about summary refs log tree commit diff
path: root/src/libexpr
AgeCommit message (Collapse)AuthorFilesLines
2018-02-06 realiseContext(): Add derivation outputs to the allowed pathsEelco Dolstra1-10/+24
This makes import-from-derivation work in restricted mode again.
2018-02-06 checkURI(): Check file URIs against allowedPathsEelco Dolstra1-0/+12
This makes e.g. 'fetchGit ./.' work (assuming that ./. is an allowed path).
2018-01-19 Don't use [[noreturn]]Eelco Dolstra1-6/+3
2018-01-18 Don't define builtins.{currentSystem,currentTime} in pure modeEelco Dolstra1-6/+2
This makes it easier to provide a default, e.g. system = builtins.currentSystem or "x86_64-linux";
2018-01-17 TypoEelco Dolstra1-1/+1
2018-01-16 Add pure evaluation modeEelco Dolstra5-44/+94
In this mode, the following restrictions apply: * The builtins currentTime, currentSystem and storePath throw an error. * $NIX_PATH and -I are ignored. * fetchGit and fetchMercurial require a revision hash. * fetchurl and fetchTarball require a sha256 attribute. * No file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is not allowed. Thus, the evaluation result is completely reproducible from the command line arguments. E.g. nix build --pure-eval '( let nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; }; nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; }; in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux )' The goal is to enable completely reproducible and traceable evaluation. For example, a NixOS configuration could be fully described by a single Git commit hash. 'nixos-rebuild' would do something like nix build --pure-eval '( (import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system ') where the Git repository /my-nixos-config would use further fetchGit calls or Git externals to fetch Nixpkgs and whatever other dependencies it has. Either way, the commit hash would uniquely identify the NixOS configuration and allow it to reproduced.
2018-01-12 import, builtins.readFile: Handle diverted storesEelco Dolstra3-6/+25
Fixes #1791
2018-01-09 fetchGit: fix creation of uninitialized cache dir, let git create itWill Dietz1-1/+0
fetchGit test (as modified in previous commit) now passes.
2018-01-02 Add hasContext primopShea Levy1-0/+9
2017-12-22 fetchGit: Fix handling of local repo when not using 'master' branchWill Dietz1-1/+5
Add tests checking this behavior.
2017-12-14 json-to-value: Throw sensible error message on invalid numbersBen Gamari1-4/+10
2017-12-05 Merge branch 'fetchGit-fast-revision-update'Shea Levy1-24/+35
2017-11-24 nix-shell/nix-build: Support .drv files againEelco Dolstra2-0/+29
Fixes #1663. Also handle '!<output-name>' (#1694).
2017-11-24 fetchGit: Ignore tarballTtl if rev is set and not in the repo.Shea Levy1-24/+35
Fixes #1697.
2017-11-21 fetchGit/fetchMercurial: Fix directory inclusion checkEelco Dolstra2-4/+6
E.g. the existence of .gitignore would cause .git to be included.
2017-11-14 Revert "Don't parse "x:x" as a URI"Eelco Dolstra1-1/+1
This reverts commit f90f660b243866b8860eeb24cc4a345d32cc7ce7. This broke Hydra's release.nix, which contained preCheck = ''export LOGNAME=${LOGNAME:-foo}'';
2017-11-03 fetchgit.cc -> fetchGit.ccEelco Dolstra1-0/+0
2017-11-03 Remove git:// support in NIX_PATHEelco Dolstra3-31/+9
This didn't support specifying a revision/branch, and was restricted to git:// URIs (since https:// or ssh:// would be ambiguous).
2017-11-03 fetchGit/fetchMercurial: Filter out directories with untracked filesEelco Dolstra2-8/+16
2017-11-03 fetchGit: Add a testEelco Dolstra1-1/+1
2017-11-03 fetchGit: Don't do a remote fetch if we already have the revEelco Dolstra1-15/+23
2017-11-02 fetchMercurial: fix error messagetv1-1/+1
2017-11-01 Fix buildEelco Dolstra2-2/+2
https://hydra.nixos.org/build/63172338
2017-11-01 fetchMercurial: Don't fetch hashes we already haveEelco Dolstra1-9/+19
2017-11-01 Add fetchMercurial primopEelco Dolstra2-2/+189
E.g. $ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)' { branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; } $ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })' { branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; } $ nix eval '(fetchMercurial /tmp/unclean-hg-tree)' { branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
2017-10-31 Fix filterSourceEelco Dolstra1-32/+14
2017-10-30 builtins.fetchgit: Support importing a working treeEelco Dolstra3-7/+47
For example, you can write src = fetchgit ./.; and if ./. refers to an unclean working tree, that tree will be copied to the Nix store. This removes the need for "cleanSource".
2017-10-30 Don't parse "x:x" as a URIEelco Dolstra1-1/+1
URIs now have to contain "://" or start with "channel:".
