Commit graph

964 commits

Author SHA1 Message Date
Eelco Dolstra
a48c2e3411
Merge pull request #2434 from grahamc/graham-improve-upgrade
Upgrade docs: improve the upgrade command
2018-09-19 21:53:50 +02:00
Anders Riutta
1915862767
Upgrade docs: improve the upgrade command
and make it more copy-pastable.
2018-09-19 14:17:06 -04:00
Graham Christensen
be9e356e61
nix-shell: document double quotes being necessary for a simple Nix expression in the shebang 2018-09-19 13:01:27 -04:00
Graham Christensen
10a7f19937
nix-shell: explain the merging property close to the example 2018-09-19 12:48:08 -04:00
Graham Christensen
0cd863197b
docs: document deprecated aliases 2018-09-18 12:23:32 -04:00
Graham Christensen
0aca1ffb6e Prefer 'remote builder' over 'slave' 2018-09-10 18:57:46 +02:00
Vladimír Čunát
5f3b72cfc2
docs: change expired bzip2.org to archive.org
Fixes #2396.
2018-09-03 17:57:13 +02:00
Eelco Dolstra
4dd09210d7
Release notes tweaks 2018-09-02 21:47:10 +02:00
Eelco Dolstra
1f49926601
Merge pull request #2388 from grahamc/graham/document-multi-user
Document multi-user installation, and add release notes about it not being the default on 2.1
2018-09-01 22:43:48 +02:00
Graham Christensen
c42eaaf684
Create upgrade notes 2018-09-01 15:35:46 -04:00
Eelco Dolstra
c5ab07ec2b
Merge pull request #2168 from grahamc/explain-why-netrc-is-busted
manual: document why ~/.netrc doesn't work
2018-09-01 21:25:04 +02:00
Eelco Dolstra
51003f892d
Merge pull request #2309 from symphorien/disallowed-man
add manual entries for disallowedRequisites and disallowedReferences
2018-09-01 21:01:41 +02:00
Eelco Dolstra
291f67aecf
Merge pull request #2237 from nh2/patch-1
manual: distributed-builds: Mention - as default
2018-09-01 20:41:49 +02:00
Graham Christensen
4be7652dd3
release notes: note that the multi-user installer is available but not selected for Linux with systemd, and the bug about selinux 2018-09-01 10:45:57 -04:00
Graham Christensen
c3e508d924
Document the multi-user installer some
Use sh <(...) syntax for installation to preserve stdin and prompting

