From f7c95fde8880ce28662de9ff0dd3de0cdcc3877c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 8 Jul 2025 16:14:06 +0200 Subject: [PATCH 01/24] Bump version --- .version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.version b/.version index 6a6900382..bcec02eeb 100644 --- a/.version +++ b/.version @@ -1 +1 @@ -2.30.0 +2.30.1 From 48c7e5e14fc341e859a7cbace67cd6849c369591 Mon Sep 17 00:00:00 2001 From: John Soo Date: Mon, 7 Jul 2025 11:14:12 -0600 Subject: [PATCH 02/24] installers, tests: remove --preserve=mode from cp invocations -p preserves xattrs and acls which can be incompatible between filesystems Unfortunately keep -p on darwin because the bsd coreutils do not support --preserve. Fixes #13426 (cherry picked from commit 87299e466daca97fd48d3d446bb587e4f9d46d9a) --- scripts/install-multi-user.sh | 9 +++++++-- scripts/install-nix-from-tarball.sh | 6 +++++- tests/nixos/github-flakes.nix | 2 +- tests/nixos/sourcehut-flakes.nix | 2 +- tests/nixos/tarball-flakes.nix | 2 +- 5 files changed, 15 insertions(+), 6 deletions(-) diff --git a/scripts/install-multi-user.sh b/scripts/install-multi-user.sh index f051ccc46..e9ddfc014 100644 --- a/scripts/install-multi-user.sh +++ b/scripts/install-multi-user.sh @@ -834,8 +834,13 @@ install_from_extracted_nix() { ( cd "$EXTRACTED_NIX_PATH" - _sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \ - cp -RPp ./store/* "$NIX_ROOT/store/" + if is_os_darwin; then + _sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \ + cp -RPp ./store/* "$NIX_ROOT/store/" + else + _sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \ + cp -RP --preserve=ownership,timestamps ./store/* "$NIX_ROOT/store/" + fi _sudo "to make the new store non-writable at $NIX_ROOT/store" \ chmod -R ugo-w "$NIX_ROOT/store/" diff --git a/scripts/install-nix-from-tarball.sh b/scripts/install-nix-from-tarball.sh index 8d127a9c5..ec3264793 100644 --- a/scripts/install-nix-from-tarball.sh +++ b/scripts/install-nix-from-tarball.sh @@ -167,7 +167,11 @@ for i in $(cd "$self/store" >/dev/null && echo ./*); do rm -rf "$i_tmp" fi if ! [ -e "$dest/store/$i" ]; then - cp -RPp "$self/store/$i" "$i_tmp" + if [ "$(uname -s)" = "Darwin" ]; then + cp -RPp "$self/store/$i" "$i_tmp" + else + cp -RP --preserve=ownership,timestamps "$self/store/$i" "$i_tmp" + fi chmod -R a-w "$i_tmp" chmod +w "$i_tmp" mv "$i_tmp" "$dest/store/$i" diff --git a/tests/nixos/github-flakes.nix b/tests/nixos/github-flakes.nix index 06142c2ef..91fd6b062 100644 --- a/tests/nixos/github-flakes.nix +++ b/tests/nixos/github-flakes.nix @@ -81,7 +81,7 @@ let mkdir -p $out/archive dir=NixOS-nixpkgs-${nixpkgs.shortRev} - cp -prd ${nixpkgs} $dir + cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir # Set the correct timestamp in the tarball. find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${ builtins.substring 12 2 nixpkgs.lastModifiedDate diff --git a/tests/nixos/sourcehut-flakes.nix b/tests/nixos/sourcehut-flakes.nix index 61670ccf3..3f05130d6 100644 --- a/tests/nixos/sourcehut-flakes.nix +++ b/tests/nixos/sourcehut-flakes.nix @@ -48,7 +48,7 @@ let nixpkgs-repo = pkgs.runCommand "nixpkgs-flake" { } '' dir=NixOS-nixpkgs-${nixpkgs.shortRev} - cp -prd ${nixpkgs} $dir + cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir # Set the correct timestamp in the tarball. find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${ diff --git a/tests/nixos/tarball-flakes.nix b/tests/nixos/tarball-flakes.nix index 7b3638b64..26c20cb1a 100644 --- a/tests/nixos/tarball-flakes.nix +++ b/tests/nixos/tarball-flakes.nix @@ -13,7 +13,7 @@ let set -x dir=nixpkgs-${nixpkgs.shortRev} - cp -prd ${nixpkgs} $dir + cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir # Set the correct timestamp in the tarball. find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${ builtins.substring 12 2 nixpkgs.lastModifiedDate From dcc4b7c6fd9b382b3aa43c452729794ad26e5bec Mon Sep 17 00:00:00 2001 From: h0nIg Date: Wed, 9 Jul 2025 09:30:11 +0200 Subject: [PATCH 03/24] docker: fix nixConf (cherry picked from commit 8a1f471b6607e4626e2cd8ca1e02401578e0044d) --- docker.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker.nix b/docker.nix index c6e8e478e..2addd0458 100644 --- a/docker.nix +++ b/docker.nix @@ -184,11 +184,11 @@ let } " = "; }; - nixConfContents = toConf { + nixConfContents = toConf ({ sandbox = false; build-users-group = "nixbld"; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; - }; + } // nixConf); userHome = if uid == 0 then "/root" else "/home/${uname}"; From 8b0cfaed9b347b8b132aaadd3f56abd3e2f31ed4 Mon Sep 17 00:00:00 2001 From: h0nIg Date: Wed, 9 Jul 2025 09:34:50 +0200 Subject: [PATCH 04/24] docker: fix nixConf - fmt (cherry picked from commit 9857c0bb52cfb62f324ce598214f20cc3521e3a8) --- docker.