diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 00000000000..607a31a6b0f
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,50 @@
+on:
+ workflow_call:
+ inputs:
+ os:
+ required: true
+ type: string
+ system:
+ required: true
+ type: string
+ if:
+ required: false
+ default: true
+ type: boolean
+ run_tests:
+ required: false
+ default: true
+ type: boolean
+
+jobs:
+ build:
+ if: ${{ inputs.if }}
+ strategy:
+ fail-fast: false
+ runs-on: ${{ inputs.os }}
+ timeout-minutes: 60
+ steps:
+ - uses: actions/checkout@v4
+ - uses: DeterminateSystems/nix-installer-action@main
+ with:
+ determinate: true
+ - uses: DeterminateSystems/flakehub-cache-action@main
+ - run: nix build .#packages.${{ inputs.system }}.default .#packages.${{ inputs.system }}.binaryTarball --no-link -L
+ - run: nix build .#packages.${{ inputs.system }}.binaryTarball --out-link tarball
+ - uses: actions/upload-artifact@v4
+ with:
+ name: ${{ inputs.system }}
+ path: ./tarball/*.xz
+ test:
+ if: ${{ inputs.if && inputs.run_tests}}
+ strategy:
+ fail-fast: false
+ runs-on: ${{ inputs.os }}
+ timeout-minutes: 60
+ steps:
+ - uses: actions/checkout@v4
+ - uses: DeterminateSystems/nix-installer-action@main
+ with:
+ determinate: true
+ - uses: DeterminateSystems/flakehub-cache-action@main
+ - run: nix flake check -L --system ${{ inputs.system }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6169c092488..87a14b4bca2 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -3,180 +3,64 @@ name: "CI"
on:
pull_request:
push:
+ branches:
+ - detsys-main
+ - main
+ - master
+ merge_group:
-permissions: read-all
+permissions:
+ id-token: "write"
+ contents: "read"
jobs:
eval:
- runs-on: ubuntu-24.04
+ runs-on: blacksmith-32vcpu-ubuntu-2204
steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 0
- - uses: cachix/install-nix-action@v30
- - run: nix --experimental-features 'nix-command flakes' flake show --all-systems --json
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ - uses: DeterminateSystems/nix-installer-action@main
+ with:
+ determinate: true
+ - run: nix flake show --all-systems --json
- tests:
- strategy:
- fail-fast: false
- matrix:
- include:
- - scenario: on ubuntu
- runs-on: ubuntu-24.04
- os: linux
- - scenario: on macos
- runs-on: macos-14
- os: darwin
- name: tests ${{ matrix.scenario }}
- runs-on: ${{ matrix.runs-on }}
- timeout-minutes: 60
- steps:
- - uses: actions/checkout@v4
- with:
- fetch-depth: 0
- - uses: cachix/install-nix-action@v30
- with:
- # The sandbox would otherwise be disabled by default on Darwin
- extra_nix_config: |
- sandbox = true
- max-jobs = 1
- - uses: DeterminateSystems/magic-nix-cache-action@main
- # Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user:
- # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
- - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
- if: matrix.os == 'linux'
- - run: scripts/build-checks
- - run: scripts/prepare-installer-for-github-actions
- - name: Upload installer tarball
- uses: actions/upload-artifact@v4
- with:
- name: installer-${{matrix.os}}
- path: out/*
+ build_x86_64-linux:
+ uses: ./.github/workflows/build.yml
+ with:
+ os: blacksmith-32vcpu-ubuntu-2204
+ system: x86_64-linux
- installer_test:
- needs: [tests]
- strategy:
- fail-fast: false
- matrix:
- include:
- - scenario: on ubuntu
- runs-on: ubuntu-24.04
- os: linux
- - scenario: on macos
- runs-on: macos-14
- os: darwin
- name: installer test ${{ matrix.scenario }}
- runs-on: ${{ matrix.runs-on }}
- steps:
- - uses: actions/checkout@v4
- - name: Download installer tarball
- uses: actions/download-artifact@v4
- with:
- name: installer-${{matrix.os}}
- path: out
- - name: Serving installer
- id: serving_installer
- run: ./scripts/serve-installer-for-github-actions
- - uses: cachix/install-nix-action@v30
- with:
- install_url: 'http://localhost:8126/install'
- install_options: "--tarball-url-prefix http://localhost:8126/"
- - run: sudo apt install fish zsh
- if: matrix.os == 'linux'
- - run: brew install fish
- if: matrix.os == 'darwin'
- - run: exec bash -c "nix-instantiate -E 'builtins.currentTime' --eval"
- - run: exec sh -c "nix-instantiate -E 'builtins.currentTime' --eval"
- - run: exec zsh -c "nix-instantiate -E 'builtins.currentTime' --eval"
- - run: exec fish -c "nix-instantiate -E 'builtins.currentTime' --eval"
- - run: exec bash -c "nix-channel --add https://releases.nixos.org/nixos/unstable/nixos-23.05pre466020.60c1d71f2ba nixpkgs"
- - run: exec bash -c "nix-channel --update && nix-env -iA nixpkgs.hello && hello"
+ build_aarch64-linux:
+ uses: ./.github/workflows/build.yml
+ with:
+ if: ${{ github.event_name == 'merge_group' }}
+ os: blacksmith-32vcpu-ubuntu-2204-arm
+ system: aarch64-linux
- # Steps to test CI automation in your own fork.
- # 1. Sign-up for https://hub.docker.com/
- # 2. Store your dockerhub username as DOCKERHUB_USERNAME in "Repository secrets" of your fork repository settings (https://github.com/$githubuser/nix/settings/secrets/actions)
- # 3. Create an access token in https://hub.docker.com/settings/security and store it as DOCKERHUB_TOKEN in "Repository secrets" of your fork
- check_secrets:
- permissions:
- contents: none
- name: Check Docker secrets present for installer tests
- runs-on: ubuntu-24.04
- outputs:
- docker: ${{ steps.secret.outputs.docker }}
- steps:
- - name: Check for secrets
- id: secret
- env:
- _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
- run: |
- echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
-
- docker_push_image:
- needs: [tests, vm_tests, check_secrets]
- permissions:
- contents: read
- packages: write
- if: >-
- needs.check_secrets.outputs.docker == 'true' &&
- github.event_name == 'push' &&
- github.ref_name == 'master'
- runs-on: ubuntu-24.04
- steps:
- - name: Check for secrets
- id: secret
- env:
- _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
- run: |
- echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
- - uses: actions/checkout@v4
- with:
- fetch-depth: 0
- - uses: cachix/install-nix-action@v30
- with:
- install_url: https://releases.nixos.org/nix/nix-2.20.3/install
- - uses: DeterminateSystems/magic-nix-cache-action@main
- - run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
- - run: nix --experimental-features 'nix-command flakes' build .#dockerImage -L
- - run: docker load -i ./result/image.tar.gz
- - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
- - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
- # We'll deploy the newly built image to both Docker Hub and Github Container Registry.
- #
- # Push to Docker Hub first
- - name: Login to Docker Hub
- uses: docker/login-action@v3
- with:
- username: ${{ secrets.DOCKERHUB_USERNAME }}
- password: ${{ secrets.DOCKERHUB_TOKEN }}
- - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
- - run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
- # Push to GitHub Container Registry as well
- - name: Login to GitHub Container Registry
- uses: docker/login-action@v3
- with:
- registry: ghcr.io
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
- - name: Push image
- run: |
- IMAGE_ID=ghcr.io/${{ github.repository_owner }}/nix
- # Change all uppercase to lowercase
- IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+ build_x86_64-darwin:
+ uses: ./.github/workflows/build.yml
+ with:
+ if: ${{ github.event_name == 'merge_group' }}
+ os: namespace-profile-mac-m2-12c28g
+ system: x86_64-darwin
- docker tag nix:$NIX_VERSION $IMAGE_ID:$NIX_VERSION
- docker tag nix:$NIX_VERSION $IMAGE_ID:latest
- docker push $IMAGE_ID:$NIX_VERSION
- docker push $IMAGE_ID:latest
- # deprecated 2024-02-24
- docker tag nix:$NIX_VERSION $IMAGE_ID:master
- docker push $IMAGE_ID:master
+ build_aarch64-darwin:
+ uses: ./.github/workflows/build.yml
+ with:
+ os: namespace-profile-mac-m2-12c28g
+ system: aarch64-darwin
- vm_tests:
- runs-on: ubuntu-24.04
+ vm_tests_smoke:
+ if: github.event_name != 'merge_group'
+ needs: build_x86_64-linux
+ runs-on: blacksmith-32vcpu-ubuntu-2204
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- - uses: DeterminateSystems/magic-nix-cache-action@main
+ with:
+ determinate: true
+ - uses: DeterminateSystems/flakehub-cache-action@main
- run: |
nix build -L \
.#hydraJobs.tests.functional_user \
@@ -185,22 +69,80 @@ jobs:
.#hydraJobs.tests.tarballFlakes \
;
+ vm_tests_all:
+ if: github.event_name == 'merge_group'
+ needs: build_x86_64-linux
+ runs-on: blacksmith-32vcpu-ubuntu-2204
+ steps:
+ - uses: actions/checkout@v4
+ - uses: DeterminateSystems/nix-installer-action@main
+ with:
+ determinate: true
+ - uses: DeterminateSystems/flakehub-cache-action@main
+ - run: |
+ nix build -L --keep-going \
+ $(nix flake show --json \
+ | jq -r '
+ .hydraJobs.tests
+ | with_entries(select(.value.type == "derivation"))
+ | keys[]
+ | ".#hydraJobs.tests." + .')
+
flake_regressions:
- needs: vm_tests
- runs-on: ubuntu-24.04
+ if: github.event_name == 'merge_group'
+ needs: build_x86_64-linux
+ runs-on: blacksmith-32vcpu-ubuntu-2204
steps:
- name: Checkout nix
uses: actions/checkout@v4
- name: Checkout flake-regressions
uses: actions/checkout@v4
with:
- repository: NixOS/flake-regressions
+ repository: DeterminateSystems/flake-regressions
path: flake-regressions
- name: Checkout flake-regressions-data
uses: actions/checkout@v4
with:
- repository: NixOS/flake-regressions-data
+ repository: DeterminateSystems/flake-regressions-data
path: flake-regressions/tests
- uses: DeterminateSystems/nix-installer-action@main
- - uses: DeterminateSystems/magic-nix-cache-action@main
- - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh
+ with:
+ determinate: true
+ - uses: DeterminateSystems/flakehub-cache-action@main
+ - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=50 flake-regressions/eval-all.sh
+
+ manual:
+ if: github.event_name != 'merge_group'
+ needs: build_x86_64-linux
+ runs-on: blacksmith
+ permissions:
+ id-token: "write"
+ contents: "read"
+ pull-requests: "write"
+ statuses: "write"
+ deployments: "write"
+ steps:
+ - name: Checkout nix
+ uses: actions/checkout@v4
+ - uses: DeterminateSystems/nix-installer-action@main
+ with:
+ determinate: true
+ - uses: DeterminateSystems/flakehub-cache-action@main
+ - name: Build manual
+ run: nix build .#hydraJobs.manual
+ - uses: nwtgck/actions-netlify@v3.0
+ with:
+ publish-dir: "./result/share/doc/nix/manual"
+ production-branch: detsys-main
+ github-token: ${{ secrets.GITHUB_TOKEN }}
+ deploy-message: "Deploy from GitHub Actions"
+ # NOTE(cole-h): We have a perpetual PR displaying our changes against upstream open, but
+ # its conversation is locked, so this PR comment can never be posted.
+ # https://github.com/DeterminateSystems/nix-src/pull/4
+ enable-pull-request-comment: ${{ github.event.pull_request.number != 4 }}
+ enable-commit-comment: true
+ enable-commit-status: true
+ overwrites-pull-request-comment: true
+ env:
+ NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
+ NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}
diff --git a/.github/workflows/propose-release.yml b/.github/workflows/propose-release.yml
new file mode 100644
index 00000000000..8b897072cc7
--- /dev/null
+++ b/.github/workflows/propose-release.yml
@@ -0,0 +1,29 @@
+on:
+ workflow_dispatch:
+ inputs:
+ reference-id:
+ type: string
+ required: true
+ version:
+ type: string
+ required: true
+
+concurrency:
+ group: ${{ github.workflow }}
+ cancel-in-progress: true
+
+jobs:
+ propose-release:
+ uses: DeterminateSystems/propose-release/.github/workflows/workflow.yml@main
+ permissions:
+ id-token: write
+ contents: write
+ pull-requests: write
+ with:
+ update-flake: false
+ reference-id: ${{ inputs.reference-id }}
+ version: ${{ inputs.version }}
+ extra-commands-early: |
+ echo ${{ inputs.version }} > .version-determinate
+ git add .version-determinate
+ git commit -m "Set .version-determinate to ${{ inputs.version }}" || true
diff --git a/.github/workflows/upload-release.yml b/.github/workflows/upload-release.yml
new file mode 100644
index 00000000000..083f39dfd4b
--- /dev/null
+++ b/.github/workflows/upload-release.yml
@@ -0,0 +1,115 @@
+name: Upload release
+
+concurrency:
+ group: upload-release
+
+on:
+ workflow_call:
+ push:
+ branches:
+ # NOTE: make sure any branches here are also valid directory names,
+ # otherwise creating the directory and uploading to s3 will fail
+ - "detsys-main"
+ pull_request:
+ types:
+ - opened
+ - reopened
+ - synchronize
+ - labeled
+ release:
+ types:
+ - released
+
+permissions:
+ id-token: "write"
+ contents: "read"
+
+jobs:
+ build-x86_64-linux:
+ uses: ./.github/workflows/build.yml
+ with:
+ os: blacksmith-32vcpu-ubuntu-2204
+ system: x86_64-linux
+ run_tests: false
+
+ build-aarch64-linux:
+ uses: ./.github/workflows/build.yml
+ with:
+ os: blacksmith-32vcpu-ubuntu-2204-arm
+ system: aarch64-linux
+ run_tests: false
+
+ build-x86_64-darwin:
+ uses: ./.github/workflows/build.yml
+ with:
+ os: macos-13
+ system: x86_64-darwin
+ run_tests: false
+
+ build-aarch64-darwin:
+ uses: ./.github/workflows/build.yml
+ with:
+ os: macos-latest
+ system: aarch64-darwin
+ run_tests: false
+
+ release:
+ runs-on: ubuntu-latest
+ needs:
+ - build-x86_64-linux
+ - build-aarch64-linux
+ - build-x86_64-darwin
+ - build-aarch64-darwin
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - uses: "DeterminateSystems/nix-installer-action@main"
+ with:
+ determinate: true
+
+ - name: Create artifacts directory
+ run: mkdir -p ./artifacts
+
+ - name: Fetch artifacts
+ uses: actions/download-artifact@v4
+ with:
+ path: downloaded
+ - name: Move downloaded artifacts to artifacts directory
+ run: |
+ for dir in ./downloaded/*; do
+ arch="$(basename "$dir")"
+ mv "$dir"/*.xz ./artifacts/"${arch}"
+ done
+
+ - name: Build fallback-paths.nix
+ run: |
+ nix build .#fallbackPathsNix --out-link fallback
+ cat fallback > ./artifacts/fallback-paths.nix
+
+ - uses: DeterminateSystems/push-artifact-ids@main
+ with:
+ s3_upload_role: ${{ secrets.AWS_S3_UPLOAD_ROLE_ARN }}
+ bucket: ${{ secrets.AWS_S3_UPLOAD_BUCKET_NAME }}
+ directory: ./artifacts
+ ids_project_name: determinate-nix
+ ids_binary_prefix: determinate-nix
+ skip_acl: true
+ allowed_branches: '["detsys-main"]'
+
+ publish:
+ needs:
+ - release
+ if: (!github.repository.fork && (github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || startsWith(github.ref, 'refs/tags/')))
+ environment: ${{ github.event_name == 'release' && 'production' || '' }}
+ runs-on: ubuntu-latest
+ permissions:
+ contents: read
+ id-token: write
+ steps:
+ - uses: actions/checkout@v4
+ - uses: DeterminateSystems/nix-installer-action@main
+ - uses: "DeterminateSystems/flakehub-push@main"
+ with:
+ rolling: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+ visibility: "public"
+ tag: "${{ github.ref_name }}"
diff --git a/.version-determinate b/.version-determinate
new file mode 100644
index 00000000000..18091983f59
--- /dev/null
+++ b/.version-determinate
@@ -0,0 +1 @@
+3.4.0
diff --git a/doc/manual/book.toml.in b/doc/manual/book.toml.in
index 34acf642edb..f3fd2722f3c 100644
--- a/doc/manual/book.toml.in
+++ b/doc/manual/book.toml.in
@@ -1,12 +1,12 @@
[book]
-title = "Nix @version@ Reference Manual"
+title = "Determinate Nix @version@ Reference Manual"
src = "source"
[output.html]
additional-css = ["custom.css"]
additional-js = ["redirects.js"]
-edit-url-template = "https://github.com/NixOS/nix/tree/master/doc/manual/{path}"
-git-repository-url = "https://github.com/NixOS/nix"
+edit-url-template = "https://github.com/DeterminateSystems/nix-src/tree/master/doc/manual/{path}"
+git-repository-url = "https://github.com/DeterminateSystems/nix-src"
# Handles replacing @docroot@ with a path to ./source relative to that markdown file,
# {{#include handlebars}}, and the @generated@ syntax used within these. it mostly
diff --git a/doc/manual/custom.css b/doc/manual/custom.css
index 7af150be391..119c6d12543 100644
--- a/doc/manual/custom.css
+++ b/doc/manual/custom.css
@@ -1,5 +1,5 @@
:root {
- --sidebar-width: 23em;
+ --sidebar-width: 23em;
}
h1.menu-title::before {
@@ -7,11 +7,10 @@ h1.menu-title::before {
background-image: url("./favicon.svg");
padding: 1.25em;
background-position: center center;
- background-size: 2em;
+ background-size: 1.5em;
background-repeat: no-repeat;
}
-
.menu-bar {
padding: 0.5em 0em;
}
@@ -21,13 +20,13 @@ h1.menu-title::before {
}
h1:not(:first-of-type) {
- margin-top: 1.3em;
+ margin-top: 1.3em;
}
h2 {
- margin-top: 1em;
+ margin-top: 1em;
}
.hljs-meta {
- user-select: none;
+ user-select: none;
}
diff --git a/doc/manual/generate-manpage.nix b/doc/manual/generate-manpage.nix
index 31e74e17d26..292cb283d3d 100644
--- a/doc/manual/generate-manpage.nix
+++ b/doc/manual/generate-manpage.nix
@@ -42,11 +42,6 @@ let
let
result = ''
- > **Warning** \
- > This program is
- > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
- > and its interface is subject to change.
-
# Name
`${command}` - ${details.description}
diff --git a/doc/manual/meson.build b/doc/manual/meson.build
index 8796cee6348..f7d3f44c59d 100644
--- a/doc/manual/meson.build
+++ b/doc/manual/meson.build
@@ -4,6 +4,8 @@ project('nix-manual',
license : 'LGPL-2.1-or-later',
)
+fs = import('fs')
+
nix = find_program('nix', native : true)
mdbook = find_program('mdbook', native : true)
@@ -20,7 +22,7 @@ nix_env_for_docs = {
'NIX_CONFIG': 'cores = 0',
}
-nix_for_docs = [nix, '--experimental-features', 'nix-command']
+nix_for_docs = [nix]
nix_eval_for_docs_common = nix_for_docs + [
'eval',
'-I', 'nix=' + meson.current_source_dir(),
@@ -93,7 +95,7 @@ manual = custom_target(
python.full_path(),
mdbook.full_path(),
meson.current_build_dir(),
- meson.project_version(),
+ fs.read('../../.version-determinate').strip(),
),
],
input : [
@@ -248,7 +250,6 @@ nix3_manpages = [
'nix3-print-dev-env',
'nix3-profile-diff-closures',
'nix3-profile-history',
- 'nix3-profile-install',
'nix3-profile-list',
'nix3-profile',
'nix3-profile-remove',
@@ -281,7 +282,6 @@ nix3_manpages = [
'nix3-store',
'nix3-store-optimise',
'nix3-store-path-from-hash-part',
- 'nix3-store-ping',
'nix3-store-prefetch-file',
'nix3-store-repair',
'nix3-store-sign',
diff --git a/doc/manual/package.nix b/doc/manual/package.nix
index 8f5d0dfe137..778440ac256 100644
--- a/doc/manual/package.nix
+++ b/doc/manual/package.nix
@@ -22,7 +22,7 @@ let
in
mkMesonDerivation (finalAttrs: {
- pname = "nix-manual";
+ pname = "determinate-nix-manual";
inherit version;
workDir = ./.;
@@ -30,6 +30,7 @@ mkMesonDerivation (finalAttrs: {
fileset.difference
(fileset.unions [
../../.version
+ ../../.version-determinate
# Too many different types of files to filter for now
../../doc/manual
./.
diff --git a/doc/manual/redirects.js b/doc/manual/redirects.js
index 17fb66f2870..3648ad89840 100644
--- a/doc/manual/redirects.js
+++ b/doc/manual/redirects.js
@@ -271,14 +271,10 @@ const redirects = {
"sect-multi-user-installation": "installation/installing-binary.html#multi-user-installation",
"sect-nix-install-binary-tarball": "installation/installing-binary.html#installing-from-a-binary-tarball",
"sect-nix-install-pinned-version-url": "installation/installing-binary.html#installing-a-pinned-nix-version-from-a-url",
- "sect-single-user-installation": "installation/installing-binary.html#single-user-installation",
"ch-installing-source": "installation/installing-source.html",
"ssec-multi-user": "installation/multi-user.html",
- "ch-nix-security": "installation/nix-security.html",
"sec-obtaining-source": "installation/obtaining-source.html",
"sec-prerequisites-source": "installation/prerequisites-source.html",
- "sec-single-user": "installation/single-user.html",
- "ch-supported-platforms": "installation/supported-platforms.html",
"ch-upgrading-nix": "installation/upgrading.html",
"ch-about-nix": "introduction.html",
"chap-introduction": "introduction.html",
diff --git a/doc/manual/source/SUMMARY.md.in b/doc/manual/source/SUMMARY.md.in
index 5932e0999d5..1492abb62d9 100644
--- a/doc/manual/source/SUMMARY.md.in
+++ b/doc/manual/source/SUMMARY.md.in
@@ -3,17 +3,12 @@
- [Introduction](introduction.md)
- [Quick Start](quick-start.md)
- [Installation](installation/index.md)
- - [Supported Platforms](installation/supported-platforms.md)
- - [Installing a Binary Distribution](installation/installing-binary.md)
- [Installing Nix from Source](installation/installing-source.md)
- [Prerequisites](installation/prerequisites-source.md)
- [Obtaining a Source Distribution](installation/obtaining-source.md)
- [Building Nix from Source](installation/building-source.md)
- [Using Nix within Docker](installation/installing-docker.md)
- [Security](installation/nix-security.md)
- - [Single-User Mode](installation/single-user.md)
- - [Multi-User Mode](installation/multi-user.md)
- - [Environment Variables](installation/env-variables.md)
- [Upgrading Nix](installation/upgrading.md)
- [Uninstalling Nix](installation/uninstall.md)
- [Nix Store](store/index.md)
@@ -59,8 +54,11 @@
- [Command Reference](command-ref/index.md)
- [Common Options](command-ref/opt-common.md)
- [Common Environment Variables](command-ref/env-common.md)
- - [Main Commands](command-ref/main-commands.md)
+ - [Subcommands](command-ref/subcommands.md)
+{{#include ./command-ref/new-cli/SUMMARY.md}}
+ - [Deprecated Commands](command-ref/main-commands.md)
- [nix-build](command-ref/nix-build.md)
+ - [nix-channel](command-ref/nix-channel.md)
- [nix-shell](command-ref/nix-shell.md)
- [nix-store](command-ref/nix-store.md)
- [nix-store --add-fixed](command-ref/nix-store/add-fixed.md)
@@ -96,22 +94,17 @@
- [nix-env --uninstall](command-ref/nix-env/uninstall.md)
- [nix-env --upgrade](command-ref/nix-env/upgrade.md)
- [Utilities](command-ref/utilities.md)
- - [nix-channel](command-ref/nix-channel.md)
- [nix-collect-garbage](command-ref/nix-collect-garbage.md)
- [nix-copy-closure](command-ref/nix-copy-closure.md)
- [nix-daemon](command-ref/nix-daemon.md)
- [nix-hash](command-ref/nix-hash.md)
- [nix-instantiate](command-ref/nix-instantiate.md)
- [nix-prefetch-url](command-ref/nix-prefetch-url.md)
- - [Experimental Commands](command-ref/experimental-commands.md)
-{{#include ./command-ref/new-cli/SUMMARY.md}}
- [Files](command-ref/files.md)
- [nix.conf](command-ref/conf-file.md)
- [Profiles](command-ref/files/profiles.md)
- [manifest.nix](command-ref/files/manifest.nix.md)
- [manifest.json](command-ref/files/manifest.json.md)
- - [Channels](command-ref/files/channels.md)
- - [Default Nix expression](command-ref/files/default-nix-expression.md)
- [Architecture and Design](architecture/architecture.md)
- [Formats and Protocols](protocols/index.md)
- [JSON Formats](protocols/json/index.md)
@@ -133,65 +126,14 @@
- [C++ style guide](development/cxx.md)
- [Experimental Features](development/experimental-features.md)
- [Contributing](development/contributing.md)
-- [Releases](release-notes/index.md)
+- [Determinate Nix Release Notes](release-notes-determinate/index.md)
+ - [Changes between Nix and Determinate Nix](release-notes-determinate/changes.md)
+ - [Release 3.4.0 (2025-04-25)](release-notes-determinate/rl-3.4.0.md)
+ - [Release 3.3.0 (2025-04-11)](release-notes-determinate/rl-3.3.0.md)
+ - [Release 3.1.0 (2025-03-27)](release-notes-determinate/rl-3.1.0.md)
+ - [Release 3.0.0 (2025-03-04)](release-notes-determinate/rl-3.0.0.md)
+- [Nix Release Notes](release-notes/index.md)
{{#include ./SUMMARY-rl-next.md}}
- [Release 2.28 (2025-04-02)](release-notes/rl-2.28.md)
- [Release 2.27 (2025-03-03)](release-notes/rl-2.27.md)
- [Release 2.26 (2025-01-22)](release-notes/rl-2.26.md)
- - [Release 2.25 (2024-11-07)](release-notes/rl-2.25.md)
- - [Release 2.24 (2024-07-31)](release-notes/rl-2.24.md)
- - [Release 2.23 (2024-06-03)](release-notes/rl-2.23.md)
- - [Release 2.22 (2024-04-23)](release-notes/rl-2.22.md)
- - [Release 2.21 (2024-03-11)](release-notes/rl-2.21.md)
- - [Release 2.20 (2024-01-29)](release-notes/rl-2.20.md)
- - [Release 2.19 (2023-11-17)](release-notes/rl-2.19.md)
- - [Release 2.18 (2023-09-20)](release-notes/rl-2.18.md)
- - [Release 2.17 (2023-07-24)](release-notes/rl-2.17.md)
- - [Release 2.16 (2023-05-31)](release-notes/rl-2.16.md)
- - [Release 2.15 (2023-04-11)](release-notes/rl-2.15.md)
- - [Release 2.14 (2023-02-28)](release-notes/rl-2.14.md)
- - [Release 2.13 (2023-01-17)](release-notes/rl-2.13.md)
- - [Release 2.12 (2022-12-06)](release-notes/rl-2.12.md)
- - [Release 2.11 (2022-08-25)](release-notes/rl-2.11.md)
- - [Release 2.10 (2022-07-11)](release-notes/rl-2.10.md)
- - [Release 2.9 (2022-05-30)](release-notes/rl-2.9.md)
- - [Release 2.8 (2022-04-19)](release-notes/rl-2.8.md)
- - [Release 2.7 (2022-03-07)](release-notes/rl-2.7.md)
- - [Release 2.6 (2022-01-24)](release-notes/rl-2.6.md)
- - [Release 2.5 (2021-12-13)](release-notes/rl-2.5.md)
- - [Release 2.4 (2021-11-01)](release-notes/rl-2.4.md)
- - [Release 2.3 (2019-09-04)](release-notes/rl-2.3.md)
- - [Release 2.2 (2019-01-11)](release-notes/rl-2.2.md)
- - [Release 2.1 (2018-09-02)](release-notes/rl-2.1.md)
- - [Release 2.0 (2018-02-22)](release-notes/rl-2.0.md)
- - [Release 1.11.10 (2017-06-12)](release-notes/rl-1.11.10.md)
- - [Release 1.11 (2016-01-19)](release-notes/rl-1.11.md)
- - [Release 1.10 (2015-09-03)](release-notes/rl-1.10.md)
- - [Release 1.9 (2015-06-12)](release-notes/rl-1.9.md)
- - [Release 1.8 (2014-12-14)](release-notes/rl-1.8.md)
- - [Release 1.7 (2014-04-11)](release-notes/rl-1.7.md)
- - [Release 1.6.1 (2013-10-28)](release-notes/rl-1.6.1.md)
- - [Release 1.6 (2013-09-10)](release-notes/rl-1.6.md)
- - [Release 1.5.2 (2013-05-13)](release-notes/rl-1.5.2.md)
- - [Release 1.5 (2013-02-27)](release-notes/rl-1.5.md)
- - [Release 1.4 (2013-02-26)](release-notes/rl-1.4.md)
- - [Release 1.3 (2013-01-04)](release-notes/rl-1.3.md)
- - [Release 1.2 (2012-12-06)](release-notes/rl-1.2.md)
- - [Release 1.1 (2012-07-18)](release-notes/rl-1.1.md)
- - [Release 1.0 (2012-05-11)](release-notes/rl-1.0.md)
- - [Release 0.16 (2010-08-17)](release-notes/rl-0.16.md)
- - [Release 0.15 (2010-03-17)](release-notes/rl-0.15.md)
- - [Release 0.14 (2010-02-04)](release-notes/rl-0.14.md)
- - [Release 0.13 (2009-11-05)](release-notes/rl-0.13.md)
- - [Release 0.12 (2008-11-20)](release-notes/rl-0.12.md)
- - [Release 0.11 (2007-12-31)](release-notes/rl-0.11.md)
- - [Release 0.10.1 (2006-10-11)](release-notes/rl-0.10.1.md)
- - [Release 0.10 (2006-10-06)](release-notes/rl-0.10.md)
- - [Release 0.9.2 (2005-09-21)](release-notes/rl-0.9.2.md)
- - [Release 0.9.1 (2005-09-20)](release-notes/rl-0.9.1.md)
- - [Release 0.9 (2005-09-16)](release-notes/rl-0.9.md)
- - [Release 0.8.1 (2005-04-13)](release-notes/rl-0.8.1.md)
- - [Release 0.8 (2005-04-11)](release-notes/rl-0.8.md)
- - [Release 0.7 (2005-01-12)](release-notes/rl-0.7.md)
- - [Release 0.6 (2004-11-14)](release-notes/rl-0.6.md)
- - [Release 0.5 and earlier](release-notes/rl-0.5.md)
diff --git a/doc/manual/source/command-ref/env-common.md b/doc/manual/source/command-ref/env-common.md
index ee3995111e9..bd428a232eb 100644
--- a/doc/manual/source/command-ref/env-common.md
+++ b/doc/manual/source/command-ref/env-common.md
@@ -102,7 +102,7 @@ Most Nix commands interpret the following environment variables:
This variable should be set to `daemon` if you want to use the Nix
daemon to execute Nix operations. This is necessary in [multi-user
- Nix installations](@docroot@/installation/multi-user.md). If the Nix
+ Nix installations](@docroot@/installation/nix-security.md#multi-user-model). If the Nix
daemon's Unix socket is at some non-standard path, this variable
should be set to `unix://path/to/socket`. Otherwise, it should be
left unset.
diff --git a/doc/manual/source/command-ref/experimental-commands.md b/doc/manual/source/command-ref/experimental-commands.md
deleted file mode 100644
index 1190729a230..00000000000
--- a/doc/manual/source/command-ref/experimental-commands.md
+++ /dev/null
@@ -1,8 +0,0 @@
-# Experimental Commands
-
-This section lists [experimental commands](@docroot@/development/experimental-features.md#xp-feature-nix-command).
-
-> **Warning**
->
-> These commands may be removed in the future, or their syntax may
-> change in incompatible ways.
diff --git a/doc/manual/source/command-ref/files/default-nix-expression.md b/doc/manual/source/command-ref/files/default-nix-expression.md
index 2bd45ff5deb..e886e3ff499 100644
--- a/doc/manual/source/command-ref/files/default-nix-expression.md
+++ b/doc/manual/source/command-ref/files/default-nix-expression.md
@@ -31,12 +31,12 @@ Then, the resulting expression is interpreted like this:
The file [`manifest.nix`](@docroot@/command-ref/files/manifest.nix.md) is always ignored.
-The command [`nix-channel`] places a symlink to the current user's [channels] in this directory, the [user channel link](#user-channel-link).
+The command [`nix-channel`] places a symlink to the current user's channels in this directory, the [user channel link](#user-channel-link).
This makes all subscribed channels available as attributes in the default expression.
## User channel link
-A symlink that ensures that [`nix-env`] can find the current user's [channels]:
+A symlink that ensures that [`nix-env`] can find the current user's channels:
- `~/.nix-defexpr/channels`
- `$XDG_STATE_HOME/defexpr/channels` if [`use-xdg-base-directories`] is set to `true`.
@@ -51,4 +51,3 @@ In a multi-user installation, you may also have `~/.nix-defexpr/channels_root`,
[`nix-channel`]: @docroot@/command-ref/nix-channel.md
[`nix-env`]: @docroot@/command-ref/nix-env.md
[`use-xdg-base-directories`]: @docroot@/command-ref/conf-file.md#conf-use-xdg-base-directories
-[channels]: @docroot@/command-ref/files/channels.md
diff --git a/doc/manual/source/command-ref/files/profiles.md b/doc/manual/source/command-ref/files/profiles.md
index b5c7378800f..e46e2418b4c 100644
--- a/doc/manual/source/command-ref/files/profiles.md
+++ b/doc/manual/source/command-ref/files/profiles.md
@@ -67,7 +67,7 @@ By default, this symlink points to:
- `$NIX_STATE_DIR/profiles/per-user/root/profile` for `root`
The `PATH` environment variable should include `/bin` subdirectory of the profile link (e.g. `~/.nix-profile/bin`) for the user environment to be visible to the user.
-The [installer](@docroot@/installation/installing-binary.md) sets this up by default, unless you enable [`use-xdg-base-directories`].
+The installer sets this up by default, unless you enable [`use-xdg-base-directories`].
[`nix-env`]: @docroot@/command-ref/nix-env.md
[`nix profile`]: @docroot@/command-ref/new-cli/nix3-profile.md
diff --git a/doc/manual/source/command-ref/nix-channel.md b/doc/manual/source/command-ref/nix-channel.md
index 8b58392b7b5..bc0a90b11c4 100644
--- a/doc/manual/source/command-ref/nix-channel.md
+++ b/doc/manual/source/command-ref/nix-channel.md
@@ -8,6 +8,12 @@
# Description
+> **Warning**
+>
+> nix-channel is deprecated in favor of flakes in Determinate Nix.
+> For a guide on Nix flakes, see: .
+> For details and to offer feedback on the deprecation process, see: .
+
Channels are a mechanism for referencing remote Nix expressions and conveniently retrieving their latest version.
The moving parts of channels are:
diff --git a/doc/manual/source/command-ref/nix-env.md b/doc/manual/source/command-ref/nix-env.md
index bda02149ed0..d01caaf7f78 100644
--- a/doc/manual/source/command-ref/nix-env.md
+++ b/doc/manual/source/command-ref/nix-env.md
@@ -52,7 +52,7 @@ These pages can be viewed offline:
`nix-env` can obtain packages from multiple sources:
- An attribute set of derivations from:
- - The [default Nix expression](@docroot@/command-ref/files/default-nix-expression.md) (by default)
+ - The default Nix expression (by default)
- A Nix file, specified via `--file`
- A [profile](@docroot@/command-ref/files/profiles.md), specified via `--from-profile`
- A Nix expression that is a function which takes default expression as argument, specified via `--from-expression`
diff --git a/doc/manual/source/command-ref/nix-env/install.md b/doc/manual/source/command-ref/nix-env/install.md
index 527fd8f90d8..26a32aa6b6b 100644
--- a/doc/manual/source/command-ref/nix-env/install.md
+++ b/doc/manual/source/command-ref/nix-env/install.md
@@ -22,12 +22,11 @@ It is based on the current generation of the active [profile](@docroot@/command-
The arguments *args* map to store paths in a number of possible ways:
-- By default, *args* is a set of names denoting derivations in the [default Nix expression].
+- By default, *args* is a set of names denoting derivations in the default Nix expression.
These are [realised], and the resulting output paths are installed.
Currently installed derivations with a name equal to the name of a derivation being added are removed unless the option `--preserve-installed` is specified.
[derivation expression]: @docroot@/glossary.md#gloss-derivation-expression
- [default Nix expression]: @docroot@/command-ref/files/default-nix-expression.md
[realised]: @docroot@/glossary.md#gloss-realise
If there are multiple derivations matching a name in *args* that
@@ -45,7 +44,7 @@ The arguments *args* map to store paths in a number of possible ways:
gcc-3.3.6 gcc-4.1.1` will install both version of GCC (and will
probably cause a user environment conflict\!).
-- If [`--attr`](#opt-attr) / `-A` is specified, the arguments are *attribute paths* that select attributes from the [default Nix expression].
+- If [`--attr`](#opt-attr) / `-A` is specified, the arguments are *attribute paths* that select attributes from the default Nix expression.
This is faster than using derivation names and unambiguous.
Show the attribute paths of available packages with [`nix-env --query`](./query.md):
@@ -58,7 +57,7 @@ The arguments *args* map to store paths in a number of possible ways:
easy way to copy user environment elements from one profile to
another.
-- If `--from-expression` is given, *args* are [Nix language functions](@docroot@/language/syntax.md#functions) that are called with the [default Nix expression] as their single argument.
+- If `--from-expression` is given, *args* are [Nix language functions](@docroot@/language/syntax.md#functions) that are called with the default Nix expression as their single argument.
The derivations returned by those function calls are installed.
This allows derivations to be specified in an unambiguous way, which is necessary if there are multiple derivations with the same name.
diff --git a/doc/manual/source/command-ref/subcommands.md b/doc/manual/source/command-ref/subcommands.md
new file mode 100644
index 00000000000..6a26732338d
--- /dev/null
+++ b/doc/manual/source/command-ref/subcommands.md
@@ -0,0 +1,3 @@
+# Subcommands
+
+This section lists all the subcommands of the `nix` CLI.
diff --git a/doc/manual/source/development/building.md b/doc/manual/source/development/building.md
index da465d090a9..49cc9d568eb 100644
--- a/doc/manual/source/development/building.md
+++ b/doc/manual/source/development/building.md
@@ -1,73 +1,5 @@
# Building Nix
-This section provides some notes on how to start hacking on Nix.
-To get the latest version of Nix from GitHub:
-
-```console
-$ git clone https://github.com/NixOS/nix.git
-$ cd nix
-```
-
-> **Note**
->
-> The following instructions assume you already have some version of Nix installed locally, so that you can use it to set up the development environment.
-> If you don't have it installed, follow the [installation instructions](../installation/index.md).
-
-
-To build all dependencies and start a shell in which all environment variables are set up so that those dependencies can be found:
-
-```console
-$ nix-shell
-```
-
-To get a shell with one of the other [supported compilation environments](#compilation-environments):
-
-```console
-$ nix-shell --attr devShells.x86_64-linux.native-clangStdenvPackages
-```
-
-> **Note**
->
-> You can use `native-ccacheStdenv` to drastically improve rebuild time.
-> By default, [ccache](https://ccache.dev) keeps artifacts in `~/.cache/ccache/`.
-
-To build Nix itself in this shell:
-
-```console
-[nix-shell]$ mesonFlags+=" --prefix=$(pwd)/outputs/out"
-[nix-shell]$ dontAddPrefix=1 configurePhase
-[nix-shell]$ buildPhase
-```
-
-To test it:
-
-```console
-[nix-shell]$ checkPhase
-```
-
-To install it in `$(pwd)/outputs`:
-
-```console
-[nix-shell]$ installPhase
-[nix-shell]$ ./outputs/out/bin/nix --version
-nix (Nix) 2.12
-```
-
-To build a release version of Nix for the current operating system and CPU architecture:
-
-```console
-$ nix-build
-```
-
-You can also build Nix for one of the [supported platforms](#platforms).
