Commit Graph

7161 Commits

Author SHA1 Message Date
regnat
89fba5c847 Use the real path when checking imported CA paths
Otherwise chrooted store will fail because Nix will try to read the
virtual path instead of the physical one

Should fix https://github.com/NixOS/nixpkgs/issues/126141
2021-07-26 11:34:47 +02:00
Alyssa Ross
fa7cbf8222
Only link with libdl on Linux
Linux is (as far as I know) the only mainstream operating system that
requires linking with libdl for dlopen.  On BSD, libdl doesn't exist,
so on non-FreeBSD BSDs linking will currently fail.  On macOS, it's
apparently just a symlink to libSystem (macOS libc), presumably
present for compatibility with things that assume Linux.

So the right thing to do here is to only add -ldl on Linux, not to add
it for everything that isn't FreeBSD.

(cherry picked from commit c57ab17687)
2021-07-23 10:50:29 +00:00
Eelco Dolstra
e871146179
Merge pull request #5013 from illustris/nscd-backport
fixed-output derivations: fix incorrect responses for getpwuid
2021-07-14 17:00:00 +02:00
illustris
1c51a169fb fixed-output derivations: fix incorrect responses for getpwuid
backport of #5006
2021-07-14 14:26:25 +05:30
Emily
76c7f5f215
sandbox: allow SystemVersionCompat.plist on Darwin
For whatever reason, many programs trying to access SystemVersion.plist
also open SystemVersionCompat.plist; this includes Python code and
coreutils’ `cat(1)` (but not the native macOS `/bin/cat`). Illustratory
`dtruss(1m)` output:

    open("/System/Library/CoreServices/SystemVersion.plist\0", 0x0, 0x0)		 = 3 0
    open("/System/Library/CoreServices/SystemVersionCompat.plist\0", 0x0, 0x0)		 = 4 0

I assume this is a Big Sur change relating to the 10.16.x/11.x
version compatibility divide and that it’s something along the lines of
a hook inside libSystem.

Fixes a lot of sandboxed package builds under Big Sur.

(cherry picked from commit 559a504da7)
Signed-off-by: Domen Kožar <domen@dev.si>
2021-07-12 09:35:16 +02:00
Emily
405d78eafc
Mark __impureHostDeps paths as optional
Starting in macOS 11, the on-disk dylib bundles are no longer available,
but nixpkgs needs to be able to keep compatibility with older versions
that require `/usr/lib/libSystem.B.dylib` in `__impureHostDeps`. Allow
it to keep backwards compatibility with these versions by marking these
dependencies as optional.

Fixes #4658.

(cherry picked from commit c4355a52fa)
Signed-off-by: Domen Kožar <domen@dev.si>
2021-07-12 09:30:35 +02:00
Eelco Dolstra
998fe9d645
Merge pull request #4985 from toonn/doc-install-fish
Make install documentation fish-friendly
2021-07-05 21:52:15 +02:00
toonn
ea962a84c3
doc: Change install syntax to be fish compatible 2021-07-05 13:58:01 +02:00
Eelco Dolstra
1da76cbec7
Merge pull request #4975 from domenkozar/2.3-upload-release-aarch64-darwin
upload-release.pl: add aarch64-darwin
2021-07-02 15:32:54 +02:00
Eelco Dolstra
f1e3a6a50a
Bump version 2021-07-02 15:00:14 +02:00
Domen Kožar
14262b86cc
upload-release.pl: add aarch64-darwin 2021-07-02 14:13:26 +02:00
Domen Kožar
eda79305b6
installer: use native aarch64-darwin 2021-07-02 14:08:01 +02:00
Eelco Dolstra
926163070b
Merge pull request #4899 from sternenseemann/primops-2.3
[2.3] backport: Make `functionArgs` primitive accept primops
2021-06-23 14:15:36 +02:00
Eelco Dolstra
8aeea1e9f4
Remove Deb/RPM jobs 2021-06-23 11:41:06 +02:00
Eelco Dolstra
a49bddb040
Remove tests.binaryTarball
This test no longer works on Hydra because import-from-derivation is
no longer allowed.

