nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-10 20:46:01 +01:00
Code Activity

Merge remote-tracking branch 'detsys/detsys-main' into refactor-derivation-builder

Browse source
This commit is contained in:
Eelco Dolstra 2025-07-15 18:52:12 +02:00
commit c1b0b15708
23 changed files with 146 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/build.yml vendored
View file

@ -29,6 +29,15 @@ on:
required: false
default: false
type: boolean
publish_manual:
required: false
default: false
type: boolean
secrets:
manual_netlify_auth_token:
required: false
manual_netlify_site_id:
required: false
jobs:
build:
@ -177,8 +186,10 @@ jobs:
- uses: DeterminateSystems/determinate-nix-action@main
- uses: DeterminateSystems/flakehub-cache-action@main
- name: Build manual
if: inputs.system == 'x86_64-linux'
run: nix build .#hydraJobs.manual
- uses: nwtgck/actions-netlify@v3.0
if: inputs.publish_manual && inputs.system == 'x86_64-linux'
with:
publish-dir: "./result/share/doc/nix/manual"
production-branch: detsys-main
@ -192,8 +203,8 @@ jobs:
enable-commit-status: true
overwrites-pull-request-comment: true
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
NETLIFY_AUTH_TOKEN: ${{ secrets.manual_netlify_auth_token }}
NETLIFY_SITE_ID: ${{ secrets.manual_netlify_site_id }}
success:
needs:

5
.github/workflows/ci.yml vendored
View file

@ -41,6 +41,10 @@ jobs:
run_tests: true
run_vm_tests: true
run_regression_tests: true
publish_manual: true
secrets:
manual_netlify_auth_token: ${{ secrets.NETLIFY_AUTH_TOKEN }}
manual_netlify_site_id: ${{ secrets.NETLIFY_SITE_ID }}
build_aarch64-linux:
uses: ./.github/workflows/build.yml
@ -59,6 +63,7 @@ jobs:
runner: macos-latest-large
runner_for_virt: macos-latest-large
runner_small: macos-latest-large
run_tests: false
build_aarch64-darwin:
uses: ./.github/workflows/build.yml

2
.version
View file

@ -1 +1 @@
2.30.0
2.30.1

2
.version-determinate
View file

@ -1 +1 @@
3.7.0
3.8.2

3
doc/manual/source/SUMMARY.md.in
View file

@ -130,6 +130,9 @@
- [Contributing](development/contributing.md)
- [Determinate Nix Release Notes](release-notes-determinate/index.md)
- [Changes between Nix and Determinate Nix](release-notes-determinate/changes.md)<!-- next -->
- [Release 3.8.2 (2025-07-12)](release-notes-determinate/rl-3.8.2.md)
- [Release 3.8.1 (2025-07-11)](release-notes-determinate/rl-3.8.1.md)
- [Release 3.8.0 (2025-07-10)](release-notes-determinate/rl-3.8.0.md)
- [Release 3.7.0 (2025-07-03)](release-notes-determinate/rl-3.7.0.md)
- [Release 3.6.8 (2025-06-25)](release-notes-determinate/rl-3.6.8.md)
- [Release 3.6.7 (2025-06-24)](release-notes-determinate/rl-3.6.7.md)

18
doc/manual/source/release-notes-determinate/changes.md
View file

@ -1,6 +1,6 @@
# Changes between Nix and Determinate Nix
This section lists the differences between upstream Nix 2.29 and Determinate Nix 3.7.0.<!-- differences -->
This section lists the differences between upstream Nix 2.30 and Determinate Nix 3.8.2.<!-- differences -->
* In Determinate Nix, flakes are stable. You no longer need to enable the `flakes` experimental feature.
@ -94,3 +94,19 @@ This section lists the differences between upstream Nix 2.29 and Determinate Nix
* `nix store delete` now explains why deletion fails by @edolstra in [DeterminateSystems/nix-src#130](https://github.com/DeterminateSystems/nix-src/pull/130)
* New command: `nix flake prefetch-inputs` for improved CI performance, by @edolstra in [DeterminateSystems/nix-src#127](https://github.com/DeterminateSystems/nix-src/pull/127)
<!-- Determinate Nix version 3.8.0 -->
* nix flake check: Skip substitutable derivations by @edolstra in [DeterminateSystems/nix-src#134](https://github.com/DeterminateSystems/nix-src/pull/134)
* lockFlake(): When updating a lock, respect the input's lock file by @edolstra in [DeterminateSystems/nix-src#137](https://github.com/DeterminateSystems/nix-src/pull/137)
<!-- Determinate Nix version 3.8.1 -->
* Address ifdef problem with macOS/BSD sandboxing by @gustavderdrache in [DeterminateSystems/nix-src#142](https://github.com/DeterminateSystems/nix-src/pull/142)
<!-- Determinate Nix version 3.8.2 -->
* ci: don't run the full test suite for x86_64-darwin by @grahamc in [DeterminateSystems/nix-src#144](https://github.com/DeterminateSystems/nix-src/pull/144)
* Try publishing the manual again by @grahamc in [DeterminateSystems/nix-src#145](https://github.com/DeterminateSystems/nix-src/pull/145)

