Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2017-07-14 | Shellcheck the existing installer | Graham Christensen | 1 | -1/+4 | |
2017-07-14 | Tarball job: Include libseccomp on Linux only | Eelco Dolstra | 1 | -2/+1 | |
2017-06-19 | Let hydra choose an alternate list of systems | Shea Levy | 1 | -3/+1 | |
2017-06-01 | Fix coverage job | Eelco Dolstra | 1 | -1/+1 | |
2017-06-01 | RPM, Deb: Add dependency on libseccomp | Eelco Dolstra | 1 | -3/+3 | |
2017-05-29 | Add test for setuid seccomp filter | Eelco Dolstra | 1 | -0/+5 | |
2017-05-29 | Add a seccomp filter to prevent creating setuid/setgid binaries | Eelco Dolstra | 1 | -0/+2 | |
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann. | |||||
2017-05-15 | Add --with-sandbox-shell configure flag | Eelco Dolstra | 1 | -5/+4 | |
And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores. | |||||
2017-05-10 | Replace readline by linenoise | Eelco Dolstra | 1 | -11/+11 | |
Using linenoise avoids a license compatibility issue (#1356), is a lot smaller and doesn't pull in ncurses. | |||||
2017-05-03 | Fix Ubuntu 16.10 build | Eelco Dolstra | 1 | -9/+9 | |
http://hydra.nixos.org/build/52420073 | |||||
2017-05-03 | Fix perlBindings.x86_64-darwin | Eelco Dolstra | 1 | -1/+1 | |
http://hydra.nixos.org/build/52401151 | |||||
2017-04-28 | Check for libreadline | Eelco Dolstra | 1 | -3/+3 | |
2017-04-25 | Make "nix repl" build | Eelco Dolstra | 1 | -1/+2 | |
2017-04-14 | Build on aarch64-linux | Eelco Dolstra | 1 | -1/+1 | |
2017-04-11 | Drop WWW::Curl dependency | Eelco Dolstra | 1 | -1/+0 | |
Somehow this came back after d1da6967b8891763ce04d668027cf300c9bbf0b2. | |||||
2017-03-31 | Fix evaluation error | Eelco Dolstra | 1 | -1/+1 | |
2017-03-31 | Merge branch 'remove-perl' of https://github.com/shlevy/nix | Eelco Dolstra | 1 | -15/+34 | |
2017-03-30 | Remove tabs | Shea Levy | 1 | -3/+3 | |
2017-03-15 | Add support for brotli compression | Eelco Dolstra | 1 | -2/+6 | |
Build logs on cache.nixos.org are compressed using Brotli (since this allows them to be decompressed automatically by Chrome and Firefox), so it's handy if "nix log" can decompress them. | |||||
2017-03-05 | Add signing and s3 support on darwin | Shea Levy | 1 | -2/+2 | |
2017-02-22 | Doh | Eelco Dolstra | 1 | -2/+2 | |
2017-02-22 | Fix 32-bit RPM/Deb builds | Eelco Dolstra | 1 | -4/+4 | |
http://hydra.nixos.org/build/49130529 | |||||
2017-02-21 | Drop some Ubuntu releases | Eelco Dolstra | 1 | -11/+3 | |
2017-02-21 | Debian build: Use parallel make and add Ubuntu 16.10 | Eelco Dolstra | 1 | -1/+4 | |
2017-02-21 | RPM build: Use parallel make | Eelco Dolstra | 1 | -1/+2 | |
2017-02-21 | Build RPMs for Fedora 25 | Eelco Dolstra | 1 | -4/+4 | |
Disabled hardened build because it makes the linker fail with messages like relocation R_X86_64_PC32 against undefined symbol `BZ2_bzWriteOpen' can not be used when making a shared object; recompile with -fPIC See https://fedoraproject.org/wiki/Changes/Harden_All_Packages. | |||||
2017-02-07 | Add nix-perl package for the perl bindings | Shea Levy | 1 | -0/+27 | |
2017-02-07 | Remove perl dependency. | Shea Levy | 1 | -15/+7 | |
Fixes #341 | |||||
2017-01-27 | release.nix: Drop nix-shell references | Eelco Dolstra | 1 | -2/+3 | |
2016-12-19 | Revert "Merge branch 'seccomp' of https://github.com/aszlig/nix" | Eelco Dolstra | 1 | -6/+1 | |
