about summary refs log tree commit diff
path: root/src/libexpr/primops.cc
AgeCommit message (Collapse)AuthorFilesLines
2018-02-06 realiseContext(): Add derivation outputs to the allowed pathsEelco Dolstra1-10/+24
This makes import-from-derivation work in restricted mode again.
2018-01-18 Don't define builtins.{currentSystem,currentTime} in pure modeEelco Dolstra1-6/+2
This makes it easier to provide a default, e.g. system = builtins.currentSystem or "x86_64-linux";
2018-01-17 TypoEelco Dolstra1-1/+1
2018-01-16 Add pure evaluation modeEelco Dolstra1-9/+35
In this mode, the following restrictions apply: * The builtins currentTime, currentSystem and storePath throw an error. * $NIX_PATH and -I are ignored. * fetchGit and fetchMercurial require a revision hash. * fetchurl and fetchTarball require a sha256 attribute. * No file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is not allowed. Thus, the evaluation result is completely reproducible from the command line arguments. E.g. nix build --pure-eval '( let nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; }; nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; }; in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux )' The goal is to enable completely reproducible and traceable evaluation. For example, a NixOS configuration could be fully described by a single Git commit hash. 'nixos-rebuild' would do something like nix build --pure-eval '( (import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system ') where the Git repository /my-nixos-config would use further fetchGit calls or Git externals to fetch Nixpkgs and whatever other dependencies it has. Either way, the commit hash would uniquely identify the NixOS configuration and allow it to reproduced.
2018-01-12 import, builtins.readFile: Handle diverted storesEelco Dolstra1-6/+6
Fixes #1791
2018-01-02 Add hasContext primopShea Levy1-0/+9
2017-10-31 Fix filterSourceEelco Dolstra1-32/+14
2017-10-30 Add option allowed-urisEelco Dolstra1-2/+1
This allows network access in restricted eval mode.
2017-10-30 enable-http2 -> http2Eelco Dolstra1-1/+1
2017-10-30 fetchTarball: Use "source" as the default nameEelco Dolstra1-4/+4
This ensures that it produces the same output as fetchgit: $ nix eval --raw '(builtins.fetchgit https://github.com/NixOS/patchelf.git)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source $ nix eval --raw '(fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
2017-10-30 fetchurl/fetchTarball: Respect name changesEelco Dolstra1-1/+1
The computation of urlHash didn't take the name into account, so subsequent fetchurl calls with the same URL but a different name would resolve to the same cached store path.
2017-10-25 Bump language versionEelco Dolstra1-1/+1
2017-10-25 Pass lists/attrsets to bash as (associative) arraysEelco Dolstra1-3/+3
2017-08-15 Add builtins.string function.Nicolas B. Pierron1-0/+68
The function 'builtins.split' takes a POSIX extended regular expression and an arbitrary string. It returns a list of non-matching substring interleaved by lists of matched groups of the regular expression. ```nix with builtins; assert split "(a)b" "abc" == [ "" [ "a" ] "c" ]; assert split "([ac])" "abc" == [ "" [ "a" ] "b" [ "c" ] "" ]; assert split "(a)|(c)" "abc" == [ "" [ "a" null ] "b" [ null "c" ] "" ]; assert split "([[:upper:]]+)" " FOO " == [ " " [ "FOO" ] " " ]; ```
2017-07-30 Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim1-54/+54
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-10 Merge pull request #1428 from rimmington/clearer-regex-space-errorEelco Dolstra1-2/+7
Clearer error message when regex exceeds space limit
2017-07-10 Clearer error message when regex exceeds space limitRhys1-2/+7
2017-07-04 Support base-64 hashesEelco Dolstra1-4/+4
Also simplify the Hash API. Fixes #1437.
2017-05-17 builtins.match: Improve error message for bad regular expressionEelco Dolstra1-16/+23
Issue #1331.
2017-05-16 Improve progress indicatorEelco Dolstra1-6/+2
2017-05-15 Disallow outputHash being null or an empty stringEelco Dolstra1-4/+5
Fixes #1384.
