Rename a few configuration options

In particular, drop the "build-" and "gc-" prefixes which are
pointless. So now you can say

  nix build --no-sandbox

instead of

  nix build --no-build-use-sandbox
This commit is contained in:
Eelco Dolstra 2017-08-31 14:28:25 +02:00
parent 7d4a7136db
commit c2154d4c84
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
16 changed files with 113 additions and 104 deletions

View file

@ -45,13 +45,12 @@ Comments start with a <literal>#</literal> character. Here is an
example configuration file:</para>
<programlisting>
gc-keep-outputs = true # Nice for developers
gc-keep-derivations = true # Idem
env-keep-derivations = false
keep-outputs = true # Nice for developers
keep-derivations = true # Idem
</programlisting>
<para>You can override settings on the command line using the
<option>--option</option> flag, e.g. <literal>--option gc-keep-outputs
<option>--option</option> flag, e.g. <literal>--option keep-outputs
false</literal>.</para>
<para>The following settings are currently available:
@ -59,7 +58,7 @@ false</literal>.</para>
<variablelist>
<varlistentry xml:id="conf-gc-keep-outputs"><term><literal>gc-keep-outputs</literal></term>
<varlistentry xml:id="conf-keep-outputs"><term><literal>keep-outputs</literal></term>
<listitem><para>If <literal>true</literal>, the garbage collector
will keep the outputs of non-garbage derivations. If
@ -76,7 +75,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry xml:id="conf-gc-keep-derivations"><term><literal>gc-keep-derivations</literal></term>
<varlistentry xml:id="conf-keep-derivations"><term><literal>keep-derivations</literal></term>
<listitem><para>If <literal>true</literal> (default), the garbage
collector will keep the derivations from which non-garbage store
@ -88,12 +87,12 @@ false</literal>.</para>
traceability (e.g., it allows you to ask with what dependencies or
options a store path was built), so by default this option is on.
Turn it off to save a bit of disk space (or a lot if
<literal>gc-keep-outputs</literal> is also turned on).</para></listitem>
<literal>keep-outputs</literal> is also turned on).</para></listitem>
</varlistentry>
<varlistentry><term><literal>env-keep-derivations</literal></term>
<varlistentry><term><literal>keep-env-derivations</literal></term>
<listitem><para>If <literal>false</literal> (default), derivations
are not stored in Nix user environments. That is, the derivation
@ -105,19 +104,19 @@ false</literal>.</para>
garbage-collected until the user environment generation is deleted
(<command>nix-env --delete-generations</command>). To prevent
build-time-only dependencies from being collected, you should also
turn on <literal>gc-keep-outputs</literal>.</para>
turn on <literal>keep-outputs</literal>.</para>
<para>The difference between this option and
<literal>gc-keep-derivations</literal> is that this one is
<literal>keep-derivations</literal> is that this one is
“sticky”: it applies to any user environment created while this
option was enabled, while <literal>gc-keep-derivations</literal>
option was enabled, while <literal>keep-derivations</literal>
only applies at the moment the garbage collector is
run.</para></listitem>
</varlistentry>
<varlistentry xml:id="conf-build-max-jobs"><term><literal>build-max-jobs</literal></term>
<varlistentry xml:id="conf-max-jobs"><term><literal>max-jobs</literal></term>
<listitem><para>This option defines the maximum number of jobs
that Nix will try to build in parallel. The default is
@ -130,7 +129,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry xml:id="conf-build-cores"><term><literal>build-cores</literal></term>
<varlistentry xml:id="conf-cores"><term><literal>cores</literal></term>
<listitem><para>Sets the value of the
<envar>NIX_BUILD_CORES</envar> environment variable in the
@ -149,7 +148,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry xml:id="conf-build-max-silent-time"><term><literal>build-max-silent-time</literal></term>
<varlistentry xml:id="conf-max-silent-time"><term><literal>max-silent-time</literal></term>
<listitem>
@ -170,7 +169,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry xml:id="conf-build-timeout"><term><literal>build-timeout</literal></term>
<varlistentry xml:id="conf-timeout"><term><literal>timeout</literal></term>
<listitem>
