about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2019-10-09 Remove world-writability from per-user directoriesEelco Dolstra4-7/+31
'nix-daemon' now creates subdirectories for users when they first connect. Fixes #509 (CVE-2019-17365). Should also fix #3127. (cherry picked from commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d)
2019-10-09 Filter ANSI escape sequences in -L outputEelco Dolstra1-1/+1
Otherwise, builds like NixOS VM tests may leave the terminal in a weird state and do resets. (cherry picked from commit 4331eeb13d241dfe2d2e6a01c53915c556cac94f)
2019-10-09 Disable OpenSSL lock callback on OpenSSL >= 1.1.1Eelco Dolstra1-0/+4
(cherry picked from commit a56b51a0ba7b0d6fdff7fd0127a118185b146f4f)
2019-10-09 libstore: don't forward --show-tracezimbatm1-0/+1
(cherry picked from commit e63c9e73e3e5d1f31fa5065c9ff59f442dd07d0e)
2019-10-09 Don't catch exceptions by valueEelco Dolstra5-7/+7
(cherry picked from commit 893be6f5e36abb58bbaa9c49055a5218114dd514) (cherry picked from commit bd79c1f6f6391786772a8a79962abe22f374cca4)
2019-10-09 Shut up some warningsEelco Dolstra2-0/+4
(cherry picked from commit 99e8e58f2de9941353b47ed14fbe4ed76d635519) (cherry picked from commit 3a022d45993b6fa8c7bf03517a3a3d1a2ab15f4a)
2019-10-09 Fix fetchTarball with chroot storesEelco Dolstra1-3/+3
Fixes #2405. (cherry picked from commit 168a8879165dd0deab1a93d343a6003146f37031)
2019-10-09 nix search: remove verbose exampleSam Doshi1-4/+0
(cherry picked from commit 6f6cb5e3880d0c7a1dd2bc13c2e0be8ce0ae9fa1)
2019-10-09 Handle empty sandbox_shellMatthew Bauer1-1/+4
Previously, SANDBOX_SHELL was set to empty when unavailable. This caused issues when actually generating the sandbox. Instead, just set SANDBOX_SHELL when --with-sandbox-shell= is non-empty. Alternative implementation to https://github.com/NixOS/nix/pull/3038. (cherry picked from commit 199e888785bd23073e44e56f6c74b95dc7c10ffa)
2019-10-09 nix search: Don't quietly ignore errorsEelco Dolstra1-0/+1
(cherry picked from commit 7c74f075f4a7274ad38c90085cc269a19a977438)
2019-10-09 getSourceExpr(): Handle channelsEelco Dolstra1-15/+16
Fixes #1892. Fixes #1865. Fixes #3119. (cherry picked from commit e6e61f0a54dac0174df996e93fcfedcac7769ab4)
2019-09-03 Support allowSubstitutes attribute in structured attribute derivationsEelco Dolstra6-10/+11
Hopefully fixes #3081 (didn't test).
2019-09-03 Add some noexceptsEelco Dolstra11-18/+19
This is to assert that callback functions should never throw (since the context in which they're called may not be able to handle the exception).
2019-09-03 Ensure that Callback is called only onceEelco Dolstra5-17/+36
Also, make Callback movable but uncopyable.
2019-09-03 Downloader: Remove a possible double call to CallbackEelco Dolstra1-8/+2
2019-08-29 Merge pull request #3069 from matthewbauer/max-nameEelco Dolstra1-0/+4
Set maximum name length in Nix
2019-08-29 Don't rely on st_blocksEelco Dolstra2-5/+4
It doesn't seem very reliable on ZFS.
2019-08-29 CleanupEelco Dolstra1-2/+2
2019-08-28 Merge pull request #2921 from matthewbauer/handle-sigwinchEelco Dolstra1-0/+9
Handle SIGWINCH in main thread
2019-08-28 Set maximum name length in NixMatthew Bauer1-0/+4
Previously we allowed any length of name for Nix derivations. This is bad because different file systems have different max lengths. To make things predictable, I have picked a max. This was done by trying to build this derivation: derivation { name = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; builder = "/no-such-path"; system = "x86_64-linux"; } Take off one a and it will not lead to file name too long. That ends up being 212 a’s. An even smaller max could be picked if we want to support more file systems. Working backwards, this is why: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-${name}.drv.chroot > 255 - 32 - 1 - 4 - 7 = 211
2019-08-28 Don't send certain setting overrides to the daemonEelco Dolstra1-0/+7
These are already handled separately. This fixes warnings like warning: ignoring the user-specified setting 'max-jobs', because it is a restricted setting and you are not a trusted user when using the -j flag.
