| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Staging next
|
| |\ |
|
| |\ \ |
|
| |\ \ \ |
|
| |\ \ \ \ |
|
| |\ \ \ \ \ |
|
| |\ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|_|_|/
|/| | | | | | | | | | |
|
| | | | | | | | | | | |
|
| | | | | | | | | | | |
|
| |_|_|_|_|_|_|_|_|/
|/| | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This is a workaround for NixOS/nix#4295, which caused single-user Linux
Nix installations using sandboxed builds to start failing to build
fetchzip derivations after 4a5c49363a58e711c2016b9ebb6f642e3c9c1be5.
In short: removing write permissions for the entire directory is great,
except we then can't rename(2) it to the final Nix store path out of the
sandbox, because we don't have write permission on the directory and
thus cannot update the ".." directory entry.
|
|\ \ \ \ \ \ \ \ \ \
| | |_|_|_|_|_|_|_|/
| |/| | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | |_|_|_|_|_|_|_|/
| |/| | | | | | | | |
dockerTools.fakeNss: init
|
| | | | | | | | | | |
|
| | | |_|_|_|_|_|/
| | |/| | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
This provides a /etc/passwd and /etc/group that contain root and nobody.
Useful when packaging binaries that insist on using nss to look up
username/groups (like nginx).
The current nginx example used the `runAsRoot` parameter to setup
/etc/group and /etc/passwd (which also doesn't exist in
buildLayeredImage), so we can now just use fakeNss there and use
buildLayeredImage.
|
| |\ \ \ \ \ \ \ \
| | |/ / / / / / /
| |/| | | | | | | |
Platform config improvements
|
| | | | | | | | | |
|
| | |_|_|_|_|_|/
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Informational messages belong on stderr, not on stdout and intermixed
with structured output for programmatic use.
Change-Id: I34d094d04460494e9ec8953db7490f4e2292d959
|
| | | | | | | | |
|
| | | | | | | | |
|
|/ / / / / / / |
|
|\ \ \ \ \ \ \
| | |_|_|_|_|/
| |/| | | | | |
Staging next
|
| |\ \ \ \ \ \
| | |_|_|/ / /
| |/| | | | | |
|
| |\ \ \ \ \ \
| | | |/ / / /
| | |/| | | | |
|
| |\ \ \ \ \ \
| | | |_|_|/ /
| | |/| | | | |
|
| |\ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
stdenv: introduce -frandom-seed
|
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
This adds -frandom-seed to each compiler invocation in stdenv. The
object here is to make the compierl invocations produce the same output
every time they are called (for the same derivation). When the
-frandom-seed option is not set the compiler will use a combination of
random numbers (in GCC's case from /dev/urandom) and the durrent time to
produce a "random" input per file. This can (among other things) lead to
different ordering of symbols in the produced object files.
For reason of reproducibility we prefer having the same derivation
produce the exact same outputs. This is not a silver bullet but one way
to tame the compiler.
|
|\ \ \ \ \ \ \ \ \ \ \
| |_|_|_|_|_|_|_|/ / /
|/| | | | | | | | | | |
buildRustCrate: add host platform to rlib hash suffix
|
| | | | | | | | | | | |
|
| |_|_|_|_|_|_|_|_|/
|/| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \ \
| | | | | | | | | | |
| | | | | | | | | | | |
fetchzip: remove write permissions for unpacked files
|
| |/ / / / / / / / /
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Fixes https://github.com/NixOS/nixpkgs/issues/38649
|
|\ \ \ \ \ \ \ \ \ \
| | |_|_|_|_|_|_|/ /
| |/| | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This fixes cross-compilation of a NixOS with the manual enabled.
|
| |\ \ \ \ \ \ \ \ \
| | |/ / / / / / / /
| |/| | | | | | | | |
fetchfossil: Depend on cacert
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Without it, it'll not able to verify SSL certificates, rendering
it mostly useless
|
| | | | | | | | | | |
|
| |\ \ \ \ \ \ \ \ \
| | |_|_|_|_|_|_|/ /
| |/| | | | | | | | |
appimage-run: parse readelf's output in C locale
|
| | | |_|_|_|/ / /
| | |/| | | | | |
| | | | | | | | |
| | | | | | | | | |
fixes #101137
|
| | |_|_|_|_|/ /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
It's cleaner to reference buildPackages directly in
build-support/docker directly.
|
| |\ \ \ \ \ \ \
| | |/ / / / / /
| |/| | | | | | |
buildFHSUserEnvBubblewrap: use arrays for constructing argument list
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Generally a cleaner way of doing it and prevents issues with spaces in paths
Used to fix #97234 but #101967 already didt this with a smaller scope
|
| |\ \ \ \ \ \ \
| | |_|_|_|_|/ /
| |/| | | | | | |
|