nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-16 15:32:43 +01:00
Code Activity
16893 commits 180 branches 219 tags 174 MiB
Commit graph

4324 commits

Author SHA1 Message Date
John Ericson
fef952e258
Merge pull request #8397 from NixLayeredStore/overlayfs-store 
Local Overlay Store
 2024-04-07 22:57:01 -04:00
Robert Hensing
5f9aaa86eb
Merge pull request #10416 from obsidiansystems/cgroup-linux-only 
Make `cgroup.{cc,hh}` linux-only files
 2024-04-07 16:52:31 +02:00
John Ericson
c99c80f075 Merge remote-tracking branch 'upstream/master' into overlayfs-store 2024-04-05 16:32:02 -04:00
John Ericson
5a365b0c89
Delete dead openFile in binary-cache-store.cc (#10418) 
d64cb33e90 / #5111 previously deleted the dead code where this was used, but missed this.
 2024-04-05 18:31:43 +00:00
John Ericson
513634ab5b Make cgroup.{cc,hh} linux-only files 
Forcing a conditional include, vs making the headers content
conditional, I think is more maintainable.

It is also how the other platform-specific headers (like
`namespaces.hh`) have been adapted.
 2024-04-05 12:29:14 -04:00
John Ericson
50f621b241 Better signals interface 
This avoids some CPP and accidentally using Unix stuff in client code.
 2024-04-05 01:38:28 -04:00
John Ericson
1577b5fa67 Make SQLite busy back-off logic portable 
Use C++ standard library not Unix functions for sleeping and randomness.

Suggested by @edolstra in https://github.com/NixOS/nix/pull/8901#discussion_r1550416615
 2024-04-04 12:43:33 -04:00
Robert Hensing
12ec3154b8
Merge pull request #8699 from tweag/nix-c-bindings 
(Towards) stable C bindings for libutil, libexpr
 2024-04-04 17:50:52 +02:00
HaeNoe
50cb14fcf9
Improve checked json casting (#10087) 
This introduces new utility functions to get elements from JSON — in an ergonomic way and with nice error messages if the expected type does not match.

Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
 2024-04-03 18:04:00 +00:00
John Ericson
02fa20622f Start factoring out Unix assumptions 
This splits files and adds new identifiers in preperation for supporting
windows, but no Windows-specific code is actually added yet.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-04-02 14:43:38 -04:00
John Ericson
852391765d Add unix (and linux) dirs 
In the Nix commit, platform-specific sources will go here.
 2024-04-02 12:55:23 -04:00
Eelco Dolstra
bb5764e578
Merge pull request #10301 from a-n-n-a-l-e-e/wal-persist 
enable persistent WAL mode for sqlite db
 2024-04-02 12:02:12 +02:00
John Ericson
9b88e52846
Merge pull request #10362 from obsidiansystems/maybeLstat 
Factor out `nix::maybeLstat`
 2024-03-30 11:23:29 -04:00
John Ericson
e4d9b207c2 Factor out isRootUser function 2024-03-29 16:33:01 -04:00
John Ericson
8be347afca Factor out nix::maybeLstat 
This function is nice for more than `PosixSourceAccessor`. We can make a
few things simpler with it.

Note that the error logic slightly changes in some of the call sites, in
that we also count `ENOTDIR` and not just `ENOENT` as not having the
file, but that should be fine.
 2024-03-29 16:32:53 -04:00
José Luis Lafuente
c57de60522
C API: Keep the structure flat 
See https://github.com/NixOS/nix/pull/10329
 2024-03-28 19:00:04 +01:00
José Luis Lafuente
d96b52bd8b
C api: nix_export_std_string -> nix_observe_string 2024-03-28 10:52:02 +01:00
José Luis Lafuente
31fbb24329
C API: refactor nix_store_realise 2024-03-28 10:52:02 +01:00
José Luis Lafuente
34d15e8f2f
C API: rename nix_store_build -> nix_store_realise 2024-03-28 10:52:01 +01:00
José Luis Lafuente
c49b88b066
C API: update docs based on PR feedback 2024-03-28 10:52:01 +01:00
José Luis Lafuente
24c8f6864d
C API: if store doesn't have a version, return an empty string 2024-03-28 10:52:00 +01:00
José Luis Lafuente
d5ec1d0617
C API: nix_store_open, check for empty strings 2024-03-28 10:51:59 +01:00
José Luis Lafuente
24604d024a
C API: fix docs build after rebase 2024-03-28 10:51:59 +01:00
José Luis Lafuente
41f1669dea
C API: add tests for libutil and libstore 2024-03-28 10:50:02 +01:00
Yorick van Pelt
9e423dee11
C API: update after rebase 2024-03-28 10:47:55 +01:00
Yorick van Pelt
e1bb799da9
C API: reformat according to proposed clang-format file 2024-03-28 10:47:55 +01:00
Yorick van Pelt
9d380c0f76
C API: clarify some documentation 2024-03-28 10:47:55 +01:00
Yorick
40f5d48d3c
Apply documentation suggestions from code review 
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
 2024-03-28 10:47:55 +01:00
Yorick van Pelt
e642bbc2a7
C API: move to src/lib*/c/ 2024-03-28 10:46:39 +01:00
Yorick van Pelt
df9401eb4e
nix_api_store: add nix_init_plugins 2024-03-28 10:39:07 +01:00
Yorick van Pelt
dc0f7d8f96
initPlugins: run nix_plugin_entry() on dlopen'd plugins 
Only when it exists.
 2024-03-28 10:39:07 +01:00
Yorick van Pelt
b0741f7128
external-api-doc: introduce and improve documentation 2024-03-28 10:39:06 +01:00
Yorick van Pelt
1777e4a5bb
nix_api_store: add userdata param to nix_store_build 2024-03-28 10:39:05 +01:00
Yorick van Pelt
c3b5b8eb62
nix_api_expr, store: fix minor documentation issues 2024-03-28 10:39:05 +01:00
Yorick van Pelt
1d41600498
libstore: add C bindings 2024-03-28 10:39:04 +01:00
John Ericson
77205b2042 Allow for ergnomically putting Unix-only files in subdirs by creating INLCUDE_$(pkg) vars 
Separate platform-specific files will allow avoiding a lot of CPP.
 2024-03-27 12:01:59 -04:00
annalee
7205a6bbc9
enable persistent WAL mode for sqlite db 
allow processes without write access to the directory containing the db
to read the db when all connections are closed. Without this setting and
with WAL enabled and no open db connections unprivileged processes will
fail to open the db due the WAL files not existing and not able to
create them. When the WAL files are persistent unprivileged processeses
can read the db when there are no open connections.