@ -190,7 +189,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry xml:id="conf-build-max-log-size"><term><literal>build-max-log-size</literal></term>
<varlistentry xml:id="conf-max-build-log-size"><term><literal>max-build-log-size</literal></term>
<listitem>
@ -245,7 +244,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry><term><literal>build-use-sandbox</literal></term>
<varlistentry><term><literal>sandbox</literal></term>
<listitem><para>If set to <literal>true</literal>, builds will be
performed in a <emphasis>sandboxed environment</emphasis>, i.e.,
@ -254,7 +253,7 @@ false</literal>.</para>
directory, private versions of <filename>/proc</filename>,
<filename>/dev</filename>, <filename>/dev/shm</filename> and
<filename>/dev/pts</filename> (on Linux), and the paths configured with the
<link linkend='conf-build-sandbox-paths'><literal>build-sandbox-paths</literal>
<link linkend='conf-sandbox-paths'><literal>sandbox-paths</literal>
option</link>. This is useful to prevent undeclared dependencies
on files in directories such as <filename>/usr/bin</filename>. In
addition, on Linux, builds run in private PID, mount, network, IPC
@ -280,8 +279,8 @@ false</literal>.</para>
</varlistentry>
<varlistentry xml:id="conf-build-sandbox-paths">
<term><literal>build-sandbox-paths</literal></term>
<varlistentry xml:id="conf-sandbox-paths">
<term><literal>sandbox-paths</literal></term>
<listitem><para>A list of paths bind-mounted into Nix sandbox
environments. You can use the syntax
@ -303,17 +302,17 @@ false</literal>.</para>
</varlistentry>
<varlistentry xml:id="conf-build-extra-sandbox-paths">
<varlistentry xml:id="conf-extra-sandbox-paths">
<term><literal>build-extra-sandbox-paths</literal></term>
<listitem><para>A list of additional paths appended to
<option>build-sandbox-paths</option>. Useful if you want to extend
<option>sandbox-paths</option>. Useful if you want to extend
its default value.</para></listitem>
</varlistentry>
<varlistentry><term><literal>build-use-substitutes</literal></term>
<varlistentry><term><literal>use-substitutes</literal></term>
<listitem><para>If set to <literal>true</literal> (default), Nix
will use binary substitutes if available. This option can be
@ -322,7 +321,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry><term><literal>build-fallback</literal></term>
<varlistentry><term><literal>fallback</literal></term>
<listitem><para>If set to <literal>true</literal>, Nix will fall
back to building from source if a binary substitute fails. This
@ -332,7 +331,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry><term><literal>build-keep-log</literal></term>
<varlistentry><term><literal>keep-build-log</literal></term>
<listitem><para>If set to <literal>true</literal> (the default),
Nix will write the build log of a derivation (i.e. the standard
@ -344,7 +343,7 @@ false</literal>.</para>
</varlistentry>
<varlistentry><term><literal>build-compress-log</literal></term>
<varlistentry><term><literal>compress-build-log</literal></term>
<listitem><para>If set to <literal>true</literal> (the default),
build logs written to <filename>/nix/var/log/nix/drvs</filename>
@ -597,7 +596,7 @@ password <replaceable>my-password</replaceable>
<para>Pass a list of files and directories to be included in the
sandbox for this build. One entry per line, terminated by an empty
line. Entries have the same format as
<literal>build-sandbox-paths</literal>.</para>
<literal>sandbox-paths</literal>.</para>
</listitem>
@ -608,7 +607,7 @@ password <replaceable>my-password</replaceable>
</varlistentry>
<varlistentry xml:id="conf-build-repeat"><term><literal>build-repeat</literal></term>
<varlistentry xml:id="conf-repeat"><term><literal>repeat</literal></term>
<listitem><para>How many times to repeat builds to check whether
they are deterministic. The default value is 0. If the value is
@ -651,7 +650,7 @@ password <replaceable>my-password</replaceable>
as <command>sudo</command> or <command>ping</command> will
fail. (Note that in sandbox builds, no such programs are available
unless you bind-mount them into the sandbox via the
<option>build-sandbox-paths</option> option.) You can allow the
<option>sandbox-paths</option> option.) You can allow the
use of such programs by enabling this option. This is impure and
usually undesirable, but may be useful in certain scenarios
(e.g. to spin up containers or set up userspace network interfaces

