about summary refs log tree commit diff
path: root/src/libmain
AgeCommit message (Collapse)AuthorFilesLines
2005-10-17 * Beginning of secure multi-user Nix stores. If Nix is started asEelco Dolstra1-0/+5
root (or setuid root), then builds will be performed under one of the users listed in the `build-users' configuration variables. This is to make it impossible to influence build results externally, allowing locally built derivations to be shared safely between users (see ASE-2005 paper). To do: only one builder should be active per build user.
2005-07-22 * Build dynamic libraries.Eelco Dolstra1-2/+2
2005-02-01 * A GC setting `gc-keep-outputs' to specify whether output paths ofEelco Dolstra2-0/+2
derivations should be kept.
2005-02-01 * nix-store, nix-instantiate: added an option `--add-root' toEelco Dolstra2-1/+27
immediately add the result as a permanent GC root. This is the only way to prevent a race with the garbage collector. For instance, the old style ln -s $(nix-store -r $(nix-instantiate foo.nix)) \ /nix/var/nix/gcroots/result has two time windows in which the garbage collector can interfere (by GC'ing the derivation and the output, respectively). On the other hand, nix-store --add-root /nix/var/nix/gcroots/result -r \ $(nix-instantiate --add-root /nix/var/nix/gcroots/drv \ foo.nix) is safe. * nix-build: use `--add-root' to prevent GC races.
2005-01-31 * Automatically remove temporary root files.Eelco Dolstra1-0/+14
2005-01-28 * Use NIX_STORE environment variable to locate the store (in additionEelco Dolstra1-1/+1
to NIX_STORE_DIR) so that Nix invocations in builders in `make check' work correctly if the store doesn't exist.
2005-01-19 * Renamed `normalise.cc' -> `build.cc', `storeexprs.cc' ->Eelco Dolstra1-2/+2
`derivations.cc', etc. * Store the SHA-256 content hash of store paths in the database after they have been built/added. This is so that we can check whether the store has been messed with (a la `rpm --verify'). * When registering path validity, verify that the closure property holds.
2005-01-14 * Start move towards SHA-256 hashes instead of MD5.Eelco Dolstra1-4/+4
* Start cleaning up unique store path generation (they weren't always unique; in particular the suffix ("-aterm-2.2", "-builder.sh") was not part of the hash, therefore changes to the suffix would cause multiple store objects with the same hash).
2004-10-29 * Drop ATmake / ATMatcher also in handling store expressions.Eelco Dolstra1-0/+6
2004-10-25 * Allow certain operations to succeed even if we don't have writeEelco Dolstra1-0/+2
permission to the Nix store or database. E.g., `nix-env -qa' will work, but `nix-env -qas' won't (the latter needs DB access). The option `--readonly-mode' forces this mode; otherwise, it's only activated when the database cannot be opened.
2004-10-25 * Revert r1594 - it didn't solve the problem. Instead addEelco Dolstra1-1/+1
svn-revision to distributions, which should fix it.
2004-10-25 * Make sure that the prerelease version is included in `--version'.Eelco Dolstra1-1/+1
2004-09-10 * Operation `--delete-generations' to delete generations of aEelco Dolstra1-3/+1
profile. Arguments are either generation number, or `old' to delete all non-current generations. Typical use: $ nix-env --delete-generations old $ nix-collect-garbage * istringstream -> string2Int.
2004-09-09 * A very dirty hack to make setuid installations a bit nicer to use.Eelco Dolstra1-12/+49
Previously there was the problem that all files read by nix-env etc. should be reachable and readable by the Nix user. So for instance building a Nix expression in your home directory meant that the home directory should have at least g+x or o+x permission so that the Nix user could reach the Nix expression. Now we just switch back to the original user just prior to reading sources and the like. The places where this happens are somewhat arbitrary, however. Any scope that has a live SwitchToOriginalUser object in it is executed as the original user. * Back out r1385. setreuid() sets the saved uid to the new real/effective uid, which prevents us from switching back to the original uid. setresuid() doesn't have this problem (although the manpage has a bug: specifying -1 for the saved uid doesn't leave it unchanged; an explicit value must be specified).
2004-09-09 * Use setre[ug]id() instead of setres[ug]id(), since the former isEelco Dolstra1-4/+4
more common than the latter (which exists only on Linux and FreeBSD). We don't really care about dropping the saved IDs since there apparently is no way to quiry them in any case, so it can't influence the build (unlike the effective IDs which are checked by Perl for instance).