also update installation docs to account for changes in multi-user selection
2018-09-01 10:45:50 -04:00
Graham Christensen
f66fa7cd20
We support aarch64 now 2018-09-01 10:44:33 -04:00
Eelco Dolstra
6ed4a6bd0e
Merge pull request #2384 from graham-at-target/fetch-git-examples
docs: Add some examples to fetchGit
2018-09-01 14:08:32 +02:00
Graham Christensen
0b7568fb73
Drop ssh://... as a required formatting for builtins.fetchGit 2018-08-31 19:49:56 -04:00
Eelco Dolstra
4095cd6438
Add contributors 2018-09-01 00:01:05 +02:00
Graham Christensen
149d10c308 docs: Add IDs to important sections 2018-08-31 10:06:33 -04:00
Graham Christensen
2df21b78b9 docs: Add some examples to fetchGit 2018-08-31 10:00:32 -04:00
Eelco Dolstra
308689f94b
Merge pull request #2365 from erikarvstedt/fix-docs
Docs: Fix install prefix
2018-08-30 16:24:52 +02:00
Eelco Dolstra
64d7d1a884
Update release notes 2018-08-30 15:28:18 +02:00
Domen Kožar
d16ff76c69
nix.conf: clarify -j0 doesn't affect preferLocalBuild 2018-08-29 14:33:14 +01:00
Domen Kožar
54df4bb0b5
nix.conf: mention -j0 is useful 2018-08-29 11:51:51 +01:00
Erik Arvstedt
8ad2defdf0 Docs: Fix install prefix
shell.nix defines the install prefix as $(pwd)/inst
2018-08-21 21:46:43 +02:00
Graham Christensen
06080e4abc
2.1 release notes: Add note about s3-compatible stores 2018-08-03 11:09:31 -04:00
Eelco Dolstra
87356cc8a4
Add Nix 2.1 release notes 2018-08-03 17:05:17 +02:00
Eelco Dolstra
122e1a61f8
Merge pull request #2323 from samueldr/feature/selective-impurity
Allows selectively adding environment variables to pure shells.
2018-08-03 16:58:18 +02:00
Samuel Dionne-Riel
438e02529d Allows selectively adding environment variables to pure shells.
Includes documentation and test.
2018-08-02 08:21:30 -04:00
Graham Christensen
49a53c1d3f s3 binary cache: support specifying an endpoint
Works for uploading and not downloading.
2018-08-02 08:19:50 -04:00
Graham Christensen
b27431b7cb Document s3 substitutions 2018-08-01 11:07:41 -04:00
Symphorien Gibol
81d1385437 add manual entries for disallowedRequisites and disallowedReferences 2018-07-26 18:14:50 +02:00
Niklas Hambüchen
10ebcf8670
manual: distributed-builds: Mention - as default 2018-06-17 19:01:07 +02:00
Michael Raskin
17bc757980 manual: builtins.fromJSON: remove the claim that floats are not allowed
floating-point numbers are supported now, including the fromJSON
builtin. Reported on IRC by inquisitiv3
2018-06-10 14:20:18 +02:00
Peter Simons
93aa3bea2e
Merge pull request #767 from mogorman/garbage_collect_keep_last_few
Implement --delete-generations + flag for keeping last N number of gens
2018-05-31 10:00:21 +02:00
Shea Levy
bbbfc180d9
Explicitly describe the effects of filterSource excluding a directory. 2018-05-30 12:34:41 -04:00
Graham Christensen
f9940f47b3
Merge pull request #2164 from mickours/doc-fetchTarball-timout
Explain fetchTarball timeout behavior in the doc
2018-05-30 08:04:26 -04:00
Michael Mercier
8dd2e28374
Explain fetchTarball timeout behavior in the doc 2018-05-30 08:02:46 -04:00
Graham Christensen
e6466c20b3
Document NIX_SSL_CERT_FILE for installation 2018-05-25 15:59:14 -04:00
Eelco Dolstra
743359bc8a
Merge pull request #2157 from volth/bitwise
add builtins: __bitAnd,  __bitOr,  __bitXor
2018-05-24 15:00:39 +02:00
volth
88c1ea30e4 add docs and tests 2018-05-24 12:51:34 +00:00
Alexandre Esteves
579f3895b4
Fix docs on --check suffix 2018-05-23 22:26:06 +01:00
Graham Christensen
33712fed38
manual: document why ~/.netrc doesn't work
Maybe there is a better place to document this, which is more generic?
2018-05-18 14:21:47 -04:00
Gleb Peregud
5ba6395378 docs: mention source of env variables used by impureEnvVars. 2018-05-02 22:45:20 +02:00
Danylo Hlynskyi
ac22d77fd1 nix-collect-garbage: little doc fix
This removes confusing documentation. It's better to remove doc than add implementation, because Nix 1.12 will surely have new GC interface anyway.