View file

@ -397,9 +397,9 @@ options control what gets deleted and in what order:
</para>
<para>The behaviour of the collector is also influenced by the <link
linkend="conf-gc-keep-outputs"><literal>gc-keep-outputs</literal></link>
linkend="conf-keep-outputs"><literal>keep-outputs</literal></link>
and <link
linkend="conf-gc-keep-derivations"><literal>gc-keep-derivations</literal></link>
linkend="conf-keep-derivations"><literal>keep-derivations</literal></link>
variables in the Nix configuration file.</para>
<para>With <option>--delete</option>, the collector prints the total

View file

@ -94,7 +94,7 @@
perform in parallel to the specified number. Specify
<literal>auto</literal> to use the number of CPUs in the system.
The default is specified by the <link
linkend='conf-build-max-jobs'><literal>build-max-jobs</literal></link>
linkend='conf-max-jobs'><literal>max-jobs</literal></link>
configuration setting, which itself defaults to
<literal>1</literal>. A higher value is useful on SMP systems or to
exploit I/O latency.</para></listitem>
@ -112,7 +112,7 @@
<literal>true</literal>, the builder passes the
<option>-j<replaceable>N</replaceable></option> flag to GNU Make.
It defaults to the value of the <link
linkend='conf-build-cores'><literal>build-cores</literal></link>
linkend='conf-cores'><literal>cores</literal></link>
configuration setting, if set, or <literal>1</literal> otherwise.
The value <literal>0</literal> means that the builder should use all
available CPU cores in the system.</para></listitem>
@ -125,7 +125,7 @@
<listitem><para>Sets the maximum number of seconds that a builder
can go without producing any data on standard output or standard
error. The default is specified by the <link
linkend='conf-build-max-silent-time'><literal>build-max-silent-time</literal></link>
linkend='conf-max-silent-time'><literal>max-silent-time</literal></link>
configuration setting. <literal>0</literal> means no
time-out.</para></listitem>
@ -135,7 +135,7 @@
<listitem><para>Sets the maximum number of seconds that a builder
can run. The default is specified by the <link
linkend='conf-build-timeout'><literal>build-timeout</literal></link>
linkend='conf-timeout'><literal>timeout</literal></link>
configuration setting. <literal>0</literal> means no
timeout.</para></listitem>

View file

@ -744,9 +744,9 @@ place_nix_configuration() {
cat <<EOF > "$SCRATCH/nix.conf"
build-users-group = $NIX_BUILD_GROUP_NAME
build-max-jobs = $NIX_USER_COUNT
build-cores = 1
build-use-sandbox = false
max-jobs = $NIX_USER_COUNT
cores = 1
sandbox = false
binary-caches = https://cache.nixos.org/
trusted-binary-caches =

View file

@ -171,7 +171,7 @@ struct LegacyArgs : public MixCommonArgs
});
mkFlag1('j', "max-jobs", "jobs", "maximum number of parallel builds", [=](std::string s) {
settings.set("build-max-jobs", s);
settings.set("max-jobs", s);
});
auto intSettingAlias = [&](char shortName, const std::string & longName,
@ -181,9 +181,9 @@ struct LegacyArgs : public MixCommonArgs
});
};
intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "build-cores");
intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "build-max-silent-time");
intSettingAlias(0, "timeout", "number of seconds before a build is killed", "build-timeout");
intSettingAlias(0, "cores", "maximum number of CPU cores to use inside a build", "cores");
intSettingAlias(0, "max-silent-time", "number of seconds of silence before a build is killed", "max-silent-time");
intSettingAlias(0, "timeout", "number of seconds before a build is killed", "timeout");
mkFlag(0, "readonly-mode", "do not write to the Nix store",
&settings.readOnlyMode);

View file

@ -1740,11 +1740,11 @@ void DerivationGoal::startBuilder()
if (settings.sandboxMode == smEnabled) {
if (get(drv->env, "__noChroot") == "1")
throw Error(format("derivation '%1%' has '__noChroot' set, "
"but that's not allowed when 'build-use-sandbox' is 'true'") % drvPath);
"but that's not allowed when 'sandbox' is 'true'") % drvPath);
#if __APPLE__
if (additionalSandboxProfile != "")
throw Error(format("derivation '%1%' specifies a sandbox profile, "
"but this is only allowed when 'build-use-sandbox' is 'relaxed'") % drvPath);
"but this is only allowed when 'sandbox' is 'relaxed'") % drvPath);
#endif
useChroot = true;
}
@ -1832,7 +1832,7 @@ void DerivationGoal::startBuilder()
worker.store.computeFSClosure(worker.store.toStorePath(i.second.source), closure);
} catch (InvalidPath & e) {
} catch (Error & e) {
throw Error(format("while processing 'build-sandbox-paths': %s") % e.what());
throw Error(format("while processing 'sandbox-paths': %s") % e.what());
}
for (auto & i : closure)
dirsInChroot[i] = i;

