diff --git a/.gitignore b/.gitignore index 4782bfbafd27..7f79bff759b1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,7 @@ # Default meson build dir /build +# Meson creates this file too +src/.wraplock # /tests/functional/ /tests/functional/common/subst-vars.sh diff --git a/flake.lock b/flake.lock index b2173f90b341..7332f38020d4 100644 --- a/flake.lock +++ b/flake.lock @@ -63,15 +63,15 @@ }, "nixpkgs": { "locked": { - "lastModified": 1763948260, - "narHash": "sha256-zZk7fn2ARAqmLwaYTpxBJmj81KIdz11NiWt7ydHHD/M=", - "rev": "1c8ba8d3f7634acac4a2094eef7c32ad9106532c", + "lastModified": 1769089682, + "narHash": "sha256-Xu+7iYcAuOvsI2wdkUcIEmkqEJbvvE6n7qR9QNjJyP4=", + "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", "type": "tarball", - "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.813095.1c8ba8d3f763/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.4506.078d69f03934/nixexprs.tar.xz" }, "original": { "type": "tarball", - "url": "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz" + "url": "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz" } }, "nixpkgs-23-11": { diff --git a/flake.nix b/flake.nix index be93ece607e5..adcbe22d31ae 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "The purely functional package manager"; - inputs.nixpkgs.url = "https://channels.nixos.org/nixos-25.05/nixexprs.tar.xz"; + inputs.nixpkgs.url = "https://channels.nixos.org/nixos-25.11/nixexprs.tar.xz"; inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2"; inputs.nixpkgs-23-11.url = "github:NixOS/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446"; diff --git a/maintainers/flake-module.nix b/maintainers/flake-module.nix index 414e6c570ab4..5de5a5c91ad7 100644 --- a/maintainers/flake-module.nix +++ b/maintainers/flake-module.nix @@ -88,16 +88,23 @@ ''^tests/functional/lang/eval-fail-path-slash\.nix$'' ''^tests/functional/lang/eval-fail-toJSON-non-utf-8\.nix$'' ''^tests/functional/lang/eval-fail-set\.nix$'' + + # Language tests, don't churn the formatting of strings + ''^tests/functional/lang/eval-fail-fromTOML-overflow\.nix$'' + ''^tests/functional/lang/eval-fail-fromTOML-underflow\.nix$'' + ''^tests/functional/lang/eval-fail-bad-string-interpolation-3\.nix$'' + ''^tests/functional/lang/eval-fail-bad-string-interpolation-4\.nix$'' + ''^tests/functional/lang/eval-okay-regex-match2\.nix$'' ]; }; clang-format = { enable = true; # https://github.com/cachix/git-hooks.nix/pull/532 - package = pkgs.llvmPackages_latest.clang-tools; + package = pkgs.llvmPackages_21.clang-tools; excludes = [ # We don't want to format test data # ''tests/(?!nixos/).*\.nix'' - ''^src/[^/]*-tests/data/.*$'' + "^src/[^/]*-tests/data/.*$" # Don't format vendored code ''^doc/manual/redirects\.js$'' diff --git a/nix-meson-build-support/common/asan-options/meson.build b/nix-meson-build-support/common/asan-options/meson.build index 80527b5a9884..56e6a6a56a7f 100644 --- a/nix-meson-build-support/common/asan-options/meson.build +++ b/nix-meson-build-support/common/asan-options/meson.build @@ -1,7 +1,7 @@ # Clang gets grumpy about missing libasan symbols if -shared-libasan is not # passed when building shared libs, at least on Linux if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option( - 'b_sanitize', + 'b_sanitize', )) add_project_link_arguments('-shared-libasan', language : 'cpp') endif diff --git a/packaging/components.nix b/packaging/components.nix index 6757323c428e..dcbe8f93101b 100644 --- a/packaging/components.nix +++ b/packaging/components.nix @@ -155,12 +155,14 @@ let ]; }; - mesonBuildLayer = finalAttrs: prevAttrs: { + mesonBuildLayer = finalAttrs: prevAttrs: rec { nativeBuildInputs = prevAttrs.nativeBuildInputs