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docker.nix b/docker.nix index 2addd0458..f59492025 100644 --- a/docker.nix +++ b/docker.nix @@ -184,11 +184,14 @@ let } " = "; }; - nixConfContents = toConf ({ - sandbox = false; - build-users-group = "nixbld"; - trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; - } // nixConf); + nixConfContents = toConf ( + { + sandbox = false; + build-users-group = "nixbld"; + trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ]; + } + // nixConf + ); userHome = if uid == 0 then "/root" else "/home/${uname}"; From 37487eec8e40e04aa4091669537386ff87bc20c1 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 9 Jul 2025 17:00:49 +0200 Subject: [PATCH 05/24] lockFlake(): When updating a lock, respect the input's lock file (cherry picked from commit 95437b90fc68bd3fff5a47bd4ac6e5186eb51a00) --- src/libflake/flake.cc | 10 +++----- tests/functional/flakes/flakes.sh | 38 +++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 7 deletions(-) diff --git a/src/libflake/flake.cc b/src/libflake/flake.cc index 322abaa4a..7a11e6047 100644 --- a/src/libflake/flake.cc +++ b/src/libflake/flake.cc @@ -715,16 +715,12 @@ LockedFlake lockFlake( Finally cleanup([&]() { parents.pop_back(); }); /* Recursively process the inputs of this - flake. Also, unless we already have this flake - in the top-level lock file, use this flake's - own lock file. */ + flake, using its own lock file. */ nodePaths.emplace(childNode, inputFlake.path.parent()); computeLocks( inputFlake.inputs, childNode, inputAttrPath, - oldLock - ? std::dynamic_pointer_cast(oldLock) - : readLockFile(state.fetchSettings, inputFlake.lockFilePath()).root.get_ptr(), - oldLock ? followsPrefix : inputAttrPath, + readLockFile(state.fetchSettings, inputFlake.lockFilePath()).root.get_ptr(), + inputAttrPath, inputFlake.path, false); } diff --git a/tests/functional/flakes/flakes.sh b/tests/functional/flakes/flakes.sh index ce695a6cb..7fd9dc9b5 100755 --- a/tests/functional/flakes/flakes.sh +++ b/tests/functional/flakes/flakes.sh @@ -432,3 +432,41 @@ nix flake metadata "$flake2Dir" --reference-lock-file $TEST_ROOT/flake2-overridd # reference-lock-file can only be used if allow-dirty is set. expectStderr 1 nix flake metadata "$flake2Dir" --no-allow-dirty --reference-lock-file $TEST_ROOT/flake2-overridden.lock + +# After changing an input (flake2 from newFlake2Rev to prevFlake2Rev), we should have the transitive inputs locked by revision $prevFlake2Rev of flake2. +prevFlake1Rev=$(nix flake metadata --json "$flake1Dir" | jq -r .revision) +prevFlake2Rev=$(nix flake metadata --json "$flake2Dir" | jq -r .revision) + +echo "# bla" >> "$flake1Dir/flake.nix" +git -C "$flake1Dir" commit flake.nix -m 'bla' + +nix flake update --flake "$flake2Dir" +git -C "$flake2Dir" commit flake.lock -m 'bla' + +newFlake1Rev=$(nix flake metadata --json "$flake1Dir" | jq -r .revision) +newFlake2Rev=$(nix flake metadata --json "$flake2Dir" | jq -r .revision) + +cat > "$flake3Dir/flake.nix" < "$flake3Dir/flake.nix" < Date: Thu, 10 Jul 2025 15:11:32 +0000 Subject: [PATCH 06/24] Prepare release v3.8.0 From a78a2fdea1767702653d3626dc92a2afcc9584c3 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 10 Jul 2025 15:11:35 +0000 Subject: [PATCH 07/24] Set .version-determinate to 3.8.0 --- .version-determinate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.version-determinate b/.version-determinate index 7c69a55db..19811903a 100644 --- a/.version-determinate +++ b/.version-determinate @@ -1 +1 @@ -3.7.0 +3.8.0 From c0dfe87d1dfb2ebc801267ea97370f9a028476ad Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 10 Jul 2025 15:11:40 +0000 Subject: [PATCH 08/24] Generate release notes for 3.8.0 --- doc/manual/source/SUMMARY.md.in | 1 + .../source/release-notes-determinate/changes.md | 14 +++++++++++++- .../source/release-notes-determinate/rl-3.8.0.md | 13 +++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 doc/manual/source/release-notes-determinate/rl-3.8.0.md diff --git a/doc/manual/source/SUMMARY.md.in b/doc/manual/source/SUMMARY.md.in index 00f231a6a..391a9ec93 100644 --- a/doc/manual/source/SUMMARY.md.in +++ b/doc/manual/source/SUMMARY.md.in @@ -130,6 +130,7 @@ - [Contributing](development/contributing.md) - [Determinate Nix Release Notes](release-notes-determinate/index.md) - [Changes between Nix and Determinate Nix](release-notes-determinate/changes.md) + - [Release 3.8.0 (2025-07-10)](release-notes-determinate/rl-3.8.0.md) - [Release 3.7.0 (2025-07-03)](release-notes-determinate/rl-3.7.0.md) - [Release 3.6.8 (2025-06-25)](release-notes-determinate/rl-3.6.8.md) - [Release 3.6.7 (2025-06-24)](release-notes-determinate/rl-3.6.7.md) diff --git