| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This prevents builders from setting the S_ISUID or S_ISGID bits,
preventing users from using a nixbld* user to create a setuid/setgid
binary to interfere with subsequent builds under the same nixbld* uid.
This is based on aszlig's seccomp code
(47f587700d646f5b03a42f2fa57c28875a31efbe).
Reported by Linus Heckemann.
|
|
And add a 116 KiB ash shell from busybox to the release build. This
helps to make sandbox builds work out of the box on non-NixOS systems
and with diverted stores.
|
|
Using linenoise avoids a license compatibility issue (#1356), is a lot
smaller and doesn't pull in ncurses.
|
|
|
|
Also, don't use lsof on Linux since it's not needed.
Fixes #1328.
|
|
|
|
|
|
Build logs on cache.nixos.org are compressed using Brotli (since this
allows them to be decompressed automatically by Chrome and Firefox),
so it's handy if "nix log" can decompress them.
|
|
|
|
|
|
This reverts commit 81c53fe8e56f4a4ce10088fe2d7b6a524a6dc126. This
check appears to be stricter than we need (it broke a bunch of
platforms that previously did build:
http://hydra.nixos.org/eval/1331921#tabs-now-fail).
|
|
At least in the main Makefile we have:
GLOBAL_CXXFLAGS += -std=c++14 -g -Wall
|
|
Fixes #341
|
|
This reverts commit 9f3f2e21edb17dbcd674539dff96efb6cceca10c, reversing
changes made to 47f587700d646f5b03a42f2fa57c28875a31efbe.
|
|
|
|
|
|
|
|
We're going to use libseccomp instead of creating the raw BPF program,
because we have different syscall numbers on different architectures.
Although our initial seccomp rules will be quite small it really doesn't
make sense to generate the raw BPF program because we need to duplicate
it and/or make branches on every single architecture we want to suuport.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Alpine seems to use this, and it results in a wrong
builtins.currentSystem. Big-endian ARM systems have triples starting
with armv6eb- or armv7eb-, so this doesn't change any systems that
already worked.
|
|
|
|
This reverts commit 80ebd60e7ca3c48a19b94ddaeebb23182b703178. The
reason why we cleared CFLAGS/CXXFLAGS was because otherwise we get a
default value of -O2, which interferes with the defaults set in the
Makefile. (E.g. "make OPTIMIZE=0" should not pass -O2.)
|
|
Looks like 5a05cf4063fc6ea666f3e24c60bd2e9e5526ef4e removed usage of
environment CFLAGS and CXXFLAGS by mistake. That change broke building
of nix on fedora core 23.
|
|
POSIX compliant directory access (fixes build on Solaris)
|
|
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent
ambiguity.
|
|
d_type is not part of the POSIX spec unfortunately.
|
|
|
|
|
|
|
|
http://hydra.nixos.org/eval/1179370
|
|
chroot only changes the process root directory, not the mount namespace root
directory, and it is well-known that any process with chroot capability can
break out of a chroot "jail". By using pivot_root as well, and unmounting the
original mount namespace root directory, breaking out becomes impossible.
Non-root processes typically have no ability to use chroot() anyway, but they
can gain that capability through the use of clone() or unshare(). For security
reasons, these syscalls are limited in functionality when used inside a normal
chroot environment. Using pivot_root() this way does allow those syscalls to be
put to their full use.
|
|
|
|
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA
signatures. Public keys are also much shorter, so they're now
specified directly in the nix.conf option ‘binary-cache-public-keys’.
The new command ‘nix-store --generate-binary-cache-key’ generates and
prints a public and secret key.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This way, we can use config.status for generating scripts/* (without
ending up with lines like "#! /usr/bin/perl -I${libexecdir}/...").
|