-
-## Building Nix with flakes
-
-This section assumes you are using Nix with the [`flakes`] and [`nix-command`] experimental features enabled.
-
-[`flakes`]: @docroot@/development/experimental-features.md#xp-feature-flakes
-[`nix-command`]: @docroot@/development/experimental-features.md#xp-nix-command
-
To build all dependencies and start a shell in which all environment variables are set up so that those dependencies can be found:
```console
@@ -145,12 +77,6 @@ platform. Common solutions include [remote build machines] and [binary format em
Given such a setup, executing the build only requires selecting the respective attribute.
For example, to compile for `aarch64-linux`:
-```console
-$ nix-build --attr packages.aarch64-linux.default
-```
-
-or for Nix with the [`flakes`] and [`nix-command`] experimental features enabled:
-
```console
$ nix build .#packages.aarch64-linux.default
```
@@ -233,20 +159,12 @@ To build with one of those environments, you can use
$ nix build .#nix-ccacheStdenv
```
-for flake-enabled Nix, or
-
-```console
-$ nix-build --attr nix-ccacheStdenv
-```
-
-for classic Nix.
-
You can use any of the other supported environments in place of `nix-ccacheStdenv`.
## Editor integration
The `clangd` LSP server is installed by default on the `clang`-based `devShell`s.
-See [supported compilation environments](#compilation-environments) and instructions how to set up a shell [with flakes](#nix-with-flakes) or in [classic Nix](#classic-nix).
+See [supported compilation environments](#compilation-environments) and instructions how to [set up a shell with flakes](#nix-with-flakes).
To use the LSP with your editor, you will want a `compile_commands.json` file telling `clangd` how we are compiling the code.
Meson's configure always produces this inside the build directory.
diff --git a/doc/manual/source/development/experimental-features.md b/doc/manual/source/development/experimental-features.md
index ad5cffa91ee..56a45b23890 100644
--- a/doc/manual/source/development/experimental-features.md
+++ b/doc/manual/source/development/experimental-features.md
@@ -6,7 +6,7 @@ Experimental features are considered unstable, which means that they can be chan
Users must explicitly enable them by toggling the associated [experimental feature flags](@docroot@/command-ref/conf-file.md#conf-experimental-features).
This allows accessing unstable functionality without unwittingly relying on it.
-Experimental feature flags were first introduced in [Nix 2.4](@docroot@/release-notes/rl-2.4.md).
+Experimental feature flags were first introduced in [Nix 2.4](https://nix.dev/manual/nix/latest/release-notes/rl-2.4).
Before that, Nix did have experimental features, but they were not guarded by flags and were merely documented as unstable.
This was a source of confusion and controversy.
diff --git a/doc/manual/source/favicon.png b/doc/manual/source/favicon.png
deleted file mode 100644
index 1ed2b5fe0fd..00000000000
Binary files a/doc/manual/source/favicon.png and /dev/null differ
diff --git a/doc/manual/source/favicon.svg b/doc/manual/source/favicon.svg
index 1d2a6e835d5..55fb9479b06 100644
--- a/doc/manual/source/favicon.svg
+++ b/doc/manual/source/favicon.svg
@@ -1 +1,29 @@
-
\ No newline at end of file
+
diff --git a/doc/manual/source/installation/env-variables.md b/doc/manual/source/installation/env-variables.md
deleted file mode 100644
index 0350904211a..00000000000
--- a/doc/manual/source/installation/env-variables.md
+++ /dev/null
@@ -1,62 +0,0 @@
-# Environment Variables
-
-To use Nix, some environment variables should be set. In particular,
-`PATH` should contain the directories `prefix/bin` and
-`~/.nix-profile/bin`. The first directory contains the Nix tools
-themselves, while `~/.nix-profile` is a symbolic link to the current
-*user environment* (an automatically generated package consisting of
-symlinks to installed packages). The simplest way to set the required
-environment variables is to include the file
-`prefix/etc/profile.d/nix.sh` in your `~/.profile` (or similar), like
-this:
-
-```bash
-source prefix/etc/profile.d/nix.sh
-```
-
-# `NIX_SSL_CERT_FILE`
-
-If you need to specify a custom certificate bundle to account for an
-HTTPS-intercepting man in the middle proxy, you must specify the path to
-the certificate bundle in the environment variable `NIX_SSL_CERT_FILE`.
-
-If you don't specify a `NIX_SSL_CERT_FILE` manually, Nix will install
-and use its own certificate bundle.
-
-Set the environment variable and install Nix
-
-```console
-$ export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
-$ curl -L https://nixos.org/nix/install | sh
-```
-
-In the shell profile and rc files (for example, `/etc/bashrc`,
-`/etc/zshrc`), add the following line:
-
-```bash
-export NIX_SSL_CERT_FILE=/etc/ssl/my-certificate-bundle.crt
-```
-
-> **Note**
->
-> You must not add the export and then do the install, as the Nix
-> installer will detect the presence of Nix configuration, and abort.
-
-If you use the Nix daemon, you should also add the following to
-`/etc/nix/nix.conf`:
-
-```
-ssl-cert-file = /etc/ssl/my-certificate-bundle.crt
-```
-
-## Proxy Environment Variables
-
-The Nix installer has special handling for these proxy-related
-environment variables: `http_proxy`, `https_proxy`, `ftp_proxy`,
-`all_proxy`, `no_proxy`, `HTTP_PROXY`, `HTTPS_PROXY`, `FTP_PROXY`,
-`ALL_PROXY`, `NO_PROXY`.
-
-If any of these variables are set when running the Nix installer, then
-the installer will create an override file at
-`/etc/systemd/system/nix-daemon.service.d/override.conf` so `nix-daemon`
-will use them.
diff --git a/doc/manual/source/installation/index.md b/doc/manual/source/installation/index.md
index 48725c1ba74..21aca146fd2 100644
--- a/doc/manual/source/installation/index.md
+++ b/doc/manual/source/installation/index.md
@@ -1,42 +1,11 @@
# Installation
-This section describes how to install and configure Nix for first-time use.
-
-The current recommended option on Linux and MacOS is [multi-user](#multi-user).
-
-## Multi-user
-
-This installation offers better sharing, improved isolation, and more security
-over a single user installation.
-
-This option requires either:
-
-* Linux running systemd, with SELinux disabled
-* MacOS
-
-> **Updating to macOS 15 Sequoia**
->
-> If you recently updated to macOS 15 Sequoia and are getting
-> ```console
-> error: the user '_nixbld1' in the group 'nixbld' does not exist
-> ```
-> when running Nix commands, refer to GitHub issue [NixOS/nix#10892](https://github.com/NixOS/nix/issues/10892) for instructions to fix your installation without reinstalling.
-
-```console
-$ curl -L https://nixos.org/nix/install | sh -s -- --daemon
-```
-
-## Single-user
-
-> Single-user is not supported on Mac.
-
-This installation has less requirements than the multi-user install, however it
-cannot offer equivalent sharing, isolation, or security.
-
-This option is suitable for systems without systemd.
+We recommend that macOS users install Determinate Nix using our graphical installer, [Determinate.pkg][pkg].
+For Linux and Windows Subsystem for Linux (WSL) users:
```console
-$ curl -L https://nixos.org/nix/install | sh -s -- --no-daemon
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
+ sh -s -- install --determinate
```
## Distributions
@@ -44,3 +13,5 @@ $ curl -L https://nixos.org/nix/install | sh -s -- --no-daemon
The Nix community maintains installers for several distributions.
They can be found in the [`nix-community/nix-installers`](https://github.com/nix-community/nix-installers) repository.
+
+[pkg]: https://install.determinate.systems/determinate-pkg/stable/Universal
diff --git a/doc/manual/source/installation/installing-binary.md b/doc/manual/source/installation/installing-binary.md
deleted file mode 100644
index 6a1a5ddcaff..00000000000
--- a/doc/manual/source/installation/installing-binary.md
+++ /dev/null
@@ -1,158 +0,0 @@
-# Installing a Binary Distribution
-
-> **Updating to macOS 15 Sequoia**
->
-> If you recently updated to macOS 15 Sequoia and are getting
-> ```console
-> error: the user '_nixbld1' in the group 'nixbld' does not exist
-> ```
-> when running Nix commands, refer to GitHub issue [NixOS/nix#10892](https://github.com/NixOS/nix/issues/10892) for instructions to fix your installation without reinstalling.
-
-To install the latest version Nix, run the following command:
-
-```console
-$ curl -L https://nixos.org/nix/install | sh
-```
-
-This performs the default type of installation for your platform:
-
-- [Multi-user](#multi-user-installation):
- - Linux with systemd and without SELinux
- - macOS
-- [Single-user](#single-user-installation):
- - Linux without systemd
- - Linux with SELinux
-
-We recommend the multi-user installation if it supports your platform and you can authenticate with `sudo`.
-
-The installer can configured with various command line arguments and environment variables.
-To show available command line flags:
-
-```console
-$ curl -L https://nixos.org/nix/install | sh -s -- --help
-```
-
-To check what it does and how it can be customised further, [download and edit the second-stage installation script](#installing-from-a-binary-tarball).
-
-# Installing a pinned Nix version from a URL
-
-Version-specific installation URLs for all Nix versions since 1.11.16 can be found at [releases.nixos.org](https://releases.nixos.org/?prefix=nix/).
-The directory for each version contains the corresponding SHA-256 hash.
-
-All installation scripts are invoked the same way:
-
-```console
-$ export VERSION=2.19.2
-$ curl -L https://releases.nixos.org/nix/nix-$VERSION/install | sh
-```
-
-# Multi User Installation
-
-The multi-user Nix installation creates system users and a system service for the Nix daemon.
-
-Supported systems:
-
-- Linux running systemd, with SELinux disabled
-- macOS
-
-To explicitly instruct the installer to perform a multi-user installation on your system:
-
-```console
-$ bash <(curl -L https://nixos.org/nix/install) --daemon
-```
-
-You can run this under your usual user account or `root`.
-The script will invoke `sudo` as needed.
-
-# Single User Installation
-
-To explicitly select a single-user installation on your system:
-
-```console
-$ bash <(curl -L https://nixos.org/nix/install) --no-daemon
-```
-
-In a single-user installation, `/nix` is owned by the invoking user.
-The script will invoke `sudo` to create `/nix` if it doesn’t already exist.
-If you don’t have `sudo`, manually create `/nix` as `root`:
-
-```console
-$ su root
-# mkdir /nix
-# chown alice /nix
-```
-
-# Installing from a binary tarball
-
-You can also download a binary tarball that contains Nix and all its dependencies:
-- Choose a [version](https://releases.nixos.org/?prefix=nix/) and [system type](../development/building.md#platforms)
-- Download and unpack the tarball
-- Run the installer
-
-> **Example**
->
-> ```console
-> $ pushd $(mktemp -d)
-> $ export VERSION=2.19.2
-> $ export SYSTEM=x86_64-linux
-> $ curl -LO https://releases.nixos.org/nix/nix-$VERSION/nix-$VERSION-$SYSTEM.tar.xz
-> $ tar xfj nix-$VERSION-$SYSTEM.tar.xz
-> $ cd nix-$VERSION-$SYSTEM
-> $ ./install
-> $ popd
-> ```
-
-The installer can be customised with the environment variables declared in the file named `install-multi-user`.
-
-## Native packages for Linux distributions
-
-The Nix community maintains installers for some Linux distributions in their native packaging format(https://nix-community.github.io/nix-installers/).
-
-# macOS Installation
-
-
-[]{#sect-macos-installation-change-store-prefix}[]{#sect-macos-installation-encrypted-volume}[]{#sect-macos-installation-symlink}[]{#sect-macos-installation-recommended-notes}
-
-We believe we have ironed out how to cleanly support the read-only root file system
-on modern macOS. New installs will do this automatically.
-
-This section previously detailed the situation, options, and trade-offs,
-but it now only outlines what the installer does. You don't need to know
-this to run the installer, but it may help if you run into trouble:
-
-- create a new APFS volume for your Nix store
-- update `/etc/synthetic.conf` to direct macOS to create a "synthetic"
- empty root directory to mount your volume
-- specify mount options for the volume in `/etc/fstab`
- - `rw`: read-write
- - `noauto`: prevent the system from auto-mounting the volume (so the
- LaunchDaemon mentioned below can control mounting it, and to avoid
- masking problems with that mounting service).
- - `nobrowse`: prevent the Nix Store volume from showing up on your
- desktop; also keeps Spotlight from spending resources to index
- this volume
-
-- if you have FileVault enabled
- - generate an encryption password
- - put it in your system Keychain
- - use it to encrypt the volume
-- create a system LaunchDaemon to mount this volume early enough in the
- boot process to avoid problems loading or restoring any programs that
- need access to your Nix store
-
diff --git a/doc/manual/source/installation/nix-security.md b/doc/manual/source/installation/nix-security.md
index 1e9036b68b2..61cad24c2b3 100644
--- a/doc/manual/source/installation/nix-security.md
+++ b/doc/manual/source/installation/nix-security.md
@@ -1,15 +1,85 @@
# Security
-Nix has two basic security models. First, it can be used in “single-user
-mode”, which is similar to what most other package management tools do:
-there is a single user (typically root) who performs all package
-management operations. All other users can then use the installed
-packages, but they cannot perform package management operations
-themselves.
-
-Alternatively, you can configure Nix in “multi-user mode”. In this
-model, all users can perform package management operations — for
-instance, every user can install software without requiring root
-privileges. Nix ensures that this is secure. For instance, it’s not
-possible for one user to overwrite a package used by another user with a
-Trojan horse.
+Nix follows a [**multi-user**](#multi-user-model) security model in which all
+users can perform package management operations. Every user can, for example,
+install software without requiring root privileges, and Nix ensures that this
+is secure. It's *not* possible for one user to, for example, overwrite a
+package used by another user with a Trojan horse.
+
+## Multi-User model
+
+To allow a Nix store to be shared safely among multiple users, it is
+important that users are not able to run builders that modify the Nix
+store or database in arbitrary ways, or that interfere with builds
+started by other users. If they could do so, they could install a Trojan
+horse in some package and compromise the accounts of other users.
+
+To prevent this, the Nix store and database are owned by some privileged
+user (usually `root`) and builders are executed under special user
+accounts (usually named `nixbld1`, `nixbld2`, etc.). When a unprivileged
+user runs a Nix command, actions that operate on the Nix store (such as
+builds) are forwarded to a *Nix daemon* running under the owner of the
+Nix store/database that performs the operation.
+
+> **Note**
+>
+> Multi-user mode has one important limitation: only root and a set of
+> trusted users specified in `nix.conf` can specify arbitrary binary
+> caches. So while unprivileged users may install packages from
+> arbitrary Nix expressions, they may not get pre-built binaries.
+
+### Setting up the build users
+
+The *build users* are the special UIDs under which builds are performed.
+They should all be members of the *build users group* `nixbld`. This
+group should have no other members. The build users should not be
+members of any other group. On Linux, you can create the group and users
+as follows:
+
+```console
+$ groupadd -r nixbld
+$ for n in $(seq 1 10); do useradd -c "Nix build user $n" \
+ -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(which nologin)" \
+ nixbld$n; done
+```
+
+This creates 10 build users. There can never be more concurrent builds
+than the number of build users, so you may want to increase this if you
+expect to do many builds at the same time.
+
+### Running the daemon
+
+The [Nix daemon](../command-ref/nix-daemon.md) should be started as
+follows (as `root`):
+
+```console
+$ nix-daemon
+```
+
+You’ll want to put that line somewhere in your system’s boot scripts.
+
+To let unprivileged users use the daemon, they should set the
+[`NIX_REMOTE` environment variable](../command-ref/env-common.md) to
+`daemon`. So you should put a line like
+
+```console
+export NIX_REMOTE=daemon
+```
+
+into the users’ login scripts.
+
+### Restricting access
+
+To limit which users can perform Nix operations, you can use the
+permissions on the directory `/nix/var/nix/daemon-socket`. For instance,
+if you want to restrict the use of Nix to the members of a group called
+`nix-users`, do
+
+```console
+$ chgrp nix-users /nix/var/nix/daemon-socket
+$ chmod ug=rwx,o= /nix/var/nix/daemon-socket
+```
+
+This way, users who are not in the `nix-users` group cannot connect to
+the Unix domain socket `/nix/var/nix/daemon-socket/socket`, so they
+cannot perform Nix operations.
diff --git a/doc/manual/source/installation/single-user.md b/doc/manual/source/installation/single-user.md
deleted file mode 100644
index f9a3b26edf4..00000000000
--- a/doc/manual/source/installation/single-user.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# Single-User Mode
-
-In single-user mode, all Nix operations that access the database in
-`prefix/var/nix/db` or modify the Nix store in `prefix/store` must be
-performed under the user ID that owns those directories. This is
-typically root. (If you install from RPM packages, that’s in fact the
-default ownership.) However, on single-user machines, it is often
-convenient to `chown` those directories to your normal user account so
-that you don’t have to `su` to root all the time.
diff --git a/doc/manual/source/installation/supported-platforms.md b/doc/manual/source/installation/supported-platforms.md
deleted file mode 100644
index 8ca3ce8d445..00000000000
--- a/doc/manual/source/installation/supported-platforms.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Supported Platforms
-
-Nix is currently supported on the following platforms:
-
- - Linux (i686, x86\_64, aarch64).
-
- - macOS (x86\_64, aarch64).
diff --git a/doc/manual/source/installation/uninstall.md b/doc/manual/source/installation/uninstall.md
index 8d45da6bba0..e95634c213a 100644
--- a/doc/manual/source/installation/uninstall.md
+++ b/doc/manual/source/installation/uninstall.md
@@ -1,165 +1,15 @@
# Uninstalling Nix
-## Multi User
-
-Removing a [multi-user installation](./installing-binary.md#multi-user-installation) depends on the operating system.
-
-### Linux
-
-If you are on Linux with systemd:
-
-1. Remove the Nix daemon service:
-
- ```console
- sudo systemctl stop nix-daemon.service
- sudo systemctl disable nix-daemon.socket nix-daemon.service
- sudo systemctl daemon-reload
- ```
-
-Remove files created by Nix:
+To uninstall Determinate Nix, use the uninstallation utility built into the [Determinate Nix Installer][installer]:
```console
-sudo rm -rf /etc/nix /etc/profile.d/nix.sh /etc/tmpfiles.d/nix-daemon.conf /nix ~root/.nix-channels ~root/.nix-defexpr ~root/.nix-profile ~root/.cache/nix
+$ /nix/nix-installer uninstall
```
-Remove build users and their group:
+If you're certain that you want to uninstall, you can skip the confirmation step:
```console
-for i in $(seq 1 32); do
- sudo userdel nixbld$i
-done
-sudo groupdel nixbld
+$ /nix/nix-installer uninstall --no-confirm
```
-There may also be references to Nix in
-
-- `/etc/bash.bashrc`
-- `/etc/bashrc`
-- `/etc/profile`
-- `/etc/zsh/zshrc`
-- `/etc/zshrc`
-
-which you may remove.
-
-### macOS
-
-> **Updating to macOS 15 Sequoia**
->
-> If you recently updated to macOS 15 Sequoia and are getting
-> ```console
-> error: the user '_nixbld1' in the group 'nixbld' does not exist
-> ```
-> when running Nix commands, refer to GitHub issue [NixOS/nix#10892](https://github.com/NixOS/nix/issues/10892) for instructions to fix your installation without reinstalling.
-
-1. If system-wide shell initialisation files haven't been altered since installing Nix, use the backups made by the installer:
-
- ```console
- sudo mv /etc/zshrc.backup-before-nix /etc/zshrc
- sudo mv /etc/bashrc.backup-before-nix /etc/bashrc
- sudo mv /etc/bash.bashrc.backup-before-nix /etc/bash.bashrc
- ```
-
- Otherwise, edit `/etc/zshrc`, `/etc/bashrc`, and `/etc/bash.bashrc` to remove the lines sourcing `nix-daemon.sh`, which should look like this:
-
- ```bash
- # Nix
- if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
- . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
- fi
- # End Nix
- ```
-
-2. Stop and remove the Nix daemon services:
-
- ```console
- sudo launchctl unload /Library/LaunchDaemons/org.nixos.nix-daemon.plist
- sudo rm /Library/LaunchDaemons/org.nixos.nix-daemon.plist
- sudo launchctl unload /Library/LaunchDaemons/org.nixos.darwin-store.plist
- sudo rm /Library/LaunchDaemons/org.nixos.darwin-store.plist
- ```
-
- This stops the Nix daemon and prevents it from being started next time you boot the system.
-
-3. Remove the `nixbld` group and the `_nixbuildN` users:
-
- ```console
- sudo dscl . -delete /Groups/nixbld
- for u in $(sudo dscl . -list /Users | grep _nixbld); do sudo dscl . -delete /Users/$u; done
- ```
-
- This will remove all the build users that no longer serve a purpose.
-
-4. Edit fstab using `sudo vifs` to remove the line mounting the Nix Store volume on `/nix`, which looks like
-
- ```
- UUID= /nix apfs rw,noauto,nobrowse,suid,owners
- ```
- or
-
- ```
- LABEL=Nix\040Store /nix apfs rw,nobrowse
- ```
-
- by setting the cursor on the respective line using the arrow keys, and pressing `dd`, and then `:wq` to save the file.
-
- This will prevent automatic mounting of the Nix Store volume.
-
-5. Edit `/etc/synthetic.conf` to remove the `nix` line.
- If this is the only line in the file you can remove it entirely:
-
- ```bash
- if [ -f /etc/synthetic.conf ]; then
- if [ "$(cat /etc/synthetic.conf)" = "nix" ]; then
- sudo rm /etc/synthetic.conf
- else
- sudo vi /etc/synthetic.conf
- fi
- fi
- ```
-
- This will prevent the creation of the empty `/nix` directory.
-
-6. Remove the files Nix added to your system, except for the store:
-
- ```console
- sudo rm -rf /etc/nix /var/root/.nix-profile /var/root/.nix-defexpr /var/root/.nix-channels ~/.nix-profile ~/.nix-defexpr ~/.nix-channels
- ```
-
-
-7. Remove the Nix Store volume:
-
- ```console
- sudo diskutil apfs deleteVolume /nix
- ```
-
- This will remove the Nix Store volume and everything that was added to the store.
-
- If the output indicates that the command couldn't remove the volume, you should make sure you don't have an _unmounted_ Nix Store volume.
- Look for a "Nix Store" volume in the output of the following command:
-
- ```console
- diskutil list
- ```
-
- If you _do_ find a "Nix Store" volume, delete it by running `diskutil apfs deleteVolume` with the store volume's `diskXsY` identifier.
-
- If you get an error that the volume is in use by the kernel, reboot and immediately delete the volume before starting any other process.
-
-> **Note**
->
-> After you complete the steps here, you will still have an empty `/nix` directory.
-> This is an expected sign of a successful uninstall.
-> The empty `/nix` directory will disappear the next time you reboot.
->
-> You do not have to reboot to finish uninstalling Nix.
-> The uninstall is complete.
-> macOS (Catalina+) directly controls root directories, and its read-only root will prevent you from manually deleting the empty `/nix` mountpoint.
-
-## Single User
-
-To remove a [single-user installation](./installing-binary.md#single-user-installation) of Nix, run:
-
-```console
-rm -rf /nix ~/.nix-channels ~/.nix-defexpr ~/.nix-profile
-```
-You might also want to manually remove references to Nix from your `~/.profile`.
+[installer]: https://github.com/DeterminateSystems/nix-installer
diff --git a/doc/manual/source/installation/upgrading.md b/doc/manual/source/installation/upgrading.md
index a433f1d30e6..8fe342b09b7 100644
--- a/doc/manual/source/installation/upgrading.md
+++ b/doc/manual/source/installation/upgrading.md
@@ -1,40 +1,10 @@
# Upgrading Nix
-> **Note**
->
-> These upgrade instructions apply where Nix was installed following the [installation instructions in this manual](./index.md).
-
-Check which Nix version will be installed, for example from one of the [release channels](http://channels.nixos.org/) such as `nixpkgs-unstable`:
-
-```console
-$ nix-shell -p nix -I nixpkgs=channel:nixpkgs-unstable --run "nix --version"
-nix (Nix) 2.18.1
-```
-
-> **Warning**
->
-> Writing to the [local store](@docroot@/store/types/local-store.md) with a newer version of Nix, for example by building derivations with [`nix-build`](@docroot@/command-ref/nix-build.md) or [`nix-store --realise`](@docroot@/command-ref/nix-store/realise.md), may change the database schema!
-> Reverting to an older version of Nix may therefore require purging the store database before it can be used.
-
-## Linux multi-user
+You can upgrade Determinate Nix using Determinate Nixd:
```console
-$ sudo su
-# nix-env --install --file '' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-# systemctl daemon-reload
-# systemctl restart nix-daemon
+sudo determinate-nixd upgrade
```
-## macOS multi-user
+Note that the `sudo` is necessary here and upgrading fails without it.
-```console
-$ sudo nix-env --install --file '' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-$ sudo launchctl remove org.nixos.nix-daemon
-$ sudo launchctl load /Library/LaunchDaemons/org.nixos.nix-daemon.plist
-```
-
-## Single-user all platforms
-
-```console
-$ nix-env --install --file '' --attr nix cacert -I nixpkgs=channel:nixpkgs-unstable
-```
diff --git a/doc/manual/source/introduction.md b/doc/manual/source/introduction.md
index 76489bc1b2c..a95e82740c6 100644
--- a/doc/manual/source/introduction.md
+++ b/doc/manual/source/introduction.md
@@ -1,7 +1,21 @@
-# Introduction
+# Determinate Nix
-Nix is a _purely functional package manager_. This means that it
-treats packages like values in purely functional programming languages
+**Determinate Nix** is a downstream distribution of [Nix], a purely functional language, CLI tool, and package management system.
+It's available on Linux, macOS, and Windows Subsystem for Linux (WSL).
+
+## Installing
+
+We recommend that macOS users install Determinate Nix using our graphical installer, [Determinate.pkg][pkg].
+For Linux and Windows Subsystem for Linux (WSL) users:
+
+```console
+curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
+ sh -s -- install --determinate
+```
+
+## How Nix works
+
+Nix treats packages like values in purely functional programming languages
such as Haskell — they are built by functions that don’t have
side-effects, and they never change after they have been built. Nix
stores packages in the _Nix store_, usually the directory
@@ -184,10 +198,14 @@ to build configuration files in `/etc`). This means, among other
things, that it is easy to roll back the entire configuration of the
system to an earlier state. Also, users can install software without
root privileges. For more information and downloads, see the [NixOS
-homepage](https://nixos.org/).
+homepage][nix].
## License
Nix is released under the terms of the [GNU LGPLv2.1 or (at your
option) any later
-version](http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html).
+version][license].
+
+[license]: http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
+[pkg]: https://install.determinate.systems/determinate-pkg/stable/Universal
+[site]: https://nixos.org
diff --git a/doc/manual/source/language/string-context.md b/doc/manual/source/language/string-context.md
index 6a3482cfd95..979bbf37197 100644
--- a/doc/manual/source/language/string-context.md
+++ b/doc/manual/source/language/string-context.md
@@ -115,7 +115,7 @@ It creates an [attribute set] representing the string context, which can be insp
## Clearing string contexts
-[`buitins.unsafeDiscardStringContext`](./builtins.md#builtins-unsafeDiscardStringContext) will make a copy of a string, but with an empty string context.
+[`builtins.unsafeDiscardStringContext`](./builtins.md#builtins-unsafeDiscardStringContext) will make a copy of a string, but with an empty string context.
The returned string can be used in more ways, e.g. by operators that require the string context to be empty.
The requirement to explicitly discard the string context in such use cases helps ensure that string context elements are not lost by mistake.
The "unsafe" marker is only there to remind that Nix normally guarantees that dependencies are tracked, whereas the returned string has lost them.
diff --git a/doc/manual/source/protocols/json/derivation.md b/doc/manual/source/protocols/json/derivation.md
index 3845f120029..414a862e825 100644
--- a/doc/manual/source/protocols/json/derivation.md
+++ b/doc/manual/source/protocols/json/derivation.md
@@ -1,11 +1,5 @@
# Derivation JSON Format
-> **Warning**
->
-> This JSON format is currently
-> [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-> and subject to change.
-
The JSON serialization of a
[derivations](@docroot@/glossary.md#gloss-store-derivation)
is a JSON object with the following fields:
diff --git a/doc/manual/source/protocols/json/store-object-info.md b/doc/manual/source/protocols/json/store-object-info.md
index b7348538c35..4b029c40b5d 100644
--- a/doc/manual/source/protocols/json/store-object-info.md
+++ b/doc/manual/source/protocols/json/store-object-info.md
@@ -1,11 +1,5 @@
# Store object info JSON format
-> **Warning**
->
-> This JSON format is currently
-> [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-> and subject to change.
-
Info about a [store object].
* `path`:
diff --git a/doc/manual/source/quick-start.md b/doc/manual/source/quick-start.md
index 9eb7a326590..ffb87aa725f 100644
--- a/doc/manual/source/quick-start.md
+++ b/doc/manual/source/quick-start.md
@@ -3,10 +3,13 @@
This chapter is for impatient people who don't like reading documentation.
For more in-depth information you are kindly referred to subsequent chapters.
-1. Install Nix:
+1. Install Nix.
+ We recommend that macOS users install Determinate Nix using our graphical installer, [Determinate.pkg][pkg].
+ For Linux and Windows Subsystem for Linux (WSL) users:
```console
- $ curl -L https://nixos.org/nix/install | sh
+ $ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
+ sh -s -- install --determinate
```
The install script will use `sudo`, so make sure you have sufficient rights.
@@ -41,3 +44,5 @@ For more in-depth information you are kindly referred to subsequent chapters.
```console
$ nix-collect-garbage
```
+
+[pkg]: https://install.determinate.systems/determinate-pkg/stable/Universal
diff --git a/doc/manual/source/release-notes-determinate/changes.md b/doc/manual/source/release-notes-determinate/changes.md
new file mode 100644
index 00000000000..f0cc1af5463
--- /dev/null
+++ b/doc/manual/source/release-notes-determinate/changes.md
@@ -0,0 +1,17 @@
+# Changes between Nix and Determinate Nix
+
+This section lists the differences between upstream Nix 2.24 and Determinate Nix 3.4.0.
+
+* In Determinate Nix, flakes are stable. You no longer need to enable the `flakes` experimental feature.
+
+* In Determinate Nix, the new Nix CLI (i.e. the `nix` command) is stable. You no longer need to enable the `nix-command` experimental feature.
+
+* Determinate Nix has a setting [`json-log-path`](@docroot@/command-ref/conf-file.md#conf-json-log-path) to send a copy of all Nix log messages (in JSON format) to a file or Unix domain socket.
+
+* Determinate Nix has made `nix profile install` an alias to `nix profile add`, a more symmetrical antonym of `nix profile remove`.
+
+* `nix-channel` and `channel:` url syntax (like `channel:nixos-24.11`) is deprecated, see: https://github.com/DeterminateSystems/nix-src/issues/34
+
+* Using indirect flake references and implicit inputs is deprecated, see: https://github.com/DeterminateSystems/nix-src/issues/37
+
+* Warnings around "dirty trees" are updated to reduce "dirty" jargon, and now refers to "uncommitted changes".
diff --git a/doc/manual/source/release-notes-determinate/index.md b/doc/manual/source/release-notes-determinate/index.md
new file mode 100644
index 00000000000..bba33084424
--- /dev/null
+++ b/doc/manual/source/release-notes-determinate/index.md
@@ -0,0 +1,3 @@
+# Determinate Nix Release Notes
+
+This chapter lists the differences between Nix and Determinate Nix, as well as the release history of Determinate Nix.
diff --git a/doc/manual/source/release-notes-determinate/rl-3.0.0.md b/doc/manual/source/release-notes-determinate/rl-3.0.0.md
new file mode 100644
index 00000000000..d60786e9a72
--- /dev/null
+++ b/doc/manual/source/release-notes-determinate/rl-3.0.0.md
@@ -0,0 +1,5 @@
+# Release 3.0.0 (2025-03-04)
+
+* Initial release of Determinate Nix.
+
+* Based on [upstream Nix 2.26.2](../release-notes/rl-2.26.md).
diff --git a/doc/manual/source/release-notes-determinate/rl-3.1.0.md b/doc/manual/source/release-notes-determinate/rl-3.1.0.md
new file mode 100644
index 00000000000..96b7819d08d
--- /dev/null
+++ b/doc/manual/source/release-notes-determinate/rl-3.1.0.md
@@ -0,0 +1,5 @@
+# Release 3.1.0 (2025-03-27)
+
+* Based on [upstream Nix 2.27.1](../release-notes/rl-2.27.md).
+
+* New setting `json-log-path` that sends a copy of all Nix log messages (in JSON format) to a file or Unix domain socket.
diff --git a/doc/manual/source/release-notes-determinate/rl-3.3.0.md b/doc/manual/source/release-notes-determinate/rl-3.3.0.md
new file mode 100644
index 00000000000..badf96415df
--- /dev/null
+++ b/doc/manual/source/release-notes-determinate/rl-3.3.0.md
@@ -0,0 +1,5 @@
+# Release 3.3.0 (2025-04-11)
+
+* Based on [upstream Nix 2.28.1](../release-notes/rl-2.28.md).
+
+* The `nix profile install` command is now an alias to `nix profile add`, a more symmetrical antonym of `nix profile remove`.
diff --git a/doc/manual/source/release-notes-determinate/rl-3.4.0.md b/doc/manual/source/release-notes-determinate/rl-3.4.0.md
new file mode 100644
index 00000000000..24ae03ca554
--- /dev/null
+++ b/doc/manual/source/release-notes-determinate/rl-3.4.0.md
@@ -0,0 +1,50 @@
+# Release 3.4.0 (2025-04-25)
+
+* Based on [upstream Nix 2.28.2](../release-notes/rl-2.28.md).
+
+* **Warn users that `nix-channel` is deprecated.**
+
+This is the first change accomplishing our roadmap item of deprecating Nix channels: https://github.com/DeterminateSystems/nix-src/issues/34
+
+This is due to user confusion and surprising behavior of channels, especially in the context of user vs. root channels.
+
+The goal of this change is to make the user experience of Nix more predictable.
+In particular, these changes are to support users with lower levels of experience who are following guides that focus on channels as the mechanism of distribution.
+
+Users will now see this message:
+
+> nix-channel is deprecated in favor of flakes in Determinate Nix. For a guide on Nix flakes, see: https://zero-to-nix.com/. or details and to offer feedback on the deprecation process, see: https://github.com/DeterminateSystems/nix-src/issues/34.
+
+
+* **Warn users that `channel:` URLs are deprecated.**
+
+This is the second change regarding our deprecation of Nix channels.
+Using a `channel:` URL (like `channel:nixos-24.11`) will yield a warning like this:
+
+> Channels are deprecated in favor of flakes in Determinate Nix. Instead of 'channel:nixos-24.11', use 'https://nixos.org/channels/nixos-24.11/nixexprs.tar.xz'. For a guide on Nix flakes, see: https://zero-to-nix.com/. For details and to offer feedback on the deprecation process, see: https://github.com/DeterminateSystems/nix-src/issues/34.
+
+* **Warn users against indirect flake references in `flake.nix` inputs**
+
+This is the first change accomplishing our roadmap item of deprecating implicit and indirect flake inputs: https://github.com/DeterminateSystems/nix-src/issues/37
+
+The flake registry provides an important UX affordance for using Nix flakes and remote sources in command line uses.
+For that reason, the registry is not being deprecated entirely and will still be used for command-line incantations, like nix run.
+
+This move will eliminate user confusion and surprising behavior around global and local registries during flake input resolution.
+
+The goal of this change is to make the user experience of Nix more predictable.
+We have seen a pattern of confusion when using automatic flake inputs and local registries.
+Specifically, users' flake inputs resolving and locking inconsistently depending on the configuration of the host system.
+
+Users will now see the following warning if their flake.nix uses an implicit or indirect Flake reference input:
+
+> Flake input 'nixpkgs' uses the flake registry. Using the registry in flake inputs is deprecated in Determinate Nix. To make your flake future-proof, add the following to 'xxx/flake.nix':
+>
+> inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+>
+> For more information, see: https://github.com/DeterminateSystems/nix-src/issues/37
+
+
+### Other updates:
+* Improve the "dirty tree" message. Determinate Nix will now say `Git tree '...' has uncommitted changes` instead of `Git tree '...' is dirty`
+* Stop warning about uncommitted changes in a Git repository when using `nix develop`
diff --git a/doc/manual/source/release-notes/rl-2.19.md b/doc/manual/source/release-notes/rl-2.19.md
index e6a93c7eaae..13e573c1dfc 100644
--- a/doc/manual/source/release-notes/rl-2.19.md
+++ b/doc/manual/source/release-notes/rl-2.19.md
@@ -69,7 +69,7 @@
This makes it match `nix derivation show`, which also maps store paths to information.
-- When Nix is installed using the [binary installer](@docroot@/installation/installing-binary.md), in supported shells (Bash, Zsh, Fish)
+- When Nix is installed using the binary installer, in supported shells (Bash, Zsh, Fish)
[`XDG_DATA_DIRS`](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html#variables) is now populated with the path to the `/share` subdirectory of the current profile.
This means that command completion scripts, `.desktop` files, and similar artifacts installed via [`nix-env`](@docroot@/command-ref/nix-env.md) or [`nix profile`](@docroot@/command-ref/new-cli/nix3-profile.md)
(experimental) can be found by any program that follows the [XDG Base Directory Specification](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html).
diff --git a/doc/manual/source/release-notes/rl-2.24.md b/doc/manual/source/release-notes/rl-2.24.md
index 08ec65be902..31e843eb68c 100644
--- a/doc/manual/source/release-notes/rl-2.24.md
+++ b/doc/manual/source/release-notes/rl-2.24.md
@@ -268,6 +268,21 @@
be configured using the `warn-large-path-threshold` setting,
e.g. `--warn-large-path-threshold 100M`.
+- Wrap filesystem exceptions more correctly [#11378](https://github.com/NixOS/nix/pull/11378)
+
+ With the switch to `std::filesystem` in different places, Nix started to throw `std::filesystem::filesystem_error` in many places instead of its own exceptions.
+
+ This led to no longer generating error traces, for example when listing a non-existing directory.
+
+ This version catches these types of exception correctly and wraps them into Nix's own exeception type.
+
+ Author: [**@Mic92**](https://github.com/Mic92)
+
+- `` uses TLS verification [#11585](https://github.com/NixOS/nix/pull/11585)
+
+ Previously `` did not do TLS verification. This was because the Nix sandbox in the past did not have access to TLS certificates, and Nix checks the hash of the fetched file anyway. However, this can expose authentication data from `netrc` and URLs to man-in-the-middle attackers. In addition, Nix now in some cases (such as when using impure derivations) does *not* check the hash. Therefore we have now enabled TLS verification. This means that downloads by `` will now fail if you're fetching from a HTTPS server that does not have a valid certificate.
+
+ `` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue.
# Contributors
diff --git a/doc/manual/source/release-notes/rl-2.27.md b/doc/manual/source/release-notes/rl-2.27.md
index b4918029aa0..3643f747638 100644
--- a/doc/manual/source/release-notes/rl-2.27.md
+++ b/doc/manual/source/release-notes/rl-2.27.md
@@ -38,6 +38,15 @@
Curl created sockets without setting `FD_CLOEXEC`/`SOCK_CLOEXEC`. This could previously cause connections to remain open forever when using commands like `nix shell`. This change sets the `FD_CLOEXEC` flag using a `CURLOPT_SOCKOPTFUNCTION` callback.
