about summary refs log tree commit diff
path: root/scripts
AgeCommit message (Collapse)AuthorFilesLines
2014-02-26 Fix broken patchEelco Dolstra2-2/+2
2014-02-26 use USER environmental variable if getting user id by getpwuid is failed in ↵Ian-Woo Kim2-2/+2
perl scripts: download-from-binary-cache.pl and nix-channel
2014-02-19 nix-shell: Add --packages flagEelco Dolstra1-1/+11
This allows you to easily set up a build environment containing the specified packages from Nixpkgs. For example: $ nix-shell -p sqlite xorg.libX11 hello will start a shell in which the given packages are present.
2014-02-19 nix-instantiate: Add a flag --expr / -E to read expressions from the command ↵Eelco Dolstra1-7/+15
line This is basically a shortcut for ‘echo 'expr...' | nix-instantiate -’. Also supported by nix-build and nix-shell.
2014-02-19 nix-shell: Don't leave a temporary directory in /tmp behindEelco Dolstra1-0/+1
2014-02-18 Add a flag ‘--check’ to verify build determinismEelco Dolstra1-0/+4
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.
2014-02-17 nix-shell: Execute shellHook if it existsEelco Dolstra1-0/+1
Since normal builds don't execute shellHook, this allows nix-shell specific customisation. Suggested by Domen.
2014-02-10 Force use of BashEelco Dolstra1-1/+1
"echo -n" doesn't work with /bin/sh on Darwin.
2014-02-10 Binary tarball: Automatically create /nixEelco Dolstra1-17/+94
The tarball can now be unpacked anywhere. The installation script uses "sudo" to create /nix if it doesn't exist. It also fetches the nixpkgs-unstable channel.
2014-02-10 Binary tarball: Automatically fetch the Nixpkgs channelEelco Dolstra1-1/+7
2014-02-10 nix-shell: Use shell.nix as the default expression if it existsEelco Dolstra1-1/+2
2014-02-01 Merge branch 'make'Eelco Dolstra4-43/+39
2014-02-01 Fix "make dist"Eelco Dolstra1-2/+0
2014-02-01 Remove AutomakefilesEelco Dolstra1-41/+0
2014-02-01 Update Makefile variable namesEelco Dolstra1-4/+4
2014-01-30 Rename Makefile -> local.mkEelco Dolstra1-0/+0
2014-01-23 nix-shell: Add --impure flagEelco Dolstra1-3/+2
This is currently the default, but I might change that to --pure in the future.
2014-01-23 nix-shell: Preserve the TZ variable of the userEelco Dolstra1-2/+3
2014-01-23 nix-build: RefactorEelco Dolstra1-1/+1
2014-01-21 Merge branch 'master' into makeEelco Dolstra4-12/+46
Conflicts: src/libexpr/eval.cc
2014-01-15 nix-profile.sh: Add the Nixpkgs channel to $NIX_PATHEelco Dolstra1-1/+6
2014-01-13 nix-shell: Don't set NIX_INDENT_MAKEEelco Dolstra1-0/+1
It generally is not useful in interactive environments (and messes up some non-ANSI-compliant terminals).
2014-01-13 nix-shell: Set $IN_NIX_SHELL before evaluatingEelco Dolstra1-2/+2
2014-01-08 Support cryptographically signed binary cachesEelco Dolstra2-7/+35
NAR info files in binary caches can now have a cryptographic signature that Nix will verify before using the corresponding NAR file. To create a private/public key pair for signing and verifying a binary cache, do: $ openssl genrsa -out ./cache-key.sec 2048 $ openssl rsa -in ./cache-key.sec -pubout > ./cache-key.pub You should also come up with a symbolic name for the key, such as "cache.example.org-1". This will be used by clients to look up the public key. (It's a good idea to number keys, in case you ever need to revoke/replace one.) To create a binary cache signed with the private key: $ nix-push --dest /path/to/binary-cache --key ./cache-key.sec --key-name cache.example.org-1 The public key (cache-key.pub) should be distributed to the clients. They should have a nix.conf should contain something like: signed-binary-caches = * binary-cache-public-key-cache.example.org-1 = /path/to/cache-key.pub If all works well, then if Nix fetches something from the signed binary cache, you will see a message like: *** Downloading ‘http://cache.example.org/nar/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’ (signed by ‘cache.example.org-1’) to ‘/nix/store/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’... On the other hand, if the signature is wrong, you get a message like NAR info file `http://cache.example.org/7dppcj5sc1nda7l54rjc0g5l1hamj09j.narinfo' has an invalid signature; ignoring Signatures are implemented as a single line appended to the NAR info file, which looks like this: Signature: 1;cache.example.org-1;HQ9Xzyanq9iV...muQ== Thus the signature has 3 fields: a version (currently "1"), the ID of key, and the base64-encoded signature of the SHA-256 hash of the contents of the NAR info file up to but not including the Signature line. Issue #75.
2014-01-06 Revert "nix-shell: Set $IN_NIX_SHELL before evaluation"Eelco Dolstra1-2/+2
This reverts commit 0c1198cf08576f16633b2344dc6513cefb567cfc.