a/doc/manual/source/release-notes-determinate/changes.md b/doc/manual/source/release-notes-determinate/changes.md index 0d4b2b1ad..c231e140e 100644 --- a/doc/manual/source/release-notes-determinate/changes.md +++ b/doc/manual/source/release-notes-determinate/changes.md @@ -1,6 +1,6 @@ # Changes between Nix and Determinate Nix -This section lists the differences between upstream Nix 2.29 and Determinate Nix 3.7.0. +This section lists the differences between upstream Nix 2.30 and Determinate Nix 3.8.0. * In Determinate Nix, flakes are stable. You no longer need to enable the `flakes` experimental feature. @@ -94,3 +94,15 @@ This section lists the differences between upstream Nix 2.29 and Determinate Nix * `nix store delete` now explains why deletion fails by @edolstra in [DeterminateSystems/nix-src#130](https://github.com/DeterminateSystems/nix-src/pull/130) * New command: `nix flake prefetch-inputs` for improved CI performance, by @edolstra in [DeterminateSystems/nix-src#127](https://github.com/DeterminateSystems/nix-src/pull/127) + + + +* Sync with upstream 2.30.0 by @edolstra in [DeterminateSystems/nix-src#135](https://github.com/DeterminateSystems/nix-src/pull/135) + +* nix flake check: Skip substitutable derivations by @edolstra in [DeterminateSystems/nix-src#134](https://github.com/DeterminateSystems/nix-src/pull/134) + +* lockFlake(): When updating a lock, respect the input's lock file by @edolstra in [DeterminateSystems/nix-src#137](https://github.com/DeterminateSystems/nix-src/pull/137) + +* Hide double copy warning by @edolstra in [DeterminateSystems/nix-src#138](https://github.com/DeterminateSystems/nix-src/pull/138) + +* Remove some dead code to minimize the upstream diff by @edolstra in [DeterminateSystems/nix-src#139](https://github.com/DeterminateSystems/nix-src/pull/139) diff --git a/doc/manual/source/release-notes-determinate/rl-3.8.0.md b/doc/manual/source/release-notes-determinate/rl-3.8.0.md new file mode 100644 index 000000000..01438bf2b --- /dev/null +++ b/doc/manual/source/release-notes-determinate/rl-3.8.0.md @@ -0,0 +1,13 @@ +# Release 3.8.0 (2025-07-10) + +* Based on [upstream Nix 2.30.0](../release-notes/rl-2.30.md). + +## What's Changed +* Sync with upstream 2.30.0 by @edolstra in [DeterminateSystems/nix-src#135](https://github.com/DeterminateSystems/nix-src/pull/135) +* nix flake check: Skip substitutable derivations by @edolstra in [DeterminateSystems/nix-src#134](https://github.com/DeterminateSystems/nix-src/pull/134) +* lockFlake(): When updating a lock, respect the input's lock file by @edolstra in [DeterminateSystems/nix-src#137](https://github.com/DeterminateSystems/nix-src/pull/137) +* Hide double copy warning by @edolstra in [DeterminateSystems/nix-src#138](https://github.com/DeterminateSystems/nix-src/pull/138) +* Remove some dead code to minimize the upstream diff by @edolstra in [DeterminateSystems/nix-src#139](https://github.com/DeterminateSystems/nix-src/pull/139) + + +**Full Changelog**: [v3.7.0...v3.8.0](https://github.com/DeterminateSystems/nix-src/compare/v3.7.0...v3.8.0) From 8f31e84247240cd931592062a27146330fac3c48 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Thu, 10 Jul 2025 11:26:10 -0400 Subject: [PATCH 09/24] Update release notes --- .../release-notes-determinate/changes.md | 6 ----- .../release-notes-determinate/rl-3.8.0.md | 26 +++++++++++++++---- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/doc/manual/source/release-notes-determinate/changes.md b/doc/manual/source/release-notes-determinate/changes.md index c231e140e..cd5cce496 100644 --- a/doc/manual/source/release-notes-determinate/changes.md +++ b/doc/manual/source/release-notes-determinate/changes.md @@ -97,12 +97,6 @@ This section lists the differences between upstream Nix 2.30 and Determinate Nix -* Sync with upstream 2.30.0 by @edolstra in [DeterminateSystems/nix-src#135](https://github.com/DeterminateSystems/nix-src/pull/135) - * nix flake check: Skip substitutable derivations by @edolstra in [DeterminateSystems/nix-src#134](https://github.com/DeterminateSystems/nix-src/pull/134) * lockFlake(): When updating a lock, respect the input's lock file by @edolstra in [DeterminateSystems/nix-src#137](https://github.com/DeterminateSystems/nix-src/pull/137) - -* Hide double copy warning by @edolstra in [DeterminateSystems/nix-src#138](https://github.com/DeterminateSystems/nix-src/pull/138) - -* Remove some dead code to minimize the upstream diff by @edolstra in [DeterminateSystems/nix-src#139](https://github.com/DeterminateSystems/nix-src/pull/139) diff --git a/doc/manual/source/release-notes-determinate/rl-3.8.0.md b/doc/manual/source/release-notes-determinate/rl-3.8.0.md index 01438bf2b..4103d6df9 100644 --- a/doc/manual/source/release-notes-determinate/rl-3.8.0.md +++ b/doc/manual/source/release-notes-determinate/rl-3.8.0.md @@ -3,11 +3,27 @@ * Based on [upstream Nix 2.30.0](../release-notes/rl-2.30.md). ## What's Changed -* Sync with upstream 2.30.0 by @edolstra in [DeterminateSystems/nix-src#135](https://github.com/DeterminateSystems/nix-src/pull/135) -* nix flake check: Skip substitutable derivations by @edolstra in [DeterminateSystems/nix-src#134](https://github.com/DeterminateSystems/nix-src/pull/134) -* lockFlake(): When updating a lock, respect the input's lock file by @edolstra in [DeterminateSystems/nix-src#137](https://github.com/DeterminateSystems/nix-src/pull/137) -* Hide double copy warning by @edolstra in [DeterminateSystems/nix-src#138](https://github.com/DeterminateSystems/nix-src/pull/138) -* Remove some dead code to minimize the upstream diff by @edolstra in [DeterminateSystems/nix-src#139](https://github.com/DeterminateSystems/nix-src/pull/139) +### Faster CI with `nix flake check` + +`nix flake check` no longer downloads flake outputs if no building is necessary. + +This command is intended to validate that a flake can fully evaluate and all outputs can build. +If the outputs are available in a binary cache then both properties are confirmed to be true. +Notably, downloading the output from the binary cache is not strictly necessary for the validation. + +Previously, `nix flake check` would download a flake output if the full build is available in a binary cache. + +Some users will find this change significantly reduces costly bandwidth and CI workflow time. + +PR: [DeterminateSystems/nix-src#134](https://github.com/DeterminateSystems/nix-src/pull/134) + +### Improved flake locking of transitive dependencies + +Determinate Nix now re-locks all transitive dependencies when changing a flake input's source URL. + +This fixes an issue where in some scenarios Nix would not re-lock those inputs and incorrectly use the old inputs' dependencies. + +PR: [DeterminateSystems/nix-src#137](https://github.com/DeterminateSystems/nix-src/pull/137) **Full Changelog**: [v3.7.0...v3.8.0](https://github.com/DeterminateSystems/nix-src/compare/v3.7.0...v3.8.0) From 7119d594fc2251f78caca969c4657f9154ccfa0a Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 10 Jul 2025 11:41:32 +0200 Subject: [PATCH 10/24] fetchClosure: Fix gcc warning MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: [261/394] Linking target src/libexpr/libnixexpr.so In function ‘copy’, inlined from ‘__ct ’ at /nix/store/24sdvjs6rfqs69d21gdn437mb3vc0svh-gcc-14.2.1.20250322/include/c++/14.2.1.20250322/bits/basic_string.h:688:23, inlined from ‘operator+’ at /nix/store/24sdvjs6rfqs69d21gdn437mb3vc0svh-gcc-14.2.1.20250322/include/c++/14.2.1.20250322/bits/basic_string.h:3735:43, inlined from ‘operator()’ at ../src/libexpr/primops/fetchClosure.cc:127:58, inlined from ‘prim_fetchClosure’ at ../src/libexpr/primops/fetchClosure.cc:132:88: /nix/store/24sdvjs6rfqs69d21gdn437mb3vc0svh-gcc-14.2.1.20250322/include/c++/14.2.1.20250322/bits/char_traits.h:427:56: warning: ‘__builtin_memcpy’ writing 74 bytes into a region of size 16 overflows the destination [-Wstringop-overflow=] 427 | return static_cast(__builtin_memcpy(__s1, __s2, __n)); | ^ ../src/libexpr/primops/fetchClosure.cc: In function ‘prim_fetchClosure’: ../src/libexpr/primops/fetchClosure.cc:132:88: note: at offset 16 into destination object ‘’ of size 32 132 | fromPath = state.coerceToStorePath(attr.pos, *attr.value, context, attrHint()); | ^ (cherry picked from commit aa18dc54dc76102b9f568b4db5d75a5a122e1302) --- src/libexpr/primops/fetchClosure.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libexpr/primops/fetchClosure.cc b/src/libexpr/primops/fetchClosure.cc index ea6145f6f..4be4dac8f 100644 --- a/src/libexpr/primops/fetchClosure.cc +++ b/src/libexpr/primops/fetchClosure.cc @@ -124,7 +124,7 @@ static void prim_fetchClosure(EvalState & state, const PosIdx pos, Value * * arg for (auto & attr : *args[0]->attrs()) { const auto & attrName = state.symbols[attr.name]; auto attrHint = [&]() -> std::string { - return "while evaluating the '" + attrName + "' attribute passed to builtins.fetchClosure"; + return fmt("while evaluating the attribute '%s' passed to builtins.fetchClosure", attrName); }; if (attrName == "fromPath") { From 382e25405aed7913ebc679df5820be53876899b5 Mon Sep 17 00:00:00 2001 From: Sergei Zimmerman Date: Fri, 11 Jul 2025 20:20:48 +0300 Subject: [PATCH 11/24] libexpr: Fix invalid handling of errors for imported functions c39cc004043b95d55a0c2c2bdba58d6d3e0db846 has added assertions for all Value accesses and the following case has started failing with an `unreachable`: (/tmp/fun.nix): ```nix {a}: a ``` ``` $ nix eval --impure --expr 'import /tmp/fun.nix {a="a";b="b";}' ``` This would crash: ``` terminating due to unexpected unrecoverable internal error: Unexpected condition in getStorage at ../include/nix/expr/value.hh:844 ``` This is not a regression, but rather surfaces an existing problem, which previously was left undiagnosed. In the case of an import `fun` is the `import` primOp, so that read is invalid and previously this resulted in an access into an inactive union member, which is UB. The correct thing to use is `vCur`. Identical problem also affected the case of a missing argument. Add previously failing test cases to the functional/lang test suite. Fixes #13448. (cherry picked from commit 6e78cc90d3415694ec15bd273b47d21bb1be96ad) --- src/libexpr/eval.cc | 4 ++-- .../lang/eval-fail-missing-arg-import.err.exp | 12 ++++++++++++ .../lang/eval-fail-missing-arg-import.nix | 1 + .../lang/eval-fail-undeclared-arg-import.err.exp | 13 +++++++++++++ .../lang/eval-fail-undeclared-arg-import.nix | 4 ++++ .../lang/non-eval-trivial-lambda-formals.nix | 1 + 6 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 tests/functional/lang/eval-fail-missing-arg-import.err.exp create mode 100644 tests/functional/lang/eval-fail-missing-arg-import.nix create mode 100644 tests/functional/lang/eval-fail-undeclared-arg-import.err.exp create mode 100644 tests/functional/lang/eval-fail-undeclared-arg-import.nix create mode 100644 tests/functional/lang/non-eval-trivial-lambda-formals.nix diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc index 1321e00a5..47cc35daa 100644 --- a/src/libexpr/eval.cc +++ b/src/libexpr/eval.cc @@ -1602,7 +1602,7 @@ void EvalState::callFunction(Value & fun, std::span args, Value & vRes, symbols[i.name]) .atPos(lambda.pos) .withTrace(pos, "from call site") - .withFrame(*fun.lambda().env, lambda) + .withFrame(*vCur.lambda().env, lambda) .debugThrow(); } env2.values[displ++] = i.def->maybeThunk(*this, env2); @@ -1629,7 +1629,7 @@ void EvalState::callFunction(Value & fun, std::span args, Value & vRes, .atPos(lambda.pos) .withTrace(pos, "from call site") .withSuggestions(suggestions) - .withFrame(*fun.lambda().env, lambda) + .withFrame(*vCur.lambda().env, lambda) .debugThrow(); } unreachable(); diff --git a/tests/functional/lang/eval-fail-missing-arg-import.err.exp b/tests/functional/lang/eval-fail-missing-arg-import.err.exp new file mode 100644 index 000000000..45774f003 --- /dev/null +++ b/tests/functional/lang/eval-fail-missing-arg-import.err.exp @@ -0,0 +1,12 @@ +error: + … from call site + at /pwd/lang/eval-fail-missing-arg-import.nix:1:1: + 1| import ./non-eval-trivial-lambda-formals.nix { } + | ^ + 2| + + error: function 'anonymous lambda' called without required argument 'a' + at /pwd/lang/non-eval-trivial-lambda-formals.nix:1:1: + 1| { a }: a + | ^ + 2| diff --git a/tests/functional/lang/eval-fail-missing-arg-import.nix b/tests/functional/lang/eval-fail-missing-arg-import.nix new file mode 100644 index 000000000..7cb33f2b5 --- /dev/null +++ b/tests/functional/lang/eval-fail-missing-arg-import.nix @@ -0,0 +1 @@ +import ./non-eval-trivial-lambda-formals.nix { } diff --git a/tests/functional/lang/eval-fail-undeclared-arg-import.err.exp b/tests/functional/lang/eval-fail-undeclared-arg-import.err.exp new file mode 100644 index 000000000..ca797d3ec --- /dev/null +++ b/tests/functional/lang/eval-fail-undeclared-arg-import.err.exp @@ -0,0 +1,13 @@ +error: + … from call site + at /pwd/lang/eval-fail-undeclared-arg-import.nix:1:1: + 1| import ./non-eval-trivial-lambda-formals.nix { + | ^ + 2| a = "a"; + + error: function 'anonymous lambda' called with unexpected argument 'b' + at /pwd/lang/non-eval-trivial-lambda-formals.nix:1:1: + 1| { a }: a + | ^ + 2| + Did you mean a? diff --git a/tests/functional/lang/eval-fail-undeclared-arg-import.nix b/tests/functional/lang/eval-fail-undeclared-arg-import.nix new file mode 100644 index 000000000..e8454c725 --- /dev/null +++ b/tests/functional/lang/eval-fail-undeclared-arg-import.nix @@ -0,0 +1,4 @@ +import ./non-eval-trivial-lambda-formals.nix { + a = "a"; + b = "b"; +} diff --git a/tests/functional/lang/non-eval-trivial-lambda-formals.nix b/tests/functional/lang/non-eval-trivial-lambda-formals.nix new file mode 100644 index 000000000..46a7ea4f4 --- /dev/null +++ b/tests/functional/lang/non-eval-trivial-lambda-formals.nix @@ -0,0 +1 @@ +{ a }: a From 8e21e61a51036d4ad624f174a2e5078d19c671a4 Mon Sep 17 00:00:00 2001 From: gustavderdrache Date: Fri, 11 Jul 2025 18:00:26 -0400 Subject: [PATCH 12/24] Address ifdef problem with macOS/BSD sandboxing --- src/libstore/unix/user-lock.