Age | Commit message (Collapse) | Author | Files | Lines |
|
This failed because NixOS' release.nix calls builtins.fetchGit.
|
|
|
|
|
|
- darwin installer: delete hardware report, not necessary
- moves os-specific code from the darwin installer to to `poly_*`
functions
- adds profile.d support to the profile targets, which automatically
handles many distros which don't have a /etc/bashrc but do have an
/etc/profile.d
- /bin/bash -> /usr/bin/env bash
- document why each excluded shellcheck check is excluded
- rename the multi-user to Daemon-based
|
|
pathsFromGraph is legacy since Nix 2.0.
|
|
|
|
|
|
The release does not in fact depend on Ubuntu/Fedora builds (we don't
publish the build results).
|
|
|
|
|
|
|
|
Note that this only requires headers from boost so it doesn't add a
runtime dependency.
Also, use Nixpkgs 18.03.
|
|
Probably should point at the 18.03 release branch once that's made.
|
|
|
|
|
|
|
|
This makes it easier to provide a default, e.g.
system = builtins.currentSystem or "x86_64-linux";
|
|
In this mode, the following restrictions apply:
* The builtins currentTime, currentSystem and storePath throw an
error.
* $NIX_PATH and -I are ignored.
* fetchGit and fetchMercurial require a revision hash.
* fetchurl and fetchTarball require a sha256 attribute.
* No file system access is allowed outside of the paths returned by
fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is
not allowed.
Thus, the evaluation result is completely reproducible from the
command line arguments. E.g.
nix build --pure-eval '(
let
nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; };
nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; };
in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux
)'
The goal is to enable completely reproducible and traceable
evaluation. For example, a NixOS configuration could be fully
described by a single Git commit hash. 'nixos-rebuild' would do
something like
nix build --pure-eval '(
(import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system
')
where the Git repository /my-nixos-config would use further fetchGit
calls or Git externals to fetch Nixpkgs and whatever other
dependencies it has. Either way, the commit hash would uniquely
identify the NixOS configuration and allow it to reproduced.
|
|
|
|
|
|
The VM was running out of RAM while handling debug symbols, which caused the
eu-strip to fail while separating debug symbols.
|
|
|
|
In particular, using fetchGit means we don't need hackery to clean the
source tree when building from an unclean tree.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
E.g.
$ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; }
$ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; }
$ nix eval '(fetchMercurial /tmp/unclean-hg-tree)'
{ branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
|
|
This fixed the build on ubuntu/debian, where dash is the sh.
|
|
These have a GCC (4.9) that is too old.
https://hydra.nixos.org/eval/1391740
|
|
Actually, currently they can only create download activities. Thus,
downloads by builtins.fetchurl show up in the progress bar.
|
|
This removes the file nix-mode.el from Nix. The file is now available within the
repository https://github.com/NixOS/nix-mode.
Fixes #662
Fixes #1040
Fixes #1054
Fixes #1055
Closes #1119
Fixes #1419
NOTE: all of the above should be fixed within NixOS/nix-mode. If one of those
hasn’t please reopen within NixOS/nix-mode and not within NixOS/nix.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This prevents builders from setting the S_ISUID or S_ISGID bits,
preventing users from using a nixbld* user to create a setuid/setgid
binary to interfere with subsequent builds under the same nixbld* uid.
This is based on aszlig's seccomp code
(47f587700d646f5b03a42f2fa57c28875a31efbe).
Reported by Linus Heckemann.
|
|
And add a 116 KiB ash shell from busybox to the release build. This
helps to make sandbox builds work out of the box on non-NixOS systems
and with diverted stores.
|
|
Using linenoise avoids a license compatibility issue (#1356), is a lot
smaller and doesn't pull in ncurses.
|
|
http://hydra.nixos.org/build/52420073
|
|
http://hydra.nixos.org/build/52401151
|
|
|
|
|
|
|
|
Somehow this came back after d1da6967b8891763ce04d668027cf300c9bbf0b2.
|