Age | Commit message (Collapse) | Author | Files | Lines |
|
This makes import-from-derivation work in restricted mode again.
|
|
This makes e.g. 'fetchGit ./.' work (assuming that ./. is an allowed
path).
|
|
Say "copying" instead of "fetching" when copying from another local
store. Nice for nixos-install.
|
|
This is needed by nixos-install, which uses the Nix store on the
installation CD as a substituter. We don't want to disable signature
checking entirely because substitutes from cache.nixos.org should
still be checked. So now we can pas "local?trusted=1" to mark only the
Nix store in /nix as not requiring signatures.
Fixes #1819.
|
|
|
|
Instead, if a fixed-output derivation produces has an incorrect output
hash, we now unconditionally move the outputs to the path
corresponding with the actual hash and register it as valid. Thus,
after correcting the hash in the Nix expression (e.g. in a fetchurl
call), the fixed-output derivation doesn't have to be built again.
It would still be good to have a command for reporting the actual hash
of a fixed-output derivation (instead of throwing an error), but
"nix-build --hash" didn't do that.
|
|
|
|
Note that nix-build always creates indirect roots.
Fixes #1830.
|
|
Closes #323.
|
|
|
|
remote_store: register for NIX_REMOTE=unix://path
|
|
|
|
Following discussion with Shea and Graham. It's a big enough change
from the last release. Also, from a semver perspective, 2.0 makes more
sense because we did remove some interfaces (like nix-pull/nix-push).
|
|
This command upgrades Nix to the latest stable version by installing a
store path obtained from
https://github.com/NixOS/nixpkgs/raw/master/nixos/modules/installer/tools/nix-fallback-paths.nix
which is the same store path that the installer at
https://nixos.org/nix/install.sh uses.
The upgrade fails if Nix is not installed in a profile (e.g. on NixOS,
or when installed outside of the Nix store).
|
|
|
|
|
|
|
|
This allows overriding the socket path so the daemon may be listening at
an arbitrary Unix domain socket location.
Fixes #1800
|
|
Some servers, such as Artifactory, allow uploading with PUT and BASIC
auth. This allows nix copy to work to upload binaries to those
servers.
Worked on together with @adelbertc
|
|
This was for backward compatibility. However, with security-related
configuration settings, it's best not to have any confusion.
Issue #495.
|
|
nlohmann-json: 2.1.1 -> 3.0.1
|
|
environments
|
|
|
|
|
|
Also add a test.
Fixes #1803.
Closes #1805.
|
|
|
|
This makes it easier to provide a default, e.g.
system = builtins.currentSystem or "x86_64-linux";
|
|
|
|
Thus --json no longer produces a list.
|
|
|
|
|
|
In this mode, the following restrictions apply:
* The builtins currentTime, currentSystem and storePath throw an
error.
* $NIX_PATH and -I are ignored.
* fetchGit and fetchMercurial require a revision hash.
* fetchurl and fetchTarball require a sha256 attribute.
* No file system access is allowed outside of the paths returned by
fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is
not allowed.
Thus, the evaluation result is completely reproducible from the
command line arguments. E.g.
nix build --pure-eval '(
let
nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; };
nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; };
in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux
)'
The goal is to enable completely reproducible and traceable
evaluation. For example, a NixOS configuration could be fully
described by a single Git commit hash. 'nixos-rebuild' would do
something like
nix build --pure-eval '(
(import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system
')
where the Git repository /my-nixos-config would use further fetchGit
calls or Git externals to fetch Nixpkgs and whatever other
dependencies it has. Either way, the commit hash would uniquely
identify the NixOS configuration and allow it to reproduced.
|
|
parseExprFromFile() should be avoided since it doesn't cache anything.
|
|
Fixes #1792.
|
|
|
|
Fixes #1791
|
|
Fixes #937
|
|
fetchGit test (as modified in previous commit) now passes.
|
|
|
|
Commit c2154d4c8422ddc1c201d503bb52edff854af2ad renamed
"build-use-substitutes" to "use-substitutes", but that broke
"nix-copy-closure --use-substitutes".
|
|
|
|
* Look for both 'brotli' and 'bro' as external command,
since upstream has renamed it in newer versions.
If neither are found, current runtime behavior
is preserved: try to find 'bro' on PATH.
* Limit amount handed to BrotliEncoderCompressStream
to ensure interrupts are processed in a timely manner.
Testing shows negligible performance impact.
(Other compression sinks don't seem to require this)
|
|
|
|
Fixes #1757.
|
|
Add tests checking this behavior.
|
|
|
|
Fixes #1742.
|
|
Fixes #1738.
|
|
|
|
|