4331eeb13d241dfe2d2e6a01c53915c556cac94f)
|
|
|
|
(cherry picked from commit e4ea3e03066a760c8cd462108af99aebaaa44c1b)
|
|
(cherry picked from commit a56b51a0ba7b0d6fdff7fd0127a118185b146f4f)
|
|
(cherry picked from commit 92ede15dd902f7c1d2771c194b8bb73fe406840f)
|
|
With the merge of #2582, the syntax "tags/1.9" for refs does not work
anymore.
However, the new syntax "refs/tags/1.9" seems to support annotated tags,
such as "refs/tags/2.0".
Closes #2385.
(cherry picked from commit ae244af242ca3621e5a3b9196f27d9fcbf297266)
|
|
(cherry picked from commit 9533d85ce009c65722a2addc55b64ee51f15dea3)
|
|
(cherry picked from commit e63c9e73e3e5d1f31fa5065c9ff59f442dd07d0e)
|
|
(cherry picked from commit 893be6f5e36abb58bbaa9c49055a5218114dd514)
(cherry picked from commit bd79c1f6f6391786772a8a79962abe22f374cca4)
|
|
(cherry picked from commit 99e8e58f2de9941353b47ed14fbe4ed76d635519)
(cherry picked from commit 3a022d45993b6fa8c7bf03517a3a3d1a2ab15f4a)
|
|
1. remove a typo space
2. Simplify negative style by using affirmative style
(cherry picked from commit 10bfc5c0d09d5508e3dab4c32f3368caeb5f7f56)
|
|
Fixes #2405.
(cherry picked from commit 168a8879165dd0deab1a93d343a6003146f37031)
|
|
(cherry picked from commit 6f6cb5e3880d0c7a1dd2bc13c2e0be8ce0ae9fa1)
|
|
(cherry picked from commit 00a567588e43b51944a9b91c1e890bda27773aed)
|
|
Previously, SANDBOX_SHELL was set to empty when unavailable. This
caused issues when actually generating the sandbox. Instead, just set
SANDBOX_SHELL when --with-sandbox-shell= is non-empty. Alternative
implementation to https://github.com/NixOS/nix/pull/3038.
(cherry picked from commit 199e888785bd23073e44e56f6c74b95dc7c10ffa)
|
|
(cherry picked from commit 7c74f075f4a7274ad38c90085cc269a19a977438)
|
|
Fixes #1892.
Fixes #1865.
Fixes #3119.
(cherry picked from commit e6e61f0a54dac0174df996e93fcfedcac7769ab4)
|
|
|
|
|