| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
In particular, drop the "build-" and "gc-" prefixes which are
pointless. So now you can say
nix build --no-sandbox
instead of
nix build --no-build-use-sandbox
|
|
except in older release notes where the name was actually Mac OS X.
|
|
In particular, this allows it to be disabled in our tests.
|
|
|
|
Not sure about the raw ellipsis.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The second command variant is now its own cmdsynopsis, which ensures
it's not indented as was the case using sbrk.
|
|
This allows builds to call setuid binaries. This was previously
possible until we started using seccomp. Turns out that seccomp by
default disallows processes from acquiring new privileges. Generally,
any use of setuid binaries (except those created by the builder
itself) is by definition impure, but some people were relying on this
ability for certain tests.
Example:
$ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges
builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines:
cannot raise the capability into the Ambient set
: Operation not permitted
$ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges
builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms
Fixes #1429.
|
|
fix the description of --xml and --json
|
|
Those options seem to only apply with --eval and not with --parse.
|
|
This is to simplify remote build configuration. These environment
variables predate nix.conf.
The build hook now has a sensible default (namely build-remote).
The current load is kept in the Nix state directory now.
|
|
better document --meta option for nix-env
|
|
|
|
|
|
|
|
|
|
This makes all config options self-documenting.
Unknown or unparseable config settings and --option flags now cause a
warning.
|
|
|
|
This allows various Store implementations to provide different ways to
get build logs. For example, BinaryCacheStore can get the build logs
from the binary cache.
Also, remove the log-servers option since we can use substituters for
this.
|
|
|
|
|
|
"build-max-jobs" and the "-j" option can now be set to "auto" to use
the number of CPUs in the system. (Unlike build-cores, it doesn't use
0 to imply auto-configuration, because a) magic values are a bad idea
in general; b) 0 is a legitimate value used to disable local
building.)
Fixes #1198.
|
|
|
|
|
|
And also don't refer to f-spot, which apparently no longer exists.
Issue #1170.
|
|
|
|
|
|
For example, you can now set
build-sandbox-paths = /dev/nvidiactl?
to specify that /dev/nvidiactl should only be mounted in the sandbox
if it exists in the host filesystem. This is useful e.g. for EC2
images that should support both CUDA and non-CUDA instances.
|
|
Fixes #1069.
|
|
It's a slight misnomer now because it actually limits *all* downloads,
not just binary cache lookups.
Also add a "enable-http2" option to allow disabling use of HTTP/2
(enabled by default).
|
|
Let's step in line with time and document more realistic values.
|
|
This variable has no reason to exist, given $NIX_STATE_DIR.
|
|
Rarely used, nix copy replaces it.
|
|
Refs #831
|
|
http://hydra.nixos.org/build/36944270
|
|
nix-copy-closure is not using nix-store directly anymore.
|
|
|
|
This also gets rid of --log-type, since the nested log type isn't
useful in a multi-threaded situation, and nobody cares about the
"pretty" log type.
|
|
nix-env: respect meta.outputsToInstall
|
|
Manifests have been superseded by binary caches for years. This also
gets rid of nix-pull, nix-generate-patches and bsdiff/bspatch.
|
|
This feature was implemented for Hydra, but Hydra no longer uses it.
|
|
|
|
http://hydra.nixos.org/build/33087405
|
|
add docs for `nix-store --serve`
|
