about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2016-04-07 nix verify-paths: Add ‘--sigs-needed <N>’ flagEelco Dolstra3-16/+41
This specifies the number of distinct signatures required to consider each path "trusted". Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables verifying whether a path is trusted (since a path can also be trusted if it has no signatures, but was built locally).
2016-04-07 Use secret-key-files for verifyingEelco Dolstra1-1/+14
2016-04-07 Sign locally-built pathsEelco Dolstra3-1/+24
Locally-built paths are now signed automatically using the secret keys specified by the ‘secret-key-files’ option.
2016-04-06 Fix "tar: This does not look like a tar archive" with fetchTarball / -I http://Eelco Dolstra1-2/+1
The 304 Not Modified was not handled correctly, so the empty result from the conditional request would overwrite the previous tarball.
2016-04-05 Add "nix sign-paths" commandEelco Dolstra2-1/+52
E.g. $ nix sign-paths -k ./secret -r $(type -p geeqie) signs geeqie and all its dependencies using the key in ./secret.
2016-04-05 Add "nix copy-sigs" commandEelco Dolstra9-3/+185
This imports signatures from one store into another. E.g. $ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/ imported 595 signatures
2016-04-05 Probably fix SQLITE_BUSY errorsEelco Dolstra2-0/+7
2016-04-04 throwSQLiteError(): Check for SIGINT so we don't loop foreverEelco Dolstra1-0/+1
2016-03-31 Add missing -pthreadEelco Dolstra1-1/+1
https://hydra.nixos.org/build/33908385
2016-03-30 LocalStore: Keep track of ultimately trusted pathsEelco Dolstra7-12/+51
These are content-addressed paths or outputs of locally performed builds. They are trusted even if they don't have signatures, so "nix verify-paths" won't complain about them.
2016-03-30 Fix nix-copy-closure test on 16.03Eelco Dolstra1-1/+1
2016-03-30 Improve the SQLite wrapper APIEelco Dolstra5-224/+157
In particular, this eliminates a bunch of boilerplate code.
2016-03-30 Factour out SQLite handlingEelco Dolstra4-204/+224
2016-03-30 Turn retrying SQLite transactions into a higher-order functionEelco Dolstra1-33/+42
2016-03-30 nix verify: Support checking against signatures in other storesEelco Dolstra1-2/+33
Typical usage is to check local paths using the signatures from a binary cache: $ nix verify-paths -r /run/current-system -s https://cache.nixos.org path ‘/nix/store/c1k4zqfb74wba5sn4yflb044gvap0x6k-nixos-system-mandark-16.03.git.fc2d7a5M’ is untrusted ... checked 844 paths, 119 untrusted
2016-03-30 HttpBinaryCacheStore: Treat 403 errors as 404Eelco Dolstra1-1/+3
2016-03-30 CurlDownloader: Fix HTTP error processingEelco Dolstra1-1/+0
2016-03-29 Improve SIGINT handling in multi-threaded programsEelco Dolstra4-14/+12
The flag remembering whether an Interrupted exception was thrown is now thread-local. Thus, all threads will (eventually) throw Interrupted. Previously, one thread would throw Interrupted, and then the other threads wouldn't see that they were supposed to quit.
2016-03-29 Add "nix verify-store" commandEelco Dolstra1-13/+53
Like "nix-store --verify --check-contents", but with the same advantages as "nix verify-paths".
2016-03-29 Add "nix verify-paths" commandEelco Dolstra11-2/+432
Unlike "nix-store --verify-path", this command verifies signatures in addition to store path contents, is multi-threaded (especially useful when verifying binary caches), and has a progress indicator. Example use: $ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird) ... [17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’
2016-03-29 Re-enable sync_with_stdioEelco Dolstra1-3/+0
Otherwise writing to std::cerr is not thread-safe (in particular, lines will be randomly duplicated).
