Commit Graph

7181 Commits

Author SHA1 Message Date
Eelco Dolstra
99f14d4b34 Revert "tests/check.sh: Fix a race"
This reverts commit 0776aa11c9 because
it's causing a test failure: https://hydra.nixos.org/build/247889890
2024-03-07 14:27:23 +01:00
Eelco Dolstra
b4d5aaca60
Merge pull request from GHSA-2ffj-w4mj-pg37
Sandbox escape 2.3
2024-03-07 11:56:24 +01:00
Théophane Hufschmitt
8604f6d329 Add release notes 2024-03-01 10:24:54 +01:00
Théophane Hufschmitt
2064277b05 Fix a typo in a test comment
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-03-01 10:24:54 +01:00
Théophane Hufschmitt
8c27eb6c1b Copy the output of fixed-output derivations before registering them
It is possible to exfiltrate a file descriptor out of the build sandbox
of FODs, and use it to modify the store path after it has been
registered.
To avoid that issue, don't register the output of the build, but a copy
of it (that will be free of any leaked file descriptor).
2024-03-01 10:24:54 +01:00
Théophane Hufschmitt
9c0be4c156 Add a NixOS test for the sandbox escape
Test that we can't leverage abstract unix domain sockets to leak file
descriptors out of the sandbox and modify the path after it has been
registered.
2024-03-01 10:24:54 +01:00
Théophane Hufschmitt
ec26251bb9
Merge pull request #9771 from hercules-ci/2.3-flake
[2.3] Add flake for testing purposes
2024-01-26 09:41:25 +01:00
Robert Hensing
0776aa11c9 tests/check.sh: Fix a race
Based on 02dd6bb610
2024-01-15 11:40:53 +01:00
Robert Hensing
0099f8e8de Add best-effort flake.nix
The purpose for this flake is to make `nix run nix/2.3-maintenance` work,
so that it's easier to answer questions about this old series of releases.
2024-01-15 10:40:48 +01:00
Eelco Dolstra
575859a535 Bump version 2023-11-03 18:05:47 +01:00
John Ericson
f76990444c
Merge pull request #9261 from flokli/backport-3564
[2.3-maintenance] Wait for build users when none are available
2023-11-01 20:01:36 -04:00
Eelco Dolstra
791af78365
Merge pull request #9263 from flokli/update-stringly-typed-configureflags
[2.3-maintenance] Convert stringly-typed configureFlags to lists of strings
2023-10-31 16:06:52 +01:00
Eelco Dolstra
5757632bcb
Merge pull request #9260 from flokli/backport-4012
[2.3-maintenance] Escape `${` in strings when printing Nix expressions
2023-10-31 16:06:07 +01:00
Eelco Dolstra
78d73112a6
Merge pull request #9262 from flokli/pkg-config-rename
[2.3-maintenance] Address removal of pkgconfig alias
2023-10-31 16:05:34 +01:00
sternenseemann
a4cafa65e7 Convert stringly-typed configureFlags to lists of strings
This has been deprecated in nixpkgs and the warning resulting from that
is driving me crazy.
2023-10-31 12:25:06 +02:00
sternenseemann
6663e7aeea Address removal of pkgconfig alias
nixpkgs ended up removing that alias, this fixes the build with a more
recent nixpkgs.
2023-10-31 12:22:36 +02:00
Alexander Bantyev
12935e54ea Mention build users in the 'waiting for' message
(cherry picked from commit 772e5db828)
2023-10-31 12:15:35 +02:00
Alexander Bantyev
849f9b83a8 Don't block while waiting for build users
(cherry picked from commit 14073fb76b)
2023-10-31 12:15:35 +02:00
Alexander Bantyev
a1469cc8f4 Wait for build users when none are available
(cherry picked from commit 880a62b08443a6baa55dab027b69bb8b1551a588)
2023-10-31 12:15:35 +02:00
regnat
b2463d649c Escape ${ in strings when printing Nix expressions
Otherwise the result of the printing can't be parsed back correctly by
Nix (because the unescaped `${` will be parsed as the begining of an
anti-quotation).

