about summary refs log tree commit diff
path: root/doc/manual/command-ref/conf-file.xml
AgeCommit message (Collapse)AuthorFilesLines
2017-07-04 Add allow-new-privileges optionEelco Dolstra1-0/+17
This allows builds to call setuid binaries. This was previously possible until we started using seccomp. Turns out that seccomp by default disallows processes from acquiring new privileges. Generally, any use of setuid binaries (except those created by the builder itself) is by definition impure, but some people were relying on this ability for certain tests. Example: $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines: cannot raise the capability into the Ambient set : Operation not permitted $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms Fixes #1429.
2017-04-20 Read per-user settings from ~/.config/nix/nix.confEelco Dolstra1-8/+28
2017-04-20 binary-caches-parallel-connections -> http-connectionsEelco Dolstra1-1/+1
2017-04-20 nix.conf man page: binary-caches -> substitutersEelco Dolstra1-21/+13
2017-04-13 Convert Settings to the new config systemEelco Dolstra1-10/+0
This makes all config options self-documenting. Unknown or unparseable config settings and --option flags now cause a warning.
2017-03-21 Fix tests to reflect the signed-binary-caches default changeEelco Dolstra1-3/+4
2017-03-15 Store: Add a method for getting build logsEelco Dolstra1-14/+0
This allows various Store implementations to provide different ways to get build logs. For example, BinaryCacheStore can get the build logs from the binary cache. Also, remove the log-servers option since we can use substituters for this.
2017-03-09 nix -> NixEelco Dolstra1-2/+2
2017-03-08 Add docs for allow-import-from-derivationShea Levy1-0/+10
2017-02-28 Support auto-configuration of build-max-jobsEelco Dolstra1-3/+3
"build-max-jobs" and the "-j" option can now be set to "auto" to use the number of CPUs in the system. (Unlike build-cores, it doesn't use 0 to imply auto-configuration, because a) magic values are a bad idea in general; b) 0 is a legitimate value used to disable local building.) Fixes #1198.
2017-02-16 Tweak netrc docsEelco Dolstra1-4/+12
2017-02-02 Add netrc-file supportRenzo Carbonara1-0/+15
2016-12-16 manual: add NIX_CONF_DIR to conf-file sectionDaiderd Jordan1-1/+2
2016-10-31 Support optional sandbox pathsEelco Dolstra1-1/+6
For example, you can now set build-sandbox-paths = /dev/nvidiactl? to specify that /dev/nvidiactl should only be mounted in the sandbox if it exists in the host filesystem. This is useful e.g. for EC2 images that should support both CUDA and non-CUDA instances.
2016-09-21 Add sandbox-dev-shm-size optionEelco Dolstra1-0/+13
Fixes #1069.
2016-09-14 Revive binary-caches-parallel-connectionsEelco Dolstra1-4/+3
It's a slight misnomer now because it actually limits *all* downloads, not just binary cache lookups. Also add a "enable-http2" option to allow disabling use of HTTP/2 (enabled by default).
2016-08-10 s/powerpc-darwin/x86_64-darwin/Domen Kožar1-3/+3
Let's step in line with time and document more realistic values.
2016-04-29 BinaryCacheStore: Make the signing key a parameterEelco Dolstra1-10/+0
2016-04-11 Remove manifest supportEelco Dolstra1-12/+0
Manifests have been superseded by binary caches for years. This also gets rid of nix-pull, nix-generate-patches and bsdiff/bspatch.
2016-04-08 Remove failed build cachingEelco Dolstra1-15/+0
This feature was implemented for Hydra, but Hydra no longer uses it.
2016-03-04 Add option binary-cache-secret-key-file for signing binary cachesEelco Dolstra1-0/+10
2015-11-25 Set default binary-caches-parallel-connections to 25Eelco Dolstra1-1/+1
Some benchmarking suggested this as a good value. Running $ benchmark -f ... -t 25 -- sh -c 'rm -f /nix/var/nix/binary-cache*; nix-store -r /nix/store/x5z8a2yvz8h6ccmhwrwrp9igg03575jg-nixos-15.09.git.5fd87e1M.drv --dry-run --option binary-caches-parallel-connections <N>' gave the following mean elapsed times for these values of N: N=10: 3.3541 N=20: 2.9320 N=25: 2.6690 N=30: 2.9417 N=50: 3.2021 N=100: 3.5718 N=150: 4.2079 Memory usage is also reduced (N=150 used 186 MB, N=25 only 68 MB). Closes #708.
