Robert Hensing
3f37785afd
NIX_REMOTE_SYSTEMS: actually support multiple :-separated entries
...
Bug not reported in 6 years, but here you go.
Also it is safe to switch to normal concatStringsSep behavior
because tokenizeString does not produce empty items.
2024-07-13 03:06:24 +02:00
Robert Hensing
ea966a70fc
dropEmptyInitThenConcatStringsSep -> concatStringSep: diagnostics and docs
...
These are non-critical, so their behavior is ok to change.
Dropping empty items is not needed and usually not expected.
2024-07-13 03:06:24 +02:00
Robert Hensing
1a8defd06f
Refactor: rename C++ concatStringsSep -> dropEmptyInitThenConcatStringsSep
2024-07-13 03:05:50 +02:00
John Ericson
bc83b9dc1f
Remove comparator.hh and switch to <=> in a bunch of places
...
Known behavior changes:
- `MemorySourceAccessor`'s comparison operators no longer forget to
compare the `SourceAccessor` base class.
Progress on #10832
What remains for that issue is hopefully much easier!
2024-07-12 14:54:18 -04:00
Robert Hensing
11a6db5993
Remove unused operator<=>'s that darwin can't generate
...
It was complaining *a lot*, with dozens of MB of logs.
2024-07-12 17:37:27 +02:00
Robert Hensing
27eaeebc41
nar-accessor.cc: Silence unused variable warning
2024-07-12 15:38:17 +02:00
Robert Hensing
8df041cbc6
Solve unused header warnings reported by clangd
2024-07-12 15:37:54 +02:00
John Ericson
6e5cec292b
Use a meson "generator" to deduplicate .gen.hh creation
2024-07-08 11:13:11 -04:00
John Ericson
d8850618b6
Merge pull request #11059 from rhendric/rhendric/reference-manual
...
docs: merge builtin-constants into builtins
2024-07-07 21:47:33 -04:00
Ryan Hendrickson
95890b3e1d
docs: merge builtin-constants into builtins
2024-07-07 15:57:23 -04:00
Robert Hensing
a9592077fb
Merge pull request #11055 from NixOS/packaging-for-nixpkgs
...
Indirections for packaging meson-based granular build for Nixpkgs
2024-07-07 21:33:01 +02:00
Romain NEIL
514062c227
feat: configure aws s3 lib to use system defined proxy, if existent
2024-07-06 21:46:58 +02:00
Robert Hensing
0729f0a113
packaging: Pass version directly
2024-07-06 17:52:57 +02:00
Robert Hensing
ddff76f667
Merge pull request #10973 from NixOS/meson-libexpr
...
Meson build for libexpr libflake, external C API, unit tests
2024-07-05 20:27:12 +02:00
Robert Hensing
a476383f46
Merge pull request #11031 from emilazy/push-xsrvoyspsvqx
...
libstore: fix sandboxed builds on macOS
2024-07-05 17:08:39 +02:00
John Ericson
e4056b9afd
Apply suggestions from code review
...
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-04 17:48:27 -04:00
Emily
af2e1142b1
libstore: fix sandboxed builds on macOS
...
The recent fix for CVE-2024-38531 broke the sandbox on macOS
completely. As it’s not practical to use `chroot(2)` on
macOS, the build takes place in the main filesystem tree, and the
world‐unreadable wrapper directory prevents the build from accessing
its `$TMPDIR` at all.
The macOS sandbox probably shouldn’t be treated as any kind of a
security boundary in its current state, but this specific vulnerability
wasn’t possible to exploit on macOS anyway, as creating `set{u,g}id`
binaries is blocked by sandbox policy.
Locking down the build sandbox further may be a good idea in future,
but it already has significant compatibility issues. For now, restore
the previous status quo on macOS.
Thanks to @alois31 for helping me come to a better understanding of
the vulnerability.
Fixes: 1d3696f0fbCloses : #11002
2024-07-04 16:28:37 +01:00
Emily
76e4adfaac
libstore: clean up the build directory properly
...
After the fix for CVE-2024-38531, this was only removing the nested
build directory, rather than the top‐level temporary directory.
Fixes: 1d3696f0fb
2024-07-04 16:22:02 +01:00
John Ericson
30de61f16d
Merge pull request #11018 from siddhantk232/canonpath-fs-sink
...
Use `CanonPath` in `fs-sink.hh`
2024-07-03 10:36:18 -04:00
siddhantCodes
2cf24a2df0
fix tests and minor changes
...