(cherry picked from commit 3daa256728)
2021-06-23 11:39:59 +02:00
Domen Kožar
165e44fef9
fix setuid test eval 2021-06-23 09:37:14 +02:00
aszlig
50b8ef40cb
Convert VM tests to Python
Perl-based tests are deprecated since NixOS 20.03 and subsequently got
removed in NixOS 20.09, which effectively means that tests are going to
fail as soon as we build it with NixOS 20.09 or anything newer.

I've put "# fmt: off" at the start of every testScript, because
formatting with Black really messes up indentation and I don't think it
really adds anything in value or readability for inlined Python scripts.

Signed-off-by: aszlig <aszlig@nix.build>
(cherry picked from commit 5cfdf16dd6)
Signed-off-by: Domen Kožar <domen@dev.si>
2021-06-22 11:03:51 +02:00
Domen Kožar
78e7d7cfab
Fix perlBindings.aarch64-darwin build 2021-06-22 10:45:00 +02:00
Eelco Dolstra
042718a293
Bump version 2021-06-21 17:02:08 +02:00
Lucas Franceschino
9f7a59af71 Make functionArgs primitive accept primops
(cherry picked from commit b2748c6e99)
2021-06-10 01:00:49 +02:00
Domen Kožar
b98a50af30
Merge pull request #4867 from Kloenk/stable-aarch64-darwin
enable aarch64-darwin in release.nix
2021-06-07 17:04:25 +02:00
Finn Behrens
29e8db916a enable aarch64-darwin in release.nix 2021-06-07 16:27:02 +02:00
Eelco Dolstra
cc565be4bc
Merge pull request #4890 from alyssais/2.3-libatomic
[2.3] Backport libatomic fixes
2021-06-04 14:54:08 +02:00
Puck Meerburg
feb8267257
configure.ac: fix use of unread LIBS variable
This fixes both the SunOS/Solaris check, and the libatomic check, which
reference $LIBS, which has not been used since automake was stripped
out of the code.

(cherry picked from commit 196b77b686)
2021-06-04 12:28:34 +00:00
Matthew Bauer
f1688f2136
Use more robust test for libatomics
Taken from Mesa configure script:

https://github.com/mesa3d/mesa/blob/17.2/configure.ac#L405-L427
(cherry picked from commit b1c34152fe)
2021-06-04 12:28:19 +00:00
Matthew Bauer
7375b0b58c
Add libatomic for 32-bit ARM
Fixes #3113

(cherry picked from commit 74b4737d8f)
2021-06-04 12:26:36 +00:00
Eelco Dolstra
456bffbbe5
Merge pull request #4888 from alyssais/backport-static
[2.3] Pass --static flag to pkg-config when necessary
2021-06-04 14:19:13 +02:00
Matthew Bauer
fe679310a7
Pass --static flag to pkg-config when necessary
(cherry picked from commit 3e85c57a6c)
2021-06-04 11:04:30 +00:00
Domen Kožar
7b279eb798
Merge pull request #4877 from alyssais/2.3-freenode
[2.3] backport contact info changes (including getting rid of Freenode)
2021-06-02 11:14:51 +02:00
Alyssa Ross
a25f0a8730
install-multi-user.sh: add link to forum
Introduced in master in eab14a642c.
2021-06-02 08:32:47 +00:00
Patrick Hilhorst
c9dcfa50f8
throw freenode down the memory hole
(cherry picked from commit 822e338e5c)
2021-06-02 08:10:59 +00:00
Eelco Dolstra
59acbc5220 Fix evaluation on 20.03 2021-06-01 15:27:32 +02:00
regnat
3dbd83b9a1 Check the CA hash when importing stuff in the local store
When adding a path to the local store (via `LocalStore::addToStore`),
ensure that the `ca` field of the provided `ValidPathInfo` does indeed
correspond to the content of the path.
Otherwise any untrusted user (or any binary cache) can add arbitrary
content-addressed paths to the store (as content-addressed paths don’t
need a signature).
2021-06-01 15:21:01 +02:00
Eelco Dolstra
5713ff48c3 Bump version 2021-06-01 15:20:51 +02:00
Eelco Dolstra
702d707fb1
Merge pull request #4863 from jonringer/fix-2.3-build-stable
Fix pure build of 2.3
2021-06-01 11:22:28 +02:00
Jonathan Ringer
5e5013e2f6
Fix pure build of 2.3 2021-05-31 17:14:33 -07:00
Domen Kožar
406a70159a
Merge pull request #4805 from YorikSar/zsh-nix-profiles-2.3
Fix iterating over $NIX_PROFILES in Zsh (backport to 2.3)
2021-05-14 12:22:27 +02:00
Eelco Dolstra
2e12b28fc5
Bump version 2021-05-14 11:59:01 +02:00
Yuriy Taraday
419797128d Fix iterating over $NIX_PROFILES in Zsh
NIX_PROFILES is space separated list of directories, and passing it into
for as is is considered to be 1-element list with the whole string. With
shwordsplit option Zsh emulates other shells in this regard ans
implicitely splits unquoted strings into words.

