about summary refs log tree commit diff
AgeCommit message (Collapse)AuthorFilesLines
2017-05-29 Add a seccomp filter to prevent creating setuid/setgid binariesEelco Dolstra5-1/+54
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann.
2017-05-29 Fix nix-copy-closure testEelco Dolstra1-0/+1
Fixes client# error: size mismatch importing path ‘/nix/store/ywf5fihjlxwijm6ygh6s0a353b5yvq4d-libidn2-0.16’; expected 0, got 120264 This is mostly an artifact of the NixOS VM test environment, where the Nix database doesn't contain hashes/sizes. http://hydra.nixos.org/build/53537471
2017-05-29 Fix build failure on Debian/UbuntuEelco Dolstra3-2/+2
http://hydra.nixos.org/build/53537463
2017-05-29 Fix typoEelco Dolstra1-1/+1
2017-05-29 Merge pull request #1393 from pyrtsa/patch-1Eelco Dolstra1-1/+1
Fix variable name typo in derivations doc
2017-05-29 Merge pull request #1394 from pyrtsa/patch-2Eelco Dolstra1-1/+1
Remove stray `>` in builtins doc
2017-05-28 Remove stray `>` in builtins docPyry Jahkola1-1/+1
2017-05-28 Fix variable name typo in derivations docPyry Jahkola1-1/+1
2017-05-24 Fix #1314Eelco Dolstra1-1/+2
Also, make nix-shell respect --option. (Previously it only passed it along to nix-instantiate and nix-build.)
2017-05-24 Merge branch 'topic/cores-master' of https://github.com/neilmayhew/nixEelco Dolstra1-0/+1
2017-05-24 Merge pull request #1376 from Mic92/patch-1Eelco Dolstra1-1/+1
nix-profile.sh: remove sbin from PATH
2017-05-24 Fix #1380Eelco Dolstra1-1/+1
It lacked a backslash. Use a raw string and single quotes around PS1 to simplify this.
2017-05-24 Merge branch 'prompt-terminator' of https://github.com/lheckemann/nixEelco Dolstra1-1/+1
2017-05-24 Merge pull request #1382 from FRidh/patch-1Eelco Dolstra1-0/+18
Document fetchTarball can take a sha256
2017-05-24 Merge branch 'nar-accessor-tree' of https://github.com/bennofs/nixEelco Dolstra4-34/+123
2017-05-17 Document that builtins.match takes a POSIX extended REEelco Dolstra2-4/+13
2017-05-17 builtins.match: Improve error message for bad regular expressionEelco Dolstra1-16/+23
Issue #1331.
2017-05-16 Improve progress indicatorEelco Dolstra26-168/+339
2017-05-15 nar-accessor.cc: remove unused member NarIndexer::currentNameBenno Fünfstück1-2/+1
2017-05-15 nar-accessor: non-recursive NarMember::findBenno Fünfstück1-21/+21
This avoids a possible stack overflow if directories are very deeply nested.
2017-05-15 Simplify fixed-output checkEelco Dolstra1-6/+2
2017-05-15 Disallow outputHash being null or an empty stringEelco Dolstra1-4/+5
Fixes #1384.
2017-05-15 Add --with-sandbox-shell configure flagEelco Dolstra7-12/+38
And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores.
2017-05-15 Linux sandbox: Don't barf on invalid pathsEelco Dolstra1-0/+1
This is useful when we're using a diverted store (e.g. "--store local?root=/tmp/nix") in conjunction with a statically-linked sh from the host store (e.g. "sandbox-paths =/bin/sh=/nix/store/.../bin/busybox").
