Ben Radford
a193ec4052
Default should depend on whether we are root.
2023-07-11 11:14:13 +01:00
Ben Radford
2b4c59dd99
Be clearer about the security implications.
2023-07-11 11:09:25 +01:00
Ben Radford
0caf28f238
Update description for require-drop-supplementary-groups.
2023-07-11 10:57:14 +01:00
Ben Radford
07dabcc90e
Always attempt setgroups but allow failure to be ignored.
2023-07-11 10:44:05 +01:00
Ben Radford
25b20b4ad2
Merge remote-tracking branch 'origin/master' into best-effort-supplementary-groups
2023-07-11 09:38:34 +01:00
John Ericson
4a880c3cc0
Merge pull request #8579 from obsidiansystems/findPath-cleanup-2
...
Further search path cleanups
2023-07-10 09:59:01 -04:00
Eelco Dolstra
fea7d3b1cd
Merge pull request #8681 from inclyc/libexpr/parser-move-noeffect
...
libexpr: remove std::move() for `basePath` in parser, it has no effect
2023-07-10 13:30:42 +02:00
Eelco Dolstra
7bb8d16fcc
Merge pull request #8660 from Hoverbear/nix-daemon.service-tasksmax-infinity
...
nix-daemon.service: Add TasksMax=1048576
2023-07-10 13:09:51 +02:00
Bader AlAttar
3fa0266e7a
Fix some grammar in installables doc ( #8682 )
2023-07-10 09:33:04 +00:00
Yingchi Long
3d74e7b811
libexpr: remove std::move() for basePath
in parser, it has no effect
2023-07-10 12:02:29 +08:00
John Ericson
028b26a77f
Merge pull request #8370 from hercules-ci/fetchClosure-input-addressed
...
`fetchClosure`: input addressed and pure
2023-07-09 23:41:22 -04:00
John Ericson
be518e73ae
Clean up SearchPath
...
- Better types
- Own header / C++ file pair
- Test factored out methods
- Pass parsed thing around more than strings
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-09 23:22:22 -04:00
John Ericson
87dcd09047
Clean up resolveSearchPathElem
...
We should use `std::optional<std::string>` not `std::pair<bool,
std::string>` for an optional string.
2023-07-09 23:13:30 -04:00
Robert Hensing
8d871e1822
Merge pull request #8612 from NixOS/labeler-tests-to-with-tests
...
labeler.yml: tests -> with-tests
2023-07-08 19:21:25 +02:00
Ana Hobden
d76bf29c5f
Choose a reasonable number similar to LimitNOFile
2023-07-07 07:52:16 -07:00
Robert Hensing
9fc82de493
signing.sh: Revert test improvement because it fails on GHA + macOS
2023-07-07 15:37:09 +02:00
Robert Hensing
b4b02d084f
fetchClosure: Interleave the examples in the docs
2023-07-07 11:40:40 +02:00
Robert Hensing
537e8beb77
fetchClosure: Apply suggestions from code review
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-07 11:00:40 +02:00
Ana Hobden
4b2f155f0a
nix-daemon.service: Add TasksMax=infinity
2023-07-06 09:02:27 -07:00
Eelco Dolstra
6db66ebfc5
Merge pull request #8631 from iFreilicht/profile-list
...
Profile list improvements
2023-07-05 16:06:17 +02:00
Théophane Hufschmitt
82d6699976
Document the path flakeref format ( #8640 )
...
* Document the path flakeref format
Fix https://github.com/NixOS/nix/issues/8482
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-04 08:39:08 +00:00
Eelco Dolstra
2898dc71a8
Merge pull request #8633 from inclyc/libexpr/fix-data-race-in-lexer.l
...
libexpr: use `thread_local` to make the parser thread-safe
2023-07-03 13:29:47 +02:00
Eelco Dolstra
5fbfbb4c7c
Fix test
2023-07-03 12:23:57 +02:00
Eelco Dolstra
a353412c43
nix profile list: Add --json flag
...
This just dumps the profile manifest to stdout.
2023-07-03 12:23:57 +02:00
Eelco Dolstra
b8e8f27159
Rename 'resolvedRef' to 'lockedRef'
...
'resolvedRef' was incorrect, since a resolved ref is one after
registry resolution, which may still be unlocked (e.g. 'nixpkgs' ->
'github:NixOS/nixpkgs').
2023-07-03 12:23:57 +02:00
Yingchi Long
3c90340fe6
libexpr: use thread_local
to make the parser thread-safe
...
If we call `adjustLoc`, the global variable `prev_yylloc` is shared
between threads and racy.
Currently, nix itself does not concurrently parsing files, but this is
helpful for libexpr users. (The parser is thread-safe except this.)