This reverts commit 9f3f2e21edb17dbcd674539dff96efb6cceca10c, reversing changes made to 47f587700d646f5b03a42f2fa57c28875a31efbe. | |||||
2016-12-15 | Merge branch 'seccomp' of https://github.com/aszlig/nix | Eelco Dolstra | 1 | -1/+6 | |
2016-12-06 | Drop unused WWW::Curl dependency | Eelco Dolstra | 1 | -4/+1 | |
2016-11-16 | release.nix: Add a test for sandboxing | aszlig | 1 | -0/+4 | |
Right now it only tests whether seccomp correctly forges the return value of chown, but the long-term goal is to test the full sandboxing functionality at some point in the future. Signed-off-by: aszlig <aszlig@redmoonstudios.org> | |||||
2016-11-16 | Add build dependency for libseccomp | aszlig | 1 | -1/+2 | |
We're going to use libseccomp instead of creating the raw BPF program, because we have different syscall numbers on different architectures. Although our initial seccomp rules will be quite small it really doesn't make sense to generate the raw BPF program because we need to duplicate it and/or make branches on every single architecture we want to suuport. Signed-off-by: aszlig <aszlig@redmoonstudios.org> | |||||
2016-11-09 | Implement backwards-compatible RemoteStore::addToStore() | Eelco Dolstra | 1 | -1/+2 | |
The SSHStore PR adds this functionality to the daemon, but we have to handle the case where the Nix daemon is 1.11. Also, don't require signatures for trusted users. This restores 1.11 behaviour. Fixes https://github.com/NixOS/hydra/issues/398. | |||||
2016-08-30 | Drop Fedora 19/20 builds | Eelco Dolstra | 1 | -6/+0 | |
These don't support regex_replace either. | |||||
2016-08-30 | Drop Ubuntu 13.10, 14.04 builds | Eelco Dolstra | 1 | -6/+0 | |
These don't support regex_replace. http://hydra.nixos.org/build/39363999 http://hydra.nixos.org/build/39363981 | |||||
2016-08-10 | Remove $NIX_DB_DIR | Eelco Dolstra | 1 | -1/+0 | |
This variable has no reason to exist, given $NIX_STATE_DIR. | |||||
2016-05-31 | Fix OOM in the installer test | Eelco Dolstra | 1 | -2/+4 | |
http://hydra.nixos.org/build/36462209 | |||||
2016-05-31 | Doh | Eelco Dolstra | 1 | -2/+0 | |
2016-05-31 | Fix Debian 8 build | Eelco Dolstra | 1 | -2/+2 | |
http://hydra.nixos.org/build/36462150 | |||||
2016-05-31 | Fix clang build failure | Eelco Dolstra | 1 | -0/+2 | |
Apparently opinion is divided on whether [[noreturn]] is allowed on a lambda: http://stackoverflow.com/questions/26888805/how-to-declare-a-lambdas-operator-as-noreturn http://hydra.nixos.org/build/36462100 | |||||
2016-05-04 | Make the aws-cpp-sdk dependency optional | Eelco Dolstra | 1 | -6/+5 | |
2016-05-02 | Merge pull request #892 from domenkozar/ubuntu1604 | Eelco Dolstra | 1 | -13/+18 | |
add Ubuntu 16.03 .deb builds | |||||
2016-04-29 | add Ubuntu 16.03 .deb builds | Domen Kožar | 1 | -13/+18 | |
2016-04-21 | Move S3BinaryCacheStore from Hydra | Eelco Dolstra | 1 | -1/+8 | |
This allows running arbitrary Nix commands against an S3 binary cache. To do: make this a compile time option to prevent a dependency on aws-sdk-cpp. | |||||
2016-04-14 | Remove PDF manual | Eelco Dolstra | 1 | -14/+1 | |
More spring cleaning. | |||||
2016-03-28 | Kill the temporary darwin-specific channel | Dan Peebles | 1 | -3/+2 | |
The issues have been resolved upstream in the main nixpkgs channel now | |||||
2016-02-17 | Drop all distros that are not down with C++11 | Eelco Dolstra | 1 | -10/+2 | |
2016-01-20 | Fix eval | Eelco Dolstra | 1 | -2/+1 | |