2017-10-30 Make "fetchGit /path" workEelco Dolstra1-5/+5
2017-10-30 fetchGit: Fix broken assertionEelco Dolstra1-1/+1
Different URIs can map to the same cache entry if they have the same revision.
2017-10-30 Add option allowed-urisEelco Dolstra4-5/+27
This allows network access in restricted eval mode.
2017-10-30 builtins.fetchGit: Return an attrset with revision infoEelco Dolstra3-18/+54
This adds rev, shortRev and revCount attributes, equal to what Hydra provides. E.g. $ nix eval '(fetchGit https://github.com/NixOS/patchelf.git)' { outPath = "/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source"; rev = "29c085fd9d3fc972f75b3961905d6b4ecce7eb2b"; revCount = 303; shortRev = "29c085f"; }
2017-10-30 enable-http2 -> http2Eelco Dolstra1-1/+1
2017-10-30 fetchgit -> fetchGitEelco Dolstra1-4/+4
Almost all other primops are camelCase so no reason not to use that here.
2017-10-30 fetchTarball: Use "source" as the default nameEelco Dolstra1-4/+4
This ensures that it produces the same output as fetchgit: $ nix eval --raw '(builtins.fetchgit https://github.com/NixOS/patchelf.git)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source $ nix eval --raw '(fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)' /nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
2017-10-30 fetchurl/fetchTarball: Respect name changesEelco Dolstra1-1/+1
The computation of urlHash didn't take the name into account, so subsequent fetchurl calls with the same URL but a different name would resolve to the same cached store path.
2017-10-30 builtins.fetchgit: Don't mess up the progress indicatorEelco Dolstra1-3/+5
2017-10-30 builtins.fetchgit: Support a "name" attributeEelco Dolstra2-11/+18
The "name" attribute defaults to "source", which we should use for all similar functions (e.g. fetchTarball and in Hydra) to ensure that we get a consistent store path regardless of how the tree is fetched. "source" is not necessarily a correct label, but using an empty name is problematic: you get an ugly store path ending in a dash, and it's impossible to have a fixed-output derivation that produces that path because ".drv" is not a valid store name. Fixes #904.
2017-10-29 nix repl :t: Indicate strings that have a contextEelco Dolstra1-1/+1
2017-10-25 Bump language versionEelco Dolstra1-1/+1
2017-10-25 Pass lists/attrsets to bash as (associative) arraysEelco Dolstra1-3/+3
2017-10-24 nix: Respect -I, --arg, --argstrEelco Dolstra4-87/+83
Also, random cleanup to argument handling.
2017-10-17 fetchgit: Remove incomplete/unneeded ref check.Shea Levy1-5/+0
This check fails for tags and branches, and is made redundant by the checks git itself will do when fetching the repo.
2017-10-16 fetchgit: Remove incomplete/unneeded isURI check.Shea Levy1-4/+1
This check spuriously fails for e.g. git@github.com:NixOS/nixpkgs.git, and even for ssh://git@github.com/NixOS/nixpkgs.git, and is made redundant by the checks git itself will do when fetching the repo. We instead pass a -- before passing the URI to git to avoid injection.
2017-08-15 Add builtins.string function.Nicolas B. Pierron1-0/+68
The function 'builtins.split' takes a POSIX extended regular expression and an arbitrary string. It returns a list of non-matching substring interleaved by lists of matched groups of the regular expression. ```nix with builtins; assert split "(a)b" "abc" == [ "" [ "a" ] "c" ]; assert split "([ac])" "abc" == [ "" [ "a" ] "b" [ "c" ] "" ]; assert split "(a)|(c)" "abc" == [ "" [ "a" null ] "b" [ null "c" ] "" ]; assert split "([[:upper:]]+)" " FOO " == [ " " [ "FOO" ] " " ]; ```
2017-07-30 Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim11-109/+109
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-27 builtins.fetchgit: Support specifying commit hashesEelco Dolstra2-9/+29
This adds an argument "rev" specififying the Git commit hash. The existing argument "rev" is renamed to "ref". The default value for "ref" is "master". When specifying a hash, it's necessary to specify a ref since we're not cloning the entire repository but only fetching a specific ref. Example usage: builtins.fetchgit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-16.03"; rev = "c1c0484041ab6f9c6858c8ade80a8477c9ae4442"; };
2017-07-27 builtins.fetchgit: Respect tarball-ttlEelco Dolstra1-1/+19
I.e. if the local ref is more recent than tarball-ttl seconds, then don't check the remote.
2017-07-27 builtins.fetchgit: Use proper refs locallyEelco Dolstra1-4/+3
2017-07-27 builtins.fetchgit: Cache hash -> store path mappingsEelco Dolstra1-2/+18
This prevents an expensive call to addToStore() in the cached case.
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-10-13T08·21+0000