about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2014-07-17 nix-daemon: Add trusted-users and allowed-users optionsEelco Dolstra4-3/+90
‘trusted-users’ is a list of users and groups that have elevated rights, such as the ability to specify binary caches. It defaults to ‘root’. A typical value would be ‘@wheel’ to specify all users in the wheel group. ‘allowed-users’ is a list of users and groups that are allowed to connect to the daemon. It defaults to ‘*’. A typical value would be ‘@users’ to specify the ‘users’ group.
2014-07-17 nix-daemon: Show name of connecting userEelco Dolstra1-6/+7
2014-07-17 nix-daemon: Only print connection info if we have SO_PEERCREDEelco Dolstra1-9/+12
2014-07-17 nix-daemon: Fix compat with older clientsEelco Dolstra1-1/+1
2014-07-16 Get rid of a compiler warningEelco Dolstra1-1/+2
2014-07-16 Be more strict about file names in NARsEelco Dolstra1-1/+6
2014-07-16 Handle case collisions on case-insensitive systemsEelco Dolstra6-76/+122
When running NixOps under Mac OS X, we need to be able to import store paths built on Linux into the local Nix store. However, HFS+ is usually case-insensitive, so if there are directories with file names that differ only in case, then importing will fail. The solution is to add a suffix ("~nix~case~hack~<integer>") to colliding files. For instance, if we have a directory containing xt_CONNMARK.h and xt_connmark.h, then the latter will be renamed to "xt_connmark.h~nix~case~hack~1". If a store path is dumped as a NAR, the suffixes are removed. Thus, importing and exporting via a case-insensitive Nix store is round-tripping. So when NixOps calls nix-copy-closure to copy the path to a Linux machine, you get the original file names back. Closes #119.
2014-07-16 Make dev-shell script work on DarwinEelco Dolstra1-2/+3
2014-07-16 Install systemd and Upstart stuff only on LinuxEelco Dolstra2-2/+10
2014-07-16 Pass *_proxy vars to bootstrap fetchurlShea Levy1-0/+8
2014-07-16 Manual: TypoEelco Dolstra1-1/+1
2014-07-14 Remove cruftEelco Dolstra2-127/+0
2014-07-14 build-remote.pl: Fix building multiple output derivationsEelco Dolstra3-4/+6
We were importing paths without sorting them topologically, leading to "path is not valid" errors. See e.g. http://hydra.nixos.org/build/12451761
2014-07-12 build-remote.pl: Don't keep a shell process aroundEelco Dolstra1-1/+2
2014-07-12 build-remote.pl: Fix build logEelco Dolstra2-3/+5
2014-07-11 Fix testEelco Dolstra1-1/+1
2014-07-11 build-remote.pl: Use ‘nix-store --serve’ on the remote sideEelco Dolstra9-115/+185
This makes things more efficient (we don't need to use an SSH master connection, and we only start a single remote process) and gets rid of locking issues (the remote nix-store process will keep inputs and outputs locked as long as they're needed). It also makes it more or less secure to connect directly to the root account on the build machine, using a forced command (e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix daemon and is therefore more efficient. Also, don't call nix-store to import the output paths.
2014-07-11 Fix closure size displayEelco Dolstra1-1/+1
2014-07-11 Allow $NIX_BUILD_HOOK to be relative to Nix libexec directoryEelco Dolstra2-3/+5
2014-07-10 Fix broken Pid constructorEelco Dolstra1-5/+2
2014-07-10 Replace message "importing path <...>" with "exporting path <...>"Eelco Dolstra1-2/+2
This causes nix-copy-closure to show what it's doing before rather than after.
2014-07-10 Fix use of sysreadEelco Dolstra1-6/+18
2014-07-10 nix-copy-closure -s: Do substitutions via ‘nix-store --serve’Eelco Dolstra4-11/+43
This means we no longer need an SSH master connection, since we only execute a single command on the remote host.
2014-07-10 nix-copy-closure: Fix --dry-runEelco Dolstra1-8/+8
2014-07-10 Remove tabsEelco Dolstra1-3/+3
2014-07-10 Refactoring: Move all fork handling into a higher-order functionEelco Dolstra7-206/+128
C++11 lambdas ftw.
