Bump version

Ignore EPERM when unsharing FS state
On Docker (but not podman), unshare(CLONE_FS) fails with EPERM. So let's ignore it and hope nothing bad happens. Attempted fix for #5777. (cherry picked from commit ec8f24ed3a)
2021-12-17 12:04:29 +01:00 · 2021-12-17 12:03:12 +01:00 · 2021-12-15 11:59:33 +01:00 · 2021-12-15 09:34:26 +01:00 · 2021-12-13 21:14:46 +01:00
11 changed files with 48 additions and 32 deletions
--- a/.version
+++ b/.version
@@ -1 +1 @@
-2.5.0
+2.5.1
--- a/doc/manual/generate-options.nix
+++ b/doc/manual/generate-options.nix
@@ -8,17 +8,19 @@ concatStrings (map
    let option = options.${name}; in
    "  - `${name}`  \n\n"
    + concatStrings (map (s: "    ${s}\n") (splitLines option.description)) + "\n\n"
-    + "    **Default:** " + (
-      if option.value == "" || option.value == []
-      then "*empty*"
-      else if isBool option.value
-      then (if option.value then "`true`" else "`false`")
-      else
-        # n.b. a StringMap value type is specified as a string, but
-        # this shows the value type.  The empty stringmap is "null" in
-        # JSON, but that converts to "{ }" here.
-        (if isAttrs option.value then "`\"\"`"
-         else "`" + toString option.value + "`")) + "\n\n"
+    + (if option.documentDefault
+       then "    **Default:** " + (
+       if option.value == "" || option.value == []
+       then "*empty*"
+       else if isBool option.value
+       then (if option.value then "`true`" else "`false`")
+       else
+         # n.b. a StringMap value type is specified as a string, but
+         # this shows the value type.  The empty stringmap is "null" in
+         # JSON, but that converts to "{ }" here.
+         (if isAttrs option.value then "`\"\"`"
+          else "`" + toString option.value + "`")) + "\n\n"
+       else "    **Default:** *machine-specific*")
    + (if option.aliases != []
       then "    **Deprecated alias:** " + (concatStringsSep ", " (map (s: "`${s}`") option.aliases)) + "\n\n"
       else "")
--- a/doc/manual/src/SUMMARY.md.in
+++ b/doc/manual/src/SUMMARY.md.in
@@ -71,7 +71,6 @@
  - [Hacking](contributing/hacking.md)
  - [CLI guideline](contributing/cli-guideline.md)
 - [Release Notes](release-notes/release-notes.md)
-  - [Release X.Y (202?-??-??)](release-notes/rl-next.md)
  - [Release 2.5 (2021-12-13)](release-notes/rl-2.5.md)
  - [Release 2.4 (2021-11-01)](release-notes/rl-2.4.md)
  - [Release 2.3 (2019-09-04)](release-notes/rl-2.3.md)
--- a/flake.nix
+++ b/flake.nix
@@ -14,7 +14,7 @@
        then ""
        else "pre${builtins.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}_${self.shortRev or "dirty"}";

-      officialRelease = false;
+      officialRelease = true;

      linux64BitSystems = [ "x86_64-linux" "aarch64-linux" ];
      linuxSystems = linux64BitSystems ++ [ "i686-linux" ];
--- a/src/libstore/filetransfer.cc
+++ b/src/libstore/filetransfer.cc
@@ -544,13 +544,7 @@ struct curlFileTransfer : public FileTransfer
            stopWorkerThread();
        });

-#ifdef __linux__
-        /* Cause this thread to not share any FS attributes with the main thread,
-           because this causes setns() in restoreMountNamespace() to fail.
-           Ideally, this would happen in the std::thread() constructor. */
-        if (unshare(CLONE_FS) != 0)
-            throw SysError("unsharing filesystem state in download thread");
-#endif
+        unshareFilesystem();

        std::map<CURL *, std::shared_ptr<TransferItem>> items;

--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -21,7 +21,7 @@ struct MaxBuildJobsSetting : public BaseSetting<unsigned int>
        const std::string & name,
        const std::string & description,
        const std::set<std::string> & aliases = {})
-        : BaseSetting<unsigned int>(def, name, description, aliases)
+        : BaseSetting<unsigned int>(def, true, name, description, aliases)
    {
        options->addSetting(this);
    }
@@ -38,7 +38,7 @@ struct PluginFilesSetting : public BaseSetting<Paths>
        const std::string & name,
        const std::string & description,
        const std::set<std::string> & aliases = {})
-        : BaseSetting<Paths>(def, name, description, aliases)
+        : BaseSetting<Paths>(def, true, name, description, aliases)
    {
        options->addSetting(this);
    }
@@ -130,7 +130,9 @@ public:
        {"build-max-jobs"}};

    Setting<unsigned int> buildCores{
-        this, getDefaultCores(), "cores",
+        this,
+        getDefaultCores(),
+        "cores",
        R"(
          Sets the value of the `NIX_BUILD_CORES` environment variable in the
          invocation of builders. Builders can use this variable at their
@@ -141,7 +143,7 @@ public:
          command line switch and defaults to `1`. The value `0` means that
          the builder should use all available CPU cores in the system.
        )",
-        {"build-cores"}};
+        {"build-cores"}, false};

