about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2015-02-16 Use pivot_root in addition to chroot when possibleHarald van Dijk2-7/+29
chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use.
2015-02-12 Revert "Remove Fedora 18, 19 builds"Eelco Dolstra1-0/+4
This reverts commit 9c58691ce3a35833ddcbf157f9f174ab0cc1c37a. Fedora 18/19 images should build again.
2015-02-10 Don't depend on libsodium on DarwinEelco Dolstra1-1/+3
It doesn't build at the moment. http://hydra.nixos.org/build/19557641
2015-02-10 Make libsodium an optional dependencyEelco Dolstra6-2/+28
2015-02-10 Add Fedora 21 buildEelco Dolstra1-4/+8
Fixes #467.
2015-02-10 Add base64 encoder/decoderEelco Dolstra3-8/+66
2015-02-08 nix-build: Respect -Q during evaluationShea Levy1-0/+5
Fixes #474
2015-02-05 Remove tabEelco Dolstra1-1/+1
2015-02-04 TypoEelco Dolstra1-1/+1
2015-02-04 Require linux 3.13 or later for chrootShea Levy2-2/+8
Fixes #453
2015-02-04 Sign a subset of the .narinfoEelco Dolstra2-13/+29
We only need to sign the store path, NAR hash and references (the "fingerprint"). Everything else is irrelevant to security. For instance, the compression algorithm or the hash of the compressed NAR don't matter as long as the contents of the uncompressed NAR are correct. (Maybe we should include derivers in the fingerprint, but they're broken and nobody cares about them. Also, it might be nice in the future if .narinfos contained signatures from multiple independent signers. But that's impossible if the deriver is included in the fingerprint, since everybody will tend to have a different deriver for the same store path.) Also renamed the "Signature" field to "Sig" since the format changed in an incompatible way.
2015-02-04 Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra15-91/+196
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2015-02-03 Simplify parseHash32Eelco Dolstra1-37/+10
2015-02-03 Simplify printHash32Eelco Dolstra1-35/+17
2015-01-30 nix-install-package: follow symlinksJaka Hudoklin1-1/+1
2015-01-29 Merge remote-tracking branch 'shlevy/baseNameOf-no-copy'Shea Levy2-2/+2
baseNameOf: Don't copy paths to the store first
2015-01-28 Moves runHook to a later execution positionOliver Dunkl1-1/+1
It moves runHook to a later position in the rcfile. After that we are able to set the PS1 environment-variable for a nix-shell environment e.g.: # turn the color of the prompt to blue shellHook = '' export PS1="\n\[\033[1;34m\][\u@\h:\w]$\[\033[0m\] "; '';
2015-01-18 Make inputs writeable in the sandbox (builds still can’t actually write ↵Daniel Peebles1-2/+7
due to user permissions)
2015-01-15 Shut up "Wide character in print" warning in copy-from-other-stores.plEelco Dolstra1-0/+1
2015-01-15 Fix assertion failure in nix-envEelco Dolstra2-4/+8
$ nix-env -f ~/Dev/nixops/ -iA foo nix-env: src/libexpr/eval.hh:57: void nix::Bindings::push_back(const nix::Attr&): Assertion `size_ < capacity' failed. Aborted
2015-01-15 Set correct user agent for NAR downloads from binary cachesEelco Dolstra1-2/+4
2015-01-13 Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy1-1/+1
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 SysError -> ErrorEelco Dolstra1-1/+1
2015-01-13 Don't resolve symlinks while checking __impureHostDepsEelco Dolstra1-2/+5
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12 Add basic Apple sandbox supportDaniel Peebles1-17/+169
2015-01-12 doc: `nix-channel --remove` takes a name, not a urlTobias Geerinckx-Rice1-1/+1
2015-01-09 Fix builtins.readDir on XFSEelco Dolstra1-1/+1
The DT_UNKNOWN fallback code was getting the type of the wrong path, causing readDir to report "directory" as the type of every file. Reported by deepfire on IRC.
