about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2015-01-18 Make inputs writeable in the sandbox (builds still can’t actually write ↵Daniel Peebles1-2/+7
due to user permissions)
2015-01-15 Shut up "Wide character in print" warning in copy-from-other-stores.plEelco Dolstra1-0/+1
2015-01-15 Fix assertion failure in nix-envEelco Dolstra2-4/+8
$ nix-env -f ~/Dev/nixops/ -iA foo nix-env: src/libexpr/eval.hh:57: void nix::Bindings::push_back(const nix::Attr&): Assertion `size_ < capacity' failed. Aborted
2015-01-15 Set correct user agent for NAR downloads from binary cachesEelco Dolstra1-2/+4
2015-01-13 Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy1-1/+1
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 SysError -> ErrorEelco Dolstra1-1/+1
2015-01-13 Don't resolve symlinks while checking __impureHostDepsEelco Dolstra1-2/+5
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12 Add basic Apple sandbox supportDaniel Peebles1-17/+169
2015-01-12 doc: `nix-channel --remove` takes a name, not a urlTobias Geerinckx-Rice1-1/+1
2015-01-09 Fix builtins.readDir on XFSEelco Dolstra1-1/+1
The DT_UNKNOWN fallback code was getting the type of the wrong path, causing readDir to report "directory" as the type of every file. Reported by deepfire on IRC.
2015-01-08 Doh^2Eelco Dolstra1-1/+1
2015-01-08 DohEelco Dolstra1-3/+3
2015-01-08 Fix typo (assuming this is a typo)Данило Глинський (Danylo Hlynskyi)1-1/+1
Fix typo (assuming this is a typo) `allowedRequisites` mentions `allowedReferences` in code example
2015-01-08 Set /nix/store permission to 1737Eelco Dolstra2-19/+6
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-08 nix-shell: Add --run flagEelco Dolstra2-7/+26
‘--run’ is like ‘--command’, except that it runs the command in a non-interactive shell. This is important if you do things like: $ nix-shell --command make Hitting Ctrl-C while make is running drops you into the interactive Nix shell, which is probably not what you want. So you can now do $ nix-shell --run make instead.
2015-01-08 nix-shell: Interpret filenames relative to the #!-scriptEelco Dolstra1-0/+7
So you can have a script like: #! /usr/bin/env nix-shell #! nix-shell script.nix -i python import prettytable x = prettytable.PrettyTable(["Foo", "Bar"]) for i in range(1, 10): x.add_row([i, i**2]) print x with a ‘script.nix’ in the same directory: with import <nixpkgs> {}; runCommand "dummy" { buildInputs = [ python pythonPackages.prettytable ]; } "" (Of course, in this particular case, using the ‘-p’ flag is more convenient.)
2015-01-08 Allow nix-shell to be used as a #! interpreterEelco Dolstra1-0/+37
This allows scripts to fetch their own dependencies via nix-shell. For instance, here is a Haskell script that, when executed, pulls in GHC and the HTTP package: #! /usr/bin/env nix-shell #! nix-shell -i runghc -p haskellPackages.ghc haskellPackages.HTTP import Network.HTTP main = do resp <- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/") body <- getResponseBody resp print (take 100 body) Or a Perl script that pulls in Perl and some CPAN packages: #! /usr/bin/env nix-shell #! nix-shell -i perl -p perl perlPackages.HTMLTokeParserSimple perlPackages.LWP use HTML::TokeParser::Simple; my $p = HTML::TokeParser::Simple->new(url => 'http://nixos.org/'); while (my $token = $p->get_tag("a")) { my $href = $token->get_attr("href"); print "$href\n" if $href; } Note that the options to nix-shell must be given on a separate line that starts with the magic string ‘#! nix-shell’. This is because ‘env’ does not allow passing arguments to an interpreter directly.
2015-01-07 nix-shell --command: Remove bogus argument to "exit"Eelco Dolstra1-1/+1
Fixes "exit: Inappropriate: numeric argument required" errors.
2015-01-07 Show position info for failing <...> lookupsEelco Dolstra3-4/+8
2015-01-07 Remove quotes around filenames in position infoEelco Dolstra1-1/+1
2015-01-06 Document how to set up build users on Mac OS XEelco Dolstra1-0/+28
2015-01-06 Fix building on DarwinEelco Dolstra1-1/+4
Fixes #433.
2015-01-05 Merge pull request #431 from j-keck/masterRob Vermaas2-3/+2
small documentation fixes
2015-01-05 doc: remove wrong phrase.j-keck1-2/+1
'... another level of indirection not shown in the figure above ...' but in the 'user-environments.png' figure there is '~/.nix-profile'. the figure was updated with the commit: f982df3 on Mar 16, 2005.
2015-01-05 doc: remove double wordj-keck1-1/+1
'... when when ...' -> '... when ...'
2015-01-02 Allow $NIX_PAGER to override $PAGEREelco Dolstra1-4/+5
2015-01-02 libutil: Limit readLink() error to only overflows.aszlig1-2/+2
Let's not just improve the error message itself, but also the behaviour to actually work around the ntfs-3g symlink bug. If the readlink() call returns a smaller size than the stat() call, this really isn't a problem even if the symlink target really has changed between the calls. So if stat() reports the size for the absolute path, it's most likely that the relative path is smaller and thus it should also work for file system bugs as mentioned in 93002d69fc58c2b71e2dfad202139230c630c53a. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02 libutil: Improve errmsg on readLink size mismatch.aszlig1-1/+5
A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02 edition -> subtitleEelco Dolstra1-3/+1
For some reason, docbook-xsl doesn't render edition.
2014-12-29 LocalStore initialization: Don't die if build-users-group doesn't existShea Levy1-11/+12
See NixOS/nixpkgs@9245516
2014-12-23 Revive running builds in a PID namespaceEelco Dolstra1-30/+59
2014-12-16 Belatedly add contributorsEelco Dolstra1-0/+7
2014-12-15 Bump version numberEelco Dolstra1-1/+1
2014-12-15 Merge pull request #420 from linquize/cygwinEelco Dolstra1-0/+2
Add exe, dll to .gitignore
2014-12-15 Add exe, dll to .gitignoreLinquize1-0/+2
2014-12-14 GrmblEelco Dolstra1-1/+1
2014-12-14 Add a section on nix-serveEelco Dolstra3-1/+72
2014-12-14 Add section on SSH substituterEelco Dolstra4-43/+127
2014-12-14 PedantryEelco Dolstra5-8/+4
2014-12-14 Merge branch 'cygwin-master' of https://github.com/ternaris/nixEelco Dolstra8-5/+31
2014-12-14 Merge commit '36c67860363c93eb00cf5b8e2ad34f6f775e6901'Eelco Dolstra7-19/+60
2014-12-14 Delete the stdenv sectionEelco Dolstra7-105/+21
It's outdated and better covered in the Nixpkgs manual.
2014-12-14 BlaEelco Dolstra1-1/+8
2014-12-14 Fix buildEelco Dolstra1-1/+1
http://hydra.nixos.org/build/17894500
2014-12-14 Fix image in PDFEelco Dolstra2-2/+3
Closes #415.
2014-12-14 Rename filesEelco Dolstra4-29/+26
2014-12-13 Update .nixpkg descriptionEelco Dolstra1-16/+19
2014-12-13 ReiserFS -> ext4Eelco Dolstra1-5/+5
2014-12-13 StyleEelco Dolstra1-0/+6
2014-12-13 Undocument nix-generate-patchesEelco Dolstra1-1/+3