Compare commits
11 Commits
string-dat
...
2.17.1
| Author | SHA1 | Date | |
|---|---|---|---|
|
e64606084e | ||
|
|
eb21904198 | ||
|
|
2da46530d0 | ||
|
|
d0dd37b2a6 | ||
|
|
5568ca5ff1 | ||
|
|
d52690279a | ||
|
|
8bfc251282 | ||
|
|
8fbb4598c2 | ||
|
|
8398872ae0 | ||
|
|
07d1e304b4 | ||
|
|
a212300a1d |
@@ -108,7 +108,6 @@
|
||||
- [CLI guideline](contributing/cli-guideline.md)
|
||||
- [C++ style guide](contributing/cxx.md)
|
||||
- [Release Notes](release-notes/release-notes.md)
|
||||
- [Release X.Y (202?-??-??)](release-notes/rl-next.md)
|
||||
- [Release 2.17 (2023-07-24)](release-notes/rl-2.17.md)
|
||||
- [Release 2.16 (2023-05-31)](release-notes/rl-2.16.md)
|
||||
- [Release 2.15 (2023-04-11)](release-notes/rl-2.15.md)
|
||||
|
||||
@@ -20,8 +20,8 @@ Link: <flakeref>; rel="immutable"
|
||||
|
||||
(Note the required `<` and `>` characters around *flakeref*.)
|
||||
|
||||
*flakeref* must be a tarball flakeref. It can contain flake attributes
|
||||
such as `narHash`, `rev` and `revCount`. If `narHash` is included, its
|
||||
*flakeref* must be a tarball flakeref. It can contain the tarball flake attributes
|
||||
`narHash`, `rev`, `revCount` and `lastModified`. If `narHash` is included, its
|
||||
value must be the NAR hash of the unpacked tarball (as computed via
|
||||
`nix hash path`). Nix checks the contents of the returned tarball
|
||||
against the `narHash` attribute. The `rev` and `revCount` attributes
|
||||
|
||||
@@ -11,8 +11,12 @@
|
||||
|
||||
```nix
|
||||
{
|
||||
nested = { foo = 1; };
|
||||
nested = { ${"ba" + "r"} = 2; };
|
||||
nested = {
|
||||
foo = 1;
|
||||
};
|
||||
nested = {
|
||||
${"ba" + "r"} = 2;
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
@@ -22,8 +26,17 @@
|
||||
{ nested = { bar = 2; foo = 1; }; }
|
||||
```
|
||||
|
||||
Note that the feature of merging multiple attribute set declarations is of questionable value.
|
||||
Note that the feature of merging multiple *full declarations* of attribute sets like `nested` in the example is of questionable value.
|
||||
It allows writing expressions that are very hard to read, for instance when there are many lines of code between two declarations of the same attribute.
|
||||
This has been around for a long time and is therefore supported for backwards compatibility, but should not be relied upon.
|
||||
|
||||
Instead, consider using the *nested attribute path* syntax:
|
||||
|
||||
```nix
|
||||
{
|
||||
nested.foo = 1;
|
||||
nested.${"ba" + "r"} = 2;
|
||||
}
|
||||
```
|
||||
|
||||
* Tarball flakes can now redirect to an "immutable" URL that will be recorded in lock files. This allows the use of "mutable" tarball URLs like `https://example.org/hello/latest.tar.gz` in flakes. See the [tarball fetcher](../protocols/tarball-fetcher.md) for details.