Additionally, journal_size_limit is set to 2^40, which results in the
WAL files being truncated to 0 on exit, as well as limiting the WAL
files to 2^40 bytes following a checkpoint.

https://www.sqlite.org/c3ref/c_fcntl_begin_atomic_write.html#sqlitefcntlpersistwal
https://www.sqlite.org/pragma.html#pragma_journal_size_limit
ed517a7082/src/wal.c (L2518)

Fixes https://github.com/NixOS/nix/issues/10300
 2024-03-27 15:36:09 +00:00
Robert Hensing
8b16cced18 Add build-dir setting 2024-03-25 19:48:59 +01:00
Robert Hensing
b1fe388d33 Remove uncalled for message 2024-03-25 19:48:57 +01:00
Robert Hensing
850c9a6caf HttpBinaryCacheStore: Remove *all* trailing slashes 2024-03-24 00:52:14 +01:00
Robert Hensing
dd26f41379 local-derivation-goal.cc: Remove *all* trailing slashes 2024-03-24 00:52:14 +01:00
Robert Hensing
fd31945742 local-derivation-goal.cc: Reuse defaultTempDir() 2024-03-24 00:45:15 +01:00
Robert Hensing
c3fb2aa1f9 fix: Treat empty TMPDIR as unset 
Fixes an instance of

    nix: src/libutil/util.cc:139: nix::Path nix::canonPath(PathView, bool): Assertion `path != ""' failed.

... which I've been getting in one of my shells for some reason.
I have yet to find out why TMPDIR was empty, but it's no reason for
Nix to break.
 2024-03-24 00:42:31 +01:00
Félix Baylac-Jacqué
40a7929c8e Daemon: warn when an untrusted user cannot override a setting 
In a daemon-based Nix setup, some options cannot be overridden by a
client unless the client's user is considered trusted.

Currently, if an untrusted user tries to override one of those
options, we are silently ignoring it.

This can be pretty confusing in certain situations.

e.g. a user thinks he disabled the sandbox when in reality he did not.

We are now sending a warning message letting know the user some options
have been ignored.

Related to #1761.

This is a cherry-pick of 9e0f5f803f.
The above commit has been reverted by
a59e77d9e5 to prevent spamming warnings
with experimental features, but these are now totally ignored on the
daemon side, so there's no reason for the revert any more.
 2024-03-20 17:55:35 +01:00
John Ericson
18945e3f44 Merge branch 'master' into overlayfs-store 2024-03-18 16:43:33 -04:00
Théophane Hufschmitt
a3163b9eab Fix the outputs moving on macOS 2024-03-07 14:52:40 +01:00
Eelco Dolstra
da62528487
Merge pull request from GHSA-2ffj-w4mj-pg37 
Copy built outputs
 2024-03-07 11:56:24 +01:00
Théophane Hufschmitt
fe42a0ead7
Documentation typo 2024-03-06 09:10:32 +01:00
Théophane Hufschmitt
7764edf0e4
Merge pull request #10078 from szlend/fix-macos-local-network-sandbox 
Fix `__darwinAllowLocalNetworking` sandbox
 2024-03-04 14:34:57 +01:00
Théophane Hufschmitt
c3878f510e Copy the output of fixed-output derivations before registering them 
It is possible to exfiltrate a file descriptor out of the build sandbox
of FODs, and use it to modify the store path after it has been
registered.
To avoid that issue, don't register the output of the build, but a copy
of it (that will be free of any leaked file descriptor).
 2024-03-01 09:31:28 +01:00