2017-03-31 builtins.exec: Make the argument just a listShea Levy1-22/+9
2017-03-30 Add exec primop behind allow-unsafe-native-code-during-evaluation.Shea Levy1-1/+55
Execute a given program with the (optional) given arguments as the user running the evaluation, parsing stdout as an expression to be evaluated. There are many use cases for nix that would benefit from being able to run arbitrary code during evaluation, including but not limited to: * Automatic git fetching to get a sha256 from a git revision * git rev-parse HEAD * Automatic extraction of information from build specifications from other tools, particularly language-specific package managers like cabal or npm * Secrets decryption (e.g. with nixops) * Private repository fetching Ideally, we would add this functionality in a more principled way to nix, but in the mean time 'builtins.exec' can be used to get these tasks done. The primop is only available when the 'allow-unsafe-native-code-during-evaluation' nix option is true. That flag also enables the 'importNative' primop, which is strictly more powerful but less convenient (since it requires compiling a plugin against the running version of nix).
2017-03-08 Add option to disable import-from-derivation completely, even if the drv is ↵Shea Levy1-0/+2
already realized
2017-01-26 Add support for passing structured data to buildersEelco Dolstra1-39/+88
Previously, all derivation attributes had to be coerced into strings so that they could be passed via the environment. This is lossy (e.g. lists get flattened, necessitating configureFlags vs. configureFlagsArray, of which the latter cannot be specified as an attribute), doesn't support attribute sets at all, and has size limitations (necessitating hacks like passAsFile). This patch adds a new mode for passing attributes to builders, namely encoded as a JSON file ".attrs.json" in the current directory of the builder. This mode is activated via the special attribute __structuredAttrs = true; (The idea is that one day we can set this in stdenv.mkDerivation.) For example, stdenv.mkDerivation { __structuredAttrs = true; name = "foo"; buildInputs = [ pkgs.hello pkgs.cowsay ]; doCheck = true; hardening.format = false; } results in a ".attrs.json" file containing (sans the indentation): { "buildInputs": [], "builder": "/nix/store/ygl61ycpr2vjqrx775l1r2mw1g2rb754-bash-4.3-p48/bin/bash", "configureFlags": [ "--with-foo", "--with-bar=1 2" ], "doCheck": true, "hardening": { "format": false }, "name": "foo", "nativeBuildInputs": [ "/nix/store/10h6li26i7g6z3mdpvra09yyf10mmzdr-hello-2.10", "/nix/store/4jnvjin0r6wp6cv1hdm5jbkx3vinlcvk-cowsay-3.03" ], "propagatedBuildInputs": [], "propagatedNativeBuildInputs": [], "stdenv": "/nix/store/f3hw3p8armnzy6xhd4h8s7anfjrs15n2-stdenv", "system": "x86_64-linux" } "passAsFile" is ignored in this mode because it's not needed - large strings are included directly in the JSON representation. It is up to the builder to do something with the JSON representation. For example, in bash-based builders, lists/attrsets of string values could be mapped to bash (associative) arrays.
2017-01-26 Bindings: Add a method for iterating in lexicographically sorted orderEelco Dolstra1-6/+3
2017-01-24 Revert "Propagate path context via builtins.readFile"Eelco Dolstra1-1/+1
This reverts commit f7f0116dd727ac954fb04d9ef9b9fe7ec034e563. Issue #1174.
2017-01-24 Revert "builtins.readFile: Put the references of the file, not those needed ↵Eelco Dolstra1-3/+0
to realize the file, into the context" Reverting commit 451c223deea17918454ae083dcfc0ea2b6103cab for now because it breaks http://hydra.nixos.org/build/46805136, not clear why.
2017-01-10 builtins.readFile: Put the references of the file, not those needed to ↵Shea Levy1-0/+3
realize the file, into the context
2016-11-26 Revert "Get rid of unicode quotes (#1140)"Eelco Dolstra1-57/+57
This reverts commit f78126bfd6b6c8477fcdbc09b2f98772dbe9a1e7. There really is no need for such a massive change...
2016-11-25 Get rid of unicode quotes (#1140)Guillaume Maudoux1-57/+57
2016-10-26 Fix SIGFPE from integer overflow during divisionTuomas Tynkkynen1-3/+9
On some architectures (like x86_64 or i686, but not ARM for example) overflow during integer division causes a crash due to SIGFPE. Reproduces on a 64-bit system with: nix-instantiate --eval -E '(-9223372036854775807 - 1) / -1' The only way this can happen is when the smallest possible integer is divided by -1, so just special-case that.
