Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
$(localstatedir)/nix/gcroots/channels).
* In setuid installations, create gcroots/tmp and gcroots/channels
group-writable.
|
|
|
|
|
|
edit the manual, you should have something like
(modify-coding-system-alist 'file "\\.xml\\>" 'utf-8)
in your ~/.emacs.
|
|
|
|
sensitivity.
|
|
chapter on writing Nix expressions.
|
|
|
|
downloading Nix expressions and calling nix-pull. This is so
user-friendly that even a Mac user can do it! :-)
|
|
* Set notes in a different color than warnings.
|
|
|
|
|
|
derivation, since NormalisationGoal would first run a
NormalisationGoal on the subderivation (a no-op, since in a
situation where we need fallback the successor is known), and then
runs a RealisationGoal on the normal form, which then cannot do a
fallback because it doesn't know the derivation expression for which
it is a normal form.
Tossed out the 2-phase normalisation/realisation in
NormalisationGoal and SubstitutionGoal since it's no longer needed -
a RealisationGoal will run a NormalisationGoal if necessary.
|
|
profile. Arguments are either generation number, or `old' to delete
all non-current generations. Typical use:
$ nix-env --delete-generations old
$ nix-collect-garbage
* istringstream -> string2Int.
|
|
added to the store. Bug reported by Martin.
|
|
Previously there was the problem that all files read by nix-env
etc. should be reachable and readable by the Nix user. So for
instance building a Nix expression in your home directory meant that
the home directory should have at least g+x or o+x permission so
that the Nix user could reach the Nix expression. Now we just
switch back to the original user just prior to reading sources and
the like. The places where this happens are somewhat arbitrary,
however. Any scope that has a live SwitchToOriginalUser object in
it is executed as the original user.
* Back out r1385. setreuid() sets the saved uid to the new
real/effective uid, which prevents us from switching back to the
original uid. setresuid() doesn't have this problem (although the
manpage has a bug: specifying -1 for the saved uid doesn't leave it
unchanged; an explicit value must be specified).
|
|
more common than the latter (which exists only on Linux and
FreeBSD). We don't really care about dropping the saved IDs since
there apparently is no way to quiry them in any case, so it can't
influence the build (unlike the effective IDs which are checked by
Perl for instance).
|
|
setuid installation, since the calling user may have a more fascist
umask (say, 0077), which would cause the store objects built by Nix
to be unreadable to anyone other than the Nix user.
|
|
|
|
pre-install script. By default this is turned off; you should edit
the spec file to enable it.
|
|
set on the rpmbuild command line.
|
|
doesn't take \Theta(n^2) space/time complexity.
|
|
errors while running `nix-store --verify'.
|
|
could get out of sync if multiple input derivations mapped to the
same closure expression (since waitees is a set).
|
|
unreachable paths that haven't been used for N hours. For instance,
`nix-collect-garbage --min-age 168' only deletes paths that haven't
been accessed in the last week.
This is useful for instance in the build farm where many derivations
can be shared between consecutive builds, and we wouldn't want a
garbage collect to throw them all away. We could of course register
them as roots, but then we'd to unregister them at some point, which
would be a pain to manage. The `--min-age' flag gives us a sort of
MRU caching scheme.
BUG: this really shouldn't be in gc.cc since that violates
mechanism/policy separation.
|
|
doesn't just print the set of paths that should be deleted. So
there is no more need to pipe the result into `nix-store --delete'
(which doesn't even exist anymore).
|
|
suboperations `--print-live', `--print-dead', and `--delete'. The
roots are not determined by nix-store; they are read from standard
input. This is to make it easy to customise what the roots are.
The collector now no longer fails when store expressions are missing
(which legally happens when using substitutes). It never tries to
fetch paths through substitutes.
TODO: acquire a global lock on the store while garbage collecting.
* Removed `nix-store --delete'.
|
|
* Drop support for the outPath attribute in derivations.
|
|
|
|
|
|
set the real uid and gid to the effective uid and gid, the Nix
binaries can be installed as owned by the Nix user and group instead
of root, so no root involvement of any kind is necessary.
Linux and FreeBSD have these functions.
|
|
users.
If the configure flag `--enable-setuid' is used, the Nix programs
nix-env, nix-store, etc. are installed with the setuid bit turned on
so that they are executed as the user and group specified by
`--with-nix-user=USER' and `--with-nix-group=GROUP', respectively
(with defaults `nix' and `nix').
The setuid programs drop all special privileges if they are executed
by a user who is not a member of the Nix group.
The setuid feature is a quick hack to enable sharing of a Nix
installation between users who trust each other. It is not
generally secure, since any user in the Nix group can modify (by
building an appropriate derivation) any object in the store, and for
instance inject trojans into binaries used by other users.
The setuid programs are owned by root, not the Nix user. This is
because on Unix normal users cannot change the real uid, only the
effective uid. Many programs don't work properly when the real uid
differs from the effective uid. For instance, Perl will turn on
taint mode. However, the setuid programs drop all root privileges
immediately, changing all uids and gids to the Nix user and group.
|
|
* Don't use `seq' - some primitive, obsolete operating systems
(Darwin) don't have it.
|
|
* Builder output is written to standard error by default.
* The option `-B' is gone.
* The option `-Q' suppresses builder output.
The result of this is that most Nix invocations shouldn't need any
flags w.r.t. logging.
|
|
* Handle multiple derivations correctly.
|
|
"i686-linux").
|
|
particular happens on distributed builds or when using push/pull.
|
|
print out incorrect "build failed" messages).
|
|
|
|
|
|
derivation disables scanning for dependencies. Use at your own
risk. This is a quick hack to speed up UML image generation (image
are very big, say 1 GB).
It would be better if the scanner were faster, and didn't read the
whole file into memory.
|
|
|
|
* Include bootstrap.sh in dist.
|
|
|
|
store object just built.
|
|
|
|
Now SuSE and Red Hat should yield the same type (`i686-linux'). Mac
OS X should now give `powerpc-darwin' (i.e., the version number is
gone).
|
|
|