Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2013-05-07 | Add option ‘extra-binary-caches’ | Eelco Dolstra | 2 | -3/+24 | |
This allows providing additional binary caches, useful in scripts like Hydra's build reproduction scripts, in particular because untrusted caches are ignored. | |||||
2013-05-07 | Build Debian 7.0 debs | Eelco Dolstra | 1 | -0/+2 | |
2013-05-03 | Build Ubuntu 13.04 debs | Eelco Dolstra | 1 | -0/+2 | |
2013-05-03 | Update release notes | Eelco Dolstra | 1 | -2/+3 | |
2013-05-03 | nix-copy-closure: Show a proper error message if no host name is given | Eelco Dolstra | 1 | -0/+2 | |
2013-05-03 | Fixing the pv position regarding compression | Lluís Batlle i Rossell | 2 | -2/+2 | |
Problem noticed by niksnut. | |||||
2013-05-03 | Fixing the pv reference; I didn't mean to change it | Lluís Batlle i Rossell | 1 | -1/+1 | |
2013-05-03 | Adding ETA support to the --show-progress in nix-copy-closure | Lluís Batlle i Rossell | 2 | -6/+16 | |
Based on https://github.com/NixOS/nix/pull/6 from shlevy | |||||
2013-05-01 | Nix 1.5.2 release notes | Eelco Dolstra | 1 | -0/+9 | |
2013-05-01 | Don't let stderr writes in substituters cause a deadlock | Eelco Dolstra | 1 | -0/+4 | |
2013-04-26 | find-runtime-roots.pl: Don't hardcode /nix/store | Eelco Dolstra | 1 | -1/+2 | |
2013-04-26 | addAdditionalRoots(): Check each path only once | Eelco Dolstra | 1 | -2/+2 | |
2013-04-26 | find-runtime-roots.pl: Search process environments for roots | Eelco Dolstra | 1 | -0/+7 | |
For instance, this prevents paths from being deleted that are in use by a "nix-build --run-env" session. | |||||
2013-04-26 | find-runtime-roots.pl: Use Nix::Utils::readFile | Eelco Dolstra | 1 | -19/+15 | |
2013-04-23 | Fix --timeout | Eelco Dolstra | 1 | -38/+25 | |
I'm not sure if it has ever worked correctly. The line "lastWait = after;" seems to mean that the timer was reset every time a build produced log output. Note that the timeout is now per build, as documented ("the maximum number of seconds that a builder can run"). | |||||
2013-04-23 | Show that --timeout doesn't work if the build produces log output | Eelco Dolstra | 2 | -3/+1 | |
2013-04-23 | nix-build: Respect --timeout | Eelco Dolstra | 1 | -1/+1 | |
2013-04-23 | Nix daemon: respect build timeout from the client | Eelco Dolstra | 2 | -4/+5 | |
2013-04-23 | Fix --fallback with the binary cache substituter | Eelco Dolstra | 1 | -0/+1 | |
Reported by Peter Simons. | |||||
2013-04-23 | Test whether --fallback works if NARS have disappeared from the binary cache | Eelco Dolstra | 1 | -0/+14 | |
2013-04-23 | Test NAR info caching | Eelco Dolstra | 2 | -5/+15 | |
2013-04-09 | Manual: Add a missing step to the build instructions | Eelco Dolstra | 1 | -3/+4 | |
Reported by Johan Grande. | |||||
2013-04-04 | Complain if /homeless-shelter exists | Eelco Dolstra | 1 | -1/+5 | |
2013-03-25 | Fix evaluation of the VM tests | Eelco Dolstra | 1 | -2/+2 | |
2013-03-25 | makeStoreWritable: Ask forgiveness, not permission | Shea Levy | 1 | -2/+2 | |
It is surprisingly impossible to check if a mountpoint is a bind mount on Linux, and in my previous commit I forgot to check if /nix/store was even a mountpoint at all. statvfs.f_flag is not populated with MS_BIND (and even if it were, my check was wrong in the previous commit). Luckily, the semantics of mount with MS_REMOUNT | MS_BIND make both checks unnecessary: if /nix/store is not a mountpoint, then mount will fail with EINVAL, and if /nix/store is not a bind-mount, then it will not be made writable. Thus, if /nix/store is not a mountpoint, we fail immediately (since we don't know how to make it writable), and if /nix/store IS a mountpoint