Commit Graph

2172 Commits

Author SHA1 Message Date
Eelco Dolstra
708ea7cf7f Typo
(cherry picked from commit ef8987955b)
2024-09-26 00:20:11 +02:00
Eelco Dolstra
b91412595b Add release note
(cherry picked from commit 7b39cd631e)
2024-09-25 21:53:43 +00:00
John Ericson
c8d2bc72a5 Remove invalid release notes YAML field
There is no PR for this, since it was an embargoed fix before
disclosure.

(cherry picked from commit 32e67eba8b)
2024-07-03 20:02:23 +02:00
tomberek
2b15b0b9b0
Merge pull request from GHSA-q82p-44mg-mgh5
Fix sandbox escape 2.20
2024-06-26 18:49:22 -04:00
github-actions[bot]
ab48ea416a
remove link to relocated manual page (#10705)
fix old anchor redirects to point to the correct location

(cherry picked from commit 45697ba502)

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-05-15 22:41:14 +02:00
Théophane Hufschmitt
bb8a4a3d0d Add a release note for the build-dir hardening 2024-04-22 15:34:48 +02:00
Maximilian Bosch
077bc08f9a
doc/rl-2.20: clarify builders-use-substitutes vs. substitute-on-destination
...as this lead to confusion before.

(cherry picked from commit 50557adb3b)
2024-04-11 14:18:10 +02:00
Maximilian Bosch
9e077b2d47
doc/rl-2.20: add missing entry about nix copy --to ssh-ng://...
This requires `--substitute-on-destination` if you want the remote side
to substitute instead of copying if possible.

For completeness sake, document it here.

Also, the stable Nix from nixpkgs is still 2.18, so more folks may
stumble upon this when this is bumped, so I'd expect this to be actually
useful.

Closes #10182

(cherry picked from commit f34b8de5b2)
2024-04-11 14:18:06 +02:00
Rebecca Turner
7c6bd8b25f
Add release notes for "Functions are printed with more detail"
(cherry picked from commit abb5fef355)
2024-04-10 17:36:11 +02:00
Rebecca Turner
a383f3e408
Add release notes for "Nix no longer attempts to git add files that are .gitignored"
(cherry picked from commit 9a5d52262f)
2024-04-10 17:31:43 +02:00
Théophane Hufschmitt
d6918898c9 Add release notes 2024-03-07 09:38:54 +01:00
Valentin Gagarin
8f14bf4712 fix location of _redirects file
the Netlify `_redirects` file must be in the root directory [0] of the
files to serve, and mdBook copies all the files in `src` that aren't
`.md` to the output directory [1].

[0]: https://docs.netlify.com/routing/redirects/
[1]: https://rust-lang.github.io/mdBook/guide/creating.html#source-files

(cherry picked from commit 2d74b56aee)
2024-02-07 10:35:09 +00:00
Robert Hensing
b5947b55e2 Disallow store path names that are . or .. (plus opt. -)
As discussed in the maintainer meeting on 2024-01-29.

Mainly this is to avoid a situation where the name is parsed and
treated as a file name, mostly to protect users.
.-* and ..-* are also considered invalid because they might strip
on that separator to remove versions. Doesn't really work, but that's
what we decided, and I won't argue with it, because .-* probably
doesn't seem to have a real world application anyway.
We do still permit a 1-character name that's just "-", which still
poses a similar risk in such a situation. We can't start disallowing
trailing -, because a non-zero number of users will need it and we've
seen how annoying and painful such a change is.

What matters most is preventing a situation where . or .. can be
injected, and to just get this done.