2004-09-09 * Set the umask to known value (0022). This is important in aEelco Dolstra1-0/+6
setuid installation, since the calling user may have a more fascist umask (say, 0077), which would cause the store objects built by Nix to be unreadable to anyone other than the Nix user.
2004-08-20 * The gid should also match.Eelco Dolstra1-1/+1
2004-08-20 * Unbreak programs that are not setuid (such as nix-hash).Eelco Dolstra1-0/+3
2004-08-20 * On systems that have the setresuid() and setresgid() system calls toEelco Dolstra1-8/+21
set the real uid and gid to the effective uid and gid, the Nix binaries can be installed as owned by the Nix user and group instead of root, so no root involvement of any kind is necessary. Linux and FreeBSD have these functions.
2004-08-20 * Setuid support for sharing a Nix installation between multipleEelco Dolstra1-0/+82
users. If the configure flag `--enable-setuid' is used, the Nix programs nix-env, nix-store, etc. are installed with the setuid bit turned on so that they are executed as the user and group specified by `--with-nix-user=USER' and `--with-nix-group=GROUP', respectively (with defaults `nix' and `nix'). The setuid programs drop all special privileges if they are executed by a user who is not a member of the Nix group. The setuid feature is a quick hack to enable sharing of a Nix installation between users who trust each other. It is not generally secure, since any user in the Nix group can modify (by building an appropriate derivation) any object in the store, and for instance inject trojans into binaries used by other users. The setuid programs are owned by root, not the Nix user. This is because on Unix normal users cannot change the real uid, only the effective uid. Many programs don't work properly when the real uid differs from the effective uid. For instance, Perl will turn on taint mode. However, the setuid programs drop all root privileges immediately, changing all uids and gids to the Nix user and group.
2004-08-18 * The default verbosity level of all Nix commands is now lvlInfo.Eelco Dolstra1-1/+3
* Builder output is written to standard error by default. * The option `-B' is gone. * The option `-Q' suppresses builder output. The result of this is that most Nix invocations shouldn't need any flags w.r.t. logging.
2004-06-28 * Added a switch `--fallback'. From the manual:Eelco Dolstra1-0/+2
Whenever Nix attempts to realise a derivation for which a closure is already known, but this closure cannot be realised, fall back on normalising the derivation. The most common scenario in which this is useful is when we have registered substitutes in order to perform binary distribution from, say, a network repository. If the repository is down, the realisation of the derivation will fail. When this option is specified, Nix will build the derivation instead. Thus, binary installation falls back on a source installation. This option is not the default since it is generally not desirable for a transient failure in obtaining the substitutes to lead to a full build from source (with the related consumption of resources).
2004-06-25 * A flag `--keep-going / -k' to keep building goals if one fails, asEelco Dolstra1-0/+2
much as possible. (This is similar to GNU Make's `-k' flag.) * Refactoring to implement this: previously we just bombed out when a build failed, but now we have to clean up. In particular this means that goals must be freed quickly --- they shouldn't hang around until the worker exits. So the worker now maintains weak pointers in order not to prevent garbage collection. * Documented the `-k' and `-j' flags.
2004-05-13 * The build hooks used to implement distributed builds can now be runEelco Dolstra1-0/+6
in parallel. Hooks are more efficient: locks on output paths are only acquired when the hook says that it is willing to accept a build job. Hooks now work in two phases. First, they should first tell Nix whether they are willing to accept a job. Nix guarantuees that no two hooks will ever be in the first phase at the same time (this simplifies the implementation of hooks, since they don't have to perform locking (?)). Second, if they accept a job, they are then responsible for building it (on the remote system), and copying the result back. These can be run in parallel with other hooks and locally executed jobs. The implementation is a bit messy right now, though. * The directory `distributed' shows a (hacky) example of a hook that distributes build jobs over a set of machines listed in a configuration file.
2004-05-12 * A switch `-j NUMBER' to set the maximum number of parallel jobs (0 =Eelco Dolstra1-3/+16
no limit). * Add missing file to distribution.
2004-05-12 * An quick and dirty hack to support distributed builds.Eelco Dolstra1-7/+0
2004-05-11 * True parallel builds. Nix can now run as many build jobs inEelco Dolstra1-2/+18
parallel as possible (similar to GNU Make's `-j' switch). This is useful on SMP systems, but it is especially useful for doing builds on multiple machines. The idea is that a large derivation is initiated on one master machine, which then distributes sub-derivations to any number of slave machines. This should not happen synchronously or in lock-step, so the master must be capable of dealing with multiple parallel build jobs. We now have the infrastructure to support this. TODO: substitutes are currently broken.