+- Add BLAKE3 hash algorithm [#12379](https://github.com/NixOS/nix/pull/12379)
+
+ Nix now supports the BLAKE3 hash algorithm as an experimental feature (`blake3-hashes`):
+
+ ```console
+ # nix hash file ./file --type blake3 --extra-experimental-features blake3-hashes
+ blake3-34P4p+iZXcbbyB1i4uoF7eWCGcZHjmaRn6Y7QdynLwU=
+ ```
+
# Contributors
This release was made possible by the following 21 contributors:
diff --git a/docker.nix b/docker.nix
index d52c317d6b1..8522f432f7f 100644
--- a/docker.nix
+++ b/docker.nix
@@ -295,7 +295,7 @@ let
globalFlakeRegistryPath="$nixCacheDir/flake-registry.json"
ln -s ${flake-registry-path} $out$globalFlakeRegistryPath
mkdir -p $out/nix/var/nix/gcroots/auto
- rootName=$(${pkgs.nix}/bin/nix --extra-experimental-features nix-command hash file --type sha1 --base32 <(echo -n $globalFlakeRegistryPath))
+ rootName=$(${pkgs.nix}/bin/nix hash file --type sha1 --base32 <(echo -n $globalFlakeRegistryPath))
ln -s $globalFlakeRegistryPath $out/nix/var/nix/gcroots/auto/$rootName
'')
);
diff --git a/flake.nix b/flake.nix
index 674326925ba..03c25204e42 100644
--- a/flake.nix
+++ b/flake.nix
@@ -34,7 +34,7 @@
officialRelease = true;
- linux32BitSystems = [ "i686-linux" ];
+ linux32BitSystems = [ ];
linux64BitSystems = [
"x86_64-linux"
"aarch64-linux"
@@ -53,7 +53,6 @@
# Disabled because of https://github.com/NixOS/nixpkgs/issues/344423
# "x86_64-unknown-netbsd"
"x86_64-unknown-freebsd"
- "x86_64-w64-mingw32"
];
stdenvs = [
@@ -215,7 +214,6 @@
system:
{
installerScriptForGHA = self.hydraJobs.installerScriptForGHA.${system};
- installTests = self.hydraJobs.installTests.${system};
nixpkgsLibTests = self.hydraJobs.tests.nixpkgsLibTests.${system};
rl-next =
let
@@ -338,6 +336,40 @@
nix-manual = nixpkgsFor.${system}.native.nixComponents.nix-manual;
nix-internal-api-docs = nixpkgsFor.${system}.native.nixComponents.nix-internal-api-docs;
nix-external-api-docs = nixpkgsFor.${system}.native.nixComponents.nix-external-api-docs;
+
+ fallbackPathsNix =
+ let
+ pkgs = nixpkgsFor.${system}.native;
+
+ closures = forAllSystems (system: self.packages.${system}.default.outPath);
+
+ closures_json =
+ pkgs.runCommand "versions.json"
+ {
+ buildInputs = [ pkgs.jq ];
+ passAsFile = [ "json" ];
+ json = builtins.toJSON closures;
+ }
+ ''
+ cat "$jsonPath" | jq . > $out
+ '';
+
+ closures_nix =
+ pkgs.runCommand "versions.nix"
+ {
+ buildInputs = [ pkgs.jq ];
+ passAsFile = [ "template" ];
+ jsonPath = closures_json;
+ template = ''
+ builtins.fromJSON('''@closures@''')
+ '';
+ }
+ ''
+ export closures=$(cat "$jsonPath");
+ substituteAll "$templatePath" "$out"
+ '';
+ in
+ closures_nix;
}
# We need to flatten recursive attribute sets of derivations to pass `flake check`.
//
@@ -390,8 +422,6 @@
{
# These attributes go right into `packages.`.
"${pkgName}" = nixpkgsFor.${system}.native.nixComponents.${pkgName};
- "${pkgName}-static" = nixpkgsFor.${system}.native.pkgsStatic.nixComponents.${pkgName};
- "${pkgName}-llvm" = nixpkgsFor.${system}.native.pkgsLLVM.nixComponents.${pkgName};
}
// lib.optionalAttrs supportsCross (
flatMapAttrs (lib.genAttrs crossSystems (_: { })) (
@@ -448,32 +478,6 @@
}
)
)
- // lib.optionalAttrs (!nixpkgsFor.${system}.native.stdenv.isDarwin) (
- prefixAttrs "static" (
- forAllStdenvs (
- stdenvName:
- makeShell {
- pkgs = nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.pkgsStatic;
- }
- )
- )
- // prefixAttrs "llvm" (
- forAllStdenvs (
- stdenvName:
- makeShell {
- pkgs = nixpkgsFor.${system}.nativeForStdenv.${stdenvName}.pkgsLLVM;
- }
- )
- )
- // prefixAttrs "cross" (
- forAllCrossSystems (
- crossSystem:
- makeShell {
- pkgs = nixpkgsFor.${system}.cross.${crossSystem};
- }
- )
- )
- )
// {
native = self.devShells.${system}.native-stdenv;
default = self.devShells.${system}.native;
diff --git a/packaging/components.nix b/packaging/components.nix
index cd1d219b886..c9886aa41ad 100644
--- a/packaging/components.nix
+++ b/packaging/components.nix
@@ -27,7 +27,7 @@ let
pkg-config
;
- baseVersion = lib.fileContents ../.version;
+ baseVersion = lib.fileContents ../.version-determinate;
versionSuffix = lib.optionalString (!officialRelease) "pre";
@@ -51,15 +51,6 @@ let
exts: userFn: stdenv.mkDerivation (lib.extends (lib.composeManyExtensions exts) userFn);
setVersionLayer = finalAttrs: prevAttrs: {
- preConfigure =
- prevAttrs.preConfigure or ""
- +
- # Update the repo-global .version file.
- # Symlink ./.version points there, but by default only workDir is writable.
- ''
- chmod u+w ./.version
- echo ${finalAttrs.version} > ./.version
- '';
};
localSourceLayer =
diff --git a/packaging/dev-shell.nix b/packaging/dev-shell.nix
index e824ebf71b4..21b2b472362 100644
--- a/packaging/dev-shell.nix
+++ b/packaging/dev-shell.nix
@@ -26,7 +26,7 @@ pkgs.nixComponents.nix-util.overrideAttrs (
pname = "shell-for-" + attrs.pname;
# Remove the version suffix to avoid unnecessary attempts to substitute in nix develop
- version = lib.fileContents ../.version;
+ version = lib.fileContents ../.version-determinate;
name = attrs.pname;
installFlags = "sysconfdir=$(out)/etc";
diff --git a/packaging/everything.nix b/packaging/everything.nix
index 1835eefb643..f11b291633a 100644
--- a/packaging/everything.nix
+++ b/packaging/everything.nix
@@ -73,7 +73,7 @@ let
};
devdoc = buildEnv {
- name = "nix-${nix-cli.version}-devdoc";
+ name = "determinate-nix-${nix-cli.version}-devdoc";
paths = [
nix-internal-api-docs
nix-external-api-docs
@@ -82,7 +82,7 @@ let
in
stdenv.mkDerivation (finalAttrs: {
- pname = "nix";
+ pname = "determinate-nix";
version = nix-cli.version;
/**
diff --git a/packaging/hydra.nix b/packaging/hydra.nix
index 74e245f26c5..141c8af0439 100644
--- a/packaging/hydra.nix
+++ b/packaging/hydra.nix
@@ -118,65 +118,6 @@ in
system: self.devShells.${system}.default.inputDerivation
)) [ "i686-linux" ];
- buildStatic = forAllPackages (
- pkgName:
- lib.genAttrs linux64BitSystems (
- system: nixpkgsFor.${system}.native.pkgsStatic.nixComponents.${pkgName}
- )
- );
-
- buildCross = forAllPackages (
- pkgName:
- # Hack to avoid non-evaling package
- (
- if pkgName == "nix-functional-tests" then
- lib.flip builtins.removeAttrs [ "x86_64-w64-mingw32" ]
- else
- lib.id
- )
- (
- forAllCrossSystems (
- crossSystem:
- lib.genAttrs [ "x86_64-linux" ] (
- system: nixpkgsFor.${system}.cross.${crossSystem}.nixComponents.${pkgName}
- )
- )
- )
- );
-
- buildNoGc =
- let
- components = forAllSystems (
- system:
- nixpkgsFor.${system}.native.nixComponents.overrideScope (
- self: super: {
- nix-expr = super.nix-expr.override { enableGC = false; };
- }
- )
- );
- in
- forAllPackages (pkgName: forAllSystems (system: components.${system}.${pkgName}));
-
- buildNoTests = forAllSystems (system: nixpkgsFor.${system}.native.nixComponents.nix-cli);
-
- # Toggles some settings for better coverage. Windows needs these
- # library combinations, and Debian build Nix with GNU readline too.
- buildReadlineNoMarkdown =
- let
- components = forAllSystems (
- system:
- nixpkgsFor.${system}.native.nixComponents.overrideScope (
- self: super: {
- nix-cmd = super.nix-cmd.override {
- enableMarkdown = false;
- readlineFlavor = "readline";
- };
- }
- )
- );
- in
- forAllPackages (pkgName: forAllSystems (system: components.${system}.${pkgName}));
-
# Perl bindings for various platforms.
perlBindings = forAllSystems (system: nixpkgsFor.${system}.native.nixComponents.nix-perl-bindings);
@@ -187,30 +128,6 @@ in
system: nixpkgsFor.${system}.native.callPackage ./binary-tarball.nix { }
);
- binaryTarballCross = lib.genAttrs [ "x86_64-linux" ] (
- system:
- forAllCrossSystems (
- crossSystem: nixpkgsFor.${system}.cross.${crossSystem}.callPackage ./binary-tarball.nix { }
- )
- );
-
- # The first half of the installation script. This is uploaded
- # to https://nixos.org/nix/install. It downloads the binary
- # tarball for the user's system and calls the second half of the
- # installation script.
- installerScript = installScriptFor [
- # Native
- self.hydraJobs.binaryTarball."x86_64-linux"
- self.hydraJobs.binaryTarball."i686-linux"
- self.hydraJobs.binaryTarball."aarch64-linux"
- self.hydraJobs.binaryTarball."x86_64-darwin"
- self.hydraJobs.binaryTarball."aarch64-darwin"
- # Cross
- self.hydraJobs.binaryTarballCross."x86_64-linux"."armv6l-unknown-linux-gnueabihf"
- self.hydraJobs.binaryTarballCross."x86_64-linux"."armv7l-unknown-linux-gnueabihf"
- self.hydraJobs.binaryTarballCross."x86_64-linux"."riscv64-unknown-linux-gnu"
- ];
-
installerScriptForGHA = forAllSystems (
system:
nixpkgsFor.${system}.native.callPackage ./installer {
@@ -275,25 +192,4 @@ in
pkgs = nixpkgsFor.x86_64-linux.native;
nixpkgs = nixpkgs-regression;
};
-
- installTests = forAllSystems (
- system:
- let
- pkgs = nixpkgsFor.${system}.native;
- in
- pkgs.runCommand "install-tests" {
- againstSelf = testNixVersions pkgs pkgs.nix;
- againstCurrentLatest =
- # FIXME: temporarily disable this on macOS because of #3605.
- if system == "x86_64-linux" then testNixVersions pkgs pkgs.nixVersions.latest else null;
- # Disabled because the latest stable version doesn't handle
- # `NIX_DAEMON_SOCKET_PATH` which is required for the tests to work
- # againstLatestStable = testNixVersions pkgs pkgs.nixStable;
- } "touch $out"
- );
-
- installerTests = import ../tests/installer {
- binaryTarballs = self.hydraJobs.binaryTarball;
- inherit nixpkgsFor;
- };
}
diff --git a/packaging/installer/default.nix b/packaging/installer/default.nix
index e171f36f99f..a8e344b496c 100644
--- a/packaging/installer/default.nix
+++ b/packaging/installer/default.nix
@@ -32,7 +32,7 @@ runCommand "installer-script"
in
''
\
- --replace '@tarballHash_${system}@' $(nix --experimental-features nix-command hash-file --base16 --type sha256 ${tarball}/*.tar.xz) \
+ --replace '@tarballHash_${system}@' $(nix hash-file --base16 --type sha256 ${tarball}/*.tar.xz) \
--replace '@tarballPath_${system}@' $(tarballPath ${tarball}/*.tar.xz) \
''
) tarballs
diff --git a/src/external-api-docs/package.nix b/src/external-api-docs/package.nix
index b194e16d460..28cde8c09e6 100644
--- a/src/external-api-docs/package.nix
+++ b/src/external-api-docs/package.nix
@@ -14,7 +14,7 @@ let
in
mkMesonDerivation (finalAttrs: {
- pname = "nix-external-api-docs";
+ pname = "determinate-nix-external-api-docs";
inherit version;
workDir = ./.;
diff --git a/src/internal-api-docs/package.nix b/src/internal-api-docs/package.nix
index 6c4f354aee5..636c19653ea 100644
--- a/src/internal-api-docs/package.nix
+++ b/src/internal-api-docs/package.nix
@@ -14,7 +14,7 @@ let
in
mkMesonDerivation (finalAttrs: {
- pname = "nix-internal-api-docs";
+ pname = "determinate-nix-internal-api-docs";
inherit version;
workDir = ./.;
diff --git a/src/libcmd/command.cc b/src/libcmd/command.cc
index 565f424dde7..56541fa5755 100644
--- a/src/libcmd/command.cc
+++ b/src/libcmd/command.cc
@@ -237,12 +237,13 @@ void StorePathCommand::run(ref store, StorePaths && storePaths)
MixProfile::MixProfile()
{
- addFlag(
- {.longName = "profile",
- .description = "The profile to operate on.",
- .labels = {"path"},
- .handler = {&profile},
- .completer = completePath});
+ addFlag({
+ .longName = "profile",
+ .description = "The profile to operate on.",
+ .labels = {"path"},
+ .handler = {&profile},
+ .completer = completePath,
+ });
}
void MixProfile::updateProfile(const StorePath & storePath)
diff --git a/src/libcmd/common-eval-args.cc b/src/libcmd/common-eval-args.cc
index c051792f3d3..21584b74aff 100644
--- a/src/libcmd/common-eval-args.cc
+++ b/src/libcmd/common-eval-args.cc
@@ -30,7 +30,6 @@ EvalSettings evalSettings {
{
"flake",
[](EvalState & state, std::string_view rest) {
- experimentalFeatureSettings.require(Xp::Flakes);
// FIXME `parseFlakeRef` should take a `std::string_view`.
auto flakeRef = parseFlakeRef(fetchSettings, std::string { rest }, {}, true, false);
debug("fetching flake search path element '%s''", rest);
@@ -63,7 +62,7 @@ MixEvalArgs::MixEvalArgs()
.description = "Pass the value *expr* as the argument *name* to Nix functions.",
.category = category,
.labels = {"name", "expr"},
- .handler = {[&](std::string name, std::string expr) { autoArgs.insert_or_assign(name, AutoArg{AutoArgExpr{expr}}); }}
+ .handler = {[&](std::string name, std::string expr) { autoArgs.insert_or_assign(name, AutoArg{AutoArgExpr{expr}}); }},
});
addFlag({
@@ -80,7 +79,7 @@ MixEvalArgs::MixEvalArgs()
.category = category,
.labels = {"name", "path"},
.handler = {[&](std::string name, std::string path) { autoArgs.insert_or_assign(name, AutoArg{AutoArgFile{path}}); }},
- .completer = completePath
+ .completer = completePath,
});
addFlag({
@@ -105,7 +104,7 @@ MixEvalArgs::MixEvalArgs()
.labels = {"path"},
.handler = {[&](std::string s) {
lookupPath.elements.emplace_back(LookupPath::Elem::parse(s));
- }}
+ }},
});
addFlag({
@@ -131,7 +130,7 @@ MixEvalArgs::MixEvalArgs()
}},
.completer = {[&](AddCompletions & completions, size_t, std::string_view prefix) {
completeFlakeRef(completions, openStore(), prefix);
- }}
+ }},
});
addFlag({
@@ -183,7 +182,6 @@ SourcePath lookupFileArg(EvalState & state, std::string_view s, const Path * bas
}
else if (hasPrefix(s, "flake:")) {
- experimentalFeatureSettings.require(Xp::Flakes);
auto flakeRef = parseFlakeRef(fetchSettings, std::string(s.substr(6)), {}, true, false);
auto [accessor, lockedRef] = flakeRef.resolve(state.store).lazyFetch(state.store);
auto storePath = nix::fetchToStore(*state.store, SourcePath(accessor), FetchMode::Copy, lockedRef.input.getName());
diff --git a/src/libcmd/include/nix/cmd/command.hh b/src/libcmd/include/nix/cmd/command.hh
index 6b6418f51e5..11981a76995 100644
--- a/src/libcmd/include/nix/cmd/command.hh
+++ b/src/libcmd/include/nix/cmd/command.hh
@@ -214,6 +214,8 @@ struct InstallableCommand : virtual Args, SourceExprCommand
{
InstallableCommand();
+ virtual void preRun(ref store);
+
virtual void run(ref store, ref installable) = 0;
void run(ref store) override;
diff --git a/src/libcmd/installables.cc b/src/libcmd/installables.cc
index c010887fa00..1047f94f1f9 100644
--- a/src/libcmd/installables.cc
+++ b/src/libcmd/installables.cc
@@ -64,21 +64,21 @@ MixFlakeOptions::MixFlakeOptions()
.handler = {[&]() {
lockFlags.recreateLockFile = true;
warn("'--recreate-lock-file' is deprecated and will be removed in a future version; use 'nix flake update' instead.");
- }}
+ }},
});
addFlag({
.longName = "no-update-lock-file",
.description = "Do not allow any updates to the flake's lock file.",
.category = category,
- .handler = {&lockFlags.updateLockFile, false}
+ .handler = {&lockFlags.updateLockFile, false},
});
addFlag({
.longName = "no-write-lock-file",
.description = "Do not write the flake's newly generated lock file.",
.category = category,
- .handler = {&lockFlags.writeLockFile, false}
+ .handler = {&lockFlags.writeLockFile, false},
});
addFlag({
@@ -94,14 +94,14 @@ MixFlakeOptions::MixFlakeOptions()
.handler = {[&]() {
lockFlags.useRegistries = false;
warn("'--no-registries' is deprecated; use '--no-use-registries'");
- }}
+ }},
});
addFlag({
.longName = "commit-lock-file",
.description = "Commit changes to the flake's lock file.",
.category = category,
- .handler = {&lockFlags.commitLockFile, true}
+ .handler = {&lockFlags.commitLockFile, true},
});
addFlag({
@@ -121,7 +121,7 @@ MixFlakeOptions::MixFlakeOptions()
}},
.completer = {[&](AddCompletions & completions, size_t, std::string_view prefix) {
completeFlakeInputAttrPath(completions, getEvalState(), getFlakeRefsForCompletion(), prefix);
- }}
+ }},
});
addFlag({
@@ -141,7 +141,7 @@ MixFlakeOptions::MixFlakeOptions()
} else if (n == 1) {
completeFlakeRef(completions, getEvalState()->store, prefix);
}
- }}
+ }},
});
addFlag({
@@ -152,7 +152,7 @@ MixFlakeOptions::MixFlakeOptions()
.handler = {[&](std::string lockFilePath) {
lockFlags.referenceLockFilePath = {getFSSourceAccessor(), CanonPath(absPath(lockFilePath))};
}},
- .completer = completePath
+ .completer = completePath,
});
addFlag({
@@ -163,7 +163,7 @@ MixFlakeOptions::MixFlakeOptions()
.handler = {[&](std::string lockFilePath) {
lockFlags.outputLockFilePath = lockFilePath;
}},
- .completer = completePath
+ .completer = completePath,
});
addFlag({
@@ -190,7 +190,7 @@ MixFlakeOptions::MixFlakeOptions()
}},
.completer = {[&](AddCompletions & completions, size_t, std::string_view prefix) {
completeFlakeRef(completions, getEvalState()->store, prefix);
- }}
+ }},
});
}
@@ -206,7 +206,7 @@ SourceExprCommand::SourceExprCommand()
.category = installablesCategory,
.labels = {"file"},
.handler = {&file},
- .completer = completePath
+ .completer = completePath,
});
addFlag({
@@ -214,7 +214,7 @@ SourceExprCommand::SourceExprCommand()
.description = "Interpret [*installables*](@docroot@/command-ref/new-cli/nix.md#installables) as attribute paths relative to the Nix expression *expr*.",
.category = installablesCategory,
.labels = {"expr"},
- .handler = {&expr}
+ .handler = {&expr},
});
}
@@ -401,9 +401,6 @@ void completeFlakeRefWithFragment(
void completeFlakeRef(AddCompletions & completions, ref store, std::string_view prefix)
{
- if (!experimentalFeatureSettings.isEnabled(Xp::Flakes))
- return;
-
if (prefix == "")
completions.add(".");
@@ -834,7 +831,7 @@ RawInstallablesCommand::RawInstallablesCommand()
addFlag({
.longName = "stdin",
.description = "Read installables from the standard input. No default installable applied.",
- .handler = {&readFromStdIn, true}
+ .handler = {&readFromStdIn, true},
});
expectArgs({
@@ -847,7 +844,7 @@ RawInstallablesCommand::RawInstallablesCommand()
void RawInstallablesCommand::applyDefaultInstallables(std::vector & rawInstallables)
{
if (rawInstallables.empty()) {
- // FIXME: commands like "nix profile install" should not have a
+ // FIXME: commands like "nix profile add" should not have a
// default, probably.
rawInstallables.push_back(".");
}
@@ -906,8 +903,13 @@ InstallableCommand::InstallableCommand()
});
}
+void InstallableCommand::preRun(ref store)
+{
+}
+
void InstallableCommand::run(ref store)
{
+ preRun(store);
auto installable = parseInstallable(store, _installable);
run(store, std::move(installable));
}
diff --git a/src/libcmd/package.nix b/src/libcmd/package.nix
index be5054f6403..5c9040e8b17 100644
--- a/src/libcmd/package.nix
+++ b/src/libcmd/package.nix
@@ -35,7 +35,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-cmd";
+ pname = "determinate-nix-cmd";
inherit version;
workDir = ./.;
diff --git a/src/libexpr-c/package.nix b/src/libexpr-c/package.nix
index 694fbc1fe78..ec92ecce105 100644
--- a/src/libexpr-c/package.nix
+++ b/src/libexpr-c/package.nix
@@ -15,7 +15,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-expr-c";
+ pname = "determinate-nix-expr-c";
inherit version;
workDir = ./.;
diff --git a/src/libexpr-test-support/package.nix b/src/libexpr-test-support/package.nix
index 5cb4adaa8c4..1879a571608 100644
--- a/src/libexpr-test-support/package.nix
+++ b/src/libexpr-test-support/package.nix
@@ -18,7 +18,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-util-test-support";
+ pname = "determinate-nix-util-test-support";
inherit version;
workDir = ./.;
diff --git a/src/libexpr/eval-settings.cc b/src/libexpr/eval-settings.cc
index 659c01a9e63..8fbe94aef19 100644
--- a/src/libexpr/eval-settings.cc
+++ b/src/libexpr/eval-settings.cc
@@ -84,9 +84,17 @@ bool EvalSettings::isPseudoUrl(std::string_view s)
std::string EvalSettings::resolvePseudoUrl(std::string_view url)
{
- if (hasPrefix(url, "channel:"))
- return "https://nixos.org/channels/" + std::string(url.substr(8)) + "/nixexprs.tar.xz";
- else
+ if (hasPrefix(url, "channel:")) {
+ auto realUrl = "https://nixos.org/channels/" + std::string(url.substr(8)) + "/nixexprs.tar.xz";
+ static bool haveWarned = false;
+ warnOnce(haveWarned,
+ "Channels are deprecated in favor of flakes in Determinate Nix. "
+ "Instead of '%s', use '%s'. "
+ "For a guide on Nix flakes, see: https://zero-to-nix.com/. "
+ "For details and to offer feedback on the deprecation process, see: https://github.com/DeterminateSystems/nix-src/issues/34.",
+ url, realUrl);
+ return realUrl;
+ } else
return std::string(url);
}
@@ -103,4 +111,4 @@ Path getNixDefExpr()
: getHome() + "/.nix-defexpr";
}
-} // namespace nix
\ No newline at end of file
+} // namespace nix
diff --git a/src/libexpr/eval.cc b/src/libexpr/eval.cc
index 36f2cd7d743..f095b393b21 100644
--- a/src/libexpr/eval.cc
+++ b/src/libexpr/eval.cc
@@ -15,6 +15,7 @@
#include "nix/expr/print.hh"
#include "nix/fetchers/filtering-source-accessor.hh"
#include "nix/util/memory-source-accessor.hh"
+#include "nix/util/mounted-source-accessor.hh"
#include "nix/expr/gc-small-vector.hh"
#include "nix/util/url.hh"
#include "nix/fetchers/fetch-to-store.hh"
@@ -246,6 +247,12 @@ EvalState::EvalState(
}
, repair(NoRepair)
, emptyBindings(0)
+ , storeFS(
+ makeMountedSourceAccessor(
+ {
+ {CanonPath::root, makeEmptySourceAccessor()},
+ {CanonPath(store->storeDir), makeFSSourceAccessor(dirOf(store->toRealPath(StorePath::dummy)))}
+ }))
, rootFS(
({
/* In pure eval mode, we provide a filesystem that only
@@ -261,13 +268,8 @@ EvalState::EvalState(
auto realStoreDir = dirOf(store->toRealPath(StorePath::dummy));
if (settings.pureEval || store->storeDir != realStoreDir) {
- auto storeFS = makeMountedSourceAccessor(
- {
- {CanonPath::root, makeEmptySourceAccessor()},
- {CanonPath(store->storeDir), makeFSSourceAccessor(realStoreDir)}
- });
accessor = settings.pureEval
- ? storeFS
+ ? storeFS.cast()
: makeUnionSourceAccessor({accessor, storeFS});
}
@@ -3068,6 +3070,11 @@ SourcePath EvalState::findFile(const LookupPath & lookupPath, const std::string_
auto res = (r / CanonPath(suffix)).resolveSymlinks();
if (res.pathExists()) return res;
+
+ // Backward compatibility hack: throw an exception if access
+ // to this path is not allowed.
+ if (auto accessor = res.accessor.dynamic_pointer_cast())
+ accessor->checkAccess(res.path);
}
if (hasPrefix(path, "nix/"))
@@ -3138,6 +3145,11 @@ std::optional EvalState::resolveLookupPathPath(const LookupPath::Pat
if (path.resolveSymlinks().pathExists())
return finish(std::move(path));
else {
+ // Backward compatibility hack: throw an exception if access
+ // to this path is not allowed.
+ if (auto accessor = path.accessor.dynamic_pointer_cast())
+ accessor->checkAccess(path.path);
+
logWarning({
.msg = HintFmt("Nix search path entry '%1%' does not exist, ignoring", value)
});
diff --git a/src/libexpr/include/nix/expr/eval-settings.hh b/src/libexpr/include/nix/expr/eval-settings.hh
index 8d3db59b3bb..fb482568a57 100644
--- a/src/libexpr/include/nix/expr/eval-settings.hh
+++ b/src/libexpr/include/nix/expr/eval-settings.hh
@@ -88,7 +88,7 @@ struct EvalSettings : Config
- `$HOME/.nix-defexpr/channels`
- The [user channel link](@docroot@/command-ref/files/default-nix-expression.md#user-channel-link), pointing to the current state of [channels](@docroot@/command-ref/files/channels.md) for the current user.
+ The user channel link pointing to the current state of channels for the current user.
- `nixpkgs=$NIX_STATE_DIR/profiles/per-user/root/channels/nixpkgs`
@@ -98,7 +98,7 @@ struct EvalSettings : Config
The current state of all channels for the `root` user.
- These files are set up by the [Nix installer](@docroot@/installation/installing-binary.md).
+ These files are set up by the Nix installer.
See [`NIX_STATE_DIR`](@docroot@/command-ref/env-common.md#env-NIX_STATE_DIR) for details on the environment variable.
> **Note**
diff --git a/src/libexpr/include/nix/expr/eval.hh b/src/libexpr/include/nix/expr/eval.hh
index 0933c6e893e..9623c2a9cc6 100644
--- a/src/libexpr/include/nix/expr/eval.hh
+++ b/src/libexpr/include/nix/expr/eval.hh
@@ -40,6 +40,7 @@ class StorePath;
struct SingleDerivedPath;
enum RepairFlag : bool;
struct MemorySourceAccessor;
+struct MountedSourceAccessor;
namespace eval_cache {
class EvalCache;
}
@@ -265,6 +266,11 @@ public:
/** `"unknown"` */
Value vStringUnknown;
+ /**
+ * The accessor corresponding to `store`.
+ */
+ const ref storeFS;
+
/**
* The accessor for the root filesystem.
*/
diff --git a/src/libexpr/include/nix/expr/meson.build b/src/libexpr/include/nix/expr/meson.build
index 01275e52ee1..50ea8f3c22c 100644
--- a/src/libexpr/include/nix/expr/meson.build
+++ b/src/libexpr/include/nix/expr/meson.build
@@ -20,7 +20,6 @@ headers = [config_pub_h] + files(
'gc-small-vector.hh',
'get-drvs.hh',
'json-to-value.hh',
- # internal: 'lexer-helpers.hh',
'nixexpr.hh',
'parser-state.hh',
'primops.hh',
diff --git a/src/libexpr/include/nix/expr/nixexpr.hh b/src/libexpr/include/nix/expr/nixexpr.hh
index 9409bdca86b..a5ce0fd8922 100644
--- a/src/libexpr/include/nix/expr/nixexpr.hh
+++ b/src/libexpr/include/nix/expr/nixexpr.hh
@@ -65,7 +65,7 @@ struct DocComment {
struct AttrName
{
Symbol symbol;
- Expr * expr;
+ Expr * expr = nullptr;
AttrName(Symbol s) : symbol(s) {};
AttrName(Expr * e) : expr(e) {};
};
@@ -159,7 +159,7 @@ struct ExprVar : Expr
`nullptr`: Not from a `with`.
Valid pointer: the nearest, innermost `with` expression to query first. */
- ExprWith * fromWith;
+ ExprWith * fromWith = nullptr;
/* In the former case, the value is obtained by going `level`
levels up from the current environment and getting the
@@ -167,7 +167,7 @@ struct ExprVar : Expr
value is obtained by getting the attribute named `name` from
the set stored in the environment that is `level` levels up
from the current one.*/
- Level level;
+ Level level = 0;
Displacement displ = 0;
ExprVar(Symbol name) : name(name) { };
diff --git a/src/libexpr/lexer-helpers.cc b/src/libexpr/lexer-helpers.cc
index 4b27393bbac..927e3cc7324 100644
--- a/src/libexpr/lexer-helpers.cc
+++ b/src/libexpr/lexer-helpers.cc
@@ -1,7 +1,4 @@
-#include "lexer-tab.hh"
-#include "parser-tab.hh"
-
-#include "nix/expr/lexer-helpers.hh"
+#include "lexer-helpers.hh"
void nix::lexer::internal::initLoc(YYLTYPE * loc)
{
diff --git a/src/libexpr/include/nix/expr/lexer-helpers.hh b/src/libexpr/lexer-helpers.hh
similarity index 100%
rename from src/libexpr/include/nix/expr/lexer-helpers.hh
rename to src/libexpr/lexer-helpers.hh
diff --git a/src/libexpr/lexer.l b/src/libexpr/lexer.l
index 511c8e47bbf..1e196741d21 100644
--- a/src/libexpr/lexer.l
+++ b/src/libexpr/lexer.l
@@ -25,8 +25,7 @@
#endif
#include "nix/expr/nixexpr.hh"
-#include "parser-tab.hh"
-#include "nix/expr/lexer-helpers.hh"
+#include "lexer-helpers.hh"
namespace nix {
struct LexerState;
diff --git a/src/libexpr/package.nix b/src/libexpr/package.nix
index 50161c58ba2..7e00416170c 100644
--- a/src/libexpr/package.nix
+++ b/src/libexpr/package.nix
@@ -36,7 +36,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-expr";
+ pname = "determinate-nix-expr";
inherit version;
workDir = ./.;
diff --git a/src/libexpr/primops/fetchMercurial.cc b/src/libexpr/primops/fetchMercurial.cc
index 189bd1f73d7..843beb4d195 100644
--- a/src/libexpr/primops/fetchMercurial.cc
+++ b/src/libexpr/primops/fetchMercurial.cc
@@ -64,7 +64,7 @@ static void prim_fetchMercurial(EvalState & state, const PosIdx pos, Value * * a
if (rev) attrs.insert_or_assign("rev", rev->gitRev());
auto input = fetchers::Input::fromAttrs(state.fetchSettings, std::move(attrs));
- auto [storePath, input2] = input.fetchToStore(state.store);
+ auto [storePath, accessor, input2] = input.fetchToStore(state.store);
auto attrs2 = state.buildBindings(8);
state.mkStorePathString(storePath, attrs2.alloc(state.sOutPath));
diff --git a/src/libexpr/primops/fetchTree.cc b/src/libexpr/primops/fetchTree.cc
index 0be9f4bdc7d..e16dde12c07 100644
--- a/src/libexpr/primops/fetchTree.cc
+++ b/src/libexpr/primops/fetchTree.cc
@@ -10,6 +10,7 @@
#include "nix/util/url.hh"
#include "nix/expr/value-to-json.hh"
#include "nix/fetchers/fetch-to-store.hh"
+#include "nix/util/mounted-source-accessor.hh"
#include
@@ -172,15 +173,11 @@ static void fetchTree(
}
input = fetchers::Input::fromAttrs(state.fetchSettings, std::move(attrs));
} else {
- if (!experimentalFeatureSettings.isEnabled(Xp::Flakes))
- state.error(
- "passing a string argument to '%s' requires the 'flakes' experimental feature", fetcher
- ).atPos(pos).debugThrow();
input = fetchers::Input::fromURL(state.fetchSettings, url);
}
}
- if (!state.settings.pureEval && !input.isDirect() && experimentalFeatureSettings.isEnabled(Xp::Flakes))
+ if (!state.settings.pureEval && !input.isDirect())
input = lookupInRegistries(state.store, input).first;
if (state.settings.pureEval && !input.isLocked()) {
@@ -204,10 +201,12 @@ static void fetchTree(
throw Error("input '%s' is not allowed to use the '__final' attribute", input.to_string());
}
- auto [storePath, input2] = input.fetchToStore(state.store);
+ auto [storePath, accessor, input2] = input.fetchToStore(state.store);
state.allowPath(storePath);
+ state.storeFS->mount(CanonPath(state.store->printStorePath(storePath)), accessor);
+
emitTreeAttrs(state, storePath, input2, v, params.emptyRevFallback, false);
}
@@ -406,7 +405,6 @@ static RegisterPrimOp primop_fetchTree({
- `"mercurial"`
*input* can also be a [URL-like reference](@docroot@/command-ref/new-cli/nix3-flake.md#flake-references).
- The additional input types and the URL-like syntax requires the [`flakes` experimental feature](@docroot@/development/experimental-features.md#xp-feature-flakes) to be enabled.
> **Example**
>
@@ -443,7 +441,6 @@ static RegisterPrimOp primop_fetchTree({
> ```
)",
.fun = prim_fetchTree,
- .experimentalFeature = Xp::FetchTree,
});
void prim_fetchFinalTree(EvalState & state, const PosIdx pos, Value * * args, Value & v)
diff --git a/src/libfetchers-tests/access-tokens.cc b/src/libfetchers-tests/access-tokens.cc
index 93043ba3efd..e7570c31cce 100644
--- a/src/libfetchers-tests/access-tokens.cc
+++ b/src/libfetchers-tests/access-tokens.cc
@@ -15,10 +15,7 @@ class AccessKeysTest : public ::testing::Test
protected:
public:
- void SetUp() override
- {
- experimentalFeatureSettings.experimentalFeatures.get().insert(Xp::Flakes);
- }
+ void SetUp() override {}
void TearDown() override {}
};
diff --git a/src/libfetchers/fetchers.cc b/src/libfetchers/fetchers.cc
index 3ae45dcf821..9693f1773b0 100644
--- a/src/libfetchers/fetchers.cc
+++ b/src/libfetchers/fetchers.cc
@@ -187,34 +187,30 @@ bool Input::contains(const Input & other) const
}
// FIXME: remove
-std::pair Input::fetchToStore(ref store) const
+std::tuple, Input> Input::fetchToStore(ref store) const
{
if (!scheme)
throw Error("cannot fetch unsupported input '%s'", attrsToJSON(toAttrs()));
- auto [storePath, input] = [&]() -> std::pair {
- try {
- auto [accessor, result] = getAccessorUnchecked(store);
-
- auto storePath = nix::fetchToStore(*store, SourcePath(accessor), FetchMode::Copy, result.getName());
+ try {
+ auto [accessor, result] = getAccessorUnchecked(store);
- auto narHash = store->queryPathInfo(storePath)->narHash;
- result.attrs.insert_or_assign("narHash", narHash.to_string(HashFormat::SRI, true));
+ auto storePath = nix::fetchToStore(*store, SourcePath(accessor), FetchMode::Copy, result.getName());
- result.attrs.insert_or_assign("__final", Explicit(true));
+ auto narHash = store->queryPathInfo(storePath)->narHash;
+ result.attrs.insert_or_assign("narHash", narHash.to_string(HashFormat::SRI, true));
- assert(result.isFinal());
+ result.attrs.insert_or_assign("__final", Explicit(true));
- checkLocks(*this, result);
+ assert(result.isFinal());
- return {storePath, result};
- } catch (Error & e) {
- e.addTrace({}, "while fetching the input '%s'", to_string());
- throw;
- }
- }();
+ checkLocks(*this, result);
- return {std::move(storePath), input};
+ return {std::move(storePath), accessor, result};
+ } catch (Error & e) {
+ e.addTrace({}, "while fetching the input '%s'", to_string());
+ throw;
+ }
}
void Input::checkLocks(Input specified, Input & result)
diff --git a/src/libfetchers/filtering-source-accessor.cc b/src/libfetchers/filtering-source-accessor.cc
index 72a3fb4ebad..97f230c7ea4 100644
--- a/src/libfetchers/filtering-source-accessor.cc
+++ b/src/libfetchers/filtering-source-accessor.cc
@@ -20,9 +20,14 @@ bool FilteringSourceAccessor::pathExists(const CanonPath & path)
}
std::optional FilteringSourceAccessor::maybeLstat(const CanonPath & path)
+{
+ return isAllowed(path) ? next->maybeLstat(prefix / path) : std::nullopt;
+}
+
+SourceAccessor::Stat FilteringSourceAccessor::lstat(const CanonPath & path)
{
checkAccess(path);
- return next->maybeLstat(prefix / path);
+ return next->lstat(prefix / path);
}
SourceAccessor::DirEntries FilteringSourceAccessor::readDirectory(const CanonPath & path)
diff --git a/src/libfetchers/git-utils.cc b/src/libfetchers/git-utils.cc
index a1131af9144..7e1f085f599 100644
--- a/src/libfetchers/git-utils.cc
+++ b/src/libfetchers/git-utils.cc
@@ -1223,9 +1223,8 @@ ref GitRepoImpl::getAccessor(const WorkdirInfo & wd, bool export
std::unordered_set{CanonPath::root},
std::move(makeNotAllowedError)).cast();
if (exportIgnore)
- return make_ref(self, fileAccessor, std::nullopt);
- else
- return fileAccessor;
+ fileAccessor = make_ref(self, fileAccessor, std::nullopt);
+ return fileAccessor;
}
ref GitRepoImpl::getFileSystemObjectSink()
diff --git a/src/libfetchers/git.cc b/src/libfetchers/git.cc
index 71bb8c0b751..ef74397ff90 100644
--- a/src/libfetchers/git.cc
+++ b/src/libfetchers/git.cc
@@ -15,6 +15,7 @@
#include "nix/fetchers/fetch-settings.hh"
#include "nix/util/json-utils.hh"
#include "nix/util/archive.hh"
+#include "nix/util/mounted-source-accessor.hh"
#include
#include
@@ -392,10 +393,10 @@ struct GitInputScheme : InputScheme
{
if (workdirInfo.isDirty) {
if (!settings.allowDirty)
- throw Error("Git tree '%s' is dirty", locationToArg());
+ throw Error("Git tree '%s' has uncommitted changes", locationToArg());
if (settings.warnDirty)
- warn("Git tree '%s' is dirty", locationToArg());
+ warn("Git tree '%s' has uncommitted changes", locationToArg());
}
}
diff --git a/src/libfetchers/github.cc b/src/libfetchers/github.cc
index 9202904e065..f24c07fc2b9 100644
--- a/src/libfetchers/github.cc
+++ b/src/libfetchers/github.cc
@@ -346,11 +346,6 @@ struct GitArchiveInputScheme : InputScheme
input.getNarHash().has_value());
}
- std::optional experimentalFeature() const override
- {
- return Xp::Flakes;
- }
-
std::optional getFingerprint(ref store, const Input & input) const override
{
if (auto rev = input.getRev())
diff --git a/src/libfetchers/include/nix/fetchers/fetch-settings.hh b/src/libfetchers/include/nix/fetchers/fetch-settings.hh
index 54c42084344..831a18bf0cd 100644
--- a/src/libfetchers/include/nix/fetchers/fetch-settings.hh
+++ b/src/libfetchers/include/nix/fetchers/fetch-settings.hh
@@ -83,10 +83,7 @@ struct Settings : public Config
are subsequently modified. Therefore lock files with dirty
locks should generally only be used for local testing, and
should not be pushed to other users.
- )",
- {},
- true,
- Xp::Flakes};
+ )"};
Setting trustTarballsFromGitForges{
this, true, "trust-tarballs-from-git-forges",
@@ -108,8 +105,7 @@ struct Settings : public Config
Path or URI of the global flake registry.
When empty, disables the global flake registry.