2014-07-10 nix-copy-closure: Restore compression and the progress viewerEelco Dolstra3-16/+89
2014-07-10 Remove maybeVforkEelco Dolstra5-18/+4
2014-07-10 nix-copy-closure: Fix race conditionEelco Dolstra4-60/+136
There is a long-standing race condition when copying a closure to a remote machine, particularly affecting build-remote.pl: the client first asks the remote machine which paths it already has, then copies over the missing paths. If the garbage collector kicks in on the remote machine between the first and second step, the already-present paths may be deleted. The missing paths may then refer to deleted paths, causing nix-copy-closure to fail. The client now performs both steps using a single remote Nix call (using ‘nix-store --serve’), locking all paths in the closure while querying. I changed the --serve protocol a bit (getting rid of QueryCommand), so this breaks the SSH substituter from older versions. But it was marked experimental anyway. Fixes #141.
2014-07-10 Fix security hole in ‘nix-store --serve’Eelco Dolstra1-1/+1
Since it didn't check that the path received from the client is a store path, the client could dump any path in the file system.
2014-07-10 Add a test for the SSH substituterEelco Dolstra1-2/+11
2014-07-09 Fix compilation error on some versions of GCCEelco Dolstra2-2/+3
src/libexpr/primops.cc:42:8: error: looser throw specifier for 'virtual nix::InvalidPathError::~InvalidPathError()' src/libexpr/nixexpr.hh:12:1: error: overriding 'virtual nix::EvalError::~EvalError() noexcept (true)' http://hydra.nixos.org/build/12385750
2014-07-08 Don't build on Ubuntu 10.10Eelco Dolstra1-2/+0
Its C++ compiler is too old. http://hydra.nixos.org/build/12385722
2014-07-04 Add builtin function ‘fromJSON’Eelco Dolstra6-0/+217
Fixes #294.
2014-07-03 Manual: html -> xhtmlEelco Dolstra1-3/+3
2014-06-27 Style fixEelco Dolstra1-11/+8
2014-06-27 Add `--json` argument to `nix-instantiate`Paul Colomiets2-6/+26
2014-06-27 allow-arbitrary-code-during-evaluation -> ↵Eelco Dolstra1-1/+1
allow-unsafe-native-code-during-evaluation
2014-06-27 Merge branch 'shlevy-import-native'Eelco Dolstra4-0/+50
2014-06-24 Only add the importNative primop if the ↵Shea Levy3-1/+7
allow-arbitrary-code-during-evaluation option is true (default false)
2014-06-17 Add importNative primopShea Levy2-0/+44
This can be used to import a dynamic shared object and return an arbitrary value, including new primops. This can be used both to test new primops without having to recompile nix every time, and to build specialized primops that probably don't belong upstream (e.g. a function that calls out to gpg to decrypt a nixops secret as-needed). The imported function should initialize the Value & as needed. A single import can define multiple values by creating an attrset or list, of course. An example initialization function might look like: extern "C" void initialize(nix::EvalState & state, nix::Value & v) { v.type = nix::tPrimOp; v.primOp = NEW nix::PrimOp(myFun, 1, state.symbols.create("myFun")); } Then `builtins.importNative ./example.so "initialize"` will evaluate to the primop defined in the myFun function.
2014-06-12 Don't use member initialisersEelco Dolstra1-4/+4
They're a little bit too recent (only supported since GCC 4.7). http://hydra.nixos.org/build/11851475
2014-06-12 Fix bogus warnings about dumping large pathsEelco Dolstra1-2/+2
Also, yay for C++11 non-static initialisers.
2014-06-12 Drop ImportError and FindErrorEelco Dolstra2-6/+0
We're not catching these anywhere.
2014-06-12 findFile: Realise the context of the path attributesShea Levy2-18/+45
2014-06-12 Share code between scopedImport and importShea Levy1-42/+44
In addition to reducing duplication, this fixes both import from derivation and import of derivation for scopedImport
2014-06-12 Add autoloads, make code more concise & idiomaticSteve Purcell1-78/+55
- Use define-derived-mode to declare nix-mode - Use autoloads to ensure nix-mode is usable (and enabled) without needing `require` - Use set + make-local-variable instead of longer 2-step equivalent
2014-06-10 == operator: Ignore string contextEelco Dolstra3-13/+4
There really is no case I can think of where taking the context into account is useful. Mostly it's just very inconvenient.
2014-06-10 Report daemon OOM betterEelco Dolstra2-9/+19
When copying a large path causes the daemon to run out of memory, you now get: error: Nix daemon out of memory instead of: error: writing to file: Broken pipe
2014-06-10 Print a warning when loading a large path into memoryEelco Dolstra3-4/+33
I.e. if you have a derivation with src = ./huge-directory; you'll get a warning that this is not a good idea.