mirror of
https://github.com/NixOS/nix.git
synced 2025-11-09 12:06:01 +01:00
Nix, the purely functional package manager
0256e5578e
To demonstrate the problem:
* You need a `git` at 2.33.3 in your $PATH
* An expression like this in a git repository:
``` nix
{
outputs = { self, nixpkgs }: {
packages.foo.x86_64-linux = with nixpkgs.legacyPackages.x86_64-linux;
runCommand "snens" { } ''
echo ${(builtins.fetchGit ./.).lastModifiedDate} > $out
'';
};
}
```
Now, when instantiating the package via `builtins.getFlake`, it fails on
Nix 2.7 like this:
$ nix-instantiate -E '(builtins.getFlake "'"$(pwd)"'").packages.foo.x86_64-linux'
fatal: unsafe repository ('/nix/store/a7j3125km4h8l0p71q6ssfkxamfh5d61-source' is owned by someone else)
To add an exception for this directory, call:
git config --global --add safe.directory /nix/store/a7j3125km4h8l0p71q6ssfkxamfh5d61-source
error: program 'git' failed with exit code 128
(use '--show-trace' to show detailed location information)
This breaks e.g. `nixops`-deployments using flakes with similar
expressions as shown above.
The cause for this is that `git(1)` tries to find the highest
`.git`-directory in the directory tree and if it finds a such a
directory, but with another owning user (root vs. the user who evaluates
the expression), it fails as above. This was changed recently to fix
CVE-2022-24765[1].
By explicitly specifying `--git-dir`, Git assumes to be in the top-level
directory and doesn't attempt to look for a `.git`-directory in the
parent directories and thus the code-path leading to said error is never
reached.
[1] https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/
|
||
|---|---|---|
| .github | ||
| config | ||
| contrib | ||
| doc/manual | ||
| m4 | ||
| maintainers | ||
| misc | ||
| mk | ||
| perl | ||
| scripts | ||
| src | ||
| tests | ||
| .dir-locals.el | ||
| .editorconfig | ||
| .gitignore | ||
| .version | ||
| boehmgc-coroutine-sp-fallback.diff | ||
| bootstrap.sh | ||
| configure.ac | ||
| COPYING | ||
| default.nix | ||
| docker.nix | ||
| flake.lock | ||
| flake.nix | ||
| local.mk | ||
| Makefile | ||
| Makefile.config.in | ||
| precompiled-headers.h | ||
| README.md | ||
| shell.nix | ||
Nix
Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible. Please refer to the Nix manual for more details.
Installation
On Linux and macOS the easiest way to install Nix is to run the following shell command (as a user other than root):
$ curl -L https://nixos.org/nix/install | sh
Information on additional installation methods is available on the Nix download page.
Building And Developing
See our Hacking guide in our manual for instruction on how to build nix from source with nix-build or how to get a development environment.
Additional Resources
- Nix manual
- Nix jobsets on hydra.nixos.org
- NixOS Discourse
- Matrix - #nix:nixos.org
- IRC - #nixos on libera.chat
License
Nix is released under the LGPL v2.1.