29
doc/manual/source/release-notes-determinate/rl-3.8.0.md Normal file
View file

@ -0,0 +1,29 @@
# Release 3.8.0 (2025-07-10)
* Based on [upstream Nix 2.30.0](../release-notes/rl-2.30.md).
## What's Changed
### Faster CI with `nix flake check`
`nix flake check` no longer downloads flake outputs if no building is necessary.
This command is intended to validate that a flake can fully evaluate and all outputs can build.
If the outputs are available in a binary cache then both properties are confirmed to be true.
Notably, downloading the output from the binary cache is not strictly necessary for the validation.
Previously, `nix flake check` would download a flake output if the full build is available in a binary cache.
Some users will find this change significantly reduces costly bandwidth and CI workflow time.
PR: [DeterminateSystems/nix-src#134](https://github.com/DeterminateSystems/nix-src/pull/134)
### Improved flake locking of transitive dependencies
Determinate Nix now re-locks all transitive dependencies when changing a flake input's source URL.
This fixes an issue where in some scenarios Nix would not re-lock those inputs and incorrectly use the old inputs' dependencies.
PR: [DeterminateSystems/nix-src#137](https://github.com/DeterminateSystems/nix-src/pull/137)
**Full Changelog**: [v3.7.0...v3.8.0](https://github.com/DeterminateSystems/nix-src/compare/v3.7.0...v3.8.0)

9
doc/manual/source/release-notes-determinate/rl-3.8.1.md Normal file
View file

@ -0,0 +1,9 @@
# Release 3.8.1 (2025-07-11)
* Based on [upstream Nix 2.30.0](../release-notes/rl-2.30.md).
## What's Changed
* Address ifdef problem with macOS/BSD sandboxing by @gustavderdrache in [DeterminateSystems/nix-src#142](https://github.com/DeterminateSystems/nix-src/pull/142)
**Full Changelog**: [v3.8.0...v3.8.1](https://github.com/DeterminateSystems/nix-src/compare/v3.8.0...v3.8.1)

10
doc/manual/source/release-notes-determinate/rl-3.8.2.md Normal file
View file

@ -0,0 +1,10 @@
# Release 3.8.2 (2025-07-12)
* Based on [upstream Nix 2.30.0](../release-notes/rl-2.30.md).
## What's Changed
* ci: don't run the full test suite for x86_64-darwin by @grahamc in [DeterminateSystems/nix-src#144](https://github.com/DeterminateSystems/nix-src/pull/144)
* Try publishing the manual again by @grahamc in [DeterminateSystems/nix-src#145](https://github.com/DeterminateSystems/nix-src/pull/145)
**Full Changelog**: [v3.8.1...v3.8.2](https://github.com/DeterminateSystems/nix-src/compare/v3.8.1...v3.8.2)

7
docker.nix
View file

@ -184,11 +184,14 @@ let
} " = ";
};
nixConfContents = toConf {
nixConfContents = toConf (
{
sandbox = false;
build-users-group = "nixbld";
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
};
}
// nixConf
);
userHome = if uid == 0 then "/root" else "/home/${uname}";

5
scripts/install-multi-user.sh
View file

@ -834,8 +834,13 @@ install_from_extracted_nix() {
(
cd "$EXTRACTED_NIX_PATH"
if is_os_darwin; then
_sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \
cp -RPp ./store/* "$NIX_ROOT/store/"
else
_sudo "to copy the basic Nix files to the new store at $NIX_ROOT/store" \
cp -RP --preserve=ownership,timestamps ./store/* "$NIX_ROOT/store/"
fi
_sudo "to make the new store non-writable at $NIX_ROOT/store" \
chmod -R ugo-w "$NIX_ROOT/store/"

4
scripts/install-nix-from-tarball.sh
View file

@ -167,7 +167,11 @@ for i in $(cd "$self/store" >/dev/null && echo ./*); do
rm -rf "$i_tmp"
fi
if ! [ -e "$dest/store/$i" ]; then
if [ "$(uname -s)" = "Darwin" ]; then
cp -RPp "$self/store/$i" "$i_tmp"
else
cp -RP --preserve=ownership,timestamps "$self/store/$i" "$i_tmp"
fi
chmod -R a-w "$i_tmp"
chmod +w "$i_tmp"
mv "$i_tmp" "$dest/store/$i"