Fixes https://github.com/NixOS/nix/issues/641
2018-04-30 09:36:46 -07:00
Shea Levy
8e6108ff71
Merge branch 'aarch64-armv7' of git://github.com/lheckemann/nix
Support extra compatible architectures (#1916)
2018-04-23 08:48:22 -04:00
Samuel Dionne-Riel
4b3a7f93a5 doc: Adds --quiet to the common options.
Fixes #1298
2018-04-20 16:34:06 -04:00
Eelco Dolstra
4fd28bee89
Fix broken DocBook 2018-04-13 15:12:58 +02:00
Sean Seefried
2ef8f0608c Add to glossary and clarify garbage collection
While trying to understand garbage collection it was not immediately
clear that only the runtime dependency closure of output paths
would be kept (instead of the build-time dependency closure).
This commit attempts to clarify this by expanding some of the
glossary definitions and extending the Garbage Collection
section.
2018-04-12 19:23:24 +10:00
John Arnold
a405d25fa3 manual: Add all dependencies to source prerequisites (#2060) 2018-04-09 17:31:39 -04:00
Nicolas Dudebout
d8a1c27806
fix typo in nix-env man page 2018-04-07 21:10:46 -04:00
AmineChikhaoui
e01b01c579
update/re-order the options docs 2018-04-06 11:09:52 +01:00
AmineChikhaoui
33b08899d5
re-order the options using the alphabetical order and improve the example in the positive lookup case 2018-04-06 10:51:19 +01:00
AmineChikhaoui
86930ed414
add documentation for the local disk cache TTL config 2018-04-06 10:51:18 +01:00
Justin Humm
045eb84409
document that writeTextFile from Nixpkgs is an alternative to builtins.toFile 2018-04-03 23:26:47 +02:00
Eelco Dolstra
e01c01f72c
Merge pull request #2005 from shlevy/fetchgit-docs
Document fetchGit.
2018-03-27 15:57:48 +02:00
Shea Levy
6856fe62b0
Document fetchGit.
Fixes #1981.
2018-03-23 07:02:45 -04:00
Dmitry Kalinkin
e2f56c1333
doc: don't mention obsolete ssh-substituter-hosts
#1840
2018-03-22 19:17:45 -04:00
Corey O'Connor
22b144fea6 manual: correct repeated "--deriver". Add missing single char option aliases. 2018-03-20 17:58:25 -07:00
Eelco Dolstra
b2074f0892 Fix bad XML 2018-03-18 13:27:30 +01:00
zimbatm
43bef1b82c doc: document the min-free and max-free options 2018-03-17 21:29:03 +00:00
zimbatm
fef8ebf51d doc: add xml:id to all the config options 2018-03-17 21:17:28 +00:00
Linus Heckemann
637701b604 rename build-extra-platforms -> extra-platforms
also document it
2018-03-16 22:50:27 +00:00
Matthew O'Gorman
467fdd8ca4 only delete things older than current gen and update logic in doc as
well
2018-03-01 22:59:00 -05:00
Matthew O'Gorman
429154b74c Implement --delete-generations + flag for keeping last N number of generations 2018-03-01 21:47:57 -05:00
Michael Fiano
ad97d1a786
nix-channel grammar and punctuation
Minor changes to the nix-channel manpage for my first contribution
2018-03-01 00:27:25 -05:00
Graham Christensen
9432f3fb7d
Merge pull request #1901 from veprbl/patch-5
Fix a small typo in the release notes
2018-02-24 10:26:14 -05:00
Michael Weiss
bd94e63853 doc: Fix a URL in the release notes for Nix 2.0 2018-02-24 16:07:10 +01:00
Dmitry Kalinkin
d9d8a84a96
Fix a small typo in the release notes 2018-02-23 23:45:42 -05:00
Eelco Dolstra
39b4177500
Fix example in release notes 2018-02-22 17:42:06 +01:00
Eelco Dolstra
2691d51a33
Doh 2018-02-22 17:14:35 +01:00
Eelco Dolstra
e8d53bfdc9
Revert "Enable sandbox builds on Linux by default"
This reverts commit ddc58e7896.

https://hydra.nixos.org/eval/1435322
2018-02-22 14:20:07 +01:00
Eelco Dolstra
eaa52c34b4
Set release date 2018-02-22 12:44:46 +01:00
Eelco Dolstra
ddc58e7896
Enable sandbox builds on Linux by default
The overhead of sandbox builds is a problem on NixOS (since building a
NixOS configuration involves a lot of small derivations) but not for
typical non-NixOS use cases. So outside of NixOS we can enable it.