but not a bind-mount, we fail at first write (see below for why we can't check and fail immediately). Note that, due to what is IMO buggy behavior in Linux, calling mount with MS_REMOUNT | MS_BIND on a non-bind readonly mount makes the mountpoint appear writable in two places: In the sixth (but not the 10th!) column of mountinfo, and in the f_flags member of struct statfs. All other syscalls behave as if the mount point were still readonly (at least for Linux 3.9-rc1, but I don't think this has changed recently or is expected to soon). My preferred semantics would be for MS_REMOUNT | MS_BIND to fail on a non-bind mount, as it doesn't make sense to remount a non bind-mount as a bind mount. | |||||
2013-03-25 | makeStoreWritable: Use statvfs instead of /proc/self/mountinfo to find out ↵ | Shea Levy | 2 | -21/+13 | |
if /nix/store is a read-only bind mount /nix/store could be a read-only bind mount even if it is / in its own filesystem, so checking the 4th field in mountinfo is insufficient. Signed-off-by: Shea Levy <shea@shealevy.com> | |||||
2013-03-18 | Fix evaluation | Eelco Dolstra | 1 | -1/+0 | |
2013-03-15 | Bump version number | Eelco Dolstra | 1 | -1/+1 | |
2013-03-15 | Remove the "system" jobset input | Eelco Dolstra | 1 | -14/+18 | |
2013-03-14 | Require Bison 2.6 | Eelco Dolstra | 2 | -5/+4 | |
2013-03-14 | Fix building against Bison 2.6 | Eelco Dolstra | 2 | -6/+4 | |
2013-03-14 | Make sure that thunks are restored properly if an exception occurs | Eelco Dolstra | 1 | -3/+6 | |
Fixes Hydra bug #67. | |||||
2013-03-08 | Prevent config.h from being clobbered | Eelco Dolstra | 1 | -0/+3 | |
2013-03-08 | Revert "Prevent config.h from being clobbered" | Eelco Dolstra | 27 | -165/+277 | |
This reverts commit 28bba8c44f484eae38e8a15dcec73cfa999156f6. | |||||
2013-03-08 | Fix annoying Perl 5.16 warnings | Eelco Dolstra | 1 | -17/+17 | |
I.e. Subroutine Nix::Store::isValidPath redefined at /nix/store/clfzsf6gi7qh5i9c0vks1ifjam47rijn-perl-5.16.2/lib/perl5/5.16.2/XSLoader.pm line 92. and so on. | |||||
2013-03-07 | Prevent config.h from being clobbered | Eelco Dolstra | 27 | -277/+165 | |
2013-02-28 | Handle systems without lutimes() or lchown() | Eelco Dolstra | 1 | -1/+1 | |
2013-02-28 | Update release notes | Eelco Dolstra | 2 | -1/+11 | |
Also use a point release version number as suggested by several people. | |||||
2013-02-28 | Handle symlinks properly | Eelco Dolstra | 1 | -1/+1 | |
Now it's really brown paper bag time... | |||||
2013-02-28 | Bump version number | Eelco Dolstra | 1 | -1/+1 | |
2013-02-27 | Handle hard links to other files in the output | Eelco Dolstra | 2 | -6/+36 | |
2013-02-27 | Refactoring: Split off the non-recursive canonicalisePathMetaData() | Eelco Dolstra | 3 | -37/+52 | |
Also, change the file mode before changing the owner. This prevents a slight time window in which a setuid binary would be setuid root. | |||||
2013-02-26 | Remove outdated file | Eelco Dolstra | 1 | -33/+0 | |
2013-02-26 | Bump version number | Eelco Dolstra | 1 | -1/+1 | |
2013-02-26 | Update release notes | Eelco Dolstra | 1 | -1/+24 | |
2013-02-26 | Security: Don't allow builders to change permissions on files they don't own | Eelco Dolstra | 5 | -20/+17 | |
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway. | |||||
2013-02-19 | build-remote: Use the --quiet flag | Eelco Dolstra | 2 | -6/+3 | |
‘--option verbosity 0’ doesn't actually do anything. | |||||
2013-02-19 | Add `Settings::nixDaemonSocketFile'. | Ludovic Courtès | 5 | -10/+14 | |
2013-02-19 | Enable chroot support on old glibc versions. | Ludovic Courtès | 1 | -0/+6 | |
2013-02-08 | Document ‘hashString’ | Eelco Dolstra | 2 | -0/+26 | |