- )",
- {}, true, Xp::Flakes};
+ )"};
};
}
diff --git a/src/libfetchers/include/nix/fetchers/fetchers.hh b/src/libfetchers/include/nix/fetchers/fetchers.hh
index 3288ecc5ea5..c2ae647af0a 100644
--- a/src/libfetchers/include/nix/fetchers/fetchers.hh
+++ b/src/libfetchers/include/nix/fetchers/fetchers.hh
@@ -121,7 +121,7 @@ public:
* Fetch the entire input into the Nix store, returning the
* location in the Nix store and the locked input.
*/
- std::pair fetchToStore(ref store) const;
+ std::tuple, Input> fetchToStore(ref store) const;
/**
* Check the locking attributes in `result` against
diff --git a/src/libfetchers/include/nix/fetchers/filtering-source-accessor.hh b/src/libfetchers/include/nix/fetchers/filtering-source-accessor.hh
index 2b59f03ca22..c3b99fa5a2d 100644
--- a/src/libfetchers/include/nix/fetchers/filtering-source-accessor.hh
+++ b/src/libfetchers/include/nix/fetchers/filtering-source-accessor.hh
@@ -4,6 +4,8 @@
#include
+#include
+
namespace nix {
/**
@@ -38,6 +40,8 @@ struct FilteringSourceAccessor : SourceAccessor
bool pathExists(const CanonPath & path) override;
+ Stat lstat(const CanonPath & path) override;
+
std::optional maybeLstat(const CanonPath & path) override;
DirEntries readDirectory(const CanonPath & path) override;
diff --git a/src/libfetchers/indirect.cc b/src/libfetchers/indirect.cc
index 47cb7587cf7..0ff05af0331 100644
--- a/src/libfetchers/indirect.cc
+++ b/src/libfetchers/indirect.cc
@@ -106,11 +106,6 @@ struct IndirectInputScheme : InputScheme
throw Error("indirect input '%s' cannot be fetched directly", input.to_string());
}
- std::optional experimentalFeature() const override
- {
- return Xp::Flakes;
- }
-
bool isDirect(const Input & input) const override
{ return false; }
};
diff --git a/src/libfetchers/package.nix b/src/libfetchers/package.nix
index 14592087999..b6b061e2d9f 100644
--- a/src/libfetchers/package.nix
+++ b/src/libfetchers/package.nix
@@ -17,7 +17,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-fetchers";
+ pname = "determinate-nix-fetchers";
inherit version;
workDir = ./.;
diff --git a/src/libfetchers/path.cc b/src/libfetchers/path.cc
index 670397cb6b1..ff39cb02f9d 100644
--- a/src/libfetchers/path.cc
+++ b/src/libfetchers/path.cc
@@ -176,11 +176,6 @@ struct PathInputScheme : InputScheme
return std::nullopt;
}
}
-
- std::optional experimentalFeature() const override
- {
- return Xp::Flakes;
- }
};
static auto rPathInputScheme = OnStartup([] { registerInputScheme(std::make_unique()); });
diff --git a/src/libflake-c/package.nix b/src/libflake-c/package.nix
index 1149508523e..958cf233e0a 100644
--- a/src/libflake-c/package.nix
+++ b/src/libflake-c/package.nix
@@ -16,7 +16,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-flake-c";
+ pname = "determinate-nix-flake-c";
inherit version;
workDir = ./.;
diff --git a/src/libflake-tests/flakeref.cc b/src/libflake-tests/flakeref.cc
index 1abaffb96a5..ccef8f37919 100644
--- a/src/libflake-tests/flakeref.cc
+++ b/src/libflake-tests/flakeref.cc
@@ -8,8 +8,6 @@ namespace nix {
/* ----------- tests for flake/flakeref.hh --------------------------------------------------*/
TEST(parseFlakeRef, path) {
- experimentalFeatureSettings.experimentalFeatures.get().insert(Xp::Flakes);
-
fetchers::Settings fetchSettings;
{
diff --git a/src/libflake-tests/meson.build b/src/libflake-tests/meson.build
index 593b0e18d21..80c94bd77ca 100644
--- a/src/libflake-tests/meson.build
+++ b/src/libflake-tests/meson.build
@@ -59,7 +59,6 @@ test(
this_exe,
env : {
'_NIX_TEST_UNIT_DATA': meson.current_source_dir() / 'data',
- 'NIX_CONFIG': 'extra-experimental-features = flakes',
},
protocol : 'gtest',
)
diff --git a/src/libflake-tests/package.nix b/src/libflake-tests/package.nix
index 714f3791ad9..db507fc3a54 100644
--- a/src/libflake-tests/package.nix
+++ b/src/libflake-tests/package.nix
@@ -63,7 +63,6 @@ mkMesonExecutable (finalAttrs: {
''
+ ''
export _NIX_TEST_UNIT_DATA=${resolvePath ./data}
- export NIX_CONFIG="extra-experimental-features = flakes"
${stdenv.hostPlatform.emulator buildPackages} ${lib.getExe finalAttrs.finalPackage}
touch $out
''
diff --git a/src/libflake/call-flake.nix b/src/libflake/call-flake.nix
index 1e9e210481d..fe326291f1f 100644
--- a/src/libflake/call-flake.nix
+++ b/src/libflake/call-flake.nix
@@ -14,6 +14,7 @@ overrides:
fetchTreeFinal:
let
+ inherit (builtins) mapAttrs;
lockFile = builtins.fromJSON lockFileStr;
@@ -35,19 +36,26 @@ let
(resolveInput lockFile.nodes.${nodeName}.inputs.${builtins.head path})
(builtins.tail path);
- allNodes = builtins.mapAttrs (
+ allNodes = mapAttrs (
key: node:
let
parentNode = allNodes.${getInputByPath lockFile.root node.parent};
+ flakeDir =
+ let
+ dir = overrides.${key}.dir or node.locked.path or "";
+ parentDir = parentNode.flakeDir;
+ in
+ if node ? parent then parentDir + ("/" + dir) else dir;
+
sourceInfo =
if overrides ? ${key} then
overrides.${key}.sourceInfo
else if node.locked.type == "path" && builtins.substring 0 1 node.locked.path != "/" then
parentNode.sourceInfo
// {
- outPath = parentNode.outPath + ("/" + node.locked.path);
+ outPath = parentNode.sourceInfo.outPath + ("/" + flakeDir);
}
else
# FIXME: remove obsolete node.info.
@@ -60,7 +68,7 @@ let
flake = import (outPath + "/flake.nix");
- inputs = builtins.mapAttrs (inputName: inputSpec: allNodes.${resolveInput inputSpec}) (
+ inputs = mapAttrs (inputName: inputSpec: allNodes.${resolveInput inputSpec}.result) (
node.inputs or { }
);
@@ -85,12 +93,17 @@ let
};
in
- if node.flake or true then
- assert builtins.isFunction flake.outputs;
- result
- else
- sourceInfo
+ {
+ result =
+ if node.flake or true then
+ assert builtins.isFunction flake.outputs;
+ result
+ else
+ sourceInfo;
+
+ inherit flakeDir sourceInfo;
+ }
) lockFile.nodes;
in
-allNodes.${lockFile.root}
+allNodes.${lockFile.root}.result
diff --git a/src/libflake/flake/flake-primops.cc b/src/libflake/flake/flake-primops.cc
index 7c5ce01b269..703463141f3 100644
--- a/src/libflake/flake/flake-primops.cc
+++ b/src/libflake/flake/flake-primops.cc
@@ -52,7 +52,6 @@ PrimOp getFlake(const Settings & settings)
```
)",
.fun = prim_getFlake,
- .experimentalFeature = Xp::Flakes,
};
}
@@ -94,7 +93,6 @@ nix::PrimOp parseFlakeRef({
```
)",
.fun = prim_parseFlakeRef,
- .experimentalFeature = Xp::Flakes,
});
static void prim_flakeRefToString(EvalState & state, const PosIdx pos, Value ** args, Value & v)
@@ -154,7 +152,6 @@ nix::PrimOp flakeRefToString({
```
)",
.fun = prim_flakeRefToString,
- .experimentalFeature = Xp::Flakes,
});
} // namespace nix::flake::primops
diff --git a/src/libflake/flake/flake.cc b/src/libflake/flake/flake.cc
index 1cce0c9784d..3eb1333d5c6 100644
--- a/src/libflake/flake/flake.cc
+++ b/src/libflake/flake/flake.cc
@@ -14,6 +14,7 @@
#include "nix/store/local-fs-store.hh"
#include "nix/fetchers/fetch-to-store.hh"
#include "nix/util/memory-source-accessor.hh"
+#include "nix/util/mounted-source-accessor.hh"
#include
@@ -91,7 +92,9 @@ static StorePath copyInputToStore(
{
auto storePath = fetchToStore(*state.store, accessor, FetchMode::Copy, input.getName());
- state.allowPath(storePath);
+ state.allowPath(storePath); // FIXME: should just whitelist the entire virtual store
+
+ state.storeFS->mount(CanonPath(state.store->printStorePath(storePath)), accessor);
auto narHash = state.store->queryPathInfo(storePath)->narHash;
input.attrs.insert_or_assign("narHash", narHash.to_string(HashFormat::SRI, true));
@@ -450,8 +453,6 @@ LockedFlake lockFlake(
const FlakeRef & topRef,
const LockFlags & lockFlags)
{
- experimentalFeatureSettings.require(Xp::Flakes);
-
FlakeCache flakeCache;
auto useRegistries = lockFlags.useRegistries.value_or(settings.useRegistries);
@@ -739,6 +740,29 @@ LockedFlake lockFlake(
use --no-write-lock-file. */
auto ref = (input2.ref && explicitCliOverrides.contains(inputAttrPath)) ? *input2.ref : *input.ref;
+ /* Warn against the use of indirect flakerefs
+ (but only at top-level since we don't want
+ to annoy users about flakes that are not
+ under their control). */
+ auto warnRegistry = [&](const FlakeRef & resolvedRef)
+ {
+ if (inputAttrPath.size() == 1 && !input.ref->input.isDirect()) {
+ std::ostringstream s;
+ printLiteralString(s, resolvedRef.to_string());
+ warn(
+ "Flake input '%1%' uses the flake registry. "
+ "Using the registry in flake inputs is deprecated in Determinate Nix. "
+ "To make your flake future-proof, add the following to '%2%':\n"
+ "\n"
+ " inputs.%1%.url = %3%;\n"
+ "\n"
+ "For more information, see: https://github.com/DeterminateSystems/nix-src/issues/37",
+ inputAttrPathS,
+ flake.path,
+ s.str());
+ }
+ };
+
if (input.isFlake) {
auto inputFlake = getInputFlake(*input.ref);
@@ -770,6 +794,8 @@ LockedFlake lockFlake(
oldLock ? followsPrefix : inputAttrPath,
inputFlake.path,
false);
+
+ warnRegistry(inputFlake.resolvedRef);
}
else {
@@ -782,6 +808,8 @@ LockedFlake lockFlake(
auto [accessor, resolvedRef, lockedRef] = fetchOrSubstituteTree(
state, *input.ref, useRegistries, flakeCache);
+ warnRegistry(resolvedRef);
+
// FIXME: allow input to be lazy.
auto storePath = copyInputToStore(state, lockedRef.input, input.ref->input, accessor);
@@ -945,8 +973,6 @@ void callFlake(EvalState & state,
const LockedFlake & lockedFlake,
Value & vRes)
{
- experimentalFeatureSettings.require(Xp::Flakes);
-
auto [lockFileStr, keyMap] = lockedFlake.lockFile.to_string();
auto overrides = state.buildBindings(lockedFlake.nodePaths.size());
diff --git a/src/libflake/flake/flakeref.cc b/src/libflake/flake/flakeref.cc
index 6e95eb76759..1580c284641 100644
--- a/src/libflake/flake/flakeref.cc
+++ b/src/libflake/flake/flakeref.cc
@@ -39,7 +39,7 @@ FlakeRef FlakeRef::resolve(
ref store,
const fetchers::RegistryFilter & filter) const
{
- auto [input2, extraAttrs] = lookupInRegistries(store, input);
+ auto [input2, extraAttrs] = lookupInRegistries(store, input, filter);
return FlakeRef(std::move(input2), fetchers::maybeGetStrAttr(extraAttrs, "dir").value_or(subdir));
}
diff --git a/src/libflake/include/nix/flake/settings.hh b/src/libflake/include/nix/flake/settings.hh
index b3bffad4ccf..c9f82218c95 100644
--- a/src/libflake/include/nix/flake/settings.hh
+++ b/src/libflake/include/nix/flake/settings.hh
@@ -20,13 +20,7 @@ struct Settings : public Config
void configureEvalSettings(nix::EvalSettings & evalSettings) const;
Setting useRegistries{
- this,
- true,
- "use-registries",
- "Whether to use flake registries to resolve flake references.",
- {},
- true,
- Xp::Flakes};
+ this, true, "use-registries", "Whether to use flake registries to resolve flake references.", {}, true};
Setting acceptFlakeConfig{
this,
@@ -34,8 +28,7 @@ struct Settings : public Config
"accept-flake-config",
"Whether to accept Nix configuration settings from a flake without prompting.",
{},
- true,
- Xp::Flakes};
+ true};
Setting commitLockFileSummary{
this,
@@ -46,8 +39,7 @@ struct Settings : public Config
empty, the summary is generated based on the action performed.
)",
{"commit-lockfile-summary"},
- true,
- Xp::Flakes};
+ true};
};
}
diff --git a/src/libflake/package.nix b/src/libflake/package.nix
index dd442a44ec9..2b0c827a09c 100644
--- a/src/libflake/package.nix
+++ b/src/libflake/package.nix
@@ -18,7 +18,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-flake";
+ pname = "determinate-nix-flake";
inherit version;
workDir = ./.;
diff --git a/src/libmain-c/package.nix b/src/libmain-c/package.nix
index f019a917d36..17858d56f2e 100644
--- a/src/libmain-c/package.nix
+++ b/src/libmain-c/package.nix
@@ -17,7 +17,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-main-c";
+ pname = "determinate-nix-main-c";
inherit version;
workDir = ./.;
diff --git a/src/libmain/common-args.cc b/src/libmain/common-args.cc
index c3338996c4b..13b85e54456 100644
--- a/src/libmain/common-args.cc
+++ b/src/libmain/common-args.cc
@@ -57,7 +57,7 @@ MixCommonArgs::MixCommonArgs(const std::string & programName)
if (hasPrefix(s.first, prefix))
completions.add(s.first, fmt("Set the `%s` setting.", s.first));
}
- }
+ },
});
addFlag({
@@ -75,7 +75,7 @@ MixCommonArgs::MixCommonArgs(const std::string & programName)
.labels = Strings{"jobs"},
.handler = {[=](std::string s) {
settings.set("max-jobs", s);
- }}
+ }},
});
std::string cat = "Options to override configuration settings";
diff --git a/src/libmain/package.nix b/src/libmain/package.nix
index 7b0a4dee7da..119e1f1aca5 100644
--- a/src/libmain/package.nix
+++ b/src/libmain/package.nix
@@ -18,7 +18,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-main";
+ pname = "determinate-nix-main";
inherit version;
workDir = ./.;
diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc
index 7ff93f6d9c7..d9e8059f7b5 100644
--- a/src/libmain/shared.cc
+++ b/src/libmain/shared.cc
@@ -231,7 +231,7 @@ LegacyArgs::LegacyArgs(const std::string & programName,
.handler = {[=](std::string s) {
auto n = string2IntWithUnitPrefix(s);
settings.set(dest, std::to_string(n));
- }}
+ }},
});
};
@@ -297,7 +297,7 @@ void parseCmdLine(const std::string & programName, const Strings & args,
void printVersion(const std::string & programName)
{
- std::cout << fmt("%1% (Nix) %2%", programName, nixVersion) << std::endl;
+ std::cout << fmt("%s (Determinate Nix %s) %s", programName, determinateNixVersion, nixVersion) << std::endl;
if (verbosity > lvlInfo) {
Strings cfg;
#if NIX_USE_BOEHMGC
diff --git a/src/libstore-c/package.nix b/src/libstore-c/package.nix
index fde17c78e01..0ce37e44c01 100644
--- a/src/libstore-c/package.nix
+++ b/src/libstore-c/package.nix
@@ -15,7 +15,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-store-c";
+ pname = "determinate-nix-store-c";
inherit version;
workDir = ./.;
diff --git a/src/libstore-test-support/package.nix b/src/libstore-test-support/package.nix
index 391ddeefda2..2561dd791eb 100644
--- a/src/libstore-test-support/package.nix
+++ b/src/libstore-test-support/package.nix
@@ -18,7 +18,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-store-test-support";
+ pname = "determinate-nix-store-test-support";
inherit version;
workDir = ./.;
diff --git a/src/libstore-tests/data/derivation/advanced-attributes-defaults.drv b/src/libstore-tests/data/derivation/advanced-attributes-defaults.drv
deleted file mode 120000
index f8f30ac321c..00000000000
--- a/src/libstore-tests/data/derivation/advanced-attributes-defaults.drv
+++ /dev/null
@@ -1 +0,0 @@
-../../../../tests/functional/derivation/advanced-attributes-defaults.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs-defaults.drv b/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs-defaults.drv
deleted file mode 120000
index 837e9a0e437..00000000000
--- a/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs-defaults.drv
+++ /dev/null
@@ -1 +0,0 @@
-../../../../tests/functional/derivation/advanced-attributes-structured-attrs-defaults.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs.drv b/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs.drv
deleted file mode 120000
index e08bb573791..00000000000
--- a/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs.drv
+++ /dev/null
@@ -1 +0,0 @@
-../../../../tests/functional/derivation/advanced-attributes-structured-attrs.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs.json b/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs.json
deleted file mode 100644
index 32442812467..00000000000
--- a/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs.json
+++ /dev/null
@@ -1,41 +0,0 @@
-{
- "args": [
- "-c",
- "echo hello > $out"
- ],
- "builder": "/bin/bash",
- "env": {
- "__json": "{\"__darwinAllowLocalNetworking\":true,\"__impureHostDeps\":[\"/usr/bin/ditto\"],\"__noChroot\":true,\"__sandboxProfile\":\"sandcastle\",\"allowSubstitutes\":false,\"builder\":\"/bin/bash\",\"impureEnvVars\":[\"UNICORN\"],\"name\":\"advanced-attributes-structured-attrs\",\"outputChecks\":{\"bin\":{\"disallowedReferences\":[\"/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar\"],\"disallowedRequisites\":[\"/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar\"]},\"dev\":{\"maxClosureSize\":5909,\"maxSize\":789},\"out\":{\"allowedReferences\":[\"/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo\"],\"allowedRequisites\":[\"/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo\"]}},\"outputs\":[\"out\",\"bin\",\"dev\"],\"preferLocalBuild\":true,\"requiredSystemFeatures\":[\"rainbow\",\"uid-range\"],\"system\":\"my-system\"}",
- "bin": "/nix/store/pbzb48v0ycf80jgligcp4n8z0rblna4n-advanced-attributes-structured-attrs-bin",
- "dev": "/nix/store/7xapi8jv7flcz1qq8jhw55ar8ag8hldh-advanced-attributes-structured-attrs-dev",
- "out": "/nix/store/mpq3l1l1qc2yr50q520g08kprprwv79f-advanced-attributes-structured-attrs"
- },
- "inputDrvs": {
- "/nix/store/4xm4wccqsvagz9gjksn24s7rip2fdy7v-foo.drv": {
- "dynamicOutputs": {},
- "outputs": [
- "out"
- ]
- },
- "/nix/store/plsq5jbr5nhgqwcgb2qxw7jchc09dnl8-bar.drv": {
- "dynamicOutputs": {},
- "outputs": [
- "out"
- ]
- }
- },
- "inputSrcs": [],
- "name": "advanced-attributes-structured-attrs",
- "outputs": {
- "bin": {
- "path": "/nix/store/pbzb48v0ycf80jgligcp4n8z0rblna4n-advanced-attributes-structured-attrs-bin"
- },
- "dev": {
- "path": "/nix/store/7xapi8jv7flcz1qq8jhw55ar8ag8hldh-advanced-attributes-structured-attrs-dev"
- },
- "out": {
- "path": "/nix/store/mpq3l1l1qc2yr50q520g08kprprwv79f-advanced-attributes-structured-attrs"
- }
- },
- "system": "my-system"
-}
diff --git a/src/libstore-tests/data/derivation/advanced-attributes.drv b/src/libstore-tests/data/derivation/advanced-attributes.drv
deleted file mode 120000
index 1dc394a0a4f..00000000000
--- a/src/libstore-tests/data/derivation/advanced-attributes.drv
+++ /dev/null
@@ -1 +0,0 @@
-../../../../tests/functional/derivation/advanced-attributes.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/ca/advanced-attributes-defaults.drv b/src/libstore-tests/data/derivation/ca/advanced-attributes-defaults.drv
new file mode 120000
index 00000000000..a9b4f7fa745
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ca/advanced-attributes-defaults.drv
@@ -0,0 +1 @@
+../../../../../tests/functional/derivation/ca/advanced-attributes-defaults.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/ca/advanced-attributes-defaults.json b/src/libstore-tests/data/derivation/ca/advanced-attributes-defaults.json
new file mode 100644
index 00000000000..bc67236b54f
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ca/advanced-attributes-defaults.json
@@ -0,0 +1,25 @@
+{
+ "args": [
+ "-c",
+ "echo hello > $out"
+ ],
+ "builder": "/bin/bash",
+ "env": {
+ "builder": "/bin/bash",
+ "name": "advanced-attributes-defaults",
+ "out": "/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9",
+ "outputHashAlgo": "sha256",
+ "outputHashMode": "recursive",
+ "system": "my-system"
+ },
+ "inputDrvs": {},
+ "inputSrcs": [],
+ "name": "advanced-attributes-defaults",
+ "outputs": {
+ "out": {
+ "hashAlgo": "sha256",
+ "method": "nar"
+ }
+ },
+ "system": "my-system"
+}
diff --git a/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs-defaults.drv b/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs-defaults.drv
new file mode 120000
index 00000000000..61da0470a77
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs-defaults.drv
@@ -0,0 +1 @@
+../../../../../tests/functional/derivation/ca/advanced-attributes-structured-attrs-defaults.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs-defaults.json b/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs-defaults.json
new file mode 100644
index 00000000000..7d3c932b213
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs-defaults.json
@@ -0,0 +1,26 @@
+{
+ "args": [
+ "-c",
+ "echo hello > $out"
+ ],
+ "builder": "/bin/bash",
+ "env": {
+ "__json": "{\"builder\":\"/bin/bash\",\"name\":\"advanced-attributes-structured-attrs-defaults\",\"outputHashAlgo\":\"sha256\",\"outputHashMode\":\"recursive\",\"outputs\":[\"out\",\"dev\"],\"system\":\"my-system\"}",
+ "dev": "/02qcpld1y6xhs5gz9bchpxaw0xdhmsp5dv88lh25r2ss44kh8dxz",
+ "out": "/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9"
+ },
+ "inputDrvs": {},
+ "inputSrcs": [],
+ "name": "advanced-attributes-structured-attrs-defaults",
+ "outputs": {
+ "dev": {
+ "hashAlgo": "sha256",
+ "method": "nar"
+ },
+ "out": {
+ "hashAlgo": "sha256",
+ "method": "nar"
+ }
+ },
+ "system": "my-system"
+}
diff --git a/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs.drv b/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs.drv
new file mode 120000
index 00000000000..c396ee85363
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs.drv
@@ -0,0 +1 @@
+../../../../../tests/functional/derivation/ca/advanced-attributes-structured-attrs.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs.json b/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs.json
new file mode 100644
index 00000000000..f6cdc1f1602
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ca/advanced-attributes-structured-attrs.json
@@ -0,0 +1,46 @@
+{
+ "args": [
+ "-c",
+ "echo hello > $out"
+ ],
+ "builder": "/bin/bash",
+ "env": {
+ "__json": "{\"__darwinAllowLocalNetworking\":true,\"__impureHostDeps\":[\"/usr/bin/ditto\"],\"__noChroot\":true,\"__sandboxProfile\":\"sandcastle\",\"allowSubstitutes\":false,\"builder\":\"/bin/bash\",\"impureEnvVars\":[\"UNICORN\"],\"name\":\"advanced-attributes-structured-attrs\",\"outputChecks\":{\"bin\":{\"disallowedReferences\":[\"/0nyw57wm2iicnm9rglvjmbci3ikmcp823czdqdzdcgsnnwqps71g\"],\"disallowedRequisites\":[\"/07f301yqyz8c6wf6bbbavb2q39j4n8kmcly1s09xadyhgy6x2wr8\"]},\"dev\":{\"maxClosureSize\":5909,\"maxSize\":789},\"out\":{\"allowedReferences\":[\"/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9\"],\"allowedRequisites\":[\"/0nr45p69vn6izw9446wsh9bng9nndhvn19kpsm4n96a5mycw0s4z\"]}},\"outputHashAlgo\":\"sha256\",\"outputHashMode\":\"recursive\",\"outputs\":[\"out\",\"bin\",\"dev\"],\"preferLocalBuild\":true,\"requiredSystemFeatures\":[\"rainbow\",\"uid-range\"],\"system\":\"my-system\"}",
+ "bin": "/04f3da1kmbr67m3gzxikmsl4vjz5zf777sv6m14ahv22r65aac9m",
+ "dev": "/02qcpld1y6xhs5gz9bchpxaw0xdhmsp5dv88lh25r2ss44kh8dxz",
+ "out": "/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9"
+ },
+ "inputDrvs": {
+ "/nix/store/j56sf12rxpcv5swr14vsjn5cwm6bj03h-foo.drv": {
+ "dynamicOutputs": {},
+ "outputs": [
+ "dev",
+ "out"
+ ]
+ },
+ "/nix/store/qnml92yh97a6fbrs2m5qg5cqlc8vni58-bar.drv": {
+ "dynamicOutputs": {},
+ "outputs": [
+ "dev",
+ "out"
+ ]
+ }
+ },
+ "inputSrcs": [],
+ "name": "advanced-attributes-structured-attrs",
+ "outputs": {
+ "bin": {
+ "hashAlgo": "sha256",
+ "method": "nar"
+ },
+ "dev": {
+ "hashAlgo": "sha256",
+ "method": "nar"
+ },
+ "out": {
+ "hashAlgo": "sha256",
+ "method": "nar"
+ }
+ },
+ "system": "my-system"
+}
diff --git a/src/libstore-tests/data/derivation/ca/advanced-attributes.drv b/src/libstore-tests/data/derivation/ca/advanced-attributes.drv
new file mode 120000
index 00000000000..acba9064d10
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ca/advanced-attributes.drv
@@ -0,0 +1 @@
+../../../../../tests/functional/derivation/ca/advanced-attributes.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/ca/advanced-attributes.json b/src/libstore-tests/data/derivation/ca/advanced-attributes.json
new file mode 100644
index 00000000000..2105c6256c0
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ca/advanced-attributes.json
@@ -0,0 +1,52 @@
+{
+ "args": [
+ "-c",
+ "echo hello > $out"
+ ],
+ "builder": "/bin/bash",
+ "env": {
+ "__darwinAllowLocalNetworking": "1",
+ "__impureHostDeps": "/usr/bin/ditto",
+ "__noChroot": "1",
+ "__sandboxProfile": "sandcastle",
+ "allowSubstitutes": "",
+ "allowedReferences": "/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9",
+ "allowedRequisites": "/0nr45p69vn6izw9446wsh9bng9nndhvn19kpsm4n96a5mycw0s4z",
+ "builder": "/bin/bash",
+ "disallowedReferences": "/0nyw57wm2iicnm9rglvjmbci3ikmcp823czdqdzdcgsnnwqps71g",
+ "disallowedRequisites": "/07f301yqyz8c6wf6bbbavb2q39j4n8kmcly1s09xadyhgy6x2wr8",
+ "impureEnvVars": "UNICORN",
+ "name": "advanced-attributes",
+ "out": "/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9",
+ "outputHashAlgo": "sha256",
+ "outputHashMode": "recursive",
+ "preferLocalBuild": "1",
+ "requiredSystemFeatures": "rainbow uid-range",
+ "system": "my-system"
+ },
+ "inputDrvs": {
+ "/nix/store/j56sf12rxpcv5swr14vsjn5cwm6bj03h-foo.drv": {
+ "dynamicOutputs": {},
+ "outputs": [
+ "dev",
+ "out"
+ ]
+ },
+ "/nix/store/qnml92yh97a6fbrs2m5qg5cqlc8vni58-bar.drv": {
+ "dynamicOutputs": {},
+ "outputs": [
+ "dev",
+ "out"
+ ]
+ }
+ },
+ "inputSrcs": [],
+ "name": "advanced-attributes",
+ "outputs": {
+ "out": {
+ "hashAlgo": "sha256",
+ "method": "nar"
+ }
+ },
+ "system": "my-system"
+}
diff --git a/src/libstore-tests/data/derivation/ia/advanced-attributes-defaults.drv b/src/libstore-tests/data/derivation/ia/advanced-attributes-defaults.drv
new file mode 120000
index 00000000000..7f1aa367ed2
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ia/advanced-attributes-defaults.drv
@@ -0,0 +1 @@
+../../../../../tests/functional/derivation/ia/advanced-attributes-defaults.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/advanced-attributes-defaults.json b/src/libstore-tests/data/derivation/ia/advanced-attributes-defaults.json
similarity index 100%
rename from src/libstore-tests/data/derivation/advanced-attributes-defaults.json
rename to src/libstore-tests/data/derivation/ia/advanced-attributes-defaults.json
diff --git a/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs-defaults.drv b/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs-defaults.drv
new file mode 120000
index 00000000000..77aa67353a3
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs-defaults.drv
@@ -0,0 +1 @@
+../../../../../tests/functional/derivation/ia/advanced-attributes-structured-attrs-defaults.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/advanced-attributes-structured-attrs-defaults.json b/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs-defaults.json
similarity index 100%
rename from src/libstore-tests/data/derivation/advanced-attributes-structured-attrs-defaults.json
rename to src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs-defaults.json
diff --git a/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs.drv b/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs.drv
new file mode 120000
index 00000000000..a4e25feba34
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs.drv
@@ -0,0 +1 @@
+../../../../../tests/functional/derivation/ia/advanced-attributes-structured-attrs.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs.json b/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs.json
new file mode 100644
index 00000000000..b45a0d62453
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ia/advanced-attributes-structured-attrs.json
@@ -0,0 +1,43 @@
+{
+ "args": [
+ "-c",
+ "echo hello > $out"
+ ],
+ "builder": "/bin/bash",
+ "env": {
+ "__json": "{\"__darwinAllowLocalNetworking\":true,\"__impureHostDeps\":[\"/usr/bin/ditto\"],\"__noChroot\":true,\"__sandboxProfile\":\"sandcastle\",\"allowSubstitutes\":false,\"builder\":\"/bin/bash\",\"impureEnvVars\":[\"UNICORN\"],\"name\":\"advanced-attributes-structured-attrs\",\"outputChecks\":{\"bin\":{\"disallowedReferences\":[\"/nix/store/r5cff30838majxk5mp3ip2diffi8vpaj-bar\"],\"disallowedRequisites\":[\"/nix/store/9b61w26b4avv870dw0ymb6rw4r1hzpws-bar-dev\"]},\"dev\":{\"maxClosureSize\":5909,\"maxSize\":789},\"out\":{\"allowedReferences\":[\"/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo\"],\"allowedRequisites\":[\"/nix/store/z0rjzy29v9k5qa4nqpykrbzirj7sd43v-foo-dev\"]}},\"outputs\":[\"out\",\"bin\",\"dev\"],\"preferLocalBuild\":true,\"requiredSystemFeatures\":[\"rainbow\",\"uid-range\"],\"system\":\"my-system\"}",
+ "bin": "/nix/store/qjjj3zrlimpjbkk686m052b3ks9iz2sl-advanced-attributes-structured-attrs-bin",
+ "dev": "/nix/store/lpz5grl48v93pdadavyg5is1rqvfdipf-advanced-attributes-structured-attrs-dev",
+ "out": "/nix/store/nzvz1bmh1g89a5dkpqcqan0av7q3hgv3-advanced-attributes-structured-attrs"
+ },
+ "inputDrvs": {
+ "/nix/store/afc3vbjbzql750v2lp8gxgaxsajphzih-foo.drv": {
+ "dynamicOutputs": {},
+ "outputs": [
+ "dev",
+ "out"
+ ]
+ },
+ "/nix/store/vj2i49jm2868j2fmqvxm70vlzmzvgv14-bar.drv": {
+ "dynamicOutputs": {},
+ "outputs": [
+ "dev",
+ "out"
+ ]
+ }
+ },
+ "inputSrcs": [],
+ "name": "advanced-attributes-structured-attrs",
+ "outputs": {
+ "bin": {
+ "path": "/nix/store/qjjj3zrlimpjbkk686m052b3ks9iz2sl-advanced-attributes-structured-attrs-bin"
+ },
+ "dev": {
+ "path": "/nix/store/lpz5grl48v93pdadavyg5is1rqvfdipf-advanced-attributes-structured-attrs-dev"
+ },
+ "out": {
+ "path": "/nix/store/nzvz1bmh1g89a5dkpqcqan0av7q3hgv3-advanced-attributes-structured-attrs"
+ }
+ },
+ "system": "my-system"
+}
diff --git a/src/libstore-tests/data/derivation/ia/advanced-attributes.drv b/src/libstore-tests/data/derivation/ia/advanced-attributes.drv
new file mode 120000
index 00000000000..ecc2f5f3822
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ia/advanced-attributes.drv
@@ -0,0 +1 @@
+../../../../../tests/functional/derivation/ia/advanced-attributes.drv
\ No newline at end of file
diff --git a/src/libstore-tests/data/derivation/ia/advanced-attributes.json b/src/libstore-tests/data/derivation/ia/advanced-attributes.json
new file mode 100644
index 00000000000..1eb8de86e7c
--- /dev/null
+++ b/src/libstore-tests/data/derivation/ia/advanced-attributes.json
@@ -0,0 +1,49 @@
+{
+ "args": [
+ "-c",
+ "echo hello > $out"
+ ],
+ "builder": "/bin/bash",
+ "env": {
+ "__darwinAllowLocalNetworking": "1",
+ "__impureHostDeps": "/usr/bin/ditto",
+ "__noChroot": "1",
+ "__sandboxProfile": "sandcastle",
+ "allowSubstitutes": "",
+ "allowedReferences": "/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo",
+ "allowedRequisites": "/nix/store/z0rjzy29v9k5qa4nqpykrbzirj7sd43v-foo-dev",
+ "builder": "/bin/bash",
+ "disallowedReferences": "/nix/store/r5cff30838majxk5mp3ip2diffi8vpaj-bar",
+ "disallowedRequisites": "/nix/store/9b61w26b4avv870dw0ymb6rw4r1hzpws-bar-dev",
+ "impureEnvVars": "UNICORN",
+ "name": "advanced-attributes",
+ "out": "/nix/store/swkj0mrq0cq3dfli95v4am0427mi2hxf-advanced-attributes",
+ "preferLocalBuild": "1",
+ "requiredSystemFeatures": "rainbow uid-range",
+ "system": "my-system"
+ },
+ "inputDrvs": {
+ "/nix/store/afc3vbjbzql750v2lp8gxgaxsajphzih-foo.drv": {
+ "dynamicOutputs": {},
+ "outputs": [
+ "dev",
+ "out"
+ ]
+ },
+ "/nix/store/vj2i49jm2868j2fmqvxm70vlzmzvgv14-bar.drv": {
+ "dynamicOutputs": {},
+ "outputs": [
+ "dev",
+ "out"
+ ]
+ }
+ },
+ "inputSrcs": [],
+ "name": "advanced-attributes",
+ "outputs": {
+ "out": {
+ "path": "/nix/store/swkj0mrq0cq3dfli95v4am0427mi2hxf-advanced-attributes"
+ }
+ },
+ "system": "my-system"
+}
diff --git a/src/libstore-tests/derivation-advanced-attrs.cc b/src/libstore-tests/derivation-advanced-attrs.cc
index 57b2268262f..f82cea026b6 100644
--- a/src/libstore-tests/derivation-advanced-attrs.cc
+++ b/src/libstore-tests/derivation-advanced-attrs.cc
@@ -18,68 +18,93 @@ using nlohmann::json;
class DerivationAdvancedAttrsTest : public CharacterizationTest, public LibStoreTest
{
- std::filesystem::path unitTestData = getUnitTestData() / "derivation";
+protected:
+ std::filesystem::path unitTestData = getUnitTestData() / "derivation" / "ia";
public:
std::filesystem::path goldenMaster(std::string_view testStem) const override
{
return unitTestData / testStem;
}
+
+ /**
+ * We set these in tests rather than the regular globals so we don't have
+ * to worry about race conditions if the tests run concurrently.