2019-08-27 Merge branch 'test-sandboxing' of https://github.com/matthewbauer/nixEelco Dolstra3-4/+31
2019-08-23 Reset tmpDirInSandbox for unsandboxedMatthew Bauer1-0/+1
2019-08-16 nix-store: fix out of sync protocolzimbatm1-2/+10
If a NAR is already in the store, addToStore doesn't read the source which makes the protocol go out of sync. This happens for example when two client try to nix-copy-closure the same derivation at the same time.
2019-08-16 libutil: add SizedSourcezimbatm1-0/+30
Introduce the SizeSource which allows to bound how much data is being read from a source. It also contains a drainAll() function to discard the rest of the source, useful to keep the nix protocol in sync.
2019-08-15 Merge pull request #2782 from grahamc/flamesEelco Dolstra3-2/+34
Track function start and end
2019-08-14 Track function start and ends for flame graphsGraham Christensen3-2/+34
With this patch, and this file I called `log.py`: #!/usr/bin/env nix-shell #!nix-shell -i python3 -p python3 --pure import sys from pprint import pprint stack = [] timestack = [] for line in open(sys.argv[1]): components = line.strip().split(" ", 2) if components[0] != "function-trace": continue direction = components[1] components = components[2].rsplit(" ", 2) loc = components[0] _at = components[1] time = int(components[2]) if direction == "entered": stack.append(loc) timestack.append(time) elif direction == "exited": dur = time - timestack.pop() vst = ";".join(stack) print(f"{vst} {dur}") stack.pop() and: nix-instantiate --trace-function-calls -vvvv ../nixpkgs/pkgs/top-level/release.nix -A unstable > log.matthewbauer 2>&1 ./log.py ./log.matthewbauer > log.matthewbauer.folded flamegraph.pl --title matthewbauer-post-pr log.matthewbauer.folded > log.matthewbauer.folded.svg I can make flame graphs like: http://gsc.io/log.matthewbauer.folded.svg --- Includes test cases around function call failures and tryEval. Uses RAII so the finish is always called at the end of the function.
2019-08-08 Merge pull request #3031 from grahamc/low-speed-limitEelco Dolstra2-3/+4
conf: stalled-download-timeout: make tunable
2019-08-08 conf: stalled-download-timeout: make tunableGraham Christensen2-3/+4
Make curl's low speed limit configurable via stalled-download-timeout. Before, this limit was five minutes without receiving a single byte. This is much too long as if the remote end may not have even acknowledged the HTTP request.
2019-08-07 Merge pull request #3030 from dtzWill/fix/missing-include-ocloexecEelco Dolstra1-0/+1
pathlocks: add include to fcntl.h for O_CLOEXEC
2019-08-07 Merge pull request #2995 from tweag/post-build-hookEelco Dolstra6-3/+98
Add a post build hook
2019-08-07 pathlocks: add include to fcntl.h for O_CLOEXECWill Dietz1-0/+1
2019-08-02 nix-store --verify: Don't repair while holding the GC lockEelco Dolstra1-5/+4
2019-08-02 SimplifyEelco Dolstra1-18/+14
With BSD locks we don't have to guard against reading our own temproots.
2019-08-02 Use BSD instead of POSIX file locksEelco Dolstra5-108/+46
POSIX file locks are essentially incompatible with multithreading. BSD locks have much saner semantics. We need this now that there can be multiple concurrent LocalStore::buildPaths() invocations.
2019-08-02 Add a test for auto-GCEelco Dolstra2-2/+10
This currently fails because we're using POSIX file locks. So when the garbage collector opens and closes its own temproots file, it causes the lock to be released and then deleted by another GC instance.
