about summary refs log tree commit diff
path: root/src/libmain/shared.cc
AgeCommit message (Collapse)AuthorFilesLines
2008-12-11 * Revert r13150: now that we use private namespaces for the chroot, weEelco Dolstra1-1/+0
don't have to put the chroot in /nix/var/nix/chroots anymore. They're back in /tmp now.
2008-11-12 * Some somewhat ad hoc mechanism to allow the build farm to monitorEelco Dolstra1-0/+2
build progress.
2008-10-29 * Put the chroots under /nix/var/nix/chroots to reduce the risk ofEelco Dolstra1-0/+1
disasters involving `rm -rf' on bind mounts. Will try the definitive fix (per-process mounts, apparently possible via the CLONE_NEWNS flag in clone()) some other time.
2008-08-04 * `nix-store --realise': print what paths will be built/downloaded,Eelco Dolstra1-0/+29
just like nix-env. * `nix-store --realise': --dry-run option.
2008-08-04 * querySubstitutablePathInfo: work properly when run via the daemon.Eelco Dolstra1-1/+1
* --dry-run: print the paths that we don't know how to build/substitute.
2008-07-18 * Use the copy-from-other-stores substituter by default. Of course,Eelco Dolstra1-3/+4
it only does something if $NIX_OTHER_STORES (not really a good name...) is set. * Do globbing on the elements of $NIX_OTHER_STORES. E.g. you could set it to /mnts/*/nix or something. * Install substituters in libexec/nix/substituters.
2008-06-18 * --max-freed: support values >= 4 GB.Eelco Dolstra1-2/+2
2008-06-18 * Garbage collector: option `--max-freed' to stop after at least NEelco Dolstra1-1/+1
bytes have been freed, `--max-links' to stop when the Nix store directory has fewer than N hard links (the latter being important for very large Nix stores on filesystems with a 32000 subdirectories limit).
2008-06-14 * nix-worker: clean up the temporary root for the worker processes Eelco Dolstra1-9/+6
in /nix/var/nix/temproots.
2007-11-16 * Flag `--no-build-hook' to disable distributed builds.Eelco Dolstra1-0/+2
* queryDeriver in daemon mode: don't barf if the other side returns an empty string (which means there is no deriver).
2007-08-12 * Get rid of the substitutes database table (NIX-47). Instead, if weEelco Dolstra1-1/+7
need any info on substitutable paths, we just call the substituters (such as download-using-manifests.pl) directly. This means that it's no longer necessary for nix-pull to register substitutes or for nix-channel to clear them, which makes those operations much faster (NIX-95). Also, we don't have to worry about keeping nix-pull manifests (in /nix/var/nix/manifests) and the database in sync with each other. The downside is that there is some overhead in calling an external program to get the substitutes info. For instance, "nix-env -qas" takes a bit longer. Abolishing the substitutes table also makes the logic in local-store.cc simpler, as we don't need to store info for invalid paths. On the downside, you cannot do things like "nix-store -qR" on a substitutable but invalid path (but nobody did that anyway). * Never catch interrupts (the Interrupted exception).
2007-05-01 * Set a terminate() handler to ensure that we leave the BDBEelco Dolstra1-0/+24
environment cleanly even when an exception is thrown from a destructor. We still crash, but we don't take all other Nix processes with us.
2007-03-30 * Work around a bug in Apple's GCC preprocessor.Eelco Dolstra1-2/+2
2007-01-13 * Removed chroot support.Eelco Dolstra1-6/+0
2006-12-08 * Kill a build if it has gone for more than a certain number ofEelco Dolstra1-14/+18
seconds without producing output on stdout or stderr (NIX-65). This timeout can be specified using the `--max-silent-time' option or the `build-max-silent-time' configuration setting. The default is infinity (0). * Fix a tricky race condition: if we kill the build user before the child has done its setuid() to the build user uid, then it won't be killed, and we'll potentially lock up in pid.wait(). So also send a conventional kill to the child.
2006-12-07 * Move setuidCleanup() to libutil.Eelco Dolstra1-3/+0
2006-12-06 * nix-setuid-helper: allow running programs under a different uid.Eelco Dolstra1-11/+2
2006-12-05 * Allow unprivileged users to run the garbage collector and to doEelco Dolstra1-1/+0
`nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * `nix-store --delete --ignore-liveness': ignore the runtime roots as well.
2006-12-05 * In addPermRoot, check that the root that we just registered can beEelco Dolstra1-1/+1
found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores.
2006-12-04 * Install the worker in bindir, not libexecdir.Eelco Dolstra1-0/+1
* Allow the worker path to be overriden through the NIX_WORKER environment variable.
2006-12-03 * Doh.Eelco Dolstra1-0/+3
2006-12-03 * Don't run setuid root when build-users is empty.Eelco Dolstra1-1/+1
* Send startup errors to the client.
2006-12-03 * Removed `build-allow-root'.Eelco Dolstra1-0/+2
* Added `build-users-group', the group under which builds are to be performed. * Check that /nix/store has 1775 permission and is owner by the build-users-group.
2006-12-03 * Use setreuid if setresuid is not available.Eelco Dolstra1-6/+12
2006-12-02 * Remove most of the old setuid code.Eelco Dolstra1-4/+56
* Much simpler setuid code for the worker in slave mode.
