Eelco Dolstra
99f14d4b34
Revert "tests/check.sh: Fix a race"
...
This reverts commit 0776aa11c9
because
it's causing a test failure: https://hydra.nixos.org/build/247889890
2024-03-07 14:27:23 +01:00
Eelco Dolstra
b4d5aaca60
Merge pull request from GHSA-2ffj-w4mj-pg37
...
Sandbox escape 2.3
2024-03-07 11:56:24 +01:00
Théophane Hufschmitt
8604f6d329
Add release notes
2024-03-01 10:24:54 +01:00
Théophane Hufschmitt
2064277b05
Fix a typo in a test comment
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-03-01 10:24:54 +01:00
Théophane Hufschmitt
8c27eb6c1b
Copy the output of fixed-output derivations before registering them
...
It is possible to exfiltrate a file descriptor out of the build sandbox
of FODs, and use it to modify the store path after it has been
registered.
To avoid that issue, don't register the output of the build, but a copy
of it (that will be free of any leaked file descriptor).
2024-03-01 10:24:54 +01:00
Théophane Hufschmitt
9c0be4c156
Add a NixOS test for the sandbox escape
...
Test that we can't leverage abstract unix domain sockets to leak file
descriptors out of the sandbox and modify the path after it has been
registered.
2024-03-01 10:24:54 +01:00
Théophane Hufschmitt
ec26251bb9
Merge pull request #9771 from hercules-ci/2.3-flake
...
[2.3] Add flake for testing purposes
2024-01-26 09:41:25 +01:00
Robert Hensing
0776aa11c9
tests/check.sh: Fix a race
...
Based on 02dd6bb610
2024-01-15 11:40:53 +01:00
Robert Hensing
0099f8e8de
Add best-effort flake.nix
...
The purpose for this flake is to make `nix run nix/2.3-maintenance` work,
so that it's easier to answer questions about this old series of releases.
2024-01-15 10:40:48 +01:00
Eelco Dolstra
575859a535
Bump version
2023-11-03 18:05:47 +01:00
John Ericson
f76990444c
Merge pull request #9261 from flokli/backport-3564
...
[2.3-maintenance] Wait for build users when none are available
2023-11-01 20:01:36 -04:00
Eelco Dolstra
791af78365
Merge pull request #9263 from flokli/update-stringly-typed-configureflags
...
[2.3-maintenance] Convert stringly-typed configureFlags to lists of strings
2023-10-31 16:06:52 +01:00
Eelco Dolstra
5757632bcb
Merge pull request #9260 from flokli/backport-4012
...
[2.3-maintenance] Escape `${` in strings when printing Nix expressions
2023-10-31 16:06:07 +01:00
Eelco Dolstra
78d73112a6
Merge pull request #9262 from flokli/pkg-config-rename
...
[2.3-maintenance] Address removal of pkgconfig alias
2023-10-31 16:05:34 +01:00
sternenseemann
a4cafa65e7
Convert stringly-typed configureFlags to lists of strings
...
This has been deprecated in nixpkgs and the warning resulting from that
is driving me crazy.
2023-10-31 12:25:06 +02:00
sternenseemann
6663e7aeea
Address removal of pkgconfig alias
...
nixpkgs ended up removing that alias, this fixes the build with a more
recent nixpkgs.
2023-10-31 12:22:36 +02:00
Alexander Bantyev
12935e54ea
Mention build users in the 'waiting for' message
...
(cherry picked from commit 772e5db828
)
2023-10-31 12:15:35 +02:00
Alexander Bantyev
849f9b83a8
Don't block while waiting for build users
...
(cherry picked from commit 14073fb76b
)
2023-10-31 12:15:35 +02:00
Alexander Bantyev
a1469cc8f4
Wait for build users when none are available
...
(cherry picked from commit 880a62b08443a6baa55dab027b69bb8b1551a588)
2023-10-31 12:15:35 +02:00
regnat
b2463d649c
Escape ${
in strings when printing Nix expressions
...
