depot - monorepo for the virus lounge

Age	Commit message (Collapse)	Author	Files	Lines
2006-12-05	* In addPermRoot, check that the root that we just registered can be	Eelco Dolstra	2	-18/+42
	found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores.
2006-12-04	* Add indirect root registration to the protocol so that unprivileged	Eelco Dolstra	7	-6/+42
	processes can register indirect roots. Of course, there is still the problem that the garbage collector can only read the targets of the indirect roots when it's running as root...
2006-12-04	* Not every OS knows about SIGPOLL.	Eelco Dolstra	1	-0/+5

2006-12-04	* Don't redirect stderr.	Eelco Dolstra	1	-6/+0

2006-12-04	* Handle exceptions and stderr for all protocol functions.	Eelco Dolstra	2	-19/+64
	* SIGIO -> SIGPOLL (POSIX calls it that). * Use sigaction instead of signal to register the SIGPOLL handler. Sigaction is better defined, and a handler registered with signal appears not to interrupt fcntl(..., F_SETLKW, ...), which is bad.
2006-12-04	* Daemon mode (`nix-worker --daemon'). Clients connect to the server	Eelco Dolstra	7	-53/+182
	via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes.
2006-12-04	* When NIX_REMOTE=daemon, connect to /nix/var/nix/daemon.socket	Eelco Dolstra	3	-8/+37
	instead of forking a worker.
2006-12-04	* Refactoring.	Eelco Dolstra	3	-17/+33

2006-12-04	* Pass the verbosity level to the worker.	Eelco Dolstra	1	-2/+8

2006-12-04	* Install the worker in bindir, not libexecdir.	Eelco Dolstra	6	-2/+11
	* Allow the worker path to be overriden through the NIX_WORKER environment variable.
2006-12-03	* Doh.	Eelco Dolstra	2	-1/+4

2006-12-03	* Don't run setuid root when build-users is empty.	Eelco Dolstra	3	-26/+51
	* Send startup errors to the client.
2006-12-03	* Removed `build-allow-root'.	Eelco Dolstra	5	-39/+61
	* Added `build-users-group', the group under which builds are to be performed. * Check that /nix/store has 1775 permission and is owner by the build-users-group.
2006-12-03	* Use setreuid if setresuid is not available.	Eelco Dolstra	2	-7/+17

2006-12-03	* Handle a subtle race condition: the client closing the socket	Eelco Dolstra	1	-2/+30
	between the last worker read/write and the enabling of the signal handler.
2006-12-03	* Some hardcore magic to handle asynchronous client disconnects.	Eelco Dolstra	1	-1/+37
	The problem is that when we kill the client while the worker is building, and the builder is not writing anything to stderr, then the worker never notice that the socket is closed on the other side, so it just continues indefinitely. The solution is to catch SIGIO, which is sent when the far side of the socket closes, and simulate an normal interruption. Of course, SIGIO is also sent every time the client sends data over the socket, so we only enable the signal handler when we're not expecting any data...
2006-12-03	* Use a Unix domain socket instead of pipes.	Eelco Dolstra	2	-15/+18

2006-12-03	* Better error message if the worker doesn't start.	Eelco Dolstra	1	-4/+8

2006-12-03	* Pid::kill() should be interruptable.	Eelco Dolstra	1	-1/+3

2006-12-03	* Some hackery to propagate the worker's stderr and exceptions to the	Eelco Dolstra	7	-104/+206
	client.
2006-12-03	* Run the worker in a separate session to prevent terminal signals	Eelco Dolstra	1	-0/+6
	from interfering.
2006-12-02	* Move addTempRoot() to the store API, and add another function	Eelco Dolstra	11	-17/+81
	syncWithGC() to allow clients to register GC roots without needing write access to the global roots directory or the GC lock.
2006-12-02	* Doh.	Eelco Dolstra	1	-1/+1

2006-12-02	* Remove most of the old setuid code.	Eelco Dolstra	3	-138/+57
	* Much simpler setuid code for the worker in slave mode.
2006-12-02	* Remove SwitchToOriginalUser, we're not going to need it anymore.	Eelco Dolstra	8	-63/+4

2006-12-02	* Clear NIX_REMOTE in the tests.	Eelco Dolstra	1	-0/+2

2006-12-02	* Remove queryPathHash().	Eelco Dolstra	4	-2/+32
	* Help for nix-worker.
2006-12-01	* Replace read-only calls to addTextToStore.	Eelco Dolstra	2	-3/+9

2006-12-01	* Merge addToStore and addToStoreFixed.	Eelco Dolstra	11	-96/+40
	* addToStore now adds unconditionally, it doesn't use readOnlyMode. Read-only operation is up to the caller (who can call computeStorePathForPath).
2006-12-01	* Right name.	Eelco Dolstra	1	-2/+2

2006-12-01	* More operations.	Eelco Dolstra	5	-33/+116
	* addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-11-30	* More remote operations.	Eelco Dolstra	12	-46/+138
	* Added new operation hasSubstitutes(), which is more efficient than querySubstitutes().size() > 0.
2006-11-30	* Doh.	Eelco Dolstra	1	-1/+1

2006-11-30	* More operations.	Eelco Dolstra	3	-9/+50

2006-11-30	* First remote operation: isValidPath().	Eelco Dolstra	4	-7/+63

2006-11-30	* When NIX_REMOTE is set to "slave", fork off nix-worker in slave	Eelco Dolstra	5	-24/+87
	mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure.
2006-11-30	* Skeleton of the privileged worker program.	Eelco Dolstra	12	-126/+255
	* Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation.
2006-11-30	* Oops.	Eelco Dolstra	2	-0/+135

2006-11-30	* Skeleton of remote store implementation.	Eelco Dolstra	4	-6/+14

2006-11-30	* Put building in the store API.	Eelco Dolstra	11	-48/+31

2006-11-30	* Refactoring. There is now an abstract interface class StoreAPI	Eelco Dolstra	17	-338/+458
	containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30	* Benchmarking Unix domain sockets.	Eelco Dolstra	3	-0/+121

2006-11-30	* Troubleshooting information on fixing a b0rked Berkeley DB database.	Eelco Dolstra	3	-13/+45

2006-11-29	* Don't spam.	Eelco Dolstra	1	-0/+2

2006-11-29	* Example script to set permissions for setuid operation.	Roy van den Broek	2	-1/+10

2006-11-29	* Remove --enable-setuid, --with-nix-user and --with-nix-group.	Eelco Dolstra	4	-61/+53
	Rather, setuid support is now always compiled in (at least on platforms that have the setresuid system call, e.g., Linux and FreeBSD), but it must enabled by chowning/chmodding the Nix binaries.
2006-11-24	* Doh! Path sizes need to be computed recursively of course.	Eelco Dolstra	3	-6/+28
	(NIX-70)
2006-11-24	* Dead files.	Eelco Dolstra	2	-12/+0

2006-11-18	* Show more progress.	Eelco Dolstra	1	-1/+3

2006-11-18	* Turn off synchronisation between C and C++ I/O functions. This	Eelco Dolstra	2	-1/+3
	gives a huge speedup in operations that read or write from standard input/output. (So libstdc++'s I/O isn't that bad, you just have to call std::ios::sync_with_stdio(false).) For instance, `nix-store --register-substitutes' went from 1.4 seconds to 0.1 seconds on a certain input. Another victory for Valgrind.