Daiderd Jordan
453f675810
Allow getpwuid in the darwin sandbox.
2017-11-03 10:50:49 +01:00
Eelco Dolstra
197922ea4e
Merge pull request #1646 from copumpkin/optional-sandbox-local-network
...
Allow optional localhost network access to sandboxed derivations
2017-10-30 18:54:40 +01:00
Dan Peebles
4a4a009f78
Allow optional localhost network access to sandboxed derivations
...
This will allow bind and connect to 127.0.0.1, which can reduce purity/
security (if you're running a vulnerable service on localhost) but is
also needed for a ton of test suites, so I'm leaving it turned off by
default but allowing certain derivations to turn it on as needed.
It also allows DNS resolution of arbitrary hostnames but I haven't found
a way to avoid that. In principle I'd just want to allow resolving
localhost but that doesn't seem to be possible.
I don't think this belongs under `build-use-sandbox = relaxed` because we
want it on Hydra and I don't think it's the end of the world.
2017-10-30 17:59:12 +01:00
Eelco Dolstra
f90f660b24
Don't parse "x:x" as a URI
...
URIs now have to contain "://" or start with "channel:".
2017-10-30 17:58:01 +01:00
Eelco Dolstra
12991152be
nix-build: Fix --hash
2017-10-30 13:31:05 +01:00
Eelco Dolstra
63c80ae26f
Make "fetchGit /path" work
2017-10-30 13:18:28 +01:00
Eelco Dolstra
a5c392a80e
fetchGit: Fix broken assertion
...
Different URIs can map to the same cache entry if they have the same
revision.
2017-10-30 12:55:46 +01:00
Eelco Dolstra
812e027e1d
Add option allowed-uris
...
This allows network access in restricted eval mode.
2017-10-30 12:41:49 +01:00
Eelco Dolstra
f1c555cef8
fetchurl/fetchTarball are *not* allowed in restricted mode
...
Accidentally committed this change as part of
f9686885be
.
Restricted mode != pure mode.
2017-10-30 12:41:48 +01:00
Domen Kožar
5cb78053f0
Merge pull request #1633 from orivej/doc
...
Update the language documentation
2017-10-30 12:21:54 +01:00
Eelco Dolstra
e38382895d
builtins.fetchGit: Return an attrset with revision info
...
This adds rev, shortRev and revCount attributes, equal to what Hydra
provides. E.g.
$ nix eval '(fetchGit https://github.com/NixOS/patchelf.git )'
{ outPath = "/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source"; rev = "29c085fd9d3fc972f75b3961905d6b4ecce7eb2b"; revCount = 303; shortRev = "29c085f"; }
2017-10-30 11:49:03 +01:00
Eelco Dolstra
f9686885be
enable-http2 -> http2
2017-10-30 11:00:59 +01:00
Eelco Dolstra
049322702b
fetchgit -> fetchGit
...
Almost all other primops are camelCase so no reason not to use that
here.
2017-10-30 10:25:08 +01:00
Eelco Dolstra
23ce4b3393
fetchTarball: Use "source" as the default name
...
This ensures that it produces the same output as fetchgit:
$ nix eval --raw '(builtins.fetchgit https://github.com/NixOS/patchelf.git )'
/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
$ nix eval --raw '(fetchTarball https://github.com/NixOS/patchelf/archive/master.tar.gz )'
/nix/store/ghigrkw02l440g8vfxa9wj4c3zpfmw99-source
2017-10-30 10:22:58 +01:00
Eelco Dolstra
66ddbef754
fetchurl/fetchTarball: Respect name changes
...
The computation of urlHash didn't take the name into account, so
subsequent fetchurl calls with the same URL but a different name would
resolve to the same cached store path.
2017-10-30 10:22:58 +01:00
Eelco Dolstra
f25791c196
builtins.fetchgit: Don't mess up the progress indicator
2017-10-30 10:22:58 +01:00
Eelco Dolstra
65b5f177b5
builtins.fetchgit: Support a "name" attribute
...
The "name" attribute defaults to "source", which we should use for all
similar functions (e.g. fetchTarball and in Hydra) to ensure that we
get a consistent store path regardless of how the tree is fetched.
"source" is not necessarily a correct label, but using an empty name
is problematic: you get an ugly store path ending in a dash, and it's
impossible to have a fixed-output derivation that produces that path
because ".drv" is not a valid store name.
Fixes #904 .