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
let
|
||||
inherit (nixpkgs) lib;
|
||||
|
||||
officialRelease = false;
|
||||
officialRelease = true;
|
||||
|
||||
version = lib.fileContents ./.version + versionSuffix;
|
||||
versionSuffix =
|
||||
|
||||
@@ -1511,15 +1511,25 @@ static RegisterPrimOp primop_storePath({
|
||||
|
||||
static void prim_pathExists(EvalState & state, const PosIdx pos, Value * * args, Value & v)
|
||||
{
|
||||
auto & arg = *args[0];
|
||||
|
||||
/* We don’t check the path right now, because we don’t want to
|
||||
throw if the path isn’t allowed, but just return false (and we
|
||||
can’t just catch the exception here because we still want to
|
||||
throw if something in the evaluation of `*args[0]` tries to
|
||||
throw if something in the evaluation of `arg` tries to
|
||||
access an unauthorized path). */
|
||||
auto path = realisePath(state, pos, *args[0], { .checkForPureEval = false });
|
||||
auto path = realisePath(state, pos, arg, { .checkForPureEval = false });
|
||||
|
||||
/* SourcePath doesn't know about trailing slash. */
|
||||
auto mustBeDir = arg.type() == nString && arg.str().ends_with("/");
|
||||
|
||||
try {
|
||||
v.mkBool(state.checkSourcePath(path).pathExists());
|
||||
auto checked = state.checkSourcePath(path);
|
||||
auto exists = checked.pathExists();
|
||||
if (exists && mustBeDir) {
|
||||
exists = checked.lstat().type == InputAccessor::tDirectory;
|
||||
}
|
||||
v.mkBool(exists);
|
||||
} catch (SysError & e) {
|
||||
/* Don't give away info from errors while canonicalising
|
||||
‘path’ in restricted mode. */
|
||||
|
||||
@@ -10,7 +10,7 @@ std::optional<std::string_view> SearchPath::Prefix::suffixIfPotentialMatch(
|
||||
|
||||
/* Non-empty prefix and suffix must be separated by a /, or the
|
||||
prefix is not a valid path prefix. */
|
||||
bool needSeparator = n > 0 && (path.size() - n) > 0;
|
||||
bool needSeparator = n > 0 && n < path.size();
|
||||
|
||||
if (needSeparator && path[n] != '/') {
|
||||
return std::nullopt;
|
||||
|
||||
@@ -232,7 +232,7 @@ struct CurlInputScheme : InputScheme
|
||||
if (type != inputType()) return {};
|
||||
|
||||
// FIXME: some of these only apply to TarballInputScheme.
|
||||
std::set<std::string> allowedNames = {"type", "url", "narHash", "name", "unpack", "rev", "revCount"};
|
||||
std::set<std::string> allowedNames = {"type", "url", "narHash", "name", "unpack", "rev", "revCount", "lastModified"};
|
||||
for (auto & [name, value] : attrs)
|
||||
if (!allowedNames.count(name))
|
||||
throw Error("unsupported %s input attribute '%s'", *type, name);
|
||||
@@ -310,6 +310,9 @@ struct TarballInputScheme : CurlInputScheme
|
||||
input = immutableInput;
|
||||
}
|
||||
|
||||
if (result.lastModified && !input.attrs.contains("lastModified"))
|
||||
input.attrs.insert_or_assign("lastModified", uint64_t(result.lastModified));
|
||||
|
||||
return {result.tree.storePath, std::move(input)};
|
||||
}
|
||||
};
|
||||
|
||||
@@ -1,4 +1,7 @@
|
||||
builtins.pathExists (builtins.toPath ./lib.nix)
|
||||
builtins.pathExists (./lib.nix)
|
||||
&& builtins.pathExists (builtins.toPath ./lib.nix)
|
||||
&& builtins.pathExists (builtins.toString ./lib.nix)
|
||||
&& !builtins.pathExists (builtins.toString ./lib.nix + "/")
|
||||
&& builtins.pathExists (builtins.toPath (builtins.toString ./lib.nix))
|
||||
&& !builtins.pathExists (builtins.toPath (builtins.toString ./bla.nix))
|
||||
&& builtins.pathExists ./lib.nix
|
||||
|
||||
@@ -9,6 +9,7 @@ rm -rf $tarroot
|
||||
mkdir -p $tarroot
|
||||
cp dependencies.nix $tarroot/default.nix
|
||||
cp config.nix dependencies.builder*.sh $tarroot/
|
||||
touch -d '@1000000000' $tarroot $tarroot/*
|
||||
|
||||
hash=$(nix hash path $tarroot)
|
||||
|
||||
@@ -36,6 +37,8 @@ test_tarball() {
|
||||
nix-build -o $TEST_ROOT/result -E "import (fetchTree { type = \"tarball\"; url = file:///does-not-exist/must-remain-unused/$tarball; narHash = \"$hash\"; })"
|
||||
expectStderr 102 nix-build -o $TEST_ROOT/result -E "import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"sha256-xdKv2pq/IiwLSnBBJXW8hNowI4MrdZfW+SYqDQs7Tzc=\"; })" | grep 'NAR hash mismatch in input'
|
||||
|
||||
[[ $(nix eval --impure --expr "(fetchTree file://$tarball).lastModified") = 1000000000 ]]
|
||||
|
||||
nix-instantiate --strict --eval -E "!((import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"$hash\"; })) ? submodules)" >&2
|
||||
nix-instantiate --strict --eval -E "!((import (fetchTree { type = \"tarball\"; url = file://$tarball; narHash = \"$hash\"; })) ? submodules)" 2>&1 | grep 'true'
|
||||
|
||||
|
||||
Reference in New Issue
Block a user