Commit graph

1667 commits

Author SHA1 Message Date
Nikolay Amiantov
ed4219964d chrootenv: add setuid wrappers to path 2015-12-17 14:21:17 +03:00
Nikolay Amiantov
d6c1150195 chrootenv: symlink su and sudo stuff 2015-12-17 14:21:13 +03:00
Nikolay Amiantov
230898ceb2 chrootenv-user: don't unshare user namespace if we are root 2015-12-17 14:21:06 +03:00
Thomas Tuegel
d6bec4e77f add copyPathToStore and copyPathsToStore 2015-12-16 15:00:44 -06:00
Nikolay Amiantov
8fb2141a69 Merge pull request #11710 from kevincox/userenv-no-path
Remove PATH assumption from fhs-userenv.
2015-12-15 16:51:44 +03:00
aszlig
a5bc11f9eb
nixos/vm-tests: Remove msize mount option
This seems to be the root cause of the random page allocation failures
and @wizeman did a very good job on not only finding the root problem
but also giving a detailed explanation of it in #10828.

Here is an excerpt:

  The problem here is that the kernel is trying to allocate a contiguous
  section of 2^7=128 pages, which is 512 KB. This is way too much:
  kernel pages tend to get fragmented over time and kernel developers
  often go to great lengths to try allocating at most only 1 contiguous
  page at a time whenever they can.

  From the error message, it looks like the culprit is unionfs, but this
  is misleading: unionfs is the name of the userspace process that was
  running when the system ran out of memory, but it wasn't unionfs who
  was allocating the memory: it was the kernel; specifically it was the
  v9fs_dir_readdir_dotl() function, which is the code for handling the
  readdir() function in the 9p filesystem (the filesystem that is used
  to share a directory structure between a qemu host and its VM).

  If you look at the code, here's what it's doing at the moment it tries
  to allocate memory:

    buflen = fid->clnt->msize - P9_IOHDRSZ;

    rdir = v9fs_alloc_rdir_buf(file, buflen);

  If you look into v9fs_alloc_rdir_buf(), you will see that it will try
  to allocate a contiguous buffer of memory (using kzalloc(), which is a
  wrapper around kmalloc()) of size buflen + 8 bytes or so.

  So in reality, this code actually allocates a buffer of size
  proportional to fid->clnt->msize. What is this msize? If you follow
  the definition of the structures, you will see that it's the
  negotiated buffer transfer size between 9p client and 9p server. On
  the client side, it can be controlled with the msize mount option.

  What this all means is that, the reason for running out of memory is
  that the code (which we can't easily change) tries to allocate a
  contiguous buffer of size more or less equal to "negotiated 9p
  protocol buffer size", which seems to be way too big (in our NixOS
  tests, at least).

After that initial finding, @lethalman tested the gnome3 gdm test
without setting the msize parameter at all and it seems to have resolved
the problem.

The reason why I'm committing this without testing against all of the
NixOS VM test is basically that I think we can only go better but not
worse than the current state.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-12-14 17:26:24 +01:00
Kevin Cox
2f26b82411 Remove PATH assumption from fhs-userenv.
Previously is was assumed that bash was in the path when calling the
environment setup script. This changes all of the references of bash to
be absolute paths so that the user doesn't have to worry about the
environment they call it with.
2015-12-14 11:14:53 -05:00
Thomas Tuegel
623a117bdd makeDesktopItem: add StartupNotify key 2015-12-12 17:25:56 -06:00
Nikolay Amiantov
8ec4b45dbd Merge pull request #11602 from zimbatm/stricter-chroot-user
build-fhs-userenv: don't leak file descriptors
2015-12-11 00:40:41 +03:00
zimbatm
9b33ec1764 build-fhs-userenv: don't leak file descriptors
This re-uses the capabilities documented in `Process.spawn` to avoid leaking
unecessary file-descriptors to the sandbox
2015-12-10 16:01:04 +00:00
Eelco Dolstra
bb672805cd fetchurl: Always use tarballs.nixos.org
Otherwise, if the upstream mirror changes (rather than deletes) a
file, then tarballs.nixos.org won't be used even if it has a copy of
the original file, and so we'll get a hash mismatch.
2015-12-10 16:06:12 +01:00
Thomas Tuegel
07a0031029 melpaBuild: add unpackCmd for single-file packages
Emacs packages are commonly distributed as single .el files. This
unpackCmd handles them correctly and sets up sourceRoot. Other sources
are treated in the default manner.
2015-12-06 11:50:10 -06:00
Thomas Tuegel
63eb6fdd8a fetchsvn: correctly handle trailing slashes
`splitString` does not split on trailing separators.
2015-12-06 11:49:51 -06:00
Peter Simons
b89514eced fetchgit: follow up to 2cf7069b7d
If "fetcher" is a string, then Nix will execute it with bash already, so
the additional bash argument in that string was redundant and apparently
causes trouble on non-Linux platforms.

