Commit Graph

8599 Commits

Author SHA1 Message Date
lassulus
d263cdfff4
writers: add babashka (#343510) 2024-10-04 21:40:48 +01:00
lassulus
a6521dc687
writers: disable broken test (fsharp) (#343507) 2024-10-04 21:40:32 +01:00
github-actions[bot]
4a1f411e5d
Merge staging-next into staging 2024-09-30 18:05:14 +00:00
K900
b29cb6c1f9 Merge remote-tracking branch 'origin/master' into staging-next 2024-09-30 20:23:25 +03:00
Philip Taron
d590835329
fetchers: uniformly support the hash attribute (#342173) 2024-09-30 07:55:36 -07:00
Guillaume Maudoux
ced27bf29e
autoPatchelfHook: expose script as top level package (#340162) 2024-09-30 10:03:28 +02:00
github-actions[bot]
09f18b89af
Merge master into staging-next 2024-09-30 00:14:50 +00:00
Doron Behar
796699f22b
fetch-yarn-deps: handle packages that are locally linked (#342186) 2024-09-29 22:59:39 +03:00
Gavin John
28ee6e7979
(WIP) srcOnly: Add noogle-compatible documentation 2024-09-29 12:51:40 -07:00
Gavin John
1463fe69c6
srcOnly: use derivation's stdenv and default to stdenvNoCC 2024-09-29 12:51:39 -07:00
Gavin John
13f0f6e596
srcOnly: Add warning if dontUnpack is set 2024-09-29 12:51:38 -07:00
Gavin John
0b77f4ad4f
srcOnly: some readability improvements 2024-09-29 12:51:36 -07:00
Mathieu Rene
2462edca10 fetch-yarn-deps: handle packages that are locally linked 2024-09-29 14:14:45 -04:00
Artturin
e791a35b58 cc-wrapper: Use getExe for expand-response-params
The binary in `expand-response-params` may have an extension like `.exe`

`expand-response-params` is `""` in bootstrapping
2024-09-26 22:54:14 +03:00
github-actions[bot]
a36c24f249
Merge master into staging-next 2024-09-26 12:05:40 +00:00
Ulrik Strid
c61754ed9b
buildDunePackage: allow overriding stdenv (#342785) 2024-09-26 10:26:05 +02:00
Jörg Thalheim
ab5bad33c6 Reapply "closure-info: switch to stdenvNoCC (#344456)"
This reverts commit 6f733a03df.
2024-09-26 09:33:42 +02:00
Jörg Thalheim
f379c3f392 Merge remote-tracking branch 'upstream/master' into HEAD 2024-09-26 09:33:20 +02:00
Jörg Thalheim
6f733a03df Revert "closure-info: switch to stdenvNoCC (#344456)"
This reverts commit 58dd4924b9, reversing
changes made to 7da9f66ccb.

This was a mass-rebuild that was not intended to be merged.
2024-09-26 09:26:11 +02:00
github-actions[bot]
a3340e0fbf
Merge master into staging-next 2024-09-26 06:04:51 +00:00
K900
b964291466
{buildFHSEnvBubblewrap,buildFHSEnvChroot}: add nativeBuildInputs (#344516) 2024-09-26 08:38:07 +03:00
Artturin
d9eb52b026
fetchurl: fixup typo on a comment (#344330) 2024-09-26 05:56:56 +03:00
github-actions[bot]
57b5c92d8e
Merge master into staging-next 2024-09-26 00:13:55 +00:00
Artturin
f7ef27a982 {buildFHSEnvBubblewrap,buildFHSEnvChroot}: add nativeBuildInputs
`makeWrapper` is often used in these with `source "${makeWrapper}/nix-support/setup-hook"`
which causes `error: makeWrapper/makeShellWrapper must be in nativeBuildInputs` on cross.
2024-09-25 22:43:00 +03:00
K900
a9128ce2f2 Merge remote-tracking branch 'origin/master' into staging-next 2024-09-25 21:07:19 +03:00
Anderson Torres
ce21e97a1f fetchurl: nixfmt-rfc-style 2024-09-25 14:51:53 -03:00
Anderson Torres
a32c7a11dd fetchurl: fixup typo on a comment 2024-09-25 14:51:53 -03:00
Jörg Thalheim
7978828566 closure-info: switch to stdenvNoCC
This doesn't need a C/C++ compiler.
2024-09-25 17:10:54 +02:00
tomberek
d4567f66e4
dockerTools: Allow separately specifying metadata and filesystem timestamps (#327579) 2024-09-25 08:17:33 -04:00
benaryorg
9bc6d23111
buildFHSEnvBubblewrap: extraPreBwrapCmds after variable initialisation
Prior to this commit it was not possible to modify e.g. the list of ignored directories at all, however given that `buildFHSEnvBubblewrap` effectively uses a sandboxing tool (*bwrap*) I feel like this is a missed opportunity.
The code in nixpkgs already covers all the knobs that are required to get *Nix* itself to run inside bubblewrap, so why not allow users to make that additional modification?
While additional `ro_mounts` and such can be *added* to the bubblewrap invocation, the already mounted directories cannot be removed, and even if shadowed by e.g. a tmpfs mount, this would still allow something inside the sandbox to potentially unmount the tmpfs and access the data.