- use the iterator in `CanonPath` to count `level`
- use the `CanonPath::basename` method
- use `CanonPath::root` instead of `CanonPath{""}`
- remove `Path` and `PathView`, use `std::filesystem::path` directly
2024-07-03 17:43:55 +05:30
John Ericson
4d6bc61b8d
Fix things
2024-07-02 09:26:22 -04:00
John Ericson
513f6b9718
meson: Prelink links to avoid missing C++ initializers
...
This is the same as what the old build system did in
7eca8a16ea
2024-07-02 09:26:22 -04:00
John Ericson
f7ce10dbc1
Fix static build
2024-07-02 09:26:22 -04:00
John Ericson
479befa76d
More fixes
2024-07-02 09:26:22 -04:00
John Ericson
6a0582d9fd
Rename file to avoid reserved name
2024-07-02 09:26:22 -04:00
John Ericson
0b539dea4a
Improve boost hacks
2024-07-02 09:26:22 -04:00
John Ericson
8399bd6b8f
Dedup
2024-07-02 09:26:21 -04:00
John Ericson
8198888bc4
More dedup
2024-07-02 09:23:25 -04:00
John Ericson
d6f57f3260
More dedup
2024-07-02 09:23:25 -04:00
John Ericson
c88f83b471
More dedup
2024-07-02 09:23:25 -04:00
John Ericson
d902481a36
Better org
2024-07-02 09:23:25 -04:00
John Ericson
a81e319528
Deduplicating
2024-07-02 09:23:24 -04:00
John Ericson
4fa8068b78
Mesonify other external API
2024-07-02 09:23:24 -04:00
John Ericson
31257009e1
Meson build for libexpr and libflake
2024-07-02 09:23:24 -04:00
Jörg Thalheim
101915c9b7
enable -Werror=unused-result
...
Inspired by
010ff57ebb
2024-07-02 08:46:06 +02:00
siddhantCodes
72bb530141
use CanonPath in fs-sink and its derivatives
2024-06-30 19:03:15 +05:30
John Ericson
8a420162ab
Merge branch 'master' into fix-sandbox-escape
2024-06-26 18:11:39 -04:00
Robert Hensing
85de5a60c7
Use lib instead of explicit fileset passing
2024-06-26 04:11:20 +02:00
Robert Hensing
6fe8fb967a
libstore/worker.hh: Document Worker
2024-06-26 01:43:31 +02:00
Robert Hensing
fd0b376c79
libstore/worker.cc: Remove outdated comment
...
It was added above this conditional
Worker::Worker(LocalStore & store)
: store(store)
{
/* Debugging: prevent recursive workers. */
if (working) abort();
working = true;
However, `working` has since been removed.
Source: https://github.com/NixOS/nix/blame/7f8e805c8ef2d7728648553de6b762964730a09a/src/libstore/build.cc#L2617
2024-06-26 01:43:31 +02:00
Robert Hensing
7df9d6da65
Improve error messages for invalid derivation names
2024-06-25 19:41:29 +02:00
Brian McKenna
5be44d235a
Guard uses of lutimes, for portability
2024-06-24 17:35:34 -04:00
John Ericson
fda4c78921
Merge pull request #10951 from obsidiansystems/load-just-one-config
...
Small global config refactors
2024-06-24 12:38:04 -04:00
John Ericson
cb0c868da4
Allow loading config files into other config objects
...
This gives us some hope of moving away from global variables.
2024-06-24 12:07:56 -04:00
John Ericson
1620ad4587
Split out GlobalConfig into its own header
...
This makes it easier to understand the reach of global variables /
global state in the config system.
2024-06-24 11:36:21 -04:00
John Ericson
b51e161af5
Cleanup ContentAddressMethod to match docs
...
The old `std::variant` is bad because we aren't adding a new case to
`FileIngestionMethod` so much as we are defining a separate concept ---
store object content addressing rather than file system object content
addressing. As such, it is more correct to just create a fresh
enumeration.
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-06-24 10:24:06 -04:00
John Ericson
64e599ebe1
Rename Recursive -> NixArchive
...
For enums:
- `FileIngestionMethod`
- `FileSerialisationMethod`
2024-06-24 10:24:06 -04:00
Eelco Dolstra
903acc7c0f
Merge pull request #10873 from siddhantk232/rm-createdirs
...
use `std::filesystem::create_directories` for createDirs
2024-06-24 14:54:37 +02:00
Robert Hensing
6f64154eea
Merge pull request #10884 from tomberek/tomberek.warn_structuredAttrs_advanced
...
fix: warn and document when advanced attributes will have no impact d…
2024-06-24 07:56:26 +02:00
Eelco Dolstra
d54590fdf3
Fix --no-sandbox
...
When sandboxing is disabled, we cannot put $TMPDIR underneath an
inaccessible directory.
2024-06-21 17:06:19 +02:00