or [ ] ++ [ pkg-config ]; separateDebugInfo = !stdenv.hostPlatform.isStatic; - hardeningDisable = lib.optional stdenv.hostPlatform.isStatic "pie"; + # needed by separateDebugInfo + # SEE: https://github.com/NixOS/nixpkgs/pull/394674/commits/a4d355342976e9e9823fb94f133bc43ebec9da5b + __structuredAttrs = separateDebugInfo; }; mesonLibraryLayer = finalAttrs: prevAttrs: { diff --git a/packaging/dependencies.nix b/packaging/dependencies.nix index 812750f654ce..c08b23a1e18d 100644 --- a/packaging/dependencies.nix +++ b/packaging/dependencies.nix @@ -30,33 +30,13 @@ scope: { NIX_CFLAGS_COMPILE = "-DINITIAL_MARK_STACK_SIZE=1048576"; }); - lowdown = pkgs.lowdown.overrideAttrs (prevAttrs: rec { - version = "2.0.2"; - src = pkgs.fetchurl { - url = "https://kristaps.bsd.lv/lowdown/snapshots/lowdown-${version}.tar.gz"; - hash = "sha512-cfzhuF4EnGmLJf5EGSIbWqJItY3npbRSALm+GarZ7SMU7Hr1xw0gtBFMpOdi5PBar4TgtvbnG4oRPh+COINGlA=="; - }; - nativeBuildInputs = prevAttrs.nativeBuildInputs ++ [ pkgs.buildPackages.bmake ]; - postInstall = - lib.replaceStrings [ "lowdown.so.1" "lowdown.1.dylib" ] [ "lowdown.so.2" "lowdown.2.dylib" ] - (prevAttrs.postInstall or ""); - patches = [ ]; - }); + curl = pkgs.curl.override { + http3Support = !pkgs.stdenv.hostPlatform.isWindows; + }; - # TODO: Remove this when https://github.com/NixOS/nixpkgs/pull/442682 is included in a stable release - toml11 = - if lib.versionAtLeast pkgs.toml11.version "4.4.0" then - pkgs.toml11 - else - pkgs.toml11.overrideAttrs rec { - version = "4.4.0"; - src = pkgs.fetchFromGitHub { - owner = "ToruNiina"; - repo = "toml11"; - tag = "v${version}"; - hash = "sha256-sgWKYxNT22nw376ttGsTdg0AMzOwp8QH3E8mx0BZJTQ="; - }; - }; + libblake3 = pkgs.libblake3.override { + useTBB = !(stdenv.hostPlatform.isWindows || stdenv.hostPlatform.isStatic); + }; # TODO Hack until https://github.com/NixOS/nixpkgs/issues/45462 is fixed. boost = diff --git a/scripts/install-systemd-multi-user.sh b/scripts/install-systemd-multi-user.sh index 8abbb7af4ad2..a20a57b907c0 100755 --- a/scripts/install-systemd-multi-user.sh +++ b/scripts/install-systemd-multi-user.sh @@ -38,6 +38,7 @@ escape_systemd_env() { create_systemd_proxy_env() { vars="http_proxy https_proxy ftp_proxy all_proxy no_proxy HTTP_PROXY HTTPS_PROXY FTP_PROXY ALL_PROXY NO_PROXY" for v in $vars; do + # shellcheck disable=SC2268 if [ "x${!v:-}" != "x" ]; then echo "Environment=${v}=$(escape_systemd_env "${!v}")" fi diff --git a/src/libexpr/include/nix/expr/value.hh b/src/libexpr/include/nix/expr/value.hh index 6f533b73b206..479a4fddc133 100644 --- a/src/libexpr/include/nix/expr/value.hh +++ b/src/libexpr/include/nix/expr/value.hh @@ -533,8 +533,8 @@ inline constexpr bool useBitPackedValueStorage = (ptrSize == 8) && (__STDCPP_DEF * Packs discriminator bits into the pointer alignment niches. */ template -class alignas(16) ValueStorage>> - : public detail::ValueBase +class alignas(16) + ValueStorage>> : public detail::ValueBase { /* Needs a dependent type name in order for member functions (and * potentially ill-formed bit casts) to be SFINAE'd out. diff --git a/src/perl/package.nix b/src/perl/package.nix index 864558ec855e..e25b2996c83c 100644 --- a/src/perl/package.nix +++ b/src/perl/package.nix @@ -47,6 +47,8 @@ perl.pkgs.toPerlModule ( nix-store bzip2 libsodium + perlPackages.DBI + perlPackages.DBDSQLite ]; # `perlPackages.Test2Harness` is marked broken for Darwin @@ -64,8 +66,6 @@ perl.pkgs.toPerlModule ( ''; mesonFlags = [ - (lib.mesonOption "dbi_path" "${perlPackages.DBI}/${perl.libPrefix}") - (lib.mesonOption "dbd_sqlite_path" "${perlPackages.DBDSQLite}/${perl.libPrefix}") (lib.mesonEnable "tests" finalAttrs.finalPackage.doCheck) ]; diff --git a/tests/functional/build.sh b/tests/functional/build.sh index dbc72d991352..702783678b2d 100755 --- a/tests/functional/build.sh +++ b/tests/functional/build.sh @@ -191,7 +191,10 @@ test "$status" = 1 # Precise number of errors depends on daemon version / goal refactorings (( "$(<<<"$out" grep -cE '^error:')" >= 2 )) -if isDaemonNewer "2.29pre"; then +if isDaemonNewer "2.31"; then + <<<"$out" grepQuiet -E "error: Cannot build '.