mirror of
https://github.com/NixOS/nix
synced 2025-07-07 01:51:47 +02:00
Merge branch 'master' into indexed-store-path-outputs
This commit is contained in:
commit
1879c7c95e
83 changed files with 1547 additions and 1396 deletions
|
@ -1,16 +1,20 @@
|
|||
with builtins;
|
||||
with import ./utils.nix;
|
||||
builtinsDump:
|
||||
let
|
||||
showBuiltin = name:
|
||||
let
|
||||
inherit (builtinsDump.${name}) doc args;
|
||||
in
|
||||
''
|
||||
<dt id="builtins-${name}">
|
||||
<a href="#builtins-${name}"><code>${name} ${listArgs args}</code></a>
|
||||
</dt>
|
||||
<dd>
|
||||
|
||||
builtins:
|
||||
${doc}
|
||||
|
||||
</dd>
|
||||
'';
|
||||
listArgs = args: builtins.concatStringsSep " " (map (s: "<var>${s}</var>") args);
|
||||
in
|
||||
with builtins; concatStringsSep "\n" (map showBuiltin (attrNames builtinsDump))
|
||||
|
||||
concatStrings (map
|
||||
(name:
|
||||
let builtin = builtins.${name}; in
|
||||
"<dt id=\"builtins-${name}\"><a href=\"#builtins-${name}\"><code>${name} "
|
||||
+ concatStringsSep " " (map (s: "<var>${s}</var>") builtin.args)
|
||||
+ "</code></a></dt>"
|
||||
+ "<dd>\n\n"
|
||||
+ builtin.doc
|
||||
+ "\n\n</dd>"
|
||||
)
|
||||
(attrNames builtins))
|
||||
|
|
|
@ -99,6 +99,7 @@ let
|
|||
in [ cmd ] ++ concatMap subcommand (attrNames details.commands or {});
|
||||
|
||||
parsedToplevel = builtins.fromJSON toplevel;
|
||||
|
||||
manpages = processCommand {
|
||||
command = "nix";
|
||||
details = parsedToplevel;
|
||||
|
|
|
@ -1,29 +1,41 @@
|
|||
with builtins;
|
||||
with import ./utils.nix;
|
||||
let
|
||||
inherit (builtins) attrNames concatStringsSep isAttrs isBool;
|
||||
inherit (import ./utils.nix) concatStrings squash splitLines;
|
||||
in
|
||||
|
||||
options:
|
||||
optionsInfo:
|
||||
let
|
||||
showOption = name:
|
||||
let
|
||||
inherit (optionsInfo.${name}) description documentDefault defaultValue aliases;
|
||||
result = squash ''
|
||||
- <span id="conf-${name}">[`${name}`](#conf-${name})</span>
|
||||
|
||||
concatStrings (map
|
||||
(name:
|
||||
let option = options.${name}; in
|
||||
" - [`${name}`](#conf-${name})"
|
||||
+ "<p id=\"conf-${name}\"></p>\n\n"
|
||||
+ concatStrings (map (s: " ${s}\n") (splitLines option.description)) + "\n\n"
|
||||
+ (if option.documentDefault
|
||||
then " **Default:** " + (
|
||||
if option.defaultValue == "" || option.defaultValue == []
|
||||
then "*empty*"
|
||||
else if isBool option.defaultValue
|
||||
then (if option.defaultValue then "`true`" else "`false`")
|
||||
else
|
||||
# n.b. a StringMap value type is specified as a string, but
|
||||
# this shows the value type. The empty stringmap is "null" in
|
||||
# JSON, but that converts to "{ }" here.
|
||||
(if isAttrs option.defaultValue then "`\"\"`"
|
||||
else "`" + toString option.defaultValue + "`")) + "\n\n"
|
||||
else " **Default:** *machine-specific*\n")
|
||||
+ (if option.aliases != []
|
||||
then " **Deprecated alias:** " + (concatStringsSep ", " (map (s: "`${s}`") option.aliases)) + "\n\n"
|
||||
else "")
|
||||
)
|
||||
(attrNames options))
|
||||
${indent " " body}
|
||||
'';
|
||||
# separate body to cleanly handle indentation
|
||||
body = ''
|
||||
${description}
|
||||
|
||||
**Default:** ${showDefault documentDefault defaultValue}
|
||||
|
||||
${showAliases aliases}
|
||||
'';
|
||||
showDefault = documentDefault: defaultValue:
|
||||
if documentDefault then
|
||||
# a StringMap value type is specified as a string, but
|
||||
# this shows the value type. The empty stringmap is `null` in
|
||||
# JSON, but that converts to `{ }` here.
|
||||
if defaultValue == "" || defaultValue == [] || isAttrs defaultValue
|
||||
then "*empty*"
|
||||
else if isBool defaultValue then
|
||||
if defaultValue then "`true`" else "`false`"
|
||||
else "`${toString defaultValue}`"
|
||||
else "*machine-specific*";
|
||||
showAliases = aliases:
|
||||
if aliases == [] then "" else
|
||||
"**Deprecated alias:** ${(concatStringsSep ", " (map (s: "`${s}`") aliases))}";
|
||||
indent = prefix: s:
|
||||
concatStringsSep "\n" (map (x: if x == "" then x else "${prefix}${x}") (splitLines s));
|
||||
in result;
|
||||
in concatStrings (map showOption (attrNames optionsInfo))
|
||||
|
|
|
@ -29,19 +29,19 @@ nix-eval = $(dummy-env) $(bindir)/nix eval --experimental-features nix-command -
|
|||
$(d)/%.1: $(d)/src/command-ref/%.md
|
||||
@printf "Title: %s\n\n" "$$(basename $@ .1)" > $^.tmp
|
||||
@cat $^ >> $^.tmp
|
||||
$(trace-gen) lowdown -sT man -M section=1 $^.tmp -o $@
|
||||
$(trace-gen) lowdown -sT man --nroff-nolinks -M section=1 $^.tmp -o $@
|
||||
@rm $^.tmp
|
||||
|
||||
$(d)/%.8: $(d)/src/command-ref/%.md
|
||||
@printf "Title: %s\n\n" "$$(basename $@ .8)" > $^.tmp
|
||||
@cat $^ >> $^.tmp
|
||||
$(trace-gen) lowdown -sT man -M section=8 $^.tmp -o $@
|
||||
$(trace-gen) lowdown -sT man --nroff-nolinks -M section=8 $^.tmp -o $@
|
||||
@rm $^.tmp
|
||||
|
||||
$(d)/nix.conf.5: $(d)/src/command-ref/conf-file.md
|
||||
@printf "Title: %s\n\n" "$$(basename $@ .5)" > $^.tmp
|
||||
@cat $^ >> $^.tmp
|
||||
$(trace-gen) lowdown -sT man -M section=5 $^.tmp -o $@
|
||||
$(trace-gen) lowdown -sT man --nroff-nolinks -M section=5 $^.tmp -o $@
|
||||
@rm $^.tmp
|
||||
|
||||
$(d)/src/SUMMARY.md: $(d)/src/SUMMARY.md.in $(d)/src/command-ref/new-cli
|
||||
|
|
|
@ -35,7 +35,6 @@ const redirects = {
|
|||
"conf-build-max-jobs": "command-ref/conf-file.html#conf-build-max-jobs",
|
||||
"conf-build-max-log-size": "command-ref/conf-file.html#conf-build-max-log-size",
|
||||
"conf-build-max-silent-time": "command-ref/conf-file.html#conf-build-max-silent-time",
|
||||
"conf-build-repeat": "command-ref/conf-file.html#conf-build-repeat",
|
||||
"conf-build-timeout": "command-ref/conf-file.html#conf-build-timeout",
|
||||
"conf-build-use-chroot": "command-ref/conf-file.html#conf-build-use-chroot",
|
||||
"conf-build-use-sandbox": "command-ref/conf-file.html#conf-build-use-sandbox",
|
||||
|
@ -47,7 +46,6 @@ const redirects = {
|
|||
"conf-connect-timeout": "command-ref/conf-file.html#conf-connect-timeout",
|
||||
"conf-cores": "command-ref/conf-file.html#conf-cores",
|
||||
"conf-diff-hook": "command-ref/conf-file.html#conf-diff-hook",
|
||||
"conf-enforce-determinism": "command-ref/conf-file.html#conf-enforce-determinism",
|
||||
"conf-env-keep-derivations": "command-ref/conf-file.html#conf-env-keep-derivations",
|
||||
"conf-extra-binary-caches": "command-ref/conf-file.html#conf-extra-binary-caches",
|
||||
"conf-extra-platforms": "command-ref/conf-file.html#conf-extra-platforms",
|
||||
|
@ -74,7 +72,6 @@ const redirects = {
|
|||
"conf-plugin-files": "command-ref/conf-file.html#conf-plugin-files",
|
||||
"conf-post-build-hook": "command-ref/conf-file.html#conf-post-build-hook",
|
||||
"conf-pre-build-hook": "command-ref/conf-file.html#conf-pre-build-hook",
|
||||
"conf-repeat": "command-ref/conf-file.html#conf-repeat",
|
||||
"conf-require-sigs": "command-ref/conf-file.html#conf-require-sigs",