+ */
+ ExperimentalFeatureSettings mockXpSettings;
+};
+
+class CaDerivationAdvancedAttrsTest : public DerivationAdvancedAttrsTest
+{
+ void SetUp() override
+ {
+ unitTestData = getUnitTestData() / "derivation" / "ca";
+ mockXpSettings.set("experimental-features", "ca-derivations");
+ }
};
-#define TEST_ATERM_JSON(STEM, NAME) \
- TEST_F(DerivationAdvancedAttrsTest, Derivation_##STEM##_from_json) \
- { \
- readTest(NAME ".json", [&](const auto & encoded_) { \
- auto encoded = json::parse(encoded_); \
- /* Use DRV file instead of C++ literal as source of truth. */ \
- auto aterm = readFile(goldenMaster(NAME ".drv")); \
- auto expected = parseDerivation(*store, std::move(aterm), NAME); \
- Derivation got = Derivation::fromJSON(*store, encoded); \
- EXPECT_EQ(got, expected); \
- }); \
- } \
- \
- TEST_F(DerivationAdvancedAttrsTest, Derivation_##STEM##_to_json) \
- { \
- writeTest( \
- NAME ".json", \
- [&]() -> json { \
- /* Use DRV file instead of C++ literal as source of truth. */ \
- auto aterm = readFile(goldenMaster(NAME ".drv")); \
- return parseDerivation(*store, std::move(aterm), NAME).toJSON(*store); \
- }, \
- [](const auto & file) { return json::parse(readFile(file)); }, \
- [](const auto & file, const auto & got) { return writeFile(file, got.dump(2) + "\n"); }); \
- } \
- \
- TEST_F(DerivationAdvancedAttrsTest, Derivation_##STEM##_from_aterm) \
- { \
- readTest(NAME ".drv", [&](auto encoded) { \
- /* Use JSON file instead of C++ literal as source of truth. */ \
- auto json = json::parse(readFile(goldenMaster(NAME ".json"))); \
- auto expected = Derivation::fromJSON(*store, json); \
- auto got = parseDerivation(*store, std::move(encoded), NAME); \
- EXPECT_EQ(got.toJSON(*store), expected.toJSON(*store)); \
- EXPECT_EQ(got, expected); \
- }); \
- } \
- \
+template
+class DerivationAdvancedAttrsBothTest : public Fixture
+{};
+
+using BothFixtures = ::testing::Types;
+
+TYPED_TEST_SUITE(DerivationAdvancedAttrsBothTest, BothFixtures);
+
+#define TEST_ATERM_JSON(STEM, NAME) \
+ TYPED_TEST(DerivationAdvancedAttrsBothTest, Derivation_##STEM##_from_json) \
+ { \
+ this->readTest(NAME ".json", [&](const auto & encoded_) { \
+ auto encoded = json::parse(encoded_); \
+ /* Use DRV file instead of C++ literal as source of truth. */ \
+ auto aterm = readFile(this->goldenMaster(NAME ".drv")); \
+ auto expected = parseDerivation(*this->store, std::move(aterm), NAME, this->mockXpSettings); \
+ Derivation got = Derivation::fromJSON(*this->store, encoded, this->mockXpSettings); \
+ EXPECT_EQ(got, expected); \
+ }); \
+ } \
+ \
+ TYPED_TEST(DerivationAdvancedAttrsBothTest, Derivation_##STEM##_to_json) \
+ { \
+ this->writeTest( \
+ NAME ".json", \
+ [&]() -> json { \
+ /* Use DRV file instead of C++ literal as source of truth. */ \
+ auto aterm = readFile(this->goldenMaster(NAME ".drv")); \
+ return parseDerivation(*this->store, std::move(aterm), NAME, this->mockXpSettings) \
+ .toJSON(*this->store); \
+ }, \
+ [](const auto & file) { return json::parse(readFile(file)); }, \
+ [](const auto & file, const auto & got) { return writeFile(file, got.dump(2) + "\n"); }); \
+ } \
+ \
+ TYPED_TEST(DerivationAdvancedAttrsBothTest, Derivation_##STEM##_from_aterm) \
+ { \
+ this->readTest(NAME ".drv", [&](auto encoded) { \
+ /* Use JSON file instead of C++ literal as source of truth. */ \
+ auto json = json::parse(readFile(this->goldenMaster(NAME ".json"))); \
+ auto expected = Derivation::fromJSON(*this->store, json, this->mockXpSettings); \
+ auto got = parseDerivation(*this->store, std::move(encoded), NAME, this->mockXpSettings); \
+ EXPECT_EQ(got.toJSON(*this->store), expected.toJSON(*this->store)); \
+ EXPECT_EQ(got, expected); \
+ }); \
+ } \
+ \
/* No corresponding write test, because we need to read the drv to write the json file */
-TEST_ATERM_JSON(advancedAttributes_defaults, "advanced-attributes-defaults");
TEST_ATERM_JSON(advancedAttributes, "advanced-attributes-defaults");
-TEST_ATERM_JSON(advancedAttributes_structuredAttrs_defaults, "advanced-attributes-structured-attrs");
+TEST_ATERM_JSON(advancedAttributes_defaults, "advanced-attributes");
TEST_ATERM_JSON(advancedAttributes_structuredAttrs, "advanced-attributes-structured-attrs-defaults");
+TEST_ATERM_JSON(advancedAttributes_structuredAttrs_defaults, "advanced-attributes-structured-attrs");
#undef TEST_ATERM_JSON
-TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes_defaults)
+TYPED_TEST(DerivationAdvancedAttrsBothTest, advancedAttributes_defaults)
{
- readTest("advanced-attributes-defaults.drv", [&](auto encoded) {
- auto got = parseDerivation(*store, std::move(encoded), "foo");
+ this->readTest("advanced-attributes-defaults.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
- auto drvPath = writeDerivation(*store, got, NoRepair, true);
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
ParsedDerivation parsedDrv(drvPath, got);
DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
@@ -101,25 +126,50 @@ TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes_defaults)
EXPECT_EQ(checksForAllOutputs.disallowedReferences, StringSet{});
EXPECT_EQ(checksForAllOutputs.disallowedRequisites, StringSet{});
}
- EXPECT_EQ(options.getRequiredSystemFeatures(got), StringSet());
- EXPECT_EQ(options.canBuildLocally(*store, got), false);
- EXPECT_EQ(options.willBuildLocally(*store, got), false);
+ EXPECT_EQ(options.canBuildLocally(*this->store, got), false);
+ EXPECT_EQ(options.willBuildLocally(*this->store, got), false);
EXPECT_EQ(options.substitutesAllowed(), true);
EXPECT_EQ(options.useUidRange(got), false);
});
};
-TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes)
+TEST_F(DerivationAdvancedAttrsTest, advancedAttributes_defaults)
{
- readTest("advanced-attributes.drv", [&](auto encoded) {
- auto got = parseDerivation(*store, std::move(encoded), "foo");
+ this->readTest("advanced-attributes-defaults.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
- auto drvPath = writeDerivation(*store, got, NoRepair, true);
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
ParsedDerivation parsedDrv(drvPath, got);
DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
- StringSet systemFeatures{"rainbow", "uid-range"};
+ EXPECT_EQ(options.getRequiredSystemFeatures(got), StringSet{});
+ });
+};
+
+TEST_F(CaDerivationAdvancedAttrsTest, advancedAttributes_defaults)
+{
+ this->readTest("advanced-attributes-defaults.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
+
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
+
+ ParsedDerivation parsedDrv(drvPath, got);
+ DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
+
+ EXPECT_EQ(options.getRequiredSystemFeatures(got), StringSet{"ca-derivations"});
+ });
+};
+
+TYPED_TEST(DerivationAdvancedAttrsBothTest, advancedAttributes)
+{
+ this->readTest("advanced-attributes.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
+
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
+
+ ParsedDerivation parsedDrv(drvPath, got);
+ DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
EXPECT_TRUE(!parsedDrv.hasStructuredAttrs());
@@ -128,34 +178,88 @@ TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes)
EXPECT_EQ(options.impureHostDeps, StringSet{"/usr/bin/ditto"});
EXPECT_EQ(options.impureEnvVars, StringSet{"UNICORN"});
EXPECT_EQ(options.allowLocalNetworking, true);
+ EXPECT_EQ(options.canBuildLocally(*this->store, got), false);
+ EXPECT_EQ(options.willBuildLocally(*this->store, got), false);
+ EXPECT_EQ(options.substitutesAllowed(), false);
+ EXPECT_EQ(options.useUidRange(got), true);
+ });
+};
+
+TEST_F(DerivationAdvancedAttrsTest, advancedAttributes)
+{
+ this->readTest("advanced-attributes.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
+
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
+
+ ParsedDerivation parsedDrv(drvPath, got);
+ DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
+
{
auto * checksForAllOutputs_ = std::get_if<0>(&options.outputChecks);
ASSERT_TRUE(checksForAllOutputs_ != nullptr);
auto & checksForAllOutputs = *checksForAllOutputs_;
EXPECT_EQ(
- checksForAllOutputs.allowedReferences, StringSet{"/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo"});
+ checksForAllOutputs.allowedReferences, StringSet{"/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo"});
EXPECT_EQ(
- checksForAllOutputs.allowedRequisites, StringSet{"/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo"});
+ checksForAllOutputs.allowedRequisites,
+ StringSet{"/nix/store/z0rjzy29v9k5qa4nqpykrbzirj7sd43v-foo-dev"});
EXPECT_EQ(
- checksForAllOutputs.disallowedReferences, StringSet{"/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar"});
+ checksForAllOutputs.disallowedReferences, StringSet{"/nix/store/r5cff30838majxk5mp3ip2diffi8vpaj-bar"});
EXPECT_EQ(
- checksForAllOutputs.disallowedRequisites, StringSet{"/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar"});
+ checksForAllOutputs.disallowedRequisites,
+ StringSet{"/nix/store/9b61w26b4avv870dw0ymb6rw4r1hzpws-bar-dev"});
}
+
+ StringSet systemFeatures{"rainbow", "uid-range"};
+
+ EXPECT_EQ(options.getRequiredSystemFeatures(got), systemFeatures);
+ });
+};
+
+TEST_F(CaDerivationAdvancedAttrsTest, advancedAttributes)
+{
+ this->readTest("advanced-attributes.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
+
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
+
+ ParsedDerivation parsedDrv(drvPath, got);
+ DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
+
+ {
+ auto * checksForAllOutputs_ = std::get_if<0>(&options.outputChecks);
+ ASSERT_TRUE(checksForAllOutputs_ != nullptr);
+ auto & checksForAllOutputs = *checksForAllOutputs_;
+
+ EXPECT_EQ(
+ checksForAllOutputs.allowedReferences,
+ StringSet{"/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9"});
+ EXPECT_EQ(
+ checksForAllOutputs.allowedRequisites,
+ StringSet{"/0nr45p69vn6izw9446wsh9bng9nndhvn19kpsm4n96a5mycw0s4z"});
+ EXPECT_EQ(
+ checksForAllOutputs.disallowedReferences,
+ StringSet{"/0nyw57wm2iicnm9rglvjmbci3ikmcp823czdqdzdcgsnnwqps71g"});
+ EXPECT_EQ(
+ checksForAllOutputs.disallowedRequisites,
+ StringSet{"/07f301yqyz8c6wf6bbbavb2q39j4n8kmcly1s09xadyhgy6x2wr8"});
+ }
+
+ StringSet systemFeatures{"rainbow", "uid-range"};
+ systemFeatures.insert("ca-derivations");
+
EXPECT_EQ(options.getRequiredSystemFeatures(got), systemFeatures);
- EXPECT_EQ(options.canBuildLocally(*store, got), false);
- EXPECT_EQ(options.willBuildLocally(*store, got), false);
- EXPECT_EQ(options.substitutesAllowed(), false);
- EXPECT_EQ(options.useUidRange(got), true);
});
};
-TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes_structuredAttrs_defaults)
+TYPED_TEST(DerivationAdvancedAttrsBothTest, advancedAttributes_structuredAttrs_defaults)
{
- readTest("advanced-attributes-structured-attrs-defaults.drv", [&](auto encoded) {
- auto got = parseDerivation(*store, std::move(encoded), "foo");
+ this->readTest("advanced-attributes-structured-attrs-defaults.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
- auto drvPath = writeDerivation(*store, got, NoRepair, true);
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
ParsedDerivation parsedDrv(drvPath, got);
DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
@@ -176,25 +280,50 @@ TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes_structuredAttr
EXPECT_EQ(checksPerOutput.size(), 0);
}
- EXPECT_EQ(options.getRequiredSystemFeatures(got), StringSet());
- EXPECT_EQ(options.canBuildLocally(*store, got), false);
- EXPECT_EQ(options.willBuildLocally(*store, got), false);
+ EXPECT_EQ(options.canBuildLocally(*this->store, got), false);
+ EXPECT_EQ(options.willBuildLocally(*this->store, got), false);
EXPECT_EQ(options.substitutesAllowed(), true);
EXPECT_EQ(options.useUidRange(got), false);
});
};
-TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes_structuredAttrs)
+TEST_F(DerivationAdvancedAttrsTest, advancedAttributes_structuredAttrs_defaults)
{
- readTest("advanced-attributes-structured-attrs.drv", [&](auto encoded) {
- auto got = parseDerivation(*store, std::move(encoded), "foo");
+ this->readTest("advanced-attributes-structured-attrs-defaults.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
- auto drvPath = writeDerivation(*store, got, NoRepair, true);
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
ParsedDerivation parsedDrv(drvPath, got);
DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
- StringSet systemFeatures{"rainbow", "uid-range"};
+ EXPECT_EQ(options.getRequiredSystemFeatures(got), StringSet{});
+ });
+};
+
+TEST_F(CaDerivationAdvancedAttrsTest, advancedAttributes_structuredAttrs_defaults)
+{
+ this->readTest("advanced-attributes-structured-attrs-defaults.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
+
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
+
+ ParsedDerivation parsedDrv(drvPath, got);
+ DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
+
+ EXPECT_EQ(options.getRequiredSystemFeatures(got), StringSet{"ca-derivations"});
+ });
+};
+
+TYPED_TEST(DerivationAdvancedAttrsBothTest, advancedAttributes_structuredAttrs)
+{
+ this->readTest("advanced-attributes-structured-attrs.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
+
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
+
+ ParsedDerivation parsedDrv(drvPath, got);
+ DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
EXPECT_TRUE(parsedDrv.hasStructuredAttrs());
@@ -204,14 +333,40 @@ TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes_structuredAttr
EXPECT_EQ(options.impureEnvVars, StringSet{"UNICORN"});
EXPECT_EQ(options.allowLocalNetworking, true);
+ {
+ auto output_ = get(std::get<1>(options.outputChecks), "dev");
+ ASSERT_TRUE(output_);
+ auto & output = *output_;
+
+ EXPECT_EQ(output.maxSize, 789);
+ EXPECT_EQ(output.maxClosureSize, 5909);
+ }
+
+ EXPECT_EQ(options.canBuildLocally(*this->store, got), false);
+ EXPECT_EQ(options.willBuildLocally(*this->store, got), false);
+ EXPECT_EQ(options.substitutesAllowed(), false);
+ EXPECT_EQ(options.useUidRange(got), true);
+ });
+};
+
+TEST_F(DerivationAdvancedAttrsTest, advancedAttributes_structuredAttrs)
+{
+ this->readTest("advanced-attributes-structured-attrs.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
+
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
+
+ ParsedDerivation parsedDrv(drvPath, got);
+ DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
+
{
{
auto output_ = get(std::get<1>(options.outputChecks), "out");
ASSERT_TRUE(output_);
auto & output = *output_;
- EXPECT_EQ(output.allowedReferences, StringSet{"/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo"});
- EXPECT_EQ(output.allowedRequisites, StringSet{"/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo"});
+ EXPECT_EQ(output.allowedReferences, StringSet{"/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo"});
+ EXPECT_EQ(output.allowedRequisites, StringSet{"/nix/store/z0rjzy29v9k5qa4nqpykrbzirj7sd43v-foo-dev"});
}
{
@@ -219,25 +374,54 @@ TEST_F(DerivationAdvancedAttrsTest, Derivation_advancedAttributes_structuredAttr
ASSERT_TRUE(output_);
auto & output = *output_;
- EXPECT_EQ(output.disallowedReferences, StringSet{"/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar"});
- EXPECT_EQ(output.disallowedRequisites, StringSet{"/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar"});
+ EXPECT_EQ(output.disallowedReferences, StringSet{"/nix/store/r5cff30838majxk5mp3ip2diffi8vpaj-bar"});
+ EXPECT_EQ(
+ output.disallowedRequisites, StringSet{"/nix/store/9b61w26b4avv870dw0ymb6rw4r1hzpws-bar-dev"});
}
+ }
+
+ StringSet systemFeatures{"rainbow", "uid-range"};
+ EXPECT_EQ(options.getRequiredSystemFeatures(got), systemFeatures);
+ });
+};
+
+TEST_F(CaDerivationAdvancedAttrsTest, advancedAttributes_structuredAttrs)
+{
+ this->readTest("advanced-attributes-structured-attrs.drv", [&](auto encoded) {
+ auto got = parseDerivation(*this->store, std::move(encoded), "foo", this->mockXpSettings);
+
+ auto drvPath = writeDerivation(*this->store, got, NoRepair, true);
+
+ ParsedDerivation parsedDrv(drvPath, got);
+ DerivationOptions options = DerivationOptions::fromParsedDerivation(parsedDrv);
+
+ {
{
- auto output_ = get(std::get<1>(options.outputChecks), "dev");
+ auto output_ = get(std::get<1>(options.outputChecks), "out");
ASSERT_TRUE(output_);
auto & output = *output_;
- EXPECT_EQ(output.maxSize, 789);
- EXPECT_EQ(output.maxClosureSize, 5909);
+ EXPECT_EQ(output.allowedReferences, StringSet{"/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9"});
+ EXPECT_EQ(output.allowedRequisites, StringSet{"/0nr45p69vn6izw9446wsh9bng9nndhvn19kpsm4n96a5mycw0s4z"});
+ }
+
+ {
+ auto output_ = get(std::get<1>(options.outputChecks), "bin");
+ ASSERT_TRUE(output_);
+ auto & output = *output_;
+
+ EXPECT_EQ(
+ output.disallowedReferences, StringSet{"/0nyw57wm2iicnm9rglvjmbci3ikmcp823czdqdzdcgsnnwqps71g"});
+ EXPECT_EQ(
+ output.disallowedRequisites, StringSet{"/07f301yqyz8c6wf6bbbavb2q39j4n8kmcly1s09xadyhgy6x2wr8"});
}
}
+ StringSet systemFeatures{"rainbow", "uid-range"};
+ systemFeatures.insert("ca-derivations");
+
EXPECT_EQ(options.getRequiredSystemFeatures(got), systemFeatures);
- EXPECT_EQ(options.canBuildLocally(*store, got), false);
- EXPECT_EQ(options.willBuildLocally(*store, got), false);
- EXPECT_EQ(options.substitutesAllowed(), false);
- EXPECT_EQ(options.useUidRange(got), true);
});
};
diff --git a/src/libstore-tests/machines.cc b/src/libstore-tests/machines.cc
index 1d574ceeb77..084807130d9 100644
--- a/src/libstore-tests/machines.cc
+++ b/src/libstore-tests/machines.cc
@@ -73,6 +73,32 @@ TEST(machines, getMachinesWithSemicolonSeparator) {
EXPECT_THAT(actual, Contains(Field(&Machine::storeUri, AuthorityMatches("nix@itchy.labs.cs.uu.nl"))));
}
+TEST(machines, getMachinesWithCommentsAndSemicolonSeparator) {
+ auto actual = Machine::parseConfig({},
+ "# This is a comment ; this is still that comment\n"
+ "nix@scratchy.labs.cs.uu.nl ; nix@itchy.labs.cs.uu.nl\n"
+ "# This is also a comment ; this also is still that comment\n"
+ "nix@scabby.labs.cs.uu.nl\n");
+ EXPECT_THAT(actual, SizeIs(3));
+ EXPECT_THAT(actual, Contains(Field(&Machine::storeUri, AuthorityMatches("nix@scratchy.labs.cs.uu.nl"))));
+ EXPECT_THAT(actual, Contains(Field(&Machine::storeUri, AuthorityMatches("nix@itchy.labs.cs.uu.nl"))));
+ EXPECT_THAT(actual, Contains(Field(&Machine::storeUri, AuthorityMatches("nix@scabby.labs.cs.uu.nl"))));
+}
+
+TEST(machines, getMachinesWithFunnyWhitespace) {
+ auto actual = Machine::parseConfig({},
+ " # commment ; comment\n"
+ " nix@scratchy.labs.cs.uu.nl ; nix@itchy.labs.cs.uu.nl \n"
+ "\n \n"
+ "\n ;;; \n"
+ "\n ; ; \n"
+ "nix@scabby.labs.cs.uu.nl\n\n");
+ EXPECT_THAT(actual, SizeIs(3));
+ EXPECT_THAT(actual, Contains(Field(&Machine::storeUri, AuthorityMatches("nix@scratchy.labs.cs.uu.nl"))));
+ EXPECT_THAT(actual, Contains(Field(&Machine::storeUri, AuthorityMatches("nix@itchy.labs.cs.uu.nl"))));
+ EXPECT_THAT(actual, Contains(Field(&Machine::storeUri, AuthorityMatches("nix@scabby.labs.cs.uu.nl"))));
+}
+
TEST(machines, getMachinesWithCorrectCompleteSingleBuilder) {
auto actual = Machine::parseConfig({},
"nix@scratchy.labs.cs.uu.nl i686-linux "
diff --git a/src/libstore/build-result.cc b/src/libstore/build-result.cc
index 09166133786..26442461344 100644
--- a/src/libstore/build-result.cc
+++ b/src/libstore/build-result.cc
@@ -1,8 +1,49 @@
#include "nix/store/build-result.hh"
+#include
+
namespace nix {
bool BuildResult::operator==(const BuildResult &) const noexcept = default;
std::strong_ordering BuildResult::operator<=>(const BuildResult &) const noexcept = default;
+void to_json(nlohmann::json & json, const BuildResult & buildResult)
+{
+ json = nlohmann::json::object();
+ json["status"] = BuildResult::statusToString(buildResult.status);
+ if (buildResult.errorMsg != "")
+ json["errorMsg"] = buildResult.errorMsg;
+ if (buildResult.timesBuilt)
+ json["timesBuilt"] = buildResult.timesBuilt;
+ if (buildResult.isNonDeterministic)
+ json["isNonDeterministic"] = buildResult.isNonDeterministic;
+ if (buildResult.startTime)
+ json["startTime"] = buildResult.startTime;
+ if (buildResult.stopTime)
+ json["stopTime"] = buildResult.stopTime;
+}
+
+void to_json(nlohmann::json & json, const KeyedBuildResult & buildResult)
+{
+ to_json(json, (const BuildResult &) buildResult);
+ auto path = nlohmann::json::object();
+ std::visit(
+ overloaded{
+ [&](const DerivedPathOpaque & opaque) { path["opaque"] = opaque.path.to_string(); },
+ [&](const DerivedPathBuilt & drv) {
+ path["drvPath"] = drv.drvPath->getBaseStorePath().to_string();
+ path["outputs"] = drv.outputs;
+ auto outputs = nlohmann::json::object();
+ for (auto & [name, output] : buildResult.builtOutputs)
+ outputs[name] = {
+ {"path", output.outPath.to_string()},
+ {"signatures", output.signatures},
+ };
+ json["builtOutputs"] = std::move(outputs);
+ },
+ },
+ buildResult.path.raw());
+ json["path"] = std::move(path);
+}
+
}
diff --git a/src/libstore/build/derivation-goal.cc b/src/libstore/build/derivation-goal.cc
index 00906eed450..d7f8846bd11 100644
--- a/src/libstore/build/derivation-goal.cc
+++ b/src/libstore/build/derivation-goal.cc
@@ -966,9 +966,7 @@ Goal::Co DerivationGoal::buildDone()
msg += line;
msg += "\n";
}
- auto nixLogCommand = experimentalFeatureSettings.isEnabled(Xp::NixCommand)
- ? "nix log"
- : "nix-store -l";
+ auto nixLogCommand = "nix log";
// The command is on a separate line for easy copying, such as with triple click.
// This message will be indented elsewhere, so removing the indentation before the
// command will not put it at the start of the line unfortunately.
@@ -1542,6 +1540,14 @@ Goal::Done DerivationGoal::done(
fs << worker.store.printStorePath(drvPath) << "\t" << buildResult.toString() << std::endl;
}
+ logger->result(
+ act ? act->id : getCurActivity(),
+ resBuildResult,
+ nlohmann::json(
+ KeyedBuildResult(
+ buildResult,
+ DerivedPath::Built{.drvPath = makeConstantStorePathRef(drvPath), .outputs = wantedOutputs})));
+
return amDone(buildResult.success() ? ecSuccess : ecFailed, std::move(ex));
}
diff --git a/src/libstore/build/substitution-goal.cc b/src/libstore/build/substitution-goal.cc
index 72bdfa6327e..fc126193502 100644
--- a/src/libstore/build/substitution-goal.cc
+++ b/src/libstore/build/substitution-goal.cc
@@ -3,8 +3,11 @@
#include "nix/store/nar-info.hh"
#include "nix/util/finally.hh"
#include "nix/util/signals.hh"
+
#include
+#include
+
namespace nix {
PathSubstitutionGoal::PathSubstitutionGoal(const StorePath & storePath, Worker & worker, RepairFlag repair, std::optional ca)
@@ -35,6 +38,15 @@ Goal::Done PathSubstitutionGoal::done(
debug(*errorMsg);
buildResult.errorMsg = *errorMsg;
}
+
+ logger->result(
+ getCurActivity(),
+ resBuildResult,
+ nlohmann::json(
+ KeyedBuildResult(
+ buildResult,
+ DerivedPath::Opaque{storePath})));
+
return amDone(result);
}
diff --git a/src/libstore/daemon.cc b/src/libstore/daemon.cc
index 8f751427342..dfc068bc775 100644
--- a/src/libstore/daemon.cc
+++ b/src/libstore/daemon.cc
@@ -15,6 +15,7 @@
#include "nix/store/derivations.hh"
#include "nix/util/args.hh"
#include "nix/util/git.hh"
+#include "nix/util/logging.hh"
#ifndef _WIN32 // TODO need graceful async exit support on Windows?
# include "nix/util/monitor-fd.hh"
@@ -1050,6 +1051,7 @@ void processConnection(
if (!recursive) {
prevLogger_ = std::move(logger);
logger = std::move(tunnelLogger_);
+ applyJSONLogger();
}
unsigned int opCount = 0;
diff --git a/src/libstore/derivation-options.cc b/src/libstore/derivation-options.cc
index 962222f6d54..af3a319e978 100644
--- a/src/libstore/derivation-options.cc
+++ b/src/libstore/derivation-options.cc
@@ -68,7 +68,6 @@ DerivationOptions DerivationOptions::fromParsedDerivation(const ParsedDerivation
throw Error("attribute '%s' must be a list of strings", name);
res.insert(j->get());
}
- checks.disallowedRequisites = res;
return res;
}
return {};
diff --git a/src/libstore/derivations.cc b/src/libstore/derivations.cc
index 360d19afee2..fdfdc37b41f 100644
--- a/src/libstore/derivations.cc
+++ b/src/libstore/derivations.cc
@@ -1368,7 +1368,7 @@ Derivation Derivation::fromJSON(
for (auto & [outputName, output] : getObject(valueAt(json, "outputs"))) {
res.outputs.insert_or_assign(
outputName,
- DerivationOutput::fromJSON(store, res.name, outputName, output));
+ DerivationOutput::fromJSON(store, res.name, outputName, output, xpSettings));
}
} catch (Error & e) {
e.addTrace({}, "while reading key 'outputs'");
diff --git a/src/libstore/filetransfer.cc b/src/libstore/filetransfer.cc
index 49453f6dfdf..fb7c6c7a24a 100644
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@@ -22,10 +22,8 @@
#include
-#include
#include
#include
-#include
#include
#include
#include
@@ -95,7 +93,7 @@ struct curlFileTransfer : public FileTransfer
: fileTransfer(fileTransfer)
, request(request)
, act(*logger, lvlTalkative, actFileTransfer,
- request.post ? "" : fmt(request.data ? "uploading '%s'" : "downloading '%s'", request.uri),
+ fmt("%sing '%s'", request.verb(), request.uri),
{request.uri}, request.parentAct)
, callback(std::move(callback))
, finalSink([this](std::string_view data) {
@@ -272,19 +270,11 @@ struct curlFileTransfer : public FileTransfer
return getInterrupted();
}
- int silentProgressCallback(curl_off_t dltotal, curl_off_t dlnow)
- {
- return getInterrupted();
- }
-
static int progressCallbackWrapper(void * userp, curl_off_t dltotal, curl_off_t dlnow, curl_off_t ultotal, curl_off_t ulnow)
{
- return ((TransferItem *) userp)->progressCallback(dltotal, dlnow);
- }
-
- static int silentProgressCallbackWrapper(void * userp, curl_off_t dltotal, curl_off_t dlnow, curl_off_t ultotal, curl_off_t ulnow)
- {
- return ((TransferItem *) userp)->silentProgressCallback(dltotal, dlnow);
+ auto & item = *static_cast(userp);
+ auto isUpload = bool(item.request.data);
+ return item.progressCallback(isUpload ? ultotal : dltotal, isUpload ? ulnow : dlnow);
}
static int debugCallback(CURL * handle, curl_infotype type, char * data, size_t size, void * userptr)
@@ -335,7 +325,9 @@ struct curlFileTransfer : public FileTransfer
curl_easy_setopt(req, CURLOPT_MAXREDIRS, 10);
curl_easy_setopt(req, CURLOPT_NOSIGNAL, 1);
curl_easy_setopt(req, CURLOPT_USERAGENT,
- ("curl/" LIBCURL_VERSION " Nix/" + nixVersion +
+ ("curl/" LIBCURL_VERSION
+ " Nix/" + nixVersion +
+ " DeterminateNix/" + determinateNixVersion +
(fileTransferSettings.userAgentSuffix != "" ? " " + fileTransferSettings.userAgentSuffix.get() : "")).c_str());
#if LIBCURL_VERSION_NUM >= 0x072b00
curl_easy_setopt(req, CURLOPT_PIPEWAIT, 1);
@@ -351,10 +343,7 @@ struct curlFileTransfer : public FileTransfer
curl_easy_setopt(req, CURLOPT_HEADERFUNCTION, TransferItem::headerCallbackWrapper);
curl_easy_setopt(req, CURLOPT_HEADERDATA, this);
- if (request.post)
- curl_easy_setopt(req, CURLOPT_XFERINFOFUNCTION, silentProgressCallbackWrapper);
- else
- curl_easy_setopt(req, CURLOPT_XFERINFOFUNCTION, progressCallbackWrapper);
+ curl_easy_setopt(req, CURLOPT_XFERINFOFUNCTION, progressCallbackWrapper);
curl_easy_setopt(req, CURLOPT_XFERINFODATA, this);
curl_easy_setopt(req, CURLOPT_NOPROGRESS, 0);
@@ -447,8 +436,7 @@ struct curlFileTransfer : public FileTransfer
if (httpStatus == 304 && result.etag == "")
result.etag = request.expectedETag;
- if (!request.post)
- act.progress(result.bodySize, result.bodySize);
+ act.progress(result.bodySize, result.bodySize);
done = true;
callback(std::move(result));
}
@@ -537,6 +525,8 @@ struct curlFileTransfer : public FileTransfer
warn("%s; retrying from offset %d in %d ms", exc.what(), writtenToSink, ms);
else
warn("%s; retrying in %d ms", exc.what(), ms);
+ decompressionSink.reset();
+ errorSink.reset();
embargo = std::chrono::steady_clock::now() + std::chrono::milliseconds(ms);
fileTransfer.enqueueItem(shared_from_this());
}
@@ -789,10 +779,6 @@ struct curlFileTransfer : public FileTransfer
S3Helper s3Helper(profile, region, scheme, endpoint);
- Activity act(*logger, lvlTalkative, actFileTransfer,
- fmt("downloading '%s'", request.uri),
- {request.uri}, request.parentAct);
-
// FIXME: implement ETag
auto s3Res = s3Helper.getObject(bucketName, key);
FileTransferResult res;
diff --git a/src/libstore/globals.cc b/src/libstore/globals.cc
index c590ccf28b5..e4c1f881987 100644
--- a/src/libstore/globals.cc
+++ b/src/libstore/globals.cc
@@ -244,6 +244,8 @@ Path Settings::getDefaultSSLCertFile()
std::string nixVersion = PACKAGE_VERSION;
+const std::string determinateNixVersion = DETERMINATE_NIX_VERSION;
+
NLOHMANN_JSON_SERIALIZE_ENUM(SandboxMode, {
{SandboxMode::smEnabled, true},
{SandboxMode::smRelaxed, "relaxed"},
@@ -278,21 +280,21 @@ template<> void BaseSetting::convertToArg(Args & args, const std::s
.aliases = aliases,
.description = "Enable sandboxing.",
.category = category,
- .handler = {[this]() { override(smEnabled); }}
+ .handler = {[this]() { override(smEnabled); }},
});
args.addFlag({
.longName = "no-" + name,
.aliases = aliases,
.description = "Disable sandboxing.",
.category = category,
- .handler = {[this]() { override(smDisabled); }}
+ .handler = {[this]() { override(smDisabled); }},
});
args.addFlag({
.longName = "relaxed-" + name,
.aliases = aliases,
.description = "Enable sandboxing, but allow builds to disable it.",
.category = category,
- .handler = {[this]() { override(smRelaxed); }}
+ .handler = {[this]() { override(smRelaxed); }},
});
}
diff --git a/src/libstore/include/nix/store/build-result.hh b/src/libstore/include/nix/store/build-result.hh
index edc77a52350..40b3cdcf16f 100644
--- a/src/libstore/include/nix/store/build-result.hh
+++ b/src/libstore/include/nix/store/build-result.hh
@@ -8,6 +8,8 @@
#include
#include
+#include
+
namespace nix {
struct BuildResult
@@ -46,28 +48,32 @@ struct BuildResult
*/
std::string errorMsg;
+ static std::string_view statusToString(Status status)
+ {
+ switch (status) {
+ case Built: return "Built";
+ case Substituted: return "Substituted";
+ case AlreadyValid: return "AlreadyValid";
+ case PermanentFailure: return "PermanentFailure";
+ case InputRejected: return "InputRejected";
+ case OutputRejected: return "OutputRejected";
+ case TransientFailure: return "TransientFailure";
+ case CachedFailure: return "CachedFailure";
+ case TimedOut: return "TimedOut";
+ case MiscFailure: return "MiscFailure";
+ case DependencyFailed: return "DependencyFailed";
+ case LogLimitExceeded: return "LogLimitExceeded";
+ case NotDeterministic: return "NotDeterministic";
+ case ResolvesToAlreadyValid: return "ResolvesToAlreadyValid";
+ case NoSubstituters: return "NoSubstituters";
+ default: return "Unknown";
+ };
+ }
+
std::string toString() const {
- auto strStatus = [&]() {
- switch (status) {
- case Built: return "Built";
- case Substituted: return "Substituted";
- case AlreadyValid: return "AlreadyValid";
- case PermanentFailure: return "PermanentFailure";
- case InputRejected: return "InputRejected";
- case OutputRejected: return "OutputRejected";
- case TransientFailure: return "TransientFailure";
- case CachedFailure: return "CachedFailure";
- case TimedOut: return "TimedOut";
- case MiscFailure: return "MiscFailure";
- case DependencyFailed: return "DependencyFailed";
- case LogLimitExceeded: return "LogLimitExceeded";
- case NotDeterministic: return "NotDeterministic";
- case ResolvesToAlreadyValid: return "ResolvesToAlreadyValid";
- case NoSubstituters: return "NoSubstituters";
- default: return "Unknown";
- };
- }();
- return strStatus + ((errorMsg == "") ? "" : " : " + errorMsg);
+ return
+ std::string(statusToString(status))
+ + ((errorMsg == "") ? "" : " : " + errorMsg);
}
/**
@@ -130,4 +136,7 @@ struct KeyedBuildResult : BuildResult
{ }
};
+void to_json(nlohmann::json & json, const BuildResult & buildResult);
+void to_json(nlohmann::json & json, const KeyedBuildResult & buildResult);
+
}
diff --git a/src/libstore/include/nix/store/filetransfer.hh b/src/libstore/include/nix/store/filetransfer.hh
index 217c52d77f6..f87f68e7fc8 100644
--- a/src/libstore/include/nix/store/filetransfer.hh
+++ b/src/libstore/include/nix/store/filetransfer.hh
@@ -77,7 +77,7 @@ struct FileTransferRequest
FileTransferRequest(std::string_view uri)
: uri(uri), parentAct(getCurActivity()) { }
- std::string verb()
+ std::string verb() const
{
return data ? "upload" : "download";
}
diff --git a/src/libstore/include/nix/store/globals.hh b/src/libstore/include/nix/store/globals.hh
index 82211d8dc17..c35b911cf82 100644
--- a/src/libstore/include/nix/store/globals.hh
+++ b/src/libstore/include/nix/store/globals.hh
@@ -1263,6 +1263,8 @@ std::vector getUserConfigFiles();
*/
extern std::string nixVersion;
+extern const std::string determinateNixVersion;
+
/**
* @param loadConfig Whether to load configuration from `nix.conf`, `NIX_CONFIG`, etc. May be disabled for unit tests.
* @note When using libexpr, and/or libmain, This is not sufficient. See initNix().
diff --git a/src/libstore/linux/include/nix/store/fchmodat2-compat.hh b/src/libstore/linux/fchmodat2-compat.hh
similarity index 100%
rename from src/libstore/linux/include/nix/store/fchmodat2-compat.hh
rename to src/libstore/linux/fchmodat2-compat.hh
diff --git a/src/libstore/linux/include/nix/store/meson.build b/src/libstore/linux/include/nix/store/meson.build
index fd05fcaea62..a664aefa9f4 100644
--- a/src/libstore/linux/include/nix/store/meson.build
+++ b/src/libstore/linux/include/nix/store/meson.build
@@ -1,6 +1,5 @@
include_dirs += include_directories('../..')
headers += files(
- 'fchmodat2-compat.hh',
'personality.hh',
)
diff --git a/src/libstore/machines.cc b/src/libstore/machines.cc
index 7c077239d69..d98d06651e5 100644
--- a/src/libstore/machines.cc
+++ b/src/libstore/machines.cc
@@ -105,28 +105,31 @@ ref Machine::openStore() const
static std::vector expandBuilderLines(const std::string & builders)
{
std::vector result;
- for (auto line : tokenizeString>(builders, "\n;")) {
- trim(line);
+ for (auto line : tokenizeString>(builders, "\n")) {
line.erase(std::find(line.begin(), line.end(), '#'), line.end());
- if (line.empty()) continue;
-
- if (line[0] == '@') {
- const std::string path = trim(std::string(line, 1));
- std::string text;
- try {
- text = readFile(path);
- } catch (const SysError & e) {
- if (e.errNo != ENOENT)
- throw;
- debug("cannot find machines file '%s'", path);
+ for (auto entry : tokenizeString>(line, ";")) {
+ entry = trim(entry);
+
+ if (entry.empty()) {
+ // skip blank entries
+ } else if (entry[0] == '@') {
+ const std::string path = trim(std::string_view{entry}.substr(1));
+ std::string text;
+ try {
+ text = readFile(path);
+ } catch (const SysError & e) {
+ if (e.errNo != ENOENT)
+ throw;
+ debug("cannot find machines file '%s'", path);
+ continue;
+ }
+
+ const auto entrys = expandBuilderLines(text);
+ result.insert(end(result), begin(entrys), end(entrys));
+ } else {
+ result.emplace_back(entry);
}
-
- const auto lines = expandBuilderLines(text);
- result.insert(end(result), begin(lines), end(lines));
- continue;
}
-
- result.emplace_back(line);
}
return result;
}
diff --git a/src/libstore/meson.build b/src/libstore/meson.build
index d35cc2c0bd9..112a8ef7b7c 100644
--- a/src/libstore/meson.build
+++ b/src/libstore/meson.build
@@ -11,6 +11,8 @@ project('nix-store', 'cpp',
license : 'LGPL-2.1-or-later',
)
+fs = import('fs')
+
cxx = meson.get_compiler('cpp')
subdir('nix-meson-build-support/deps-lists')
@@ -21,6 +23,8 @@ configdata_priv = configuration_data()
# TODO rename, because it will conflict with downstream projects
configdata_priv.set_quoted('PACKAGE_VERSION', meson.project_version())
+configdata_priv.set_quoted('DETERMINATE_NIX_VERSION', fs.read('../../.version-determinate').strip())
+
# Used in public header.
configdata_pub.set_quoted(
'NIX_LOCAL_SYSTEM',
@@ -180,8 +184,6 @@ if get_option('embedded-sandbox-shell')
generated_headers += embedded_sandbox_shell_gen
endif
-fs = import('fs')
-
prefix = get_option('prefix')
# For each of these paths, assume that it is relative to the prefix unless
# it is already an absolute path (which is the default for store-dir, localstatedir, and log-dir).
diff --git a/src/libstore/package.nix b/src/libstore/package.nix
index 775776139ae..20478d9d3c2 100644
--- a/src/libstore/package.nix
+++ b/src/libstore/package.nix
@@ -32,15 +32,17 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-store";
+ pname = "determinate-nix-store";
inherit version;
workDir = ./.;
fileset = fileset.unions [
../../nix-meson-build-support
./nix-meson-build-support
+ # FIXME: get rid of these symlinks.
../../.version
./.version
+ ../../.version-determinate
./meson.build
./meson.options
./include/nix/store/meson.build
diff --git a/src/libstore/s3-binary-cache-store.cc b/src/libstore/s3-binary-cache-store.cc
index 87f5feb45a6..f9e5833077e 100644
--- a/src/libstore/s3-binary-cache-store.cc
+++ b/src/libstore/s3-binary-cache-store.cc
@@ -160,7 +160,10 @@ ref S3Helper::makeConfig(
S3Helper::FileTransferResult S3Helper::getObject(
const std::string & bucketName, const std::string & key)
{
- debug("fetching 's3://%s/%s'...", bucketName, key);
+ std::string uri = "s3://" + bucketName + "/" + key;
+ Activity act(*logger, lvlTalkative, actFileTransfer,
+ fmt("downloading '%s'", uri),
+ Logger::Fields{uri}, getCurActivity());
auto request =
Aws::S3::Model::GetObjectRequest()
@@ -171,6 +174,22 @@ S3Helper::FileTransferResult S3Helper::getObject(
return Aws::New("STRINGSTREAM");
});
+ size_t bytesDone = 0;
+ size_t bytesExpected = 0;
+ request.SetDataReceivedEventHandler([&](const Aws::Http::HttpRequest * req, Aws::Http::HttpResponse * resp, long long l) {
+ if (!bytesExpected && resp->HasHeader("Content-Length")) {
+ if (auto length = string2Int(resp->GetHeader("Content-Length"))) {
+ bytesExpected = *length;
+ }
+ }
+ bytesDone += l;
+ act.progress(bytesDone, bytesExpected);
+ });
+
+ request.SetContinueRequestHandler([](const Aws::Http::HttpRequest*) {
+ return !isInterrupted();
+ });
+
FileTransferResult res;
auto now1 = std::chrono::steady_clock::now();
@@ -180,6 +199,8 @@ S3Helper::FileTransferResult S3Helper::getObject(
auto result = checkAws(fmt("AWS error fetching '%s'", key),
client->GetObject(request));
+ act.progress(result.GetContentLength(), result.GetContentLength());
+
res.data = decompress(result.GetContentEncoding(),
dynamic_cast(result.GetBody()).str());
@@ -307,11 +328,35 @@ struct S3BinaryCacheStoreImpl : virtual S3BinaryCacheStoreConfig, public virtual
std::shared_ptr transferManager;
std::once_flag transferManagerCreated;
+ struct AsyncContext : public Aws::Client::AsyncCallerContext
+ {
+ mutable std::mutex mutex;
+ mutable std::condition_variable cv;
+ const Activity & act;
+
+ void notify() const
+ {
+ cv.notify_one();
+ }
+
+ void wait() const
+ {
+ std::unique_lock lk(mutex);
+ cv.wait(lk);
+ }
+
+ AsyncContext(const Activity & act) : act(act) {}
+ };
+
void uploadFile(const std::string & path,
std::shared_ptr> istream,
const std::string & mimeType,
const std::string & contentEncoding)
{
+ std::string uri = "s3://" + bucketName + "/" + path;
+ Activity act(*logger, lvlTalkative, actFileTransfer,
+ fmt("uploading '%s'", uri),
+ Logger::Fields{uri}, getCurActivity());
istream->seekg(0, istream->end);
auto size = istream->tellg();
istream->seekg(0, istream->beg);
@@ -330,16 +375,25 @@ struct S3BinaryCacheStoreImpl : virtual S3BinaryCacheStoreConfig, public virtual
transferConfig.bufferSize = bufferSize;
transferConfig.uploadProgressCallback =
- [](const TransferManager *transferManager,
- const std::shared_ptr
- &transferHandle)
+ [](const TransferManager * transferManager,
+ const std::shared_ptr & transferHandle)
+ {
+ auto context = std::dynamic_pointer_cast(transferHandle->GetContext());
+ size_t bytesDone = transferHandle->GetBytesTransferred();
+ size_t bytesTotal = transferHandle->GetBytesTotalSize();
+ try {
+ checkInterrupt();
+ context->act.progress(bytesDone, bytesTotal);
+ } catch (...) {
+ context->notify();
+ }
+ };
+ transferConfig.transferStatusUpdatedCallback =
+ [](const TransferManager * transferManager,
+ const std::shared_ptr & transferHandle)
{
- //FIXME: find a way to properly abort the multipart upload.