Hopefully fixes https://github.com/NixOS/nixpkgs/issues/11496.
2015-12-06 15:06:02 +01:00
Vladimír Čunát
263fd55d4b Merge recent staging built on Hydra
http://hydra.nixos.org/eval/1231884
Only Darwin jobs seem to be queued now,
but we can't afford to wait for that single build slave.
2015-12-05 11:11:51 +01:00
Peter Simons
65f3932f6e Update list of gnupg.org mirror sites.
The list we had before contained a lot of junk, i.e. sites that were no
longer online or no longer in sync. The new list of sites comes from
https://gnupg.org/download/index.html.
2015-12-04 21:11:22 +01:00
Nikolay Amiantov
00f6ce133c buildFHS{Chroot,User}Env: support extraInstallCommands 2015-12-04 00:58:47 +03:00
Peter Simons
806008a48e Merge pull request #11362 from dezgeg/pr-buildenv-meta
buildEnv: Allow setting meta attributes
2015-11-30 23:21:39 +01:00
Tuomas Tynkkynen
74c09a6e64 buildEnv: Allow setting meta attributes 2015-11-29 19:13:19 +02:00
Peter Simons
2cf7069b7d fetchgit: call in-repository script with bash explicitly
The script's shebang depends on /usr/bin/env, which we don't have in chroot
environments. This patch remedies the fallout from ade9f7167d, which
fixed https://github.com/NixOS/nixpkgs/issues/11284.
2015-11-29 15:43:56 +01:00
Peter Simons
ade9f7167d nix-prefetch-git: make sure the script is interpreted by bash
Fixes https://github.com/NixOS/nixpkgs/issues/11284.
2015-11-27 11:17:50 +01:00
Eelco Dolstra
75e41b0210 Add Fedora 23 2015-11-25 16:18:15 +01:00
Eelco Dolstra
e4eee41ad0 Add Ubuntu 15.10 2015-11-25 15:40:08 +01:00
Nikolay Amiantov
287f99bada r-modules: use HTTPS, allow passing args from generated set, use MRAN 2015-11-25 11:39:28 +01:00
Wei-Ming Yang
3a205134fb Update builder.sh
fix a incorrect name of environment variable
2015-11-25 17:14:03 +08:00
Ricardo M. Correia
799f0f1f23 buildRustPackage: fix failure due to branch names with slashes
Fixes #11237
2015-11-24 20:50:11 +01:00
Nikolay Amiantov
0427b21aba chrootenv: symlink some directories instead of copying 2015-11-23 21:39:49 +03:00
Nikolay Amiantov
6d6c1d3523 chrootenv: fix include directories 2015-11-23 19:54:07 +03:00
Vladimír Čunát
13eca6f79a Merge #11067: SmartOS updates
I amended some commits slightly.
2015-11-23 14:45:44 +01:00
Jude Taylor
131e831cb9 allow networking by default and remove it from derivations 2015-11-19 11:31:06 -08:00
Jude Taylor
df80090d09 use per-derivation sandbox profiles 2015-11-19 11:31:06 -08:00
Jude Taylor
914e9baefe start on sandbox stuff 2015-11-19 11:31:06 -08:00
Eelco Dolstra
16acdb45bd Revert "kernel: Remove unsupported 3.10, 3.12, 3.14"
This reverts commit 2441e002e2. The
motivation for removing them was not very convincing. Also, we need
3.14 on some Hydra build machines.
2015-11-19 14:25:16 +01:00
Ricardo M. Correia
2b694c237b cargo, cargoSnapshot: add rustc runtime dependency
It turns out that cargo implicitly depends on rustc at runtime: even
`cargo help` will fail if rustc is not in the PATH.

