Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2016-04-08 | Make LocalStore thread-safe | Eelco Dolstra | 5 | -217/+246 | |
Necessary for multi-threaded commands like "nix verify-paths". | |||||
2016-04-07 | nix verify-paths: Add ‘--sigs-needed <N>’ flag | Eelco Dolstra | 3 | -16/+41 | |
This specifies the number of distinct signatures required to consider each path "trusted". Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables verifying whether a path is trusted (since a path can also be trusted if it has no signatures, but was built locally). | |||||
2016-04-07 | Use secret-key-files for verifying | Eelco Dolstra | 1 | -1/+14 | |
2016-04-07 | Sign locally-built paths | Eelco Dolstra | 3 | -1/+24 | |
Locally-built paths are now signed automatically using the secret keys specified by the ‘secret-key-files’ option. | |||||
2016-04-06 | Fix "tar: This does not look like a tar archive" with fetchTarball / -I http:// | Eelco Dolstra | 1 | -2/+1 | |
The 304 Not Modified was not handled correctly, so the empty result from the conditional request would overwrite the previous tarball. | |||||
2016-04-05 | Add "nix sign-paths" command | Eelco Dolstra | 2 | -1/+52 | |
E.g. $ nix sign-paths -k ./secret -r $(type -p geeqie) signs geeqie and all its dependencies using the key in ./secret. | |||||
2016-04-05 | Add "nix copy-sigs" command | Eelco Dolstra | 9 | -3/+185 | |
This imports signatures from one store into another. E.g. $ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/ imported 595 signatures | |||||
2016-04-05 | Probably fix SQLITE_BUSY errors | Eelco Dolstra | 2 | -0/+7 | |
2016-04-04 | throwSQLiteError(): Check for SIGINT so we don't loop forever | Eelco Dolstra | 1 | -0/+1 | |
2016-03-31 | Add missing -pthread | Eelco Dolstra | 1 | -1/+1 | |
https://hydra.nixos.org/build/33908385 | |||||
2016-03-30 | LocalStore: Keep track of ultimately trusted paths | Eelco Dolstra | 7 | -12/+51 | |
These are content-addressed paths or outputs of locally performed builds. They are trusted even if they don't have signatures, so "nix verify-paths" won't complain about them. | |||||
2016-03-30 | Fix nix-copy-closure test on 16.03 | Eelco Dolstra | 1 | -1/+1 | |
2016-03-30 | Improve the SQLite wrapper API | Eelco Dolstra | 5 | -224/+157 | |
In particular, this eliminates a bunch of boilerplate code. | |||||
2016-03-30 | Factour out SQLite handling | Eelco Dolstra | 4 | -204/+224 | |
2016-03-30 | Turn retrying SQLite transactions into a higher-order function | Eelco Dolstra | 1 | -33/+42 | |
2016-03-30 | nix verify: Support checking against signatures in other stores | Eelco Dolstra | 1 | -2/+33 | |
Typical usage is to check local paths using the signatures from a binary cache: $ nix verify-paths -r /run/current-system -s https://cache.nixos.org path ‘/nix/store/c1k4zqfb74wba5sn4yflb044gvap0x6k-nixos-system-mandark-16.03.git.fc2d7a5M’ is untrusted ... checked 844 paths, 119 untrusted | |||||
2016-03-30 | HttpBinaryCacheStore: Treat 403 errors as 404 | Eelco Dolstra | 1 | -1/+3 | |
2016-03-30 | CurlDownloader: Fix HTTP error processing | Eelco Dolstra | 1 | -1/+0 | |
2016-03-29 | Improve SIGINT handling in multi-threaded programs | Eelco Dolstra | 4 | -14/+12 | |
The flag remembering whether an Interrupted exception was thrown is now thread-local. Thus, all threads will (eventually) throw Interrupted. Previously, one thread would throw Interrupted, and then the other threads wouldn't see that they were supposed to quit. | |||||
2016-03-29 | Add "nix verify-store" command | Eelco Dolstra | 1 | -13/+53 | |
Like "nix-store --verify --check-contents", but with the same advantages as "nix verify-paths". | |||||
2016-03-29 | Add "nix verify-paths" command | Eelco Dolstra | 11 | -2/+432 | |
Unlike "nix-store --verify-path", this command verifies signatures in addition to store path contents, is multi-threaded (especially useful when verifying binary caches), and has a progress indicator. Example use: $ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird) ... [17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’ | |||||
