Newer versions of aws-sdk-cpp call CalculateDelayBeforeNextRetry()
even for non-retriable errors (like NoSuchKey) whih causes log spam in
hydra-queue-runner.
Sandboxes cannot be nested, so if Nix's build runs inside a sandbox,
it cannot use a sandbox itself. I don't see a clean way to detect
whether we're in a sandbox, so use a test-specific hack.
https://github.com/NixOS/nix/issues/1413
In particular, UF_IMMUTABLE (uchg) needs to be cleared to allow the
path to be garbage-collected or optimised.
See https://github.com/NixOS/nixpkgs/issues/25819.
+ the file from being garbage-collected.
This release features some cleanup and under-the-hood changes, as well
as "ecosystem-features" that don't directly affect the way Kontemplate
itself functions.
* Resource-sets are now passed on to kubectl in individual
invocations. This means that kubectl errors can be scoped to
individual resource set files and issues such as #51 are less of a
problem.
* A Dockerfile is provided and published at `tazjin:kontemplate` on
Docker Hub. This image contains `kontemplate`, `kubectl` and `pass`
and can be used - for example - as an image for a step in a CI
system.
* Kontemplate is now available on Homebrew, check the README for
installation instructions.
* If different resource sets don't contain `---` separators in YAML,
`kubectl` calls will no longer fail. (#51)
* Autocompleted trailing slashes in shells are now filtered from
include & exclude lists to enhance the CLI experience slightly.
To prevent situations where a shell auto-appends a slash to an
include/exclude specification on the CLI, trailing slashes in those
string lists are now trimmed.
This fixes#54
Instead of passing the rendered output of all resource sets to kubectl
simultaneously, build upon the previous commit and pass resource sets
individually to new instances of kubectl.
This resolves#51
Thus, instead of ‘--option <name> <value>’, you can write ‘--<name>
<value>’. So
--option http-connections 100
becomes
--http-connections 100
Apart from brevity, the difference is that it's not an error to set a
non-existent option via --option, but unrecognized arguments are
fatal.
Boolean options have special treatment: they're mapped to the
argument-less flags ‘--<name>’ and ‘--no-<name>’. E.g.
--option auto-optimise-store false
becomes
--no-auto-optimise-store
Adds a simple Docker image that can be used in CI pipelines to deploy
`kontemplate`-based environments.
This image contains kontemplate and all of its dependencies (including
pass as an optional dependency).
Even with "build-use-sandbox = false", we now use sandboxing with a
permissive profile that allows everything except the creation of
setuid/setgid binaries.
Also, add rules to allow fixed-output derivations to access the
network.
These rules are sufficient to build stdenvDarwin without any
__sandboxProfile magic.
The filename used was not unique and owned by the build user, so
builds could fail with
error: while setting up the build environment: cannot unlink ‘/nix/store/99i210ihnsjacajaw8r33fmgjvzpg6nr-bison-3.0.4.drv.sb’: Permission denied
runResolver() was barfing on directories like
/System/Library/Frameworks/Security.framework/Versions/Current/PlugIns. It
should probably do something sophisticated for frameworks, but let's
ignore them for now.
This fixes
error: getting attributes of path ‘Versions/Current/CoreFoundation’: No such file or directory
when /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation is a symlink.
Also fixes a segfault when encounting a file that is not a MACH binary (such
as /dev/null, which is included in __impureHostDeps in Nixpkgs).
Possibly fixes#786.
Fixes
src/libstore/build.cc:2321:45: error: non-constant-expression cannot be narrowed from type 'int' to 'scmp_datum_t' (aka 'unsigned long') in initializer list [-Wc++11-narrowing]
EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an
ACL allows a builder to create writable files in the Nix store. So get
rid of them.
Closes#185.