Issue #179.
2018-02-22 12:27:25 +01:00
Eelco Dolstra
88c90d5e6d
Manual: Put configuration options in sorted order 2018-02-21 18:08:47 +01:00
Eelco Dolstra
0d54671b7b
Manual: Update chapter on remote builds
Alos add a command "nix ping-store" to make it easier to see if Nix
can connect to a remote builder (e.g. 'nix ping-store --store
ssh://mac').
2018-02-21 16:24:26 +01:00
Eelco Dolstra
4e44025ac5
Release notes: Add contributors 2018-02-20 15:20:14 +01:00
Eelco Dolstra
d7fdfe322b
Remove macOS multi-user instructions
This is already handled by the installer.
2018-02-19 20:40:25 +01:00
Eelco Dolstra
70eb64147e
Update release notes
Also add some examples to nix --help.
2018-02-19 20:38:53 +01:00
Eelco Dolstra
75a1d96cfd
Merge branch 'register-settings' of https://github.com/shlevy/nix 2018-02-19 13:58:34 +01:00
Shea Levy
b095c06139
Add splitVersion primop.
Fixes #1868.
2018-02-14 09:55:43 -05:00
Shea Levy
de4934ab3b
Allow plugins to define new settings. 2018-02-13 14:43:32 -05:00
Eelco Dolstra
52c777a793
Merge pull request #1863 from shlevy/conf-includes
Allow includes from nix.conf
2018-02-13 17:33:07 +01:00
Shea Levy
b8739f2fb3
Enable specifying directories in plugin-files. 2018-02-13 11:25:01 -05:00
Shea Levy
6eb1040e90
Allow includes from nix.conf 2018-02-13 08:16:32 -05:00
Shea Levy
081f14a169
Allow using RegisterPrimop to define constants.
This enables plugins to add new constants, as well as new primops.
2018-02-08 14:35:50 -05:00
Shea Levy
88cd2d41ac
Add plugins to make Nix more extensible.
All plugins in plugin-files will be dlopened, allowing them to
statically construct instances of the various Register* types Nix
supports.
2018-02-08 12:44:37 -05:00
Eelco Dolstra
abe6be578b
Merge pull request #1816 from shlevy/add-path
Add path primop.
2018-02-07 13:32:35 +01:00
Shea Levy
69d82e5c58
Add path primop.
builtins.path allows specifying the name of a path (which makes paths
with store-illegal names now addable), allows adding paths with flat
instead of recursive hashes, allows specifying a filter (so is a
generalization of filterSource), and allows specifying an expected
hash (enabling safe path adding in pure mode).
2018-02-06 16:48:08 -05:00
Eelco Dolstra
84722d67d2
Remove nix-build --hash
Instead, if a fixed-output derivation produces has an incorrect output
hash, we now unconditionally move the outputs to the path
corresponding with the actual hash and register it as valid. Thus,
after correcting the hash in the Nix expression (e.g. in a fetchurl
call), the fixed-output derivation doesn't have to be built again.

It would still be good to have a command for reporting the actual hash
of a fixed-output derivation (instead of throwing an error), but
"nix-build --hash" didn't do that.
2018-02-03 10:08:05 +01:00
Shea Levy
de96daf54f
Merge branch 'master' of git://github.com/catern/nix 2018-02-01 13:21:45 -05:00
Eelco Dolstra
e7b23eb5ab
Remove docs on removed --drv-link and --add-drv-link options 2018-02-01 16:40:58 +01:00
Spencer Baugh
e5432574e2 document ability to set NIX_REMOTE=unix://path/to/socket 2018-01-31 22:47:16 +00:00
Eelco Dolstra
c287d73121
Rename 1.12 -> 2.0
Following discussion with Shea and Graham. It's a big enough change
from the last release. Also, from a semver perspective, 2.0 makes more
sense because we did remove some interfaces (like nix-pull/nix-push).
2018-01-31 18:58:45 +01:00
Eelco Dolstra
6fa690291a
Add 'nix upgrade-nix' command
This command upgrades Nix to the latest stable version by installing a
store path obtained from

  https://github.com/NixOS/nixpkgs/raw/master/nixos/modules/installer/tools/nix-fallback-paths.nix

which is the same store path that the installer at
https://nixos.org/nix/install.sh uses.