2016-03-29 | Re-enable sync_with_stdio | Eelco Dolstra | 1 | -3/+0 | |
Otherwise writing to std::cerr is not thread-safe (in particular, lines will be randomly duplicated). | |||||
2016-03-29 | Merge pull request #864 from copumpkin/remove-hack | Eelco Dolstra | 1 | -3/+2 | |
Kill the temporary darwin-specific channel | |||||
2016-03-28 | Kill the temporary darwin-specific channel | Dan Peebles | 1 | -3/+2 | |
The issues have been resolved upstream in the main nixpkgs channel now | |||||
2016-03-24 | Use shorter daemon socket path in tests | Eelco Dolstra | 3 | -5/+5 | |
Otherwise we hit the 104 character limit. http://hydra.nixos.org/build/33562028 | |||||
2016-03-24 | Move signature support from NarInfo to ValidPathInfo | Eelco Dolstra | 4 | -39/+43 | |
2016-03-24 | Typos | Eelco Dolstra | 1 | -2/+2 | |
2016-03-24 | HttpBinaryCacheStore: Make thread-safe | Eelco Dolstra | 1 | -2/+6 | |
2016-03-23 | Drop support for daemon socket path >= 108 characters | Eelco Dolstra | 1 | -15/+3 | |
Doing a chdir() is a bad idea in multi-threaded programs, leading to failures such as error: cannot connect to daemon at ‘/nix/var/nix/daemon-socket/socket’: No such file or directory Since Linux doesn't have a connectat() syscall like FreeBSD, there is no way we can support this in a race-free way. | |||||
2016-03-23 | LocalStoreAccessor::stat: Handle ENOTDIR | Eelco Dolstra | 1 | -1/+1 | |
Closes https://github.com/NixOS/hydra/pull/286. | |||||
2016-03-22 | Remove references to old-school signing | Eelco Dolstra | 2 | -42/+0 | |
2016-03-22 | Don't overload dumpPath() | Eelco Dolstra | 7 | -11/+13 | |
2016-03-21 | Move signatures from NarInfo to ValidPathInfo | Eelco Dolstra | 4 | -11/+21 | |
This allows queryPathInfo() to return signatures. | |||||
2016-03-21 | nix: Add --store flag | Eelco Dolstra | 2 | -4/+10 | |
This is a bit user-friendlier than using $NIX_REMOTE. | |||||
2016-03-21 | Add Store::dumpPath() method | Eelco Dolstra | 7 | -7/+29 | |
This allows applying nix-store --verify-path to binary cache stores: NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7... | |||||
2016-03-21 | Drop support for upgrading from Nix <= 0.12 | Eelco Dolstra | 1 | -84/+7 | |
2016-03-17 | Merge pull request #852 from domenkozar/docker/1.11.2 | Eelco Dolstra | 1 | -13/+10 | |
Dockerfile: 1.9 -> 1.11.2, add more users | |||||
2016-03-16 | Dockerfile: 1.9 -> 1.11.2, add more users | Domen Kožar | 1 | -13/+10 | |
2016-03-15 | Fix RPM build | Eelco Dolstra | 1 | -1/+1 | |
http://hydra.nixos.org/build/33280008 | |||||
2016-03-15 | Fix Darwin build | Eelco Dolstra | 6 | -4/+8 | |
http://hydra.nixos.org/build/33279996 | |||||
2016-03-14 | Fix another mismatched tag | Eelco Dolstra | 1 | -1/+1 | |
http://hydra.nixos.org/build/33279570 | |||||
2016-03-14 | Fix build on clang due to -Wmismatched-tags | Eelco Dolstra | 1 | -1/+2 | |
http://hydra.nixos.org/build/33073389 | |||||
2016-03-14 | Fix bad DocBook | Eelco Dolstra | 1 | -2/+3 | |
http://hydra.nixos.org/build/33087405 | |||||
2016-03-14 | BinaryCacheStore::isValidPath(): Use .narinfo cache | Eelco Dolstra | 1 | -0/+9 | |
If a path is in the .narinfo cache, obviously it's valid. | |||||
2016-03-10 | Merge pull request #834 from abbradar/master | Eelco Dolstra | 1 | -1/+1 | |
Propagate path context via builtins.readFile | |||||
2016-03-10 | Merge pull request #822 from cstrahan/nix-store-serve | Eelco Dolstra | 1 | -0/+58 | |
add docs for `nix-store --serve` | |||||
2016-03-04 | Add option binary-cache-secret-key-file for signing binary caches | Eelco Dolstra | 3 | -2/+14 | |
2016-03-04 | BinaryCacheStore: Remove publicKeyFile argument | Eelco Dolstra | 7 | -25/+39 | |
The public key can be derived from the secret key, so there's no need for the user to supply it separately. | |||||
2016-03-04 | Eliminate some large string copying | Eelco Dolstra | 5 | -23/+25 | |
2016-03-04 | Add warning about "nix" being experimental | Eelco Dolstra | 1 | -0/+1 | |