    /* Read-only mode.  Don't copy stuff to the store, don't change
       the database. */
@@ -583,10 +585,11 @@ public:
          platform and generate incompatible code, so you may wish to
          cross-check the results of using this option against proper
          natively-built versions of your derivations.
-        )"};
+        )", {}, false};

    Setting<StringSet> systemFeatures{
-        this, getDefaultSystemFeatures(),
+        this,
+        getDefaultSystemFeatures(),
        "system-features",
        R"(
          A set of system “features” supported by this machine, e.g. `kvm`.
@@ -602,7 +605,7 @@ public:
          This setting by default includes `kvm` if `/dev/kvm` is accessible,
          and the pseudo-features `nixos-test`, `benchmark` and `big-parallel`
          that are used in Nixpkgs to route builds to specific machines.
-        )"};
+        )", {}, false};

    Setting<Strings> substituters{
        this,
--- a/src/libutil/abstract-setting-to-json.hh
+++ b/src/libutil/abstract-setting-to-json.hh
@@ -10,6 +10,7 @@ std::map<std::string, nlohmann::json> BaseSetting<T>::toJSONObject()
    auto obj = AbstractSetting::toJSONObject();
    obj.emplace("value", value);
    obj.emplace("defaultValue", defaultValue);
+    obj.emplace("documentDefault", documentDefault);
    return obj;
 }
 }
--- a/src/libutil/config.hh
+++ b/src/libutil/config.hh
@@ -232,16 +232,19 @@ protected:

    T value;
    const T defaultValue;
+    const bool documentDefault;

 public:

    BaseSetting(const T & def,
+        const bool documentDefault,
        const std::string & name,
        const std::string & description,
        const std::set<std::string> & aliases = {})
        : AbstractSetting(name, description, aliases)
        , value(def)
        , defaultValue(def)
+        , documentDefault(documentDefault)
    { }

    operator const T &() const { return value; }
@@ -288,8 +291,9 @@ public:
        const T & def,
        const std::string & name,
        const std::string & description,
-        const std::set<std::string> & aliases = {})
-        : BaseSetting<T>(def, name, description, aliases)
+        const std::set<std::string> & aliases = {},
+        const bool documentDefault = true)
+        : BaseSetting<T>(def, documentDefault, name, description, aliases)
    {
        options->addSetting(this);
    }
@@ -311,7 +315,7 @@ public:
        const std::string & name,
        const std::string & description,
        const std::set<std::string> & aliases = {})
-        : BaseSetting<Path>(def, name, description, aliases)
+        : BaseSetting<Path>(def, true, name, description, aliases)
        , allowEmpty(allowEmpty)
    {
        options->addSetting(this);
--- a/src/libutil/tests/config.cc
+++ b/src/libutil/tests/config.cc
@@ -161,7 +161,7 @@ namespace nix {
        Setting<std::string> setting{&config, "", "name-of-the-setting", "description"};
        setting.assign("value");

-        ASSERT_EQ(config.toJSON().dump(), R"#({"name-of-the-setting":{"aliases":[],"defaultValue":"","description":"description\n","value":"value"}})#");
+        ASSERT_EQ(config.toJSON().dump(), R"#({"name-of-the-setting":{"aliases":[],"defaultValue":"","description":"description\n","documentDefault":true,"value":"value"}})#");
    }

    TEST(Config, setSettingAlias) {
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -1660,6 +1660,14 @@ void restoreMountNamespace()
 #endif
 }

+void unshareFilesystem()
+{
+#ifdef __linux__
+    if (unshare(CLONE_FS) != 0 && errno != EPERM)
+        throw SysError("unsharing filesystem state in download thread");
+#endif
+}
+
 void restoreProcessContext(bool restoreMounts)
 {
    restoreSignals();
--- a/src/libutil/util.hh
+++ b/src/libutil/util.hh
@@ -311,6 +311,11 @@ void saveMountNamespace();
   if saveMountNamespace() was never called. */
 void restoreMountNamespace();

+/* Cause this thread to not share any FS attributes with the main
+   thread, because this causes setns() in restoreMountNamespace() to
+   fail. */
+void unshareFilesystem();
+

 class ExecError : public Error
 {
Author	SHA1	Message	Date
Eelco Dolstra	b4f250417a	Bump version	2021-12-17 12:04:29 +01:00
Eelco Dolstra	8e2ad15cb8	Ignore EPERM when unsharing FS state On Docker (but not podman), unshare(CLONE_FS) fails with EPERM. So let's ignore it and hope nothing bad happens. Attempted fix for #5777. (cherry picked from commit `ec8f24ed3a`)	2021-12-17 12:03:12 +01:00
Eelco Dolstra	b5a4e40621	Merge pull request #5775 from baloo/baloo/2.5/hide-non-reproducible-settings reproducibility: hide non-reproducible settings from manual [2.5]	2021-12-15 11:59:33 +01:00
Arthur Gautier	e31fa17336	reproducibility: hide non-reproducible settings from manual Because the manual is generated from default values which are themselves generated from various sources (cpuid, bios settings (kvm), number of cores). This commit hides non-reproducible settings from the manual output.	2021-12-15 09:34:26 +01:00
Eelco Dolstra	a646dfcdd6	Set version	2021-12-13 21:14:46 +01:00
@@ -1 +1 @@
 .5.0
 .5.1