So what this change does is moving the snippet where custom code can be injected down by four lines so that users can actually modify those variables e.g. using `ignored+=( /home /srv /mnt /boot )`.
The only cases in which this would break is:

- someone using those variable names in `extraPreBwrapCmds` already and relying on them being overwritten; I would consider that chance slim, and the fix would be easy enough
- someone using a construct like `false && \` to disable the `ignored` initialisation and effectively working around this limitation; again the chances are slim (even though I know I'd be affected), and the fix would be easy enough (as this change makes the workaround needless anyway so it's an improvement)

Signed-off-by: benaryorg <binary@benary.org>
2024-09-25 09:32:41 +00:00
github-actions[bot]
ce44139ef1
Merge master into staging-next 2024-09-25 06:04:53 +00:00
Tom Bereknyei
d0b3364822 dockerTools: set mtime to epoch by default 2024-09-25 00:31:16 -04:00
WxNzEMof
847b4732e4 dockerTools: Allow separately specifying metadata and filesystem timestamps
Setting the image creation timestamp in the image metadata to a
constant date can cause problems with self-hosted container
registries, that need to e.g. prune old images.  This timestamp is
also useful for debugging.

However, it is almost never useful to set the filesystem timestamp to
a constant value.  Doing so not only causes the image to possibly no
longer be reproducible, but also removes any possibility of
deduplicating layers with other images, causing unnecessary storage
space usage.

Therefore, this commit introduces "mtime", a new parameter to
streamLayeredImage, which allows specifying the filesystem timestamps
separately from "created".  For backwards compatibility, "mtime"
defaults to the value of "created".
2024-09-25 00:23:20 -04:00
Artturin
f0e657f3b1 Merge branch 'master' into staging-next 2024-09-25 06:05:01 +03:00
David McFarland
9bb309d5b5 buildDotnetModule: set --no-restore in check/publish/pack 2024-09-24 20:43:24 -03:00
David McFarland
00fe5f61ba buildDotnetModule: remove duplicate attribute key 2024-09-24 20:43:24 -03:00
David McFarland
2c97d67f62 dotnet: split sdk packages by platform 2024-09-24 20:43:24 -03:00
Artturin
e0464e4788 treewide: replace stdenv.is with stdenv.hostPlatform.is
In preparation for the deprecation of `stdenv.isX`.

These shorthands are not conducive to cross-compilation because they
hide the platforms.

Darwin might get cross-compilation for which the continued usage of `stdenv.isDarwin` will get in the way

One example of why this is bad and especially affects compiler packages
https://www.github.com/NixOS/nixpkgs/pull/343059

There are too many files to go through manually but a treewide should
get users thinking when they see a `hostPlatform.isX` in a place where it
doesn't make sense.

```
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv.is" "stdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenv'.is" "stdenv'.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "clangStdenv.is" "clangStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "gccStdenv.is" "gccStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "stdenvNoCC.is" "stdenvNoCC.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "inherit (stdenv) is" "inherit (stdenv.hostPlatform) is"
fd --type f "\.nix" | xargs sd --fixed-strings "buildStdenv.is" "buildStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "effectiveStdenv.is" "effectiveStdenv.hostPlatform.is"
fd --type f "\.nix" | xargs sd --fixed-strings "originalStdenv.is" "originalStdenv.hostPlatform.is"
```
2024-09-25 00:04:37 +03:00
Artturin
977411f10d
expand-response-params: Fix windows build (#341299) 2024-09-24 23:24:37 +03:00
github-actions[bot]
9108a87017
Merge master into staging-next 2024-09-24 18:04:41 +00:00
Philip Taron
51296fce6f
writeTextFile,doc/build-helpers: assert destination without a leading slash (#343595) 2024-09-24 07:39:11 -07:00
github-actions[bot]
6ef8ec38ed
Merge staging-next into staging 2024-09-24 12:05:42 +00:00
github-actions[bot]
bcd5388d39
Merge master into staging-next 2024-09-24 12:05:12 +00:00
Alois Wohlschlager
965289e5e0 replaceDependencies: do not build unused replacements
To prevent excessive build times when replacement lists are shared between
partially overlapping closures, skip the build of unused replacements.
Unfortunately, this also means that the replacement won't be applied any more
if another replacement that is applied introduces its source. But this is a
corner case, and we already show a warning, so make it clearer that handling
this situation (should it ever arise) is the responsibility of the user.
2024-09-24 12:20:15 +02:00
Alois Wohlschlager
6fc0699003 replaceDependencies: show warnings as such 2024-09-24 12:20:15 +02:00
Alois Wohlschlager
3616cfb8d9 replaceDependencies: add support for ca-derivations
Unlike regular input-addressed or fixed-output derivations, floating and
deferred derivations do not have their store path available at evaluation time,
so their outPath is a placeholder. The following changes are needed for
replaceDependencies to continue working:
* Detect the placeholder and retrieve the store path using another IFD hack
  when collecting the rewrite plan.
* Try to obtain the derivation name needed for replaceDirectDependencies from
  the derivation arguments if a placeholder is detected.
* Move the length mismatch detection to build time, since the placeholder has a
  fixed length which is unrelated to the store path.
2024-09-24 12:20:15 +02:00
Alois Wohlschlager
59ca239d1a replaceDirectDependencies: split off from replaceDependencies
This allows both swapping out and reusing the rewrite machinery.
2024-09-24 12:20:15 +02:00
Alois Wohlschlager
af3a3f64df replaceDependencies: evolve from replaceDependency
Rewrite replaceDependency so that it can apply multiple replacements in
one go. This includes correctly handling the case where one of the
replacements itself needs to have another replacement applied as well.
This rewritten function is now aptly called replaceDependencies.