2015-11-25 Merge branch 'p/sandbox-rename-minimal' of https://github.com/vcunat/nixEelco Dolstra1-21/+23
2015-11-10 rename `chroot` to `sandbox` (fixes #656, close #682)Vladimír Čunát1-21/+23
- rename options but leav old names as lower-priority aliases, also "-dirs" -> "-paths" to get closer to the meaning - update docs to reflect the new names (old aliases are not documented), including a new file with release notes - tests need an update after corresponding changes to nixpkgs - __noChroot is left as it is (after discussion on the PR)
2015-11-09 Add option to verify build determinismEelco Dolstra1-0/+12
Passing "--option build-repeat <N>" will cause every build to be repeated N times. If the build output differs between any round, the build is rejected, and the output paths are not registered as valid. This is primarily useful to verify build determinism. (We already had a --check option to repeat a previously succeeded build. However, with --check, non-deterministic builds are registered in the DB. Preventing that is useful for Hydra to ensure that non-deterministic builds don't end up getting published at all.)
2015-06-01 Document setting up signed binary cachesEelco Dolstra1-0/+20
2015-04-18 Add the pre-build hook.Shea Levy1-0/+34
This hook can be used to set system-specific per-derivation build settings that don't fit into the derivation model and are too complex or volatile to be hard-coded into nix. Currently, the pre-build hook can only add chroot dirs/files through the interface, but it also has full access to the chroot root. The specific use case for this is systems where the operating system ABI is more complex than just the kernel-support system calls. For example, on OS X there is a set of system-provided frameworks that can reliably be accessed by any program linked to them, no matter the version the program is running on. Unfortunately, those frameworks do not necessarily live in the same locations on each version of OS X, nor do their dependencies, and thus nix needs to know the specific version of OS X currently running in order to make those frameworks available. The pre-build hook is a perfect mechanism for doing just that.
2015-04-18 Revert "Add the pre-build hook."Shea Levy1-33/+0
Going to reimplement differently. This reverts commit 1e4a4a2e9fc382f47f58b448f3ee034cdd28218a.
2015-04-12 Add the pre-build hook.Shea Levy1-0/+33
This hook can be used to set system specific per-derivation build settings that don't fit into the derivation model and are too complex or volatile to be hard-coded into nix. Currently, the pre-build hook can only add chroot dirs/files. The specific use case for this is systems where the operating system ABI is more complex than just the kernel-supported system calls. For example, on OS X there is a set of system-provided frameworks that can reliably be accessed by any program linked to them, no matter the version the program is running on. Unfortunately, those frameworks do not necessarily live in the same locations on each version of OS X, nor do their dependencies, and thus nix needs to know the specific version of OS X currently running in order to make those frameworks available. The pre-build hook is a perfect mechanism for doing just that.
2015-02-23 TypoEelco Dolstra1-1/+1
2015-02-23 Use chroots for all derivationsEelco Dolstra1-14/+22
If ‘build-use-chroot’ is set to ‘true’, fixed-output derivations are now also chrooted. However, unlike normal derivations, they don't get a private network namespace, so they can still access the network. Also, the use of the ‘__noChroot’ derivation attribute is no longer allowed. Setting ‘build-use-chroot’ to ‘relaxed’ gives the old behaviour.
2015-02-23 Add restricted evaluation modeEelco Dolstra1-0/+15
If ‘--option restrict-eval true’ is given, the evaluator will throw an exception if an attempt is made to access any file outside of the Nix search path. This is primarily intended for Hydra, where we don't want people doing ‘builtins.readFile ~/.ssh/id_dsa’ or stuff like that.
2015-02-04 TypoEelco Dolstra1-1/+1
2015-02-04 Require linux 3.13 or later for chrootShea Levy1-1/+2
Fixes #453
2014-12-09 Add option to disable binary cache certificate checkingEelco Dolstra1-0/+9
2014-12-09 Use https://cache.nixos.org instead of http://cache.nixos.orgEelco Dolstra1-1/+1
2014-11-24 'build-cache-failures' -> 'build-cache-failure' in nix.conf documentation.Rob Vermaas1-1/+1
2014-11-04 TypoEelco Dolstra1-1/+1
2014-09-16 Fix references to version.txtEelco Dolstra1-1/+1
2014-08-27 Restructuring the Nix manualMikey Ariel1-0/+538