*-x4\\.drv'" + <<<"$out" grepQuiet -E "Reason: 1 dependency failed." +elif isDaemonNewer "2.29pre"; then <<<"$out" grepQuiet -E "error: Cannot build '.*-x4\\.drv'" <<<"$out" grepQuiet -E "Reason: 1 dependency failed." <<<"$out" grepQuiet -E "Build failed due to failed dependency" diff --git a/tests/functional/ca/issue-13247.sh b/tests/functional/ca/issue-13247.sh index 70591951329b..29bc2f912014 100755 --- a/tests/functional/ca/issue-13247.sh +++ b/tests/functional/ca/issue-13247.sh @@ -42,7 +42,7 @@ buildViaSubstitute () { nix build -f issue-13247.nix "$1" --no-link --max-jobs 0 --substituters "$cache" --no-require-sigs --offline --substitute } -# Substitue just the first output +# Substitute just the first output buildViaSubstitute use-a-more-outputs^first # Should only fetch the output we asked for @@ -52,10 +52,10 @@ buildViaSubstitute use-a-more-outputs^first delete -# Failure with 2.28 encountered in CI -requireDaemonNewerThan "2.29" +# Failure with 2.33 encountered in CI +requireDaemonNewerThan "2.34pre" -# Substitue just the first output +# Substitute just the first output # # This derivation is the same after normalization, so we should get # early cut-off, and thus a chance to download just the output we want diff --git a/tests/functional/dyn-drv/failing-outer.sh b/tests/functional/dyn-drv/failing-outer.sh index dcf3e830ed54..709f79619ea2 100644 --- a/tests/functional/dyn-drv/failing-outer.sh +++ b/tests/functional/dyn-drv/failing-outer.sh @@ -41,5 +41,8 @@ out=$(nix build --impure --no-link --expr ' builtins.outputOf failingProducer.outPath "out" ' 2>&1) || true +# Store layer needs bugfix +requireDaemonNewerThan "2.34pre" + # The error message must NOT be empty - it should mention the failed derivation echo "$out" | grepQuiet "failed to obtain derivation of" diff --git a/tests/functional/local-overlay-store/common.sh b/tests/functional/local-overlay-store/common.sh index 39ffa6e5a4f0..2c21eaa998db 100644 --- a/tests/functional/local-overlay-store/common.sh +++ b/tests/functional/local-overlay-store/common.sh @@ -70,6 +70,7 @@ mountOverlayfs () { "$storeBRoot/nix/store" \ || skipTest "overlayfs is not supported" + # shellcheck disable=SC2329 cleanupOverlay () { # shellcheck disable=2317 umount -n "$storeBRoot/nix/store" diff --git a/tests/functional/test-infra.sh b/tests/functional/test-infra.sh index 2da26b08ccd8..b702dfe5d29f 100755 --- a/tests/functional/test-infra.sh +++ b/tests/functional/test-infra.sh @@ -48,7 +48,7 @@ expectStderr 1 noisyFalse | grepQuiet NAY # `set -o pipefile` is enabled -# shellcheck disable=SC2317# shellcheck disable=SC2317 +# shellcheck disable=SC2329 pipefailure () { # shellcheck disable=SC2216 true | false | true @@ -56,7 +56,7 @@ pipefailure () { expect 1 pipefailure unset pipefailure -# shellcheck disable=SC2317 +# shellcheck disable=2329 pipefailure () { # shellcheck disable=SC2216 false | true | true @@ -84,7 +84,7 @@ expect 1 useUnbound # ! alone unfortunately negates `set -e`, but it works in functions: # shellcheck disable=SC2251 ! true -# shellcheck disable=SC2317 +# shellcheck disable=SC2329 funBang () { ! true } diff --git a/tests/nixos/fetch-git/testsupport/setup.nix