|
||||
"conf-restrict-eval": "command-ref/conf-file.html#conf-restrict-eval",
|
||||
"conf-run-diff-hook": "command-ref/conf-file.html#conf-run-diff-hook",
|
||||
|
|
|
@ -65,6 +65,7 @@
|
|||
- [CLI guideline](contributing/cli-guideline.md)
|
||||
- [Release Notes](release-notes/release-notes.md)
|
||||
- [Release X.Y (202?-??-??)](release-notes/rl-next.md)
|
||||
- [Release 2.12 (2022-12-06)](release-notes/rl-2.12.md)
|
||||
- [Release 2.11 (2022-08-25)](release-notes/rl-2.11.md)
|
||||
- [Release 2.10 (2022-07-11)](release-notes/rl-2.10.md)
|
||||
- [Release 2.9 (2022-05-30)](release-notes/rl-2.9.md)
|
||||
|
|
|
@ -121,37 +121,3 @@ error:
|
|||
are not valid, so checking is not possible
|
||||
|
||||
Run the build without `--check`, and then try with `--check` again.
|
||||
|
||||
# Automatic and Optionally Enforced Determinism Verification
|
||||
|
||||
Automatically verify every build at build time by executing the build
|
||||
multiple times.
|
||||
|
||||
Setting `repeat` and `enforce-determinism` in your `nix.conf` permits
|
||||
the automated verification of every build Nix performs.
|
||||
|
||||
The following configuration will run each build three times, and will
|
||||
require the build to be deterministic:
|
||||
|
||||
enforce-determinism = true
|
||||
repeat = 2
|
||||
|
||||
Setting `enforce-determinism` to false as in the following
|
||||
configuration will run the build multiple times, execute the build
|
||||
hook, but will allow the build to succeed even if it does not build
|
||||
reproducibly:
|
||||
|
||||
enforce-determinism = false
|
||||
repeat = 1
|
||||
|
||||
An example output of this configuration:
|
||||
|
||||
```console
|
||||
$ nix-build ./test.nix -A unstable
|
||||
this derivation will be built:
|
||||
/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv
|
||||
building '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' (round 1/2)...
|
||||
building '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' (round 2/2)...
|
||||
output '/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable' of '/nix/store/ch6llwpr2h8c3jmnf3f2ghkhx59aa97f-unstable.drv' differs from '/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable.check' from previous round
|
||||
/nix/store/6xg356v9gl03hpbbg8gws77n19qanh02-unstable
|
||||
```
|
||||
|
|
|
@ -33,12 +33,17 @@ distribute the public key for verifying the authenticity of the paths.
|
|||
example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
|
||||
```
|
||||
|
||||
Then, add the public key and the cache URL to your `nix.conf`'s
|
||||
`trusted-public-keys` and `substituters` options:
|
||||
Then update [`nix.conf`](../command-ref/conf-file.md) on any machine that will access the cache.
|
||||
Add the cache URL to [`substituters`](../command-ref/conf-file.md#conf-substituters) and the public key to [`trusted-public-keys`](../command-ref/conf-file.md#conf-trusted-public-keys):
|
||||
|
||||
substituters = https://cache.nixos.org/ s3://example-nix-cache
|
||||
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= example-nix-cache-1:1/cKDz3QCCOmwcztD2eV6Coggp6rqc9DGjWv7C0G+rM=
|
||||
|
||||
Machines that build for the cache must sign derivations using the private key.
|
||||
On those machines, add the path to the key file to the [`secret-key-files`](../command-ref/conf-file.md#conf-secret-key-files) field in their [`nix.conf`](../command-ref/conf-file.md):
|
||||
|
||||
secret-key-files = /etc/nix/key.private
|
||||
|
||||
We will restart the Nix daemon in a later step.