This means that we need to wrap the cargo binary to add rustc to PATH.
However, I have opted into doing something slightly unusual: instead of
tying down a specific cargo to use a specific rustc (i.e., wrap cargo so
that "${rustc}/bin" is prefixed into PATH), instead I'm adding the rustc
used to build cargo as a fallback rust compiler (i.e., wrap cargo so
that "${rustc}/bin" is suffixed into PATH). This means that cargo will
prefer to use a rust compiler that is in the default path, but fallback
into the one used to build cargo only if there wasn't any rust compiler
in the default path.

The reason I'm doing this is that otherwise it could cause unexpected
effects. For example, if you had a build environment with the
rustcMaster and cargo derivations, you would expect cargo to use
rustcMaster to compile your project (since rustcMaster would be the only
compiler available in $PATH), but this wouldn't happen if we tied down
cargo to use the rustc that was used to compile it (because the default
cargo derivation gets compiled with the stable rust compiler).

That said, I have slightly modified makeRustPlatform so that a rust
platform will always use the rust compiler that was used to build cargo,
because this prevents mistakenly depending on two different versions of
the rust compiler (stable and unstable) in the same rust platform,
something which is usually undesirable.

Fixes #11053
2015-11-18 02:41:45 +01:00
Shea Levy
a75de3ce56 Merge branch 'replace-dependency' of https://github.com/roconnor/nixpkgs
When replace-dependency is given a drv that doesn't actually depend on
oldDependency, then just return back the original drv but also issue a
warning.
2015-11-17 07:09:03 -05:00
Russell O'Connor
fb683211dc replace-dependency.nix: Remove unnecessary carriage return. 2015-11-16 17:52:12 -05:00
Russell O'Connor
94e68bf9ee replace-dependency.nix: Give attr a slightly more meaningful name of drvHash 2015-11-16 17:44:03 -05:00
Danny Wilson
f17dea3b3d Fix compilation of GCC 4.9 on SmartOS.
Fix ld-solaris-wrapper never calling ld (since gcc->cc-wrapper refactor).
2015-11-16 17:20:16 +01:00
Danny Wilson
f9134ca9df Fix patchShebangs on SmartOS
Tail is very picky about the space after -c
 when compiled by Nix on Illumos (no idea why).
2015-11-16 17:20:14 +01:00
Danny Wilson
6a2b723a8b Fix build of gccgo-wrapper on Illumos.
When compiling GCC with NIX_ENFORCE_PURITY,
linking libgcc fails because crti.o and friends
aren't part of the nix store.
2015-11-16 17:20:12 +01:00
Danny Wilson
d50d14d55f Use the nix provided shell.
This is guaranteed to be bash, SmartOS has ksh by
 default and doesn't work.
2015-11-16 17:20:11 +01:00
Shea Levy
afaf712ee7 replace-dependency.nix: Use dynamic attrs now. 2015-11-16 05:42:27 -05:00
Russell O'Connor
782cfe94b0 replace-dependency.nix: new feature
When replace-dependency is given a drv that doesn't actually depend on oldDependency, then just return back the original drv but also issue a warning.
2015-11-15 19:52:30 -05:00
William A. Kennington III
6602f49495 Revert "Revert "Merge pull request #9543 from NixOS/staging.post-15.06""
This reverts commit 741bf840da.

