about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2015-12-22 Handle /tmp being a symlinkEelco Dolstra1-1/+1
Hopefully fixes Darwin sandbox regression introduced in 8063fc497ab78fa72962b93874fe25dcca2b55ed.
2015-12-22 Don't ignore sodium_init() return valueEelco Dolstra1-1/+2
2015-12-22 Fix bad error message in Darwin chrootsEelco Dolstra1-1/+3
2015-12-17 showId: Handle empty attribute namesEelco Dolstra1-2/+3
We should probably disallow these, but until then, we shouldn't barf with an assertion failure. Fixes #738.
2015-12-15 Merge pull request #742 from garrison/debian-curl-nssEelco Dolstra1-1/+1
Make Debian package depend on libcurl3-nss
2015-12-14 Make Debian package depend on libcurl3-nssJim Garrison1-1/+1
Otherwise nix-env fails to start if it is not installed
2015-12-14 Merge pull request #732 from puffnfresh/patch-1Eelco Dolstra1-1/+2
Use shellwords for nix-shell shebang
2015-12-10 Fix coverage buildEelco Dolstra1-1/+1
2015-12-10 Build sandbox support etc. unconditionally on LinuxEelco Dolstra4-70/+24
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent ambiguity.
2015-12-08 Merge pull request #734 from bjornfor/hash-mismatch-messageEelco Dolstra1-2/+2
Clarify error message for hash mismatches (again)
2015-12-08 Clarify error message for hash mismatches (again)Bjørn Forsman1-2/+2
This is arguably nitpicky, but I think this new formulation is even clearer. My thinking is that it's easier to comprehend when the calculated hash value is displayed close to the output path. (I think it is somewhat similar to eliminating double negatives in logic statements.) The formulation is inspired / copied from the OpenEmbedded build tool, bitbake.
2015-12-07 Use shellwords for nix-shell shebangBrian McKenna1-1/+2
Previously we can't have quoted arguments. This now allows us to use things like `ghcWithPackages`
2015-12-02 daemon: Add 'buildMode' parameter to 'buildPaths' RPCLudovic Courtès3-5/+20
2015-12-02 Use deterministic $TMPDIR in sandboxEelco Dolstra1-28/+36
Rather than using $<host-TMPDIR>/nix-build-<drvname>-<number>, the temporary directory is now always /tmp/nix-build-<drvname>-0. This improves bitwise-exact reproducibility for builds that store $TMPDIR in their build output. (Of course, those should still be fixed...)
2015-11-25 Merge branch 'auto-call-functor'Shea Levy1-0/+11
autoCallFunction now auto-calls functors
2015-11-25 autoCallFunction: Auto-call functorsShea Levy1-0/+11
2015-11-25 Merge pull request #617 from Preston4tw/patch-1Eelco Dolstra1-0/+1
Update nix.spec.in
2015-11-25 Set default binary-caches-parallel-connections to 25Eelco Dolstra2-2/+2
Some benchmarking suggested this as a good value. Running $ benchmark -f ... -t 25 -- sh -c 'rm -f /nix/var/nix/binary-cache*; nix-store -r /nix/store/x5z8a2yvz8h6ccmhwrwrp9igg03575jg-nixos-15.09.git.5fd87e1M.drv --dry-run --option binary-caches-parallel-connections <N>' gave the following mean elapsed times for these values of N: N=10: 3.3541 N=20: 2.9320 N=25: 2.6690 N=30: 2.9417 N=50: 3.2021 N=100: 3.5718 N=150: 4.2079 Memory usage is also reduced (N=150 used 186 MB, N=25 only 68 MB). Closes #708.
2015-11-25 Fix Ubuntu/Debian/Fedora buildsEelco Dolstra1-3/+3
2015-11-25 Merge branch 'p/sandbox-rename-minimal' of https://github.com/vcunat/nixEelco Dolstra4-29/+62
2015-11-25 Remove sandboxProfile from release.nixEelco Dolstra1-4/+0
There is really no conceivable reason why building Nix would need access to the host's nix.conf. If it does, it's a bug, and we should fix that instead.
2015-11-25 Fix build failure introduced by #704Eelco Dolstra1-2/+3
Also, make the FreeBSD checks conditional on FreeBSD.
2015-11-25 Merge pull request #712 from pSub/print-meta-licenseEelco Dolstra1-0/+12
Print license information on '--xml --meta'
2015-11-24 Merge pull request #716 from ebzzry/masterEelco Dolstra1-1/+1
Fixed typo.
2015-11-24 Merge pull request #704 from ysangkok/freebsd-supportEelco Dolstra6-3/+16
FreeBSD support with knowledge about Linux emulation
2015-11-23 Fixed typo.Rommel M. Martinez1-1/+1
2015-11-21 Merge branch 'host-deps' of git://github.com/pikajude/nixShea Levy3-4/+3
Reintroduces the functionality that allows the baked-in pre-build-hook to find framework dependencies
2015-11-21 reintroduce host deps in tandem with sandbox profilesJude Taylor3-4/+3
2015-11-21 Revert "remove sandbox-defaults.sb"Shea Levy2-0/+64
As discussed in NixOS/nixpkgs#11001, we still need some of the old sandbox mechanism. This reverts commit d760c2638c9e1f4b8cd9b4ec90d68bf0c76a800b.
