Commit Graph

1887 Commits

Author SHA1 Message Date
zimbatm
90de261f33 nix-prefetch-git: change the default output to JSON
As discussed on the mailing list. The nix output was short-lived so it's
probably okay to change it.
2016-02-29 22:47:16 +00:00
Luca Bruno
5f8311775c chromium: add StartupWMClass to desktop file. Fixes #12433 2016-02-29 20:42:58 +01:00
zimbatm
6d9cc54089 build-maven: use lib.importJSON 2016-02-29 13:49:29 +00:00
tg(x)
38614d3f6a grsecurity: use kernel version instead of testing / stable 2016-02-28 04:10:59 +01:00
Eelco Dolstra
d5bb6a1f9c glibc: Enable separate debug symbols
The importance of glibc makes it worthwhile to provide debug
symbols. However, this revealed an issue with separateDebugInfo: it
was indiscriminately adding --build-id to all ld invocations, while in
fact it should only do that for final links. Glibc also uses non-final
("relocatable") links, leading to subsequent failure to apply a build
ID ("Cannot create .note.gnu.build-id section, --build-id
ignored"). So now ld-wrapper.sh only passes --build-id for final
links.
2016-02-28 02:57:37 +01:00
Eelco Dolstra
69a337edae separateDebugInfo: Compress debug sections at compile/link time 2016-02-28 01:54:55 +01:00
Eelco Dolstra
2040a9ac57 stdenv-linux: Ensure binutils comes before bootstrapTools in $PATH
Otherwise, when building glibc and other packages, the "strip" from
bootstrapTools is used, which doesn't recognise some tags produced by
the newer "ld" from binutils.
2016-02-28 01:13:15 +01:00
zimbatm
de124cfa79 Merge pull request #11671 from timbertson/fetchgit
fetchgit: output improvements
2016-02-27 22:45:07 +00:00
Eelco Dolstra
e6f61b4cf3 fetchurlBoot: Use Nix's builtin fetchurl function
This removes the need for curl in bootstrapTools, and enables https
for bootstrap tarballs.
2016-02-27 20:27:24 +01:00
tg(x)
4e3d6d3e90 grsecurity: separate fix patches for testing & stable 2016-02-27 19:54:55 +01:00
tg(x)
7547960546 grsecurity: move version information to one place 2016-02-27 18:36:12 +01:00
tg(x)
d95321b83e grsecurity: 4.3.4 -> 4.4.2 2016-02-27 18:36:12 +01:00
Tim Cuthbertson
21547a61ba nix-prefetch-git: print out valid nix expression; make --quiet very quiet 2016-02-27 21:26:35 +11:00
Tim Cuthbertson
456cbb29d9 nix-prefetch-git: add --quiet flag and minor cleanup 2016-02-27 16:56:38 +11:00
zimbatm
35ab3d301f Merge remote-tracking branch 'upstream/staging' 2016-02-26 22:37:04 +00:00
Tony White
4806cddda3 fetchurl: use kernel.org cdn by default
- use http://cdn.kernel.org/pub/ as the default mirror
for kernel source requests.
Discovered by browsing :
 https://www.kernel.org/introducing-fastly-cdn.html
2016-02-26 21:32:00 +00:00
zimbatm
d2f3e250cf Merge pull request #8576 from obadz/nix-prefetch-zip
Add --ext option to nix-prefetch-zip
2016-02-26 00:57:30 +00:00
Nikolay Amiantov
4f74a4aacb fetch-cargo-deps: factor into fetchCargoDeps function 2016-02-25 14:05:44 +03:00
Nikolay Amiantov
34023d867d fetchcargo: set CA bundle path 2016-02-25 13:51:12 +03:00
Vladimír Čunát
93f6af1071 Merge branch 'master' into staging 2016-02-25 09:01:48 +01:00