For compatibility, replaceDependency is retained as a simple wrapper
over replaceDependencies. It will cause a rebuild because the unpatched
dependency is now referenced by derivation instead of by storePath, but
the functionality is equivalent.

Fixes: https://github.com/NixOS/nixpkgs/issues/199162
2024-09-24 12:20:15 +02:00
github-actions[bot]
cacde17803
Merge staging-next into staging 2024-09-24 00:14:39 +00:00
github-actions[bot]
ffeea32b7f
Merge master into staging-next 2024-09-24 00:14:15 +00:00
github-actions[bot]
20a908a749
Merge staging-next into staging 2024-09-23 18:05:00 +00:00
github-actions[bot]
9a6f63ebed
Merge master into staging-next 2024-09-23 18:04:34 +00:00
Thomas Gerbet
a169553f7e fetchurl: enable TLS verification when credentials are used
This make sure the credentials cannot be leaked in a MITM attack.
Note that this change might break some existing deployments if the users
tries to fetch resources on endpoints with invalid certificates.
The impacted users will have the following choices:
* fix the endpoint providing the resource
* override SSL_CERT_FILE to either disable the verification (not
  recommended) or to set it to a path including their CA certificate.
2024-09-23 18:27:02 +02:00
Philip Taron
44d7484cee
dub-to-nix: update recommended regen command (#343357) 2024-09-23 08:45:16 -07:00
Philip Taron
2bbb60748d
appimage-run: Add libsecret for bitwarden (#343845) 2024-09-23 08:17:20 -07:00
github-actions[bot]
f9cc0355f4
Merge staging-next into staging 2024-09-23 12:06:04 +00:00
github-actions[bot]
ac34133fb9
Merge master into staging-next 2024-09-23 12:05:36 +00:00
Pol Dellaiera
568bfef547
build-support/php: fix environment variables for Composer (#343900) 2024-09-23 12:58:17 +02:00
Pol Dellaiera
95f5cf75d3
build-support/php: fix typo 2024-09-23 11:41:15 +02:00
Vincent Laporte
94d0d22817
ocamlPackages.elpi: use release tarball (#343266)
coqPackages.metaFetch: Adding a github artifact option

Co-authored-by: Cyril Cohen <cohen@crans.org>
2024-09-23 09:52:07 +02:00
Pol Dellaiera
07e6929c81
build-support/php: fix environment variables for Composer 2024-09-23 09:20:42 +02:00
Pol Dellaiera
3bcaabbb71
build-support/php: fix comments in multi-lines command 2024-09-23 09:19:29 +02:00
alexyao2015
8658b1b648 appimage-run: Add libsecret for bitwarden
Previously running the Bitwarden AppImage would error.
This adds libsecret which resolves the error and allows the
Bitwarden AppImage to function normally.
2024-09-22 23:08:36 -05:00
github-actions[bot]
a468f6a433
Merge staging-next into staging 2024-09-23 00:14:52 +00:00
Fabián Heredia Montiel
9b2a506736 Merge remote-tracking branch 'origin/master' into staging-next
Conflicts:

- pkgs/tools/package-management/nix/default.nix
2024-09-22 13:45:27 -06:00
networkException
6215daa520
writeTextFile: assert destination starting with a /
This patch adds an assertion to the writeTextFile trivial
builder, asserting that a specified destination starts with
a slash.

