Age | Commit message (Collapse) | Author | Files | Lines |
|
The `set -e` at the top of the script causes the installation to fail to
complete if the shell profile is not writeable. Checking file existence
only is not enough.
|
|
|
|
Calling a class an API is a bit redundant...
|
|
Also, move a few free-standing functions into StoreAPI and Derivation.
Also, introduce a non-nullable smart pointer, ref<T>, which is just a
wrapper around std::shared_ptr ensuring that the pointer is never
null. (For reference-counted values, this is better than passing a
"T&", because the latter doesn't maintain the refcount. Usually, the
caller will have a shared_ptr keeping the value alive, but that's not
always the case, e.g., when passing a reference to a std::thread via
std::bind.)
|
|
"tests/lang.sh" can handle this.
|
|
For example,
$ nix-build --hash -A nix-repl.src
will build the fixed-output derivation nix-repl.src (a fetchFromGitHub
call), but instead of *verifying* the hash given in the Nix
expression, it prints out the resulting hash, and then moves the
result to its content-addressed location in the Nix store. E.g
build produced path ‘/nix/store/504a4k6zi69dq0yjc0bm12pa65bccxam-nix-repl-8a2f5f0607540ffe56b56d52db544373e1efb980-src’ with sha256 hash ‘0cjablz01i0g9smnavhf86imwx1f9mnh5flax75i615ml71gsr88’
The goal of this is to make all nix-prefetch-* scripts unnecessary: we
can just let Nix run the real thing (i.e., the corresponding fetch*
derivation).
Another example:
$ nix-build --hash -E 'with import <nixpkgs> {}; fetchgit { url = "https://github.com/NixOS/nix.git"; sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffff"; }'
...
git revision is 9e7c1a4bbdbe6129dd9dc385776612c307d3d1bb
...
build produced path ‘/nix/store/gmsnh9i7x4mb7pyd2ns7n3c9l90jfsi1-nix’ with sha256 hash ‘1188xb621diw89n25rifqg9lxnzpz7nj5bfh4i1y3dnis0dmc0zp’
(Having to specify a fake sha256 hash is a bit annoying...)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
nix-shell shebangs were broken by 9018deab
|
|
'start-condition stack underflow'. This fixes #751"""
This reverts commit b669d3d2e83d3c50238751b57cff3ed0ca39bc8a.
|
|
|
|
|
|
'start-condition stack underflow'. This fixes #751""
This reverts commit ed23c8568e10d15196bb4ff2b79fc14191d28109. Let's
merge this *after* the 1.11.1 release.
|
|
|
|
stack underflow'. This fixes #751"
This reverts commit 8120b6fb8a4924f8ae717bba9bbda4a2f89e2141 and fixes the regression introduced in
8d22b26448a091c76ab972c0b0603daac5e255e4.
|
|
|
|
|
|
underflow'. This fixes #751"
This reverts commit 8d22b26448a091c76ab972c0b0603daac5e255e4. It
breaks Nixpkgs:
$ nix-env -qa
error: syntax error, unexpected IND_STR, expecting '}', at /home/eelco/Dev/nixpkgs-stable/pkgs/top-level/python-packages.nix:7605:8
|
|
|
|
|
|
|
|
|
|
This should get rid of a certificate warning from "nix-env -i" early
in the install script.
|
|
Mention the --max-freed option in the nix-collect-garbage man page.
Related to https://github.com/NixOS/nix/issues/609.
|
|
|
|
This fixes #751
|
|
Similar to 00903fa79961d7eb0fadeb9ed2d7cda7821dc293. Regardless of -K,
we now also print which output differs.
|
|
Previously files in the Nix store were owned by root or by nixbld,
depending on whether they were created by a substituter or by a
builder. This doesn't matter much, but causes spurious diffoscope
differences. So use root everywhere.
|
|
This makes it easier to investigate the non-determinism, e.g.
$ nix-build pkgs/stdenv/linux -A stage1.pkgs.zlib --check -K
error: derivation ‘/nix/store/l54i8wlw22656i4pk05c52ngv9rpl39q-zlib-1.2.8.drv’ may not be deterministic: output ‘/nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8’ differs from ‘/nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8-check’
$ diffoscope /nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8 /nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8-check
...
├── lib/libz.a
│ ├── metadata
│ │ @@ -1,15 +1,15 @@
│ │ -rw-r--r-- 30001/30000 3096 Jan 12 15:20 2016 adler32.o
...
│ │ +rw-r--r-- 30001/30000 3096 Jan 12 15:28 2016 adler32.o
...
|
|
This occured when sandbox building is disabled, at least one output
exists, and at least one other output does not.
|
|
E.g.
$ nix-build pkgs/stdenv/linux/ -A stage1.pkgs.perl --check
nix-store: src/libstore/build.cc:1323: void nix::DerivationGoal::tryToBuild(): Assertion `buildMode != bmCheck || validPaths.size() == drv->outputs.size()' failed.
when perl.out exists but perl.man doesn't. The fix is to only check
the outputs that exist. Note that "nix-build -A stage1.pkgs.all
--check" will still give a (proper) error in this case.
|
|
This reverts commit 80ebd60e7ca3c48a19b94ddaeebb23182b703178. The
reason why we cleared CFLAGS/CXXFLAGS was because otherwise we get a
default value of -O2, which interferes with the defaults set in the
Makefile. (E.g. "make OPTIMIZE=0" should not pass -O2.)
|
|
|
|
|
|
This was observed in the deb_debian7x86_64 build:
http://hydra.nixos.org/build/29973215
Calling c_str() on a temporary should be fine because the temporary
shouldn't be destroyed until after the execl() call, but who knows...
|
|
|
|
Detected by -Werror=format-security.
http://hydra.nixos.org/build/29973207
|
|
http://hydra.nixos.org/build/30001635
|
|
|
|
If repair found a corrupted/missing path that depended on a
multiple-output derivation, and some of the outputs of the latter were
not present, it failed with a message like
error: path ‘/nix/store/cnfn9d5fjys1y93cz9shld2xwaibd7nn-bash-4.3-p42-doc’ is not valid
|
|
|
|
The --insecure flag to curl tells curl not to bother checking if the TLS
certificate presented by the server actually matches the hostname
requested, and actually is issued by a trusted CA chain. This almost
entirely negates any benefit from using TLS in the first place.
This removes the --insecure flag to ensure we actually have a secure
connection to the intended hostname before downloading binaries.
Manually tested locally within a dev-shell; was able to download
binaries from https://cache.nixos.org without issue.
[Note: --insecure was only used for fetching NARs, whose integrity is
verified by Nix anyway using the hash from the .narinfo. But if we can
fetch the .narinfo without --insecure, we can also fetch the .nar, so
there is not much point to using --insecure. --Eelco]
|
|
Also show types when nix cannot compare values of different types.
This is also more consistent since types are already shown when comparing values of the same not comparable type.
|