This reverts the fallout from reverting the major changes.
2015-11-14 12:32:51 -08:00
William A. Kennington III
9579c9ec7f Merge commit 'cb21b77' into master.upstream
This is a partial merge of staging for builds which are working
2015-11-13 15:53:10 -08:00
Andrew Rynhard
42ff8ad780 Add help flag to nix-prefetch-git 2015-11-12 15:10:56 -08:00
obadz
972381b66a citrix-receiver: init at 13.2.1, fixes #8458 2015-11-11 22:27:15 +01:00
Nikolay Amiantov
1b69894d74 fhs-env: symlink /usr/lib to libs for the main architecture 2015-11-11 00:01:02 +03:00
Nikolay Amiantov
d4c27381dc Merge pull request #10460 from abbradar/remote-askpass
Support network in initrd and entering LUKS passphrase via SSH
2015-11-10 16:41:34 +03:00
William A. Kennington III
2441e002e2 kernel: Remove unsupported 3.10, 3.12, 3.14
Our base kernel headers were bumped to 3.18 so we can no longer reliably
support kernels older than 3.18
2015-11-09 11:10:42 -08:00
Vladimír Čunát
d10b9108f2 wrapGAppsHook: fix $gappsWrapperArgs as intended
i.e. define it even if $dontWrapGApps is set, and document the intention.
2015-11-09 15:40:20 +01:00
Vladimír Čunát
3f074b8a1e wrapGAppsHook: avoid running multiple times
/cc #10351 and @lethalman.
2015-11-09 15:19:41 +01:00
William A. Kennington III
a26c8e9b83 Merge branch 'master.upstream' into staging.upstream 2015-11-07 15:51:51 -08:00
goibhniu
04d45939d0 Merge pull request #10688 from demin-dmitriy/pinta
pinta: 1.4 -> 1.6
2015-11-07 15:38:44 +01:00
Wout Mertens
774f74b875 Don't fail if env-vars cannot be written to
env-vars is a debugging aid, see
3e5dbb2433
for a rationale for this change.
2015-11-04 16:32:59 +01:00
William A. Kennington III
4251612faa Merge branch 'master.upstream' into staging.upstream 2015-11-04 01:00:48 -08:00
Vladimír Čunát
b4bd19762a Revert "Don't fail if env-vars cannot be written to" 2015-11-04 07:30:02 +01:00
Wout Mertens
baba136c30 Merge pull request #10262 from wmertens/nofailnixshell
Don't fail if env-vars cannot be written to
2015-11-04 07:21:56 +01:00
Wout Mertens
b21a5013a0 Don't fail if env-vars cannot be written to
env-vars is a debugging aid, see
3e5dbb2433
for a rationale for this change.
2015-11-04 07:19:57 +01:00
Ricardo M. Correia
2389a707af fetch-cargo-deps: add debug output
... so that we can find out why there are sporadic hash mismatches.
2015-11-02 15:44:43 +01:00
William A. Kennington III
1496b0f6a1 Fix buildenv 2015-10-30 18:09:45 -07:00
William A. Kennington III
dd2de66d61 Merge branch 'master.upstream' into staging.upstream 2015-10-30 17:16:07 -07:00
Eelco Dolstra
58e9440b89 Add option to link additional package outputs into system.path
This is necessary to get stuff like separate manpages, info files,
debug symbols, etc.
2015-10-30 15:21:02 +01:00
Ricardo M. Correia
777c9c3768 buildRustPackage: fix erroneous /bin/sh reference
The fetch-cargo-deps script is written in bash syntax, but it
erroneously ran under the /bin/sh interpreter.