View file

@ -580,7 +580,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p
/* Don't delete this path if any of its referrers are alive. */
queryReferrers(path, incoming);
/* If gc-keep-derivations is set and this is a derivation, then
/* If keep-derivations is set and this is a derivation, then
don't delete the derivation if any of the outputs are alive. */
if (state.gcKeepDerivations && isDerivation(path)) {
PathSet outputs = queryDerivationOutputs(path);
@ -589,7 +589,7 @@ bool LocalStore::canReachRoot(GCState & state, PathSet & visited, const Path & p
incoming.insert(i);
}
/* If gc-keep-outputs is set, then don't delete this path if there
/* If keep-outputs is set, then don't delete this path if there
are derivers of this path that are not garbage. */
if (state.gcKeepOutputs) {
PathSet derivers = queryValidDerivers(path);
@ -704,9 +704,9 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results)
state.gcKeepDerivations = settings.gcKeepDerivations;
/* Using `--ignore-liveness' with `--delete' can have unintended
consequences if `gc-keep-outputs' or `gc-keep-derivations' are
true (the garbage collector will recurse into deleting the
outputs or derivers, respectively). So disable them. */
consequences if `keep-outputs' or `keep-derivations' are true
(the garbage collector will recurse into deleting the outputs
or derivers, respectively). So disable them. */
if (options.action == GCOptions::gcDeleteSpecific && options.ignoreLiveness) {
state.gcKeepOutputs = false;
state.gcKeepDerivations = false;