|
||||
|
||||
# Implementing the build hook
|
||||
|
@ -52,14 +57,12 @@ set -eu
|
|||
set -f # disable globbing
|
||||
export IFS=' '
|
||||
|
||||
echo "Signing paths" $OUT_PATHS
|
||||
nix store sign --key-file /etc/nix/key.private $OUT_PATHS
|
||||
echo "Uploading paths" $OUT_PATHS
|
||||
exec nix copy --to 's3://example-nix-cache' $OUT_PATHS
|
||||
exec nix copy --to "s3://example-nix-cache" $OUT_PATHS
|
||||
```
|
||||
|
||||
> **Note**
|
||||
>
|
||||
>
|
||||
> The `$OUT_PATHS` variable is a space-separated list of Nix store
|
||||
> paths. In this case, we expect and want the shell to perform word
|
||||
> splitting to make each output path its own argument to `nix
|
||||
|
|
|
@ -53,16 +53,18 @@ All options not listed here are passed to `nix-store
|
|||
--realise`, except for `--arg` and `--attr` / `-A` which are passed to
|
||||
`nix-instantiate`.
|
||||
|
||||
- [`--no-out-link`]{#opt-no-out-link}\
|
||||
- <span id="opt-no-out-link">[`--no-out-link`](#opt-no-out-link)<span>
|
||||
|
||||
Do not create a symlink to the output path. Note that as a result
|
||||
the output does not become a root of the garbage collector, and so
|
||||
might be deleted by `nix-store
|
||||
--gc`.
|
||||
might be deleted by `nix-store --gc`.
|
||||
|
||||
- <span id="opt-dry-run">[`--dry-run`](#opt-dry-run)</span>
|
||||
|
||||
- [`--dry-run`]{#opt-dry-run}\
|
||||
Show what store paths would be built or downloaded.
|
||||
|
||||
- [`--out-link`]{#opt-out-link} / `-o` *outlink*\
|
||||
- <span id="opt-out-link">[`--out-link`](#opt-out-link)</span> / `-o` *outlink*
|
||||
|
||||
Change the name of the symlink to the output path created from
|
||||
`result` to *outlink*.
|
||||
|
||||
|
|
|
@ -22,7 +22,8 @@ This section lists the options that are common to all operations. These
|
|||
options are allowed for every subcommand, though they may not always
|
||||
have an effect.
|
||||
|
||||
- [`--add-root`]{#opt-add-root} *path*\
|
||||
- <span id="opt-add-root">[`--add-root`](#opt-add-root)</span> *path*
|
||||
|
||||
Causes the result of a realisation (`--realise` and
|
||||
`--force-realise`) to be registered as a root of the garbage
|
||||
collector. *path* will be created as a symlink to the resulting
|
||||
|
@ -104,10 +105,6 @@ The following flags are available:
|
|||
previous build, the new output path is left in
|
||||
`/nix/store/name.check.`
|
||||
|
||||
See also the `build-repeat` configuration option, which repeats a
|
||||
derivation a number of times and prevents its outputs from being
|
||||
registered as “valid” in the Nix store unless they are identical.
|
||||
|
||||
Special exit codes:
|
||||
|
||||
- `100`\
|
||||
|
|
|
@ -88,6 +88,29 @@ extension. The installer will also create `/etc/profile.d/nix.sh`.
|
|||
|
||||
### Linux
|
||||
|
||||
If you are on Linux with systemd:
|
||||
|
||||
1. Remove the Nix daemon service:
|
||||
|
||||
```console
|
||||
sudo systemctl stop nix-daemon.service
|
||||
sudo systemctl disable nix-daemon.socket nix-daemon.service
|
||||
sudo systemctl daemon-reload
|
||||
```
|
||||
|
||||
1. Remove systemd service files:
|
||||
|
||||
```console
|
||||
sudo rm /etc/systemd/system/nix-daemon.service /etc/systemd/system/nix-daemon.socket
