Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2013-02-27 | Refactoring: Split off the non-recursive canonicalisePathMetaData() | Eelco Dolstra | 3 | -37/+52 | |
Also, change the file mode before changing the owner. This prevents a slight time window in which a setuid binary would be setuid root. | |||||
2013-02-26 | Remove outdated file | Eelco Dolstra | 1 | -33/+0 | |
2013-02-26 | Bump version number | Eelco Dolstra | 1 | -1/+1 | |
2013-02-26 | Update release notes | Eelco Dolstra | 1 | -1/+24 | |
2013-02-26 | Security: Don't allow builders to change permissions on files they don't own | Eelco Dolstra | 5 | -20/+17 | |
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway. | |||||
2013-02-19 | build-remote: Use the --quiet flag | Eelco Dolstra | 2 | -6/+3 | |
‘--option verbosity 0’ doesn't actually do anything. | |||||
2013-02-19 | Add `Settings::nixDaemonSocketFile'. | Ludovic Courtès | 5 | -10/+14 | |
2013-02-19 | Enable chroot support on old glibc versions. | Ludovic Courtès | 1 | -0/+6 | |
2013-02-08 | Document ‘hashString’ | Eelco Dolstra | 2 | -0/+26 | |
2013-02-08 | Make "${./path} ..." evaluate to a string, not a path | Eelco Dolstra | 3 | -5/+7 | |
Wacky string coercion semantics caused expressions like exec = "${./my-script} params..."; to evaluate to a path (‘/path/my-script params’), because anti-quotations are desuged to string concatenation: exec = ./my-script + " params..."; By constrast, adding a space at the start would yield a string as expected: exec = " ${./my-script} params..."; Now the first example also evaluates to a string. | |||||
2013-02-08 | Rename "hash" to "hashString" and handle SHA-1 | Eelco Dolstra | 3 | -24/+15 | |
2013-02-08 | experimental/hash | Marc Weber | 3 | -0/+33 | |
adding primop function calculating hash of a string Signed-off-by: Marc Weber <marco-oweber@gmx.de> | |||||
2013-02-05 | Nix::Store::derivationFromPath: Return derivation outputs | Eelco Dolstra | 1 | -9/+12 | |
2013-01-30 | Support the colonies | Eelco Dolstra | 1 | -3/+3 | |
2013-01-24 | Improve -I description | Eelco Dolstra | 1 | -4/+5 | |
Issue #88. | |||||
2013-01-23 | Only warn about SQLite being busy once | Eelco Dolstra | 1 | -1/+5 | |
No need to get annoying. | |||||
2013-01-22 | Correctly handle missing logs | Eelco Dolstra | 1 | -1/+3 | |
2013-01-21 | Fix the VM tests | Eelco Dolstra | 2 | -6/+6 | |
2013-01-21 | build-remote.pl: Don't keep build logs on the build slave | Eelco Dolstra | 1 | -2/+3 | |
2013-01-21 | corepkgs/fetchurl: Enable making the downloaded file executable | Shea Levy | 1 | -3/+4 | |
2013-01-17 | Store build logs in /nix/var/log/nix/drvs/<XX> | Eelco Dolstra | 2 | -30/+37 | |
...where <XX> is the first two characters of the derivation. Otherwise /nix/var/log/nix/drvs may become so large that we run into all sorts of weird filesystem limits/inefficiences. For instance, ext3/ext4 filesystems will barf with "ext4_dx_add_entry:1551: Directory index full!" once you hit a few million files. | |||||
2013-01-07 | Bump version number to 1.4 | Eelco Dolstra | 1 | -1/+1 | |
2013-01-05 | Delete a left-over trash directory before doing a GC | Eelco Dolstra | 1 | -1/+4 | |
2013-01-04 | Fix "0 store paths deleted" message | Eelco Dolstra | 2 | -1/+3 | |
2013-01-03 | Open the database after removing immutable bits | Eelco Dolstra | 1 | -1/+1 | |
2013-01-03 | Remove tabs | Eelco Dolstra | 2 | -46/+46 | |
2013-01-03 | Clear any immutable bits in the Nix store | Eelco Dolstra | 10 | -89/+76 | |
Doing this once makes subsequent operations like garbage collecting more efficient since we don't have to call makeMutable() first. | |||||