2006-11-30 * Refactoring. There is now an abstract interface class StoreAPIEelco Dolstra1-2/+3
containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-18 * Turn off synchronisation between C and C++ I/O functions. ThisEelco Dolstra1-0/+2
gives a huge speedup in operations that read or write from standard input/output. (So libstdc++'s I/O isn't that bad, you just have to call std::ios::sync_with_stdio(false).) For instance, `nix-store --register-substitutes' went from 1.4 seconds to 0.1 seconds on a certain input. Another victory for Valgrind.
2006-09-27 * Fix setuid builds.Eelco Dolstra1-4/+0
2006-09-04 * Move setuid stuff to libutil.Eelco Dolstra1-133/+0
* Install libexpr header files.
2006-09-04 * Don't need extern "C".Eelco Dolstra1-2/+0
2006-09-04 * Use a proper namespace.Eelco Dolstra1-8/+19
* Optimise header file usage a bit. * Compile the parser as C++.
2006-08-29 * Support singleton values and nested lists again in `args', but printEelco Dolstra1-7/+4
a warning.
2006-08-10 * New configuration setting `build-max-jobs' which sets the defaultEelco Dolstra1-0/+7
for the `-j' flag (i.e., the maximum number of jobs to execute in parallel). Useful on multi-processor machines.
2006-07-20 * Use $(libexecdir) to find find-runtime-roots.pl.Eelco Dolstra1-0/+1
2006-07-06 * Allow the canonical system name to be specified at runtime in theEelco Dolstra1-0/+2
Nix config file.
2006-03-10 * Allow `make check' to work in directories that have symlinkEelco Dolstra1-23/+2
components.
2006-03-01 * Close the database before the destructor runs.Eelco Dolstra1-0/+3
2006-01-09 * dirOf: return "/", not "", for paths in the root directory. Fixes NIX-26.Eelco Dolstra1-1/+1
2005-11-04 * Install signal handlers for SIGTERM and SIGHUP. This ensures thatEelco Dolstra1-0/+4
Nix is properly shut down when it receives those signals. In particular this ensures that killing the garbage collector doesn't cause a subsequent database recovery.
2005-10-17 * Beginning of secure multi-user Nix stores. If Nix is started asEelco Dolstra1-0/+5
root (or setuid root), then builds will be performed under one of the users listed in the `build-users' configuration variables. This is to make it impossible to influence build results externally, allowing locally built derivations to be shared safely between users (see ASE-2005 paper). To do: only one builder should be active per build user.
2005-02-01 * A GC setting `gc-keep-outputs' to specify whether output paths ofEelco Dolstra1-0/+1
derivations should be kept.
2005-02-01 * nix-store, nix-instantiate: added an option `--add-root' toEelco Dolstra1-1/+23
immediately add the result as a permanent GC root. This is the only way to prevent a race with the garbage collector. For instance, the old style ln -s $(nix-store -r $(nix-instantiate foo.nix)) \ /nix/var/nix/gcroots/result has two time windows in which the garbage collector can interfere (by GC'ing the derivation and the output, respectively). On the other hand, nix-store --add-root /nix/var/nix/gcroots/result -r \ $(nix-instantiate --add-root /nix/var/nix/gcroots/drv \ foo.nix) is safe. * nix-build: use `--add-root' to prevent GC races.
2005-01-31 * Automatically remove temporary root files.Eelco Dolstra1-0/+14
2005-01-28 * Use NIX_STORE environment variable to locate the store (in additionEelco Dolstra1-1/+1
to NIX_STORE_DIR) so that Nix invocations in builders in `make check' work correctly if the store doesn't exist.
2005-01-19 * Renamed `normalise.cc' -> `build.cc', `storeexprs.cc' ->Eelco Dolstra1-2/+2
`derivations.cc', etc. * Store the SHA-256 content hash of store paths in the database after they have been built/added. This is so that we can check whether the store has been messed with (a la `rpm --verify'). * When registering path validity, verify that the closure property holds.
2005-01-14 * Start move towards SHA-256 hashes instead of MD5.Eelco Dolstra1-4/+4
* Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2004-10-29 * Drop ATmake / ATMatcher also in handling store expressions.Eelco Dolstra1-0/+6
2004-10-25 * Allow certain operations to succeed even if we don't have writeEelco Dolstra1-0/+2
permission to the Nix store or database. E.g., `nix-env -qa' will work, but `nix-env -qas' won't (the latter needs DB access). The option `--readonly-mode' forces this mode; otherwise, it's only activated when the database cannot be opened.
2004-09-10 * Operation `--delete-generations' to delete generations of aEelco Dolstra1-3/+1
profile. Arguments are either generation number, or `old' to delete all non-current generations. Typical use: $ nix-env --delete-generations old $ nix-collect-garbage * istringstream -> string2Int.
2004-09-09 * A very dirty hack to make setuid installations a bit nicer to use.Eelco Dolstra1-12/+49
Previously there was the problem that all files read by nix-env etc. should be reachable and readable by the Nix user. So for instance building a Nix expression in your home directory meant that the home directory should have at least g+x or o+x permission so that the Nix user could reach the Nix expression. Now we just switch back to the original user just prior to reading sources and the like. The places where this happens are somewhat arbitrary, however. Any scope that has a live SwitchToOriginalUser object in it is executed as the original user. * Back out r1385. setreuid() sets the saved uid to the new real/effective uid, which prevents us from switching back to the original uid. setresuid() doesn't have this problem (although the manpage has a bug: specifying -1 for the saved uid doesn't leave it unchanged; an explicit value must be specified).