2023-07-03 16:05:43 +08:00
Eelco Dolstra
87b82db881
nix profile list: Improve readability of the output
2023-07-02 16:17:09 +02:00
Robert Hensing
7b39a388b3
Merge pull request #8566 from inclyc/nixd/value-print-depth
...
libexpr: extend `Value::print` to allow limited depth
2023-07-01 20:08:52 +02:00
Robert Hensing
d05d175ddf
Merge pull request #8619 from hercules-ci/issue-8616-dont-install-test-program
...
tests: Don't install test-libstoreconsumer program
2023-07-01 00:17:07 +02:00
Robert Hensing
a6c17097d2
tests: Don't install test-libstoreconsumer program
...
Sorry about that.
Fixes https://github.com/NixOS/nix/issues/8616
2023-06-30 23:36:27 +02:00
Robert Hensing
fefb947132
tests/signing.sh: Check signature checking error message
...
We should check error messages, so that we know the command fails for
the right reason.
Alternatively, a mere typo can run the test undetected.
2023-06-30 18:23:44 +02:00
Robert Hensing
1db81f7107
tests/fetchClosure: Improve coverage of new and some existing flows
2023-06-30 18:23:44 +02:00
Robert Hensing
40052c7613
fetchClosure: Docs and error message improvements
...
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-06-30 18:23:42 +02:00
Robert Hensing
50de11d662
doc: Improve fetchClosure
documentation
2023-06-30 18:23:24 +02:00
Robert Hensing
32c69e2b17
doc: Typo
2023-06-30 18:22:47 +02:00
Robert Hensing
dc79636007
fetchClosure: Refactor: replace enableRewriting
...
A single variable is nice and self-contained.
2023-06-30 18:22:47 +02:00
Robert Hensing
5bdca46117
fetchClosure: Split into three cases
2023-06-30 18:22:47 +02:00
Robert Hensing
55888633dd
makeContentAddressed: Add single path helper
2023-06-30 18:22:47 +02:00
Robert Hensing
8dca95386c
fetchClosure: Disallow toPath for inputAddressed = true
2023-06-30 18:22:47 +02:00
Robert Hensing
508aa58e67
fetchClosure: Always check that inputAddressed matches the result
2023-06-30 18:22:47 +02:00
Robert Hensing
ea30f152b7
fetchClosure: Allow input addressed paths in pure mode
...
When explicitly requested by the caller, as suggested in the meeting
(https://github.com/NixOS/nix/pull/8090#issuecomment-1531139324 )
> @edolstra: { toPath } vs { fromPath } is too implicit
I've opted for the `inputAddressed = true` requirement, because it
we did not agree on renaming the path attributes.
> @roberth: more explicit
> @edolstra: except for the direction; not immediately clear in which direction the rewriting happens
This is in fact the most explicit syntax and a bit redundant, which is
good, because that redundancy lets us deliver an error message that
reminds expression authors that CA provides a better experience to
their users.
2023-06-30 18:22:43 +02:00
Robert Hensing
7e5b6d2c45
fetchClosure: Refactor: rename toCA -> enableRewriting
2023-06-30 18:19:56 +02:00
Robert Hensing
0f6d596df5
fetchClosure: Factor out attribute hint
2023-06-30 18:19:56 +02:00
Eelco Dolstra
7b5ca7ebe2
Merge pull request #8614 from ShamrockLee/quickfix-exdev
...
linkOrCopy: Fallback upon cross-device link error (EXDEV)
2023-06-30 16:42:42 +02:00
Yueh-Shun Li
eebfe989a5
linkOrCopy: Fallback upon cross-device link error (EXDEV)
...
Fix building derivations in local chroot store on OpenAFS,
where hard linking accross directories causes cross-device link error
(EXDEV).
2023-06-30 21:12:26 +08:00
Robert Hensing
685f1bb386
labeler.yml: tests -> with-tests
2023-06-30 15:10:07 +02:00
Eelco Dolstra
a0c617348b
Merge pull request #8589 from jfroche/sign-paths-as-allowed-user
...
Allow to sign path as unprivileged user
2023-06-30 13:13:42 +02:00
Robert Hensing
1632f08ea2
Merge pull request #8600 from inclyc/libexpr/fix-leaking-in-stripIndentation
...
libexpr: fix leaking `es2` in stripIndentation (parser.y)
2023-06-29 11:31:53 +02:00
Yingchi Long
3468cbaf47
libexpr: fix leaking es2
in stripIndentation (parser.y)
2023-06-28 22:38:44 +08:00
Valentin Gagarin
b8bb8026d2
Merge pull request #8571 from NixOS/split-out-testing-page
2023-06-28 01:22:29 +02:00