about summary refs log tree commit diff
path: root/scripts
AgeCommit message (Collapse)AuthorFilesLines
2014-08-07 Warn about untrusted binary caches in extra-binary-cachesEelco Dolstra1-2/+5
2014-08-07 nix-install-package: Use extra-binary-cachesEelco Dolstra1-1/+1
2014-08-07 download-from-binary-cache.pl: Respect $SSL_CERT_FILEEelco Dolstra1-1/+1
2014-08-07 install-nix-from-closure.sh: Use https channel if possibleEelco Dolstra1-1/+5
2014-07-29 install-nix-from-closure.sh: Install cacertEelco Dolstra1-0/+3
2014-07-29 nix-profile.sh: Set $SSL_CERT_FILEEelco Dolstra1-1/+10
2014-07-24 nix-copy-closure: Drop --bzip2, --xz, --show-progressEelco Dolstra2-16/+6
These are too difficult to implement via nix-store --serve. ‘--show-progress’ could be re-implemented fairly easily via a sink/source wrapper class.
2014-07-24 nix-copy-closure: Implement --gzip via ssh's -C flagEelco Dolstra1-2/+1
2014-07-24 Remove obsolete SSH master connection codeEelco Dolstra1-1/+1
2014-07-24 Implement nix-copy-closure --from via nix-store --serveEelco Dolstra2-29/+10
2014-07-24 build-remote.pl: Be less verbose on failing buildsEelco Dolstra1-1/+2
2014-07-14 Remove cruftEelco Dolstra2-127/+0
2014-07-12 build-remote.pl: Fix build logEelco Dolstra1-1/+1
2014-07-11 build-remote.pl: Use ‘nix-store --serve’ on the remote sideEelco Dolstra1-46/+22
This makes things more efficient (we don't need to use an SSH master connection, and we only start a single remote process) and gets rid of locking issues (the remote nix-store process will keep inputs and outputs locked as long as they're needed). It also makes it more or less secure to connect directly to the root account on the build machine, using a forced command (e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix daemon and is therefore more efficient. Also, don't call nix-store to import the output paths.
2014-07-10 nix-copy-closure -s: Do substitutions via ‘nix-store --serve’Eelco Dolstra1-3/+2
This means we no longer need an SSH master connection, since we only execute a single command on the remote host.
2014-07-10 nix-copy-closure: Restore compression and the progress viewerEelco Dolstra1-2/+2
2014-05-26 nix-build: --add-root also takes 1 parameterAristid Breitkreuz1-1/+1
2014-04-10 Don't barf when installing as rootEelco Dolstra1-1/+0
2014-04-08 nix-shell --pure: Keep the user's $PAGEREelco Dolstra1-1/+1
2014-03-30 nix-collect-garbage: Add --delete-older-than optionRicardo M. Correia1-2/+10
2014-03-30 Fix nix-shell for derivation with multiple outputsMaxim Ivanov1-0/+1
If derivation declares multiple outputs and first (default) output if not "out", then "nix-instantiate" calls return path with output names appended after "!". Than suffix must be stripped before ant path checks are done.
2014-03-17 nix-build: Fix --cores flagEelco Dolstra1-1/+1
2014-02-26 Installer: Handle DarwinEelco Dolstra1-1/+1
"cp -r" doesn't copy symlinks properly on Darwin, but "cp -R" does. Fixes #215.
2014-02-26 Also provide an option for setting the curl connection timeoutEelco Dolstra1-1/+4
2014-02-26 Respect $NIX_CONNECT_TIMEOUT properlyEelco Dolstra1-2/+4
We were 1) using CURLOPT_TIMEOUT instead of CURLOPT_CONNECTTIMEOUT; 2) not passing it to the curl child process. Issue #93.
2014-02-26 Add ~/.nix-profile/sbin to $PATHEelco Dolstra1-1/+1
Fixes #112.
2014-02-26 Fix broken patchEelco Dolstra2-2/+2
2014-02-26 use USER environmental variable if getting user id by getpwuid is failed in ↵Ian-Woo Kim2-2/+2
perl scripts: download-from-binary-cache.pl and nix-channel
2014-02-19 nix-shell: Add --packages flagEelco Dolstra1-1/+11
This allows you to easily set up a build environment containing the specified packages from Nixpkgs. For example: $ nix-shell -p sqlite xorg.libX11 hello will start a shell in which the given packages are present.
2014-02-19 nix-instantiate: Add a flag --expr / -E to read expressions from the command ↵Eelco Dolstra1-7/+15
line This is basically a shortcut for ‘echo 'expr...' | nix-instantiate -’. Also supported by nix-build and nix-shell.
