Age | Commit message (Collapse) | Author | Files | Lines |
|
Substitution is now simply a Store -> Store copy operation, most
typically from BinaryCacheStore to LocalStore.
|
|
This was added to support Hydra, but Hydra no longer uses it.
|
|
This also gets rid of --log-type, since the nested log type isn't
useful in a multi-threaded situation, and nobody cares about the
"pretty" log type.
|
|
Verification is slow. Also, we really shouldn't advise users to nuke
their store.
|
|
install-nix-from-closure improvments
|
|
Manifests have been superseded by binary caches for years. This also
gets rid of nix-pull, nix-generate-patches and bsdiff/bspatch.
|
|
Use the same logic as NixOS' profile and environment setup. Closes #414
|
|
|
|
Just wasted a couple hours chasing shadows because the nix store got
corrupted and there was no indication of that anywhere.
Since an install is one-time only, might as well verify. Optimization
showed that the copied files aren't read-only; fixed that as well.
Also, use /bin/sh since there's a good chance that this script will be
run on systems without /bin/bash
|
|
|
|
This is currently only used by the Hydra queue runner rework, but like
eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful
for the C++ rewrite of nix-push and
download-from-binary-cache. (@shlevy)
|
|
|
|
All other places in the script do this already, so let's be consistent.
|
|
The `set -e` at the top of the script causes the installation to fail to
complete if the shell profile is not writeable. Checking file existence
only is not enough.
|
|
nix-shell shebangs were broken by 9018deab
|
|
The --insecure flag to curl tells curl not to bother checking if the TLS
certificate presented by the server actually matches the hostname
requested, and actually is issued by a trusted CA chain. This almost
entirely negates any benefit from using TLS in the first place.
This removes the --insecure flag to ensure we actually have a secure
connection to the intended hostname before downloading binaries.
Manually tested locally within a dev-shell; was able to download
binaries from https://cache.nixos.org without issue.
[Note: --insecure was only used for fetching NARs, whose integrity is
verified by Nix anyway using the hash from the .narinfo. But if we can
fetch the .narinfo without --insecure, we can also fetch the .nar, so
there is not much point to using --insecure. --Eelco]
|
|
the nix-shell command documentation
|
|
Previously we can't have quoted arguments.
This now allows us to use things like `ghcWithPackages`
|
|
is not writable by the user
|
|
Some benchmarking suggested this as a good value. Running
$ benchmark -f ... -t 25 -- sh -c 'rm -f /nix/var/nix/binary-cache*; nix-store -r /nix/store/x5z8a2yvz8h6ccmhwrwrp9igg03575jg-nixos-15.09.git.5fd87e1M.drv --dry-run --option binary-caches-parallel-connections <N>'
gave the following mean elapsed times for these values of N:
N=10: 3.3541
N=20: 2.9320
N=25: 2.6690
N=30: 2.9417
N=50: 3.2021
N=100: 3.5718
N=150: 4.2079
Memory usage is also reduced (N=150 used 186 MB, N=25 only 68 MB).
Closes #708.
|
|
|
|
|
|
Patch by @pikajude
|
|
|
|
|
|
|
|
This makes that option even more insecure, by also not checking the SSL host.
But without this parameter, one can still get SSL errors even when
"verify-https-binary-caches" is false, which is unexpected IMO.
|
|
|
|
And make exportPath() less spammy by default.
|
|
This reverts commit 76f985b92d95fef967c1f3193d05244ced15420b. We
shouldn't mess with $MANPATH, because on some "man" implementations
(like NixOS'), the default value on $MANPATH is derived from $PATH. So
if you set $MANPATH, you lose the default locations.
|
|
8a84bd8c8bda1e4c6764c10ecdef9d74e4884800
|
|
Fixes #548.
|
|
|
|
|
|
|
|
|
|
Closes #454, #455.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sometimes cd prints to stdout
|
|
|
|
|
|
|
|
|
|
This is not strictly needed for integrity (since we already include
the NAR hash in the fingerprint) but it helps against endless data
attacks [1]. (However, this will also require
download-from-binary-cache.pl to bail out if it receives more than the
specified number of bytes.)
[1] https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf
|
|
In some cases the bash builtin command "cd" can print the variable $CWD
to stdout. This caused the install script to fail while copying files
because the source path was wrong.
Fixes #476.
|