2019-08-02 Add a post-build-hookregnat6-3/+98
Passing `--post-build-hook /foo/bar` to a nix-* command will cause `/foo/bar` to be executed after each build with the following environment variables set: DRV_PATH=/nix/store/drv-that-has-been-built.drv OUT_PATHS=/nix/store/...build /nix/store/...build-bin /nix/store/...build-dev This can be useful in particular to upload all the builded artifacts to the cache (including the ones that don't appear in the runtime closure of the final derivation or are built because of IFD). This new feature prints the stderr/stdout output to the `nix-build` and `nix build` client, and the output is printed in a Nix 2 compatible format: [nix]$ ./inst/bin/nix-build ./test.nix these derivations will be built: /nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv building '/nix/store/ishzj9ni17xq4hgrjvlyjkfvm00b0ch9-my-example-derivation.drv'... hello! bye! running post-build-hook '/home/grahamc/projects/github.com/NixOS/nix/post-hook.sh'... post-build-hook: + sleep 1 post-build-hook: + echo 'Signing paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Signing paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + echo 'Uploading paths' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: Uploading paths /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation post-build-hook: + sleep 1 post-build-hook: + printf 'very important stuff' /nix/store/qr213vjmibrqwnyp5fw678y7whbkqyny-my-example-derivation [nix-shell:~/projects/github.com/NixOS/nix]$ ./inst/bin/nix build -L -f ./test.nix my-example-derivation> hello! my-example-derivation> bye! my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Signing paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Signing paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + echo 'Uploading paths' /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> Uploading paths /nix/store/c263gzj2kb2609mz8wrbmh53l14wzmfs-my-example-derivation my-example-derivation (post)> + sleep 1 my-example-derivation (post)> + printf 'very important stuff' [1 built, 0.0 MiB DL] Co-authored-by: Graham Christensen <graham@grahamc.com> Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
2019-07-30 Don’t rely on EPERMMatthew Bauer1-2/+2
startProcess does not appear to send the exit code to the helper correctly. Not sure why this is, but it is probably safe to just fallback on all sandbox errors.
2019-07-30 Merge pull request #3009 from codedownio/add-pname-and-version-to-jsonEelco Dolstra1-4/+11
Add pname and version to nix-env -q --json
2019-07-30 Merge pull request #3013 from basvandijk/disable-lsof-for-darwin-testsEelco Dolstra1-10/+15
Disable findRuntimeRoots on darwin when running tests because lsof is slow
2019-07-30 Disable findRuntimeRoots on darwin when running tests because lsof is slowBas van Dijk1-10/+15
See: https://github.com/NixOS/nix/issues/3011
2019-07-30 Allow builtins.pathExists to check the existence of /nix/store pathsBas van Dijk1-2/+8
This makes it consitent with builtins.readDir.
2019-07-27 Add pname and version to nix-env -q --jsonTom McLaughlin1-4/+11
2019-07-25 Use sandbox fallback when cloning fails in builderMatthew Bauer2-1/+14
When sandbox-fallback = true (the default), the Nix builder will fall back to disabled sandbox mode when the kernel doesn’t allow users to set it up. This prevents hard errors from occuring in tricky places, especially the initial installer. To restore the previous behavior, users can set: sandbox-fallback = false in their /etc/nix/nix.conf configuration.
2019-07-25 Disable CLONE_NEWUSER when it’s unavailableMatthew Bauer2-3/+16
Some kernels disable "unpriveleged user namespaces". This is unfortunate, but we can still use mount namespaces. Anyway, since each builder has its own nixbld user, we already have most of the benefits of user namespaces.
2019-07-13 Merge pull request #2975 from matthewbauer/fix-nsswitch-issueEelco Dolstra1-1/+7
Don’t use entire /etc/nsswitch.conf file
2019-07-10 Resume NAR downloadsEelco Dolstra1-7/+28
This is a much simpler fix to the 'error 9 while decompressing xz file' problem than 78fa47a7f08a4cb6ee7061bf0bd86a40e1d6dc91. We just do a ranged HTTP request starting after the data that we previously wrote into the sink. Fixes #2952, #379.
2019-07-10 HttpBinaryCacheStore: Use default number of retries for NARsEelco Dolstra1-1/+0
2019-07-10 Downloader: Use warn()Eelco Dolstra1-3/+3
2019-07-10 Revert "Fix 'error 9 while decompressing xz file'"Eelco Dolstra7-162/+125
This reverts commit 78fa47a7f08a4cb6ee7061bf0bd86a40e1d6dc91.