about summary refs log tree commit diff
path: root/configure.ac
AgeCommit message (Collapse)AuthorFilesLines
2018-03-20 ask autotools for c++14 support flags, not c++11; don't override laterWill Dietz1-1/+1
2018-02-19 configure.ac: define HAVE_SECCOMP macro when using seccomp, fix build/testsWill Dietz1-0/+1
Happily the failing tests should prevent anyone from using such a Nix in situations where they expect sandboxing to be on, which would otherwise be a risk.
2018-02-19 Merge pull request #1857 from dtzWill/fix/check-for-lzma-mtEelco Dolstra1-0/+2
configure.ac: check if lzma has MT support, fix deb build/etc.
2018-02-18 configure: Add a flag to disable seccomp.Shea Levy1-2/+14
This is needed for new arches where libseccomp support doesn't exist yet. Fixes #1878.
2018-02-09 configure.ac: check if lzma has MT support, fix deb build/etc.Will Dietz1-0/+2
2018-01-29 configure: Use $CPP instead of cpp directlyBen Gamari1-1/+2
The latter breaks in the case of cross-compilation, when `cpp` bears a target prefix.
2017-12-30 use libbrotli directly when availableWill Dietz1-1/+8
* Look for both 'brotli' and 'bro' as external command, since upstream has renamed it in newer versions. If neither are found, current runtime behavior is preserved: try to find 'bro' on PATH. * Limit amount handed to BrotliEncoderCompressStream to ensure interrupts are processed in a timely manner. Testing shows negligible performance impact. (Other compression sinks don't seem to require this)
2017-12-22 Check aws-sdk-cpp versionEelco Dolstra1-1/+7
2017-05-29 Add a seccomp filter to prevent creating setuid/setgid binariesEelco Dolstra1-0/+7
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann.
2017-05-15 Add --with-sandbox-shell configure flagEelco Dolstra1-0/+6
And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores.
2017-05-10 Replace readline by linenoiseEelco Dolstra1-8/+0
Using linenoise avoids a license compatibility issue (#1356), is a lot smaller and doesn't pull in ncurses.
2017-04-28 Check for libreadlineEelco Dolstra1-0/+8
2017-04-20 Detect lsofEelco Dolstra1-0/+1
Also, don't use lsof on Linux since it's not needed. Fixes #1328.
2017-03-31 Merge branch 'remove-perl' of https://github.com/shlevy/nixEelco Dolstra1-52/+0
2017-03-21 Don't make brotli a hard dependencyEelco Dolstra1-1/+1
2017-03-15 Add support for brotli compressionEelco Dolstra1-0/+1
Build logs on cache.nixos.org are compressed using Brotli (since this allows them to be decompressed automatically by Chrome and Firefox), so it's handy if "nix log" can decompress them.
2017-03-15 Remove dependency on "curl" binaryEelco Dolstra1-1/+0
2017-02-28 Improve SQLite busy handlingEelco Dolstra1-1/+1
2017-02-21 Revert "configure.ac: We require C++14 now"Eelco Dolstra1-1/+1
This reverts commit 81c53fe8e56f4a4ce10088fe2d7b6a524a6dc126. This check appears to be stricter than we need (it broke a bunch of platforms that previously did build: http://hydra.nixos.org/eval/1331921#tabs-now-fail).
2017-02-08 configure.ac: We require C++14 nowTuomas Tynkkynen1-1/+1
At least in the main Makefile we have: GLOBAL_CXXFLAGS += -std=c++14 -g -Wall
2017-02-07 Remove perl dependency.Shea Levy1-52/+0
Fixes #341
2016-12-19 Revert "Merge branch 'seccomp' of https://github.com/aszlig/nix"Eelco Dolstra1-9/+0
This reverts commit 9f3f2e21edb17dbcd674539dff96efb6cceca10c, reversing changes made to 47f587700d646f5b03a42f2fa57c28875a31efbe.
2016-12-15 Merge branch 'seccomp' of https://github.com/aszlig/nixEelco Dolstra1-0/+9
2016-12-08 Drop unused dblatex referenceEelco Dolstra1-1/+0
2016-12-06 Drop unused WWW::Curl dependencyEelco Dolstra1-12/+1
2016-11-16 Add build dependency for libseccompaszlig1-0/+9
We're going to use libseccomp instead of creating the raw BPF program, because we have different syscall numbers on different architectures. Although our initial seccomp rules will be quite small it really doesn't make sense to generate the raw BPF program because we need to duplicate it and/or make branches on every single architecture we want to suuport. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-20 Add a new option to disable documentation generation at configure timeAdrien Devresse1-0/+7
2016-08-13 remove otool checkJude Taylor1-17/+0
2016-06-09 Use O_CLOEXEC in most placesEelco Dolstra1-1/+1
2016-05-30 fix tarball jobDomen Kožar1-1/+1
2016-05-04 Make the aws-cpp-sdk dependency optionalEelco Dolstra1-0/+10
2016-05-04 Remove obsolete err.h checkEelco Dolstra1-5/+0
2016-05-04 Remove OpenSSL-based signingEelco Dolstra1-4/+0
2016-03-11 Handle ARM triples without an endianness suffixNathan Zadoks1-0/+2
Alpine seems to use this, and it results in a wrong builtins.currentSystem. Big-endian ARM systems have triples starting with armv6eb- or armv7eb-, so this doesn't change any systems that already worked.
2016-03-03 configure.ac: strip -musl in the same way as -gnuNathan Zadoks1-1/+1
2016-01-12 Revert "Do not override environment CFLAGS and CXXFLAGS"Eelco Dolstra1-0/+2
This reverts commit 80ebd60e7ca3c48a19b94ddaeebb23182b703178. The reason why we cleared CFLAGS/CXXFLAGS was because otherwise we get a default value of -O2, which interferes with the defaults set in the Makefile. (E.g. "make OPTIMIZE=0" should not pass -O2.)
2016-01-05 Do not override environment CFLAGS and CXXFLAGSIlya Novoselov1-2/+0
Looks like 5a05cf4063fc6ea666f3e24c60bd2e9e5526ef4e removed usage of environment CFLAGS and CXXFLAGS by mistake. That change broke building of nix on fedora core 23.
2016-01-05 Merge pull request #685 from vizanto/masterEelco Dolstra1-0/+1
POSIX compliant directory access (fixes build on Solaris)
2015-12-10 Build sandbox support etc. unconditionally on LinuxEelco Dolstra1-19/+0
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent ambiguity.
2015-11-07 Fix build on SolarisDanny Wilson1-0/+1
d_type is not part of the POSIX spec unfortunately.
2015-11-04 Require OpenSSLEelco Dolstra1-6/+2
2015-10-30 <nix/fetchurl.nix>: Support xz-compressed NARsEelco Dolstra1-0/+4
2015-10-21 Add resolve-system-dependencies.plJude Taylor1-0/+17
2015-03-27 Add dependency on libcurl-devEelco Dolstra1-0/+4
http://hydra.nixos.org/eval/1179370
2015-02-16 Use pivot_root in addition to chroot when possibleHarald van Dijk1-0/+1
chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use.
2015-02-10 Make libsodium an optional dependencyEelco Dolstra1-2/+6
2015-02-04 Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra1-0/+4
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2014-11-25 Rely on XML catalogs to find the DocBook schemas and stylesheetsEelco Dolstra1-11/+0
2014-09-22 configure: Force regeneration of Makefile.configEelco Dolstra1-0/+2
2014-09-17 Remove unused w3m dependencyEelco Dolstra1-1/+0