Otherwise the result of the printing can't be parsed back correctly by
Nix (because the unescaped `${` will be parsed as the begining of an
anti-quotation).
Fix #3989
(cherry picked from commit 250f8a4bba
)
2023-10-31 12:06:50 +02:00
Eelco Dolstra
63ba2fde50
Merge pull request #9245 from bjornfor/backport-installer-fix
...
[2.3] Backport installer fix for non-NixOS
2023-10-27 16:28:07 +02:00
John Ericson
619e9758bb
Merge pull request #4593 from grahamc/builder-host-key-stable
...
(Backport #4574 ) distributed builds: load remote builder host key from the machines file
2023-10-26 16:19:06 -04:00
John Ericson
b4abe56a23
Merge remote-tracking branch 'upstream/2.3-maintenance' into builder-host-key-stable
2023-10-26 16:01:18 -04:00
Guillaume Maudoux
36c560552d
Create to daemon-socket folder during install
...
(cherry picked from commit 1bec333788
)
[Bjørn: This fixes Nix 2.3 multi-user/daemon installs on modern
non-NixOS distros.]
2023-10-26 14:31:46 +02:00
Eelco Dolstra
12ac3f6f28
Merge pull request #9221 from edef1c/2.3-zstd
...
[2.3-maintenance] libutil: add ZstdDecompressionSink
2023-10-25 10:33:07 +02:00
edef
7f8790eff2
libutil: add ZstdDecompressionSink
2023-10-23 17:36:13 +00:00
Eelco Dolstra
8e836716bb
Merge pull request #9190 from trofi/2.13-gcc-13
...
[2.3 backport] src/libutil/json.cc: add missing <cstdint> include for gcc-13
2023-10-19 19:12:15 +02:00
Sergei Trofimovich
42b19c7181
src/libutil/json.cc: add missing <cstdint> include for gcc-13
...
Without the change llvm build fails on this week's gcc-13 snapshot as:
src/libutil/json.cc: In function 'void nix::toJSON(std::ostream&, const char*, const char*)':
src/libutil/json.cc:33:22: error: 'uint16_t' was not declared in this scope
33 | put(hex[(uint16_t(*i) >> 12) & 0xf]);
| ^~~~~~~~
src/libutil/json.cc:5:1: note: 'uint16_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
4 | #include <cstring>
+++ |+#include <cstdint>
5 |
(cherry picked from commit b36d5172cb
)
2023-10-19 15:25:34 +01:00
John Ericson
104c562b63
Merge pull request #8031 from klemensn/openbsd
...
Build and test fixes for OpenBSD
2023-03-20 11:41:36 -04:00
Klemens Nanni
c84e20a296
Fix SO_PEERCRED usage on OpenBSD
...
getsockopt(2) documents `struct sockpeercred` with `SO_PEERCRED`.
(`struct ucred` does exist, but is incompatible to the Linux version.)
2023-03-11 23:07:19 +04:00
Klemens Nanni
fda598cfdd
Make tar invocation portable, fix OpenBSD build/test
...
At least on OpenBSD, tar(1) reads from /dev/rst0 not stdin by default
options must specififed consistently with or without dashes, not mixed.
Specify standard input explicitly to not rely on implementation details.
Use either option style consistently.
2023-03-11 23:07:19 +04:00
Klemens Nanni
2dff8c2b40
Include <sys/wait.h> as per wait(4) for WIFEXITED and WEXITSTATUS
...
Unbreak the build on OpenBSD.
2023-03-11 23:07:19 +04:00
Eelco Dolstra
6507aef191
Merge pull request #5649 from obsidiansystems/2.3-modernize-test-suite
...
[backport 2.3] Parallelize test suite
2021-12-09 15:27:16 +01:00
Domen Kožar
3690c9350d
Merge pull request #5688 from obsidiansystems/2.3-pr-ci
...
