about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2011-08-06 * Refactoring: move parseExprFromFile() and parseExprFromString() intoEelco Dolstra10-52/+37
the EvalState class.
2011-07-20 * Don't allow derivations with fixed and non-fixed outputs.Eelco Dolstra1-43/+38
2011-07-20 * Fix a huuuuge security hole in the Nix daemon. It didn't check thatEelco Dolstra9-81/+180
derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-20 * Added a test that make sure that users cannot registerEelco Dolstra3-1/+62
specially-crafted derivations that produce output paths belonging to other derivations. This could be used to inject malware into the store.
2011-07-20 * Refactoring.Eelco Dolstra2-12/+17
2011-07-20 * Create a symlink to /nix/var/nix/manifests in /nix/var/nix/gcrootsEelco Dolstra1-0/+8
if it doesn't exist.
2011-07-18 * Support multiple outputs. A derivation can declare multiple outputsEelco Dolstra1-45/+84
by setting the ‘outputs’ attribute. For example: stdenv.mkDerivation { name = "aterm-2.5"; src = ...; outputs = [ "out" "tools" "dev" ]; configureFlags = "--bindir=$(tools)/bin --includedir=$(dev)/include"; } This derivation creates three outputs, named like this: /nix/store/gcnqgllbh01p3d448q8q6pzn2nc2gpyl-aterm-2.5 /nix/store/gjf1sgirwfnrlr0bdxyrwzpw2r304j02-aterm-2.5-tools /nix/store/hp6108bqfgxvza25nnxfs7kj88xi2vdx-aterm-2.5-dev That is, the symbolic name of the output is suffixed to the store path (except for the ‘out’ output). Each path is passed to the builder through the corresponding environment variable, e.g., ${tools}. The main reason for multiple outputs is to allow parts of a package to be distributed and garbage-collected separately. For instance, most packages depend on Glibc for its libraries, but don't need its header files. If these are separated into different store paths, then a package that depends on the Glibc libraries only causes the libraries and not the headers to be downloaded. The main problem with multiple outputs is that if one output exists while the others have been garbage-collected (or never downloaded in the first place), and we want to rebuild the other outputs, then this isn't possible because we can't clobber a valid output (it might be in active use). This currently gives an error message like: error: derivation `/nix/store/1s9zw4c8qydpjyrayxamx2z7zzp5pcgh-aterm-2.5.drv' is blocked by its output paths There are two solutions: 1) Do the build in a chroot. Then we don't need to overwrite the existing path. 2) Use hash rewriting (see the ASE-2005 paper). Scary but it should work. This is not finished yet. There is not yet an easy way to refer to non-default outputs in Nix expressions. Also, mutually recursive outputs aren't detected yet and cause the garbage collector to crash.
2011-07-13 * Show the default for --with-store-dir (Nix/211).Eelco Dolstra1-1/+1
2011-07-13 * Allow attribute names to be strings. Based on theEelco Dolstra3-0/+23
allow-arbitrary-strinsg-in-names patch by Marc Weber.
2011-07-13 * Fix concurrency issues in download-using-manifests' handling of theEelco Dolstra2-1/+12
SQLite manifest cache. The DBI AutoCommit feature caused every process to have an active transaction at all times, which could indefinitely block processes wanting to update the manifest cache. * Disable fsync() in the manifest cache because we don't need integrity (the cache can always be recreated if it gets corrupted).
2011-07-13 * Allow a default value in attribute selection by writingEelco Dolstra9-22/+70
x.y.z or default (as originally proposed in https://mail.cs.uu.nl/pipermail/nix-dev/2009-September/002989.html). For instance, an expression like stdenv.lib.attrByPath ["features" "ckSched"] false args can now be written as args.features.ckSched or false
2011-07-06 * Change the right-hand side of the ‘.’ operator from an attribute toEelco Dolstra4-18/+33
an attribute path. This is a refactoring to support default values.
2011-07-06 * Test case.Eelco Dolstra2-0/+8
2011-07-06 * In the ‘?’ operator, allow attribute paths. For instance, you canEelco Dolstra4-24/+47
write ‘attrs ? a.b’ to test whether ‘attrs’ has an attribute ‘a’ containing an attribute ‘b’. This is more convenient than ‘attrs ? a && attrs.a ? b’. Slight change in the semantics: it's no longer an error if the left-hand side of ‘?’ is not an attribute set. In that case it just returns false. So, ‘null ? foo’ no longer throws an error.