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstore/unix/user-lock.cc b/src/libstore/unix/user-lock.cc index 6a07cb7cc..f5d164e5b 100644 --- a/src/libstore/unix/user-lock.cc +++ b/src/libstore/unix/user-lock.cc @@ -197,7 +197,7 @@ bool useBuildUsers() #ifdef __linux__ static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && isRootUser(); return b; - #elif defined(__APPLE__) && defined(__FreeBSD__) + #elif defined(__APPLE__) || defined(__FreeBSD__) static bool b = settings.buildUsersGroup != "" && isRootUser(); return b; #else From 861b196bdc3cb79f4a9df8cf2c15b8b13949959c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 11 Jul 2025 23:07:21 +0000 Subject: [PATCH 13/24] Prepare release v3.8.1 From fd3e326fbf8987043f0d398554372610f159162e Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 11 Jul 2025 23:07:24 +0000 Subject: [PATCH 14/24] Set .version-determinate to 3.8.1 --- .version-determinate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.version-determinate b/.version-determinate index 19811903a..f28071967 100644 --- a/.version-determinate +++ b/.version-determinate @@ -1 +1 @@ -3.8.0 +3.8.1 From e6350604baae77214427d1bb4fac460960fcc87d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 11 Jul 2025 23:07:29 +0000 Subject: [PATCH 15/24] Generate release notes for 3.8.1 --- doc/manual/source/SUMMARY.md.in | 1 + doc/manual/source/release-notes-determinate/changes.md | 6 +++++- doc/manual/source/release-notes-determinate/rl-3.8.1.md | 9 +++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 doc/manual/source/release-notes-determinate/rl-3.8.1.md diff --git a/doc/manual/source/SUMMARY.md.in b/doc/manual/source/SUMMARY.md.in index 391a9ec93..a0f62fbbc 100644 --- a/doc/manual/source/SUMMARY.md.in +++ b/doc/manual/source/SUMMARY.md.in @@ -130,6 +130,7 @@ - [Contributing](development/contributing.md) - [Determinate Nix Release Notes](release-notes-determinate/index.md) - [Changes between Nix and Determinate Nix](release-notes-determinate/changes.md) + - [Release 3.8.1 (2025-07-11)](release-notes-determinate/rl-3.8.1.md) - [Release 3.8.0 (2025-07-10)](release-notes-determinate/rl-3.8.0.md) - [Release 3.7.0 (2025-07-03)](release-notes-determinate/rl-3.7.0.md) - [Release 3.6.8 (2025-06-25)](release-notes-determinate/rl-3.6.8.md) diff --git a/doc/manual/source/release-notes-determinate/changes.md b/doc/manual/source/release-notes-determinate/changes.md index cd5cce496..ab7ec98e6 100644 --- a/doc/manual/source/release-notes-determinate/changes.md +++ b/doc/manual/source/release-notes-determinate/changes.md @@ -1,6 +1,6 @@ # Changes between Nix and Determinate Nix -This section lists the differences between upstream Nix 2.30 and Determinate Nix 3.8.0. +This section lists the differences between upstream Nix 2.30 and Determinate Nix 3.8.1. * In Determinate Nix, flakes are stable. You no longer need to enable the `flakes` experimental feature. @@ -100,3 +100,7 @@ This section lists the differences between upstream Nix 2.30 and Determinate Nix * nix flake check: Skip substitutable derivations by @edolstra in [DeterminateSystems/nix-src#134](https://github.com/DeterminateSystems/nix-src/pull/134) * lockFlake(): When updating a lock, respect the input's lock file by @edolstra in [DeterminateSystems/nix-src#137](https://github.com/DeterminateSystems/nix-src/pull/137) + + + +* Address ifdef problem with macOS/BSD sandboxing by @gustavderdrache in [DeterminateSystems/nix-src#142](https://github.com/DeterminateSystems/nix-src/pull/142) diff --git a/doc/manual/source/release-notes-determinate/rl-3.8.1.md b/doc/manual/source/release-notes-determinate/rl-3.8.1.md new file mode 100644 index 000000000..90dc328f6 --- /dev/null +++ b/doc/manual/source/release-notes-determinate/rl-3.8.1.md @@ -0,0 +1,9 @@ +# Release 3.8.1 (2025-07-11) + +* Based on [upstream Nix 2.30.0](../release-notes/rl-2.30.md). + +## What's Changed +* Address ifdef problem with macOS/BSD sandboxing by @gustavderdrache in [DeterminateSystems/nix-src#142](https://github.com/DeterminateSystems/nix-src/pull/142) + + +**Full Changelog**: [v3.8.0...v3.8.1](https://github.com/DeterminateSystems/nix-src/compare/v3.8.0...v3.8.1) From 1cf202650aa664960093ee33475f8cb4cc4fce11 Mon Sep 17 00:00:00 2001 From: gustavderdrache Date: Fri, 11 Jul 2025 18:00:26 -0400 Subject: [PATCH 16/24] Address ifdef problem with macOS/BSD sandboxing (cherry picked from commit e2ef2cfcbc83ea01308ee64c38a58707ab23dec3) --- src/libstore/unix/user-lock.