2013-12-30 nix-shell --pure: Don't clear IN_NIX_SHELLShea Levy1-1/+1
Signed-off-by: Shea Levy <shea@shealevy.com>
2013-12-20 Revert "Scan /proc/<pid>/cmdline for GC roots"Eelco Dolstra1-8/+4
This reverts commit 194e3374b89b8b2dec6296923877304bdb5c6ae2. Checking the command line for GC roots means that $ nix-store --delete $path will fail because $path is now a root because it's mentioned on the command line.
2013-12-20 Scan /proc/<pid>/cmdline for GC rootsEelco Dolstra1-4/+8
2013-12-20 nix-shell: Don't warn about the lack of a GC rootEelco Dolstra1-1/+1
2013-12-20 nix-shell: Set $IN_NIX_SHELL before evaluationEelco Dolstra1-2/+2
This has some hacky applications.
2013-12-20 nix-shell: Handle --option correctlyEelco Dolstra1-1/+1
Fixes #181.
2013-12-17 nix-shell --pure: Keep $TERMEelco Dolstra1-1/+1
2013-12-02 Install bsdiff and bspatch in $(libexecdir)/nixEelco Dolstra1-1/+1
2013-11-25 Add support for ‘make installcheck’Eelco Dolstra1-1/+1
2013-11-25 Rename Makefile.new -> MakefileEelco Dolstra1-0/+0
2013-11-25 Add a Makefile for the scripts directoryEelco Dolstra1-0/+39
2013-10-24 Fix segfault on DarwinEelco Dolstra1-0/+1
Ever since SQLite in Nixpkgs was updated to 3.8.0.2, Nix has randomly segfaulted on Darwin: http://hydra.nixos.org/build/6175515 http://hydra.nixos.org/build/6611038 It turns out that this is because the binary cache substituter somehow ends up loading two versions of SQLite: the one in Nixpkgs and the other from /usr/lib/libsqlite3.dylib. It's not exactly clear why the latter is loaded, but it appears to be because WWW::Curl indirectly loads /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation, which in turn seems to load /usr/lib/libsqlite3.dylib. This leads to a segfault when Perl exits: #0 0x00000001010375f4 in sqlite3_finalize () #1 0x000000010125806e in sqlite_st_destroy () #2 0x000000010124bc30 in XS_DBD__SQLite__st_DESTROY () #3 0x00000001001c8155 in XS_DBI_dispatch () ... #14 0x0000000100023224 in perl_destruct () #15 0x0000000100000d6a in main () ... The workaround is to explicitly load DBD::SQLite before WWW::Curl.
2013-10-18 Don't set $PS1 in non-interactive shellsEelco Dolstra1-1/+1
Shouldn't really matter, but you never know.
2013-10-18 nix-shell: Play nicely with non-interactive shellsShea Levy1-1/+3
nix-shell with the --command flag might be used non-interactively, but if bash starts non-interactively (i.e. with stdin or stderr not a terminal), it won't source the script given in --rcfile. However, in that case it *will* source the script found in $BASH_ENV, so we can use that instead. Also, don't source ~/.bashrc in a non-interactive shell (detectable by checking the PS1 env var) Signed-off-by: Shea Levy <shea@shealevy.com>
2013-10-14 nix-shell: Fix bash completionEelco Dolstra1-0/+1
Nixpkgs's stdenv setup script sets the "nullglob" option, but doing so breaks Bash completion on NixOS (when ‘programs.bash.enableCompletion’ is set) and on Ubuntu. So clear that flag afterwards. Of course, this may break stdenv functions in subtle ways...
2013-09-18 build-remote.pl: Don't use substituters on the remoteEelco Dolstra1-1/+1
It's kinda pointless to check substituters on the remote side, since we just checked them locally.
2013-09-06 nix-shell: Support a .drv as argumentEelco Dolstra1-8/+13
Fixes #161.
2013-07-31 nix-shell: Don't disable Automake dependency trackingEelco Dolstra1-1/+2
Nixpkgs' stdenv disables dependency tracking by default. That makes sense for one-time builds, but in an interactive environment we expect repeated "make" invocations to do the right thing.
2013-07-19 nix-shell: Set $IN_NIX_SHELLEelco Dolstra1-0/+2
This allows scripts to distinguish between a real build and a Nix shell.
2013-07-19 nix-shell: Set some environment variables also set by build.ccEelco Dolstra1-1/+3
Setting $NIX_STORE causes the purity checks in gcc/ld-wrapper to kick in, so that's why we unset $NIX_ENFORCE_PURITY.
2013-07-19 Rename ‘nix-build --run-env’ to ‘nix-shell’Eelco Dolstra2-7/+10
2013-07-19 nix-build --run-env: Add a ‘--pure’ flagEelco Dolstra1-2/+15
This causes the environment to be (almost) cleared, thus giving a shell that more closely resembled the actual Nix derivation.
2013-07-18 Revert "build-remote.pl: Enforce timeouts locally"Eelco Dolstra1-2/+3
This reverts commit 69b8f9980f39c14a59365a188b300a34d625a2cd. The timeout should be enforced remotely. Otherwise, if the garbage collector is running either locally or remotely, if will block the build or closure copying for some time. If the garbage collector takes too long, the build may time out, which is not what we want. Also, on heavily loaded systems, copying large paths to and from the remote machine can take a long time, also potentially resulting in a timeout.
2013-07-11 build-remote.pl: Move "building ..." message to a better placeEelco Dolstra1-1/+1
2013-07-11 nix-build --run-env: Always use BashEelco Dolstra1-1/+1
Fixes #113. Fixes #131.