| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
The VM was running out of RAM while handling debug symbols, which caused the
eu-strip to fail while separating debug symbols.
|
|
|
|
In particular, using fetchGit means we don't need hackery to clean the
source tree when building from an unclean tree.
|
|
|
|
|
|
|
|
|
|
|
|
E.g.
$ nix eval '(fetchMercurial https://www.mercurial-scm.org/repo/hello)'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "82e55d328c8ca4ee16520036c0aaace03a5beb65"; revCount = 1; shortRev = "82e55d328c8c"; }
$ nix eval '(fetchMercurial { url = https://www.mercurial-scm.org/repo/hello; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; })'
{ branch = "default"; outPath = "/nix/store/alvb9y1kfz42bjishqmyy3pphnrh1pfa-source"; rev = "0a04b987be5ae354b710cefeba0e2d9de7ad41a9"; revCount = 0; shortRev = "0a04b987be5a"; }
$ nix eval '(fetchMercurial /tmp/unclean-hg-tree)'
{ branch = "default"; outPath = "/nix/store/cm750cdw1x8wfpm3jq7mz09r30l9r024-source"; rev = "0000000000000000000000000000000000000000"; revCount = 0; shortRev = "000000000000"; }
|
|
This fixed the build on ubuntu/debian, where dash is the sh.
|
|
These have a GCC (4.9) that is too old.
https://hydra.nixos.org/eval/1391740
|
|
Actually, currently they can only create download activities. Thus,
downloads by builtins.fetchurl show up in the progress bar.
|
|
This removes the file nix-mode.el from Nix. The file is now available within the
repository https://github.com/NixOS/nix-mode.
Fixes #662
Fixes #1040
Fixes #1054
Fixes #1055
Closes #1119
Fixes #1419
NOTE: all of the above should be fixed within NixOS/nix-mode. If one of those
hasn’t please reopen within NixOS/nix-mode and not within NixOS/nix.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This prevents builders from setting the S_ISUID or S_ISGID bits,
preventing users from using a nixbld* user to create a setuid/setgid
binary to interfere with subsequent builds under the same nixbld* uid.
This is based on aszlig's seccomp code
(47f587700d646f5b03a42f2fa57c28875a31efbe).
Reported by Linus Heckemann.
|
|
And add a 116 KiB ash shell from busybox to the release build. This
helps to make sandbox builds work out of the box on non-NixOS systems
and with diverted stores.
|
|
Using linenoise avoids a license compatibility issue (#1356), is a lot
smaller and doesn't pull in ncurses.
|
|
http://hydra.nixos.org/build/52420073
|
|
http://hydra.nixos.org/build/52401151
|
|
|
|
|
|
|
|
Somehow this came back after d1da6967b8891763ce04d668027cf300c9bbf0b2.
|
|
|
|
|
|
|
|
Build logs on cache.nixos.org are compressed using Brotli (since this
allows them to be decompressed automatically by Chrome and Firefox),
so it's handy if "nix log" can decompress them.
|
|
|
|
|
|
http://hydra.nixos.org/build/49130529
|
|
|
|
|
|
|
|
Disabled hardened build because it makes the linker fail with messages like
relocation R_X86_64_PC32 against undefined symbol `BZ2_bzWriteOpen' can not be used when making a shared object; recompile with -fPIC
See https://fedoraproject.org/wiki/Changes/Harden_All_Packages.
|
|
|
|
Fixes #341
|
|
|
|
This reverts commit 9f3f2e21edb17dbcd674539dff96efb6cceca10c, reversing
changes made to 47f587700d646f5b03a42f2fa57c28875a31efbe.
|
|
|
|
|
|
Right now it only tests whether seccomp correctly forges the return
value of chown, but the long-term goal is to test the full sandboxing
functionality at some point in the future.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
We're going to use libseccomp instead of creating the raw BPF program,
because we have different syscall numbers on different architectures.
Although our initial seccomp rules will be quite small it really doesn't
make sense to generate the raw BPF program because we need to duplicate
it and/or make branches on every single architecture we want to suuport.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