2014-02-19 nix-shell: Don't leave a temporary directory in /tmp behindEelco Dolstra1-0/+1
2014-02-18 Add a flag ‘--check’ to verify build determinismEelco Dolstra1-0/+4
The flag ‘--check’ to ‘nix-store -r’ or ‘nix-build’ will cause Nix to redo the build of a derivation whose output paths are already valid. If the new output differs from the original output, an error is printed. This makes it easier to test if a build is deterministic. (Obviously this cannot catch all sources of non-determinism, but it catches the most common one, namely the current time.) For example: $ nix-build '<nixpkgs>' -A patchelf ... $ nix-build '<nixpkgs>' -A patchelf --check error: derivation `/nix/store/1ipvxsdnbhl1rw6siz6x92s7sc8nwkkb-patchelf-0.6' may not be deterministic: hash mismatch in output `/nix/store/4pc1dmw5xkwmc6q3gdc9i5nbjl4dkjpp-patchelf-0.6.drv' The --check build fails if not all outputs are valid. Thus the first call to nix-build is necessary to ensure that all outputs are valid. The current outputs are left untouched: the new outputs are either put in a chroot or diverted to a different location in the store using hash rewriting.
2014-02-17 nix-shell: Execute shellHook if it existsEelco Dolstra1-0/+1
Since normal builds don't execute shellHook, this allows nix-shell specific customisation. Suggested by Domen.
2014-02-10 Force use of BashEelco Dolstra1-1/+1
"echo -n" doesn't work with /bin/sh on Darwin.
2014-02-10 Binary tarball: Automatically create /nixEelco Dolstra1-17/+94
The tarball can now be unpacked anywhere. The installation script uses "sudo" to create /nix if it doesn't exist. It also fetches the nixpkgs-unstable channel.
2014-02-10 Binary tarball: Automatically fetch the Nixpkgs channelEelco Dolstra1-1/+7
2014-02-10 nix-shell: Use shell.nix as the default expression if it existsEelco Dolstra1-1/+2
2014-02-01 Merge branch 'make'Eelco Dolstra4-43/+39
2014-02-01 Fix "make dist"Eelco Dolstra1-2/+0
2014-02-01 Remove AutomakefilesEelco Dolstra1-41/+0
2014-02-01 Update Makefile variable namesEelco Dolstra1-4/+4
2014-01-30 Rename Makefile -> local.mkEelco Dolstra1-0/+0
2014-01-23 nix-shell: Add --impure flagEelco Dolstra1-3/+2
This is currently the default, but I might change that to --pure in the future.
2014-01-23 nix-shell: Preserve the TZ variable of the userEelco Dolstra1-2/+3
2014-01-23 nix-build: RefactorEelco Dolstra1-1/+1
2014-01-21 Merge branch 'master' into makeEelco Dolstra4-12/+46
Conflicts: src/libexpr/eval.cc
2014-01-15 nix-profile.sh: Add the Nixpkgs channel to $NIX_PATHEelco Dolstra1-1/+6
2014-01-13 nix-shell: Don't set NIX_INDENT_MAKEEelco Dolstra1-0/+1
It generally is not useful in interactive environments (and messes up some non-ANSI-compliant terminals).
2014-01-13 nix-shell: Set $IN_NIX_SHELL before evaluatingEelco Dolstra1-2/+2
2014-01-08 Support cryptographically signed binary cachesEelco Dolstra2-7/+35
NAR info files in binary caches can now have a cryptographic signature that Nix will verify before using the corresponding NAR file. To create a private/public key pair for signing and verifying a binary cache, do: $ openssl genrsa -out ./cache-key.sec 2048 $ openssl rsa -in ./cache-key.sec -pubout > ./cache-key.pub You should also come up with a symbolic name for the key, such as "cache.example.org-1". This will be used by clients to look up the public key. (It's a good idea to number keys, in case you ever need to revoke/replace one.) To create a binary cache signed with the private key: $ nix-push --dest /path/to/binary-cache --key ./cache-key.sec --key-name cache.example.org-1 The public key (cache-key.pub) should be distributed to the clients. They should have a nix.conf should contain something like: signed-binary-caches = * binary-cache-public-key-cache.example.org-1 = /path/to/cache-key.pub If all works well, then if Nix fetches something from the signed binary cache, you will see a message like: *** Downloading ‘http://cache.example.org/nar/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’ (signed by ‘cache.example.org-1’) to ‘/nix/store/7dppcj5sc1nda7l54rjc0g5l1hamj09j-subversion-1.7.11’... On the other hand, if the signature is wrong, you get a message like NAR info file `http://cache.example.org/7dppcj5sc1nda7l54rjc0g5l1hamj09j.narinfo' has an invalid signature; ignoring Signatures are implemented as a single line appended to the NAR info file, which looks like this: Signature: 1;cache.example.org-1;HQ9Xzyanq9iV...muQ== Thus the signature has 3 fields: a version (currently "1"), the ID of key, and the base64-encoded signature of the SHA-256 hash of the contents of the NAR info file up to but not including the Signature line. Issue #75.