about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2013-02-27 Refactoring: Split off the non-recursive canonicalisePathMetaData()Eelco Dolstra3-37/+52
Also, change the file mode before changing the owner. This prevents a slight time window in which a setuid binary would be setuid root.
2013-02-26 Remove outdated fileEelco Dolstra1-33/+0
2013-02-26 Bump version numberEelco Dolstra1-1/+1
2013-02-26 Update release notesEelco Dolstra1-1/+24
2013-02-26 Security: Don't allow builders to change permissions on files they don't ownEelco Dolstra5-20/+17
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway.
2013-02-19 build-remote: Use the --quiet flagEelco Dolstra2-6/+3
‘--option verbosity 0’ doesn't actually do anything.
2013-02-19 Add `Settings::nixDaemonSocketFile'.Ludovic Courtès5-10/+14
2013-02-19 Enable chroot support on old glibc versions.Ludovic Courtès1-0/+6
2013-02-08 Document ‘hashString’Eelco Dolstra2-0/+26
2013-02-08 Make "${./path} ..." evaluate to a string, not a pathEelco Dolstra3-5/+7
Wacky string coercion semantics caused expressions like exec = "${./my-script} params..."; to evaluate to a path (‘/path/my-script params’), because anti-quotations are desuged to string concatenation: exec = ./my-script + " params..."; By constrast, adding a space at the start would yield a string as expected: exec = " ${./my-script} params..."; Now the first example also evaluates to a string.
2013-02-08 Rename "hash" to "hashString" and handle SHA-1Eelco Dolstra3-24/+15
2013-02-08 experimental/hashMarc Weber3-0/+33
adding primop function calculating hash of a string Signed-off-by: Marc Weber <marco-oweber@gmx.de>
2013-02-05 Nix::Store::derivationFromPath: Return derivation outputsEelco Dolstra1-9/+12
2013-01-30 Support the coloniesEelco Dolstra1-3/+3
2013-01-24 Improve -I descriptionEelco Dolstra1-4/+5
Issue #88.
2013-01-23 Only warn about SQLite being busy onceEelco Dolstra1-1/+5
No need to get annoying.
2013-01-22 Correctly handle missing logsEelco Dolstra1-1/+3
2013-01-21 Fix the VM testsEelco Dolstra2-6/+6
2013-01-21 build-remote.pl: Don't keep build logs on the build slaveEelco Dolstra1-2/+3
2013-01-21 corepkgs/fetchurl: Enable making the downloaded file executableShea Levy1-3/+4
2013-01-17 Store build logs in /nix/var/log/nix/drvs/<XX>Eelco Dolstra2-30/+37
...where <XX> is the first two characters of the derivation. Otherwise /nix/var/log/nix/drvs may become so large that we run into all sorts of weird filesystem limits/inefficiences. For instance, ext3/ext4 filesystems will barf with "ext4_dx_add_entry:1551: Directory index full!" once you hit a few million files.
2013-01-07 Bump version number to 1.4Eelco Dolstra1-1/+1
2013-01-05 Delete a left-over trash directory before doing a GCEelco Dolstra1-1/+4
2013-01-04 Fix "0 store paths deleted" messageEelco Dolstra2-1/+3
2013-01-03 Open the database after removing immutable bitsEelco Dolstra1-1/+1
2013-01-03 Remove tabsEelco Dolstra2-46/+46
2013-01-03 Clear any immutable bits in the Nix storeEelco Dolstra10-89/+76
Doing this once makes subsequent operations like garbage collecting more efficient since we don't have to call makeMutable() first.
2013-01-02 UrggghEelco Dolstra7-6/+12
http://hydra.nixos.org/build/3661100
2013-01-02 Manual: Fix "nix-store --export" exampleEelco Dolstra1-3/+3
2013-01-02 Reinstate the http://nixos.org/binary-cache default for the binary-caches ↵Eelco Dolstra2-4/+4
setting
2013-01-02 Use sysconfdir=/etcEelco Dolstra1-0/+3
2013-01-02 Update release notesEelco Dolstra1-0/+10
2013-01-02 If a substitute closure is incomplete, build dependencies, then retry the ↵Eelco Dolstra2-8/+30
substituter Issue #77.
2013-01-02 Automatically fall back if the references of a substitute are not substitutableEelco Dolstra1-1/+1
Fixes #77.
2013-01-02 Add a test for incomplete closures in the binary cacheEelco Dolstra1-0/+8
Issue #77.
2012-12-29 nix-build: Support talking to old daemonsEelco Dolstra1-1/+10
Fixes #76.
2012-12-29 Allow mounting a path in a different location in the chrootEelco Dolstra4-46/+46
Fixes #24.
2012-12-21 download-from-binary-cache: Use the channels of the calling user rather than ↵Eelco Dolstra2-5/+9
root This should make live easier for single-user (non-daemon) installations. Note that when the daemon is used, the "calling user" is root so we're not using any untrusted caches.
2012-12-21 Typo fixEelco Dolstra1-1/+1
2012-12-20 nix-store -q --roots: Respect the gc-keep-outputs/gc-keep-derivations settingsEelco Dolstra9-25/+64
So if a path is not garbage solely because it's reachable from a root due to the gc-keep-outputs or gc-keep-derivations settings, ‘nix-store -q --roots’ now shows that root.
2012-12-20 Yet another rewrite of the garbage collectorEelco Dolstra2-131/+138
But this time it's *obviously* correct! No more segfaults due to infinite recursions for sure, etc. Also, move directories to /nix/store/trash instead of renaming them to /nix/store/bla-gc-<pid>. Then we can just delete /nix/store/trash at the end.
2012-12-20 Give a better error message if writeFile fails due to permission issuesEelco Dolstra1-2/+2
2012-12-19 If gc-keep-derivations is set, only keep the actual deriverEelco Dolstra1-1/+1
This prevents zillions of derivations from being kept, and fixes an infinite recursion in the garbage collector (due to an obscure cycle that can occur with fixed-output derivations).
2012-12-19 Kill the build hook rather than shutting it down cleanlyEelco Dolstra1-7/+1
Waiting for the hook to shut down cleanly sometimes seems to lead to hangs.
2012-12-18 Revert brain fartEelco Dolstra1-2/+0
This reverts commit cc511fd65b7b6de9e87e72fb4bed16fc7efeb8b7.
2012-12-18 Check for potential infinite select() loops when buildingEelco Dolstra1-0/+2
2012-12-13 fix use-after-free bug in mkString(Value&, Symbol&)Stuart Pernsteiner1-1/+1
2012-12-12 Allow setting the profile location using $NIX_PROFILEEelco Dolstra2-4/+16
Fixes #69.
2012-12-11 Debian package: Add dependency on libwww-curl-perlEelco Dolstra1-1/+1
Fixes issue #70.
2012-12-11 On SQLITE_BUSY, wait a random amount of timeEelco Dolstra2-1/+7
If all contending processes wait a fixed amount of time (100 ms), there is a good probability that they'll just collide again.