2004-05-04 * Allow the location of the store etc. to be specified usingEelco Dolstra1-12/+19
environment variables. * Started adding some automatic tests. * Do a `make check' when building RPMs.
2004-03-27 * Disallow the Nix store or any of its parents from being symlinks.Eelco Dolstra1-6/+29
This is because the contents of these symlinks are not incorporated into the hashes of derivations, and could therefore cause a mismatch between the build system and the target system. E.g., if `/nix/store' is a symlink to `/data/nix/store', then a builder could expand this path and store the result. If on the target system `/nix/store' is not a symlink, or is a symlink that points somewhere else, we have a dangling pointer. The trigger for this change is that gcc 3.3.3 does exactly that (it applies realpath() to some files, such as libraries, which causes our impurity checker to bail out.) An annoying side-effect of this change is that it makes it harder to move the Nix store to a different file system. On Linux, bind mounts can be used instead of symlink for this purpose (e.g., `mount -o bind /data/nix/store /nix/store').
2004-03-22 * Nix now has three different formats for the log information itEelco Dolstra1-1/+18
writes to stderr: - `pretty': the old nested style (default) - `escapes': uses escape codes to indicate nesting and message level; can be processed using `log2xml' - `flat': just plain text, no nesting These can be set using `--log-type TYPE' or the NIX_LOG_TYPE environment variable.
2004-02-16 * Allow linking against an external Berkeley DB / ATerm library.Eelco Dolstra1-1/+1
2004-02-16 * Allow the location of the store to be specified (--with-store-dir).Eelco Dolstra1-1/+1
* Do not create stuff in localstatedir when doing `make install' (since we may not have write access). In general, installation of constant code/data should be separate from the initialisation of mutable state.
2004-02-14 * The environment variable NIX_ROOT can now be set to execute Nix in aEelco Dolstra1-0/+7
chroot() environment. * A operation `--validpath' to register path validity. Useful for bootstrapping in a pure Nix environment. * Safety checks: ensure that files involved in store operations are in the store.
2004-02-02 * Sort `nix-env -q' output by derivation name.Eelco Dolstra2-0/+4
* `--version' flag for all commands. * Manual updates.
2004-01-15 * Remove debug message.Eelco Dolstra1-1/+0
2004-01-15 * Catch SIGINT to terminate cleanly when the user tries to interruptEelco Dolstra1-0/+15
Nix. This is to prevent Berkeley DB from becoming wedged. Unfortunately it is not possible to throw C++ exceptions from a signal handler. In fact, you can't do much of anything except change variables of type `volatile sig_atomic_t'. So we set an interrupt flag in the signal handler and check it at various strategic locations in the code (by calling checkInterrupt()). Since this is unlikely to cover all cases (e.g., (semi-)infinite loops), sometimes SIGTERM may now be required to kill Nix.
2004-01-13 * Option `-B' to always show the output of builders, regardless ofEelco Dolstra1-0/+2
verbosity level.
2003-12-22 * GCC 2.95 compatibility.Eelco Dolstra1-0/+3
2003-12-01 * Help text for all (non-script) programs, so no more:Eelco Dolstra2-14/+34
$ nix-instantiate --help error: unknown flag `--help` Try `nix-instantiate --help' for more information. :-)
2003-11-25 * More `make dist' fixes.Eelco Dolstra1-3/+1
2003-11-19 * nix-env: a tool to manage user environments.Eelco Dolstra1-0/+1
* Replace all directory reading code by a generic readDirectory() function.
2003-11-18 * libnix -> libstore.Eelco Dolstra1-1/+1
2003-11-18 * Source tree refactoring.Eelco Dolstra1-1/+1
2003-11-09 * Turned the msg() and debug() functions into macros, since theyEelco Dolstra1-3/+3
turned out to be a huge performance bottleneck (the text to printed would always be evaluated, even when it was above the verbosity level). This reduces fix-ng execution time by over 50%. gprof(1) is very useful. :-)
2003-11-03 * Ignore options passed to the aterm library.Eelco Dolstra1-2/+5
2003-10-20 * Finished refactoring the tree.Eelco Dolstra1-0/+12
2003-10-20 * Refactored the source tree.Eelco Dolstra2-0/+94