View file

@ -89,8 +89,9 @@ public:
Setting<bool> keepGoing{this, false, "keep-going",
"Whether to keep building derivations when another build fails."};
Setting<bool> tryFallback{this, false, "build-fallback",
"Whether to fall back to building when substitution fails."};
Setting<bool> tryFallback{this, false, "fallback",
"Whether to fall back to building when substitution fails.",
{"build-fallback"}};
/* Whether to show build log output in real time. */
bool verboseBuild = true;
@ -99,14 +100,15 @@ public:
the log to show if a build fails. */
size_t logLines = 10;
MaxBuildJobsSetting maxBuildJobs{this, 1, "build-max-jobs",
"Maximum number of parallel build jobs. \"auto\" means use number of cores."};
MaxBuildJobsSetting maxBuildJobs{this, 1, "max-jobs",
"Maximum number of parallel build jobs. \"auto\" means use number of cores.",
{"build-max-jobs"}};
Setting<unsigned int> buildCores{this, getDefaultCores(), "build-cores",
Setting<unsigned int> buildCores{this, getDefaultCores(), "cores",
"Number of CPU cores to utilize in parallel within a build, "
"i.e. by passing this number to Make via '-j'. 0 means that the "
"number of actual CPU cores on the local host ought to be "
"auto-detected."};
"auto-detected.", {"build-cores"}};
/* Read-only mode. Don't copy stuff to the store, don't change
the database. */
@ -115,14 +117,15 @@ public:
Setting<std::string> thisSystem{this, SYSTEM, "system",
"The canonical Nix system name."};
Setting<time_t> maxSilentTime{this, 0, "build-max-silent-time",
Setting<time_t> maxSilentTime{this, 0, "max-silent-time",
"The maximum time in seconds that a builer can go without "
"producing any output on stdout/stderr before it is killed. "
"0 means infinity."};
"0 means infinity.",
{"build-max-silent-time"}};
Setting<time_t> buildTimeout{this, 0, "build-timeout",
Setting<time_t> buildTimeout{this, 0, "timeout",
"The maximum duration in seconds that a builder can run. "
"0 means infinity."};
"0 means infinity.", {"build-timeout"}};
Setting<bool> useBuildHook{this, true, "remote-builds",
"Whether to use build hooks (for distributed builds)."};
@ -149,27 +152,32 @@ public:
Setting<bool> syncBeforeRegistering{this, false, "sync-before-registering",
"Whether to call sync() before registering a path as valid."};
Setting<bool> useSubstitutes{this, true, "build-use-substitutes",
"Whether to use substitutes."};
Setting<bool> useSubstitutes{this, true, "use-substitutes",
"Whether to use substitutes.",
{"build-use-substitutes"}};
Setting<std::string> buildUsersGroup{this, "", "build-users-group",
"The Unix group that contains the build users."};
Setting<bool> impersonateLinux26{this, false, "build-impersonate-linux-26",
"Whether to impersonate a Linux 2.6 machine on newer kernels."};
Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",
"Whether to impersonate a Linux 2.6 machine on newer kernels.",
{"build-impersonate-linux-26"}};
Setting<bool> keepLog{this, true, "build-keep-log",
"Whether to store build logs."};
Setting<bool> keepLog{this, true, "keep-build-log",
"Whether to store build logs.",
{"build-keep-log"}};
Setting<bool> compressLog{this, true, "build-compress-log",
"Whether to compress logs."};
Setting<bool> compressLog{this, true, "compress-build-log",
"Whether to compress logs.",
{"build-compress-log"}};
Setting<unsigned long> maxLogSize{this, 0, "build-max-log-size",
Setting<unsigned long> maxLogSize{this, 0, "max-build-log-size",
"Maximum number of bytes a builder can write to stdout/stderr "
"before being killed (0 means no limit)."};
"before being killed (0 means no limit).",
{"build-max-log-size"}};
/* When build-repeat > 0 and verboseBuild == true, whether to
print repeated builds (i.e. builds other than the first one) to
/* When buildRepeat > 0 and verboseBuild == true, whether to print
repeated builds (i.e. builds other than the first one) to
stderr. Hack to prevent Hydra logs from being polluted. */
bool printRepeatedBuilds = true;
@ -180,18 +188,21 @@ public:
"Whether to check if new GC roots can in fact be found by the "
"garbage collector."};
Setting<bool> gcKeepOutputs{this, false, "gc-keep-outputs",
"Whether the garbage collector should keep outputs of live derivations."};
Setting<bool> gcKeepOutputs{this, false, "keep-outputs",
"Whether the garbage collector should keep outputs of live derivations.",
{"gc-keep-outputs"}};
Setting<bool> gcKeepDerivations{this, true, "gc-keep-derivations",
"Whether the garbage collector should keep derivers of live paths."};
Setting<bool> gcKeepDerivations{this, true, "keep-derivations",
"Whether the garbage collector should keep derivers of live paths.",
{"gc-keep-derivations"}};
Setting<bool> autoOptimiseStore{this, false, "auto-optimise-store",
"Whether to automatically replace files with identical contents with hard links."};
Setting<bool> envKeepDerivations{this, false, "env-keep-derivations",
Setting<bool> envKeepDerivations{this, false, "keep-env-derivations",
"Whether to add derivations as a dependency of user environments "
"(to prevent them from being GCed)."};
"(to prevent them from being GCed).",
{"env-keep-derivations"}};
/* Whether to lock the Nix client and worker to the same CPU. */
bool lockCPU;
@ -202,24 +213,25 @@ public:
Setting<bool> enableNativeCode{this, false, "allow-unsafe-native-code-during-evaluation",
"Whether builtin functions that allow executing native code should be enabled."};
Setting<SandboxMode> sandboxMode{this, smDisabled, "build-use-sandbox",
Setting<SandboxMode> sandboxMode{this, smDisabled, "sandbox",
"Whether to enable sandboxed builds. Can be \"true\", \"false\" or \"relaxed\".",
{"build-use-chroot"}};
{"build-use-chroot", "build-use-sandbox"}};
Setting<PathSet> sandboxPaths{this, {}, "build-sandbox-paths",
Setting<PathSet> sandboxPaths{this, {}, "sandbox-paths",
"The paths to make available inside the build sandbox.",
{"build-chroot-dirs"}};
{"build-chroot-dirs", "build-sandbox-paths"}};
Setting<PathSet> extraSandboxPaths{this, {}, "build-extra-sandbox-paths",
Setting<PathSet> extraSandboxPaths{this, {}, "extra-sandbox-paths",
"Additional paths to make available inside the build sandbox.",
{"build-extra-chroot-dirs"}};
{"build-extra-chroot-dirs", "build-extra-sandbox-paths"}};
Setting<bool> restrictEval{this, false, "restrict-eval",
"Whether to restrict file system access to paths in $NIX_PATH, "
"and to disallow fetching files from the network."};
Setting<size_t> buildRepeat{this, 0, "build-repeat",
"The number of times to repeat a build in order to verify determinism."};
Setting<size_t> buildRepeat{this, 0, "repeat",
"The number of times to repeat a build in order to verify determinism.",
{"build-repeat"}};
#if __linux__
Setting<std::string> sandboxShmSize{this, "50%", "sandbox-dev-shm-size",

View file

@ -13,7 +13,7 @@ rm -rf $TEST_ROOT/store0 $TEST_ROOT/store1
export NIX_CONF_DIR=$TEST_ROOT/etc2
mkdir -p $NIX_CONF_DIR
echo "
build-sandbox-paths = /nix/store
sandbox-paths = /nix/store
sandbox-build-dir = /build-tmp
" > $NIX_CONF_DIR/nix.conf

