Age | Commit message (Collapse) | Author | Files | Lines |
|
Hello!
The patch below adds a ‘verifyStore’ RPC with the same signature as the
current LocalStore::verifyStore method.
Thanks,
Ludo’.
>From aef46c03ca77eb6344f4892672eb6d9d06432041 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 1 Jun 2015 23:17:10 +0200
Subject: [PATCH] Add a 'verifyStore' remote procedure call.
|
|
|
|
|
|
|
|
|
|
This relaxes restricted mode to allow access to anything in the
store. In the future, it would be better to allow access to only paths
that have been constructed in the current evaluation (so a hard-coded
/nix/store/blabla in a Nix expression would still be
rejected). However, note that reading /nix/store itself is still
rejected, so you can't use this so get access to things you don't know
about.
|
|
|
|
Also, make sure --delete-older-than doesn't delete the current
generation.
|
|
|
|
|
|
And don't try to delete generations from unwritable directories.
|
|
|
|
https://github.com/ctheune/nix
|
|
it an option. :)
|
|
* only the last generation can be lazy
* depend on the '--lazy-generation' flag to be set
|
|
It has been obsolete since Nix 1.2.
Closes #417.
|
|
new generations if a generation already exists.
Alternatively or additionally I propose a mode where only the *last* generation will be sparse.
|
|
|
|
|
|
|
|
|
|
|
|
For instance, you can install Firefox from a specific Nixpkgs revision
like this:
$ nix-env -f https://github.com/NixOS/nixpkgs/archive/63def04891a0abc328b1b0b3a78ec02c58f48583.tar.gz -iA firefox
Or build a package from the latest nixpkgs-unstable channel:
$ nix-build https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz -A hello
|
|
The call to nix-env expects a string which represents how old the
derivations are or just "old" which means any generations other than
the current one in use. Currently nix-collect-garbage passes an empty
string to nix-env when using the -d option. This patch corrects the call
to nix-env such that it follows the old behavior.
|
|
E.g. to install "hello" from the latest Nixpkgs:
$ nix-build '<nixpkgs>' -A hello -I nixpkgs=https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz
Or to install a specific version of NixOS:
$ nixos-rebuild switch -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/63def04891a0abc328b1b0b3a78ec02c58f48583.tar.gz
|
|
|
|
|
|
This hook can be used to set system-specific per-derivation build
settings that don't fit into the derivation model and are too complex or
volatile to be hard-coded into nix. Currently, the pre-build hook can
only add chroot dirs/files through the interface, but it also has full
access to the chroot root.
The specific use case for this is systems where the operating system ABI
is more complex than just the kernel-support system calls. For example,
on OS X there is a set of system-provided frameworks that can reliably
be accessed by any program linked to them, no matter the version the
program is running on. Unfortunately, those frameworks do not
necessarily live in the same locations on each version of OS X, nor do
their dependencies, and thus nix needs to know the specific version of
OS X currently running in order to make those frameworks available. The
pre-build hook is a perfect mechanism for doing just that.
|
|
Going to reimplement differently.
This reverts commit 1e4a4a2e9fc382f47f58b448f3ee034cdd28218a.
|
|
|
|
This hook can be used to set system specific per-derivation build
settings that don't fit into the derivation model and are too complex or
volatile to be hard-coded into nix. Currently, the pre-build hook can
only add chroot dirs/files.
The specific use case for this is systems where the operating system ABI
is more complex than just the kernel-supported system calls. For
example, on OS X there is a set of system-provided frameworks that can
reliably be accessed by any program linked to them, no matter the
version the program is running on. Unfortunately, those frameworks do
not necessarily live in the same locations on each version of OS X, nor
do their dependencies, and thus nix needs to know the specific version
of OS X currently running in order to make those frameworks available.
The pre-build hook is a perfect mechanism for doing just that.
|
|
|
|
|
|
This is because we don't want to do HTTP requests on every evaluation,
even though we can prevent a full redownload via the cached ETag. The
default is one hour.
|
|
ETags are used to prevent redownloading unchanged files.
|
|
This broke NixOS VM tests.
Mostly reverts 27b7b94923d2f207781b438bb7a57669bddf7d2b,
5ce50cd99e740d0d0f18c30327ae687be9356553,
afa433e58c3fe6029660a43fdc2073c9d15b4210.
|
|
This was causing NixOS VM tests to fail mysteriously since
5ce50cd99e740d0d0f18c30327ae687be9356553. Nscd could (sometimes) no
longer read /etc/hosts:
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied)
Probably there was some wacky interaction between the guest kernel and
the 9pfs implementation in QEMU.
|
|
This function downloads and unpacks the given URL at evaluation
time. This is primarily intended to make it easier to deal with Nix
expressions that have external dependencies. For instance, to fetch
Nixpkgs 14.12:
with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz) {};
Or to fetch a specific revision:
with import (fetchTarball https://github.com/NixOS/nixpkgs/archive/2766a4b44ee6eafae03a042801270c7f6b8ed32a.tar.gz) {};
This patch also adds a ‘fetchurl’ builtin that downloads but doesn't
unpack its argument. Not sure if it's useful though.
|
|
|
|
|
|
Thus, for example, to get /bin/sh in a chroot, you only need to
specify /bin/sh=${pkgs.bash}/bin/sh in build-chroot-dirs. The
dependencies of sh will be added automatically.
|
|
|
|
This doesn't work anymore if the "strict" chroot mode is
enabled. Instead, add Nix's store path as a dependency. This ensures
that its closure is present in the chroot.
|
|
This may remove the "Repeated allocation of very large block"
warnings.
|
|
We were calling GC_INIT() after doing an allocation (in the baseEnv
construction), which is not allowed.
|
|
|
|
|
|
|
|
|
|
|