Vladimír Čunát
30b7bd8d01 Merge branch 'glibc-2.22' into staging
I'm running whole my working notebook on 2.22 without any problems.
I don't expect any significant issues.
2016-02-25 08:42:59 +01:00
Jude Taylor
a2b19cdb04 revert fetch-cargo-deps change 2016-02-23 18:31:45 -08:00
Jude Taylor
7336191574 fix fetch-cargo SSL error 2016-02-23 16:42:51 -08:00
zimbatm
cfa99e5a99 Merge pull request #13114 from colemickens/azure
azure: package qemu 2.2.0 to fix VHD creation
2016-02-23 22:47:44 +00:00
zimbatm
69059602ff Merge pull request #13111 from tsion/simplify-assert
Simplify fetchurl assertion logic.
2016-02-23 22:42:27 +00:00
zimbatm
c3e9630dfa Merge pull request #13369 from grahamc/nix-prefetch-git-output-base32
nix-prefetch-git: output base32 hash so output matches nix-build errors
2016-02-22 18:21:11 +00:00
Graham Christensen
60f354dfb8 nix-prefetch-git: output base32 hash so output matches nix-build errors
It turns out hashFormat has never been set.
2016-02-22 10:50:27 -06:00
Ricardo M. Correia
fd3e02add8 Merge pull request #13027 from puffnfresh/package/pijul
pijul: 0.1 -> 0.2-6ab9ba
2016-02-20 15:43:53 +01:00
Vladimír Čunát
4b581903b3 requireFile: preferLocalBuild = true
There's no point trying to "distribute" showing the error message.
2016-02-19 13:47:50 +01:00
Nikolay Amiantov
9525abdeec steamPackages.runtime: use mirrors, add my mirror 2016-02-19 14:10:09 +03:00
Scott Olson
43a523526d Require at least one of url or urls in fetchurl. 2016-02-19 03:18:21 -06:00
Cole Mickens
718848d5aa azure: package qemu @ 2.2.0
This commit packages qemu-220. This package is qemu-2.2.0
and is only used with Azure.
2016-02-18 21:08:28 -08:00
Scott Olson
9cf93ba135 Simplify fetchurl assertion logic.
The two lines I removed technically assert the exact same thing, since `!a -> b`
is equivalent to `a || b`. So, I replaced the two lines with the more symmetric
form to make it clearer.
2016-02-18 22:39:43 -06:00
Eelco Dolstra
d71a4851e8 Don't try to apply patchelf to non-ELF binaries 2016-02-18 22:54:11 +01:00
Eelco Dolstra
bf63de1613 separateDebugInfo: Handle weird filenames properly 2016-02-18 22:54:11 +01:00
Eelco Dolstra
076de98c94 separateDebugInfo: Restore ELF check 2016-02-18 21:37:26 +01:00
Luca Bruno
b7c57c831f Merge pull request #13099 from datakurre/datakurre-dockertools
dockerTools: Fix issue where image name with repository prefix was no…
2016-02-18 17:30:54 +01:00
Asko Soukka
584427c694 dockerTools: Fix issue where image name with repository prefix was not supported 2016-02-18 18:16:58 +02:00
Vladimír Čunát
e9520e81b3 Merge branch 'master' into staging 2016-02-17 10:06:31 +01:00
Benjamin Staffin
fc85f1beed nix-prefetch-hg: Various bash style improvements, fixes #9511 2016-02-17 00:35:30 +01:00
Brian McKenna
8b644c5826 rust: fix prePatch phase fail when sourceRoot set
We want to go up more than a single directory if we're in a nested one.
2016-02-17 07:28:26 +11:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
zimbatm
02f5a01c19 nix-prefetch-git: use fetchgit's naming heuristic
This commit fixes #6651.