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libstore/unix/user-lock.cc b/src/libstore/unix/user-lock.cc index 6a07cb7cc..f5d164e5b 100644 --- a/src/libstore/unix/user-lock.cc +++ b/src/libstore/unix/user-lock.cc @@ -197,7 +197,7 @@ bool useBuildUsers() #ifdef __linux__ static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && isRootUser(); return b; - #elif defined(__APPLE__) && defined(__FreeBSD__) + #elif defined(__APPLE__) || defined(__FreeBSD__) static bool b = settings.buildUsersGroup != "" && isRootUser(); return b; #else From 9497b593c685bfb40fd684fe4c21207c9fdf0c66 Mon Sep 17 00:00:00 2001 From: gustavderdrache Date: Fri, 11 Jul 2025 18:38:51 -0400 Subject: [PATCH 17/24] CI: Roll nix version to 2.29.1 This works around the macOS issue that the prior commit addresses. (cherry picked from commit 8e5814d972642def9842fba3f8a6116f6b9e5c96) --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29cb33f56..ac749bc3f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,6 +14,8 @@ jobs: with: fetch-depth: 0 - uses: cachix/install-nix-action@v31 + with: + install_url: "https://releases.nixos.org/nix/nix-2.29.1/install" - run: nix --experimental-features 'nix-command flakes' flake show --all-systems --json tests: @@ -36,6 +38,7 @@ jobs: fetch-depth: 0 - uses: cachix/install-nix-action@v31 with: + install_url: "https://releases.nixos.org/nix/nix-2.29.1/install" # The sandbox would otherwise be disabled by default on Darwin extra_nix_config: | sandbox = true From bbc9d6c4f5dc3c288c594fed3e46dbf52b9585ed Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Fri, 11 Jul 2025 20:01:40 -0400 Subject: [PATCH 18/24] ci: don't run the full test suite for x86_64-darwin Since this platform represents a tiny fraction of our users and causes considerable delays in our release flow, let's disable the more extensive test suite on that platform. --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c002d0b66..f2b772885 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,6 +59,7 @@ jobs: runner: macos-latest-large runner_for_virt: macos-latest-large runner_small: macos-latest-large + run_tests: false build_aarch64-darwin: uses: ./.github/workflows/build.yml From 37071b2d2d0b78703960392ee1b74d15a0c8b700 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Fri, 11 Jul 2025 20:13:00 -0400 Subject: [PATCH 19/24] Try publishing the manual again --- .github/workflows/build.yml | 17 +++++++++++++++-- .github/workflows/ci.yml | 3 +++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b195acd8f..185efcdb7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -29,6 +29,18 @@ on: required: false default: false type: boolean + publish_manual: + required: false + default: false + type: boolean + manual_netlify_auth_token: + required: false + default: "" + type: string + manual_netlify_site_id: + required: false + default: "" + type: string jobs: build: @@ -179,6 +191,7 @@ jobs: - name: Build manual run: nix build .#hydraJobs.manual - uses: nwtgck/actions-netlify@v3.0 + if: inputs.publish_manual with: publish-dir: "./result/share/doc/nix/manual" production-branch: detsys-main @@ -192,8 +205,8 @@ jobs: enable-commit-status: true overwrites-pull-request-comment: true env: - NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} - NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }} + NETLIFY_AUTH_TOKEN: ${{ inputs.manual_netlify_auth_token }} + NETLIFY_SITE_ID: ${{ inputs.manual_netlify_site_id }} success: needs: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c002d0b66..b36c15cb6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -41,6 +41,9 @@ jobs: run_tests: true run_vm_tests: true run_regression_tests: true + publish_manual: true + manual_netlify_auth_token: ${{ secrets.NETLIFY_AUTH_TOKEN }} + manual_netlify_site_id: ${{ secrets.NETLIFY_SITE_ID }} build_aarch64-linux: uses: ./.github/workflows/build.yml From b96c3e46574e6461402e935c723142c3873525d3 Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Fri, 11 Jul 2025 20:26:32 -0400 Subject: [PATCH 20/24] Maybe this helps --- .github/workflows/build.yml | 9 +++------ .github/workflows/ci.yml | 1 + 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 185efcdb7..dec7ddbc9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -33,14 +33,11 @@ on: required: false default: false type: boolean + secrets: manual_netlify_auth_token: required: false - default: "" - type: string manual_netlify_site_id: required: false - default: "" - type: string jobs: build: @@ -205,8 +202,8 @@ jobs: enable-commit-status: true overwrites-pull-request-comment: true env: - NETLIFY_AUTH_TOKEN: ${{ inputs.manual_netlify_auth_token }} - NETLIFY_SITE_ID: ${{ inputs.manual_netlify_site_id }} + NETLIFY_AUTH_TOKEN: ${{ secrets.manual_netlify_auth_token }} + NETLIFY_SITE_ID: ${{ secrets.manual_netlify_site_id }} success: needs: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b36c15cb6..23eac9535 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,6 +42,7 @@ jobs: run_vm_tests: true run_regression_tests: true publish_manual: true + secrets: manual_netlify_auth_token: ${{ secrets.NETLIFY_AUTH_TOKEN }} manual_netlify_site_id: ${{ secrets.NETLIFY_SITE_ID }} From e25be4a49cbc1565358f0d0afb9c73b0c62b69b1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 12 Jul 2025 13:51:13 +0000 Subject: [PATCH 21/24] Prepare release v3.8.2 From 86fe0053f8a944f522dbcafe0eb15166130829c2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 12 Jul 2025 13:51:16 +0000 Subject: [PATCH 22/24] Set .version-determinate to 3.8.2 --- .version-determinate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.version-determinate b/.version-determinate index f28071967..a08ffae0c 100644 --- a/.version-determinate +++ b/.version-determinate @@ -1 +1 @@ -3.8.1 +3.8.2 From db0c2efeb46add050a501e9b524f28f5a799d577 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 12 Jul 2025 13:51:21 +0000 Subject: [PATCH 23/24] Generate release notes for 3.8.2 --- doc/manual/source/SUMMARY.md.in | 1 + doc/manual/source/release-notes-determinate/changes.md | 8 +++++++- .../source/release-notes-determinate/rl-3.8.2.md | 10 ++++++++++ 3 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 doc/manual/source/release-notes-determinate/rl-3.8.2.md diff --git a/doc/manual/source/SUMMARY.md.in b/doc/manual/source/SUMMARY.md.in index a0f62fbbc..03a18f331 100644 --- a/doc/manual/source/SUMMARY.md.in +++ b/doc/manual/source/SUMMARY.md.in @@ -130,6 +130,7 @@ - [Contributing](development/contributing.md) - [Determinate Nix Release Notes](release-notes-determinate/index.md) - [Changes between Nix and Determinate Nix](release-notes-determinate/changes.md) + - [Release 3.8.2 (2025-07-12)](release-notes-determinate/rl-3.8.2.md) - [Release 3.8.1 (2025-07-11)](release-notes-determinate/rl-3.8.1.md) - [Release 3.8.0 (2025-07-10)](release-notes-determinate/rl-3.8.0.md) - [Release 3.7.0 (2025-07-03)](release-notes-determinate/rl-3.7.0.md) diff --git a/doc/manual/source/release-notes-determinate/changes.md b/doc/manual/source/release-notes-determinate/changes.md index ab7ec98e6..8c5f30770 100644 --- a/doc/manual/source/release-notes-determinate/changes.md +++ b/doc/manual/source/release-notes-determinate/changes.md @@ -1,6 +1,6 @@ # Changes between Nix and Determinate Nix -This section lists the differences between upstream Nix 2.30 and Determinate Nix 3.8.1. +This section lists the differences between upstream Nix 2.30 and Determinate Nix 3.8.2. * In Determinate Nix, flakes are stable. You no longer need to enable the `flakes` experimental feature. @@ -104,3 +104,9 @@ This section lists the differences between upstream Nix 2.30 and Determinate Nix * Address ifdef problem with macOS/BSD sandboxing by @gustavderdrache in [DeterminateSystems/nix-src#142](https://github.com/DeterminateSystems/nix-src/pull/142) + + + +* ci: don't run the full test suite for x86_64-darwin by @grahamc in [DeterminateSystems/nix-src#144](https://github.com/DeterminateSystems/nix-src/pull/144) + +* Try publishing the manual again by @grahamc in [DeterminateSystems/nix-src#145](https://github.com/DeterminateSystems/nix-src/pull/145) diff --git a/doc/manual/source/release-notes-determinate/rl-3.8.2.md b/doc/manual/source/release-notes-determinate/rl-3.8.2.md new file mode 100644 index 000000000..638d90f68 --- /dev/null +++ b/doc/manual/source/release-notes-determinate/rl-3.8.2.md @@ -0,0 +1,10 @@ +# Release 3.8.2 (2025-07-12) + +* Based on [upstream Nix 2.30.0](../release-notes/rl-2.30.md). + +## What's Changed +* ci: don't run the full test suite for x86_64-darwin by @grahamc in [DeterminateSystems/nix-src#144](https://github.com/DeterminateSystems/nix-src/pull/144) +* Try publishing the manual again by @grahamc in [DeterminateSystems/nix-src#145](https://github.com/DeterminateSystems/nix-src/pull/145) + + +**Full Changelog**: [v3.8.1...v3.8.2](https://github.com/DeterminateSystems/nix-src/compare/v3.8.1...v3.8.2) From b029442553ecc545eab7a9823b00c72bbe0fa374 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 14 Jul 2025 19:46:10 +0200 Subject: [PATCH 24/24] Only build the manual on x86_64-linux Otherwise the build will randomly fail on other platforms depending on whether the result is already in the binary cache. --- .github/workflows/build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index dec7ddbc9..e34a03bd0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -186,9 +186,10 @@ jobs: - uses: DeterminateSystems/determinate-nix-action@main - uses: DeterminateSystems/flakehub-cache-action@main - name: Build manual + if: inputs.system == 'x86_64-linux' run: nix build .#hydraJobs.manual - uses: nwtgck/actions-netlify@v3.0 - if: inputs.publish_manual + if: inputs.publish_manual && inputs.system == 'x86_64-linux' with: publish-dir: "./result/share/doc/nix/manual" production-branch: detsys-main