- //checkInterrupt();
- debug("upload progress ('%s'): '%d' of '%d' bytes",
- transferHandle->GetKey(),
- transferHandle->GetBytesTransferred(),
- transferHandle->GetBytesTotalSize());
+ auto context = std::dynamic_pointer_cast(transferHandle->GetContext());
+ context->notify();
};
transferManager = TransferManager::Create(transferConfig);
@@ -353,29 +407,51 @@ struct S3BinaryCacheStoreImpl : virtual S3BinaryCacheStoreConfig, public virtual
if (contentEncoding != "")
throw Error("setting a content encoding is not supported with S3 multi-part uploads");
+ auto context = std::make_shared(act);
std::shared_ptr transferHandle =
transferManager->UploadFile(
istream, bucketName, path, mimeType,
Aws::Map(),
- nullptr /*, contentEncoding */);
-
- transferHandle->WaitUntilFinished();
+ context /*, contentEncoding */);
+
+ TransferStatus status = transferHandle->GetStatus();
+ while (status == TransferStatus::IN_PROGRESS || status == TransferStatus::NOT_STARTED) {
+ if (!isInterrupted()) {
+ context->wait();
+ } else {
+ transferHandle->Cancel();
+ transferHandle->WaitUntilFinished();
+ }
+ status = transferHandle->GetStatus();
+ }
+ act.progress(transferHandle->GetBytesTransferred(), transferHandle->GetBytesTotalSize());
- if (transferHandle->GetStatus() == TransferStatus::FAILED)
+ if (status == TransferStatus::FAILED)
throw Error("AWS error: failed to upload 's3://%s/%s': %s",
bucketName, path, transferHandle->GetLastError().GetMessage());
- if (transferHandle->GetStatus() != TransferStatus::COMPLETED)
+ if (status != TransferStatus::COMPLETED)
throw Error("AWS error: transfer status of 's3://%s/%s' in unexpected state",
bucketName, path);
} else {
+ act.progress(0, size);
auto request =
Aws::S3::Model::PutObjectRequest()
.WithBucket(bucketName)
.WithKey(path);
+ size_t bytesSent = 0;
+ request.SetDataSentEventHandler([&](const Aws::Http::HttpRequest * req, long long l) {
+ bytesSent += l;
+ act.progress(bytesSent, size);
+ });
+
+ request.SetContinueRequestHandler([](const Aws::Http::HttpRequest*) {
+ return !isInterrupted();
+ });
+
request.SetContentType(mimeType);
if (contentEncoding != "")
@@ -385,6 +461,8 @@ struct S3BinaryCacheStoreImpl : virtual S3BinaryCacheStoreConfig, public virtual
auto result = checkAws(fmt("AWS error uploading '%s'", path),
s3Helper.client->PutObject(request));
+
+ act.progress(size, size);
}
auto now2 = std::chrono::steady_clock::now();
diff --git a/src/libstore/uds-remote-store.cc b/src/libstore/uds-remote-store.cc
index 3c1657d1522..b58dd4783e1 100644
--- a/src/libstore/uds-remote-store.cc
+++ b/src/libstore/uds-remote-store.cc
@@ -84,9 +84,7 @@ ref UDSRemoteStore::openConnection()
auto conn = make_ref();
/* Connect to a daemon that does the privileged work for us. */
- conn->fd = createUnixDomainSocket();
-
- nix::connect(toSocket(conn->fd.get()), path);
+ conn->fd = nix::connect(path);
conn->from.fd = conn->fd.get();
conn->to.fd = conn->fd.get();
diff --git a/src/libstore/unix/build/local-derivation-goal.cc b/src/libstore/unix/build/local-derivation-goal.cc
index 4d3813dc59b..3ba1e823f06 100644
--- a/src/libstore/unix/build/local-derivation-goal.cc
+++ b/src/libstore/unix/build/local-derivation-goal.cc
@@ -42,7 +42,7 @@
/* Includes required for chroot support. */
#ifdef __linux__
-# include "nix/store/fchmodat2-compat.hh"
+# include "linux/fchmodat2-compat.hh"
# include
# include
# include
@@ -2661,6 +2661,12 @@ SingleDrvOutputs LocalDerivationGoal::registerOutputs()
worker.store.printStorePath(drvPath),
wanted.to_string(HashFormat::SRI, true),
got.to_string(HashFormat::SRI, true)));
+ act->result(resHashMismatch,
+ {
+ {"storePath", worker.store.printStorePath(drvPath)},
+ {"wanted", wanted},
+ {"got", got},
+ });
}
if (!newInfo0.references.empty()) {
auto numViolations = newInfo.references.size();
diff --git a/src/libutil-c/package.nix b/src/libutil-c/package.nix
index f26f57775d4..a1605bf5bb8 100644
--- a/src/libutil-c/package.nix
+++ b/src/libutil-c/package.nix
@@ -14,7 +14,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-util-c";
+ pname = "determinate-nix-util-c";
inherit version;
workDir = ./.;
diff --git a/src/libutil-test-support/include/nix/util/tests/tracing-file-system-object-sink.hh b/src/libutil-test-support/include/nix/util/tests/tracing-file-system-object-sink.hh
deleted file mode 100644
index d721c13af05..00000000000
--- a/src/libutil-test-support/include/nix/util/tests/tracing-file-system-object-sink.hh
+++ /dev/null
@@ -1,41 +0,0 @@
-#pragma once
-#include "nix/util/fs-sink.hh"
-
-namespace nix::test {
-
-/**
- * A `FileSystemObjectSink` that traces calls, writing to stderr.
- */
-class TracingFileSystemObjectSink : public virtual FileSystemObjectSink
-{
- FileSystemObjectSink & sink;
-public:
- TracingFileSystemObjectSink(FileSystemObjectSink & sink)
- : sink(sink)
- {
- }
-
- void createDirectory(const CanonPath & path) override;
-
- void createRegularFile(const CanonPath & path, std::function fn) override;
-
- void createSymlink(const CanonPath & path, const std::string & target) override;
-};
-
-/**
- * A `ExtendedFileSystemObjectSink` that traces calls, writing to stderr.
- */
-class TracingExtendedFileSystemObjectSink : public TracingFileSystemObjectSink, public ExtendedFileSystemObjectSink
-{
- ExtendedFileSystemObjectSink & sink;
-public:
- TracingExtendedFileSystemObjectSink(ExtendedFileSystemObjectSink & sink)
- : TracingFileSystemObjectSink(sink)
- , sink(sink)
- {
- }
-
- void createHardlink(const CanonPath & path, const CanonPath & target) override;
-};
-
-}
diff --git a/src/libutil-test-support/package.nix b/src/libutil-test-support/package.nix
index f8e92c27113..40ff65d6135 100644
--- a/src/libutil-test-support/package.nix
+++ b/src/libutil-test-support/package.nix
@@ -17,7 +17,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-util-test-support";
+ pname = "determinate-nix-util-test-support";
inherit version;
workDir = ./.;
diff --git a/src/libutil-test-support/tracing-file-system-object-sink.cc b/src/libutil-test-support/tracing-file-system-object-sink.cc
deleted file mode 100644
index 52b081fb8fa..00000000000
--- a/src/libutil-test-support/tracing-file-system-object-sink.cc
+++ /dev/null
@@ -1,34 +0,0 @@
-#include
-#include "nix/tracing-file-system-object-sink.hh"
-
-namespace nix::test {
-
-void TracingFileSystemObjectSink::createDirectory(const CanonPath & path)
-{
- std::cerr << "createDirectory(" << path << ")\n";
- sink.createDirectory(path);
-}
-
-void TracingFileSystemObjectSink::createRegularFile(
- const CanonPath & path, std::function fn)
-{
- std::cerr << "createRegularFile(" << path << ")\n";
- sink.createRegularFile(path, [&](CreateRegularFileSink & crf) {
- // We could wrap this and trace about the chunks of data and such
- fn(crf);
- });
-}
-
-void TracingFileSystemObjectSink::createSymlink(const CanonPath & path, const std::string & target)
-{
- std::cerr << "createSymlink(" << path << ", target: " << target << ")\n";
- sink.createSymlink(path, target);
-}
-
-void TracingExtendedFileSystemObjectSink::createHardlink(const CanonPath & path, const CanonPath & target)
-{
- std::cerr << "createHardlink(" << path << ", target: " << target << ")\n";
- sink.createHardlink(path, target);
-}
-
-} // namespace nix::test
diff --git a/src/libutil-tests/config.cc b/src/libutil-tests/config.cc
index bc7db251b87..28b680d9c15 100644
--- a/src/libutil-tests/config.cc
+++ b/src/libutil-tests/config.cc
@@ -191,7 +191,7 @@ namespace nix {
"description",
{},
true,
- Xp::Flakes,
+ Xp::CaDerivations,
};
setting.assign("value");
@@ -203,7 +203,7 @@ namespace nix {
"description": "description\n",
"documentDefault": true,
"value": "value",
- "experimentalFeature": "flakes"
+ "experimentalFeature": "ca-derivations"
}
})#"_json);
}
diff --git a/src/libutil-tests/meson.build b/src/libutil-tests/meson.build
index 8f9c18eedb4..f2552550d3b 100644
--- a/src/libutil-tests/meson.build
+++ b/src/libutil-tests/meson.build
@@ -59,6 +59,7 @@ sources = files(
'json-utils.cc',
'logging.cc',
'lru-cache.cc',
+ 'monitorfdhup.cc',
'nix_api_util.cc',
'pool.cc',
'position.cc',
diff --git a/src/libutil-tests/monitorfdhup.cc b/src/libutil-tests/monitorfdhup.cc
index 01ecb92d96c..f9da4022da1 100644
--- a/src/libutil-tests/monitorfdhup.cc
+++ b/src/libutil-tests/monitorfdhup.cc
@@ -1,5 +1,5 @@
-#include "util.hh"
-#include "monitor-fd.hh"
+#include "nix/util/util.hh"
+#include "nix/util/monitor-fd.hh"
#include
#include
diff --git a/src/libutil/args.cc b/src/libutil/args.cc
index b4177bf9326..0541291ad3e 100644
--- a/src/libutil/args.cc
+++ b/src/libutil/args.cc
@@ -579,7 +579,7 @@ Strings argvToStrings(int argc, char * * argv)
std::optional Command::experimentalFeature ()
{
- return { Xp::NixCommand };
+ return {};
}
MultiCommand::MultiCommand(std::string_view commandName, const Commands & commands_)
@@ -647,4 +647,25 @@ nlohmann::json MultiCommand::toJSON()
return res;
}
+Strings::iterator MultiCommand::rewriteArgs(Strings & args, Strings::iterator pos)
+{
+ if (command)
+ return command->second->rewriteArgs(args, pos);
+
+ if (aliasUsed || pos == args.end()) return pos;
+ auto arg = *pos;
+ auto i = aliases.find(arg);
+ if (i == aliases.end()) return pos;
+ auto & info = i->second;
+ if (info.status == AliasStatus::Deprecated) {
+ warn("'%s' is a deprecated alias for '%s'",
+ arg, concatStringsSep(" ", info.replacement));
+ }
+ pos = args.erase(pos);
+ for (auto j = info.replacement.rbegin(); j != info.replacement.rend(); ++j)
+ pos = args.insert(pos, *j);
+ aliasUsed = true;
+ return pos;
+}
+
}
diff --git a/src/libutil/configuration.cc b/src/libutil/configuration.cc
index 0f5a6a43216..08e5919e09d 100644
--- a/src/libutil/configuration.cc
+++ b/src/libutil/configuration.cc
@@ -355,11 +355,11 @@ template<> std::set BaseSetting res;
for (auto & s : tokenizeString(str)) {
- if (auto thisXpFeature = parseExperimentalFeature(s); thisXpFeature) {
+ if (auto thisXpFeature = parseExperimentalFeature(s))
res.insert(thisXpFeature.value());
- if (thisXpFeature.value() == Xp::Flakes)
- res.insert(Xp::FetchTree);
- } else
+ else if (stabilizedFeatures.count(s))
+ debug("experimental feature '%s' is now stable", s);
+ else
warn("unknown experimental feature '%s'", s);
}
return res;
diff --git a/src/libutil/experimental-features.cc b/src/libutil/experimental-features.cc
index 348caa44ef3..14116aa0c54 100644
--- a/src/libutil/experimental-features.cc
+++ b/src/libutil/experimental-features.cc
@@ -70,19 +70,12 @@ constexpr std::array xpFeatureDetails
)",
.trackingUrl = "https://github.com/NixOS/nix/milestone/42",
},
- {
- .tag = Xp::Flakes,
- .name = "flakes",
- .description = R"(
- Enable flakes. See the manual entry for [`nix
- flake`](@docroot@/command-ref/new-cli/nix3-flake.md) for details.
- )",
- .trackingUrl = "https://github.com/NixOS/nix/milestone/27",
- },
{
.tag = Xp::FetchTree,
.name = "fetch-tree",
.description = R"(
+ *Enabled for Determinate Nix Installer users since 2.24*
+
Enable the use of the [`fetchTree`](@docroot@/language/builtins.md#builtins-fetchTree) built-in function in the Nix language.
`fetchTree` exposes a generic interface for fetching remote file system trees from different types of remote sources.
@@ -93,15 +86,6 @@ constexpr std::array xpFeatureDetails
)",
.trackingUrl = "https://github.com/NixOS/nix/milestone/31",
},
- {
- .tag = Xp::NixCommand,
- .name = "nix-command",
- .description = R"(
- Enable the new `nix` subcommands. See the manual on
- [`nix`](@docroot@/command-ref/new-cli/nix.md) for details.
- )",
- .trackingUrl = "https://github.com/NixOS/nix/milestone/28",
- },
{
.tag = Xp::GitHashing,
.name = "git-hashing",
@@ -317,12 +301,18 @@ constexpr std::array xpFeatureDetails
static_assert(
[]() constexpr {
for (auto [index, feature] : enumerate(xpFeatureDetails))
- if (index != (size_t)feature.tag)
+ if (index != (size_t) feature.tag)
return false;
return true;
}(),
"array order does not match enum tag order");
+/**
+ * A set of previously experimental features that are now considered
+ * stable. We don't warn if users have these in `experimental-features`.
+ */
+std::set stabilizedFeatures{"flakes", "nix-command"};
+
const std::optional parseExperimentalFeature(const std::string_view & name)
{
using ReverseXpMap = std::map;
diff --git a/src/libutil/hash.cc b/src/libutil/hash.cc
index 0a654b9144f..b0f09583bff 100644
--- a/src/libutil/hash.cc
+++ b/src/libutil/hash.cc
@@ -16,6 +16,8 @@
#include
#include
+#include
+
#include
namespace nix {
@@ -467,4 +469,13 @@ std::string_view printHashAlgo(HashAlgorithm ha)
}
}
+void to_json(nlohmann::json & json, const Hash & hash)
+{
+ json = nlohmann::json::object(
+ {
+ {"algo", printHashAlgo(hash.algo)},
+ {"base16", hash.to_string(HashFormat::Base16, false)},
+ });
+}
+
}
diff --git a/src/libutil/include/nix/util/args.hh b/src/libutil/include/nix/util/args.hh
index 77c4fb5b62f..4632703741d 100644
--- a/src/libutil/include/nix/util/args.hh
+++ b/src/libutil/include/nix/util/args.hh
@@ -393,8 +393,30 @@ public:
nlohmann::json toJSON() override;
+ enum struct AliasStatus {
+ /** Aliases that don't go away */
+ AcceptedShorthand,
+ /** Aliases that will go away */
+ Deprecated,
+ };
+
+ /** An alias, except for the original syntax, which is in the map key. */
+ struct AliasInfo {
+ AliasStatus status;
+ std::vector replacement;
+ };
+
+ /**
+ * A list of aliases (remapping a deprecated/shorthand subcommand
+ * to something else).
+ */
+ std::map aliases;
+
+ Strings::iterator rewriteArgs(Strings & args, Strings::iterator pos) override;
+
protected:
std::string commandName = "";
+ bool aliasUsed = false;
};
Strings argvToStrings(int argc, char * * argv);
diff --git a/src/libutil/include/nix/util/configuration.hh b/src/libutil/include/nix/util/configuration.hh
index 34cefd73b6a..cf51d481841 100644
--- a/src/libutil/include/nix/util/configuration.hh
+++ b/src/libutil/include/nix/util/configuration.hh
@@ -389,7 +389,7 @@ struct ExperimentalFeatureSettings : Config {
Example:
```
- experimental-features = nix-command flakes
+ experimental-features = ca-derivations
```
The following experimental features are available:
diff --git a/src/libutil/include/nix/util/experimental-features.hh b/src/libutil/include/nix/util/experimental-features.hh
index 06dd7062bd3..24cee610b11 100644
--- a/src/libutil/include/nix/util/experimental-features.hh
+++ b/src/libutil/include/nix/util/experimental-features.hh
@@ -19,9 +19,7 @@ enum struct ExperimentalFeature
{
CaDerivations,
ImpureDerivations,
- Flakes,
FetchTree,
- NixCommand,
GitHashing,
RecursiveNix,
NoUrlLiterals,
@@ -40,6 +38,8 @@ enum struct ExperimentalFeature
BLAKE3Hashes,
};
+extern std::set stabilizedFeatures;
+
/**
* Just because writing `ExperimentalFeature::CaDerivations` is way too long
*/
diff --git a/src/libutil/include/nix/util/hash.hh b/src/libutil/include/nix/util/hash.hh
index f3cc4cc6c84..12de4a6acf3 100644
--- a/src/libutil/include/nix/util/hash.hh
+++ b/src/libutil/include/nix/util/hash.hh
@@ -6,6 +6,8 @@
#include "nix/util/serialise.hh"
#include "nix/util/file-system.hh"
+#include
+
namespace nix {
@@ -210,6 +212,10 @@ std::optional parseHashAlgoOpt(std::string_view s);
*/
std::string_view printHashAlgo(HashAlgorithm ha);
+/**
+ * Write a JSON serialisation of the format `{"algo":"","base16":""}`.
+ */
+void to_json(nlohmann::json & json, const Hash & hash);
union Ctx;
diff --git a/src/libutil/include/nix/util/logging.hh b/src/libutil/include/nix/util/logging.hh
index 9210229bf26..1cb4161d151 100644
--- a/src/libutil/include/nix/util/logging.hh
+++ b/src/libutil/include/nix/util/logging.hh
@@ -6,6 +6,8 @@
#include "nix/util/file-descriptor.hh"
#include "nix/util/finally.hh"
+#include
+
#include
namespace nix {
@@ -37,6 +39,8 @@ typedef enum {
resSetExpected = 106,
resPostBuildLogLine = 107,
resFetchStatus = 108,
+ resHashMismatch = 109,
+ resBuildResult = 110,
} ResultType;
typedef uint64_t ActivityId;
@@ -49,6 +53,14 @@ struct LoggerSettings : Config
Whether Nix should print out a stack trace in case of Nix
expression evaluation errors.
)"};
+
+ Setting jsonLogPath{
+ this, "", "json-log-path",
+ R"(
+ A path to which JSON records of Nix's log output will be
+ written, in the same format as `--log-format internal-json`
+ (without the `@nix ` prefixes on each line).
+ )"};
};
extern LoggerSettings loggerSettings;
@@ -117,6 +129,8 @@ public:
virtual void result(ActivityId act, ResultType type, const Fields & fields) { };
+ virtual void result(ActivityId act, ResultType type, const nlohmann::json & json) { };
+
virtual void writeToStdout(std::string_view s);
template
@@ -169,6 +183,11 @@ struct Activity
void setExpected(ActivityType type2, uint64_t expected) const
{ result(resSetExpected, type2, expected); }
+ void result(ResultType type, const nlohmann::json & json) const
+ {
+ logger.result(id, type, json);
+ }
+
template
void result(ResultType type, const Args & ... args) const
{
@@ -196,7 +215,20 @@ extern std::unique_ptr logger;
std::unique_ptr makeSimpleLogger(bool printBuildLogs = true);
-std::unique_ptr makeJSONLogger(Descriptor fd);
+/**
+ * Create a logger that sends log messages to `mainLogger` and the
+ * list of loggers in `extraLoggers`. Only `mainLogger` is used for
+ * writing to stdout and getting user input.
+ */
+std::unique_ptr makeTeeLogger(
+ std::unique_ptr mainLogger,
+ std::vector> && extraLoggers);
+
+std::unique_ptr makeJSONLogger(Descriptor fd, bool includeNixPrefix = true);
+
+std::unique_ptr makeJSONLogger(const std::filesystem::path & path, bool includeNixPrefix = true);
+
+void applyJSONLogger();
/**
* @param source A noun phrase describing the source of the message, e.g. "the builder".
diff --git a/src/libutil/include/nix/util/meson.build b/src/libutil/include/nix/util/meson.build
index e30b8dacd48..329d4061218 100644
--- a/src/libutil/include/nix/util/meson.build
+++ b/src/libutil/include/nix/util/meson.build
@@ -43,6 +43,7 @@ headers = files(
'logging.hh',
'lru-cache.hh',
'memory-source-accessor.hh',
+ 'mounted-source-accessor.hh',
'muxable-pipe.hh',
'os-string.hh',
'pool.hh',
diff --git a/src/libutil/include/nix/util/mounted-source-accessor.hh b/src/libutil/include/nix/util/mounted-source-accessor.hh
new file mode 100644
index 00000000000..4e75edfafff
--- /dev/null
+++ b/src/libutil/include/nix/util/mounted-source-accessor.hh
@@ -0,0 +1,14 @@
+#pragma once
+
+#include "source-accessor.hh"
+
+namespace nix {
+
+struct MountedSourceAccessor : SourceAccessor
+{
+ virtual void mount(CanonPath mountPoint, ref accessor) = 0;
+};
+
+ref makeMountedSourceAccessor(std::map> mounts);
+
+}
diff --git a/src/libutil/include/nix/util/signals.hh b/src/libutil/include/nix/util/signals.hh
index 45130a90cc4..5a2ba8e75b7 100644
--- a/src/libutil/include/nix/util/signals.hh
+++ b/src/libutil/include/nix/util/signals.hh
@@ -26,6 +26,11 @@ static inline bool getInterrupted();
*/
void setInterruptThrown();
+/**
+ * @note Does nothing on Windows
+ */
+static inline bool isInterrupted();
+
/**
* @note Does nothing on Windows
*/
diff --git a/src/libutil/include/nix/util/source-accessor.hh b/src/libutil/include/nix/util/source-accessor.hh
index 3a28b2c2b43..90e39207b0e 100644
--- a/src/libutil/include/nix/util/source-accessor.hh
+++ b/src/libutil/include/nix/util/source-accessor.hh
@@ -118,7 +118,7 @@ struct SourceAccessor : std::enable_shared_from_this
std::string typeString();
};
- Stat lstat(const CanonPath & path);
+ virtual Stat lstat(const CanonPath & path);
virtual std::optional maybeLstat(const CanonPath & path) = 0;
@@ -214,8 +214,6 @@ ref getFSSourceAccessor();
*/
ref makeFSSourceAccessor(std::filesystem::path root);
-ref makeMountedSourceAccessor(std::map> mounts);
-
/**
* Construct an accessor that presents a "union" view of a vector of
* underlying accessors. Earlier accessors take precedence over later.
diff --git a/src/libutil/include/nix/util/unix-domain-socket.hh b/src/libutil/include/nix/util/unix-domain-socket.hh
index 704999ec1d8..ae98e9923b6 100644
--- a/src/libutil/include/nix/util/unix-domain-socket.hh
+++ b/src/libutil/include/nix/util/unix-domain-socket.hh
@@ -80,4 +80,9 @@ void bind(Socket fd, const std::string & path);
*/
void connect(Socket fd, const std::string & path);
+/**
+ * Connect to a Unix domain socket.
+ */
+AutoCloseFD connect(const std::filesystem::path & path);
+
}
diff --git a/src/libutil/logging.cc b/src/libutil/logging.cc
index b26694d2d49..7aad5de2c49 100644
--- a/src/libutil/logging.cc
+++ b/src/libutil/logging.cc
@@ -6,6 +6,8 @@
#include "nix/util/config-global.hh"
#include "nix/util/source-path.hh"
#include "nix/util/position.hh"
+#include "nix/util/sync.hh"
+#include "nix/util/unix-domain-socket.hh"
#include
#include
@@ -181,8 +183,12 @@ void to_json(nlohmann::json & json, std::shared_ptr pos)
struct JSONLogger : Logger {
Descriptor fd;
+ bool includeNixPrefix;
- JSONLogger(Descriptor fd) : fd(fd) { }
+ JSONLogger(Descriptor fd, bool includeNixPrefix)
+ : fd(fd)
+ , includeNixPrefix(includeNixPrefix)
+ { }
bool isVerbose() override {
return true;
@@ -201,9 +207,33 @@ struct JSONLogger : Logger {
unreachable();
}
+ struct State
+ {
+ bool enabled = true;
+ };
+
+ Sync _state;
+
void write(const nlohmann::json & json)
{
- writeLine(fd, "@nix " + json.dump(-1, ' ', false, nlohmann::json::error_handler_t::replace));
+ auto line =
+ (includeNixPrefix ? "@nix " : "") +
+ json.dump(-1, ' ', false, nlohmann::json::error_handler_t::replace);
+
+ /* Acquire a lock to prevent log messages from clobbering each
+ other. */
+ try {
+ auto state(_state.lock());
+ if (state->enabled)
+ writeLine(fd, line);
+ } catch (...) {
+ bool enabled = false;
+ std::swap(_state.lock()->enabled, enabled);
+ if (enabled) {
+ ignoreExceptionExceptInterrupt();
+ logger->warn("disabling JSON logger due to write errors");
+ }
+ }
}
void log(Verbosity lvl, std::string_view s) override
@@ -273,11 +303,61 @@ struct JSONLogger : Logger {
addFields(json, fields);
write(json);
}
+
+ void result(ActivityId act, ResultType type, const nlohmann::json & j) override
+ {
+ nlohmann::json json;
+ json["action"] = "result";
+ json["id"] = act;
+ json["type"] = type;
+ json["payload"] = j;
+ write(json);
+ }
};
-std::unique_ptr makeJSONLogger(Descriptor fd)
+std::unique_ptr makeJSONLogger(Descriptor fd, bool includeNixPrefix)
+{
+ return std::make_unique(fd, includeNixPrefix);
+}
+
+std::unique_ptr makeJSONLogger(const std::filesystem::path & path, bool includeNixPrefix)
{
- return std::make_unique(fd);
+ struct JSONFileLogger : JSONLogger {
+ AutoCloseFD fd;
+
+ JSONFileLogger(AutoCloseFD && fd, bool includeNixPrefix)
+ : JSONLogger(fd.get(), includeNixPrefix)
+ , fd(std::move(fd))
+ { }
+ };
+
+ AutoCloseFD fd =
+ std::filesystem::is_socket(path)
+ ? connect(path)
+ : toDescriptor(open(path.c_str(), O_CREAT | O_APPEND | O_WRONLY, 0644));
+ if (!fd)
+ throw SysError("opening log file %1%", path);
+
+ return std::make_unique(std::move(fd), includeNixPrefix);
+}
+
+void applyJSONLogger()
+{
+ if (!loggerSettings.jsonLogPath.get().empty()) {
+ try {
+ std::vector> loggers;
+ loggers.push_back(makeJSONLogger(std::filesystem::path(loggerSettings.jsonLogPath.get()), false));
+ try {
+ logger = makeTeeLogger(std::move(logger), std::move(loggers));
+ } catch (...) {
+ // `logger` is now gone so give up.
+ abort();
+ }
+ } catch (...) {
+ ignoreExceptionExceptInterrupt();
+ }
+
+ }
}
static Logger::Fields getFields(nlohmann::json & json)
diff --git a/src/libutil/meson.build b/src/libutil/meson.build
index 2a07e4a9117..9ecbdcd06c7 100644
--- a/src/libutil/meson.build
+++ b/src/libutil/meson.build
@@ -145,6 +145,7 @@ sources = [config_priv_h] + files(
'strings.cc',
'suggestions.cc',
'tarfile.cc',
+ 'tee-logger.cc',
'terminal.cc',
'thread-pool.cc',
'union-source-accessor.cc',
diff --git a/src/libutil/mounted-source-accessor.cc b/src/libutil/mounted-source-accessor.cc
index b7de2afbf03..89063b10f1f 100644
--- a/src/libutil/mounted-source-accessor.cc
+++ b/src/libutil/mounted-source-accessor.cc
@@ -1,12 +1,12 @@
-#include "nix/util/source-accessor.hh"
+#include "nix/util/mounted-source-accessor.hh"
namespace nix {
-struct MountedSourceAccessor : SourceAccessor
+struct MountedSourceAccessorImpl : MountedSourceAccessor
{
std::map> mounts;
- MountedSourceAccessor(std::map> _mounts)
+ MountedSourceAccessorImpl(std::map> _mounts)
: mounts(std::move(_mounts))
{
displayPrefix.clear();
@@ -23,6 +23,12 @@ struct MountedSourceAccessor : SourceAccessor
return accessor->readFile(subpath);
}
+ Stat lstat(const CanonPath & path) override
+ {
+ auto [accessor, subpath] = resolve(path);
+ return accessor->lstat(subpath);
+ }
+
std::optional maybeLstat(const CanonPath & path) override
{
auto [accessor, subpath] = resolve(path);
@@ -69,11 +75,17 @@ struct MountedSourceAccessor : SourceAccessor
auto [accessor, subpath] = resolve(path);
return accessor->getPhysicalPath(subpath);
}
+
+ void mount(CanonPath mountPoint, ref accessor) override
+ {
+ // FIXME: thread-safety
+ mounts.insert_or_assign(std::move(mountPoint), accessor);
+ }
};
-ref makeMountedSourceAccessor(std::map> mounts)
+ref makeMountedSourceAccessor(std::map> mounts)
{
- return make_ref(std::move(mounts));
+ return make_ref(std::move(mounts));
}
}
diff --git a/src/libutil/package.nix b/src/libutil/package.nix
index 17c84ff1850..5bbbbfd963d 100644
--- a/src/libutil/package.nix
+++ b/src/libutil/package.nix
@@ -22,7 +22,7 @@ let
in
mkMesonLibrary (finalAttrs: {
- pname = "nix-util";
+ pname = "determinate-nix-util";
inherit version;
workDir = ./.;
diff --git a/src/libutil/tee-logger.cc b/src/libutil/tee-logger.cc
new file mode 100644
index 00000000000..c539ae5d1a2
--- /dev/null
+++ b/src/libutil/tee-logger.cc
@@ -0,0 +1,113 @@
+#include "nix/util/logging.hh"
+
+namespace nix {
+
+struct TeeLogger : Logger
+{
+ std::vector> loggers;
+
+ TeeLogger(std::vector> && loggers)
+ : loggers(std::move(loggers))
+ {
+ }
+
+ void stop() override
+ {
+ for (auto & logger : loggers)
+ logger->stop();
+ };
+
+ void pause() override
+ {
+ for (auto & logger : loggers)
+ logger->pause();
+ };
+
+ void resume() override
+ {
+ for (auto & logger : loggers)
+ logger->resume();
+ };
+
+ void log(Verbosity lvl, std::string_view s) override
+ {
+ for (auto & logger : loggers)
+ logger->log(lvl, s);
+ }
+
+ void logEI(const ErrorInfo & ei) override
+ {
+ for (auto & logger : loggers)
+ logger->logEI(ei);
+ }
+
+ void startActivity(
+ ActivityId act,
+ Verbosity lvl,
+ ActivityType type,
+ const std::string & s,
+ const Fields & fields,
+ ActivityId parent) override
+ {
+ for (auto & logger : loggers)
+ logger->startActivity(act, lvl, type, s, fields, parent);
+ }
+
+ void stopActivity(ActivityId act) override
+ {
+ for (auto & logger : loggers)
+ logger->stopActivity(act);
+ }
+
+ void result(ActivityId act, ResultType type, const Fields & fields) override
+ {
+ for (auto & logger : loggers)
+ logger->result(act, type, fields);
+ }
+
+ void result(ActivityId act, ResultType type, const nlohmann::json & json) override
+ {
+ for (auto & logger : loggers)
+ logger->result(act, type, json);
+ }
+
+ void writeToStdout(std::string_view s) override
+ {
+ for (auto & logger : loggers) {
+ /* Let only the first logger write to stdout to avoid
+ duplication. This means that the first logger needs to
+ be the one managing stdout/stderr
+ (e.g. `ProgressBar`). */
+ logger->writeToStdout(s);
+ break;
+ }
+ }
+
+ std::optional ask(std::string_view s) override
+ {
+ for (auto & logger : loggers) {
+ auto c = logger->ask(s);
+ if (c)
+ return c;
+ }
+ return std::nullopt;
+ }
+
+ void setPrintBuildLogs(bool printBuildLogs) override
+ {
+ for (auto & logger : loggers)
+ logger->setPrintBuildLogs(printBuildLogs);
+ }
+};
+
+std::unique_ptr
+makeTeeLogger(std::unique_ptr mainLogger, std::vector> && extraLoggers)
+{
+ std::vector> allLoggers;
+ allLoggers.push_back(std::move(mainLogger));
+ for (auto & l : extraLoggers)
+ allLoggers.push_back(std::move(l));
+ return std::make_unique(std::move(allLoggers));
+}
+
+}
diff --git a/src/libutil/unix-domain-socket.cc b/src/libutil/unix-domain-socket.cc
index 8722c8f0557..0e8c21d668f 100644
--- a/src/libutil/unix-domain-socket.cc
+++ b/src/libutil/unix-domain-socket.cc
@@ -114,4 +114,11 @@ void connect(Socket fd, const std::string & path)
bindConnectProcHelper("connect", ::connect, fd, path);
}
+AutoCloseFD connect(const std::filesystem::path & path)
+{
+ auto fd = createUnixDomainSocket();
+ nix::connect(toSocket(fd.get()), path);
+ return fd;
+}
+
}
diff --git a/src/libutil/unix/include/nix/util/signals-impl.hh b/src/libutil/unix/include/nix/util/signals-impl.hh
index ffa96734409..7397744b2ae 100644
--- a/src/libutil/unix/include/nix/util/signals-impl.hh
+++ b/src/libutil/unix/include/nix/util/signals-impl.hh
@@ -85,17 +85,22 @@ static inline bool getInterrupted()
return unix::_isInterrupted;
}
+static inline bool isInterrupted()
+{
+ using namespace unix;
+ return _isInterrupted || (interruptCheck && interruptCheck());
+}
+
/**
* Throw `Interrupted` exception if the process has been interrupted.
*
* Call this in long-running loops and between slow operations to terminate
* them as needed.
