about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2013-05-07 Build Debian 7.0 debsEelco Dolstra1-0/+2
2013-05-03 Build Ubuntu 13.04 debsEelco Dolstra1-0/+2
2013-05-03 Update release notesEelco Dolstra1-2/+3
2013-05-03 nix-copy-closure: Show a proper error message if no host name is givenEelco Dolstra1-0/+2
2013-05-03 Fixing the pv position regarding compressionLluís Batlle i Rossell2-2/+2
Problem noticed by niksnut.
2013-05-03 Fixing the pv reference; I didn't mean to change itLluís Batlle i Rossell1-1/+1
2013-05-03 Adding ETA support to the --show-progress in nix-copy-closureLluís Batlle i Rossell2-6/+16
Based on https://github.com/NixOS/nix/pull/6 from shlevy
2013-05-01 Nix 1.5.2 release notesEelco Dolstra1-0/+9
2013-05-01 Don't let stderr writes in substituters cause a deadlockEelco Dolstra1-0/+4
2013-04-26 find-runtime-roots.pl: Don't hardcode /nix/storeEelco Dolstra1-1/+2
2013-04-26 addAdditionalRoots(): Check each path only onceEelco Dolstra1-2/+2
2013-04-26 find-runtime-roots.pl: Search process environments for rootsEelco Dolstra1-0/+7
For instance, this prevents paths from being deleted that are in use by a "nix-build --run-env" session.
2013-04-26 find-runtime-roots.pl: Use Nix::Utils::readFileEelco Dolstra1-19/+15
2013-04-23 Fix --timeoutEelco Dolstra1-38/+25
I'm not sure if it has ever worked correctly. The line "lastWait = after;" seems to mean that the timer was reset every time a build produced log output. Note that the timeout is now per build, as documented ("the maximum number of seconds that a builder can run").
2013-04-23 Show that --timeout doesn't work if the build produces log outputEelco Dolstra2-3/+1
2013-04-23 nix-build: Respect --timeoutEelco Dolstra1-1/+1
2013-04-23 Nix daemon: respect build timeout from the clientEelco Dolstra2-4/+5
2013-04-23 Fix --fallback with the binary cache substituterEelco Dolstra1-0/+1
Reported by Peter Simons.
2013-04-23 Test whether --fallback works if NARS have disappeared from the binary cacheEelco Dolstra1-0/+14
2013-04-23 Test NAR info cachingEelco Dolstra2-5/+15
2013-04-09 Manual: Add a missing step to the build instructionsEelco Dolstra1-3/+4
Reported by Johan Grande.
2013-04-04 Complain if /homeless-shelter existsEelco Dolstra1-1/+5
2013-03-25 Fix evaluation of the VM testsEelco Dolstra1-2/+2
2013-03-25 makeStoreWritable: Ask forgiveness, not permissionShea Levy1-2/+2
It is surprisingly impossible to check if a mountpoint is a bind mount on Linux, and in my previous commit I forgot to check if /nix/store was even a mountpoint at all. statvfs.f_flag is not populated with MS_BIND (and even if it were, my check was wrong in the previous commit). Luckily, the semantics of mount with MS_REMOUNT | MS_BIND make both checks unnecessary: if /nix/store is not a mountpoint, then mount will fail with EINVAL, and if /nix/store is not a bind-mount, then it will not be made writable. Thus, if /nix/store is not a mountpoint, we fail immediately (since we don't know how to make it writable), and if /nix/store IS a mountpoint but not a bind-mount, we fail at first write (see below for why we can't check and fail immediately). Note that, due to what is IMO buggy behavior in Linux, calling mount with MS_REMOUNT | MS_BIND on a non-bind readonly mount makes the mountpoint appear writable in two places: In the sixth (but not the 10th!) column of mountinfo, and in the f_flags member of struct statfs. All other syscalls behave as if the mount point were still readonly (at least for Linux 3.9-rc1, but I don't think this has changed recently or is expected to soon). My preferred semantics would be for MS_REMOUNT | MS_BIND to fail on a non-bind mount, as it doesn't make sense to remount a non bind-mount as a bind mount.
2013-03-25 makeStoreWritable: Use statvfs instead of /proc/self/mountinfo to find out ↵Shea Levy2-21/+13
if /nix/store is a read-only bind mount /nix/store could be a read-only bind mount even if it is / in its own filesystem, so checking the 4th field in mountinfo is insufficient. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-18 Fix evaluationEelco Dolstra1-1/+0
2013-03-15 Bump version numberEelco Dolstra1-1/+1
2013-03-15 Remove the "system" jobset inputEelco Dolstra1-14/+18
2013-03-14 Require Bison 2.6Eelco Dolstra2-5/+4
2013-03-14 Fix building against Bison 2.6Eelco Dolstra2-6/+4
2013-03-14 Make sure that thunks are restored properly if an exception occursEelco Dolstra1-3/+6
Fixes Hydra bug #67.
2013-03-08 Prevent config.h from being clobberedEelco Dolstra1-0/+3
2013-03-08 Revert "Prevent config.h from being clobbered"Eelco Dolstra27-165/+277
This reverts commit 28bba8c44f484eae38e8a15dcec73cfa999156f6.
2013-03-08 Fix annoying Perl 5.16 warningsEelco Dolstra1-17/+17
I.e. Subroutine Nix::Store::isValidPath redefined at /nix/store/clfzsf6gi7qh5i9c0vks1ifjam47rijn-perl-5.16.2/lib/perl5/5.16.2/XSLoader.pm line 92. and so on.
2013-03-07 Prevent config.h from being clobberedEelco Dolstra27-277/+165
2013-02-28 Handle systems without lutimes() or lchown()Eelco Dolstra1-1/+1
2013-02-28 Update release notesEelco Dolstra2-1/+11
Also use a point release version number as suggested by several people.
2013-02-28 Handle symlinks properlyEelco Dolstra1-1/+1
Now it's really brown paper bag time...
2013-02-28 Bump version numberEelco Dolstra1-1/+1
2013-02-27 Handle hard links to other files in the outputEelco Dolstra2-6/+36
2013-02-27 Refactoring: Split off the non-recursive canonicalisePathMetaData()Eelco Dolstra3-37/+52
Also, change the file mode before changing the owner. This prevents a slight time window in which a setuid binary would be setuid root.
2013-02-26 Remove outdated fileEelco Dolstra1-33/+0
2013-02-26 Bump version numberEelco Dolstra1-1/+1
2013-02-26 Update release notesEelco Dolstra1-1/+24
2013-02-26 Security: Don't allow builders to change permissions on files they don't ownEelco Dolstra5-20/+17
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway.
2013-02-19 build-remote: Use the --quiet flagEelco Dolstra2-6/+3
‘--option verbosity 0’ doesn't actually do anything.
2013-02-19 Add `Settings::nixDaemonSocketFile'.Ludovic Courtès5-10/+14
2013-02-19 Enable chroot support on old glibc versions.Ludovic Courtès1-0/+6
2013-02-08 Document ‘hashString’Eelco Dolstra2-0/+26
2013-02-08 Make "${./path} ..." evaluate to a string, not a pathEelco Dolstra3-5/+7
Wacky string coercion semantics caused expressions like exec = "${./my-script} params..."; to evaluate to a path (‘/path/my-script params’), because anti-quotations are desuged to string concatenation: exec = ./my-script + " params..."; By constrast, adding a space at the start would yield a string as expected: exec = " ${./my-script} params..."; Now the first example also evaluates to a string.