Age | Commit message (Collapse) | Author | Files | Lines |
|
critical to prevent certain kinds of 0wnage.
|
|
running under that uid.
|
|
nobody else has write permission to the build result. This catches
most hack attempts.
|
|
builder. Instead, require that the Nix store has sticky permission
(S_ISVTX); everyone can created files in the Nix store, but they
cannot delete, rename or modify files created by others.
|
|
root (or setuid root), then builds will be performed under one of
the users listed in the `build-users' configuration variables. This
is to make it impossible to influence build results externally,
allowing locally built derivations to be shared safely between
users (see ASE-2005 paper).
To do: only one builder should be active per build user.
|
|
|
|
|
|
|
|
|
|
by Rob).
|
|
|
|
continue building when one fails unless `--keep-going' is
specified.
* When `--keep-going' is specified, print out the set of failing
derivations at the end (otherwise it can be hard to find out which
failed).
|
|
NAR dump of the path).
|
|
in `fetchurl' in Nix <= 0.7, but doesn't in Nix 0.8.
|
|
multiple times is also a top-level goal, then the second and later
instantiations would never be created because there would be a
stable pointer to the first one that would keep it alive in the
WeakGoalMap.
* Some tracing code for debugging this kind of problem.
|
|
|
|
|
|
* Removed some dead code (successor stuff) from nix-push.
* Updated terminology in the tests (store expr -> drv path).
* Check that the deriver is set properly in the tests.
|
|
|
|
derivation that produced them.
* `nix-store -qd PATH' prints out the derivation that produced a path.
|
|
* Fix GC and substitute bugs related to self-references. Add a
regression test.
|
|
roots to a per-process temporary file in /nix/var/nix/temproots
while holding a write lock on that file. The garbage collector
acquires read locks on all those files, thus blocking further
progress in other Nix processes, and reads the sets of temporary
roots.
|
|
though). In particular it's now much easier to register a GC root.
Just place a symlink to whatever store path it is that you want to
keep in /nix/var/nix/gcroots.
|
|
This simplifies garbage collection and `nix-store --query
--requisites' since we no longer need to treat derivations
specially.
* Better maintaining of the invariants, e.g., setReferences() can only
be called on a valid/substitutable path.
|
|
longer need the former since there we no longer have the
substitutes-rev table (which triggered a O(n^2) cost in updating
them).
|
|
invariant by registering references through the manifest.
* Added a test for nix-pull.
|
|
* Fix the substitutes tests.
|
|
|
|
back the query flag `--force-realise'.
* Fixed some of the tests.
|
|
|
|
promise :-) This allows derivations to specify on *what* output
paths of input derivations they are dependent. This helps to
prevent unnecessary downloads. For instance, a build might be
dependent on the `devel' and `lib' outputs of some library
component, but not the `docs' output.
|
|
`derivations.cc', etc.
* Store the SHA-256 content hash of store paths in the database after
they have been built/added. This is so that we can check whether
the store has been messed with (a la `rpm --verify').
* When registering path validity, verify that the closure property
holds.
|