Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2017-05-29 | Add a seccomp filter to prevent creating setuid/setgid binaries | Eelco Dolstra | 5 | -1/+54 | |
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann. | |||||
2017-05-29 | Fix nix-copy-closure test | Eelco Dolstra | 1 | -0/+1 | |
Fixes client# error: size mismatch importing path ‘/nix/store/ywf5fihjlxwijm6ygh6s0a353b5yvq4d-libidn2-0.16’; expected 0, got 120264 This is mostly an artifact of the NixOS VM test environment, where the Nix database doesn't contain hashes/sizes. http://hydra.nixos.org/build/53537471 | |||||
2017-05-29 | Fix build failure on Debian/Ubuntu | Eelco Dolstra | 3 | -2/+2 | |
http://hydra.nixos.org/build/53537463 | |||||
2017-05-29 | Fix typo | Eelco Dolstra | 1 | -1/+1 | |
2017-05-29 | Merge pull request #1393 from pyrtsa/patch-1 | Eelco Dolstra | 1 | -1/+1 | |
Fix variable name typo in derivations doc | |||||
2017-05-29 | Merge pull request #1394 from pyrtsa/patch-2 | Eelco Dolstra | 1 | -1/+1 | |
Remove stray `>` in builtins doc | |||||
2017-05-28 | Remove stray `>` in builtins doc | Pyry Jahkola | 1 | -1/+1 | |
2017-05-28 | Fix variable name typo in derivations doc | Pyry Jahkola | 1 | -1/+1 | |
2017-05-24 | Fix #1314 | Eelco Dolstra | 1 | -1/+2 | |
Also, make nix-shell respect --option. (Previously it only passed it along to nix-instantiate and nix-build.) | |||||
2017-05-24 | Merge branch 'topic/cores-master' of https://github.com/neilmayhew/nix | Eelco Dolstra | 1 | -0/+1 | |
2017-05-24 | Merge pull request #1376 from Mic92/patch-1 | Eelco Dolstra | 1 | -1/+1 | |
nix-profile.sh: remove sbin from PATH | |||||
2017-05-24 | Fix #1380 | Eelco Dolstra | 1 | -1/+1 | |
It lacked a backslash. Use a raw string and single quotes around PS1 to simplify this. | |||||
2017-05-24 | Merge branch 'prompt-terminator' of https://github.com/lheckemann/nix | Eelco Dolstra | 1 | -1/+1 | |
2017-05-24 | Merge pull request #1382 from FRidh/patch-1 | Eelco Dolstra | 1 | -0/+18 | |
Document fetchTarball can take a sha256 | |||||
2017-05-24 | Merge branch 'nar-accessor-tree' of https://github.com/bennofs/nix | Eelco Dolstra | 4 | -34/+123 | |
2017-05-17 | Document that builtins.match takes a POSIX extended RE | Eelco Dolstra | 2 | -4/+13 | |
2017-05-17 | builtins.match: Improve error message for bad regular expression | Eelco Dolstra | 1 | -16/+23 | |
Issue #1331. | |||||
2017-05-16 | Improve progress indicator | Eelco Dolstra | 26 | -168/+339 | |
2017-05-15 | nar-accessor.cc: remove unused member NarIndexer::currentName | Benno Fünfstück | 1 | -2/+1 | |
2017-05-15 | nar-accessor: non-recursive NarMember::find | Benno Fünfstück | 1 | -21/+21 | |
This avoids a possible stack overflow if directories are very deeply nested. | |||||
2017-05-15 | Simplify fixed-output check | Eelco Dolstra | 1 | -6/+2 | |
2017-05-15 | Disallow outputHash being null or an empty string | Eelco Dolstra | 1 | -4/+5 | |
Fixes #1384. | |||||
2017-05-15 | Add --with-sandbox-shell configure flag | Eelco Dolstra | 7 | -12/+38 | |
And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores. | |||||
2017-05-15 | Linux sandbox: Don't barf on invalid paths | Eelco Dolstra | 1 | -0/+1 | |
This is useful when we're using a diverted store (e.g. "--store local?root=/tmp/nix") in conjunction with a statically-linked sh from the host store (e.g. "sandbox-paths =/bin/sh=/nix/store/.../bin/busybox"). | |||||
2017-05-15 | Make fmt() non-recursive | Eelco Dolstra | 2 | -12/+7 | |
2017-05-15 | nar-archive.cc: add tests for the nar index | Benno Fünfstück | 3 | -1/+48 | |
2017-05-15 | Merge pull request #1387 from bennofs/nix-ls-slash | Eelco Dolstra | 1 | -0/+4 | |
nix ls: support '/' for the root directory | |||||
2017-05-15 | nix ls: support '/' for the root directory | Benno Fünfstück | 1 | -0/+4 | |
2017-05-15 | nar-accessor: use tree, fixes readDirectory missing children | Benno Fünfstück | 1 | -33/+76 | |