Fix #3989

(cherry picked from commit 250f8a4bba)
2023-10-31 12:06:50 +02:00
Eelco Dolstra
63ba2fde50
Merge pull request #9245 from bjornfor/backport-installer-fix
[2.3] Backport installer fix for non-NixOS
2023-10-27 16:28:07 +02:00
John Ericson
619e9758bb
Merge pull request #4593 from grahamc/builder-host-key-stable
(Backport #4574) distributed builds: load remote builder host key from the machines file
2023-10-26 16:19:06 -04:00
John Ericson
b4abe56a23 Merge remote-tracking branch 'upstream/2.3-maintenance' into builder-host-key-stable 2023-10-26 16:01:18 -04:00
Guillaume Maudoux
36c560552d Create to daemon-socket folder during install
(cherry picked from commit 1bec333788)

[Bjørn: This fixes Nix 2.3 multi-user/daemon installs on modern
non-NixOS distros.]
2023-10-26 14:31:46 +02:00
Eelco Dolstra
12ac3f6f28
Merge pull request #9221 from edef1c/2.3-zstd
[2.3-maintenance] libutil: add ZstdDecompressionSink
2023-10-25 10:33:07 +02:00
edef
7f8790eff2 libutil: add ZstdDecompressionSink 2023-10-23 17:36:13 +00:00
Eelco Dolstra
8e836716bb
Merge pull request #9190 from trofi/2.13-gcc-13
[2.3 backport] src/libutil/json.cc: add missing <cstdint> include for gcc-13
2023-10-19 19:12:15 +02:00
Sergei Trofimovich
42b19c7181 src/libutil/json.cc: add missing <cstdint> include for gcc-13
Without the change llvm build fails on this week's gcc-13 snapshot as:

    src/libutil/json.cc: In function 'void nix::toJSON(std::ostream&, const char*, const char*)':
    src/libutil/json.cc:33:22: error: 'uint16_t' was not declared in this scope
       33 |             put(hex[(uint16_t(*i) >> 12) & 0xf]);
          |                      ^~~~~~~~
    src/libutil/json.cc:5:1: note: 'uint16_t' is defined in header '<cstdint>'; did you forget to '#include <cstdint>'?
        4 | #include <cstring>
      +++ |+#include <cstdint>
        5 |

(cherry picked from commit b36d5172cb)
2023-10-19 15:25:34 +01:00
John Ericson
104c562b63
Merge pull request #8031 from klemensn/openbsd
Build and test fixes for OpenBSD
2023-03-20 11:41:36 -04:00
Klemens Nanni
c84e20a296
Fix SO_PEERCRED usage on OpenBSD
getsockopt(2) documents `struct sockpeercred` with `SO_PEERCRED`.
(`struct ucred` does exist, but is incompatible to the Linux version.)
2023-03-11 23:07:19 +04:00
Klemens Nanni
fda598cfdd
Make tar invocation portable, fix OpenBSD build/test
At least on OpenBSD, tar(1) reads from /dev/rst0 not stdin by default
options must specififed consistently with or without dashes, not mixed.

Specify standard input explicitly to not rely on implementation details.
Use either option style consistently.
2023-03-11 23:07:19 +04:00
Klemens Nanni
2dff8c2b40
Include <sys/wait.h> as per wait(4) for WIFEXITED and WEXITSTATUS
Unbreak the build on OpenBSD.
2023-03-11 23:07:19 +04:00
Eelco Dolstra
6507aef191
Merge pull request #5649 from obsidiansystems/2.3-modernize-test-suite
[backport 2.3] Parallelize test suite
2021-12-09 15:27:16 +01:00
Domen Kožar
3690c9350d
Merge pull request #5688 from obsidiansystems/2.3-pr-ci
[backport 2.3] Add GitHub actions CI for PRs
2021-11-30 13:17:03 +01:00
Albert Safin
75bd19758d nix-shell: don't check for "nix-shell" in shebang script name
Without this, moving the nix-shell tests into a `nix-shell` dir breaks
them.