The upgrade fails if Nix is not installed in a profile (e.g. on NixOS,
or when installed outside of the Nix store).
2018-01-31 16:24:43 +01:00
Eelco Dolstra
f8e8dd827e
Manual: Remove old cruft 2018-01-31 15:08:46 +01:00
Eric Wolf
0167eac571 Improve manual on inheriting attributes
Expands first paragraph a bit
Adds a more comprehensive example
2018-01-27 16:18:31 +01:00
Eelco Dolstra
cfeff3b273
Move show-trace docs 2018-01-17 11:53:16 +01:00
Renzo Carbonara
b0328c244d nix.conf: builders-use-substitutes
Fixes #937
2018-01-09 22:40:07 +01:00
Eelco Dolstra
44272d8719
Rename "use-substitutes" to "substitute"
Commit c2154d4c84 renamed
"build-use-substitutes" to "use-substitutes", but that broke
"nix-copy-closure --use-substitutes".
2018-01-04 16:58:39 +01:00
Eelco Dolstra
e3c19ff9bc
Merge pull request #1725 from chris-martin/pr/concatStringsSep
Add builtins.concatStringSep to the manual
2017-12-12 11:46:10 +01:00
Chris Martin
2a8f09a8c1 Add builtins.concatStringSep to the manual 2017-12-11 14:28:03 -05:00
Eelco Dolstra
06d4566c2d
Merge pull request #1721 from expipiplus1/patch-2
Escape left angle brackets in XML documentation
2017-12-11 17:29:36 +01:00
Shea Levy
5ba5ca7888
Merge branch 'feature/linenoise-ng' of git://github.com/dtzWill/nix 2017-12-11 07:52:20 -05:00
Joe Hermaszewski
35a49f1d7f
Escape left angle brackets in XML documentation 2017-12-09 15:31:03 +00:00
Markus Hauck
0af668426d nix-hash: Add sentence and example for nix-prefetch-url hash 2017-12-08 10:27:34 +01:00
Will Dietz
e50d7335bf doc: linenoise -> linenoise-ng 2017-11-27 18:36:20 -06:00
Eelco Dolstra
7536fe31dd
Add a warning about the 'trusted-users' option 2017-11-21 18:49:52 +01:00
Eelco Dolstra
8df60b4ea8
Document secret-key-files 2017-11-20 18:51:04 +01:00
Eelco Dolstra
91a1987607
signed-binary-caches -> require-sigs
Unlike signed-binary-caches (which could only be '*' or ''),
require-sigs is a proper Boolean option. The default is true.
2017-11-20 17:44:07 +01:00
Eelco Dolstra
7a2b64e55c
binary-cache-public-keys -> trusted-public-keys
The name had become a misnomer since it's not only for substitution
from binary caches, but when adding/copying any
(non-content-addressed) path to a store.
2017-11-20 17:32:34 +01:00
Eelco Dolstra
6cf7c6a6b0
Remove git:// support in NIX_PATH
This didn't support specifying a revision/branch, and was restricted
to git:// URIs (since https:// or ssh:// would be ambiguous).
2017-11-03 13:55:31 +01:00
Zoran Plesivčak
ae506c1ea4 Mention isFloat function in "Built-in Functions" section 2017-11-01 23:00:08 +00:00
Zoran Plesivčak
3050395810 Mention "float" type in builtins.typeOf section of the docs
+ remove trailing whitespace from the file
2017-11-01 21:36:25 +00:00
Eelco Dolstra
812e027e1d
Add option allowed-uris
This allows network access in restricted eval mode.
2017-10-30 12:41:49 +01:00
Eelco Dolstra
f1c555cef8
fetchurl/fetchTarball are *not* allowed in restricted mode
Accidentally committed this change as part of
f9686885be.

Restricted mode != pure mode.
2017-10-30 12:41:48 +01:00
Domen Kožar
5cb78053f0
Merge pull request #1633 from orivej/doc
Update the language documentation
2017-10-30 12:21:54 +01:00
Eelco Dolstra
049322702b
fetchgit -> fetchGit
Almost all other primops are camelCase so no reason not to use that
here.
2017-10-30 10:25:08 +01:00
Orivej Desh
842ce8bafd Clarify indented string escaping rules 2017-10-26 18:53:36 +00:00
Orivej Desh
15457c5673 Describe "with" scoping precedence 2017-10-26 18:53:36 +00:00
Orivej Desh
e5c499b833 Describe arithmetic operators 2017-10-26 18:53:35 +00:00
Eelco Dolstra
38dcd0c4b8
Release note updates 2017-10-23 20:50:28 +02:00
Keshav Kini
32940702fc Mention C++14 dependency in the manual.
A couple makefiles in the sources have -std=c++14 in the CFLAGS.
2017-10-19 18:03:26 -07:00
Eelco Dolstra
5324bb9399
Update release notes 2017-09-18 11:07:17 +02:00
Eelco Dolstra
0b606aad46
Add automatic garbage collection
Nix can now automatically run the garbage collector during builds or
while adding paths to the store. The option "min-free = <bytes>"
specifies that Nix should run the garbage collector whenever free
space in the Nix store drops below <bytes>. It will then delete
garbage until "max-free" bytes are available.

Garbage collection during builds is asynchronous; running builds are
not paused and new builds are not blocked. However, there also is a
synchronous GC run prior to the first build/substitution.

Currently, no old GC roots are deleted (as in "nix-collect-garbage
-d").
2017-09-05 20:43:42 +02:00
Eelco Dolstra
c2154d4c84
Rename a few configuration options
In particular, drop the "build-" and "gc-" prefixes which are
pointless. So now you can say

  nix build --no-sandbox

instead of

  nix build --no-build-use-sandbox
2017-08-31 14:28:25 +02:00
Matthew Bauer
2c75945de5
Remove nix-mode.el from Nix.
This removes the file nix-mode.el from Nix. The file is now available within the
repository https://github.com/NixOS/nix-mode.

