Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Unlike signed-binary-caches (which could only be '*' or ''),
require-sigs is a proper Boolean option. The default is true.
|
|
The name had become a misnomer since it's not only for substitution
from binary caches, but when adding/copying any
(non-content-addressed) path to a store.
|
|
This didn't support specifying a revision/branch, and was restricted
to git:// URIs (since https:// or ssh:// would be ambiguous).
|
|
|
|
+ remove trailing whitespace from the file
|
|
This allows network access in restricted eval mode.
|
|
Accidentally committed this change as part of
f9686885be54a9b0f8947713a414de4ad3182037.
Restricted mode != pure mode.
|
|
Update the language documentation
|
|
Almost all other primops are camelCase so no reason not to use that
here.
|
|
|
|
|
|
|
|
|
|
A couple makefiles in the sources have -std=c++14 in the CFLAGS.
|
|
|
|
Nix can now automatically run the garbage collector during builds or
while adding paths to the store. The option "min-free = <bytes>"
specifies that Nix should run the garbage collector whenever free
space in the Nix store drops below <bytes>. It will then delete
garbage until "max-free" bytes are available.
Garbage collection during builds is asynchronous; running builds are
not paused and new builds are not blocked. However, there also is a
synchronous GC run prior to the first build/substitution.
Currently, no old GC roots are deleted (as in "nix-collect-garbage
-d").
|
|
In particular, drop the "build-" and "gc-" prefixes which are
pointless. So now you can say
nix build --no-sandbox
instead of
nix build --no-build-use-sandbox
|
|
This removes the file nix-mode.el from Nix. The file is now available within the
repository https://github.com/NixOS/nix-mode.
Fixes #662
Fixes #1040
Fixes #1054
Fixes #1055
Closes #1119
Fixes #1419
NOTE: all of the above should be fixed within NixOS/nix-mode. If one of those
hasn’t please reopen within NixOS/nix-mode and not within NixOS/nix.
|
|
|
|
|
|
|
|
The function 'builtins.split' takes a POSIX extended regular expression
and an arbitrary string. It returns a list of non-matching substring
interleaved by lists of matched groups of the regular expression.
```nix
with builtins;
assert split "(a)b" "abc" == [ "" [ "a" ] "c" ];
assert split "([ac])" "abc" == [ "" [ "a" ] "b" [ "c" ] "" ];
assert split "(a)|(c)" "abc" == [ "" [ "a" null ] "b" [ null "c" ] "" ];
assert split "([[:upper:]]+)" " FOO "
== [ " " [ "FOO" ] " " ];
```
|
|
|
|
|
|
except in older release notes where the name was actually Mac OS X.
|
|
|
|
In particular, this allows it to be disabled in our tests.
|
|
And fix a dead link.
|
|
|
|
Not sure about the raw ellipsis.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The second command variant is now its own cmdsynopsis, which ensures
it's not indented as was the case using sbrk.
|
|
This allows builds to call setuid binaries. This was previously
possible until we started using seccomp. Turns out that seccomp by
default disallows processes from acquiring new privileges. Generally,
any use of setuid binaries (except those created by the builder
itself) is by definition impure, but some people were relying on this
ability for certain tests.
Example:
$ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges
builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines:
cannot raise the capability into the Ambient set
: Operation not permitted
$ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges
builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms
Fixes #1429.
|
|
(cherry picked from commit c20641ce569dc1fdeaeaa147b0292f258667f53b)
|
|
(cherry picked from commit 0fb60e4e0f66cc42c7c274acfcf00b51f6c829c4)
|
|
Fix variable name typo in derivations doc
|
|
|
|
|
|
Document fetchTarball can take a sha256
|
|
|
|
Note that I refer to `nix-prefetch-url`.
|
|
|