(cherry picked from commit f1b4663805)
2024-01-31 18:11:17 +00:00
Robert Hensing
f36832ce13 parseStorePath: Support leading period
(cherry picked from commit b13e6a76b4)
2024-01-31 18:11:17 +00:00
Eelco Dolstra
652f334f87 Edit release notes 2024-01-29 17:51:21 +01:00
Eelco Dolstra
3089bce41b release notes: 2.20.0 2024-01-29 17:14:17 +01:00
Eelco Dolstra
0070400809 maintainers/release-notes: Include changelog-d
Otherwise it quietly generates an empty rl-<version>.md
2024-01-29 17:13:48 +01:00
Eelco Dolstra
baff34d728 Don't include store docs in every manpage 2024-01-29 16:30:29 +01:00
Valentin Gagarin
44a0d04483
add missing link (#9869) 2024-01-29 05:56:19 +01:00
Robert Hensing
40254092dd
Merge pull request #9770 from hercules-ci/refactor-rename-derivation-isPure
Refactor rename derivation type `isPure`
2024-01-27 11:24:20 +01:00
Robert Hensing
6a99c18c30 doc/glossary: Define impure derivation 2024-01-27 11:00:10 +01:00
Robert Hensing
5b7bfd2d6b
Merge pull request #9754 from 9999years/print-value-when-coercion-fails
Print the value in `error: cannot coerce` messages
2024-01-24 12:48:39 +01:00
tomberek
1c260fa6d1
Merge pull request #9481 from iFreilicht/disallow-nix-search-without-search-terms
nix search: Disallow empty regex
2024-01-23 20:59:52 -05:00
tomberek
775d59f1fa
Merge pull request #8893 from 9999years/fix-8882
Log what `nix flake check` does
2024-01-23 20:38:23 -05:00
Rebecca Turner
83bb494a30
Print the value in error: cannot coerce messages
This extends the `error: cannot coerce a TYPE to a string` message
to print the value that could not be coerced. This helps with debugging
by making it easier to track down where the value is being produced
from, especially in errors with deep or unhelpful stack traces.
2024-01-23 15:15:41 -08:00
Robert Hensing
5f72a97092
Merge pull request #9753 from 9999years/print-value-on-type-error
Print the value in `value is X while a Y is expected` error
2024-01-22 22:18:16 +01:00
John Ericson
50ce3832dc
Merge pull request #9512 from hercules-ci/release-notes-bdwgc-traceable-allocator-patch
prerequisites-source: Add bdwgc-traceable-allocator-patch
2024-01-22 11:58:43 -05:00
Rebecca Turner
cb7fbd4d83
Print value on type error
Adds the failing value to `value is <TYPE> while a <TYPE> is expected`
error messages.
2024-01-22 08:56:02 -08:00
Eelco Dolstra
16ccca2e86
Merge pull request #9703 from fricklerhandwerk/upgrade-no-channel
don't show `nix-channel` in upgrade instructions
2024-01-22 14:46:47 +01:00
John Ericson
a0b86b3160
Merge pull request #9760 from hercules-ci/doc-glossary-nix-expression
doc/glossary: Nix expression can be language expression
2024-01-22 08:26:01 -05:00
Théophane Hufschmitt
c8d33bca8d
Merge pull request #9822 from obsidiansystems/algo-vs-hash-algo
Start standardizing hash algo flags
2024-01-22 11:08:24 +01:00
John Ericson
da1aae2d06
Merge pull request #9821 from obsidiansystems/fix-typo
Fix typo in upcomming release notes
2024-01-20 18:03:25 -05:00
John Ericson
202c5e2afc Start standardizing hash algo flags
Do this if we want to do `--hash-algo` everywhere, and not `--algo` for
hash commands.

The new `nix hash convert` is updated. Deprecated new CLI commands are
left as-is (`nix hash path` needs to be redone and is also left as-is).
2024-01-20 17:29:35 -05:00
John Ericson
a93b204c27
Merge pull request #9348 from obsidiansystems/json-formats
Document JSON formats
2024-01-20 17:22:39 -05:00
John Ericson
65294fe5fe Fix typo in upcomming release notes
Thanks @cole-h for finding in https://github.com/NixOS/nix/pull/9815#discussion_r1460604130
2024-01-20 17:07:21 -05:00
John Ericson
edf3ecc497 Document JSON formats
Good to document these formats separately from commands that happen to
use them.

