The ssh client is lazily started by the first worker thread, that
requires a ssh connection. To avoid the ssh client to be killed, when
the worker process is stopped, do not set PR_SET_PDEATHSIG.
(cherry picked from commit 3e347220c82d1537723f49aa03a93a6f9d294417)
If the `throw` is reached, this means that execvp into `ssh` wasn’t
successful. We can hint at a usual problem, which is a missing `ssh`
executable.
Test with:
```
env PATH= ./result/bin/nix-copy-closure --builders '' unusedhost
```
and the bash version with
```
env PATH= ./result/bin/nix-copy-closure --builders '' localhost
```
(cherry picked from commit 38b29fb72ca4a07afbec1fd5067f59ca7d7f0fab)
Includes the expression of the condition in the assertion message if
the assertion failed, making assertions much easier to debug. eg.
error: assertion (withPython -> (python2Packages != null)) failed at pkgs/tools/security/nmap/default.nix:11:1
(cherry picked from commit 307bcb9a8e7a16bfc451e055a620b766df9d3f7d)
Signed-off-by: Domen Kožar <domen@dev.si>
When encountering an unsupported protocol, there's no need to retry.
Chances are, it won't suddenly be supported between retry attempts;
error instead. Otherwise, you see something like the following:
$ nix-env -i -f git://git@github.com/foo/bar
warning: unable to download 'git://git@github.com/foo/bar': Unsupported protocol (1); retrying in 335 ms
warning: unable to download 'git://git@github.com/foo/bar': Unsupported protocol (1); retrying in 604 ms
warning: unable to download 'git://git@github.com/foo/bar': Unsupported protocol (1); retrying in 1340 ms
warning: unable to download 'git://git@github.com/foo/bar': Unsupported protocol (1); retrying in 2685 ms
With this change, you now see:
$ nix-env -i -f git://git@github.com/foo/bar
error: unable to download 'git://git@github.com/foo/bar': Unsupported protocol (1)
(cherry picked from commit c976cb0b8ab5d0f2c4ab8c9826fc7db56e2f1b3e)
Signed-off-by: Domen Kožar <domen@dev.si>
This file is licensed under the GPL. Originally, Nix was also
GPL-licensed so that was fine. However, we later changed the license
to the LGPL but missed the fact that style.css has an incompatible
license.
Since the Nix manual at nixos.org uses its own styling, we can remove
this file.
Fixes#3392.
(cherry picked from commit 9c7e90f414067eb59170bde952d5b8ac03c8f46c)
It's broken at the moment: https://hydra.nixos.org/build/105746055
Also it pulls in GHC which is a pretty big dependency.
(cherry picked from commit b4e260d887441fde9ab568dff7c21a77d7cff904)
- At the top of the release notes, we announce sandboxing is now enabled by default,
then at the bottom it says it's now disabled when missing kernel support. These
can be merged into one point for clarity.
- The point about `max-jobs` defaulting to 1 appears unrelated to sandboxing.
(cherry picked from commit 5d24e18e29ea1fff8fa316701fd95be6941da770)
Otherwise `chmod .`'ing the build directory doesn't work anymore, which
is done in nixpkgs if sourceRoot is set to '.'.
(cherry picked from commit f8dbde0813c4e8beed6dfd09b093589e027a6675)
This prevents them from being inlined. On gcc 9, this reduces the
stack size needed for
nix-instantiate '<nixpkgs>' -A texlive.combined.scheme-full --dry-run
from 12.9 MiB to 4.8 MiB.
(cherry picked from commit cb90e382b5b6e177ea902b3909fd1897643ae3cd)
If the user invokes nix with --trace-function-calls it means that they
want to see the trace.
(cherry picked from commit 619cc4af855fab7b0400586a4fd40745b23e72ad)
`s3:ListObjects` isn't a real IAM action, but _is_ the name of an S3 API method. `s3:ListBucket` is the relevant action for that method.
https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html
(cherry picked from commit c92ea927e508f3c06b6b3ee68e1f0565264cac2c)
We're calling `wait4path` on the full, resolved `@bindir@/nix-daemon` path.
That means we're hardcoding something like:
/bin/wait4path /nix/store/zs9c5xhp3zv9p23qnjxp87nl5injsi1i-nix-2.3/bin/nix-daemon && /nix/var/nix/profiles/default/bin/nix-daemon
That seems unnecessarily fragile.
It might be better to wait4path on the path we intend to call.
(cherry picked from commit 8c4a5e7ba1990348b9497c0fc4dc236dda3e7986)
On Catalina, the /nix filesystem might not be mounted at start time.
To avoid this service not starting, we need to keep the launch agent
outside of the Nix store. A wait4pid will hold for our /nix dir to be
mounted.
Fixes#3125.
(cherry picked from commit 0847f2f1b3145a62dc34707ba788275ce6b6fc57)
The tmpDirInSandbox is different when in sandboxed vs. non-sandboxed.
Since we don’t know ahead of time here whether sandboxing is enabled,
we need to reset all of the env vars we’ve set previously. This fixes
the issue encountered in https://github.com/NixOS/nixpkgs/issues/70856.
(cherry picked from commit 499b0388759db0f9f385da402a4bba551268aa99)
The intent of the code was that if the window size cannot be determined,
it would be treated as having the maximum possible size. Because of a
missing assignment, it was actually treated as having a width of 0.
The reason the width could not be determined was because it was obtained
from stdout, not stderr, even though the printing was done to stderr.
This commit addresses both issues.
(cherry picked from commit c935ad3f025d5c3d8026711a1eb50b2917b61d59)
The FunctionCallTrace object consumes a few hundred bytes of stack
space, even when tracing is disabled. This was causing stack overflows:
$ nix-instantiate '<nixpkgs> -A texlive.combined.scheme-full --dry-run
error: stack overflow (possible infinite recursion)
This is with the default stack size of 8 MiB.
Putting the object on the heap reduces stack usage to < 5 MiB.
(cherry picked from commit 98ef11677c43db9aa669768d9f0cbec704e8831c)