This matches the current behavior of the function and merely
provides a helpful error message.
2024-09-22 19:56:04 +02:00
Patka
a9d1d29522
build-support/php: fix reproducibility of buildComposerProject2 2024-09-22 18:59:35 +02:00
Jörg Thalheim
a50dabe867
rustPlatform.buildRustPackage: provide debug symbols on darwin (#327136) 2024-09-21 18:30:46 +02:00
José Luis Lafuente
55903a2f8e
writers: add babashka 2024-09-21 16:30:50 +02:00
José Luis Lafuente
e852c13342
writers: disable broken test (fsharp) 2024-09-21 15:59:22 +02:00
TomaSajt
fc16ae75ec
dub-to-nix: update recommended regen command 2024-09-20 23:26:41 +02:00
lelgenio
77292c4f5b buildDartApplication: include dart SDK builder by default 2024-09-20 17:04:09 -03:00
K900
f32ec5e6d7 buildenv: don't pass null paths to writeClosure 2024-09-19 23:09:26 +03:00
Antonio Nuno Monteiro
cadeeaa525 buildDunePackage: allow overriding stdenv 2024-09-18 14:13:53 +02:00
github-actions[bot]
81d645b6a9
Merge staging-next into staging 2024-09-18 06:05:20 +00:00
lelgenio
c499cb1399 yarnInstallHook: fix temporary directory location
Currently the directory is being created in $src/yarnInstallHook.XXXXXX
Giving the directory a readable name is not particularly useful
2024-09-17 16:01:33 -03:00
K900
87cbfcba1c Merge remote-tracking branch 'origin/staging-next' into staging 2024-09-17 21:07:02 +03:00
nicoo
7c19bb37a3 fetchipfs: simplify, error-out when given multiple hashes
Also dropped the `md5` attribute, as `stdenv.mkDerivation` rejects
MD5 since last year (87c22100a6)
2024-09-17 15:00:29 +00:00
nicoo
30361c578f fetchsvnssh: support hash attribute 2024-09-17 15:00:29 +00:00
nicoo
c3691d772d fetchfossil: simplify and check that multiple hashes were not passed in 2024-09-17 15:00:28 +00:00
nicoo
f723aa0f66 fetchpijul: minor simplification 2024-09-17 15:00:28 +00:00
nicoo
4b8644b7a6 fetchdarcs: support hash attribute 2024-09-17 15:00:28 +00:00
nicoo
54209fcd9e fetchmtn: support hash attribute 2024-09-17 15:00:28 +00:00
nicoo
3f7f5df38a nix-prefetch-cvs: emit SRI hashes by default 2024-09-17 15:00:28 +00:00
nicoo
ef232d59ac fetchcvs: support hash attribute 2024-09-17 15:00:27 +00:00
nicoo
07d3b14ce2 nix-prefetch-bzr: emit SRI hashes by default 2024-09-17 15:00:27 +00:00
nicoo
fb8a85e2bb fetchbzr: support hash attribute 2024-09-17 15:00:27 +00:00
nicoo
1ccd5ba540 fetchs3: support hash attribute 2024-09-17 15:00:27 +00:00
nicoo
b5aefcd40a fetchgx: support hash attribute 2024-09-17 15:00:27 +00:00
nicoo
45b95421fd
lib.fetchers: add hash-normalization helpers (#342072) 2024-09-17 14:59:43 +00:00
David McFarland
1b7f8c9165
dotnet: infrastructure improvements (#336824) 2024-09-17 11:42:45 -03:00
github-actions[bot]
73cf025711
Merge staging-next into staging 2024-09-17 12:05:50 +00:00
nicoo
633f94fa4a doc/coq: sha256hash 2024-09-17 10:47:31 +02:00
nicoo
0518f4d245 fetchgit: factor-out the hash logic to lib.fetchers.withNormalizedHash 2024-09-17 08:31:36 +00:00
nicoo
c361b3f7c8 buildBazelPackage: support fetchAttrs.hash 2024-09-17 06:34:07 +00:00
nicoo
80cafd06e6 fetchRepoProject: support hash attribute, wrapping in withnormalizedHash 2024-09-17 06:34:00 +00:00
David McFarland
424bbc430e addNuGetDeps: fix fetch-deps output path handling 2024-09-17 01:14:28 -03:00
David McFarland
be577a25f4 fetchNupkg: conservatively set sourceProvenance 2024-09-17 01:14:27 -03:00
David McFarland
f5e9dd4201 addNuGetDeps: print name of package being fetched 2024-09-17 01:14:27 -03:00
David McFarland
0e5b1ff245 add-nuget-deps: use NUGET_HTTP_CACHE_PATH from user's HOME 2024-09-17 01:12:13 -03:00