Previously, if a directory `foo` existed and a file `foo-` (where `-` is any character that is sorted before `/`), then `readDirectory` would return an empty list. To fix this, we now use a tree where we can just access the children of the node, and do not need to rely on sorting behavior to list the contents of a directory. | |||||
2017-05-11 | Add an option for extending the user agent header | Eelco Dolstra | 2 | -1/+6 | |
This is useful e.g. for distinguishing traffic to a binary cache (e.g. certain machines can use a different tag in the user agent). | |||||
2017-05-11 | Fix typo | Eelco Dolstra | 1 | -1/+1 | |
2017-05-11 | Tweak error message | Eelco Dolstra | 1 | -1/+1 | |
2017-05-11 | Don't allow untrusted users to set info.ultimate | Eelco Dolstra | 1 | -0/+2 | |
Note that a trusted signature was still required in this case so it was not a huge deal. | |||||
2017-05-11 | Document fetchTarball can take a sha256 | Frederik Rietdijk | 1 | -0/+18 | |
Note that I refer to `nix-prefetch-url`. | |||||
2017-05-11 | Change the meaning of info.ultimate | Eelco Dolstra | 2 | -5/+2 | |
It now means "paths that were built locally". It no longer includes paths that were added locally. For those we don't need info.ultimate, since we have the content-addressability assertion (info.ca). | |||||
2017-05-11 | LocalStore::addToStore(): Check info.narSize | Eelco Dolstra | 2 | -2/+7 | |
It allowed the client to specify bogus narSize values. In particular, Downloader::downloadCached wasn't setting narSize at all. | |||||
2017-05-10 | Typo | Eelco Dolstra | 1 | -1/+1 | |
2017-05-10 | Replace readline by linenoise | Eelco Dolstra | 10 | -132/+1377 | |
Using linenoise avoids a license compatibility issue (#1356), is a lot smaller and doesn't pull in ncurses. | |||||
2017-05-10 | nix-shell: use appropriate prompt terminator | Linus Heckemann | 1 | -1/+1 | |
If running nix-shell as root, the terminator should be # and not $. | |||||
2017-05-10 | doc: builtins.attrNames returns alphabetically sorted list | Domen Kožar | 1 | -1/+1 | |
2017-05-08 | Add "nix edit" command | Eelco Dolstra | 1 | -0/+75 | |
This is a little convenience command that opens the Nix expression of the specified package. For example, nix edit nixpkgs.perlPackages.Moose opens <nixpkgs/pkgs/top-level/perl-packages.nix> in $EDITOR (at the right line number for some editors). This requires the package to have a meta.position attribute. | |||||
2017-05-08 | Minor cleanup | Eelco Dolstra | 1 | -11/+13 | |
2017-05-08 | Linux sandbox: Fix compatibility with older kernels | Eelco Dolstra | 2 | -16/+24 | |
2017-05-08 | build-remote: Check remote build status | Eelco Dolstra | 1 | -1/+4 | |
2017-05-08 | Remove superfluous #ifdef | Eelco Dolstra | 1 | -2/+0 | |
2017-05-07 | nix-profile.sh: remove sbin from PATH | Jörg Thalheim | 1 | -1/+1 | |
sbin is a symlink to bin. profiles only contains packages, which have this symlink. It is a subset of bin. related to https://github.com/NixOS/nixpkgs/pull/25550 | |||||
2017-05-05 | Make the location of the build directory in the sandbox configurable | Eelco Dolstra | 4 | -8/+12 | |
This is mostly for use in the sandbox tests, since if the Nix store is under /build, then we can't use /build as the build directory. | |||||
2017-05-05 | Figure out the user's home directory if $HOME is not set | Eelco Dolstra | 8 | -36/+84 | |
2017-05-04 | Linux sandbox: Use /build instead of /tmp as $TMPDIR | Eelco Dolstra | 1 | -5/+15 | |
There is a security issue when a build accidentally stores its $TMPDIR in some critical place, such as an RPATH. If TMPDIR=/tmp/nix-build-..., then any user on the system can recreate that directory and inject libraries into the RPATH of programs executed by other users. Since /build probably doesn't exist (or isn't world-writable), this mitigates the issue. | |||||
2017-05-04 | nix dump-path: Add | Eelco Dolstra | 3 | -0/+55 | |
This is primarily useful for extracting NARs from other stores (like binary caches), which "nix-store --dump" cannot do. |