Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
propagated-user-env-packages files in nixpkgs aren't all terminated by
newlines, as buildenv expected. Now it does not require a terminating
newline; note that this introduces a behaviour change: propagated user
env packages may now be spread across multiple lines. However, nix
1.11.x still expects them to be on a single line so this shouldn't be
used in nixpkgs for now.
|
|
|
|
The storeUri variable in the build-remote hook is declared very much to
the start of the main function and a bunch of lines later, the same
variable gets checked via hasPrefix() but it gets assigned *after* that
check when the most suitable machine for the build was choosen.
So I guess this was just a typo in d16fd2497374671c92cb877f9570d65783a7
and what we really want is to either checkd the prefix *after* assigning
storeUri or use bestMachine->storeUri directly.
I choose the latter, because the former could introduce even more
regressions if the try block where the variable gets assigned terminates
early.
Nevertheless, the reason why the log output didn't work is because
hasPrefix() checked for "ssh://" in front of storeUri, but if the
storeUri isn't set correctly (or at all), we don't get the log file
descriptor set up properly, leading to no log output.
I've adjusted the remote-builds test to include a regression test for
this, so that we can make sure we get a build output when using remote
builds.
In addition to that I've tested this with two of my build farms and the
build logs are emitted correctly again.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
Fixes #1663.
Also handle '!<output-name>' (#1694).
|
|
E.g. the existence of .gitignore would cause .git to be included.
|
|
|
|
Thus,
$ nix eval --raw '("foo")'
foo
$ nix eval --raw nixpkgs.hello
/nix/store/1y6ckg6khrdsvll54s5spcmf3w6ka9k4-hello-2.10
$ nix eval --raw '(/etc/resolv.conf)'
/nix/store/vml92ama92i8mz013nny461mlvg8mvap-resolv.conf
|
|
|
|
Parenthetical to #1686, we don't need to create a new root if we can
just bind-mount on top of the existing /nix/store.
|
|
Fixes #1686.
|
|
Unlike signed-binary-caches (which could only be '*' or ''),
require-sigs is a proper Boolean option. The default is true.
|
|
|
|
The name had become a misnomer since it's not only for substitution
from binary caches, but when adding/copying any
(non-content-addressed) path to a store.
|
|
Fix (highly unlikely) race condition in readLink
|
|
|
|
This allows specifying the AWS configuration profile to use. E.g.
nix copy --from s3://my-cache?profile=aws-dev-account /nix/store/cf3isrlqavvd5w7rpky1fa8j9lcnlggm-...
|
|
|
|
|
|
This reverts commit f90f660b243866b8860eeb24cc4a345d32cc7ce7.
This broke Hydra's release.nix, which contained
preCheck = ''export LOGNAME=${LOGNAME:-foo}'';
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Always allow builds to use unix domain sockets in Darwin sandbox
|
|
run query paths in parallel during nix copy and handle SIGINT
|
|
|
|
This didn't support specifying a revision/branch, and was restricted
to git:// URIs (since https:// or ssh:// would be ambiguous).
|
|
|
|
|
|
|
|
Allow getpwuid in the darwin sandbox
|
|
|
|
fetchMercurial: fix error message
|
|
Don't freak out if we get a 403 from S3
|
|
As far as we're concerned, not being able to access a file just means
the file is missing. Plus, AWS explicitly goes out of its way to
return a 403 if the file is missing and the requester doesn't have
permission to list the bucket.
Also getting rid of an old hack that Eelco said was only relevant
to an older AWS SDK.
|
|
|
|
https://hydra.nixos.org/build/63172338
|
|
|
|
E.g.
$ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; }
$ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; }
$ nix eval '(fetchMercurial /tmp/unclean-hg-tree)'
{ branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
|
|
|
|
|
|
For example, you can write
src = fetchgit ./.;
and if ./. refers to an unclean working tree, that tree will be copied
to the Nix store. This removes the need for "cleanSource".
|
|
Allow optional localhost network access to sandboxed derivations
|
|
This will allow bind and connect to 127.0.0.1, which can reduce purity/
security (if you're running a vulnerable service on localhost) but is
also needed for a ton of test suites, so I'm leaving it turned off by
default but allowing certain derivations to turn it on as needed.
It also allows DNS resolution of arbitrary hostnames but I haven't found
a way to avoid that. In principle I'd just want to allow resolving
localhost but that doesn't seem to be possible.
I don't think this belongs under `build-use-sandbox = relaxed` because we
want it on Hydra and I don't think it's the end of the world.
|
|
URIs now have to contain "://" or start with "channel:".
|