b/tests/nixos/fetch-git/testsupport/setup.nix index c13386c72230..1fbf5ff7448f 100644 --- a/tests/nixos/fetch-git/testsupport/setup.nix +++ b/tests/nixos/fetch-git/testsupport/setup.nix @@ -86,7 +86,7 @@ in "flakes" ]; }; - setupScript = ''''; + setupScript = ""; testScript = '' start_all(); diff --git a/tests/nixos/fetchers-substitute.nix b/tests/nixos/fetchers-substitute.nix index bfe15c5c36e7..7abadd43af64 100644 --- a/tests/nixos/fetchers-substitute.nix +++ b/tests/nixos/fetchers-substitute.nix @@ -1,9 +1,26 @@ +{ nixComponents, ... }: { name = "fetchers-substitute"; nodes.substituter = { pkgs, ... }: { + # nix-serve is broken while cross-compiling in nixpkgs 25.11. It's been + # fixed since, but while we're pinning 25.11 we use this workaround. + nixpkgs.overlays = [ + (final: prev: { + nix-serve = + final.lib.warnIf (final.lib.versions.majorMinor final.lib.version != "25.11") + "remove the hack in fetchers-substitute.nix when updating nixpkgs from 25.11" + ( + prev.nix-serve.override { + nix = prev.nix // { + libs.nix-perl-bindings = nixComponents.nix-perl-bindings; + }; + } + ); + }) + ]; virtualisation.writableStore = true; nix.settings.extra-experimental-features = [ diff --git a/tests/nixos/functional/common.nix b/tests/nixos/functional/common.nix index 4d32b7573245..57f0bbc6a1c5 100644 --- a/tests/nixos/functional/common.nix +++ b/tests/nixos/functional/common.nix @@ -1,14 +1,5 @@ { lib, nixComponents, ... }: -let - # FIXME (roberth) reference issue - inputDerivation = - pkg: - (pkg.overrideAttrs (o: { - disallowedReferences = [ ]; - })).inputDerivation; - -in { # We rarely change the script in a way that benefits from type checking, so # we skip it to save time. @@ -20,7 +11,7 @@ in virtualisation.writableStore = true; system.extraDependencies = [ - (inputDerivation config.nix.package) + config.nix.package.inputDerivation ]; nix.settings.substituters = lib.mkForce [ ]; diff --git a/tests/nixos/functional/unprivileged-daemon.nix b/tests/nixos/functional/unprivileged-daemon.nix index c0dfdf0c4e50..d9f969afa247 100644 --- a/tests/nixos/functional/unprivileged-daemon.nix +++ b/tests/nixos/functional/unprivileged-daemon.nix @@ -21,7 +21,11 @@ nix.enable = false; # Unprivileged nix daemon cannot remount store read/write, so never make it read-only in the first place. - boot.readOnlyNixStore = false; + boot.nixStoreMountOpts = lib.mkForce [ + "nodev" + "nosuid" + "rw" + ]; environment.systemPackages = [ config.nix.package ]; # nix normally defaults to local if running as root, we want root to use the daemon as well. diff --git a/tests/nixos/remote-builds-ssh-ng.nix b/tests/nixos/remote-builds-ssh-ng.nix index c298ab92d46d..d23183f351c7 100644 --- a/tests/nixos/remote-builds-ssh-ng.nix +++ b/tests/nixos/remote-builds-ssh-ng.nix @@ -20,7 +20,7 @@ let builder = "''${utils}/bin/sh"; args = [ "-c" "${ lib.concatStringsSep "; " [ - ''if [[ -n $NIX_LOG_FD ]]'' + "if [[ -n $NIX_LOG_FD ]]" ''then echo '@nix {\"action\":\"setPhase\",\"phase\":\"buildPhase\"}' >&''$NIX_LOG_FD'' "fi" "echo Hello" diff --git a/tests/nixos/s3-binary-cache-store.nix b/tests/nixos/s3-binary-cache-store.nix index 5804057487dc..ae3cb82a4c3e 100644 --- a/tests/nixos/s3-binary-cache-store.nix +++ b/tests/nixos/s3-binary-cache-store.nix @@ -873,7 +873,7 @@ in server.wait_for_unit("minio") server.wait_for_unit("network-addresses-eth1.service") server.wait_for_open_port(9000) - server.succeed(f"mc config host add minio http://localhost:9000 {ACCESS_KEY} {SECRET_KEY} --api s3v4") + server.succeed(f"mc alias set minio http://localhost:9000 {ACCESS_KEY} {SECRET_KEY} --api s3v4") # Run tests (each gets isolated bucket via decorator) test_credential_caching()