| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Allow getpwuid in the darwin sandbox
|
|
|
|
fetchMercurial: fix error message
|
|
Don't freak out if we get a 403 from S3
|
|
As far as we're concerned, not being able to access a file just means
the file is missing. Plus, AWS explicitly goes out of its way to
return a 403 if the file is missing and the requester doesn't have
permission to list the bucket.
Also getting rid of an old hack that Eelco said was only relevant
to an older AWS SDK.
|
|
|
|
https://hydra.nixos.org/build/63172338
|
|
|
|
E.g.
$ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; }
$ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; }
$ nix eval '(fetchMercurial /tmp/unclean-hg-tree)'
{ branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
|
|
|
|
For example, you can write
src = fetchgit ./.;
and if ./. refers to an unclean working tree, that tree will be copied
to the Nix store. This removes the need for "cleanSource".
|
|
Allow optional localhost network access to sandboxed derivations
|
|
This will allow bind and connect to 127.0.0.1, which can reduce purity/
security (if you're running a vulnerable service on localhost) but is
also needed for a ton of test suites, so I'm leaving it turned off by
default but allowing certain derivations to turn it on as needed.
It also allows DNS resolution of arbitrary hostnames but I haven't found
a way to avoid that. In principle I'd just want to allow resolving
localhost but that doesn't seem to be possible.
I don't think this belongs under `build-use-sandbox = relaxed` because we
want it on Hydra and I don't think it's the end of the world.
|
|
URIs now have to contain "://" or start with "channel:".
|
|
|
|
|
|
Different URIs can map to the same cache entry if they have the same
revision.
|
|
This allows network access in restricted eval mode.
|
|
This adds rev, shortRev and revCount attributes, equal to what Hydra
provides. E.g.
$ nix eval '(fetchGit https://github.com/NixOS/patchelf.git)'
{ outPath = "/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source"; rev = "29c085fd9d3fc972f75b3961905d6b4ecce7eb2b"; revCount = 303; shortRev = "29c085f"; }
|
|
|
|
Almost all other primops are camelCase so no reason not to use that
here.
|
|
This ensures that it produces the same output as fetchgit:
$ nix eval --raw '(builtins.fetchgit https://github.com/NixOS/patchelf.git)'
/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
$ nix eval --raw '(fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz)'
/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
|
|
The computation of urlHash didn't take the name into account, so
subsequent fetchurl calls with the same URL but a different name would
resolve to the same cached store path.
|
|
|
|
The "name" attribute defaults to "source", which we should use for all
similar functions (e.g. fetchTarball and in Hydra) to ensure that we
get a consistent store path regardless of how the tree is fetched.
"source" is not necessarily a correct label, but using an empty name
is problematic: you get an ugly store path ending in a dash, and it's
impossible to have a fixed-output derivation that produces that path
because ".drv" is not a valid store name.
Fixes #904.
|
|
|
|
https://hydra.nixos.org/build/62945761
|
|
|
|
|
|
|
|
|
|
|
|
You can now say '--store /tmp/nix' instead of '--store local?root=/tmp/nix'.
|
|
In particular, don't show superfluous "fetching path" and "building
path(s)" messages, and show the current round (with --repeat).
|
|
Fixes #1599.
|
|
E.g.
$ nix build nixpkgs.hello --builders 'root@wendy'
[1/0/1 built] building hello-2.10 on ssh://root@wendy: checking for minix/config.h... no
|
|
|
|
This makes the progress indicator show statuses like "connecting to
'root@machine'".
|
|
Also, random cleanup to argument handling.
|
|
This is superfluous since you can now just set "builders" to empty,
e.g. "--builders ''".
|
|
You can now include files via the "builders" option, using the syntax
"@<filename>". Having only one option makes it easier to override
builders completely.
For backward compatibility, the default is "@/etc/nix/machines", or
"@<filename>" for each file name in NIX_REMOTE_SYSTEMS.
|
|
This ensures that command line flags such as --builders get passed
correctly.
|
|
|
|
Fixes the error
error: opening lock file '/nix/var/nix/current-load/main-lock': Permission denied
when using a chroot store.
|
|
Shift Darwin sandbox to separate installed files
|
|
|
|
This reverts commit 908590dc6cfcca3a98755b194d93b2da39aee95c. Since
hydra-server can have a different store URI from hydra-queue-runner
now, we don't really need this.
|
|
|
|
|
|
|
