Age | Commit message (Collapse) | Author | Files | Lines |
|
This ensures that they can't write to /nix/store. Fixes #2535.
|
|
|
|
|
|
Closes #179.
|
|
Since we're not using multi-part uploads at the moment, we can drop
this patch.
|
|
|
|
config: use all of XDG_CONFIG_DIRS
|
|
Previously, config would only be read from XDG_CONFIG_HOME. This change
allows reading config from additional directories, which enables e.g.
per-project binary caches or chroot stores with the help of direnv.
|
|
|
|
The use of TransferManager has several issues, including that it
doesn't allow setting a Content-Encoding without a patch, and it
doesn't handle exceptions in worker threads (causing termination on
memory allocation failure).
Fixes #2493.
|
|
Since the callback is global we can't refer to 'path' in it. This
could cause a segfault or printing of arbitrary data.
|
|
copyStorePath: Fix hash errors when copying from older store
|
|
This commit partially reverts 48662d151bdf4a38670897beacea9d1bd750376a. When
copying from an older store (in my case a store running Nix 1.11.7), nix would
throw errors about there being no hash. This is fixed by recalculating the hash.
|
|
This makes it easier to use this when testing the installer or when
running the checks with other automated tooling.
|
|
stdenv relies on this. So ignore self-references (but only in legacy non-structured attributes mode).
|
|
|
|
|
|
|
|
remote-store.hh: ConnectionHandle is struct, minor fix warning
|
|
|
|
|
|
|
|
|
|
These are all symlinks to 'nix' now, reducing the installed size by
about ~1.7 MiB.
|
|
Promote verbose-build and log-lines
|
|
This allows commands like
nix build --log-lines 30 nixpkgs.hello
in order to obtain more information in case of a failure.
|
|
Add --graphml option to the nix-store --query command
|
|
In structured-attributes derivations, you can now specify per-output
checks such as:
outputChecks."out" = {
# The closure of 'out' must not be larger than 256 MiB.
maxClosureSize = 256 * 1024 * 1024;
# It must not refer to C compiler or to the 'dev' output.
disallowedRequisites = [ stdenv.cc "dev" ];
};
outputChecks."dev" = {
# The 'dev' output must not be larger than 128 KiB.
maxSize = 128 * 1024;
};
Also fixed a bug in allowedRequisites that caused it to ignore
self-references.
|
|
The `--graphml` option can be used instead.
|
|
This prints the references graph of the store paths in the graphML
format [1]. The graphML format is supported by several graph tools
such as the Python Networkx library or the Apache Thinkerpop project.
[1] http://graphml.graphdrawing.org
|
|
$ nix-store -qR /nix/store/fnord
nix-store: src/libstore/store-api.cc:80: std::__cxx11::string nix::storePathToHash(const Path&): Assertion `base.size() >= storePathHashLen' failed.
Aborted
|
|
Fixes #2075.
|
|
Since its superclass RemoteStore::Connection contains 'to' and 'from'
fields that refer to the file descriptor maintained in the subclass,
it was possible for the flush() call in Connection::~Connection() to
write to a closed file descriptor (or worse, a file descriptor now
referencing another file). So make sure that the file descriptor
survives 'to' and 'from'.
|
|
Fix overflow when verifying signatures of content addressable paths
|
|
|
|
For example, this prevents a "kvm" build on machines that don't have
KVM.
Fixes #2012.
|
|
This is primarily because Derivation::{can,will}BuildLocally() depends
on attributes like preferLocalBuild and requiredSystemFeatures, but it
can't handle them properly because it doesn't have access to the
structured attributes.
|
|
|
|
E.g. __noChroot and allowedReferences now work correctly. We also now
check that the attribute type is correct. For instance, instead of
allowedReferences = "out";
you have to write
allowedReferences = [ "out" ];
Fixes #2453.
|
|
This meant that making a typo in an s3:// URI would cause a bucket to
be created. Also it didn't handle eventual consistency very well. Now
it's up to the user to create the bucket.
|
|
nix-shell: add bashInteractive to the start of the PATH, set SHELL
|
|
Tools which re-exec `$SHELL` or `$0` or `basename $SHELL` or even just
`bash` will otherwise get the non-interactive bash, providing a
broken shell for the same reasons described in
https://github.com/NixOS/nixpkgs/issues/27493.
Extends c94f3d5575d7af5403274d1e9e2f3c9d72989751
|
|
Presumably this refers to ./default.nix but the support for that in
'nix' is tenuous. Also folders are a Mac thing.
|
|
Calculating roots seems significantly slower on darwin compared to
linux. Checking for /profile/ links could show some false positives but
should still catch most issues.
|
|
* Don't wait forever for the client to remove data from the
buffer. This does mean that the buffer can grow without bounds
(e.g. when downloading is faster than writing to disk), but meh.
* Don't hold the state lock while calling the sink. The sink could
take any amount of time to process the data (in particular when it's
actually a coroutine), so we don't want to block the download
thread.
|
|
|
|
In particular this causes copyStorePath() from HttpBinaryCacheStore to
only start a download if needed. E.g. if the destination LocalStore
goes to sleep waiting for the path lock and another process creates
the path, then LocalStore::addToStore() will never read from the
source so we don't have to do the download.
|
|
Changes
std::bad_alloc
into
bad archive: input doesn't look like a Nix archive
|
|
|
|
(cherry picked from commit a94a2eb1cb1c81e90a7529be5fecac27899a3442)
|