nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-15 23:12:44 +01:00
Code Activity
21773 commits 180 branches 219 tags 172 MiB
Commit graph

13074 commits

Author SHA1 Message Date
Winter
149d8eb8aa Stop vendoring toml11 
We don't apply any patches to it, and vendoring it locks users into
bugs (it hasn't been updated since its introduction in late 2021).

Closes https://git.lix.systems/lix-project/lix/issues/164

Change-Id: Ied071c841fc30b0dfb575151afd1e7f66970fdb9
(cherry picked from commit 80405d06264f0de1c16ee2646388ab501df20628)
 2024-06-26 22:27:13 -04:00
John Ericson
f002f85861 Avoid libmain header in libexpr 
We just don't need it!
 2024-06-26 22:26:45 -04:00
John Ericson
7181d1f4a1 Reformat 
Factored out code is now elegible for formatting.
 2024-06-26 19:56:21 -04:00
John Ericson
0084a486cc Split out a new libnixflake 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-06-26 19:56:21 -04:00
John Ericson
52730d38e2 Factor out flake:... lookup path from evaluator 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-06-26 19:56:21 -04:00
John Ericson
8a420162ab Merge branch 'master' into fix-sandbox-escape 2024-06-26 18:11:39 -04:00
Robert Hensing
85de5a60c7 Use lib instead of explicit fileset passing 2024-06-26 04:11:20 +02:00
Robert Hensing
6fe8fb967a libstore/worker.hh: Document Worker 2024-06-26 01:43:31 +02:00
Robert Hensing
fd0b376c79 libstore/worker.cc: Remove outdated comment 
It was added above this conditional

    Worker::Worker(LocalStore & store)
        : store(store)
    {
        /* Debugging: prevent recursive workers. */
        if (working) abort();
        working = true;

However, `working` has since been removed.

Source: https://github.com/NixOS/nix/blame/7f8e805c8ef2d7728648553de6b762964730a09a/src/libstore/build.cc#L2617
 2024-06-26 01:43:31 +02:00
John Ericson
65d7c80365
Merge pull request #10955 from NixOS/meson-nix-util-c 
Build nix-util-c with meson + unit tests
 2024-06-25 19:06:06 -04:00
Robert Hensing
ac89828b5a Build nix-util-c with meson and unit test 2024-06-25 21:35:23 +02:00
Robert Hensing
7df9d6da65 Improve error messages for invalid derivation names 2024-06-25 19:41:29 +02:00
John Ericson
5f4f789144
Merge pull request #10954 from NixOS/ci-meson 
ci.yml: Add meson_build
 2024-06-25 09:02:33 -04:00
Robert Hensing
0674be8d49 nix-util: Fix build 2024-06-25 10:26:57 +02:00
Brian McKenna
5be44d235a Guard uses of lutimes, for portability 2024-06-24 17:35:34 -04:00
John Ericson
05580a373f Fix error in the no-GC build 2024-06-24 17:18:16 -04:00
Robert Hensing
c66f1e7660
Merge pull request #10913 from NixOS/no-global-eval-settings-in-libexpr 
No global eval settings in `libnixexpr`
 2024-06-24 18:52:19 +02:00
John Ericson
fda4c78921
Merge pull request #10951 from obsidiansystems/load-just-one-config 
Small global config refactors
 2024-06-24 12:38:04 -04:00
John Ericson
52bfccf8d8 No global eval settings in libnixexpr 
Progress on #5638

There is still a global eval settings, but it pushed down into
`libnixcmd`, which is a lot less bad a place for this sort of thing.
 2024-06-24 12:15:16 -04:00
John Ericson
cb0c868da4 Allow loading config files into other config objects 
This gives us some hope of moving away from global variables.
 2024-06-24 12:07:56 -04:00
John Ericson
b46e13840b Format config-global.{cc,hh} 
Since the code is factored out, it is no longer avoding the formatter.
 2024-06-24 12:07:56 -04:00
John Ericson
1620ad4587 Split out GlobalConfig into its own header 
This makes it easier to understand the reach of global variables /
global state in the config system.
 2024-06-24 11:36:21 -04:00
John Ericson
b51e161af5 Cleanup ContentAddressMethod to match docs 
The old `std::variant` is bad because we aren't adding a new case to
`FileIngestionMethod` so much as we are defining a separate concept ---
store object content addressing rather than file system object content
addressing. As such, it is more correct to just create a fresh
enumeration.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-06-24 10:24:06 -04:00
John Ericson
64e599ebe1 Rename Recursive -> NixArchive 
For enums:

- `FileIngestionMethod`

- `FileSerialisationMethod`
 2024-06-24 10:24:06 -04:00
Eelco Dolstra
903acc7c0f
Merge pull request #10873 from siddhantk232/rm-createdirs 
use `std::filesystem::create_directories` for createDirs
 2024-06-24 14:54:37 +02:00
Eelco Dolstra
bc21c54565
Merge pull request #10943 from pineapplehunter/master 
Accept response from gitlab api with more than one entry in json
 2024-06-24 14:23:47 +02:00
Robert Hensing
6f64154eea
Merge pull request #10884 from tomberek/tomberek.warn_structuredAttrs_advanced 
fix: warn and document when advanced attributes will have no impact d…
 2024-06-24 07:56:26 +02:00
John Ericson
df068734ac
Merge pull request #10769 from poweredbypie/mingw-spawn 
Implement runProgram for Windows
 2024-06-23 14:12:36 -04:00
Shogo Takata
0468061dd2
accept response from gitlab with more than one entry 2024-06-23 00:52:19 +09:00
Eelco Dolstra
d54590fdf3 Fix --no-sandbox 
When sandboxing is disabled, we cannot put $TMPDIR underneath an
inaccessible directory.
 2024-06-21 17:06:19 +02:00
Eelco Dolstra
58b7b3fd15 Formatting 2024-06-21 17:06:19 +02:00
Eelco Dolstra
ede95b1fc1 Put the chroot inside a directory that isn't group/world-accessible 
Previously, the .chroot directory had permission 750 or 755 (depending
on the uid-range system feature) and was owned by root/nixbld. This
makes it possible for any nixbld user (if uid-range is disabled) or
any user (if uid-range is enabled) to inspect the contents of the
chroot of an active build and maybe interfere with it (e.g. via /tmp
in the chroot, which has 1777 permission).

To prevent this, the root is now a subdirectory of .chroot, which has
permission 700 and is owned by root/root.
 2024-06-21 17:06:19 +02:00
Théophane Hufschmitt
1d3696f0fb Run the builds in a daemon-controled directory 
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.

This achieves two things:

1. It prevents builders from making their build directory world-readable
   (or even writeable), which would allow the outside world to interact
   with them.
2. It prevents external processes running as the build user (either
   because that somehow leaked, maybe as a consequence of 1., or because
   `build-users` isn't in use) from gaining access to the build
   directory.
 2024-06-21 17:06:19 +02:00
siddhantCodes
85b7989764 fix: handle errors in nix::createDirs 
the `std::filesystem::create_directories` can fail due to insufficient
permissions. We convert this error into a `SysError` and catch it
wherever required.
 2024-06-20 19:53:25 +05:30
Valentin Gagarin
1c131ec2b7
Port C API docs to Meson (#10936) 
* Port C API docs to Meson

* don't cross-compile the docs
 2024-06-19 22:43:54 +02:00
PoweredByPie
8b81d083a7 Remove lookupPathForProgram and implement initial runProgram test 
Apparently, CreateProcessW already searches path, so manual path search
isn't really necessary.
 2024-06-18 01:01:52 -07:00
PoweredByPie
fcb92b4fa4 Fix DWORD vs. int comparison warning 2024-06-17 22:14:38 -07:00
Mingye Wang
ff1fc780d2
optimize-store.cc: Update macos exclusion comments 
#2230 broadened the scope of macOS hardlink exclusion but did not change the comments. This was a little confusing for me, so I figured the comments should be updated.
 2024-06-18 12:05:59 +08:00
PoweredByPie
4f6e3b9402 Implement tests for lookupPathForProgram and fix bugs caught by tests 2024-06-17 18:46:08 -07:00
PoweredByPie
4662e7d856 Implement windowsEscape 2024-06-17 14:57:57 -07:00
Tom Bereknyei
706edf26eb build: meson for libfetchers 2024-06-17 17:25:56 -04:00
PoweredByPie
b11cf8166f Format runProgram declaration 2024-06-17 13:12:28 -07:00
Valentin Gagarin
6e34c68327 Convert the internal API doc build to Meson 2024-06-17 15:51:58 -04:00
John Ericson
a83d95e26e Integrate perl with the other meson builds 
One big dev shell!
 2024-06-17 14:48:20 -04:00
PoweredByPie
a58ca342ca Initial runProgram implementation for Windows 
This is incomplete; proper shell escaping needs to be done
 2024-06-17 11:13:22 -07:00
John Ericson
a1bb668ccb Merge remote-tracking branch 'upstream/master' into rm-createdirs 2024-06-17 12:57:54 -04:00
Robert Hensing
e48abec567
Merge pull request #10916 from jmbaur/read-only-no-chown 
Don't chown when local-store is read-only
 2024-06-17 13:49:19 +02:00
Eelco Dolstra
48d38b32d2
Merge pull request #10918 from andir/restrict-tarfile-formats 
Restrict supported tarball formats to actual Tarballs
 2024-06-17 13:20:23 +02:00
PoweredByPie
b0cfac8f93 Fix compile error on windows 2024-06-17 00:03:50 -07:00
Jared Baur
de639ceafe
Don't chown when local-store is read-only 
If the local-store is using the read-only flag, the underlying
filesystem might be read-only, thus an attempt to `chown` would always
fail.
 2024-06-16 23:03:33 -07:00