2015-01-08 Doh^2Eelco Dolstra1-1/+1
2015-01-08 DohEelco Dolstra1-3/+3
2015-01-08 Fix typo (assuming this is a typo)Данило Глинський (Danylo Hlynskyi)1-1/+1
Fix typo (assuming this is a typo) `allowedRequisites` mentions `allowedReferences` in code example
2015-01-08 Set /nix/store permission to 1737Eelco Dolstra2-19/+6
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-08 nix-shell: Add --run flagEelco Dolstra2-7/+26
‘--run’ is like ‘--command’, except that it runs the command in a non-interactive shell. This is important if you do things like: $ nix-shell --command make Hitting Ctrl-C while make is running drops you into the interactive Nix shell, which is probably not what you want. So you can now do $ nix-shell --run make instead.
2015-01-08 nix-shell: Interpret filenames relative to the #!-scriptEelco Dolstra1-0/+7
So you can have a script like: #! /usr/bin/env nix-shell #! nix-shell script.nix -i python import prettytable x = prettytable.PrettyTable(["Foo", "Bar"]) for i in range(1, 10): x.add_row([i, i**2]) print x with a ‘script.nix’ in the same directory: with import <nixpkgs> {}; runCommand "dummy" { buildInputs = [ python pythonPackages.prettytable ]; } "" (Of course, in this particular case, using the ‘-p’ flag is more convenient.)
2015-01-08 Allow nix-shell to be used as a #! interpreterEelco Dolstra1-0/+37
This allows scripts to fetch their own dependencies via nix-shell. For instance, here is a Haskell script that, when executed, pulls in GHC and the HTTP package: #! /usr/bin/env nix-shell #! nix-shell -i runghc -p haskellPackages.ghc haskellPackages.HTTP import Network.HTTP main = do resp <- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/") body <- getResponseBody resp print (take 100 body) Or a Perl script that pulls in Perl and some CPAN packages: #! /usr/bin/env nix-shell #! nix-shell -i perl -p perl perlPackages.HTMLTokeParserSimple perlPackages.LWP use HTML::TokeParser::Simple; my $p = HTML::TokeParser::Simple->new(url => 'http://nixos.org/'); while (my $token = $p->get_tag("a")) { my $href = $token->get_attr("href"); print "$href\n" if $href; } Note that the options to nix-shell must be given on a separate line that starts with the magic string ‘#! nix-shell’. This is because ‘env’ does not allow passing arguments to an interpreter directly.
2015-01-07 nix-shell --command: Remove bogus argument to "exit"Eelco Dolstra1-1/+1
Fixes "exit: Inappropriate: numeric argument required" errors.
2015-01-07 Show position info for failing <...> lookupsEelco Dolstra3-4/+8
2015-01-07 Remove quotes around filenames in position infoEelco Dolstra1-1/+1
2015-01-06 Document how to set up build users on Mac OS XEelco Dolstra1-0/+28
2015-01-06 Fix building on DarwinEelco Dolstra1-1/+4
Fixes #433.
2015-01-05 Merge pull request #431 from j-keck/masterRob Vermaas2-3/+2
small documentation fixes
2015-01-05 doc: remove wrong phrase.j-keck1-2/+1
'... another level of indirection not shown in the figure above ...' but in the 'user-environments.png' figure there is '~/.nix-profile'. the figure was updated with the commit: f982df3 on Mar 16, 2005.
2015-01-05 doc: remove double wordj-keck1-1/+1
'... when when ...' -> '... when ...'
2015-01-02 Allow $NIX_PAGER to override $PAGEREelco Dolstra1-4/+5
2015-01-02 libutil: Limit readLink() error to only overflows.aszlig1-2/+2
Let's not just improve the error message itself, but also the behaviour to actually work around the ntfs-3g symlink bug. If the readlink() call returns a smaller size than the stat() call, this really isn't a problem even if the symlink target really has changed between the calls. So if stat() reports the size for the absolute path, it's most likely that the relative path is smaller and thus it should also work for file system bugs as mentioned in 93002d69fc58c2b71e2dfad202139230c630c53a. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02 libutil: Improve errmsg on readLink size mismatch.aszlig1-1/+5
A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02 edition -> subtitleEelco Dolstra1-3/+1
For some reason, docbook-xsl doesn't render edition.
2014-12-29 LocalStore initialization: Don't die if build-users-group doesn't existShea Levy1-11/+12
See NixOS/nixpkgs@9245516
2014-12-23 Revive running builds in a PID namespaceEelco Dolstra1-30/+59
2014-12-16 Belatedly add contributorsEelco Dolstra1-0/+7
2014-12-15 Bump version numberEelco Dolstra1-1/+1