Before this change the `nix-prefetch-git` script would use a different store
name than nix's `fetchgit` function. Because of that it was not possible to
use `nix-prefetch-git` as a way to pre-populate the store (for example when
the user it using private git dependencies that needs access to the ssh agent)
2016-02-13 14:39:44 +00:00
Vladimír Čunát
a115bff08c Merge branch 'master' into staging 2016-02-07 13:52:42 +01:00
Vladimír Čunát
96cbdc70f2 cc-wrapper: fix #10574: old gcc -> cc fallout
The part with gcc-wrapper-old changes is rather unimportant,
as it's almost unused but I still tested that the sole user `gnat` builds.
2016-02-05 14:05:14 +01:00
Vladimír Čunát
54299b60c4 Merge #12779: Mass replace pkg}/bin-style strings
... to refer to correct outputs
2016-02-03 17:25:22 +01:00
Vladimír Čunát
f89a136fd5 cc-wrapper: fixup branch interactions
c0599fdd61 and changes on closure-size didn't go well together.
2016-02-03 16:57:41 +01:00
Vladimír Čunát
ae74c356d9 Merge recent 'staging' into closure-size
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Guillaume Maudoux
9f358f809d Configure a default trust store for openssl 2016-02-03 12:42:01 +01:00
Eric Seidel
f62b04954f fetchgitlocal: be less chatty 2016-02-01 10:57:01 -08:00
Tuomas Tynkkynen
3cc7fa0be9 treewide: Mass replace 'lzma}/bin' to refer the 'bin' output 2016-02-01 20:46:15 +02:00
Eelco Dolstra
030838ba25 makeModulesClosure: Small cleanup 2016-02-01 18:19:23 +01:00
Thomas Tuegel
1e5cad9c8c Merge pull request #12738 from ttuegel/emacsWithPackages
Reduce load time of emacsWithPackages
2016-01-31 17:28:20 -06:00
Franz Pletz
c5f092c6a7 Merge pull request #12626 from aspiwack/deepclone-doc
Fix usage message in `nix-prefetch-git`
2016-01-30 17:34:42 +01:00
Eelco Dolstra
9855cbcbf8 debian: 8.2 -> 8.3 2016-01-30 11:08:37 +01:00
zimbatm
48a5bb703d stdenv: fix set-source-date-epoch-to-latest (close #12602)
In some cases the $sourceRoot is missing. Skip the hook instead
of showing the following cryptic error:

    find: cannot search `': No such file or directory
    /nix/store/0p1afvl8jcpi6dvsq2n58i90w9c59vz1-set-source-date-epoch-to-latest.sh: line 12: [: : integer expression expected

vcunat removed the warning; the hook will just skip silently in these cases.
Perhaps someone can improve on it some time.
2016-01-29 12:03:48 +01:00
Vladimír Čunát
de0af30716 Merge branch 'master' into staging 2016-01-29 10:19:48 +01:00
aszlig
ab84149c99
buildEnv: Pass the right number of args to addPkg
Regression introduced by 4529ed1259.

I've missed this in #5096, not because of a messed up rebase as I have
guessed from a comment on #12635 but missed this in the first place.

The testing I did while working on the pull request weren't exhaustive
enough to cover this, because I haven't tested with packages that use
the propagatedUserEnvPkgs attribute.

In order to make the test a bit more exhaustive this time, let's test it
using:

nix-build -E 'with import ./. {}; buildEnv {
  name = "testenv";
  paths = [
    pkgs.hello pkgs.binutils pkgs.libsoup pkgs.gnome3.yelp
    pkgs.gnome3.totem
  ];
}'

And with this commit the errors no longer show up and the environment is
built correctly.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #12635
2016-01-28 14:50:44 +01:00
Vladimír Čunát
ab8a691d05 nixos systemPackages: rework default outputs
- Now `pkg.outputUnspecified = true` but this attribute is missing in
  every output, so we can recognize whether the user chose or not.
  If (s)he didn't choose, we put `pkg.bin or pkg.out or pkg` into
  `systemPackages`.
- `outputsToLink` is replaced by `extraOutputsToLink`.
  We add extra outputs *regardless* of whether the user chose anything.
  It's mainly meant for outputs with docs and debug symbols.
- Note that as a result, some libraries will disappear from system path.
2016-01-28 11:24:18 +01:00
Vladimír Čunát
a33fcc8731 cc-wrapper: attempt to fix on darwin
This fixes evaluation at least. I'm unable to test this myself and noone steps up;
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-174448705
however, Hydra's macs are idling so let's employ them for that.
2016-01-28 06:59:36 +01:00
Arthur Noel
903129f770 dockerTools: private registry support
* authorization token is optional
* registry url is taken from X-Docker-Endpoints header
* pull.sh correctly resumes partial layer downloads
* detjson.py does not fail on missing keys
2016-01-27 21:13:07 +00:00
Thomas Tuegel
063f5e3d0b remove autonix 2016-01-27 06:26:14 -06:00
Arnaud Spiwack
07f7ecdcce Fix usage message in nix-prefetch-git
The comment related to the `deepClone` and `no-deepClone` options was
misleading as these options have no relation with submodules, but on the
the depth in `git clone --depth n`.
2016-01-26 16:09:52 +01:00
Peter Simons
5ff34bac8c build-support/source-tarball.nix: fix syntax highlighting in Emacs 2016-01-26 14:03:06 +01:00
Vladimír Čunát
c0599fdd61 Merge #11798: cc-wrapper: fix on darwin 2016-01-25 10:03:42 +01:00
Vladimír Čunát
8f48a9756b cc-wrapper: quote when saving $PATH 2016-01-25 09:54:10 +01:00
Dan Peebles
8f9aea9ccc grsecurity: fix kernel config and uncomment grsecurity kernels 2016-01-23 16:58:44 +00:00
Dan Peebles
33cf0792b1 grsecurity-testing: update patches and associated kernel version 2016-01-23 14:29:34 +00:00
Nikolay Amiantov
f18317885a fhs-userenv: don't use bash login mode
Login mode can cause hidden problems, e.g. #12406. Generally we don't want
to read user's .bash_profile when we don't start an interactive shell inside
a chroot.
2016-01-23 15:55:53 +03:00
Vladimír Čunát
0957359568 Merge branch 'staging' 2016-01-22 13:48:35 +01:00
Thomas Tuegel
32c30411cf emacsWithPackages: link packages into single load-path
This should provide a small speed improvement by avoiding having to set
hundreds of load-paths.
2016-01-20 12:53:11 -06:00
Thomas Tuegel
2b1024646b emacsWithPackages: defer loading package.el
Also stops duplicating load paths.
2016-01-20 12:43:21 -06:00
Thomas Tuegel
97e1258ded emacsWithPackages: use local variables correctly 2016-01-20 12:43:00 -06:00
Rok Garbas
36fc03edb6 fetchgit: import impure GIT_PROXY_COMMAND and SOCKS_SERVER, fixes #8605
These environment variables allow using fetchgit with git:// URLs using
the SOCKS proxy technique described in 'Using Git with a SOCKS proxy':

  http://www.patthoyts.tk/blog/using-git-with-socks-proxy.html

Briefly, GIT_PROXY_COMMAND is set to a script which invokes connect[1],
which reads SOCKS_PROXY, which might be pointing to a local instance of
'ssh -D'.

[1] pkgs/tools/networking/connect
2016-01-20 02:18:22 +01:00
Anthony Cowley
d96893647d cc-wrapper: fix on darwin
The ld-wrapper.sh script calls `readlink` in some circumstances. We need
to ensure that this is the `readlink` from the `coreutils` package so
that flag support is as expected.

This is accomplished by explicitly setting PATH at the top of each shell
script.

Without doing this, the following happens with a trivial `main.c`:

```
nix-env -f "<nixpkgs>" -iA pkgs.clang
$ clang main.c -L /nix/../nix/store/2ankvagznq062x1gifpxwkk7fp3xwy63-xnu-2422.115.4/Library -o a.out
readlink: illegal option -- f
usage: readlink [-n] [file ...]
```

The key element is the `..` in the path supplied to the linker via a
`-L` flag. With this patch, the above invocation works correctly on
darwin, whose native `/usr/bin/readlink` does not support the `-f` flag.

The explicit path also ensures that the `grep` called by `cc-wrapper.sh`
is the one from Nix.

