Age | Commit message (Collapse) | Author | Files | Lines |
|
users.
If the configure flag `--enable-setuid' is used, the Nix programs
nix-env, nix-store, etc. are installed with the setuid bit turned on
so that they are executed as the user and group specified by
`--with-nix-user=USER' and `--with-nix-group=GROUP', respectively
(with defaults `nix' and `nix').
The setuid programs drop all special privileges if they are executed
by a user who is not a member of the Nix group.
The setuid feature is a quick hack to enable sharing of a Nix
installation between users who trust each other. It is not
generally secure, since any user in the Nix group can modify (by
building an appropriate derivation) any object in the store, and for
instance inject trojans into binaries used by other users.
The setuid programs are owned by root, not the Nix user. This is
because on Unix normal users cannot change the real uid, only the
effective uid. Many programs don't work properly when the real uid
differs from the effective uid. For instance, Perl will turn on
taint mode. However, the setuid programs drop all root privileges
immediately, changing all uids and gids to the Nix user and group.
|
|
* Handle multiple derivations correctly.
|
|
store object just built.
|
|
|
|
their output paths (and only that) on standard output.
|
|
|
|
|
|
Nix expressions.
To subscribe to a channel (needs to be done only once):
nix-channel --add \
http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable
This just adds the given URL to ~/.nix-channels (which can also be
edited manually).
To update from all channels:
nix-channel --update
This fetches the latest expressions and pulls cache manifests. The
default Nix expression (~/.nix-defexpr) is made to point to the
conjunction of the expressions downloaded from all channels.
So to update all installed derivations in the current user
environment:
nix-channel --update
nix-env --upgrade '*'
If you are really courageous, you can put this in a cronjob or
something.
You can subscribe to multiple channels. It is not entirely clear
what happens when there are name clashes between derivations from
different channels. From nix-env/main.cc it appears that the one
with the lowest (highest?) hash will be used, which is pretty
meaningless.
|
|
environment variable. This is useful for passing authentication
information (it won't show up in `ps'). Hacky - nix-push should
abstract over the use of Curl.
|
|
|
|
|
|
* Made the dependencies on bzip2 and the shell explicit.
|
|
|
|
|
|
Otherwise the substitute mechanism can break in subtle ways.
|
|
* nix-pull now requires the full url to the manifest, i.e.,
`/MANIFEST/' is no longer automatically appended.
* nix-prefetch-url works again.
|
|
default -> default-94-link
default-82-link -> /nix/store/cc4480...
default-83-link -> /nix/store/caeec8...
...
default-94-link -> /nix/store/2896ca...
experimental -> experimental-2-link
experimental-1-link -> /nix/store/cc4480...
experimental-2-link -> /nix/store/a3148f...
* `--profile' / `-p' -> `--switch-profile' / `-S'
* `--link' / `-l' -> `--profile' / `-p'
* The default profile is stored in $prefix/var/nix/profiles.
$prefix/var/nix/links is gone. Profiles can be stored anywhere.
* The current profile is now referenced from ~/.nix-profile, not
~/.nix-userenv.
* The roots to the garbage collector now have extension `.gcroot', not
`.id'.
|
|
|
|
|
|
* Use curl instead of wget.
|
|
files. Target location is no longer hard-coded; it accepts a number
of URLs on the command line.
* `nix-install-package': compatibility fixes.
|
|
the symlink ~/.nix-userenv to the given argument (which defaults to
.../links/current). /etc/profile.d/nix-profile creates this symlink
if it doesn't exist yet. Example use:
$ nix-env -l my_profile -i foo.nix subversion quake
$ nix-env -p my_profile
I don't like the term "profile". Let's deprecate it :-)
|
|
* Respect DESTDIR variable.
|
|
|
|
|
|
--register-[substitutes|successors].
|
|
|
|
$ nix-instantiate --help
error: unknown flag `--help`
Try `nix-instantiate --help' for more information.
:-)
|
|
"i686-linux" instead of "i686-suse-linux").
|
|
The script nix-install-package takes a `Nix package file' (which
contains one or more derivations, along with URLs of Nix caches),
unpacks it, pulls the caches, and installs the derivations in the
user's environment.
For best results, associate the command `xterm -e
/nix/bin/nix-install-package' with the MIME type
`application/x-nix-package' and visit
http://losser.st-lab.cs.uu.nl/~eelco/test/.
|
|
|
|
|
|
|
|
deleting a path in the store.
* Allow absolute paths in Nix expressions.
* Get nix-prefetch-url to work again.
* Various other fixes.
|
|
|
|
|
|
|
|
|
|
* Fixed a segfault caused by the buffering of stderr.
* Fix now allows the specification of the full output path. This
should be used with great care, since it by-passes the normal hash
generation.
* Incremented the version number to 0.4 (prerelease).
|
|
* Fixed svn:ignore on externals/.
|
|
override.
|
|
|
|
|
|
fstate -> Nix expression).
* Fix src/test.cc.
|
|
|
|
* nar.sh needs a path.
|
|
|
|
store, and print its hash.
|
|
|
|
NAME'. E.g., on the losser Subversion server, I do `nix-switch --name
svn $(fix ...)' to atomically upgrade the server (the SVN server
uses the Apache and Subversion installations in /nix/var/nix/links/svn).
|