Fixes #662
Fixes #1040
Fixes #1054
Fixes #1055
Closes #1119
Fixes #1419

NOTE: all of the above should be fixed within NixOS/nix-mode. If one of those
hasn’t please reopen within NixOS/nix-mode and not within NixOS/nix.
2017-08-19 21:16:30 -07:00
Chase Adams
09a38f9125 update MD5 to SHA-256 in expression-syntax 2017-08-18 16:07:33 -07:00
Eelco Dolstra
e2f9a61dc9 Update release notes 2017-08-16 21:36:47 +02:00
Eelco Dolstra
2ee1b9359b Merge branch 'tokenize' of https://github.com/nbp/nix 2017-08-16 21:21:36 +02:00
Nicolas B. Pierron
b8867a0239 Add builtins.string function.
The function 'builtins.split' takes a POSIX extended regular expression
and an arbitrary string. It returns a list of non-matching substring
interleaved by lists of matched groups of the regular expression.

```nix
with builtins;
assert split "(a)b" "abc"      == [ "" [ "a" ] "c" ];
assert split "([ac])" "abc"    == [ "" [ "a" ] "b" [ "c" ] "" ];
assert split "(a)|(c)" "abc"   == [ "" [ "a" null ] "b" [ null "c" ] "" ];
assert split "([[:upper:]]+)" "  FOO   "
                               == [ "  " [ "FOO" ] "   " ];
```
2017-08-15 20:04:11 +00:00
Nicolas B. Pierron
27417c6160 Move builtins.match documentation between map and mul. 2017-08-15 18:34:24 +00:00
Eelco Dolstra
f76e85d8f5
Start of 1.12 release notes 2017-08-10 18:44:45 +02:00
davidak
92bcb61127 replace "Mac OS X" with "macOS"
except in older release notes where the name was actually Mac OS X.
2017-07-30 12:26:17 +02:00
Graham Christensen
da2ad30054 Update the mailing list. 2017-07-18 08:02:53 -04:00
Eelco Dolstra
49304bae81
Make the hashes mirrors used by builtins.fetchurl configurable
In particular, this allows it to be disabled in our tests.
2017-07-17 13:07:08 +02:00
Harmen
1e0f59ae14 use sha256 hashes in the examples
And fix a dead link.
2017-07-15 21:06:30 +02:00
Robert Vollmert
30117fb35b fix buggy nix-shell man page 2017-07-10 14:36:55 +02:00
Robert Vollmert
c85e662004 man page (nix-shell): Fix grouping of -p option
Not sure about the raw ellipsis.
2017-07-07 22:11:46 +02:00
Robert Vollmert
89771a8821 man page (nix-prefetch-url): Add some missing options 2017-07-07 22:11:46 +02:00
Robert Vollmert
772ef22c25 man page (nix-instantiate): -E is optional 2017-07-07 22:11:46 +02:00
Robert Vollmert
8ad898b2cd man page (nix-instantiate): Add --json to synopsis, order variables 2017-07-07 22:11:46 +02:00
Robert Vollmert
b1f5995a20 man page (nix-instantiate): Remove non-existent nix-build argument -r 2017-07-07 22:11:46 +02:00
Robert Vollmert
56a1f8f499 man pages: Consistently separate alternatives by / 2017-07-07 22:11:46 +02:00
Robert Vollmert
d1643bdaa2 man pages: Argument for --max-jobs 2017-07-07 22:11:45 +02:00
Robert Vollmert
68c626c6b0 man pages: Grouping for option alternatives 2017-07-07 22:11:45 +02:00
Robert Vollmert
ce3095e141 glossary: Fix word order 2017-07-07 22:07:46 +02:00
Robert Vollmert
60da5d2b8f Fix nix-instantiate manpage indentation
The second command variant is now its own cmdsynopsis, which ensures
it's not indented as was the case using sbrk.
2017-07-06 22:35:36 +02:00
Eelco Dolstra
6cf23c3e8f
Add allow-new-privileges option
This allows builds to call setuid binaries. This was previously
possible until we started using seccomp. Turns out that seccomp by
default disallows processes from acquiring new privileges. Generally,
any use of setuid binaries (except those created by the builder
itself) is by definition impure, but some people were relying on this
ability for certain tests.

Example:

  $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges
  builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines:
    cannot raise the capability into the Ambient set
    : Operation not permitted

  $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges
  builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines:
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms

Fixes #1429.
2017-07-04 15:48:25 +02:00