2016-03-29 Merge pull request #864 from copumpkin/remove-hackEelco Dolstra1-3/+2
Kill the temporary darwin-specific channel
2016-03-28 Kill the temporary darwin-specific channelDan Peebles1-3/+2
The issues have been resolved upstream in the main nixpkgs channel now
2016-03-24 Use shorter daemon socket path in testsEelco Dolstra3-5/+5
Otherwise we hit the 104 character limit. http://hydra.nixos.org/build/33562028
2016-03-24 Move signature support from NarInfo to ValidPathInfoEelco Dolstra4-39/+43
2016-03-24 TyposEelco Dolstra1-2/+2
2016-03-24 HttpBinaryCacheStore: Make thread-safeEelco Dolstra1-2/+6
2016-03-23 Drop support for daemon socket path >= 108 charactersEelco Dolstra1-15/+3
Doing a chdir() is a bad idea in multi-threaded programs, leading to failures such as error: cannot connect to daemon at ‘/nix/var/nix/daemon-socket/socket’: No such file or directory Since Linux doesn't have a connectat() syscall like FreeBSD, there is no way we can support this in a race-free way.
2016-03-23 LocalStoreAccessor::stat: Handle ENOTDIREelco Dolstra1-1/+1
Closes https://github.com/NixOS/hydra/pull/286.
2016-03-22 Remove references to old-school signingEelco Dolstra2-42/+0
2016-03-22 Don't overload dumpPath()Eelco Dolstra7-11/+13
2016-03-21 Move signatures from NarInfo to ValidPathInfoEelco Dolstra4-11/+21
This allows queryPathInfo() to return signatures.
2016-03-21 nix: Add --store flagEelco Dolstra2-4/+10
This is a bit user-friendlier than using $NIX_REMOTE.
2016-03-21 Add Store::dumpPath() methodEelco Dolstra7-7/+29
This allows applying nix-store --verify-path to binary cache stores: NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7...
2016-03-21 Drop support for upgrading from Nix <= 0.12Eelco Dolstra1-84/+7
2016-03-17 Merge pull request #852 from domenkozar/docker/1.11.2Eelco Dolstra1-13/+10
Dockerfile: 1.9 -> 1.11.2, add more users
2016-03-16 Dockerfile: 1.9 -> 1.11.2, add more usersDomen Kožar1-13/+10
2016-03-15 Fix RPM buildEelco Dolstra1-1/+1
http://hydra.nixos.org/build/33280008
2016-03-15 Fix Darwin buildEelco Dolstra6-4/+8
http://hydra.nixos.org/build/33279996
2016-03-14 Fix another mismatched tagEelco Dolstra1-1/+1
http://hydra.nixos.org/build/33279570
2016-03-14 Fix build on clang due to -Wmismatched-tagsEelco Dolstra1-1/+2
http://hydra.nixos.org/build/33073389
2016-03-14 Fix bad DocBookEelco Dolstra1-2/+3
http://hydra.nixos.org/build/33087405
2016-03-14 BinaryCacheStore::isValidPath(): Use .narinfo cacheEelco Dolstra1-0/+9
If a path is in the .narinfo cache, obviously it's valid.
2016-03-10 Merge pull request #834 from abbradar/masterEelco Dolstra1-1/+1
Propagate path context via builtins.readFile
2016-03-10 Merge pull request #822 from cstrahan/nix-store-serveEelco Dolstra1-0/+58
add docs for `nix-store --serve`
2016-03-04 Add option binary-cache-secret-key-file for signing binary cachesEelco Dolstra3-2/+14
2016-03-04 BinaryCacheStore: Remove publicKeyFile argumentEelco Dolstra7-25/+39
The public key can be derived from the secret key, so there's no need for the user to supply it separately.
2016-03-04 Eliminate some large string copyingEelco Dolstra5-23/+25
2016-03-04 Add warning about "nix" being experimentalEelco Dolstra1-0/+1
2016-03-04 Merge branch 'new-cli'Eelco Dolstra26-161/+1285