Fixes #6447
2016-01-19 17:47:11 -05:00
Domen Kožar
9c571a98ed Merge pull request #10998 from andrewrynhard/master
Add help flag to nix-prefetch-git
2016-01-19 12:01:55 +01:00
Eelco Dolstra
e210fdd272 Merge pull request #12469 from domenkozar/fetchurl/executable
fetchurl: support executables
2016-01-19 11:27:13 +01:00
Domen Kožar
c7383cb34b fetchurl: support executables 2016-01-19 11:17:49 +01:00
Vladimír Čunát
716aac2519 Merge branch 'staging' into closure-size 2016-01-19 09:55:31 +01:00
Domen Kožar
3b381d37ee Merge pull request #5096 from aszlig/buildenv-check-collision-contents
buildEnv: Check the content of colliding paths.
2016-01-19 01:00:09 +01:00
Thomas Tuegel
9dfd9fe0bf elpa2nix: fix packages with DOS line endings 2016-01-18 15:29:19 -06:00
Thomas Tuegel
decb5802c9 elpaBuild: factor out package installation
Building packages requires package-build.el from Melpa, but installing
packages only requires package.el. Packages from ELPA are already built,
so there is no need to involve package-build.el.
2016-01-18 15:29:19 -06:00
Thomas Tuegel
1724a07e2e melpaBuild: keep original source file names without hash 2016-01-18 15:29:19 -06:00
Thomas Tuegel
cd54d7af47 melpaBuild: don't download dependencies
Stop package.el from trying to download dependencies. It wouldn't work
anyway.
2016-01-18 15:29:17 -06:00
Thomas Tuegel
18251778c9 melpaBuild: don't guess archive file name
package-build can tell us exactly what the archive file name is, instead
of globbing for it.
2016-01-18 15:29:17 -06:00
Thomas Tuegel
4b2303b8c9 melpaBuild: get Emacs package name from recipe
When building a package from a Melpa recipe file, get the Emacs package
name from the recipe. Nix is more restrictive about packages names than
Emacs, so the Nix name for a package is sometimes different.
2016-01-18 15:29:16 -06:00
Vladimír Čunát
620c147cce Merge branch 'master' into staging 2016-01-18 09:48:49 +01:00
aszlig
bfb11fd030
buildEnv: Skip content check on ignoreCollisions.
Checking file contents is redundant in this case, because we will go
ahead anyway, regardless of whether the content is the same.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-18 03:56:09 +01:00
aszlig
4529ed1259
buildEnv: Check the content of colliding paths.
Originally wanted to include ignoreCollisions in cups-progs, but I think
it's better if we use ignoreCollisions only if there are _real_
collisions between files with different contents.

Of course, we also check whether the file permissions match, so you get
a collision if contents are the same but the permissions are different.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-01-18 03:54:22 +01:00
Domen Kožar
36057827f6 requireFile: remove colon from the url for easier copy/paste 2016-01-16 21:58:40 +01:00
Nikolay Amiantov
de9634bba3 Merge pull request #11998 from abbradar/initrd-root
make-initrd: store all files with root as owner
2016-01-16 22:45:49 +03:00
Eelco Dolstra
2fcee55e5f separateDebugInfo: Create symlinks matching original binaries
For instance, a binary like libfoo.so will cause a symlink
lib/debug/libfoo.so.debug -> .build-id/<build-ID>.debug to be
created. This is primarily useful for use with eu-addr2line, if you
know the name of a binary and the relative address, but not the build
ID.
2016-01-15 16:16:11 +01:00
Vladimír Čunát
2d0893088f Merge branch 'master' into staging 2016-01-15 13:43:57 +01:00
Vladimír Čunát
98218971c2 Merge #12299: make firefox-like browsers wrapped by default 2016-01-15 08:53:58 +01:00
Vladimír Čunát
f50d80f627 makeDesktopItem: change name of the derivations
The name wasn't suggesting what kind of stuff is in there;
now it's the same as the name of the file that gets generated.
2016-01-15 08:37:02 +01:00
Domen Kožar
622eb5f699 requireFile: use correct absolute path syntax 2016-01-14 14:13:58 +01:00
lethalman
091c74b1c8 Merge pull request #12062 from mogorman/platformio
platformio: init at 2.7.0
2016-01-13 15:47:25 +01:00
Luca Bruno
4a4561ce24 dockerTools: nix functions for manipulating docker images 2016-01-13 10:27:37 +01:00
Vladimír Čunát
19d22184d3 stdenv/multiple-outputs.sh: small tweaks
- fix in silencing some moveToOutput messages
- allow removing (developer) documentation even without defining outputs
  (note: some paths are auto-removed by default, e.g. gtk-doc and man3)
2016-01-12 23:57:47 +01:00
Tyson Whitehead
5c89edbc3b buildRustPackage: don't hardcode /nix/store, use $NIX_STORE 2016-01-12 13:45:11 -05:00
Nikolay Amiantov
9124e9584b Merge pull request #11779 from abbradar/fhs-root
chroot-user: don't create new user namespace if we are root
2016-01-12 14:40:45 +03:00
Nikolay Amiantov
ded1a55b8d substituteAllFiles: support postInstall 2016-01-10 06:03:26 +03:00
Eelco Dolstra
64bc8a84a4 Force another rebuild
Unfortunately, yesterday Nix got reverted to a version with broken
passAsFile implementation on some Hydra machines, so we have corrupted
files again. (E.g. http://hydra.nixos.org/build/29777678.) Forcing
another gratuitous rebuild to get rid of them.