This wasn't noticed because /bin/sh is actually bash in NixOS, but on
some other systems this is not true.
2015-10-29 15:16:51 +01:00
Demin Dmitriy
dc70fcd94b build-dotnet-package: add optional makeWrapperArgs argument
3 lines of code are shamelessly stolen from buildPythonPackage
2015-10-29 06:02:18 +03:00
aszlig
82d88b5bcb
vmTools.commonDebPackages: Add "mawk".
While debugging an issue with running NixOps tests, I found out that the
output from debClosureGenerator is not deterministic.

The reason behind this is the way how Provides and Replaces fields are
handled. I haven't yet found out what's the exact issue, but so far
packages "Provides" are more or less picked at random.

So, running the NixOps Hetzner tests we get either mawk, original-awk or
gawk altering on every invocation.

While for the test it isn't poisionous whether wi have mawk or gawk,
having original-awk certainly is, because live-build only works with
mawk or gawk.

The best solution would obviously be to make debClosureGenerator
deterministic, but in the case of "Provides: awk", we can safely pick
mawk by default, because the latter has a "Priority: required" in its
package description.

This also has the advantage that we can safely cherry-pick this to
release-15.09 because it's very unlikely that we'll break the
debClosureGenerator by adding a dependency to commonDebPackages.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2015-10-26 20:56:42 +01:00
Wout Mertens
5c34563cda Merge pull request #10517 from demin-dmitriy/sublime3
sublime3: make sublime text work with pkexec and gksudo
2015-10-24 19:16:34 +02:00
Demin Dmitriy
0cea20a652 libredirect: add __xlib64 and posix_spawn 2015-10-24 18:04:33 +03:00
Nikolay Amiantov
489e947a51 Merge pull request #10506 from abbradar/buildenv-wip
buildenv: support very long `paths`
2015-10-24 11:11:08 +03:00
Nikolay Amiantov
d49140f3e4 buildenv: support very long paths 2015-10-22 15:35:39 +03:00
Bjørn Forsman
ad49db64da build-fhs-chrootenv: add /etc/mtab -> /proc/mounts symlink
Needed to be able to run some programs (e.g. tune2fs) in the chroot.

AFAIK, /etc/mtab is deprecated, but programs still use it.
2015-10-21 21:44:29 +02:00
Nikolay Amiantov
da38314be6 buildFHSEnv: create /etc/profile with writeText
This should avoid accidential expansion of variables, i.e. in
"export PATH=/some/path:$PATH"
$PATH would have been expanded in the environment builder!
2015-10-21 16:02:08 +03:00
Nikolay Amiantov
a995837606 Merge pull request #10320 from abbradar/fhs-simplify
chroot-env: simplify, clean directories structure
2015-10-19 11:18:49 +03:00
Nikolay Amiantov
3c7871a1c0 nuke-references: support -e option 2015-10-18 18:41:11 +03:00
William A. Kennington III
194357ad20 grsecurityUnstable: 4.1.7 -> 4.2.3 2015-10-15 10:41:04 -07:00
Nikolay Amiantov
ab730370ba chroot-env: simplify, clean directories structure 2015-10-12 17:38:35 +03:00
Eelco Dolstra
7260c04266 debian: Update to 7.9, 8.2 2015-10-08 11:20:26 +02:00
Eric Seidel
9be18c4d07 Merge pull request #10176 from Ericson2314/fetchgitLocal
Rewrite `fetchgitLocal`
2015-10-07 18:37:35 -07:00
Nikolay Amiantov
46de04489b build-fhs-userenv: fix extraBindMounts 2015-10-07 14:58:37 +03:00
ts468
db25ece3c8 fetchurl/builder.sh: style fix, close #10260 2015-10-07 09:48:58 +02:00
Juho Östman
e7a28447ea fetchhg: fixed nix-prefetch-hg interpreter 2015-10-06 22:41:46 +03:00
Eelco Dolstra
106738b196 Give more memory for the disk image builder
http://hydra.nixos.org/build/26480662
2015-10-06 15:03:26 +02:00
Nikolay Amiantov
5897433b31 build-fhs-userenv: add extraBindMounts support 2015-10-06 15:32:37 +03:00
Bjørn Forsman
05668fbe92 build-fhs-chrootenv: add /etc/os-release from host
This allows software inside the chroot to identify the host OS via the
standard /etc/os-release file.
2015-10-03 14:58:41 +02:00
Bjørn Forsman
cd22214e0e build-fhs-chrootenv: add missing /usr/include
This patch brings the include/ directories of all specified packages to
appear under /usr/include in the FHS chroot. As per spec[1].