2011-07-04 (no commit message)Eelco Dolstra1-1/+1
2011-06-30 doc: Fix typo.Ludovic Courtès1-0/+2
2011-06-30 Add support for the `build-timeout' and `--timeout' options.Ludovic Courtès12-5/+115
2011-06-27 (no commit message)Eelco Dolstra1-1/+1
2011-06-27 (no commit message)Eelco Dolstra1-1/+1
2011-05-03 * Use SQLite 3.7.6.2.Eelco Dolstra1-1/+1
2011-04-19 * nix-install-package: unset NIX_REMOTE because $NIX_MANIFESTS_DIREelco Dolstra1-1/+4
doesn't work when building through the Nix daemon. This also ensures an error message when the user doesn't have sufficient privileges to do nix-pull.
2011-04-19 * Handle error messages from the Nix worker containing the `%'Eelco Dolstra1-1/+1
character. (Nix/216)
2011-04-11 * `nix-env -ub' (`--prebuilt-only') didn't really work because itEelco Dolstra1-17/+20
checked too soon whether substitutes are available. That is, it did so for every available package, rather than those matching installed packages. This was very slow and subject to assertion failures. So do the check much later. Idem for `nix-env -qab' and `nix-env -ib'.
2011-04-11 * Read manifests directly into the database, rather than first readingEelco Dolstra1-60/+65
them into memory. This brings memory use down to (more or less) O(1). For instance, on my test case, the maximum resident size of download-using-manifests while filling the DB went from 142 MiB to 11 MiB.
2011-04-11 * Lock the database during updates.Eelco Dolstra1-1/+8
2011-04-11 (no commit message)Eelco Dolstra1-0/+6
2011-04-11 * configure: detect whether DBD::SQLite is present. If necessary theEelco Dolstra7-6/+33
location to DBI and DBD::SQLite can be passed with --with-dbi and --with-dbd-sqlite.
2011-04-11 * Subtle bug: if you import File::stat in one module, it affects otherEelco Dolstra2-5/+7
modules as well. So use symbolic field names everywhere (which is nicer anyway).
2011-04-11 * Create $manifestDir if it doesn't exist.Eelco Dolstra1-0/+3
2011-04-10 * Cache the manifests in /nix/var/nix/manifests in a SQLite database.Eelco Dolstra2-30/+164
This significantly speeds up the download-using-manifests substituter, especially if manifests are very large. For instance, one "nix-build -A geeqie" operation that updated four packages using binary patches went from 18.5s to 1.6s. It also significantly reduces memory use. The cache is kept in /nix/var/nix/manifests/cache.sqlite. It's updated automatically when manifests are added to or removed from /nix/var/nix/manifests. It might be interesting to have nix-pull store manifests directly in the DB, rather than storing them as separate flat files, but then we would need a command line interface to delete manifests from the DB.
2011-04-06 * Remove the localPaths feature in manifests since it's no longer usedEelco Dolstra7-47/+10
and redundant anyway.
2011-03-16 * Print a better error message.Eelco Dolstra1-1/+1
2011-03-15 * Fix a bug in the documentation (reported by Olexiy Buyanskyy,Eelco Dolstra1-1/+1
Nix/215).
2011-02-17 (no commit message)Eelco Dolstra1-1/+1
2011-02-17 * nix-push: handle the case where the hash is not set in the DB.Eelco Dolstra1-0/+10
2011-02-14 * Build for Ubuntu 10.04.Eelco Dolstra1-0/+2
2011-02-14 make nix-mode provide 'nix-modeFlorian Friesdorf1-0/+2
this enables (require 'nix-mode)
2011-02-10 * Don't allocate a big initial GC address space on machines withEelco Dolstra2-12/+25
little RAM. Even if the memory isn't actually used, it can cause problems with the overcommit heuristics in the kernel. So use a VM space of 25% of RAM, up to 384 MB.
2011-02-09 * Don't call GC_expand_hp unless we're actually using the garbageEelco Dolstra2-12/+18
collector.
2011-02-09 Use $BDW_GC_LIBS instead of a custom variable.Ludovic Courtès3-4/+2
2011-02-09 * A better fix. $boehmgc isn't set anywhere, we should use the flagsEelco Dolstra2-2/+2
returned by pkg-config.
2011-02-09 * The GC library can't be found on SolarisEelco Dolstra1-1/+1
(http://hydra.nixos.org/build/890714), so don't build with GC support for now.
2011-02-09 * Urgh, FreeBSD doesn't have a "seq" command.Eelco Dolstra1-2/+2
2011-02-09 * Obsolete.Eelco Dolstra22-353/+0
2011-02-09 * Remove obsolete directory.Eelco Dolstra1-252/+0
2011-02-09 * Remove obsolete file.Eelco Dolstra1-149/+0
2011-02-09 * Merged the SQLite branch.Eelco Dolstra82-1890/+2676
2011-02-09 * Sync with the trunk.Eelco Dolstra1-2/+0
2011-02-08 (no commit message)Eelco Dolstra1-1/+1
2011-02-05 * Propagate the CC setting.Eelco Dolstra1-1/+1