2016-10-19 fixup! replace own regex class with std::regexAlexander Ried1-1/+4
2016-10-18 replace own regex class with std::regexAlexander Ried1-11/+10
2016-09-21 printMsg(lvlError, ...) -> printError(...) etc.Eelco Dolstra1-2/+2
2016-09-14 Enable HTTP/2 supportEelco Dolstra1-1/+1
The binary cache store can now use HTTP/2 to do lookups. This is much more efficient than HTTP/1.1 due to multiplexing: we can issue many requests in parallel over a single TCP connection. Thus it's no longer necessary to use a bunch of concurrent TCP connections (25 by default). For example, downloading 802 .narinfo files from https://cache.nixos.org/, using a single TCP connection, takes 11.8s with HTTP/1.1, but only 0.61s with HTTP/2. This did require a fairly substantial rewrite of the Downloader class to use the curl multi interface, because otherwise curl wouldn't be able to do multiplexing for us. As a bonus, we get connection reuse even with HTTP/1.1. All downloads are now handled by a single worker thread. Clients call Downloader::enqueueDownload() to tell the worker thread to start the download, getting a std::future to the result.
2016-08-29 forceBool(): Show position infoEelco Dolstra1-9/+10
2016-08-29 Add builtin function "partition"Eelco Dolstra1-0/+35
The implementation of "partition" in Nixpkgs is O(n^2) (because of the use of ++), and for some reason was causing stack overflows in multi-threaded evaluation (not sure why). This reduces "nix-env -qa --drv-path" runtime by 0.197s and memory usage by 298 MiB (in non-Boehm mode).
2016-08-17 Add a mechanism for derivation attributes to reference the derivation's outputsEelco Dolstra1-0/+14
For example, you can now say: configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev"}"; The strings returned by the ‘placeholder’ builtin are replaced at build time by the actual store paths corresponding to the specified outputs. Previously, you had to work around the inability to self-reference by doing stuff like: preConfigure = '' configureFlags+=" --prefix $out --includedir=$dev" ''; or rely on ad-hoc variable interpolation semantics in Autoconf or Make (e.g. --prefix=\$(out)), which doesn't always work.
2016-08-16 Merge pull request #1031 from abbradar/replacestrings-contextEelco Dolstra1-7/+17
Allow contexted strings in replaceStrings
2016-08-16 Allow contexted strings in replaceStringsNikolay Amiantov1-7/+17
2016-08-15 builtins.fetch{url,tarball}: Allow name attributeShea Levy1-4/+7
2016-07-26 makeFixedOutputPath(): Drop superfluous HashType argumentEelco Dolstra1-1/+1
2016-07-26 builtins.{fetchurl,fetchTarball}: Support a sha256 attributeEelco Dolstra1-3/+7
Also, allow builtins.{fetchurl,fetchTarball} in restricted mode if a hash is specified.
2016-06-01 Make the store directory a member variable of StoreEelco Dolstra1-10/+10
2016-05-04 Cleanup: Remove singleton()Eelco Dolstra1-7/+6
2016-04-25 Improved logging abstractionEelco Dolstra1-4/+4
This also gets rid of --log-type, since the nested log type isn't useful in a multi-threaded situation, and nobody cares about the "pretty" log type.
2016-04-14 Make the search path lazier with non-fatal errorsEelco Dolstra1-11/+12
Thus, -I / $NIX_PATH entries are now downloaded only when they are needed for evaluation. An error to download an entry is a non-fatal warning (just like non-existant paths). This does change the semantics of builtins.nixPath, which now returns the original, rather than resulting path. E.g., before we had [ { path = "/nix/store/hgm3yxf1lrrwa3z14zpqaj5p9vs0qklk-nixexprs.tar.xz"; prefix = "nixpkgs"; } ... ] but now [ { path = "https://nixos.org/channels/nixos-16.03/nixexprs.tar.xz"; prefix = "nixpkgs"; } ... ] Fixes #792.
2016-04-14 Make primop registration pluggableEelco Dolstra1-0/+15
This way we don't have to put all primops in one giant file.
2016-03-04 Propagate path context via builtins.readFileNikolay Amiantov1-1/+1