View file

@ -15,9 +15,7 @@ mkdir "$NIX_CONF_DIR"
cat > "$NIX_CONF_DIR"/nix.conf <<EOF
build-users-group =
gc-keep-outputs = false
gc-keep-derivations = false
env-keep-derivations = false
keep-derivations = false
fsync-metadata = false
EOF

View file

@ -16,7 +16,7 @@ rm -rf $TEST_ROOT/store0
export NIX_STORE_DIR=/my/store
export NIX_REMOTE="local?root=$TEST_ROOT/store0"
outPath=$(nix-build dependencies.nix --no-out-link --option build-sandbox-paths /nix/store)
outPath=$(nix-build dependencies.nix --no-out-link --option sandbox-paths /nix/store)
[[ $outPath =~ /my/store/.*-dependencies ]]

View file

@ -11,5 +11,5 @@ path=$(nix-build dependencies.nix --no-out-link)
clearStore
rm -rf $NIX_LOG_DIR
(! nix-store -l $path)
nix-build dependencies.nix --no-out-link --option build-compress-log true
nix-build dependencies.nix --no-out-link --option compress-build-log true
[ "$(nix-store -l $path)" = FOO ]

View file

@ -59,5 +59,5 @@ fi
echo "collecting garbage..."
rm $TEST_ROOT/result*
nix-store --gc --option gc-keep-derivations true --option gc-keep-outputs true
nix-store --gc --option keep-derivations true --option keep-outputs true
nix-store --gc --print-roots

View file

@ -20,7 +20,7 @@ makeTest {
startAll;
# Copying to /tmp should succeed.
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
$machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id
")\' ');
@ -30,7 +30,7 @@ makeTest {
$machine->succeed("rm /tmp/id");
# Creating a setuid binary should fail.
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id
chmod 4755 /tmp/id
@ -41,7 +41,7 @@ makeTest {
$machine->succeed("rm /tmp/id");
# Creating a setgid binary should fail.
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" {} "
mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id
chmod 2755 /tmp/id
@ -52,7 +52,7 @@ makeTest {
$machine->succeed("rm /tmp/id");
# The checks should also work on 32-bit binaries.
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> { system = "i686-linux"; }; runCommand "foo" {} "
mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id
chmod 2755 /tmp/id
@ -63,7 +63,7 @@ makeTest {
$machine->succeed("rm /tmp/id");
# The tests above use fchmodat(). Test chmod() as well.
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
$machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id
perl -e \"chmod 0666, qw(/tmp/id) or die\"
@ -73,7 +73,7 @@ makeTest {
$machine->succeed("rm /tmp/id");
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id
perl -e \"chmod 04755, qw(/tmp/id) or die\"
@ -84,7 +84,7 @@ makeTest {
$machine->succeed("rm /tmp/id");
# And test fchmod().
$machine->succeed('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
$machine->succeed('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id
perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 01750, \\\$x or die\"
@ -94,7 +94,7 @@ makeTest {
$machine->succeed("rm /tmp/id");
$machine->fail('nix-build --option build-use-sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
$machine->fail('nix-build --option sandbox false -E \'(with import <nixpkgs> {}; runCommand "foo" { buildInputs = [ perl ]; } "
mkdir -p $out
cp ${pkgs.coreutils}/bin/id /tmp/id
perl -e \"my \\\$x; open \\\$x, qw(/tmp/id); chmod 04777, \\\$x or die\"

View file

@ -1,4 +1,4 @@
#! @ENV_PROG@ nix-shell
#! nix-shell -I nixpkgs=shell.nix --option build-use-substitutes false
#! nix-shell -I nixpkgs=shell.nix --option use-substitutes false
#! nix-shell --pure -i bash -p foo bar
echo "$(foo) $(bar) $@"

View file

@ -15,7 +15,7 @@ if ! echo "$messages" | grep -q "timed out"; then
exit 1
fi
if nix-build -Q timeout.nix -A infiniteLoop --option build-max-log-size 100; then
if nix-build -Q timeout.nix -A infiniteLoop --option max-build-log-size 100; then
echo "build should have failed"
exit 1
fi
@ -30,7 +30,7 @@ if nix-build timeout.nix -A closeLog; then
exit 1
fi
if nix build -f timeout.nix silent --option build-max-silent-time 2; then
if nix build -f timeout.nix silent --max-silent-time 2; then
echo "build should have failed"
exit 1
fi