about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2015-02-19 Merge branch 'tilde-paths' of https://github.com/shlevy/nixEelco Dolstra4-3/+14
2015-02-19 tilde paths: The rest of the string has to start with a slash anywayShea Levy1-1/+1
2015-02-19 tilde paths: construct the entire path at parse timeShea Levy1-6/+1
2015-02-19 tilde paths: get HOME at parse timeShea Levy1-3/+1
2015-02-19 Remove obsolete reference to ~ operatorEelco Dolstra1-1/+0
2015-02-19 ExprConcatStrings: canonicalize concatenated pathsShea Levy1-1/+2
2015-02-19 FIXMEsEelco Dolstra1-0/+4
2015-02-19 Allow the leading component of a path to be a ~Shea Levy3-2/+19
2015-02-18 Escape arguments to nix-shell #! scriptsEelco Dolstra1-2/+6
2015-02-18 Support passing command line arguments to nix-shell #! scriptsEelco Dolstra1-2/+5
2015-02-18 Fix nix-shell shebang scripts if -p is usedEelco Dolstra1-1/+1
2015-02-18 nix-store --generate-binary-cache-key: Write key to diskEelco Dolstra2-13/+15
This ensures proper permissions for the secret key.
2015-02-17 Use $<attr>Path instead of $<attr> for passAsFileEelco Dolstra3-7/+13
2015-02-17 Allow passing attributes via files instead of environment variablesEelco Dolstra4-5/+55
Closes #473.
2015-02-17 Keep sortedEelco Dolstra1-27/+27
2015-02-17 Include NAR size in fingerprint computationEelco Dolstra3-6/+5
This is not strictly needed for integrity (since we already include the NAR hash in the fingerprint) but it helps against endless data attacks [1]. (However, this will also require download-from-binary-cache.pl to bail out if it receives more than the specified number of bytes.) [1] https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf
2015-02-16 Test chroot buildingEelco Dolstra1-0/+1
2015-02-16 Use pivot_root in addition to chroot when possibleHarald van Dijk2-7/+29
chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use.
2015-02-12 Revert "Remove Fedora 18, 19 builds"Eelco Dolstra1-0/+4
This reverts commit 9c58691ce3a35833ddcbf157f9f174ab0cc1c37a. Fedora 18/19 images should build again.
2015-02-10 Don't depend on libsodium on DarwinEelco Dolstra1-1/+3
It doesn't build at the moment. http://hydra.nixos.org/build/19557641
2015-02-10 Make libsodium an optional dependencyEelco Dolstra6-2/+28
2015-02-10 Add Fedora 21 buildEelco Dolstra1-4/+8
Fixes #467.
2015-02-10 Add base64 encoder/decoderEelco Dolstra3-8/+66
2015-02-08 nix-build: Respect -Q during evaluationShea Levy1-0/+5
Fixes #474
2015-02-05 Remove tabEelco Dolstra1-1/+1
2015-02-04 TypoEelco Dolstra1-1/+1
2015-02-04 Require linux 3.13 or later for chrootShea Levy2-2/+8
Fixes #453
2015-02-04 Sign a subset of the .narinfoEelco Dolstra2-13/+29
We only need to sign the store path, NAR hash and references (the "fingerprint"). Everything else is irrelevant to security. For instance, the compression algorithm or the hash of the compressed NAR don't matter as long as the contents of the uncompressed NAR are correct. (Maybe we should include derivers in the fingerprint, but they're broken and nobody cares about them. Also, it might be nice in the future if .narinfos contained signatures from multiple independent signers. But that's impossible if the deriver is included in the fingerprint, since everybody will tend to have a different deriver for the same store path.) Also renamed the "Signature" field to "Sig" since the format changed in an incompatible way.
2015-02-04 Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra15-91/+196
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2015-02-03 Simplify parseHash32Eelco Dolstra1-37/+10
2015-02-03 Simplify printHash32Eelco Dolstra1-35/+17
2015-01-30 nix-install-package: follow symlinksJaka Hudoklin1-1/+1
2015-01-29 Merge remote-tracking branch 'shlevy/baseNameOf-no-copy'Shea Levy2-2/+2
baseNameOf: Don't copy paths to the store first
2015-01-28 Moves runHook to a later execution positionOliver Dunkl1-1/+1
It moves runHook to a later position in the rcfile. After that we are able to set the PS1 environment-variable for a nix-shell environment e.g.: # turn the color of the prompt to blue shellHook = '' export PS1="\n\[\033[1;34m\][\u@\h:\w]$\[\033[0m\] "; '';
2015-01-18 Make inputs writeable in the sandbox (builds still can’t actually write ↵Daniel Peebles1-2/+7
due to user permissions)
2015-01-15 Shut up "Wide character in print" warning in copy-from-other-stores.plEelco Dolstra1-0/+1
2015-01-15 Fix assertion failure in nix-envEelco Dolstra2-4/+8
$ nix-env -f ~/Dev/nixops/ -iA foo nix-env: src/libexpr/eval.hh:57: void nix::Bindings::push_back(const nix::Attr&): Assertion `size_ < capacity' failed. Aborted
2015-01-15 Set correct user agent for NAR downloads from binary cachesEelco Dolstra1-2/+4
2015-01-13 Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy1-1/+1
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 SysError -> ErrorEelco Dolstra1-1/+1
2015-01-13 Don't resolve symlinks while checking __impureHostDepsEelco Dolstra1-2/+5
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12 Add basic Apple sandbox supportDaniel Peebles1-17/+169
2015-01-12 doc: `nix-channel --remove` takes a name, not a urlTobias Geerinckx-Rice1-1/+1
2015-01-09 Fix builtins.readDir on XFSEelco Dolstra1-1/+1
The DT_UNKNOWN fallback code was getting the type of the wrong path, causing readDir to report "directory" as the type of every file. Reported by deepfire on IRC.
2015-01-08 Doh^2Eelco Dolstra1-1/+1
2015-01-08 DohEelco Dolstra1-3/+3
2015-01-08 Fix typo (assuming this is a typo)Данило Глинський (Danylo Hlynskyi)1-1/+1
Fix typo (assuming this is a typo) `allowedRequisites` mentions `allowedReferences` in code example
2015-01-08 Set /nix/store permission to 1737Eelco Dolstra2-19/+6
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-08 nix-shell: Add --run flagEelco Dolstra2-7/+26
‘--run’ is like ‘--command’, except that it runs the command in a non-interactive shell. This is important if you do things like: $ nix-shell --command make Hitting Ctrl-C while make is running drops you into the interactive Nix shell, which is probably not what you want. So you can now do $ nix-shell --run make instead.
2015-01-08 nix-shell: Interpret filenames relative to the #!-scriptEelco Dolstra1-0/+7
So you can have a script like: #! /usr/bin/env nix-shell #! nix-shell script.nix -i python import prettytable x = prettytable.PrettyTable(["Foo", "Bar"]) for i in range(1, 10): x.add_row([i, i**2]) print x with a ‘script.nix’ in the same directory: with import <nixpkgs> {}; runCommand "dummy" { buildInputs = [ python pythonPackages.prettytable ]; } "" (Of course, in this particular case, using the ‘-p’ flag is more convenient.)