(cherry picked from commit 75974d9220b8397c736ada76fb24eb934fa62f6c)
2016-01-07 13:21:16 +01:00
Matthew O'Gorman
c87ef76027
build-fhs-userenv: added the option meta to be passed down to the final derivation. 2016-01-06 04:06:28 -05:00
Eelco Dolstra
38460cfe72 set-source-date-epoch-to-latest.sh: Support Darwin 2016-01-06 00:31:27 +01:00
Eelco Dolstra
81e530a749 Set SOURCE_DATE_EPOCH to latest source file
This provides a timestamp that's more useful than 1970-01-01 yet still
deterministic.
2016-01-05 17:21:48 +01:00
Eelco Dolstra
2b5ed58099 cc-wrapper: Don't mess with __DATE__ and __TIME__
This is handled by $SOURCE_DATE_EPOCH now.
2016-01-05 17:21:48 +01:00
Eric Seidel
a8217711ce fetchgitLocal: make it work in submodules 2016-01-04 15:09:00 -08:00
Dan Peebles
e81ae8e5a0 native-darwin-cctools-wrapper: kill it
Nothing uses it anymore
2016-01-03 20:28:34 -05:00
Vladimír Čunát
e22d26bedb cc-wrapper: small changes, mostly just cosmetic ones 2016-01-02 11:14:09 +01:00
Michael Raskin
502c791611 update-walker: add a minimal description 2016-01-01 19:07:38 +01:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Thomas Tuegel
7466e0f264 melpaBuild: accept recipeFile in lieu of fileSpecs 2015-12-29 13:23:49 -06:00
Vladimír Čunát
b91dcad4bc fetchFromBitBucket: auto-remove an impure file
Also fix the hash in goPackages.inflect, the only user of the fetcher ATM.
Closes #12002 (different `inflect` fix), fixes #12012.
Using fetchzip-derived functions is likely more efficient than fetchhg,
and it's lighter on dependencies (hash is the same as with fetchhg in this case).
2015-12-29 16:54:50 +01:00
Nikolay Amiantov
9c431b77ff make-initrd: store all files with root as owner 2015-12-28 12:07:11 +03:00
Thomas Tuegel
688c005608 melpaBuild: update package-build.el 2015-12-27 10:59:27 -06:00
Thomas Tuegel
0b1edac8c0 nix-prefetch-bzr: match path name to fetchbzr name
fetchbzr always uses the derivation name `bzr-export`. nix-prefetch-bzr
should use the same name for its output. This avoids duplicate downloads
and problems with forbidden characters in bazaar repository names.
2015-12-19 09:32:22 -06:00
Thomas Tuegel
55544c1e68 nix-prefetch-zip: keep downloaded file extension
Keep the correct file extension on the downloaded file so that
`unpackFile` will know how to unpack it correctly.
2015-12-19 09:32:22 -06:00
Thomas Tuegel
0bc4af00ee emacsWithPackages: add user documentation 2015-12-19 09:32:16 -06:00
Thomas Tuegel
dadfd93811 emacsWithPackages: know its own package set
Fixes #10819. emacsWithPackages will know its own package set. This
requires it to be in a package set, rather than at the top level, so it
lives in emacsPackagesNg.
2015-12-19 09:31:41 -06:00
Nikolay Amiantov
ed4219964d chrootenv: add setuid wrappers to path 2015-12-17 14:21:17 +03:00
Nikolay Amiantov
d6c1150195 chrootenv: symlink su and sudo stuff 2015-12-17 14:21:13 +03:00
Nikolay Amiantov
230898ceb2 chrootenv-user: don't unshare user namespace if we are root 2015-12-17 14:21:06 +03:00
Thomas Tuegel
d6bec4e77f add copyPathToStore and copyPathsToStore 2015-12-16 15:00:44 -06:00
Nikolay Amiantov
8fb2141a69 Merge pull request #11710 from kevincox/userenv-no-path
Remove PATH assumption from fhs-userenv.
2015-12-15 16:51:44 +03:00
aszlig
a5bc11f9eb
nixos/vm-tests: Remove msize mount option
This seems to be the root cause of the random page allocation failures
and @wizeman did a very good job on not only finding the root problem
but also giving a detailed explanation of it in #10828.

