Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Otherwise, running e.g.
nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"'
would just hang in an infinite loop.
Found by afl-fuzz.
First attempt of this was reverted in e2d71bd1862cdda because it caused
another infinite loop, which is fixed now and a test added.
|
|
|
|
|
|
This reverts commit 4ea9707591beceacf9988b3c185faf50da238403.
It causes an infinite loop in Nixpkgs evaluation,
e.g. "nix-instantiate -A hello" hung.
PR #1886.
|
|
Otherwise, running e.g.
nix-instantiate --eval -E --strict 'builtins.replaceStrings [""] ["X"] "abc"'
would just hang in an infinite loop.
Found by afl-fuzz.
|
|
Avoids ~180,000 string temporaries created when evaluating a headless
NixOS system.
|
|
|
|
drvName is already assigned to the same value right at the start of the
function.
|
|
|
|
Boehm guarantees that memory returned by GC_malloc() is zeroed, so take
advantage of that.
|
|
Instead of having lexicographicOrder() create a temporary sorted array
of Attr*:s and copying attr names from that, copy the attr names
first and then sort that.
|
|
Avoids some malloc() traffic.
|
|
Fixes #1868.
|
|
|
|
Flattens the list of statistics as suggested in
https://github.com/NixOS/ofborg/issues/67. This makes it easier to work
with.
|
|
This enables plugins to add new constants, as well as new primops.
|
|
Add path primop.
|
|
builtins.path allows specifying the name of a path (which makes paths
with store-illegal names now addable), allows adding paths with flat
instead of recursive hashes, allows specifying a filter (so is a
generalization of filterSource), and allows specifying an expected
hash (enabling safe path adding in pure mode).
|
|
This makes import-from-derivation work in restricted mode again.
|
|
This makes e.g. 'fetchGit ./.' work (assuming that ./. is an allowed
path).
|
|
|
|
This makes it easier to provide a default, e.g.
system = builtins.currentSystem or "x86_64-linux";
|
|
|
|
In this mode, the following restrictions apply:
* The builtins currentTime, currentSystem and storePath throw an
error.
* $NIX_PATH and -I are ignored.
* fetchGit and fetchMercurial require a revision hash.
* fetchurl and fetchTarball require a sha256 attribute.
* No file system access is allowed outside of the paths returned by
fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is
not allowed.
Thus, the evaluation result is completely reproducible from the
command line arguments. E.g.
nix build --pure-eval '(
let
nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; };
nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; };
in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux
)'
The goal is to enable completely reproducible and traceable
evaluation. For example, a NixOS configuration could be fully
described by a single Git commit hash. 'nixos-rebuild' would do
something like
nix build --pure-eval '(
(import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system
')
where the Git repository /my-nixos-config would use further fetchGit
calls or Git externals to fetch Nixpkgs and whatever other
dependencies it has. Either way, the commit hash would uniquely
identify the NixOS configuration and allow it to reproduced.
|
|
Fixes #1791
|
|
fetchGit test (as modified in previous commit) now passes.
|
|
|
|
Add tests checking this behavior.
|
|
|
|
|
|
Fixes #1663.
Also handle '!<output-name>' (#1694).
|
|
Fixes #1697.
|
|
E.g. the existence of .gitignore would cause .git to be included.
|
|
This reverts commit f90f660b243866b8860eeb24cc4a345d32cc7ce7.
This broke Hydra's release.nix, which contained
preCheck = ''export LOGNAME=${LOGNAME:-foo}'';
|
|
|
|
This didn't support specifying a revision/branch, and was restricted
to git:// URIs (since https:// or ssh:// would be ambiguous).
|
|
|
|
|
|
|
|
|
|
https://hydra.nixos.org/build/63172338
|
|
|
|
E.g.
$ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; }
$ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; }
$ nix eval '(fetchMercurial /tmp/unclean-hg-tree)'
{ branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
|
|
|
|
For example, you can write
src = fetchgit ./.;
and if ./. refers to an unclean working tree, that tree will be copied
to the Nix store. This removes the need for "cleanSource".
|
|
URIs now have to contain "://" or start with "channel:".
|
|
|
|
Different URIs can map to the same cache entry if they have the same
revision.
|