|
||||
```
|
||||
|
||||
1. The installer script uses systemd-tmpfiles to create the socket directory.
|
||||
You may also want to remove the configuration for that:
|
||||
|
||||
```console
|
||||
sudo rm /etc/tmpfiles.d/nix-daemon.conf
|
||||
```
|
||||
|
||||
Remove files created by Nix:
|
||||
|
||||
```console
|
||||
|
@ -103,16 +126,6 @@ done
|
|||
sudo groupdel 30000
|
||||
```
|
||||
|
||||
If you are on Linux with systemd, remove the Nix daemon service:
|
||||
|
||||
```console
|
||||
sudo systemctl stop nix-daemon.socket
|
||||
sudo systemctl stop nix-daemon.service
|
||||
sudo systemctl disable nix-daemon.socket
|
||||
sudo systemctl disable nix-daemon.service
|
||||
sudo systemctl daemon-reload
|
||||
```
|
||||
|
||||
There may also be references to Nix in
|
||||
|
||||
- `/etc/profile`
|
||||
|
|
43
doc/manual/src/release-notes/rl-2.12.md
Normal file
43
doc/manual/src/release-notes/rl-2.12.md
Normal file
|
@ -0,0 +1,43 @@
|
|||
# Release 2.12 (2022-12-06)
|
||||
|
||||
* On Linux, Nix can now run builds in a user namespace where they run
|
||||
as root (UID 0) and have 65,536 UIDs available.
|
||||
<!-- FIXME: move this to its own section about system features -->
|
||||
This is primarily useful for running containers such as `systemd-nspawn`
|
||||
inside a Nix build. For an example, see [`tests/systemd-nspawn/nix`][nspawn].
|
||||
|
||||
[nspawn]: https://github.com/NixOS/nix/blob/67bcb99700a0da1395fa063d7c6586740b304598/tests/systemd-nspawn.nix.
|
||||
|
||||
A build can enable this by setting the derivation attribute:
|
||||
|
||||
```
|
||||
requiredSystemFeatures = [ "uid-range" ];
|
||||
```
|
||||
|
||||
The `uid-range` [system feature] requires the [`auto-allocate-uids`]
|
||||
setting to be enabled.
|
||||
|
||||
[system feature]: (../command-ref/conf-file.md#conf-system-features)
|
||||
|
||||
* Nix can now automatically pick UIDs for builds, removing the need to
|
||||
create `nixbld*` user accounts. See [`auto-allocate-uids`].
|
||||
|
||||
[`auto-allocate-uids`]: (../command-ref/conf-file.md#conf-auto-allocate-uids)
|
||||
|
||||
* On Linux, Nix has experimental support for running builds inside a
|
||||
cgroup. See
|
||||
[`use-cgroups`](../command-ref/conf-file.md#conf-use-cgroups).
|
||||
|
||||
* `<nix/fetchurl.nix>` now accepts an additional argument `impure` which
|
||||
defaults to `false`. If it is set to `true`, the `hash` and `sha256`
|
||||
arguments will be ignored and the resulting derivation will have
|
||||
`__impure` set to `true`, making it an impure derivation.
|
||||
|
||||
* If `builtins.readFile` is called on a file with context, then only
|
||||
the parts of the context that appear in the content of the file are
|
||||
retained. This avoids a lot of spurious errors where strings end up
|
||||
having a context just because they are read from a store path
|
||||
([#7260](https://github.com/NixOS/nix/pull/7260)).
|
||||
|
||||
* `nix build --json` now prints some statistics about top-level
|
||||
derivations, such as CPU statistics when cgroups are enabled.
|
|
@ -1,14 +1,6 @@
|
|||
# Release X.Y (202?-??-??)
|
||||
|
||||
* `<nix/fetchurl.nix>` now accepts an additional argument `impure` which
|
||||
defaults to `false`. If it is set to `true`, the `hash` and `sha256`
|
||||
arguments will be ignored and the resulting derivation will have
|
||||
`__impure` set to `true`, making it an impure derivation.
|
||||
|
||||
* If `builtins.readFile` is called on a file with context, then only the parts
|
||||
of that context that appear in the content of the file are retained.
|
||||
This avoids a lot of spurious errors where some benign strings end-up having
|
||||
a context just because they are read from a store path
|
||||
([#7260](https://github.com/NixOS/nix/pull/7260)).
|
||||
* The `repeat` and `enforce-determinism` options have been removed
|
||||
since they had been broken under many circumstances for a long time.
|
||||
|
||||
* Allow explicitly selecting outputs with *store derivations* installable syntax too.
|
Loading…
Add table
Add a link
Reference in a new issue