[1] http://www.pathname.com/fhs/pub/fhs-2.3.html#USRINCLUDEDIRECTORYFORSTANDARDINCLU
2015-10-02 19:13:41 +02:00
John Ericson
72660409f5 Rewrite fetchgitLocal
For practical purposes, here are the changes in behavior:
 - When fetching from a subdirectory of a repo, do not rebuild because of
   changes elsewhere in the repo
 - Fetch (not-ignored) untracked files too

It does this by letting git hash and export the directory in question,
which I believes makes for a cleaner implementation than the ad-hoc copying
and hashing that was there before.
2015-10-01 22:00:44 -07:00
William A. Kennington III
5cfe893cc4 Merge commit '2d464f75ed46869b5942c4b479772a0367b30608' into master.upstream
This is a partial commit from staging in an attempt to make merges
smaller.
2015-09-23 14:35:36 -07:00
Vladimír Čunát
6b0add86b9 separateDebugInfo: one more comment 2015-09-23 10:35:40 +02:00
Vladimír Čunát
22521f3b90 separateDebugInfo: fix typo in comment 2015-09-22 22:07:58 +02:00
Vladimír Čunát
b3658bc01b separateDebugInfo: compress it by default
Using zlib should be cheap enough and save lots of HDD space.
Case study (glib): 11 MB -> 4 MB.
2015-09-22 22:05:44 +02:00
Eelco Dolstra
2a28bc6691 separateDebugInfo: Assert Linux
Also remove some unintended setting of separateDebugInfo.
2015-09-22 20:21:10 +02:00
William A. Kennington III
3fcbd5a829 Merge branch 'master.upstream' into staging.upstream 2015-09-20 14:54:53 -07:00
Nikolay Amiantov
f5deff5137 nix-prefetch-git: pull all tags from remote when checkouting by revision
Close #9790.
This fixes checkouting for a nasty combination:

1. To be checkouted is a revision which corresponds to tag in a form "<tag>^{}".
2. This revision is not fetched by default.
2015-09-20 18:24:34 +02:00
William A. Kennington III
6e09223627 Merge branch 'master.upstream' into staging.upstream 2015-09-18 17:16:27 -07:00
Vladimír Čunát
0fdb93864e Merge new texlive infrastructure, /CC #287 2015-09-18 20:52:34 +02:00
Vladimír Čunát
a418096d6a Merge branch 'master' into staging 2015-09-17 20:07:20 +02:00
Vladimír Čunát
fa33b083eb buildEnv: add new parameters: extraPrefix and buildInputs 2015-09-17 17:43:18 +02:00
Eelco Dolstra
276e38a1bb patchShebangs: Ignore outputs that don't exist yet 2015-09-17 16:54:07 +02:00
Eelco Dolstra
ec5b66eb4a Enable separate debug info
You can now pass

  separateDebugInfo = true;

to mkDerivation. This causes debug info to be separated from ELF
binaries and stored in the "debug" output. The advantage is that it
enables installing lean binaries, while still having the ability to
make sense of core dumps, etc.
2015-09-17 15:56:33 +02:00
William A. Kennington III
773b4deb7c Merge commit 'a6f6c0e' into master.upstream
This is a partial merge of staging where we have up to date binaries for
all packages.
2015-09-15 12:16:49 -07:00