Eventually I would like this and `builtins.derivation` to refer to a
store section on derivations that is authoritative, but that doesn't yet
exist, and will take some time to make. So I think we're just best off
merging this now as is.

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-01-20 17:03:47 -05:00
Rebecca Turner
561a56cd13
Add release notes 2024-01-20 00:04:06 -08:00
John Ericson
356352c370 Add missing --hash-algo flag to nix store add 2024-01-19 23:11:18 -05:00
Robert Hensing
4e8483d09d
Merge pull request #9792 from fricklerhandwerk/move-section
move section on make variables
2024-01-19 00:55:33 +01:00
Robert Hensing
14f470ec4e
doc/hacking.md: Hint short option make -e
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-01-19 00:32:30 +01:00
Valentin Gagarin
28eb406834 reword section on make variables
- use one line per sentence
- use imperative for instructions
- add link to Make documentation
2024-01-17 04:39:26 +01:00
Valentin Gagarin
f134dbdffb move section on make variables
it should be after the general build instructions, as it goes into more detail.
2024-01-17 04:23:16 +01:00
Valentin Gagarin
55da939424 fix typo 2024-01-17 02:57:11 +01:00
Robert Hensing
2a3c5e6b8b
Merge pull request #9480 from NixOS/libfetchers-git-exportIgnore
libfetchers/git: Support export-ignore
2024-01-16 23:03:46 +01:00
Robert Hensing
51f524c629
Merge pull request #9755 from 9999years/printer-followup
Printer followup
2024-01-16 22:35:08 +01:00
Robert Hensing
85a1cd9bd5
Merge pull request #9762 from hercules-ci/doc-glossary-package
doc/glossary: Define package and package attribute set
2024-01-16 15:34:59 +01:00
Robert Hensing
baea5f42c6
doc/glossary: Simplify software package definition
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-01-16 14:50:53 +01:00
John Ericson
9b9ecdee34 Simplify RapidCheck configure
No more `RAPIDCHECK_HEADERS`!
2024-01-15 08:05:05 -05:00
Robert Hensing
7e5fa5c25c doc/glossary: Define package and package attribute set
A small step towards https://github.com/NixOS/nix/issues/6507

I believe this incomplete definition is one that can be agreed on.
It would be nice to define more, but considering that the issue
also proposes changes to the design, I believe we should hold off
on those.

As for the wording, we're dealing with some very general and vague
terms, that have to be treated with exactly the right amount of
vagueness to be effective.

I start out with a fairly abstract definition of package.
1. to establish a baseline so we know what we're talking about
2. so that we can go in and clarify that we have an extra, Nix-specific
   definition.

"Software" is notoriously ill-defined, so it makes a great qualifier
for package, which we don't really want to pin down either, because
that would just get us lost in discussion.
We can come back to this after we've done 6057 and a few years in a
desert cave.

Then comes the "package attribute set" definition.
I can already hear Valentin say "That's not even Nix's responsibility!"
and on some days I might even agree.
However, in our current reality, we have `nix-env`, `nix-build` and
`nix profile`, which query the `outputName` attribute - among others -
which just don't exist in the derivation.

For those who can't believe what they're reading:

    $ nix-build --expr 'with import ./. {}; bind // {outputName = "lib";}' --no-out-link
    this path will be fetched (1.16 MiB download, 3.72 MiB unpacked):
      /nix/store/rfk6klfx3z972gavxlw6iypnj6j806ma-bind-9.18.21-lib
    copying path '/nix/store/rfk6klfx3z972gavxlw6iypnj6j806ma-bind-9.18.21-lib' from 'https://cache.nixos.org'...
    /nix/store/rfk6klfx3z972gavxlw6iypnj6j806ma-bind-9.18.21-lib

and let me tell you that bind is not a library.

So anyway, that's also proof of why calling this a "derivation attrset" would be wrong, despite the type attribute.
2024-01-13 20:00:06 +01:00
Robert Hensing
e838ac98d4 doc/glossary: Nix expression can be language expression 2024-01-13 19:42:05 +01:00