4
src/libexpr/eval.cc
View file

@ -1609,7 +1609,7 @@ void EvalState::callFunction(Value & fun, std::span<Value *> args, Value & vRes,
symbols[i.name])
.atPos(lambda.pos)
.withTrace(pos, "from call site")
.withFrame(*fun.lambda().env, lambda)
.withFrame(*vCur.lambda().env, lambda)
.debugThrow();
}
env2.values[displ++] = i.def->maybeThunk(*this, env2);
@ -1636,7 +1636,7 @@ void EvalState::callFunction(Value & fun, std::span<Value *> args, Value & vRes,
.atPos(lambda.pos)
.withTrace(pos, "from call site")
.withSuggestions(suggestions)
.withFrame(*fun.lambda().env, lambda)
.withFrame(*vCur.lambda().env, lambda)
.debugThrow();
}
unreachable();

2
src/libexpr/primops/fetchClosure.cc
View file

@ -124,7 +124,7 @@ static void prim_fetchClosure(EvalState & state, const PosIdx pos, Value * * arg
for (auto & attr : *args[0]->attrs()) {
const auto & attrName = state.symbols[attr.name];
auto attrHint = [&]() -> std::string {
return "while evaluating the '" + attrName + "' attribute passed to builtins.fetchClosure";
return fmt("while evaluating the attribute '%s' passed to builtins.fetchClosure", attrName);
};
if (attrName == "fromPath") {

2
src/libstore/unix/user-lock.cc
View file

@ -197,7 +197,7 @@ bool useBuildUsers()
#ifdef __linux__
static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && isRootUser();
return b;
#elif defined(__APPLE__) && defined(__FreeBSD__)
#elif defined(__APPLE__) || defined(__FreeBSD__)
static bool b = settings.buildUsersGroup != "" && isRootUser();
return b;
#else

12
tests/functional/lang/eval-fail-missing-arg-import.err.exp Normal file
View file

@ -0,0 +1,12 @@
error:
… from call site
at /pwd/lang/eval-fail-missing-arg-import.nix:1:1:
1| import ./non-eval-trivial-lambda-formals.nix { }
| ^
2|
error: function 'anonymous lambda' called without required argument 'a'
at /pwd/lang/non-eval-trivial-lambda-formals.nix:1:1:
1| { a }: a
| ^
2|

1
tests/functional/lang/eval-fail-missing-arg-import.nix Normal file
View file

@ -0,0 +1 @@
import ./non-eval-trivial-lambda-formals.nix { }

13
tests/functional/lang/eval-fail-undeclared-arg-import.err.exp Normal file
View file

@ -0,0 +1,13 @@
error:
… from call site
at /pwd/lang/eval-fail-undeclared-arg-import.nix:1:1:
1| import ./non-eval-trivial-lambda-formals.nix {
| ^
2| a = "a";
error: function 'anonymous lambda' called with unexpected argument 'b'
at /pwd/lang/non-eval-trivial-lambda-formals.nix:1:1:
1| { a }: a
| ^
2|
Did you mean a?

4
tests/functional/lang/eval-fail-undeclared-arg-import.nix Normal file
View file

@ -0,0 +1,4 @@
import ./non-eval-trivial-lambda-formals.nix {
a = "a";
b = "b";
}

1
tests/functional/lang/non-eval-trivial-lambda-formals.nix Normal file
View file

@ -0,0 +1 @@
{ a }: a

2
tests/nixos/github-flakes.nix
View file

@ -81,7 +81,7 @@ let
mkdir -p $out/archive
dir=NixOS-nixpkgs-${nixpkgs.shortRev}
cp -prd ${nixpkgs} $dir
cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir
# Set the correct timestamp in the tarball.
find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${
builtins.substring 12 2 nixpkgs.lastModifiedDate

2
tests/nixos/sourcehut-flakes.nix
View file

@ -48,7 +48,7 @@ let
nixpkgs-repo = pkgs.runCommand "nixpkgs-flake" { } ''
dir=NixOS-nixpkgs-${nixpkgs.shortRev}
cp -prd ${nixpkgs} $dir
cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir
# Set the correct timestamp in the tarball.
find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${

2
tests/nixos/tarball-flakes.nix
View file

@ -13,7 +13,7 @@ let
set -x
dir=nixpkgs-${nixpkgs.shortRev}
cp -prd ${nixpkgs} $dir
cp -rd --preserve=ownership,timestamps ${nixpkgs} $dir
# Set the correct timestamp in the tarball.
find $dir -print0 | xargs -0 touch -h -t ${builtins.substring 0 12 nixpkgs.lastModifiedDate}.${
builtins.substring 12 2 nixpkgs.lastModifiedDate