Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Such as whether Nix is built with signed binary cache support, and the
location of the configuration file.
|
|
Turns out getgrouplist() is not POSIX.
http://hydra.nixos.org/build/23881243
|
|
This ensures that 1) the derivation doesn't change when Nix changes;
2) the derivation closure doesn't contain Nix and its dependencies; 3)
we don't have to rely on ugly chroot hacks.
|
|
In particular, hydra-queue-runner can now distinguish between remote
build / substitution / already-valid. For instance, if a path already
existed on the remote side, we don't want to store a log file.
|
|
And make exportPath() less spammy by default.
|
|
This is mostly useful for hydra-queue-runner.
|
|
|
|
|
|
Previously, to build a derivation remotely, we had to copy the entire
closure of the .drv file to the remote machine, even though we only
need the top-level derivation. This is very wasteful: the closure can
contain thousands of store paths, and in some Hydra use cases, include
source paths that are very large (e.g. Git/Mercurial checkouts).
So now there is a new operation, StoreAPI::buildDerivation(), that
performs a build from an in-memory representation of a derivation
(BasicDerivation) rather than from a on-disk .drv file. The only files
that need to be in the Nix store are the sources of the derivation
(drv.inputSrcs), and the needed output paths of the dependencies (as
described by drv.inputDrvs). "nix-store --serve" exposes this
interface.
Note that this is a privileged operation, because you can construct a
derivation that builds any store path whatsoever. Fixing this will
require changing the hashing scheme (i.e., the output paths should be
computed from the other fields in BasicDerivation, allowing them to be
verified without access to other derivations). However, this would be
quite nice because it would allow .drv-free building (e.g. "nix-env
-i" wouldn't have to write any .drv files to disk).
Fixes #173.
|
|
Fixes #572.
|
|
Don't barf trying to read a link that just got deleted.
Fixes #575.
|
|
|
|
|
|
|
|
The following patch is an attempt to address this bug (see
<http://bugs.gnu.org/18994>) by preserving the supplementary groups of
build users in the build environment.
In practice, I would expect that supplementary groups would contain only
one or two groups: the build users group, and possibly the “kvm” group.
[Changed &at(0) to data() and removed tabs - Eelco]
|
|
Issue #564.
|
|
|
|
Issue #564.
|
|
This didn't work (despite claims in the manual), because the colon in
"http://" was parsed as a element separator. So handle "://"
specially.
|
|
This is useful for the new hydra-queue-runner.
|
|
|
|
Not substituting builds with "preferLocalBuild = true" was a bad idea,
because it didn't take the cost of dependencies into account. For
instance, if we can't substitute a fetchgit call, then we have to
download/build git and all its dependencies.
Partially reverts 5558652709f27e8a887580b77b93c705659d7a4b and adds a
new derivation attribute "allowSubstitutes" to specify whether a
derivation may be substituted.
|
|
Nixpkgs' writeTextAsFile does this:
mv "$textPath" "$n"
Since $textPath was owned by root, if $textPath is on the same
filesystem as $n, $n will be owned as root. As a result, the build
result was rejected as having suspicious ownership.
http://hydra.nixos.org/build/22836807
|
|
|
|
|
|
Hello!
The patch below adds a ‘verifyStore’ RPC with the same signature as the
current LocalStore::verifyStore method.
Thanks,
Ludo’.
>From aef46c03ca77eb6344f4892672eb6d9d06432041 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 1 Jun 2015 23:17:10 +0200
Subject: [PATCH] Add a 'verifyStore' remote procedure call.
|
|
|
|
|
|
|
|
|
|
This relaxes restricted mode to allow access to anything in the
store. In the future, it would be better to allow access to only paths
that have been constructed in the current evaluation (so a hard-coded
/nix/store/blabla in a Nix expression would still be
rejected). However, note that reading /nix/store itself is still
rejected, so you can't use this so get access to things you don't know
about.
|
|
|
|
Also, make sure --delete-older-than doesn't delete the current
generation.
|
|
|
|
|
|
And don't try to delete generations from unwritable directories.
|
|
|
|
https://github.com/ctheune/nix
|
|
it an option. :)
|
|
* only the last generation can be lazy
* depend on the '--lazy-generation' flag to be set
|
|
It has been obsolete since Nix 1.2.
Closes #417.
|
|
new generations if a generation already exists.
Alternatively or additionally I propose a mode where only the *last* generation will be sparse.
|
|
|
|
|
|
|
|
|
|
|
|
For instance, you can install Firefox from a specific Nixpkgs revision
like this:
$ nix-env -f https://github.com/NixOS/nixpkgs/archive/63def04891a0abc328b1b0b3a78ec02c58f48583.tar.gz -iA firefox
Or build a package from the latest nixpkgs-unstable channel:
$ nix-build https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz -A hello
|
|
The call to nix-env expects a string which represents how old the
derivations are or just "old" which means any generations other than
the current one in use. Currently nix-collect-garbage passes an empty
string to nix-env when using the -d option. This patch corrects the call
to nix-env such that it follows the old behavior.
|