(cherry picked from commit a70706b025)
2021-11-30 05:33:50 +00:00
Eelco Dolstra
522243fb26 Close stdin while running tests
For some reason, the bash shell started by 'nix develop' sometimes
reads from stdin, which can hang.

(cherry picked from commit 50a8710ed1)
2021-11-30 05:33:50 +00:00
regnat
1a3956cceb Shorten the path to the test root
Fix a socket length failure on the OSX builders

(cherry picked from commit 223fbe644a)
2021-11-30 05:33:50 +00:00
regnat
8ca44a901c Fix the test dependencies
Reuse the pre-existing list rather than the one written as part of #3777

(cherry picked from commit 5101ed18bc)
2021-11-30 05:33:50 +00:00
regnat
b3cdebf328 Run the tests in parallel
Cause the time needed to run the testsuite to drop from ~4mins to ~40s

(cherry picked from commit 1b5aa60767)
2021-11-30 05:33:50 +00:00
John Ericson
e9cfba389f Add GitHub actions CI for PRs
Adapted from master.
2021-11-29 23:18:01 +00:00
Eelco Dolstra
c9f0904d13
Merge pull request #5659 from baloo/baloo/dns-2.3
preloadNSS: rework the dns query workaround [nix2.3]
2021-11-26 12:48:21 +01:00
Arthur Gautier
765332d94b preloadNSS: rework the dns query workaround
backport of https://github.com/NixOS/nix/pull/5384 to nix 2.3
2021-11-25 13:06:00 -08:00
Eelco Dolstra
addb547b9d
Merge pull request #5571 from obsidiansystems/forward-compat-2.3
[2.3-maintenance] Override socket path with `NIX_DAEMON_SOCKET_PATH` so we can test 2.4+ compat
2021-11-23 18:55:38 +01:00
regnat
1aa288c8cf Override socket path with NIX_DAEMON_SOCKET_PATH
This is the first step to testing compatibility with 2.3 in 2.4 and
master.

(adapted from commit 223fbe644a)
2021-11-16 05:44:59 +00:00
Eelco Dolstra
cad762e2d1
Merge pull request #5395 from winterqt/revert-4985
Revert "doc: Change install syntax to be fish compatible"
2021-11-08 14:18:12 +01:00
Eelco Dolstra
6b17b1677f
Merge pull request #5491 from doronbehar/SQLiteWAL-vfs-backport2.3
libstore: Use unix-dotfile vfs if useSQLiteWAL is false
2021-11-05 13:24:22 +01:00
Eelco Dolstra
9a83b37764
Merge pull request #5492 from obsidiansystems/backport/fd-leak-2.3-maintenance
Nix 2.3 Backport: PathSubstitutionGoal: Clean up pipe
2021-11-04 20:32:36 +01:00
Fendor
c31ce3dffe PathSubstitutionGoal: Clean up pipe
If there were many top-level goals (which are not destroyed until the
very end), commands like

  $ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' \
    /run/current-system --no-check-sigs --substitute-on-destination

could fail with "Too many open files". So now we do some explicit
cleanup from amDone(). It would be cleaner to separate goals from
their temporary internal state, but that would be a bigger refactor.

Backport 8a29052cb2
2021-11-04 11:26:39 +01:00
Doron Behar
1261a1689b libstore: Use unix-dotfile vfs if useSQLiteWAL is false 2021-11-04 08:10:44 +02:00
Winter
6c0d9778d1 Revert "doc: Change install syntax to be fish compatible"
This reverts commit ea962a84c3.
2021-10-15 17:27:17 -04:00