Fixes #4167.
2021-05-14 12:09:58 +04:00
Travis A. Everett
dd50221e8a
fix nixbld user name/uid for macOS
(cherry picked from commit 0431cf6d09)
Signed-off-by: Domen Kožar <domen@dev.si>
2021-03-26 09:24:10 +01:00
Eelco Dolstra
dac86f84c3
Merge pull request #4634 from ianthehenry/backport-user-env-assertion-fix
backport #4411
2021-03-15 16:34:33 +01:00
David McFarland
2fe57daadd Fix insufficent attribute capacity in user profile 2021-03-13 17:32:47 +00:00
Eelco Dolstra
2a19287b8f
Merge pull request #4616 from lovesegfault/backport-4601
Backport #4601
2021-03-08 13:36:55 +01:00
Bernardo Meurer
da1629d744
nix-build: set execfail
When starting a nix-shell with `-i` it was previously possible for it to
silently fail in the scenario where the specified interpreter didn't
exist. This happened due to the `exec` call masking the issue.

With this change we enable `execfail`, which causes the script using
`nix-shell` as interpreter to correctly exit with code 127.

Fixes: #4598
(cherry picked from commit 6e849e3b0a)
2021-03-08 02:09:12 -08:00
Graham Christensen
5a2716f6d3
distributed builds: load remote builder host key from the machines file
This is already used by Hydra, and is very useful when materializing
a remote builder list from service discovery. This allows the service
discovery tool to only sync one file instead of two.
2021-02-25 11:11:07 -05:00
Eelco Dolstra
3cdd464212
Merge pull request #4475 from matthewbauer/fix-4469-backport-2-3
[backport 2.3] Fix #4469
2021-01-25 20:15:59 +01:00
Maximilian Bosch
85329cac35
scripts/install-nix-from-closure: only show progress if a terminal is used
While the progress dots during the copying of the store work fine on a
normal terminal, those look pretty off if the script is run inside a
provisioning script of e.g. `vagrant` or `packer` where `stderr` and
`stdout` are captured:

    default: .
    default: ..
    default: .
    default: .
    default: .

To work around this, the script checks with `-t 0` if it's
running on an actual terminal and doesn't show the progress if that's not
the case.

(cherry picked from commit d9367a2dd1)
2021-01-25 20:14:10 +01:00
Matthew Bauer
f95c320500 Handle missing etag in 304 Not Modified response
GitHub now omits the etag, but 304 implies it matches the one we
provided. Just use that one to avoid having an etag-less resource.

Fixes #4469

(cherry picked from commit a766824660)
2021-01-25 12:18:57 -06:00
Eelco Dolstra
3a6a2f88f2
Merge pull request #4404 from orivej/2.3-aws-sdk-cpp
Backport compatibility with newer AWS SDKs to 2.3 (#4316)
2020-12-28 13:14:47 +01:00
Stéphan Kochen
024c0eaad1 Fix compatibility with newer AWS SDKs (#4316)
Tested against AWS SDK 1.8.99. Fixes #3201.

(cherry picked from commit e20a3ec756)
2020-12-26 09:09:21 +00:00