Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
modules for the running kernel from being garbage-collected. Idem
for /proc/sys/kernel/fbsplash.
|
|
signal. This is necessary because those processes may have joined
the BDB environment, so they have to be given a chance to clean up.
(NIX-85)
|
|
checking to be turned off on machines with way too many roots.
|
|
/nix/var/nix/profiles, not just in that directory itself. (NixOS
puts profiles in /nix/var/nix/profiles/per-user.)
|
|
|
|
the remote system to make sure that Nix is in the $PATH.
|
|
|
|
openssl through $PATH at runtime.
|
|
|
|
|
|
evaluator. This was important because the NixOS expressions started
to hit 2 MB default stack size on Linux.
GCC is really dumb about stack space: it just adds up all the local
variables and temporaries of every scope into one huge stack frame.
This is really bad for deeply recursive functions. For instance,
every `throw Error(format("error message"))' causes a format object
of a few hundred bytes to be allocated on the stack. As a result,
every recursive call to evalExpr2() consumed 4680 bytes. By
splitting evalExpr2() and by moving the exception-throwing code out
of the main functions, evalExpr2() now only consumes 40 bytes.
Similar for evalExpr().
|
|
the Nix expression evaluator.
|
|
|
|
|
|
|
|
sure that nix-store is in the PATH.
* nix-copy-closure: option --gzip to compress data.
|
|
* nix-copy-closure: set SSH options through NIX_SSHOPTS..
|
|
another machine through ssh. E.g.,
$ nix-copy-closure xyzzy $(which svn)
copies the closure of Subversion to machine `xyzzy'. This is like
`nix-pack-closure $(which svn) | ssh xyzzy', but it's much more
efficient since it only copies those paths that are missing on the
target machine.
|
|
|
|
|
|
under the references relation. This is useful for commands that
want to copy paths to another Nix store in the right order.
|
|
which paths specified on the command line are invalid (i.e., don't
barf when encountering an invalid path, just print it). This is
useful for build-remote.pl to figure out which paths need to be
copied to a remote machine. (Currently we use rsync, but that's
rather inefficient.)
|
|
|
|
always requires a signature on the archive. This is to ensure that
unprivileged users cannot add Trojan horses to the Nix store.
|
|
|
|
* exportPath(): lock the path, use a transaction.
|
|
--export' into the Nix store, and optionally check the cryptographic
signatures against /nix/etc/nix/signing-key.pub. (TODO: verify
against a set of public keys.)
|
|
in /nix/etc/nix/signing-key.sec
|
|
|
|
path. This is like `nix-store --dump', only it also dumps the
meta-information of the store path (references, deriver). Will add
a `--sign' flag later to add a cryptographic signature, which we
will use for exchanging store paths between build farm machines in a
secure manner.
|
|
|
|
|
|
|
|
|
|
attribute) about installed packages in user environments. Thus, an
operation like `nix-env -q --description' shows useful information
not only on available packages but also on installed packages.
* nix-env now passes the entire manifest as an argument to the Nix
expression of the user environment builder (not just a list of
paths), so that in particular the user environment builder has
access to the meta attributes.
* New operation `--set-flag' in nix-env to change meta info of
installed packages. This will be useful to pass per-package
policies to the user environment builder (e.g., how to resolve
collision or whether to disable a package (NIX-80)) or upgrade
policies in nix-env (e.g., that a package should be "masked", that
is, left untouched by upgrade actions). Example:
$ nix-env --set-flag enabled false ghc-6.4
|
|
|
|
computing the store path (NIX-77). This is an important security
property in multi-user Nix stores.
Note that this changes the store paths of derivations (since the
derivation aterms are added using addTextToStore), but not most
outputs (unless they use builtins.toFile).
|
|
|
|
|
|
* `sub' to subtract two numbers.
* `stringLength' to get the length of a string.
* `substring' to get a substring of a string. These should be enough
to allow most string operations to be expressed.
|
|
paths. Paths can have unexpected semantics.
|
|
programs, so if a builder uses TMPDIR, then it will fail when
executed through nix-setuid-helper. In fact Glibc clears a whole
bunch of variables (see sysdeps/generic/unsecvars.h in the Glibc
sources), but only TMPDIR should matter in practice. As a
workaround, we reinitialise TMPDIR from NIX_BUILD_TOP.
|
|
|
|
path can be created by copying it from another location in the file
system. This is useful in the NixOS installation.
|
|
|
|
|
|
|
|
"directory", "symlink") as the second argument to the filter
predicate.
|
|
important to get garbage collection to work if there is any
inconsistency in the database (because the referrer table is used to
determine whether it is safe to delete a path).
* `nix-store --verify': show some progress.
|