2017-05-15 Make fmt() non-recursiveEelco Dolstra2-12/+7
2017-05-15 nar-archive.cc: add tests for the nar indexBenno Fünfstück3-1/+48
2017-05-15 Merge pull request #1387 from bennofs/nix-ls-slashEelco Dolstra1-0/+4
nix ls: support '/' for the root directory
2017-05-15 nix ls: support '/' for the root directoryBenno Fünfstück1-0/+4
2017-05-15 nar-accessor: use tree, fixes readDirectory missing childrenBenno Fünfstück1-33/+76
Previously, if a directory `foo` existed and a file `foo-` (where `-` is any character that is sorted before `/`), then `readDirectory` would return an empty list. To fix this, we now use a tree where we can just access the children of the node, and do not need to rely on sorting behavior to list the contents of a directory.
2017-05-11 Add an option for extending the user agent headerEelco Dolstra2-1/+6
This is useful e.g. for distinguishing traffic to a binary cache (e.g. certain machines can use a different tag in the user agent).
2017-05-11 Fix typoEelco Dolstra1-1/+1
2017-05-11 Tweak error messageEelco Dolstra1-1/+1
2017-05-11 Don't allow untrusted users to set info.ultimateEelco Dolstra1-0/+2
Note that a trusted signature was still required in this case so it was not a huge deal.
2017-05-11 Document fetchTarball can take a sha256Frederik Rietdijk1-0/+18
Note that I refer to `nix-prefetch-url`.
2017-05-11 Change the meaning of info.ultimateEelco Dolstra2-5/+2
It now means "paths that were built locally". It no longer includes paths that were added locally. For those we don't need info.ultimate, since we have the content-addressability assertion (info.ca).
2017-05-11 LocalStore::addToStore(): Check info.narSizeEelco Dolstra2-2/+7
It allowed the client to specify bogus narSize values. In particular, Downloader::downloadCached wasn't setting narSize at all.
2017-05-10 TypoEelco Dolstra1-1/+1
2017-05-10 Replace readline by linenoiseEelco Dolstra10-132/+1377
Using linenoise avoids a license compatibility issue (#1356), is a lot smaller and doesn't pull in ncurses.
2017-05-10 nix-shell: use appropriate prompt terminatorLinus Heckemann1-1/+1
If running nix-shell as root, the terminator should be # and not $.
2017-05-10 doc: builtins.attrNames returns alphabetically sorted listDomen Kožar1-1/+1
2017-05-08 Add "nix edit" commandEelco Dolstra1-0/+75
This is a little convenience command that opens the Nix expression of the specified package. For example, nix edit nixpkgs.perlPackages.Moose opens <nixpkgs/pkgs/top-level/perl-packages.nix> in $EDITOR (at the right line number for some editors). This requires the package to have a meta.position attribute.
2017-05-08 Minor cleanupEelco Dolstra1-11/+13
2017-05-08 Linux sandbox: Fix compatibility with older kernelsEelco Dolstra2-16/+24
2017-05-08 build-remote: Check remote build statusEelco Dolstra1-1/+4
2017-05-08 Remove superfluous #ifdefEelco Dolstra1-2/+0
2017-05-07 nix-profile.sh: remove sbin from PATHJörg Thalheim1-1/+1
sbin is a symlink to bin. profiles only contains packages, which have this symlink. It is a subset of bin. related to https://github.com/NixOS/nixpkgs/pull/25550
2017-05-05 Make the location of the build directory in the sandbox configurableEelco Dolstra4-8/+12
This is mostly for use in the sandbox tests, since if the Nix store is under /build, then we can't use /build as the build directory.
2017-05-05 Figure out the user's home directory if $HOME is not setEelco Dolstra8-36/+84
2017-05-04 Linux sandbox: Use /build instead of /tmp as $TMPDIREelco Dolstra1-5/+15
There is a security issue when a build accidentally stores its $TMPDIR in some critical place, such as an RPATH. If TMPDIR=/tmp/nix-build-..., then any user on the system can recreate that directory and inject libraries into the RPATH of programs executed by other users. Since /build probably doesn't exist (or isn't world-writable), this mitigates the issue.
2017-05-04 nix dump-path: AddEelco Dolstra3-0/+55
This is primarily useful for extracting NARs from other stores (like binary caches), which "nix-store --dump" cannot do.