This fixes both the SunOS/Solaris check, and the libatomic check, which
reference $LIBS, which has not been used since automake was stripped
out of the code.
(cherry picked from commit 196b77b686)
When adding a path to the local store (via `LocalStore::addToStore`),
ensure that the `ca` field of the provided `ValidPathInfo` does indeed
correspond to the content of the path.
Otherwise any untrusted user (or any binary cache) can add arbitrary
content-addressed paths to the store (as content-addressed paths don’t
need a signature).
NIX_PROFILES is space separated list of directories, and passing it into
for as is is considered to be 1-element list with the whole string. With
shwordsplit option Zsh emulates other shells in this regard ans
implicitely splits unquoted strings into words.
Fixes#4167.
When starting a nix-shell with `-i` it was previously possible for it to
silently fail in the scenario where the specified interpreter didn't
exist. This happened due to the `exec` call masking the issue.
With this change we enable `execfail`, which causes the script using
`nix-shell` as interpreter to correctly exit with code 127.
Fixes: #4598
(cherry picked from commit 6e849e3b0a)
While the progress dots during the copying of the store work fine on a
normal terminal, those look pretty off if the script is run inside a
provisioning script of e.g. `vagrant` or `packer` where `stderr` and
`stdout` are captured:
default: .
default: ..
default: .
default: .
default: .
To work around this, the script checks with `-t 0` if it's
running on an actual terminal and doesn't show the progress if that's not
the case.
(cherry picked from commit d9367a2dd1)
GitHub now omits the etag, but 304 implies it matches the one we
provided. Just use that one to avoid having an etag-less resource.
Fixes#4469
(cherry picked from commit a766824660)
This reverts commit e90530e491.
It appears that this backported test relies on new functionality.
The error is:
+ nix copy --to file:///build/nix-test/binary-cache /build/nix-test/store/dckdy2xp7sn8qvyx8axxjq7clnxddri1-multi-output
warning: you don't have Internet access; disabling some network-dependent features
error: uploading to 'file:///build/nix-test/binary-cache/nar/0hpfhrig9h6fvbjmiwsb7zkaxr19vr2w048y4xb3nrs36bagf92n.nar.xz' is not supported
As fromTOML supports \u and \U escapes, bring fromJSON on par. As JSON defaults
to UTF-8 encoding (every JSON parser must support UTF-8), this change parses the
`\u hex hex hex hex` sequence (\u followed by 4 hexadecimal digits) into an
UTF-8 representation.
Add a test to verify correct parsing, using all escape sequences from json.org.
This fixes results for arm64 macOS so config.guess now reports:
aarch64-apple-darwin20.1.0
instead of
arm-apple-darwin20.1.0
(cherry picked from commit 94f359525e)
If we're a single-user installation of Nix, then we won't have root
superpowers to just ignore the permission bits. This means that we'll
need permission on the directory (if it's a directory) that we're moving
in order to move it with rename, because it must update the ".."
directory entry.
Fixes#4295.
This is already working in master, thanks to
e913a2989f (and followup cleanups).
Throwing @thefloweringash under the bus if this doesn't work, but it
sounds like Apple Silicon devices can use the x86_64 binary for now.
Fixes#4058
(cherry picked from commit 4864df6d6b)
Signed-off-by: Domen Kožar <domen@dev.si>
Mac OS multi-user installations are currently broken because all requests
made by nix-daemon to the binary cache fail with:
```
unable to download ... Problem with the SSL CA cert (path? access rights?) (77).
```
This change ensures that the nix-daemon knows where to find the SSL CA cert file.
Fixes#2899 and #3261.
(cherry picked from commit b7c02232b2)
As mentioned in previous commit, Big Sur changes the syntax for the
xpath command slightly.
In the process of testing out replacements for these, I noticed a few
small simplification wins.
(cherry picked from commit e736f8f6e4)
Signed-off-by: Domen Kožar <domen@dev.si>
- xpath -> xmllint: xpath's cli interface changed in Big Sur
rather than add conditional logic for picking the correct
syntax for xpath, I'm changing to xmllint --xpath, which
appears to be consistent across versions I've tested...
- /plist/dict/key[text()='Writable']/following-sibling::true[1]
doesn't do quite what's expected. It was written to try to
select a <true /> node paired with the Writable key, but it
will also select the *next* <true /> node that appears even
if it was paired with another key.
- I think there's also a logic bug in the conditionals here.
I'm not sure anyone ever actuall saw it, thanks to the xpath
bug, though. With the xpath fix, this conditional passes if /nix
does not exist, / IS writable, and the version is Catalina+.
I think it meant to test for /nix does not exist, / is NOT
writable, and the version is Catalina+. I reworked this lightly
to make it a little clearer at the code level.
(cherry picked from commit 1f02b65c59)
Signed-off-by: Domen Kožar <domen@dev.si>
Keeping this commit narrow for reviewability, but some of these
conditionals will change in subsequent commits in this PR.
Fixes#3852.
(cherry picked from commit 9c3dc9d7ca)
Signed-off-by: Domen Kožar <domen@dev.si>
Observed on Centos 7 when user namespaces are disabled:
DerivationGoal::startBuilder() throws an exception, ~DerivationGoal()
waits for the child process to exit, but the child process hangs
forever in drainFD(userNamespaceSync.readSide.get()) in
DerivationGoal::runChild(). Not sure why the SIGKILL doesn't get
through.
Issue #4092.
(cherry picked from commit d761485010)