Here is an excerpt:

  The problem here is that the kernel is trying to allocate a contiguous
  section of 2^7=128 pages, which is 512 KB. This is way too much:
  kernel pages tend to get fragmented over time and kernel developers
  often go to great lengths to try allocating at most only 1 contiguous
  page at a time whenever they can.

  From the error message, it looks like the culprit is unionfs, but this
  is misleading: unionfs is the name of the userspace process that was
  running when the system ran out of memory, but it wasn't unionfs who
  was allocating the memory: it was the kernel; specifically it was the
  v9fs_dir_readdir_dotl() function, which is the code for handling the
  readdir() function in the 9p filesystem (the filesystem that is used
  to share a directory structure between a qemu host and its VM).

  If you look at the code, here's what it's doing at the moment it tries
  to allocate memory:

    buflen = fid->clnt->msize - P9_IOHDRSZ;

    rdir = v9fs_alloc_rdir_buf(file, buflen);

  If you look into v9fs_alloc_rdir_buf(), you will see that it will try
  to allocate a contiguous buffer of memory (using kzalloc(), which is a
  wrapper around kmalloc()) of size buflen + 8 bytes or so.

  So in reality, this code actually allocates a buffer of size
  proportional to fid->clnt->msize. What is this msize? If you follow
  the definition of the structures, you will see that it's the
  negotiated buffer transfer size between 9p client and 9p server. On
  the client side, it can be controlled with the msize mount option.

  What this all means is that, the reason for running out of memory is
  that the code (which we can't easily change) tries to allocate a
  contiguous buffer of size more or less equal to "negotiated 9p
  protocol buffer size", which seems to be way too big (in our NixOS
  tests, at least).

After that initial finding, @lethalman tested the gnome3 gdm test
without setting the msize parameter at all and it seems to have resolved
the problem.