2017-10-30 10:22:07 +01:00
Eelco Dolstra
c1ae18941a
nix repl :t: Indicate strings that have a context
2017-10-29 17:11:22 +01:00
Orivej Desh
842ce8bafd
Clarify indented string escaping rules
2017-10-26 18:53:36 +00:00
Orivej Desh
15457c5673
Describe "with" scoping precedence
2017-10-26 18:53:36 +00:00
Orivej Desh
e5c499b833
Describe arithmetic operators
2017-10-26 18:53:35 +00:00
Eelco Dolstra
9971d875a4
Fix building on clang
...
https://hydra.nixos.org/build/62945761
2017-10-25 17:20:47 +02:00
Eelco Dolstra
82327e3cc4
exportReferencesGraph: Allow exporting a list of store paths
2017-10-25 15:18:49 +02:00
Eelco Dolstra
8191992c83
Bump language version
2017-10-25 15:18:37 +02:00
Eelco Dolstra
3395e3bbc4
Fix exportReferencesGraph in the structured attrs case
2017-10-25 14:08:29 +02:00
Eelco Dolstra
2d5b1b24bf
Pass lists/attrsets to bash as (associative) arrays
2017-10-25 13:01:50 +02:00
Eelco Dolstra
ac12517f3e
Fix RPM build
2017-10-24 15:44:29 +02:00
Eelco Dolstra
86aab6e9a0
Add --store argument to legacy commands
2017-10-24 15:41:11 +02:00
Eelco Dolstra
d16fd24973
Allow shorter syntax for chroot stores
...
You can now say '--store /tmp/nix' instead of '--store local?root=/tmp/nix'.
2017-10-24 15:32:38 +02:00
Eelco Dolstra
3460e4cf00
More progress indicator improvements
...
In particular, don't show superfluous "fetching path" and "building
path(s)" messages, and show the current round (with --repeat).
2017-10-24 15:32:38 +02:00
Eelco Dolstra
96051dd057
More progress indicator improvements
...
Fixes #1599 .
2017-10-24 14:47:23 +02:00
Eelco Dolstra
be220702a7
Progress indicator: Show on what machine we're building
...
E.g.
$ nix build nixpkgs.hello --builders 'root@wendy'
[1/0/1 built] building hello-2.10 on ssh://root@wendy: checking for minix/config.h... no
2017-10-24 14:24:57 +02:00
Eelco Dolstra
f8624762ac
build-remote: Work properly on a chrooted store
2017-10-24 14:14:28 +02:00
Eelco Dolstra
fe9d2f974d
Handle log messages from build-remote
...
This makes the progress indicator show statuses like "connecting to
'root@machine'".
2017-10-24 14:05:22 +02:00
Eelco Dolstra
0d59f1ca49
nix: Respect -I, --arg, --argstr
...
Also, random cleanup to argument handling.
2017-10-24 12:58:34 +02:00
Eelco Dolstra
25f32625e2
Remove the remote-builds option
...
This is superfluous since you can now just set "builders" to empty,
e.g. "--builders ''".
2017-10-24 11:00:16 +02:00
Eelco Dolstra
af241ae7d3
Remove the builder-files option
...
You can now include files via the "builders" option, using the syntax
"@<filename>". Having only one option makes it easier to override
builders completely.
For backward compatibility, the default is "@/etc/nix/machines", or
"@<filename>" for each file name in NIX_REMOTE_SYSTEMS.
2017-10-24 10:54:43 +02:00
Eelco Dolstra
d4609bb3af
NIX_BUILD_HOOK variable is gone
2017-10-23 20:50:28 +02:00
Eelco Dolstra
37fbfffd8e
Pass all settings to build-remote
...
This ensures that command line flags such as --builders get passed
correctly.
2017-10-23 20:50:28 +02:00
Eelco Dolstra
f32cdc4fab
Turn $NIX_REMOTE into a configuration option
2017-10-23 20:50:28 +02:00
Eelco Dolstra
38dcd0c4b8
Release note updates
2017-10-23 20:50:28 +02:00
Eelco Dolstra
863a45f1f3
build-remote: Put current load under the store state directory
...
Fixes the error
error: opening lock file '/nix/var/nix/current-load/main-lock': Permission denied
when using a chroot store.
2017-10-23 20:50:24 +02:00
Eelco Dolstra
f31c66d392
Merge pull request #1616 from copumpkin/separate-darwin-sandbox
...
Shift Darwin sandbox to separate installed files
2017-10-20 12:00:27 +02:00
Eelco Dolstra
311b59001a
Merge pull request #1622 from kini/c++14-prerequisite
...
Mention C++14 dependency in the manual.
2017-10-20 11:35:14 +02:00
Keshav Kini
32940702fc
Mention C++14 dependency in the manual.
...
A couple makefiles in the sources have -std=c++14 in the CFLAGS.
2017-10-19 18:03:26 -07:00
Shea Levy
c7af84ce84
nix-shell: Fix file name resolution in shebangs
2017-10-19 15:02:40 -04:00
Eelco Dolstra
ef1d0142a0
Revert "Let's not populate the NAR cache from hydra-queue-runner for now"
...
This reverts commit 908590dc6c
. Since
hydra-server can have a different store URI from hydra-queue-runner
now, we don't really need this.
2017-10-19 12:11:07 +02:00
Eelco Dolstra
908590dc6c
Let's not populate the NAR cache from hydra-queue-runner for now
2017-10-18 15:45:39 +02:00
Eelco Dolstra
75cd75b1ae
Errors writing to the NAR cache should not be fatal
2017-10-18 15:41:14 +02:00
Eelco Dolstra
d8306148e0
Suppress "copying 0 paths" message
2017-10-18 15:02:58 +02:00