2013-01-02 | Urgggh | Eelco Dolstra | 7 | -6/+12 | |
http://hydra.nixos.org/build/3661100 | |||||
2013-01-02 | Manual: Fix "nix-store --export" example | Eelco Dolstra | 1 | -3/+3 | |
2013-01-02 | Reinstate the http://nixos.org/binary-cache default for the binary-caches ↵ | Eelco Dolstra | 2 | -4/+4 | |
setting | |||||
2013-01-02 | Use sysconfdir=/etc | Eelco Dolstra | 1 | -0/+3 | |
2013-01-02 | Update release notes | Eelco Dolstra | 1 | -0/+10 | |
2013-01-02 | If a substitute closure is incomplete, build dependencies, then retry the ↵ | Eelco Dolstra | 2 | -8/+30 | |
substituter Issue #77. | |||||
2013-01-02 | Automatically fall back if the references of a substitute are not substitutable | Eelco Dolstra | 1 | -1/+1 | |
Fixes #77. | |||||
2013-01-02 | Add a test for incomplete closures in the binary cache | Eelco Dolstra | 1 | -0/+8 | |
Issue #77. | |||||
2012-12-29 | nix-build: Support talking to old daemons | Eelco Dolstra | 1 | -1/+10 | |
Fixes #76. | |||||
2012-12-29 | Allow mounting a path in a different location in the chroot | Eelco Dolstra | 4 | -46/+46 | |
Fixes #24. | |||||
2012-12-21 | download-from-binary-cache: Use the channels of the calling user rather than ↵ | Eelco Dolstra | 2 | -5/+9 | |
root This should make live easier for single-user (non-daemon) installations. Note that when the daemon is used, the "calling user" is root so we're not using any untrusted caches. | |||||
2012-12-21 | Typo fix | Eelco Dolstra | 1 | -1/+1 | |
2012-12-20 | nix-store -q --roots: Respect the gc-keep-outputs/gc-keep-derivations settings | Eelco Dolstra | 9 | -25/+64 | |
So if a path is not garbage solely because it's reachable from a root due to the gc-keep-outputs or gc-keep-derivations settings, ‘nix-store -q --roots’ now shows that root. | |||||
2012-12-20 | Yet another rewrite of the garbage collector | Eelco Dolstra | 2 | -131/+138 | |
But this time it's *obviously* correct! No more segfaults due to infinite recursions for sure, etc. Also, move directories to /nix/store/trash instead of renaming them to /nix/store/bla-gc-<pid>. Then we can just delete /nix/store/trash at the end. | |||||
2012-12-20 | Give a better error message if writeFile fails due to permission issues | Eelco Dolstra | 1 | -2/+2 | |
2012-12-19 | If gc-keep-derivations is set, only keep the actual deriver | Eelco Dolstra | 1 | -1/+1 | |
This prevents zillions of derivations from being kept, and fixes an infinite recursion in the garbage collector (due to an obscure cycle that can occur with fixed-output derivations). | |||||
2012-12-19 | Kill the build hook rather than shutting it down cleanly | Eelco Dolstra | 1 | -7/+1 | |
Waiting for the hook to shut down cleanly sometimes seems to lead to hangs. | |||||
2012-12-18 | Revert brain fart | Eelco Dolstra | 1 | -2/+0 | |
This reverts commit cc511fd65b7b6de9e87e72fb4bed16fc7efeb8b7. | |||||
2012-12-18 | Check for potential infinite select() loops when building | Eelco Dolstra | 1 | -0/+2 | |
2012-12-13 | fix use-after-free bug in mkString(Value&, Symbol&) | Stuart Pernsteiner | 1 | -1/+1 | |
2012-12-12 | Allow setting the profile location using $NIX_PROFILE | Eelco Dolstra | 2 | -4/+16 | |
Fixes #69. | |||||
2012-12-11 | Debian package: Add dependency on libwww-curl-perl | Eelco Dolstra | 1 | -1/+1 | |
Fixes issue #70. | |||||
2012-12-11 | On SQLITE_BUSY, wait a random amount of time | Eelco Dolstra | 2 | -1/+7 | |
If all contending processes wait a fixed amount of time (100 ms), there is a good probability that they'll just collide again. |