[backport 2.3] Add GitHub actions CI for PRs
2021-11-30 13:17:03 +01:00
Albert Safin
75bd19758d
nix-shell: don't check for "nix-shell" in shebang script name
...
Without this, moving the nix-shell tests into a `nix-shell` dir breaks
them.
(cherry picked from commit a70706b025
)
2021-11-30 05:33:50 +00:00
Eelco Dolstra
522243fb26
Close stdin while running tests
...
For some reason, the bash shell started by 'nix develop' sometimes
reads from stdin, which can hang.
(cherry picked from commit 50a8710ed1
)
2021-11-30 05:33:50 +00:00
regnat
1a3956cceb
Shorten the path to the test root
...
Fix a socket length failure on the OSX builders
(cherry picked from commit 223fbe644a
)
2021-11-30 05:33:50 +00:00
regnat
8ca44a901c
Fix the test dependencies
...
Reuse the pre-existing list rather than the one written as part of #3777
(cherry picked from commit 5101ed18bc
)
2021-11-30 05:33:50 +00:00
regnat
b3cdebf328
Run the tests in parallel
...
Cause the time needed to run the testsuite to drop from ~4mins to ~40s
(cherry picked from commit 1b5aa60767
)
2021-11-30 05:33:50 +00:00
John Ericson
e9cfba389f
Add GitHub actions CI for PRs
...
Adapted from master.
2021-11-29 23:18:01 +00:00
Eelco Dolstra
c9f0904d13
Merge pull request #5659 from baloo/baloo/dns-2.3
...
preloadNSS: rework the dns query workaround [nix2.3]
2021-11-26 12:48:21 +01:00
Arthur Gautier
765332d94b
preloadNSS: rework the dns query workaround
...
backport of https://github.com/NixOS/nix/pull/5384 to nix 2.3
2021-11-25 13:06:00 -08:00
Eelco Dolstra
addb547b9d
Merge pull request #5571 from obsidiansystems/forward-compat-2.3
...
[2.3-maintenance] Override socket path with `NIX_DAEMON_SOCKET_PATH` so we can test 2.4+ compat
2021-11-23 18:55:38 +01:00
regnat
1aa288c8cf
Override socket path with NIX_DAEMON_SOCKET_PATH
...
This is the first step to testing compatibility with 2.3 in 2.4 and
master.
(adapted from commit 223fbe644a
)
2021-11-16 05:44:59 +00:00
Eelco Dolstra
cad762e2d1
Merge pull request #5395 from winterqt/revert-4985
...
Revert "doc: Change install syntax to be fish compatible"
2021-11-08 14:18:12 +01:00
Eelco Dolstra
6b17b1677f
Merge pull request #5491 from doronbehar/SQLiteWAL-vfs-backport2.3
...
libstore: Use unix-dotfile vfs if useSQLiteWAL is false
2021-11-05 13:24:22 +01:00
Eelco Dolstra
9a83b37764
Merge pull request #5492 from obsidiansystems/backport/fd-leak-2.3-maintenance
...
Nix 2.3 Backport: PathSubstitutionGoal: Clean up pipe
2021-11-04 20:32:36 +01:00
Fendor
c31ce3dffe
PathSubstitutionGoal: Clean up pipe
...
If there were many top-level goals (which are not destroyed until the
very end), commands like
$ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \
/run/current-system --no-check-sigs --substitute-on-destination
could fail with "Too many open files". So now we do some explicit
cleanup from amDone(). It would be cleaner to separate goals from
their temporary internal state, but that would be a bigger refactor.
Backport 8a29052cb2
2021-11-04 11:26:39 +01:00
Doron Behar
1261a1689b
libstore: Use unix-dotfile vfs if useSQLiteWAL is false
2021-11-04 08:10:44 +02:00
Winter
6c0d9778d1
Revert "doc: Change install syntax to be fish compatible"
...
This reverts commit ea962a84c3
.
2021-10-15 17:27:17 -04:00