Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
set the real uid and gid to the effective uid and gid, the Nix
binaries can be installed as owned by the Nix user and group instead
of root, so no root involvement of any kind is necessary.
Linux and FreeBSD have these functions.
|
|
users.
If the configure flag `--enable-setuid' is used, the Nix programs
nix-env, nix-store, etc. are installed with the setuid bit turned on
so that they are executed as the user and group specified by
`--with-nix-user=USER' and `--with-nix-group=GROUP', respectively
(with defaults `nix' and `nix').
The setuid programs drop all special privileges if they are executed
by a user who is not a member of the Nix group.
The setuid feature is a quick hack to enable sharing of a Nix
installation between users who trust each other. It is not
generally secure, since any user in the Nix group can modify (by
building an appropriate derivation) any object in the store, and for
instance inject trojans into binaries used by other users.
The setuid programs are owned by root, not the Nix user. This is
because on Unix normal users cannot change the real uid, only the
effective uid. Many programs don't work properly when the real uid
differs from the effective uid. For instance, Perl will turn on
taint mode. However, the setuid programs drop all root privileges
immediately, changing all uids and gids to the Nix user and group.
|
|
* Don't use `seq' - some primitive, obsolete operating systems
(Darwin) don't have it.
|
|
* Builder output is written to standard error by default.
* The option `-B' is gone.
* The option `-Q' suppresses builder output.
The result of this is that most Nix invocations shouldn't need any
flags w.r.t. logging.
|
|
* Handle multiple derivations correctly.
|
|
"i686-linux").
|
|
particular happens on distributed builds or when using push/pull.
|
|
print out incorrect "build failed" messages).
|
|
|
|
|
|
derivation disables scanning for dependencies. Use at your own
risk. This is a quick hack to speed up UML image generation (image
are very big, say 1 GB).
It would be better if the scanner were faster, and didn't read the
whole file into memory.
|
|
|
|
* Include bootstrap.sh in dist.
|
|
|
|
store object just built.
|
|
|
|
Now SuSE and Red Hat should yield the same type (`i686-linux'). Mac
OS X should now give `powerpc-darwin' (i.e., the version number is
gone).
|
|
|
|
|
|
|
|
|
|
system types other than the current system. I.e., `nix-env -i'
won't install derivations for other system types, and `nix-env -q'
won't show them. The flag `--system-filter SYSTEM' can be used to
override the system type used for filtering (but not for
building!). The value `*' can be used not to filter anything.
|
|
|
|
`nix-env -q'.
* Queries can now be combined, e.g., `nix-env -q --status --system'.
|
|
|
|
|
|
|
|
derivations with names matching the derivations being installed.
The option `--preserve-installed / -P' overrides this behaviour.
|
|
normalisation goal.
|
|
upgrading.
This fixes a bug reported by Martin:
$ nix-env -i foo-1.0
$ nix-env -u foo-1.0
upgrading foo-1.0 to foo-1.1
|
|
|
|
Whenever Nix attempts to realise a derivation for which a closure is
already known, but this closure cannot be realised, fall back on
normalising the derivation.
The most common scenario in which this is useful is when we have
registered substitutes in order to perform binary distribution from,
say, a network repository. If the repository is down, the
realisation of the derivation will fail. When this option is
specified, Nix will build the derivation instead. Thus, binary
installation falls back on a source installation. This option is
not the default since it is generally not desirable for a transient
failure in obtaining the substitutes to lead to a full build from
source (with the related consumption of resources).
|
|
much as possible. (This is similar to GNU Make's `-k' flag.)
* Refactoring to implement this: previously we just bombed out when
a build failed, but now we have to clean up. In particular this
means that goals must be freed quickly --- they shouldn't hang
around until the worker exits. So the worker now maintains weak
pointers in order not to prevent garbage collection.
* Documented the `-k' and `-j' flags.
|
|
goal and allow the problem to be handled elsewhere (e.g., at
top-level).
|
|
|
|
expression, we should invalidate it and go back to the derivation
for which it is a successor.
|
|
|
|
|
|
|
|
|
|
|
|
their output paths (and only that) on standard output.
|
|
|
|
|
|
|
|
|
|
|
|
|