The reason why I'm committing this without testing against all of the
NixOS VM test is basically that I think we can only go better but not
worse than the current state.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-14 17:26:24 +01:00
Kevin Cox
2f26b82411 Remove PATH assumption from fhs-userenv.
Previously is was assumed that bash was in the path when calling the
environment setup script. This changes all of the references of bash to
be absolute paths so that the user doesn't have to worry about the
environment they call it with.
2015-12-14 11:14:53 -05:00
Thomas Tuegel
623a117bdd makeDesktopItem: add StartupNotify key 2015-12-12 17:25:56 -06:00
Luca Bruno
5b0352a6a4 Merge branch 'master' into closure-size 2015-12-11 18:31:00 +01:00
Nikolay Amiantov
8ec4b45dbd Merge pull request #11602 from zimbatm/stricter-chroot-user
build-fhs-userenv: don't leak file descriptors
2015-12-11 00:40:41 +03:00
zimbatm
9b33ec1764 build-fhs-userenv: don't leak file descriptors
This re-uses the capabilities documented in `Process.spawn` to avoid leaking
unecessary file-descriptors to the sandbox
2015-12-10 16:01:04 +00:00
Eelco Dolstra
bb672805cd fetchurl: Always use tarballs.nixos.org
Otherwise, if the upstream mirror changes (rather than deletes) a
file, then tarballs.nixos.org won't be used even if it has a copy of
the original file, and so we'll get a hash mismatch.
2015-12-10 16:06:12 +01:00
Thomas Tuegel
07a0031029 melpaBuild: add unpackCmd for single-file packages
Emacs packages are commonly distributed as single .el files. This
unpackCmd handles them correctly and sets up sourceRoot. Other sources
are treated in the default manner.
2015-12-06 11:50:10 -06:00
Thomas Tuegel
63eb6fdd8a fetchsvn: correctly handle trailing slashes
`splitString` does not split on trailing separators.
2015-12-06 11:49:51 -06:00
Peter Simons
b89514eced fetchgit: follow up to 2cf7069b7d
If "fetcher" is a string, then Nix will execute it with bash already, so
the additional bash argument in that string was redundant and apparently
causes trouble on non-Linux platforms.

Hopefully fixes https://github.com/NixOS/nixpkgs/issues/11496.
2015-12-06 15:06:02 +01:00
Vladimír Čunát
263fd55d4b Merge recent staging built on Hydra
http://hydra.nixos.org/eval/1231884
Only Darwin jobs seem to be queued now,
but we can't afford to wait for that single build slave.
2015-12-05 11:11:51 +01:00
Peter Simons
65f3932f6e Update list of gnupg.org mirror sites.
The list we had before contained a lot of junk, i.e. sites that were no
longer online or no longer in sync. The new list of sites comes from
https://gnupg.org/download/index.html.
2015-12-04 21:11:22 +01:00
Nikolay Amiantov
00f6ce133c buildFHS{Chroot,User}Env: support extraInstallCommands 2015-12-04 00:58:47 +03:00
Luca Bruno
e289717414 rename moveToOutput and propagatedBuildInputs 2015-12-02 10:05:36 +01:00
Luca Bruno
31ed92f65f Fix system-path with multiout 2015-12-01 15:09:41 +01:00
Peter Simons
806008a48e Merge pull request #11362 from dezgeg/pr-buildenv-meta
buildEnv: Allow setting meta attributes
2015-11-30 23:21:39 +01:00
Tuomas Tynkkynen
74c09a6e64 buildEnv: Allow setting meta attributes 2015-11-29 19:13:19 +02:00
Luca Bruno
920b1d3591 Merge branch 'master' into closure-size 2015-11-29 16:50:26 +01:00
Peter Simons
2cf7069b7d fetchgit: call in-repository script with bash explicitly
The script's shebang depends on /usr/bin/env, which we don't have in chroot
environments. This patch remedies the fallout from ade9f7167d, which
fixed https://github.com/NixOS/nixpkgs/issues/11284.
2015-11-29 15:43:56 +01:00
Peter Simons
ade9f7167d nix-prefetch-git: make sure the script is interpreted by bash
Fixes https://github.com/NixOS/nixpkgs/issues/11284.
2015-11-27 11:17:50 +01:00
Luca Bruno
a412927924 Merge remote-tracking branch 'origin/master' into closure-size 2015-11-25 21:37:30 +01:00
Eelco Dolstra
75e41b0210 Add Fedora 23 2015-11-25 16:18:15 +01:00
Eelco Dolstra
e4eee41ad0 Add Ubuntu 15.10 2015-11-25 15:40:08 +01:00
Nikolay Amiantov
287f99bada r-modules: use HTTPS, allow passing args from generated set, use MRAN 2015-11-25 11:39:28 +01:00
Wei-Ming Yang
3a205134fb Update builder.sh
fix a incorrect name of environment variable
2015-11-25 17:14:03 +08:00