*/
-void inline checkInterrupt()
+inline void checkInterrupt()
{
- using namespace unix;
- if (_isInterrupted || (interruptCheck && interruptCheck()))
- _interrupted();
+ if (isInterrupted())
+ unix::_interrupted();
}
/**
diff --git a/src/libutil/windows/include/nix/util/signals-impl.hh b/src/libutil/windows/include/nix/util/signals-impl.hh
index 043f39100ac..f716ffd1a68 100644
--- a/src/libutil/windows/include/nix/util/signals-impl.hh
+++ b/src/libutil/windows/include/nix/util/signals-impl.hh
@@ -22,7 +22,12 @@ inline void setInterruptThrown()
/* Do nothing for now */
}
-void inline checkInterrupt()
+static inline bool isInterrupted()
+{
+ /* Do nothing for now */
+}
+
+inline void checkInterrupt()
{
/* Do nothing for now */
}
diff --git a/src/nix-channel/nix-channel.cc b/src/nix-channel/nix-channel.cc
index c0baa4aa2a4..a6ca6f711c1 100644
--- a/src/nix-channel/nix-channel.cc
+++ b/src/nix-channel/nix-channel.cc
@@ -164,6 +164,11 @@ static void update(const StringSet & channelNames)
static int main_nix_channel(int argc, char ** argv)
{
+ warn(
+ "nix-channel is deprecated in favor of flakes in Determinate Nix. \
+For a guide on Nix flakes, see: https://zero-to-nix.com/. \
+For details and to offer feedback on the deprecation process, see: https://github.com/DeterminateSystems/nix-src/issues/34.");
+
{
// Figure out the name of the `.nix-channels' file to use
auto home = getHome();
diff --git a/src/nix/build.cc b/src/nix/build.cc
index 7cd3c7fbeb4..8db831240b8 100644
--- a/src/nix/build.cc
+++ b/src/nix/build.cc
@@ -55,7 +55,7 @@ struct CmdBuild : InstallablesCommand, MixDryRun, MixJSON, MixProfile
.description = "Use *path* as prefix for the symlinks to the build results. It defaults to `result`.",
.labels = {"path"},
.handler = {&outLink},
- .completer = completePath
+ .completer = completePath,
});
addFlag({
diff --git a/src/nix/bundle.cc b/src/nix/bundle.cc
index 30b3003e7e6..c334469b5ad 100644
--- a/src/nix/bundle.cc
+++ b/src/nix/bundle.cc
@@ -24,7 +24,7 @@ struct CmdBundle : InstallableValueCommand
.handler = {&bundler},
.completer = {[&](AddCompletions & completions, size_t, std::string_view prefix) {
completeFlakeRef(completions, getStore(), prefix);
- }}
+ }},
});
addFlag({
@@ -33,7 +33,7 @@ struct CmdBundle : InstallableValueCommand
.description = "Override the name of the symlink to the build result. It defaults to the base name of the app.",
.labels = {"path"},
.handler = {&outLink},
- .completer = completePath
+ .completer = completePath,
});
}
diff --git a/src/nix/copy.cc b/src/nix/copy.cc
index 0702215fdf6..013f2a7e393 100644
--- a/src/nix/copy.cc
+++ b/src/nix/copy.cc
@@ -21,7 +21,7 @@ struct CmdCopy : virtual CopyCommand, virtual BuiltPathsCommand, MixProfile
.description = "Create symlinks prefixed with *path* to the top-level store paths fetched from the source store.",
.labels = {"path"},
.handler = {&outLink},
- .completer = completePath
+ .completer = completePath,
});
addFlag({
diff --git a/src/nix/derivation-show.cc b/src/nix/derivation-show.cc
index 050144ccf8b..86755c3e81d 100644
--- a/src/nix/derivation-show.cc
+++ b/src/nix/derivation-show.cc
@@ -21,7 +21,7 @@ struct CmdShowDerivation : InstallablesCommand
.longName = "recursive",
.shortName = 'r',
.description = "Include the dependencies of the specified derivations.",
- .handler = {&recursive, true}
+ .handler = {&recursive, true},
});
}
diff --git a/src/nix/develop.cc b/src/nix/develop.cc
index e88134a78a5..02947ff4181 100644
--- a/src/nix/develop.cc
+++ b/src/nix/develop.cc
@@ -1,5 +1,6 @@
#include "nix/util/config-global.hh"
#include "nix/expr/eval.hh"
+#include "nix/fetchers/fetch-settings.hh"
#include "nix/cmd/installable-flake.hh"
#include "nix/cmd/command-installable-value.hh"
#include "nix/main/common-args.hh"
@@ -334,7 +335,7 @@ struct Common : InstallableCommand, MixProfile
.labels = {"installable", "outputs-dir"},
.handler = {[&](std::string installable, std::string outputsDir) {
redirects.push_back({installable, outputsDir});
- }}
+ }},
});
}
@@ -524,7 +525,7 @@ struct CmdDevelop : Common, MixEnvironment
.handler = {[&](std::vector ss) {
if (ss.empty()) throw UsageError("--command requires at least one argument");
command = ss;
- }}
+ }},
});
addFlag({
@@ -583,6 +584,11 @@ struct CmdDevelop : Common, MixEnvironment
;
}
+ void preRun(ref store) override
+ {
+ fetchSettings.warnDirty = false;
+ }
+
void run(ref store, ref installable) override
{
auto [buildEnvironment, gcroot] = getBuildEnvironment(store, installable);
diff --git a/src/nix/env.cc b/src/nix/env.cc
index 4b00dbc7c93..f6b12f21c02 100644
--- a/src/nix/env.cc
+++ b/src/nix/env.cc
@@ -38,16 +38,17 @@ struct CmdShell : InstallablesCommand, MixEnvironment
CmdShell()
{
- addFlag(
- {.longName = "command",
- .shortName = 'c',
- .description = "Command and arguments to be executed, defaulting to `$SHELL`",
- .labels = {"command", "args"},
- .handler = {[&](std::vector ss) {
- if (ss.empty())
- throw UsageError("--command requires at least one argument");
- command = ss;
- }}});
+ addFlag({
+ .longName = "command",
+ .shortName = 'c',
+ .description = "Command and arguments to be executed, defaulting to `$SHELL`",
+ .labels = {"command", "args"},
+ .handler = {[&](std::vector ss) {
+ if (ss.empty())
+ throw UsageError("--command requires at least one argument");
+ command = ss;
+ }},
+ });
}
std::string description() override
diff --git a/src/nix/flake.cc b/src/nix/flake.cc
index a7b6000e7fb..6df025e356d 100644
--- a/src/nix/flake.cc
+++ b/src/nix/flake.cc
@@ -90,7 +90,7 @@ struct CmdFlakeUpdate : FlakeCommand
.handler={&flakeUrl},
.completer = {[&](AddCompletions & completions, size_t, std::string_view prefix) {
completeFlakeRef(completions, getStore(), prefix);
- }}
+ }},
});
expectArgs({
.label="inputs",
@@ -111,7 +111,7 @@ struct CmdFlakeUpdate : FlakeCommand
}},
.completer = {[&](AddCompletions & completions, size_t, std::string_view prefix) {
completeFlakeInputAttrPath(completions, getEvalState(), getFlakeRefsForCompletion(), prefix);
- }}
+ }},
});
/* Remove flags that don't make sense. */
@@ -336,12 +336,12 @@ struct CmdFlakeCheck : FlakeCommand
addFlag({
.longName = "no-build",
.description = "Do not build checks.",
- .handler = {&build, false}
+ .handler = {&build, false},
});
addFlag({
.longName = "all-systems",
.description = "Check the outputs for all systems.",
- .handler = {&checkAllSystems, true}
+ .handler = {&checkAllSystems, true},
});
}
@@ -637,7 +637,7 @@ struct CmdFlakeCheck : FlakeCommand
if (name == "checks") {
state->forceAttrs(vOutput, pos, "");
for (auto & attr : *vOutput.attrs()) {
- std::string_view attr_name = state->symbols[attr.name];
+ const auto & attr_name = state->symbols[attr.name];
checkSystemName(attr_name, attr.pos);
if (checkSystemType(attr_name, attr.pos)) {
state->forceAttrs(*attr.value, attr.pos, "");
@@ -874,7 +874,7 @@ struct CmdFlakeInitCommon : virtual Args, EvalCommand
defaultTemplateAttrPathsPrefixes,
defaultTemplateAttrPaths,
prefix);
- }}
+ }},
});
}
@@ -1034,7 +1034,7 @@ struct CmdFlakeClone : FlakeCommand
.shortName = 'f',
.description = "Clone the flake to path *dest*.",
.labels = {"path"},
- .handler = {&destDir}
+ .handler = {&destDir},
});
}
@@ -1057,7 +1057,7 @@ struct CmdFlakeArchive : FlakeCommand, MixJSON, MixDryRun
.longName = "to",
.description = "URI of the destination Nix store",
.labels = {"store-uri"},
- .handler = {&dstUri}
+ .handler = {&dstUri},
});
}
@@ -1095,7 +1095,7 @@ struct CmdFlakeArchive : FlakeCommand, MixJSON, MixDryRun
storePath =
dryRun
? (*inputNode)->lockedRef.input.computeStorePath(*store)
- : (*inputNode)->lockedRef.input.fetchToStore(store).first;
+ : std::get<0>((*inputNode)->lockedRef.input.fetchToStore(store));
sources.insert(*storePath);
}
if (json) {
@@ -1137,12 +1137,12 @@ struct CmdFlakeShow : FlakeCommand, MixJSON
addFlag({
.longName = "legacy",
.description = "Show the contents of the `legacyPackages` output.",
- .handler = {&showLegacy, true}
+ .handler = {&showLegacy, true},
});
addFlag({
.longName = "all-systems",
.description = "Show the contents of outputs for all systems.",
- .handler = {&showAllSystems, true}
+ .handler = {&showAllSystems, true},
});
}
@@ -1443,7 +1443,7 @@ struct CmdFlakePrefetch : FlakeCommand, MixJSON
.description = "Create symlink named *path* to the resulting store path.",
.labels = {"path"},
.handler = {&outLink},
- .completer = completePath
+ .completer = completePath,
});
}
@@ -1522,12 +1522,6 @@ struct CmdFlake : NixMultiCommand
#include "flake.md"
;
}
-
- void run() override
- {
- experimentalFeatureSettings.require(Xp::Flakes);
- NixMultiCommand::run();
- }
};
static auto rCmdFlake = registerCommand("flake");
diff --git a/src/nix/main.cc b/src/nix/main.cc
index a2c9dcf68da..098d461a31e 100644
--- a/src/nix/main.cc
+++ b/src/nix/main.cc
@@ -5,6 +5,7 @@
#include "nix/expr/eval.hh"
#include "nix/expr/eval-settings.hh"
#include "nix/store/globals.hh"
+#include "nix/util/config-global.hh"
#include "nix/cmd/legacy.hh"
#include "nix/main/shared.hh"
#include "nix/store/store-api.hh"
@@ -50,19 +51,6 @@ void chrootHelper(int argc, char * * argv);
namespace nix {
-enum struct AliasStatus {
- /** Aliases that don't go away */
- AcceptedShorthand,
- /** Aliases that will go away */
- Deprecated,
-};
-
-/** An alias, except for the original syntax, which is in the map key. */
-struct AliasInfo {
- AliasStatus status;
- std::vector replacement;
-};
-
/* Check if we have a non-loopback/link-local network interface. */
static bool haveInternet()
{
@@ -127,7 +115,6 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs, virtual RootArgs
.description = "Print full build logs on standard error.",
.category = loggingCategory,
.handler = {[&]() { logger->setPrintBuildLogs(true); }},
- .experimentalFeature = Xp::NixCommand,
});
addFlag({
@@ -143,7 +130,6 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs, virtual RootArgs
.description = "Disable substituters and consider all previously downloaded files up-to-date.",
.category = miscCategory,
.handler = {[&]() { useNet = false; }},
- .experimentalFeature = Xp::NixCommand,
});
addFlag({
@@ -151,56 +137,35 @@ struct NixArgs : virtual MultiCommand, virtual MixCommonArgs, virtual RootArgs
.description = "Consider all previously downloaded files out-of-date.",
.category = miscCategory,
.handler = {[&]() { refresh = true; }},
- .experimentalFeature = Xp::NixCommand,
});
- }
- std::map aliases = {
- {"add-to-store", { AliasStatus::Deprecated, {"store", "add-path"}}},
- {"cat-nar", { AliasStatus::Deprecated, {"nar", "cat"}}},
- {"cat-store", { AliasStatus::Deprecated, {"store", "cat"}}},
- {"copy-sigs", { AliasStatus::Deprecated, {"store", "copy-sigs"}}},
- {"dev-shell", { AliasStatus::Deprecated, {"develop"}}},
- {"diff-closures", { AliasStatus::Deprecated, {"store", "diff-closures"}}},
- {"dump-path", { AliasStatus::Deprecated, {"store", "dump-path"}}},
- {"hash-file", { AliasStatus::Deprecated, {"hash", "file"}}},
- {"hash-path", { AliasStatus::Deprecated, {"hash", "path"}}},
- {"ls-nar", { AliasStatus::Deprecated, {"nar", "ls"}}},
- {"ls-store", { AliasStatus::Deprecated, {"store", "ls"}}},
- {"make-content-addressable", { AliasStatus::Deprecated, {"store", "make-content-addressed"}}},
- {"optimise-store", { AliasStatus::Deprecated, {"store", "optimise"}}},
- {"ping-store", { AliasStatus::Deprecated, {"store", "info"}}},
- {"sign-paths", { AliasStatus::Deprecated, {"store", "sign"}}},
- {"shell", { AliasStatus::AcceptedShorthand, {"env", "shell"}}},
- {"show-derivation", { AliasStatus::Deprecated, {"derivation", "show"}}},
- {"show-config", { AliasStatus::Deprecated, {"config", "show"}}},
- {"to-base16", { AliasStatus::Deprecated, {"hash", "to-base16"}}},
- {"to-base32", { AliasStatus::Deprecated, {"hash", "to-base32"}}},
- {"to-base64", { AliasStatus::Deprecated, {"hash", "to-base64"}}},
- {"verify", { AliasStatus::Deprecated, {"store", "verify"}}},
- {"doctor", { AliasStatus::Deprecated, {"config", "check"}}},
+ aliases = {
+ {"add-to-store", { AliasStatus::Deprecated, {"store", "add-path"}}},
+ {"cat-nar", { AliasStatus::Deprecated, {"nar", "cat"}}},
+ {"cat-store", { AliasStatus::Deprecated, {"store", "cat"}}},
+ {"copy-sigs", { AliasStatus::Deprecated, {"store", "copy-sigs"}}},
+ {"dev-shell", { AliasStatus::Deprecated, {"develop"}}},
+ {"diff-closures", { AliasStatus::Deprecated, {"store", "diff-closures"}}},
+ {"dump-path", { AliasStatus::Deprecated, {"store", "dump-path"}}},
+ {"hash-file", { AliasStatus::Deprecated, {"hash", "file"}}},
+ {"hash-path", { AliasStatus::Deprecated, {"hash", "path"}}},
+ {"ls-nar", { AliasStatus::Deprecated, {"nar", "ls"}}},
+ {"ls-store", { AliasStatus::Deprecated, {"store", "ls"}}},
+ {"make-content-addressable", { AliasStatus::Deprecated, {"store", "make-content-addressed"}}},
+ {"optimise-store", { AliasStatus::Deprecated, {"store", "optimise"}}},
+ {"ping-store", { AliasStatus::Deprecated, {"store", "info"}}},
+ {"sign-paths", { AliasStatus::Deprecated, {"store", "sign"}}},
+ {"shell", { AliasStatus::AcceptedShorthand, {"env", "shell"}}},
+ {"show-derivation", { AliasStatus::Deprecated, {"derivation", "show"}}},
+ {"show-config", { AliasStatus::Deprecated, {"config", "show"}}},
+ {"to-base16", { AliasStatus::Deprecated, {"hash", "to-base16"}}},
+ {"to-base32", { AliasStatus::Deprecated, {"hash", "to-base32"}}},
+ {"to-base64", { AliasStatus::Deprecated, {"hash", "to-base64"}}},
+ {"verify", { AliasStatus::Deprecated, {"store", "verify"}}},
+ {"doctor", { AliasStatus::Deprecated, {"config", "check"}}},
+ };
};
- bool aliasUsed = false;
-
- Strings::iterator rewriteArgs(Strings & args, Strings::iterator pos) override
- {
- if (aliasUsed || command || pos == args.end()) return pos;
- auto arg = *pos;
- auto i = aliases.find(arg);
- if (i == aliases.end()) return pos;
- auto & info = i->second;
- if (info.status == AliasStatus::Deprecated) {
- warn("'%s' is a deprecated alias for '%s'",
- arg, concatStringsSep(" ", info.replacement));
- }
- pos = args.erase(pos);
- for (auto j = info.replacement.rbegin(); j != info.replacement.rend(); ++j)
- pos = args.insert(pos, *j);
- aliasUsed = true;
- return pos;
- }
-
std::string description() override
{
return "a tool for reproducible and declarative configuration management";
@@ -431,7 +396,6 @@ void mainWrapped(int argc, char * * argv)
if (argc == 2 && std::string(argv[1]) == "__dump-language") {
experimentalFeatureSettings.experimentalFeatures = {
- Xp::Flakes,
Xp::FetchClosure,
Xp::DynamicDerivations,
Xp::FetchTree,
@@ -493,6 +457,8 @@ void mainWrapped(int argc, char * * argv)
if (!args.helpRequested && !args.completions) throw;
}
+ applyJSONLogger();
+
if (args.helpRequested) {
std::vector subcommand;
MultiCommand * command = &args;
diff --git a/src/nix/meson.build b/src/nix/meson.build
index 3cb45f1f56d..90102133034 100644
--- a/src/nix/meson.build
+++ b/src/nix/meson.build
@@ -7,7 +7,7 @@ project('nix', 'cpp',
'errorlogs=true', # Please print logs for tests that fail
'localstatedir=/nix/var',
],
- meson_version : '>= 1.1',
+ meson_version : '>= 1.4',
license : 'LGPL-2.1-or-later',
)
diff --git a/src/nix/nix.md b/src/nix/nix.md
index b88bd9a949a..add98907d95 100644
--- a/src/nix/nix.md
+++ b/src/nix/nix.md
@@ -48,11 +48,6 @@ manual](https://nixos.org/manual/nix/stable/).
# Installables
-> **Warning** \
-> Installables are part of the unstable
-> [`nix-command` experimental feature](@docroot@/development/experimental-features.md#xp-feature-nix-command),
-> and subject to change without notice.
-
Many `nix` subcommands operate on one or more *installables*.
These are command line arguments that represent something that can be realised in the Nix store.
@@ -72,13 +67,6 @@ That is, Nix will operate on the default flake output attribute of the flake in
### Flake output attribute
-> **Warning** \
-> Flake output attribute installables depend on both the
-> [`flakes`](@docroot@/development/experimental-features.md#xp-feature-flakes)
-> and
-> [`nix-command`](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-> experimental features, and subject to change without notice.
-
Example: `nixpkgs#hello`
These have the form *flakeref*[`#`*attrpath*], where *flakeref* is a
diff --git a/src/nix/prefetch.cc b/src/nix/prefetch.cc
index 397134b0304..4495a148994 100644
--- a/src/nix/prefetch.cc
+++ b/src/nix/prefetch.cc
@@ -275,7 +275,7 @@ struct CmdStorePrefetchFile : StoreCommand, MixJSON
.longName = "name",
.description = "Override the name component of the resulting store path. It defaults to the base name of *url*.",
.labels = {"name"},
- .handler = {&name}
+ .handler = {&name},
});
addFlag({
@@ -284,7 +284,7 @@ struct CmdStorePrefetchFile : StoreCommand, MixJSON
.labels = {"hash"},
.handler = {[&](std::string s) {
expectedHash = Hash::parseAny(s, hashAlgo);
- }}
+ }},
});
addFlag(flag::hashAlgo("hash-type", &hashAlgo));
diff --git a/src/nix/profile-add.md b/src/nix/profile-add.md
new file mode 100644
index 00000000000..0bb65d8e696
--- /dev/null
+++ b/src/nix/profile-add.md
@@ -0,0 +1,37 @@
+R""(
+
+# Examples
+
+- Add a package from Nixpkgs:
+
+ ```console
+ # nix profile add nixpkgs#hello
+ ```
+
+- Add a package from a specific branch of Nixpkgs:
+
+ ```console
+ # nix profile add nixpkgs/release-20.09#hello
+ ```
+
+- Add a package from a specific revision of Nixpkgs:
+
+ ```console
+ # nix profile add nixpkgs/d73407e8e6002646acfdef0e39ace088bacc83da#hello
+ ```
+
+- Add a specific output of a package:
+
+ ```console
+ # nix profile add nixpkgs#bash^man
+ ```
+
+# Description
+
+This command adds [_installables_](./nix.md#installables) to a Nix profile.
+
+> **Note**
+>
+> `nix profile install` is an alias for `nix profile add` in Determinate Nix.
+
+)""
diff --git a/src/nix/profile-install.md b/src/nix/profile-install.md
deleted file mode 100644
index 4c0f82c09e5..00000000000
--- a/src/nix/profile-install.md
+++ /dev/null
@@ -1,34 +0,0 @@
-R""(
-
-# Examples
-
-* Install a package from Nixpkgs:
-
- ```console
- # nix profile install nixpkgs#hello
- ```
-
-* Install a package from a specific branch of Nixpkgs:
-
- ```console
- # nix profile install nixpkgs/release-20.09#hello
- ```
-
-* Install a package from a specific revision of Nixpkgs:
-
- ```console
- # nix profile install nixpkgs/d73407e8e6002646acfdef0e39ace088bacc83da#hello
- ```
-
-* Install a specific output of a package:
-
- ```console
- # nix profile install nixpkgs#bash^man
- ```
-
-
-# Description
-
-This command adds [*installables*](./nix.md#installables) to a Nix profile.
-
-)""
diff --git a/src/nix/profile.cc b/src/nix/profile.cc
index 1a129d0c530..13ab0f659fe 100644
--- a/src/nix/profile.cc
+++ b/src/nix/profile.cc
@@ -338,14 +338,14 @@ builtPathsPerInstallable(
return res;
}
-struct CmdProfileInstall : InstallablesCommand, MixDefaultProfile
+struct CmdProfileAdd : InstallablesCommand, MixDefaultProfile
{
std::optional priority;
- CmdProfileInstall() {
+ CmdProfileAdd() {
addFlag({
.longName = "priority",
- .description = "The priority of the package to install.",
+ .description = "The priority of the package to add.",
.labels = {"priority"},
.handler = {&priority},
});
@@ -353,13 +353,13 @@ struct CmdProfileInstall : InstallablesCommand, MixDefaultProfile
std::string description() override
{
- return "install a package into a profile";
+ return "add a package to a profile";
}
std::string doc() override
{
return
- #include "profile-install.md"
+ #include "profile-add.md"
;
}
@@ -415,7 +415,7 @@ struct CmdProfileInstall : InstallablesCommand, MixDefaultProfile
&& existingSource->originalRef == elementSource->originalRef
&& existingSource->attrPath == elementSource->attrPath
) {
- warn("'%s' is already installed", elementName);
+ warn("'%s' is already added", elementName);
continue;
}
}
@@ -462,15 +462,15 @@ struct CmdProfileInstall : InstallablesCommand, MixDefaultProfile
"\n"
" nix profile remove %3%\n"
"\n"
- "The new package can also be installed next to the existing one by assigning a different priority.\n"
+ "The new package can also be added next to the existing one by assigning a different priority.\n"
"The conflicting packages have a priority of %5%.\n"
"To prioritise the new package:\n"
"\n"
- " nix profile install %4% --priority %6%\n"
+ " nix profile add %4% --priority %6%\n"
"\n"
"To prioritise the existing package:\n"
"\n"
- " nix profile install %4% --priority %7%\n",
+ " nix profile add %4% --priority %7%\n",
originalConflictingFilePath,
newConflictingFilePath,
originalEntryName,
@@ -708,16 +708,14 @@ struct CmdProfileUpgrade : virtual SourceExprCommand, MixDefaultProfile, MixProf
if (!element.source) {
warn(
- "Found package '%s', but it was not installed from a flake, so it can't be checked for upgrades!",
- element.identifier()
- );
+ "Found package '%s', but it was not added from a flake, so it can't be checked for upgrades!",
+ element.identifier());
continue;
}
if (element.source->originalRef.input.isLocked()) {
warn(
- "Found package '%s', but it was installed from a locked flake reference so it can't be upgraded!",
- element.identifier()
- );
+ "Found package '%s', but it was added from a locked flake reference so it can't be upgraded!",
+ element.identifier());
continue;
}
@@ -787,7 +785,7 @@ struct CmdProfileList : virtual EvalCommand, virtual StoreCommand, MixDefaultPro
{
std::string description() override
{
- return "list installed packages";
+ return "list packages in the profile";
}
std::string doc() override
@@ -978,7 +976,7 @@ struct CmdProfile : NixMultiCommand
: NixMultiCommand(
"profile",
{
- {"install", []() { return make_ref(); }},
+ {"add", []() { return make_ref(); }},
{"remove", []() { return make_ref(); }},
{"upgrade", []() { return make_ref(); }},
{"list", []() { return make_ref(); }},
@@ -987,7 +985,11 @@ struct CmdProfile : NixMultiCommand
{"rollback", []() { return make_ref(); }},
{"wipe-history", []() { return make_ref(); }},
})
- { }
+ {
+ aliases = {
+ {"install", { AliasStatus::Deprecated, {"add"}}},
+ };
+ }
std::string description() override
{
diff --git a/src/nix/repl.md b/src/nix/repl.md
index 32c08e24b24..e608dabf6f9 100644
--- a/src/nix/repl.md
+++ b/src/nix/repl.md
@@ -36,7 +36,7 @@ R""(
Loading Installable ''...
Added 1 variables.
- # nix repl --extra-experimental-features 'flakes' nixpkgs
+ # nix repl nixpkgs
Loading Installable 'flake:nixpkgs#'...
Added 5 variables.
diff --git a/src/nix/sigs.cc b/src/nix/sigs.cc
index 87d0e1edbfb..9ef54a414a5 100644
--- a/src/nix/sigs.cc
+++ b/src/nix/sigs.cc
@@ -104,7 +104,7 @@ struct CmdSign : StorePathsCommand
.description = "File containing the secret signing key.",
.labels = {"file"},
.handler = {&secretKeyFile},
- .completer = completePath
+ .completer = completePath,
});
}
diff --git a/src/nix/store-delete.cc b/src/nix/store-delete.cc
index f71a56bc7b0..fae960c9013 100644
--- a/src/nix/store-delete.cc
+++ b/src/nix/store-delete.cc
@@ -16,7 +16,7 @@ struct CmdStoreDelete : StorePathsCommand
addFlag({
.longName = "ignore-liveness",
.description = "Do not check whether the paths are reachable from a root.",
- .handler = {&options.ignoreLiveness, true}
+ .handler = {&options.ignoreLiveness, true},
});
}
diff --git a/src/nix/store-gc.cc b/src/nix/store-gc.cc
index e6a303874f4..c71e89233b9 100644
--- a/src/nix/store-gc.cc
+++ b/src/nix/store-gc.cc
@@ -17,7 +17,7 @@ struct CmdStoreGC : StoreCommand, MixDryRun
.longName = "max",
.description = "Stop after freeing *n* bytes of disk space.",
.labels = {"n"},
- .handler = {&options.maxFreed}
+ .handler = {&options.maxFreed},
});
}
diff --git a/src/nix/store-info.cc b/src/nix/store-info.cc
index 8b4ac9b308f..9402e82281a 100644
--- a/src/nix/store-info.cc
+++ b/src/nix/store-info.cc
@@ -7,7 +7,7 @@
using namespace nix;
-struct CmdPingStore : StoreCommand, MixJSON
+struct CmdInfoStore : StoreCommand, MixJSON
{
std::string description() override
{
@@ -46,15 +46,4 @@ struct CmdPingStore : StoreCommand, MixJSON
}
};
-struct CmdInfoStore : CmdPingStore
-{
- void run(nix::ref store) override
- {
- warn("'nix store ping' is a deprecated alias for 'nix store info'");
- CmdPingStore::run(store);
- }
-};
-
-
-static auto rCmdPingStore = registerCommand2({"store", "info"});
-static auto rCmdInfoStore = registerCommand2({"store", "ping"});
+static auto rCmdInfoStore = registerCommand2({"store", "info"});
diff --git a/src/nix/store.cc b/src/nix/store.cc
index b40b6d06847..80f9363cade 100644
--- a/src/nix/store.cc
+++ b/src/nix/store.cc
@@ -5,7 +5,11 @@ using namespace nix;
struct CmdStore : NixMultiCommand
{
CmdStore() : NixMultiCommand("store", RegisterCommand::getCommandsFor({"store"}))
- { }
+ {
+ aliases = {
+ {"ping", { AliasStatus::Deprecated, {"info"}}},
+ };
+ }
std::string description() override
{
diff --git a/src/nix/upgrade-nix.cc b/src/nix/upgrade-nix.cc
index c0a6e68276d..64824110460 100644
--- a/src/nix/upgrade-nix.cc
+++ b/src/nix/upgrade-nix.cc
@@ -23,14 +23,14 @@ struct CmdUpgradeNix : MixDryRun, StoreCommand
.shortName = 'p',
.description = "The path to the Nix profile to upgrade.",
.labels = {"profile-dir"},
- .handler = {&profileDir}
+ .handler = {&profileDir},
});
addFlag({
.longName = "nix-store-paths-url",
.description = "The URL of the file that contains the store paths of the latest Nix release.",
.labels = {"url"},
- .handler = {&(std::string&) settings.upgradeNixStorePathUrl}
+ .handler = {&(std::string&) settings.upgradeNixStorePathUrl},
});
}
diff --git a/src/nix/verify.cc b/src/nix/verify.cc
index 734387ee7e0..ff81d78b6d1 100644
--- a/src/nix/verify.cc
+++ b/src/nix/verify.cc
@@ -37,7 +37,7 @@ struct CmdVerify : StorePathsCommand
.shortName = 's',
.description = "Use signatures from the specified store.",
.labels = {"store-uri"},
- .handler = {[&](std::string s) { substituterUris.push_back(s); }}
+ .handler = {[&](std::string s) { substituterUris.push_back(s); }},
});
addFlag({
@@ -45,7 +45,7 @@ struct CmdVerify : StorePathsCommand
.shortName = 'n',
.description = "Require that each path is signed by at least *n* different keys.",
.labels = {"n"},
- .handler = {&sigsNeeded}
+ .handler = {&sigsNeeded},
});
}
diff --git a/src/perl/package.nix b/src/perl/package.nix
index 5841570cd09..f7e81b66a23 100644
--- a/src/perl/package.nix
+++ b/src/perl/package.nix
@@ -18,7 +18,7 @@ in
perl.pkgs.toPerlModule (
mkMesonDerivation (finalAttrs: {
- pname = "nix-perl";
+ pname = "determinate-nix-perl";
inherit version;
workDir = ./.;
diff --git a/tests/functional/build-remote-content-addressed-floating.sh b/tests/functional/build-remote-content-addressed-floating.sh
index 33d667f9211..37091590573 100755
--- a/tests/functional/build-remote-content-addressed-floating.sh
+++ b/tests/functional/build-remote-content-addressed-floating.sh
@@ -6,6 +6,6 @@ file=build-hook-ca-floating.nix
enableFeatures "ca-derivations"
-CONTENT_ADDRESSED=true
+NIX_TESTS_CA_BY_DEFAULT=true
source build-remote.sh
diff --git a/tests/functional/build-remote.sh b/tests/functional/build-remote.sh
index 3231341cbf6..62cc8588840 100644
--- a/tests/functional/build-remote.sh
+++ b/tests/functional/build-remote.sh
@@ -13,7 +13,7 @@ unset NIX_STATE_DIR
function join_by { local d=$1; shift; echo -n "$1"; shift; printf "%s" "${@/#/$d}"; }
EXTRA_SYSTEM_FEATURES=()
-if [[ -n "${CONTENT_ADDRESSED-}" ]]; then
+if [[ -n "${NIX_TESTS_CA_BY_DEFAULT-}" ]]; then
EXTRA_SYSTEM_FEATURES=("ca-derivations")
fi
diff --git a/tests/functional/ca/derivation-advanced-attributes.sh b/tests/functional/ca/derivation-advanced-attributes.sh
new file mode 100755
index 00000000000..b70463e5c48
--- /dev/null
+++ b/tests/functional/ca/derivation-advanced-attributes.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+export NIX_TESTS_CA_BY_DEFAULT=1
+
+cd ..
+source derivation-advanced-attributes.sh
diff --git a/tests/functional/ca/derivation-json.sh b/tests/functional/ca/derivation-json.sh
index 0b8bcac0cc8..2103707a2e8 100644
--- a/tests/functional/ca/derivation-json.sh
+++ b/tests/functional/ca/derivation-json.sh
@@ -19,7 +19,7 @@ drvPath3=$(nix derivation add --dry-run < "$TEST_HOME"/foo.json)
[[ ! -e "$drvPath3" ]]
# But the JSON is rejected without the experimental feature
-expectStderr 1 nix derivation add < "$TEST_HOME"/foo.json --experimental-features nix-command | grepQuiet "experimental Nix feature 'ca-derivations' is disabled"
+expectStderr 1 nix derivation add < "$TEST_HOME"/foo.json --experimental-features '' | grepQuiet "experimental Nix feature 'ca-derivations' is disabled"
# Without --dry-run it is actually written
drvPath4=$(nix derivation add < "$TEST_HOME"/foo.json)
diff --git a/tests/functional/ca/meson.build b/tests/functional/ca/meson.build
index 7a7fcc5cf6f..a4611ca4200 100644
--- a/tests/functional/ca/meson.build
+++ b/tests/functional/ca/meson.build
@@ -8,10 +8,11 @@ suites += {
'name': 'ca',
'deps': [],
'tests': [
+ 'build-cache.sh',
'build-with-garbage-path.sh',
'build.sh',
- 'build-cache.sh',
'concurrent-builds.sh',
+ 'derivation-advanced-attributes.sh',
'derivation-json.sh',
'duplicate-realisation-in-closure.sh',
'eval-store.sh',
diff --git a/tests/functional/ca/nix-shell.sh b/tests/functional/ca/nix-shell.sh
index d1fbe54d19d..7b30b2ac858 100755
--- a/tests/functional/ca/nix-shell.sh
+++ b/tests/functional/ca/nix-shell.sh
@@ -2,6 +2,6 @@
source common.sh
-CONTENT_ADDRESSED=true
+NIX_TESTS_CA_BY_DEFAULT=true
cd ..
source ./nix-shell.sh
diff --git a/tests/functional/ca/selfref-gc.sh b/tests/functional/ca/selfref-gc.sh
index 24877889459..a730bdab694 100755
--- a/tests/functional/ca/selfref-gc.sh
+++ b/tests/functional/ca/selfref-gc.sh
@@ -4,7 +4,7 @@ source common.sh
requireDaemonNewerThan "2.4pre20210626"
-enableFeatures "ca-derivations nix-command flakes"
+enableFeatures "ca-derivations"
export NIX_TESTS_CA_BY_DEFAULT=1
cd ..
diff --git a/tests/functional/common/functions.sh b/tests/functional/common/functions.sh
index 1b2ec8fe0e8..fd59385762d 100644
--- a/tests/functional/common/functions.sh
+++ b/tests/functional/common/functions.sh
@@ -73,6 +73,7 @@ startDaemon() {
fi
# Start the daemon, wait for the socket to appear.
rm -f "$NIX_DAEMON_SOCKET_PATH"
+ # TODO: remove the nix-command feature when we're no longer testing against old daemons.
PATH=$DAEMON_PATH nix --extra-experimental-features 'nix-command' daemon &
_NIX_TEST_DAEMON_PID=$!
export _NIX_TEST_DAEMON_PID
@@ -132,11 +133,11 @@ restartDaemon() {
}
isDaemonNewer () {
- [[ -n "${NIX_DAEMON_PACKAGE:-}" ]] || return 0
- local requiredVersion="$1"
- local daemonVersion
- daemonVersion=$("$NIX_DAEMON_PACKAGE/bin/nix" daemon --version | cut -d' ' -f3)
- [[ $(nix eval --expr "builtins.compareVersions ''$daemonVersion'' ''$requiredVersion''") -ge 0 ]]
+ [[ -n "${NIX_DAEMON_PACKAGE:-}" ]] || return 0
+ local requiredVersion="$1"
+ local daemonVersion
+ daemonVersion=$("$NIX_DAEMON_PACKAGE/bin/nix" daemon --version | sed 's/.*) //')
+ [[ $(nix eval --expr "builtins.compareVersions ''$daemonVersion'' ''$requiredVersion''") -ge 0 ]]
}
skipTest () {
diff --git a/tests/functional/common/init.sh b/tests/functional/common/init.sh
index 66b44c76f69..6e9bffec56d 100755
--- a/tests/functional/common/init.sh
+++ b/tests/functional/common/init.sh
@@ -12,7 +12,7 @@ if isTestOnNixOS; then
! test -e "$test_nix_conf"
cat > "$test_nix_conf" < "$NIX_CONF_DIR"/nix.conf < "$NIX_CONF_DIR"/nix.conf.extra < $out"],[("__json","{\"__darwinAllowLocalNetworking\":true,\"__impureHostDeps\":[\"/usr/bin/ditto\"],\"__noChroot\":true,\"__sandboxProfile\":\"sandcastle\",\"allowSubstitutes\":false,\"builder\":\"/bin/bash\",\"impureEnvVars\":[\"UNICORN\"],\"name\":\"advanced-attributes-structured-attrs\",\"outputChecks\":{\"bin\":{\"disallowedReferences\":[\"/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar\"],\"disallowedRequisites\":[\"/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar\"]},\"dev\":{\"maxClosureSize\":5909,\"maxSize\":789},\"out\":{\"allowedReferences\":[\"/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo\"],\"allowedRequisites\":[\"/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo\"]}},\"outputs\":[\"out\",\"bin\",\"dev\"],\"preferLocalBuild\":true,\"requiredSystemFeatures\":[\"rainbow\",\"uid-range\"],\"system\":\"my-system\"}"),("bin","/nix/store/pbzb48v0ycf80jgligcp4n8z0rblna4n-advanced-attributes-structured-attrs-bin"),("dev","/nix/store/7xapi8jv7flcz1qq8jhw55ar8ag8hldh-advanced-attributes-structured-attrs-dev"),("out","/nix/store/mpq3l1l1qc2yr50q520g08kprprwv79f-advanced-attributes-structured-attrs")])
\ No newline at end of file
diff --git a/tests/functional/derivation/advanced-attributes-structured-attrs.nix b/tests/functional/derivation/advanced-attributes-structured-attrs.nix
index 4c596be45e9..27d9e7cf938 100644
--- a/tests/functional/derivation/advanced-attributes-structured-attrs.nix
+++ b/tests/functional/derivation/advanced-attributes-structured-attrs.nix
@@ -1,6 +1,21 @@
+{ contentAddress }:
+
let
+ caArgs =
+ if contentAddress then
+ {
+ __contentAddressed = true;
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ }
+ else
+ { };
+
+ derivation' = args: derivation (caArgs // args);
+
system = "my-system";
- foo = derivation {
+
+ foo = derivation' {
inherit system;
name = "foo";
builder = "/bin/bash";
@@ -8,8 +23,13 @@ let
"-c"
"echo foo > $out"
];
+ outputs = [
+ "out"
+ "dev"
+ ];
};
- bar = derivation {
+
+ bar = derivation' {
inherit system;
name = "bar";
builder = "/bin/bash";
@@ -17,9 +37,14 @@ let
"-c"
"echo bar > $out"
];
+ outputs = [
+ "out"
+ "dev"
+ ];
};
+
in
-derivation {
+derivation' {
inherit system;
name = "advanced-attributes-structured-attrs";
builder = "/bin/bash";
@@ -41,11 +66,11 @@ derivation {
outputChecks = {
out = {
allowedReferences = [ foo ];
- allowedRequisites = [ foo ];
+ allowedRequisites = [ foo.dev ];
};
bin = {
disallowedReferences = [ bar ];
- disallowedRequisites = [ bar ];
+ disallowedRequisites = [ bar.dev ];
};
dev = {
maxSize = 789;
diff --git a/tests/functional/derivation/advanced-attributes.drv b/tests/functional/derivation/advanced-attributes.drv
deleted file mode 100644
index ec3112ab2b1..00000000000
--- a/tests/functional/derivation/advanced-attributes.drv
+++ /dev/null
@@ -1 +0,0 @@
-Derive([("out","/nix/store/33a6fdmn8q9ih9d7npbnrxn2q56a4l8q-advanced-attributes","","")],[("/nix/store/4xm4wccqsvagz9gjksn24s7rip2fdy7v-foo.drv",["out"]),("/nix/store/plsq5jbr5nhgqwcgb2qxw7jchc09dnl8-bar.drv",["out"])],[],"my-system","/bin/bash",["-c","echo hello > $out"],[("__darwinAllowLocalNetworking","1"),("__impureHostDeps","/usr/bin/ditto"),("__noChroot","1"),("__sandboxProfile","sandcastle"),("allowSubstitutes",""),("allowedReferences","/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo"),("allowedRequisites","/nix/store/3c08bzb71z4wiag719ipjxr277653ynp-foo"),("builder","/bin/bash"),("disallowedReferences","/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar"),("disallowedRequisites","/nix/store/7rhsm8i393hm1wcsmph782awg1hi2f7x-bar"),("impureEnvVars","UNICORN"),("name","advanced-attributes"),("out","/nix/store/33a6fdmn8q9ih9d7npbnrxn2q56a4l8q-advanced-attributes"),("preferLocalBuild","1"),("requiredSystemFeatures","rainbow uid-range"),("system","my-system")])
\ No newline at end of file
diff --git a/tests/functional/derivation/advanced-attributes.nix b/tests/functional/derivation/advanced-attributes.nix
index 7f365ce65e2..e988e0a70c1 100644
--- a/tests/functional/derivation/advanced-attributes.nix
+++ b/tests/functional/derivation/advanced-attributes.nix
@@ -1,6 +1,21 @@
+{ contentAddress }:
+
let
+ caArgs =
+ if contentAddress then
+ {
+ __contentAddressed = true;
+ outputHashMode = "recursive";
+ outputHashAlgo = "sha256";
+ }
+ else
+ { };
+
+ derivation' = args: derivation (caArgs // args);
+
system = "my-system";
- foo = derivation {
+
+ foo = derivation' {
inherit system;
name = "foo";
builder = "/bin/bash";
@@ -8,8 +23,13 @@ let
"-c"
"echo foo > $out"
];
+ outputs = [
+ "out"
+ "dev"
+ ];
};
- bar = derivation {
+
+ bar = derivation' {
inherit system;
name = "bar";
builder = "/bin/bash";
@@ -17,9 +37,14 @@ let
"-c"
"echo bar > $out"
];
+ outputs = [
+ "out"
+ "dev"
+ ];
};
+
in
-derivation {
+derivation' {
inherit system;
name = "advanced-attributes";
builder = "/bin/bash";
@@ -33,9 +58,9 @@ derivation {
impureEnvVars = [ "UNICORN" ];
__darwinAllowLocalNetworking = true;
allowedReferences = [ foo ];
- allowedRequisites = [ foo ];
+ allowedRequisites = [ foo.dev ];
disallowedReferences = [ bar ];
- disallowedRequisites = [ bar ];
+ disallowedRequisites = [ bar.dev ];
requiredSystemFeatures = [
"rainbow"
"uid-range"
diff --git a/tests/functional/derivation/ca/advanced-attributes-defaults.drv b/tests/functional/derivation/ca/advanced-attributes-defaults.drv
new file mode 100644
index 00000000000..2c81609639b
--- /dev/null
+++ b/tests/functional/derivation/ca/advanced-attributes-defaults.drv
@@ -0,0 +1 @@
+Derive([("out","","r:sha256","")],[],[],"my-system","/bin/bash",["-c","echo hello > $out"],[("builder","/bin/bash"),("name","advanced-attributes-defaults"),("out","/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9"),("outputHashAlgo","sha256"),("outputHashMode","recursive"),("system","my-system")])
\ No newline at end of file
diff --git a/tests/functional/derivation/ca/advanced-attributes-structured-attrs-defaults.drv b/tests/functional/derivation/ca/advanced-attributes-structured-attrs-defaults.drv
new file mode 100644
index 00000000000..bf56e05d600
--- /dev/null
+++ b/tests/functional/derivation/ca/advanced-attributes-structured-attrs-defaults.drv
@@ -0,0 +1 @@
+Derive([("dev","","r:sha256",""),("out","","r:sha256","")],[],[],"my-system","/bin/bash",["-c","echo hello > $out"],[("__json","{\"builder\":\"/bin/bash\",\"name\":\"advanced-attributes-structured-attrs-defaults\",\"outputHashAlgo\":\"sha256\",\"outputHashMode\":\"recursive\",\"outputs\":[\"out\",\"dev\"],\"system\":\"my-system\"}"),("dev","/02qcpld1y6xhs5gz9bchpxaw0xdhmsp5dv88lh25r2ss44kh8dxz"),("out","/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9")])
\ No newline at end of file
diff --git a/tests/functional/derivation/ca/advanced-attributes-structured-attrs.drv b/tests/functional/derivation/ca/advanced-attributes-structured-attrs.drv
new file mode 100644
index 00000000000..a81e74d4195
--- /dev/null
+++ b/tests/functional/derivation/ca/advanced-attributes-structured-attrs.drv
@@ -0,0 +1 @@
+Derive([("bin","","r:sha256",""),("dev","","r:sha256",""),("out","","r:sha256","")],[("/nix/store/j56sf12rxpcv5swr14vsjn5cwm6bj03h-foo.drv",["dev","out"]),("/nix/store/qnml92yh97a6fbrs2m5qg5cqlc8vni58-bar.drv",["dev","out"])],[],"my-system","/bin/bash",["-c","echo hello > $out"],[("__json","{\"__darwinAllowLocalNetworking\":true,\"__impureHostDeps\":[\"/usr/bin/ditto\"],\"__noChroot\":true,\"__sandboxProfile\":\"sandcastle\",\"allowSubstitutes\":false,\"builder\":\"/bin/bash\",\"impureEnvVars\":[\"UNICORN\"],\"name\":\"advanced-attributes-structured-attrs\",\"outputChecks\":{\"bin\":{\"disallowedReferences\":[\"/0nyw57wm2iicnm9rglvjmbci3ikmcp823czdqdzdcgsnnwqps71g\"],\"disallowedRequisites\":[\"/07f301yqyz8c6wf6bbbavb2q39j4n8kmcly1s09xadyhgy6x2wr8\"]},\"dev\":{\"maxClosureSize\":5909,\"maxSize\":789},\"out\":{\"allowedReferences\":[\"/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9\"],\"allowedRequisites\":[\"/0nr45p69vn6izw9446wsh9bng9nndhvn19kpsm4n96a5mycw0s4z\"]}},\"outputHashAlgo\":\"sha256\",\"outputHashMode\":\"recursive\",\"outputs\":[\"out\",\"bin\",\"dev\"],\"preferLocalBuild\":true,\"requiredSystemFeatures\":[\"rainbow\",\"uid-range\"],\"system\":\"my-system\"}"),("bin","/04f3da1kmbr67m3gzxikmsl4vjz5zf777sv6m14ahv22r65aac9m"),("dev","/02qcpld1y6xhs5gz9bchpxaw0xdhmsp5dv88lh25r2ss44kh8dxz"),("out","/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9")])
\ No newline at end of file
diff --git a/tests/functional/derivation/ca/advanced-attributes.drv b/tests/functional/derivation/ca/advanced-attributes.drv
new file mode 100644
index 00000000000..dded6c62086
--- /dev/null
+++ b/tests/functional/derivation/ca/advanced-attributes.drv
@@ -0,0 +1 @@
+Derive([("out","","r:sha256","")],[("/nix/store/j56sf12rxpcv5swr14vsjn5cwm6bj03h-foo.drv",["dev","out"]),("/nix/store/qnml92yh97a6fbrs2m5qg5cqlc8vni58-bar.drv",["dev","out"])],[],"my-system","/bin/bash",["-c","echo hello > $out"],[("__darwinAllowLocalNetworking","1"),("__impureHostDeps","/usr/bin/ditto"),("__noChroot","1"),("__sandboxProfile","sandcastle"),("allowSubstitutes",""),("allowedReferences","/164j69y6zir9z0339n8pjigg3rckinlr77bxsavzizdaaljb7nh9"),("allowedRequisites","/0nr45p69vn6izw9446wsh9bng9nndhvn19kpsm4n96a5mycw0s4z"),("builder","/bin/bash"),("disallowedReferences","/0nyw57wm2iicnm9rglvjmbci3ikmcp823czdqdzdcgsnnwqps71g"),("disallowedRequisites","/07f301yqyz8c6wf6bbbavb2q39j4n8kmcly1s09xadyhgy6x2wr8"),("impureEnvVars","UNICORN"),("name","advanced-attributes"),("out","/1rz4g4znpzjwh1xymhjpm42vipw92pr73vdgl6xs1hycac8kf2n9"),("outputHashAlgo","sha256"),("outputHashMode","recursive"),("preferLocalBuild","1"),("requiredSystemFeatures","rainbow uid-range"),("system","my-system")])
\ No newline at end of file
diff --git a/tests/functional/derivation/advanced-attributes-defaults.drv b/tests/functional/derivation/ia/advanced-attributes-defaults.drv
similarity index 100%
rename from tests/functional/derivation/advanced-attributes-defaults.drv
rename to tests/functional/derivation/ia/advanced-attributes-defaults.drv
diff --git a/tests/functional/derivation/advanced-attributes-structured-attrs-defaults.drv b/tests/functional/derivation/ia/advanced-attributes-structured-attrs-defaults.drv
similarity index 100%
rename from tests/functional/derivation/advanced-attributes-structured-attrs-defaults.drv
rename to tests/functional/derivation/ia/advanced-attributes-structured-attrs-defaults.drv
diff --git a/tests/functional/derivation/ia/advanced-attributes-structured-attrs.drv b/tests/functional/derivation/ia/advanced-attributes-structured-attrs.drv
new file mode 100644
index 00000000000..1560bca6645
--- /dev/null
+++ b/tests/functional/derivation/ia/advanced-attributes-structured-attrs.drv
@@ -0,0 +1 @@
+Derive([("bin","/nix/store/qjjj3zrlimpjbkk686m052b3ks9iz2sl-advanced-attributes-structured-attrs-bin","",""),("dev","/nix/store/lpz5grl48v93pdadavyg5is1rqvfdipf-advanced-attributes-structured-attrs-dev","",""),("out","/nix/store/nzvz1bmh1g89a5dkpqcqan0av7q3hgv3-advanced-attributes-structured-attrs","","")],[("/nix/store/afc3vbjbzql750v2lp8gxgaxsajphzih-foo.drv",["dev","out"]),("/nix/store/vj2i49jm2868j2fmqvxm70vlzmzvgv14-bar.drv",["dev","out"])],[],"my-system","/bin/bash",["-c","echo hello > $out"],[("__json","{\"__darwinAllowLocalNetworking\":true,\"__impureHostDeps\":[\"/usr/bin/ditto\"],\"__noChroot\":true,\"__sandboxProfile\":\"sandcastle\",\"allowSubstitutes\":false,\"builder\":\"/bin/bash\",\"impureEnvVars\":[\"UNICORN\"],\"name\":\"advanced-attributes-structured-attrs\",\"outputChecks\":{\"bin\":{\"disallowedReferences\":[\"/nix/store/r5cff30838majxk5mp3ip2diffi8vpaj-bar\"],\"disallowedRequisites\":[\"/nix/store/9b61w26b4avv870dw0ymb6rw4r1hzpws-bar-dev\"]},\"dev\":{\"maxClosureSize\":5909,\"maxSize\":789},\"out\":{\"allowedReferences\":[\"/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo\"],\"allowedRequisites\":[\"/nix/store/z0rjzy29v9k5qa4nqpykrbzirj7sd43v-foo-dev\"]}},\"outputs\":[\"out\",\"bin\",\"dev\"],\"preferLocalBuild\":true,\"requiredSystemFeatures\":[\"rainbow\",\"uid-range\"],\"system\":\"my-system\"}"),("bin","/nix/store/qjjj3zrlimpjbkk686m052b3ks9iz2sl-advanced-attributes-structured-attrs-bin"),("dev","/nix/store/lpz5grl48v93pdadavyg5is1rqvfdipf-advanced-attributes-structured-attrs-dev"),("out","/nix/store/nzvz1bmh1g89a5dkpqcqan0av7q3hgv3-advanced-attributes-structured-attrs")])
\ No newline at end of file
diff --git a/tests/functional/derivation/ia/advanced-attributes.drv b/tests/functional/derivation/ia/advanced-attributes.drv
new file mode 100644
index 00000000000..2c5d5a6929c
--- /dev/null
+++ b/tests/functional/derivation/ia/advanced-attributes.drv
@@ -0,0 +1 @@
+Derive([("out","/nix/store/swkj0mrq0cq3dfli95v4am0427mi2hxf-advanced-attributes","","")],[("/nix/store/afc3vbjbzql750v2lp8gxgaxsajphzih-foo.drv",["dev","out"]),("/nix/store/vj2i49jm2868j2fmqvxm70vlzmzvgv14-bar.drv",["dev","out"])],[],"my-system","/bin/bash",["-c","echo hello > $out"],[("__darwinAllowLocalNetworking","1"),("__impureHostDeps","/usr/bin/ditto"),("__noChroot","1"),("__sandboxProfile","sandcastle"),("allowSubstitutes",""),("allowedReferences","/nix/store/p0hax2lzvjpfc2gwkk62xdglz0fcqfzn-foo"),("allowedRequisites","/nix/store/z0rjzy29v9k5qa4nqpykrbzirj7sd43v-foo-dev"),("builder","/bin/bash"),("disallowedReferences","/nix/store/r5cff30838majxk5mp3ip2diffi8vpaj-bar"),("disallowedRequisites","/nix/store/9b61w26b4avv870dw0ymb6rw4r1hzpws-bar-dev"),("impureEnvVars","UNICORN"),("name","advanced-attributes"),("out","/nix/store/swkj0mrq0cq3dfli95v4am0427mi2hxf-advanced-attributes"),("preferLocalBuild","1"),("requiredSystemFeatures","rainbow uid-range"),("system","my-system")])
\ No newline at end of file
diff --git a/tests/functional/dyn-drv/eval-outputOf.sh b/tests/functional/dyn-drv/eval-outputOf.sh