2015-11-21 Print license information on '--xml --meta'Pascal Wittmann1-0/+12
The nixpkgs manual prescribes the use of values from stdenv.lib.licenses for the meta.license attribute. Those values are attribute sets and currently skipped when running nix-env with '--xml --meta'. This has the consequence that also nixpkgs-lint will report missing licenses. With this commit nix-env with '--xml --meta' will print all attributes of an attribute set that are of type tString. For example the output for the package nixpkgs.hello is <meta name="license" type="strings"> <string type="url" value="http://spdx.org/licenses/GPL-3.0+" /> <string type="shortName" value="gpl3Plus" /> <string type="fullName" value="GNU General Public License v3.0 or later" /> <string type="spdxId" value="GPL-3.0+" /> </meta> This commit fixes nixpkgs-lint, too.
2015-11-19 re-fix permissions for GHCJude Taylor1-2/+5
2015-11-19 Merge branch 'sandbox-profiles' of git://github.com/pikajude/nixShea Levy7-88/+56
Temporarily allow derivations to describe their full sandbox profile. This will be eventually scaled back to a more secure setup, see the discussion at #695
2015-11-19 Merge pull request #707 from peti/masterEelco Dolstra1-1/+1
src/libstore/build.cc: clarify error message for hash mismatches
2015-11-19 src/libstore/build.cc: clarify error message for hash mismatchesPeter Simons1-1/+1
Nix reports a hash mismatch saying: output path ‘foo’ should have sha256 hash ‘abc’, instead has ‘xyz’ That message is slightly ambiguous and some people read that statement to mean the exact opposite of what it is supposed to mean. After this patch, the message will be: Nix expects output path ‘foo’ to have sha256 hash ‘abc’, instead it has ‘xyz’
2015-11-17 Merge pull request #1 from shlevy/sandbox-profilesJude Taylor3-5/+24
Use AutoDelete for sandbox profile file
2015-11-17 FreeBSD can build Linux 32-bit binariesjanus1-0/+2
2015-11-16 Default arguments belong at declaration, not definitionShea Levy1-1/+1
2015-11-16 Fix copy-paste errorShea Levy1-1/+1
2015-11-16 AutoDelete: Add default constructor with deletion disabledShea Levy3-1/+11
2015-11-15 Use AutoDelete for sandbox profile fileShea Levy1-5/+14
2015-11-14 simplify build.cc using modern C++ featuresJude Taylor1-33/+31
2015-11-14 simplify build permissionsJude Taylor2-17/+6
2015-11-14 remove sandbox-defaults.sbJude Taylor2-64/+0
2015-11-14 update sandbox profiles within nixJude Taylor2-4/+19
2015-11-14 use per-derivation sandbox profilesJude Taylor1-28/+39
2015-11-10 rename `chroot` to `sandbox` (fixes #656, close #682)Vladimír Čunát4-29/+62
- rename options but leav old names as lower-priority aliases, also "-dirs" -> "-paths" to get closer to the meaning - update docs to reflect the new names (old aliases are not documented), including a new file with release notes - tests need an update after corresponding changes to nixpkgs - __noChroot is left as it is (after discussion on the PR)
2015-11-10 Fix bad characters in "copying 7 missing paths from ..."Eelco Dolstra1-0/+1
2015-11-09 Add option to verify build determinismEelco Dolstra3-12/+76
Passing "--option build-repeat <N>" will cause every build to be repeated N times. If the build output differs between any round, the build is rejected, and the output paths are not registered as valid. This is primarily useful to verify build determinism. (We already had a --check option to repeat a previously succeeded build. However, with --check, non-deterministic builds are registered in the DB. Preventing that is useful for Hydra to ensure that non-deterministic builds don't end up getting published at all.)
2015-11-09 Revert "Allow using /bin and /usr/bin as impure prefixes on non-darwin by ↵Eelco Dolstra1-1/+1
default" This reverts commit 79ca5033329053caa364bb2f7e50953f859cc97f. Ouch, never noticed this. We definitely don't want to allow builds to have arbitrary access to /bin and /usr/bin, because then they can (for instance) bring in a bunch of setuid programs. Also, we shouldn't be encouraging the use of impurities in the default configuration.
2015-11-09 optimizePath(): Detect some .links corruptionEelco Dolstra1-2/+9
If automatic store optimisation is enabled, and a hard-linked file in the store gets corrupted, then the corresponding .links entry will also be corrupted. In that case, trying to repair with --repair or --repair-path won't work, because the new "good" file will be replaced by a hard link to the corrupted file. We can catch most of these cases by doing a sanity-check on the file sizes.