about summary refs log tree commit diff
path: root/release.nix
AgeCommit message (Collapse)AuthorFilesLines
2018-01-16 Add pure evaluation modeEelco Dolstra1-1/+1
In this mode, the following restrictions apply: * The builtins currentTime, currentSystem and storePath throw an error. * $NIX_PATH and -I are ignored. * fetchGit and fetchMercurial require a revision hash. * fetchurl and fetchTarball require a sha256 attribute. * No file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is not allowed. Thus, the evaluation result is completely reproducible from the command line arguments. E.g. nix build --pure-eval '( let nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; }; nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; }; in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux )' The goal is to enable completely reproducible and traceable evaluation. For example, a NixOS configuration could be fully described by a single Git commit hash. 'nixos-rebuild' would do something like nix build --pure-eval '( (import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system ') where the Git repository /my-nixos-config would use further fetchGit calls or Git externals to fetch Nixpkgs and whatever other dependencies it has. Either way, the commit hash would uniquely identify the NixOS configuration and allow it to reproduced.
2018-01-10 release: access fetchGit from builtins to fix eval w/1.11 (<1.12)Will Dietz1-1/+1
2018-01-04 Fix Fedora 25 i386 RPM buildBenjamin Hipple1-1/+2
2018-01-02 Fix RPM builds by increasing VM memory sizeBenjamin Hipple1-1/+1
The VM was running out of RAM while handling debug symbols, which caused the eu-strip to fail while separating debug symbols.
2017-12-25 Remove debug lineEelco Dolstra1-1/+0
2017-12-22 release.nix: Use fetchTarball and fetchGitEelco Dolstra1-16/+17
In particular, using fetchGit means we don't need hackery to clean the source tree when building from an unclean tree.
2017-12-04 Simplify build by including nlohmann/json.hppEelco Dolstra1-2/+0
2017-11-14 Add dependencies for coverage testEelco Dolstra1-1/+1
2017-11-14 Update lcov filterEelco Dolstra1-1/+1
2017-11-14 Remove ncurses-binEelco Dolstra1-1/+1
2017-11-03 fetchGit: Add a testEelco Dolstra1-0/+3
2017-11-01 Add fetchMercurial primopEelco Dolstra1-1/+1
E.g. $ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)' { branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; } $ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })' { branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; } $ nix eval '(fetchMercurial /tmp/unclean-hg-tree)' { branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
2017-10-06 fixing bashisms in test codeJörg Thalheim1-1/+1
This fixed the build on ubuntu/debian, where dash is the sh.
2017-09-14 Remove Debian 8 and Ubuntu 14.10Eelco Dolstra1-6/+4
These have a GCC (4.9) that is too old. https://hydra.nixos.org/eval/1391740
2017-08-21 Allow builders to create activitiesEelco Dolstra1-0/+2
Actually, currently they can only create download activities. Thus, downloads by builtins.fetchurl show up in the progress bar.
2017-08-19 Remove nix-mode.el from Nix.Matthew Bauer1-1/+1
This removes the file nix-mode.el from Nix. The file is now available within the repository https://github.com/NixOS/nix-mode. Fixes #662 Fixes #1040 Fixes #1054 Fixes #1055 Closes #1119 Fixes #1419 NOTE: all of the above should be fixed within NixOS/nix-mode. If one of those hasn’t please reopen within NixOS/nix-mode and not within NixOS/nix.
2017-07-14 Switch to a fancy multi-user installer on DarwinGraham Christensen1-1/+6
2017-07-14 Shellcheck the existing installerGraham Christensen1-1/+4
2017-07-14 Tarball job: Include libseccomp on Linux onlyEelco Dolstra1-2/+1
2017-06-19 Let hydra choose an alternate list of systemsShea Levy1-3/+1
2017-06-01 Fix coverage jobEelco Dolstra1-1/+1
2017-06-01 RPM, Deb: Add dependency on libseccompEelco Dolstra1-3/+3
2017-05-29 Add test for setuid seccomp filterEelco Dolstra1-0/+5
2017-05-29 Add a seccomp filter to prevent creating setuid/setgid binariesEelco Dolstra1-0/+2
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann.
2017-05-15 Add --with-sandbox-shell configure flagEelco Dolstra1-5/+4
And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores.
2017-05-10 Replace readline by linenoiseEelco Dolstra1-11/+11
Using linenoise avoids a license compatibility issue (#1356), is a lot smaller and doesn't pull in ncurses.
2017-05-03 Fix Ubuntu 16.10 buildEelco Dolstra1-9/+9
http://hydra.nixos.org/build/52420073
2017-05-03 Fix perlBindings.x86_64-darwinEelco Dolstra1-1/+1
http://hydra.nixos.org/build/52401151
2017-04-28 Check for libreadlineEelco Dolstra1-3/+3
2017-04-25 Make "nix repl" buildEelco Dolstra1-1/+2
2017-04-14 Build on aarch64-linuxEelco Dolstra1-1/+1
2017-04-11 Drop WWW::Curl dependencyEelco Dolstra1-1/+0
Somehow this came back after d1da6967b8891763ce04d668027cf300c9bbf0b2.
2017-03-31 Fix evaluation errorEelco Dolstra1-1/+1
2017-03-31 Merge branch 'remove-perl' of https://github.com/shlevy/nixEelco Dolstra1-15/+34
2017-03-30 Remove tabsShea Levy1-3/+3
2017-03-15 Add support for brotli compressionEelco Dolstra1-2/+6
Build logs on cache.nixos.org are compressed using Brotli (since this allows them to be decompressed automatically by Chrome and Firefox), so it's handy if "nix log" can decompress them.
2017-03-05 Add signing and s3 support on darwinShea Levy1-2/+2
2017-02-22 DohEelco Dolstra1-2/+2
2017-02-22 Fix 32-bit RPM/Deb buildsEelco Dolstra1-4/+4
http://hydra.nixos.org/build/49130529
2017-02-21 Drop some Ubuntu releasesEelco Dolstra1-11/+3
2017-02-21 Debian build: Use parallel make and add Ubuntu 16.10Eelco Dolstra1-1/+4
2017-02-21 RPM build: Use parallel makeEelco Dolstra1-1/+2
2017-02-21 Build RPMs for Fedora 25Eelco Dolstra1-4/+4
Disabled hardened build because it makes the linker fail with messages like relocation R_X86_64_PC32 against undefined symbol `BZ2_bzWriteOpen' can not be used when making a shared object; recompile with -fPIC See https://fedoraproject.org/wiki/Changes/Harden_All_Packages.
2017-02-07 Add nix-perl package for the perl bindingsShea Levy1-0/+27
2017-02-07 Remove perl dependency.Shea Levy1-15/+7
Fixes #341
2017-01-27 release.nix: Drop nix-shell referencesEelco Dolstra1-2/+3
2016-12-19 Revert "Merge branch 'seccomp' of https://github.com/aszlig/nix"Eelco Dolstra1-6/+1
This reverts commit 9f3f2e21edb17dbcd674539dff96efb6cceca10c, reversing changes made to 47f587700d646f5b03a42f2fa57c28875a31efbe.
2016-12-15 Merge branch 'seccomp' of https://github.com/aszlig/nixEelco Dolstra1-1/+6
2016-12-06 Drop unused WWW::Curl dependencyEelco Dolstra1-4/+1
2016-11-16 release.nix: Add a test for sandboxingaszlig1-0/+4
Right now it only tests whether seccomp correctly forges the return value of chown, but the long-term goal is to test the full sandboxing functionality at some point in the future. Signed-off-by: aszlig <aszlig@redmoonstudios.org>