index 3681bd09889..82aa04ca241 100644
--- a/tests/functional/dyn-drv/eval-outputOf.sh
+++ b/tests/functional/dyn-drv/eval-outputOf.sh
@@ -3,7 +3,7 @@
source ./common.sh
# Without the dynamic-derivations XP feature, we don't have the builtin.
-nix --experimental-features 'nix-command' eval --impure --expr \
+nix --experimental-features '' eval --impure --expr \
'assert ! (builtins ? outputOf); ""'
# Test that a string is required.
@@ -12,14 +12,14 @@ nix --experimental-features 'nix-command' eval --impure --expr \
# object that could be coerced to a string. We might liberalise this in
# the future so it does work, but there are some design questions to
# resolve first. Adding a test so we don't liberalise it by accident.
-expectStderr 1 nix --experimental-features 'nix-command dynamic-derivations' eval --impure --expr \
+expectStderr 1 nix --experimental-features 'dynamic-derivations' eval --impure --expr \
'builtins.outputOf (import ../dependencies.nix {}) "out"' \
| grepQuiet "expected a string but found a set"
# Test that "DrvDeep" string contexts are not supported at this time
#
# Like the above, this is a restriction we could relax later.
-expectStderr 1 nix --experimental-features 'nix-command dynamic-derivations' eval --impure --expr \
+expectStderr 1 nix --experimental-features 'dynamic-derivations' eval --impure --expr \
'builtins.outputOf (import ../dependencies.nix {}).drvPath "out"' \
| grepQuiet "has a context which refers to a complete source and binary closure. This is not supported at this time"
diff --git a/tests/functional/dyn-drv/recursive-mod-json.nix b/tests/functional/dyn-drv/recursive-mod-json.nix
index 2d46e4e2e02..2a7a1ec1a81 100644
--- a/tests/functional/dyn-drv/recursive-mod-json.nix
+++ b/tests/functional/dyn-drv/recursive-mod-json.nix
@@ -13,7 +13,7 @@ mkDerivation rec {
drv = builtins.unsafeDiscardOutputDependency (import ./text-hashed-output.nix).hello.drvPath;
buildCommand = ''
- export NIX_CONFIG='experimental-features = nix-command ca-derivations'
+ export NIX_CONFIG='experimental-features = ca-derivations'
PATH=${builtins.getEnv "EXTRA_PATH"}:$PATH
diff --git a/tests/functional/experimental-features.sh b/tests/functional/experimental-features.sh
index d7216992d4e..43514e2295a 100755
--- a/tests/functional/experimental-features.sh
+++ b/tests/functional/experimental-features.sh
@@ -11,12 +11,12 @@ source common.sh
# # With flakes, flake options should show up
#
# function grep_both_ways {
-# nix --experimental-features 'nix-command' "$@" | grepQuietInverse flake
-# nix --experimental-features 'nix-command flakes' "$@" | grepQuiet flake
+# nix --experimental-features '' "$@" | grepQuietInverse flake
+# nix --experimental-features '' "$@" | grepQuiet flake
#
# # Also, the order should not matter
-# nix "$@" --experimental-features 'nix-command' | grepQuietInverse flake
-# nix "$@" --experimental-features 'nix-command flakes' | grepQuiet flake
+# nix "$@" --experimental-features '' | grepQuietInverse flake
+# nix "$@" --experimental-features '' | grepQuiet flake
# }
#
# # Simple case, the configuration effects the running command
@@ -29,62 +29,53 @@ source common.sh
# with a warning if the experimental feature is not enabled. The order of the
# `setting = value` lines in the configuration should not matter.
-# 'flakes' experimental-feature is disabled before, ignore and warn
-NIX_CONFIG='
- experimental-features = nix-command
- accept-flake-config = true
-' expect 1 nix config show accept-flake-config 1>"$TEST_ROOT"/stdout 2>"$TEST_ROOT"/stderr
+xpFeature=auto-allocate-uids
+gatedSetting=auto-allocate-uids
+
+# Experimental feature is disabled before, ignore and warn.
+NIX_CONFIG="
+ experimental-features =
+ $gatedSetting = true
+" expect 1 nix config show $gatedSetting 1>"$TEST_ROOT"/stdout 2>"$TEST_ROOT"/stderr
[[ $(cat "$TEST_ROOT/stdout") = '' ]]
-grepQuiet "Ignoring setting 'accept-flake-config' because experimental feature 'flakes' is not enabled" "$TEST_ROOT/stderr"
-grepQuiet "error: could not find setting 'accept-flake-config'" "$TEST_ROOT/stderr"
+grepQuiet "error: could not find setting '$gatedSetting'" "$TEST_ROOT/stderr"
-# 'flakes' experimental-feature is disabled after, ignore and warn
-NIX_CONFIG='
- accept-flake-config = true
- experimental-features = nix-command
-' expect 1 nix config show accept-flake-config 1>"$TEST_ROOT"/stdout 2>"$TEST_ROOT"/stderr
+# Experimental feature is disabled after, ignore and warn.
+NIX_CONFIG="
+ $gatedSetting = true
+ experimental-features =
+" expect 1 nix config show $gatedSetting 1>"$TEST_ROOT"/stdout 2>"$TEST_ROOT"/stderr
[[ $(cat "$TEST_ROOT/stdout") = '' ]]
-grepQuiet "Ignoring setting 'accept-flake-config' because experimental feature 'flakes' is not enabled" "$TEST_ROOT/stderr"
-grepQuiet "error: could not find setting 'accept-flake-config'" "$TEST_ROOT/stderr"
+grepQuiet "error: could not find setting '$gatedSetting'" "$TEST_ROOT/stderr"
-# 'flakes' experimental-feature is enabled before, process
-NIX_CONFIG='
- experimental-features = nix-command flakes
- accept-flake-config = true
-' nix config show accept-flake-config 1>"$TEST_ROOT"/stdout 2>"$TEST_ROOT"/stderr
+# Experimental feature is enabled before, process.
+NIX_CONFIG="
+ experimental-features = $xpFeature
+ $gatedSetting = true
+" nix config show $gatedSetting 1>"$TEST_ROOT"/stdout 2>"$TEST_ROOT"/stderr
grepQuiet "true" "$TEST_ROOT/stdout"
-grepQuietInverse "Ignoring setting 'accept-flake-config'" "$TEST_ROOT/stderr"
-# 'flakes' experimental-feature is enabled after, process
-NIX_CONFIG='
- accept-flake-config = true
- experimental-features = nix-command flakes
-' nix config show accept-flake-config 1>"$TEST_ROOT"/stdout 2>"$TEST_ROOT"/stderr
+# Experimental feature is enabled after, process.
+NIX_CONFIG="
+ $gatedSetting = true
+ experimental-features = $xpFeature
+" nix config show $gatedSetting 1>"$TEST_ROOT"/stdout 2>"$TEST_ROOT"/stderr
grepQuiet "true" "$TEST_ROOT/stdout"
-grepQuietInverse "Ignoring setting 'accept-flake-config'" "$TEST_ROOT/stderr"
+grepQuietInverse "Ignoring setting '$gatedSetting'" "$TEST_ROOT/stderr"
function exit_code_both_ways {
- expect 1 nix --experimental-features 'nix-command' "$@" 1>/dev/null
- nix --experimental-features 'nix-command flakes' "$@" 1>/dev/null
+ expect 1 nix --experimental-features '' "$@" 1>/dev/null
+ nix --experimental-features "$xpFeature" "$@" 1>/dev/null
# Also, the order should not matter
- expect 1 nix "$@" --experimental-features 'nix-command' 1>/dev/null
- nix "$@" --experimental-features 'nix-command flakes' 1>/dev/null
+ expect 1 nix "$@" --experimental-features '' 1>/dev/null
+ nix "$@" --experimental-features "$xpFeature" 1>/dev/null
}
-exit_code_both_ways show-config --flake-registry 'https://no'
+exit_code_both_ways config show --auto-allocate-uids
# Double check these are stable
nix --experimental-features '' --help 1>/dev/null
nix --experimental-features '' doctor --help 1>/dev/null
nix --experimental-features '' repl --help 1>/dev/null
nix --experimental-features '' upgrade-nix --help 1>/dev/null
-
-# These 3 arguments are currently given to all commands, which is wrong (as not
-# all care). To deal with fixing later, we simply make them require the
-# nix-command experimental features --- it so happens that the commands we wish
-# stabilizing to do not need them anyways.
-for arg in '--print-build-logs' '--offline' '--refresh'; do
- nix --experimental-features 'nix-command' "$arg" --help 1>/dev/null
- expect 1 nix --experimental-features '' "$arg" --help 1>/dev/null
-done
diff --git a/tests/functional/flakes/flakes.sh b/tests/functional/flakes/flakes.sh
index d8c9f254d15..b67a0964aef 100755
--- a/tests/functional/flakes/flakes.sh
+++ b/tests/functional/flakes/flakes.sh
@@ -220,6 +220,13 @@ nix store gc
nix registry list --flake-registry "file://$registry" --refresh | grepQuiet flake3
mv "$registry.tmp" "$registry"
+# Ensure that locking ignores the user registry.
+mkdir -p "$TEST_HOME/.config/nix"
+ln -sfn "$registry" "$TEST_HOME/.config/nix/registry.json"
+nix flake metadata flake1
+expectStderr 1 nix flake update --flake-registry '' --flake "$flake3Dir" | grepQuiet "cannot find flake 'flake:flake1' in the flake registries"
+rm "$TEST_HOME/.config/nix/registry.json"
+
# Test whether flakes are registered as GC roots for offline use.
# FIXME: use tarballs rather than git.
rm -rf "$TEST_HOME/.cache"
diff --git a/tests/functional/flakes/meson.build b/tests/functional/flakes/meson.build
index b8c650db403..368c43876e5 100644
--- a/tests/functional/flakes/meson.build
+++ b/tests/functional/flakes/meson.build
@@ -28,6 +28,7 @@ suites += {
'commit-lock-file-summary.sh',
'non-flake-inputs.sh',
'relative-paths.sh',
+ 'relative-paths-lockfile.sh',
'symlink-paths.sh',
'debugger.sh',
'source-paths.sh',
diff --git a/tests/functional/flakes/relative-paths-lockfile.sh b/tests/functional/flakes/relative-paths-lockfile.sh
new file mode 100644
index 00000000000..d91aedd16cd
--- /dev/null
+++ b/tests/functional/flakes/relative-paths-lockfile.sh
@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+source ./common.sh
+
+requireGit
+
+# Test a "vendored" subflake dependency. This is a relative path flake
+# which doesn't reference the root flake and has its own lock file.
+#
+# This might occur in a monorepo for example. The root flake.lock is
+# populated from the dependency's flake.lock.
+
+rootFlake="$TEST_ROOT/flake1"
+subflake="$rootFlake/sub"
+depFlakeA="$TEST_ROOT/depFlakeA"
+depFlakeB="$TEST_ROOT/depFlakeB"
+
+rm -rf "$rootFlake"
+mkdir -p "$rootFlake" "$subflake" "$depFlakeA" "$depFlakeB"
+
+cat > "$depFlakeA/flake.nix" < "$depFlakeB/flake.nix" < "$subflake/flake.nix" < "$rootFlake/flake.nix" <flake.nix
+ cat >example/flake.nix < "$repo/flake.nix" < "$repo/foo"
+
+expectStderr 1 nix eval "$repo#z" | grepQuiet "error: Path 'foo' in the repository \"$repo\" is not tracked by Git."
+expectStderr 1 nix eval "$repo#a" | grepQuiet "error: Path 'foo' in the repository \"$repo\" is not tracked by Git."
+
+git -C "$repo" add "$repo/foo"
+
+[[ $(nix eval --raw "$repo#z") = 123 ]]
+
+expectStderr 1 nix eval "$repo#b" | grepQuiet "error: Path 'dir' does not exist in Git repository \"$repo\"."
+
+mkdir -p "$repo/dir"
+echo 456 > "$repo/dir/default.nix"
+
+expectStderr 1 nix eval "$repo#b" | grepQuiet "error: Path 'dir' in the repository \"$repo\" is not tracked by Git."
+
+git -C "$repo" add "$repo/dir/default.nix"
+
+[[ $(nix eval "$repo#b") = 456 ]]
diff --git a/tests/functional/impure-derivations.sh b/tests/functional/impure-derivations.sh
index 5dea220fec7..69884c2932e 100755
--- a/tests/functional/impure-derivations.sh
+++ b/tests/functional/impure-derivations.sh
@@ -21,7 +21,7 @@ drvPath2=$(nix derivation add < $TEST_HOME/impure-drv.json)
[[ "$drvPath" = "$drvPath2" ]]
# But only with the experimental feature!
-expectStderr 1 nix derivation add < $TEST_HOME/impure-drv.json --experimental-features nix-command | grepQuiet "experimental Nix feature 'impure-derivations' is disabled"
+expectStderr 1 nix derivation add < $TEST_HOME/impure-drv.json --experimental-features '' | grepQuiet "experimental Nix feature 'impure-derivations' is disabled"
nix build --dry-run --json --file ./impure-derivations.nix impure.all
json=$(nix build -L --no-link --json --file ./impure-derivations.nix impure.all)
diff --git a/tests/functional/nix-profile.sh b/tests/functional/nix-profile.sh
index 7cf5fcb7456..b1cfef6b0b2 100755
--- a/tests/functional/nix-profile.sh
+++ b/tests/functional/nix-profile.sh
@@ -52,7 +52,7 @@ cp "${config_nix}" $flake1Dir/
# Test upgrading from nix-env.
nix-env -f ./user-envs.nix -i foo-1.0
nix profile list | grep -A2 'Name:.*foo' | grep 'Store paths:.*foo-1.0'
-nix profile install $flake1Dir -L
+nix profile add $flake1Dir -L
nix profile list | grep -A4 'Name:.*flake1' | grep 'Locked flake URL:.*narHash'
[[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World" ]]
[ -e $TEST_HOME/.nix-profile/share/man ]
@@ -64,12 +64,12 @@ nix profile diff-closures | grep 'env-manifest.nix: ε → ∅'
# Test XDG Base Directories support
export NIX_CONFIG="use-xdg-base-directories = true"
nix profile remove flake1 2>&1 | grep 'removed 1 packages'
-nix profile install $flake1Dir
+nix profile add $flake1Dir
[[ $($TEST_HOME/.local/state/nix/profile/bin/hello) = "Hello World" ]]
unset NIX_CONFIG
-# Test conflicting package install.
-nix profile install $flake1Dir 2>&1 | grep "warning: 'flake1' is already installed"
+# Test conflicting package add.
+nix profile add $flake1Dir 2>&1 | grep "warning: 'flake1' is already added"
# Test upgrading a package.
printf NixOS > $flake1Dir/who
@@ -132,16 +132,16 @@ nix profile history | grep 'foo: 1.0 -> ∅'
nix profile diff-closures | grep 'Version 3 -> 4'
# Test installing a non-flake package.
-nix profile install --file ./simple.nix ''
+nix profile add --file ./simple.nix ''
[[ $(cat $TEST_HOME/.nix-profile/hello) = "Hello World!" ]]
nix profile remove simple 2>&1 | grep 'removed 1 packages'
-nix profile install $(nix-build --no-out-link ./simple.nix)
+nix profile add $(nix-build --no-out-link ./simple.nix)
[[ $(cat $TEST_HOME/.nix-profile/hello) = "Hello World!" ]]
# Test packages with same name from different sources
mkdir $TEST_ROOT/simple-too
cp ./simple.nix "${config_nix}" simple.builder.sh $TEST_ROOT/simple-too
-nix profile install --file $TEST_ROOT/simple-too/simple.nix ''
+nix profile add --file $TEST_ROOT/simple-too/simple.nix ''
nix profile list | grep -A4 'Name:.*simple' | grep 'Name:.*simple-1'
nix profile remove simple 2>&1 | grep 'removed 1 packages'
nix profile remove simple-1 2>&1 | grep 'removed 1 packages'
@@ -160,13 +160,13 @@ nix profile history | grep "packages.$system.default: 1.0, 1.0-man -> 3.0, 3.0-m
nix profile remove flake1 2>&1 | grep 'removed 1 packages'
printf 4.0 > $flake1Dir/version
printf Utrecht > $flake1Dir/who
-nix profile install $flake1Dir
+nix profile add $flake1Dir
[[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello Utrecht" ]]
[[ $(nix path-info --json $(realpath $TEST_HOME/.nix-profile/bin/hello) | jq -r .[].ca) =~ fixed:r:sha256: ]]
# Override the outputs.
nix profile remove simple flake1
-nix profile install "$flake1Dir^*"
+nix profile add "$flake1Dir^*"
[[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello Utrecht" ]]
[ -e $TEST_HOME/.nix-profile/share/man ]
[ -e $TEST_HOME/.nix-profile/include ]
@@ -179,7 +179,7 @@ nix profile upgrade flake1
[ -e $TEST_HOME/.nix-profile/include ]
nix profile remove flake1 2>&1 | grep 'removed 1 packages'
-nix profile install "$flake1Dir^man"
+nix profile add "$flake1Dir^man"
(! [ -e $TEST_HOME/.nix-profile/bin/hello ])
[ -e $TEST_HOME/.nix-profile/share/man ]
(! [ -e $TEST_HOME/.nix-profile/include ])
@@ -193,9 +193,9 @@ printf World > $flake1Dir/who
cp -r $flake1Dir $flake2Dir
printf World2 > $flake2Dir/who
-nix profile install $flake1Dir
+nix profile add $flake1Dir
[[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World" ]]
-expect 1 nix profile install $flake2Dir
+expect 1 nix profile add $flake2Dir
diff -u <(
nix --offline profile install $flake2Dir 2>&1 1> /dev/null \
| grep -vE "^warning: " \
@@ -214,31 +214,31 @@ error: An existing package already provides the following file:
nix profile remove flake1
- The new package can also be installed next to the existing one by assigning a different priority.
+ The new package can also be added next to the existing one by assigning a different priority.
The conflicting packages have a priority of 5.
To prioritise the new package:
- nix profile install path:${flake2Dir}#packages.${system}.default --priority 4
+ nix profile add path:${flake2Dir}#packages.${system}.default --priority 4
To prioritise the existing package:
- nix profile install path:${flake2Dir}#packages.${system}.default --priority 6
+ nix profile add path:${flake2Dir}#packages.${system}.default --priority 6
EOF
)
[[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World" ]]
-nix profile install $flake2Dir --priority 100
+nix profile add $flake2Dir --priority 100
[[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World" ]]
-nix profile install $flake2Dir --priority 0
+nix profile add $flake2Dir --priority 0
[[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World2" ]]
-# nix profile install $flake1Dir --priority 100
+# nix profile add $flake1Dir --priority 100
# [[ $($TEST_HOME/.nix-profile/bin/hello) = "Hello World" ]]
# Ensure that conflicts are handled properly even when the installables aren't
# flake references.
# Regression test for https://github.com/NixOS/nix/issues/8284
clearProfiles
-nix profile install $(nix build $flake1Dir --no-link --print-out-paths)
-expect 1 nix profile install --impure --expr "(builtins.getFlake ''$flake2Dir'').packages.$system.default"
+nix profile add $(nix build $flake1Dir --no-link --print-out-paths)
+expect 1 nix profile add --impure --expr "(builtins.getFlake ''$flake2Dir'').packages.$system.default"
# Test upgrading from profile version 2.
clearProfiles
diff --git a/tests/functional/nix-shell.sh b/tests/functional/nix-shell.sh
index b054b7f7519..bc49333b505 100755
--- a/tests/functional/nix-shell.sh
+++ b/tests/functional/nix-shell.sh
@@ -4,7 +4,7 @@ source common.sh
clearStoreIfPossible
-if [[ -n ${CONTENT_ADDRESSED:-} ]]; then
+if [[ -n ${NIX_TESTS_CA_BY_DEFAULT:-} ]]; then
shellDotNix="$PWD/ca-shell.nix"
else
shellDotNix="$PWD/shell.nix"
diff --git a/tests/functional/recursive.nix b/tests/functional/recursive.nix
index be9e55da37e..aa2aa26c549 100644
--- a/tests/functional/recursive.nix
+++ b/tests/functional/recursive.nix
@@ -17,7 +17,7 @@ mkDerivation rec {
buildCommand = ''
mkdir $out
- opts="--experimental-features nix-command ${
+ opts="${
if (NIX_TESTS_CA_BY_DEFAULT == "1") then "--extra-experimental-features ca-derivations" else ""
}"
diff --git a/tests/functional/recursive.sh b/tests/functional/recursive.sh
index 640fb92d2c5..fb0aa69752e 100755
--- a/tests/functional/recursive.sh
+++ b/tests/functional/recursive.sh
@@ -13,7 +13,7 @@ rm -f $TEST_ROOT/result
export unreachable=$(nix store add-path ./recursive.sh)
-NIX_BIN_DIR=$(dirname $(type -p nix)) nix --extra-experimental-features 'nix-command recursive-nix' build -o $TEST_ROOT/result -L --impure --file ./recursive.nix
+NIX_BIN_DIR=$(dirname $(type -p nix)) nix --extra-experimental-features 'recursive-nix' build -o $TEST_ROOT/result -L --impure --file ./recursive.nix
[[ $(cat $TEST_ROOT/result/inner1) =~ blaat ]]
diff --git a/tests/functional/repl.sh b/tests/functional/repl.sh
index 762636e446e..af59a612ccf 100755
--- a/tests/functional/repl.sh
+++ b/tests/functional/repl.sh
@@ -155,15 +155,15 @@ EOF
testReplResponse '
foo + baz
' "3" \
- ./flake ./flake\#bar --experimental-features 'flakes'
+ ./flake ./flake\#bar
-# Test the `:reload` mechansim with flakes:
+# Test the `:reload` mechanism with flakes:
# - Eval `./flake#changingThing`
# - Modify the flake
# - Re-eval it
# - Check that the result has changed
mkfifo repl_fifo
-nix repl ./flake --experimental-features 'flakes' < repl_fifo > repl_output 2>&1 &
+nix repl ./flake < repl_fifo > repl_output 2>&1 &
repl_pid=$!
exec 3>repl_fifo # Open fifo for writing
echo "changingThing" >&3
@@ -281,7 +281,7 @@ testReplResponseNoRegex '
badDiff=0
badExitCode=0
-nixVersion="$(nix eval --impure --raw --expr 'builtins.nixVersion' --extra-experimental-features nix-command)"
+nixVersion="$(nix eval --impure --raw --expr 'builtins.nixVersion')"
# TODO: write a repl interacter for testing. Papering over the differences between readline / editline and between platforms is a pain.
diff --git a/tests/functional/store-info.sh b/tests/functional/store-info.sh
index beecc2dd9dc..f080031f5f0 100755
--- a/tests/functional/store-info.sh
+++ b/tests/functional/store-info.sh
@@ -8,7 +8,7 @@ STORE_INFO_JSON=$(nix store info --json)
echo "$STORE_INFO" | grep "Store URL: ${NIX_REMOTE}"
if [[ -v NIX_DAEMON_PACKAGE ]] && isDaemonNewer "2.7.0pre20220126"; then
- DAEMON_VERSION=$("$NIX_DAEMON_PACKAGE"/bin/nix daemon --version | cut -d' ' -f3)
+ DAEMON_VERSION=$("$NIX_DAEMON_PACKAGE"/bin/nix daemon --version | sed 's/.*) //')
echo "$STORE_INFO" | grep "Version: $DAEMON_VERSION"
[[ "$(echo "$STORE_INFO_JSON" | jq -r ".version")" == "$DAEMON_VERSION" ]]
fi
diff --git a/tests/installer/default.nix b/tests/installer/default.nix
index d48537dd0d0..dc831cc97b1 100644
--- a/tests/installer/default.nix
+++ b/tests/installer/default.nix
@@ -232,7 +232,7 @@ let
source /etc/bashrc || true
nix-env --version
- nix --extra-experimental-features nix-command store info
+ nix store info
out=\$(nix-build --no-substitute -E 'derivation { name = "foo"; system = "x86_64-linux"; builder = "/bin/sh"; args = ["-c" "echo foobar > \$out"]; }')
[[ \$(cat \$out) = foobar ]]
diff --git a/tests/nixos/authorization.nix b/tests/nixos/authorization.nix
index 6540e9fa337..944e5925925 100644
--- a/tests/nixos/authorization.nix
+++ b/tests/nixos/authorization.nix
@@ -13,8 +13,6 @@
users.users.alice.isNormalUser = true;
users.users.bob.isNormalUser = true;
users.users.mallory.isNormalUser = true;
-
- nix.settings.experimental-features = "nix-command";
};
testScript =
diff --git a/tests/nixos/cgroups/default.nix b/tests/nixos/cgroups/default.nix
index a6b4bca8c76..4161aba2ca2 100644
--- a/tests/nixos/cgroups/default.nix
+++ b/tests/nixos/cgroups/default.nix
@@ -9,7 +9,7 @@
{
virtualisation.additionalPaths = [ pkgs.stdenvNoCC ];
nix.extraOptions = ''
- extra-experimental-features = nix-command auto-allocate-uids cgroups
+ extra-experimental-features = auto-allocate-uids cgroups
extra-system-features = uid-range
'';
nix.settings.use-cgroups = true;
diff --git a/tests/nixos/chroot-store.nix b/tests/nixos/chroot-store.nix
index f89a20bc4d5..274ee79f7a6 100644
--- a/tests/nixos/chroot-store.nix
+++ b/tests/nixos/chroot-store.nix
@@ -25,7 +25,6 @@ in
virtualisation.writableStore = true;
virtualisation.additionalPaths = [ pkgA ];
environment.systemPackages = [ pkgB ];
- nix.extraOptions = "experimental-features = nix-command";
};
};
diff --git a/tests/nixos/containers/containers.nix b/tests/nixos/containers/containers.nix
index b590dc8498f..8d07c80b6a3 100644
--- a/tests/nixos/containers/containers.nix
+++ b/tests/nixos/containers/containers.nix
@@ -23,7 +23,7 @@
virtualisation.memorySize = 4096;
nix.settings.substituters = lib.mkForce [ ];
nix.extraOptions = ''
- extra-experimental-features = nix-command auto-allocate-uids cgroups
+ extra-experimental-features = auto-allocate-uids cgroups
extra-system-features = uid-range
'';
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
diff --git a/tests/nixos/fetch-git/testsupport/setup.nix b/tests/nixos/fetch-git/testsupport/setup.nix
index c13386c7223..3c9f4bddea1 100644
--- a/tests/nixos/fetch-git/testsupport/setup.nix
+++ b/tests/nixos/fetch-git/testsupport/setup.nix
@@ -81,10 +81,6 @@ in
environment.variables = {
_NIX_FORCE_HTTP = "1";
};
- nix.settings.experimental-features = [
- "nix-command"
- "flakes"
- ];
};
setupScript = '''';
testScript = ''
diff --git a/tests/nixos/fetchurl.nix b/tests/nixos/fetchurl.nix
index e8663debbcd..d75cc2017de 100644
--- a/tests/nixos/fetchurl.nix
+++ b/tests/nixos/fetchurl.nix
@@ -64,8 +64,6 @@ in
];
virtualisation.writableStore = true;
-
- nix.settings.experimental-features = "nix-command";
};
};
diff --git a/tests/nixos/fsync.nix b/tests/nixos/fsync.nix
index e215e5b3c25..50105f1ccd9 100644
--- a/tests/nixos/fsync.nix
+++ b/tests/nixos/fsync.nix
@@ -23,7 +23,6 @@ in
{
virtualisation.emptyDiskImages = [ 1024 ];
environment.systemPackages = [ pkg1 ];
- nix.settings.experimental-features = [ "nix-command" ];
nix.settings.fsync-store-paths = true;
nix.settings.require-sigs = false;
boot.supportedFilesystems = [
diff --git a/tests/nixos/git-submodules.nix b/tests/nixos/git-submodules.nix
index 5b1d9ed5f5f..e5685179096 100644
--- a/tests/nixos/git-submodules.nix
+++ b/tests/nixos/git-submodules.nix
@@ -24,7 +24,6 @@
{
programs.ssh.extraConfig = "ConnectTimeout 30";
environment.systemPackages = [ pkgs.git ];
- nix.extraOptions = "experimental-features = nix-command flakes";
};
};
diff --git a/tests/nixos/github-flakes.nix b/tests/nixos/github-flakes.nix
index dcba464a34d..e36725827aa 100644
--- a/tests/nixos/github-flakes.nix
+++ b/tests/nixos/github-flakes.nix
@@ -163,7 +163,6 @@ in
];
virtualisation.memorySize = 4096;
nix.settings.substituters = lib.mkForce [ ];
- nix.extraOptions = "experimental-features = nix-command flakes";
networking.hosts.${(builtins.head nodes.github.networking.interfaces.eth1.ipv4.addresses).address} =
[
"channels.nixos.org"
diff --git a/tests/nixos/nix-copy.nix b/tests/nixos/nix-copy.nix
index 3565e83e71a..9fe1e8513a2 100644
--- a/tests/nixos/nix-copy.nix
+++ b/tests/nixos/nix-copy.nix
@@ -39,7 +39,6 @@ in
pkgD.drvPath
];
nix.settings.substituters = lib.mkForce [ ];
- nix.settings.experimental-features = [ "nix-command" ];
services.getty.autologinUser = "root";
programs.ssh.extraConfig = ''
Host *
diff --git a/tests/nixos/s3-binary-cache-store.nix b/tests/nixos/s3-binary-cache-store.nix
index 8e480866070..8389281b673 100644
--- a/tests/nixos/s3-binary-cache-store.nix
+++ b/tests/nixos/s3-binary-cache-store.nix
@@ -34,7 +34,6 @@ in
virtualisation.additionalPaths = [ pkgA ];
environment.systemPackages = [ pkgs.minio-client ];
nix.extraOptions = ''
- experimental-features = nix-command
substituters =
'';
services.minio = {
@@ -53,7 +52,6 @@ in
{
virtualisation.writableStore = true;
nix.extraOptions = ''
- experimental-features = nix-command
substituters =
'';
};
diff --git a/tests/nixos/sourcehut-flakes.nix b/tests/nixos/sourcehut-flakes.nix
index bb26b7ebbdc..5a7912d30fb 100644
--- a/tests/nixos/sourcehut-flakes.nix
+++ b/tests/nixos/sourcehut-flakes.nix
@@ -119,7 +119,6 @@ in
virtualisation.memorySize = 4096;
nix.settings.substituters = lib.mkForce [ ];
nix.extraOptions = ''
- experimental-features = nix-command flakes
flake-registry = https://git.sr.ht/~NixOS/flake-registry/blob/master/flake-registry.json
'';
environment.systemPackages = [ pkgs.jq ];
diff --git a/tests/nixos/tarball-flakes.nix b/tests/nixos/tarball-flakes.nix
index 7b3638b64b8..fc2c5fe3800 100644
--- a/tests/nixos/tarball-flakes.nix
+++ b/tests/nixos/tarball-flakes.nix
@@ -61,7 +61,6 @@ in
];
virtualisation.memorySize = 4096;
nix.settings.substituters = lib.mkForce [ ];
- nix.extraOptions = "experimental-features = nix-command flakes";
};
};
diff --git a/tests/repl-completion.nix b/tests/repl-completion.nix
index 07406e969cd..9ae37796bf5 100644
--- a/tests/repl-completion.nix
+++ b/tests/repl-completion.nix
@@ -15,7 +15,7 @@ runCommand "repl-completion"
];
expectScript = ''
# Regression https://github.com/NixOS/nix/pull/10778
- spawn nix repl --offline --extra-experimental-features nix-command
+ spawn nix repl --offline
expect "nix-repl>"
send "foo = import ./does-not-exist.nix\n"
expect "nix-repl>"