about summary refs log tree commit diff
path: root/src/libstore/build.cc
AgeCommit message (Collapse)AuthorFilesLines
2015-01-13 Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy1-1/+1
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 SysError -> ErrorEelco Dolstra1-1/+1
2015-01-13 Don't resolve symlinks while checking __impureHostDepsEelco Dolstra1-2/+5
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12 Add basic Apple sandbox supportDaniel Peebles1-17/+169
2015-01-08 Set /nix/store permission to 1737Eelco Dolstra1-15/+0
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-06 Fix building on DarwinEelco Dolstra1-1/+4
Fixes #433.
2014-12-23 Revive running builds in a PID namespaceEelco Dolstra1-30/+59
2014-12-12 Silence some warnings on GCC 4.9Eelco Dolstra1-2/+4
2014-12-12 Fix some memory leaksEelco Dolstra1-29/+9
2014-12-12 Ensure we're writing to stderr in the builderEelco Dolstra1-3/+3
http://hydra.nixos.org/build/17862041
2014-12-12 Remove chatty messageEelco Dolstra1-2/+0
This broke building with "-vv", because the builder is not allowed to write to stderr at this point.
2014-12-12 DohEelco Dolstra1-1/+1
2014-12-10 Don't do vfork in conjunction with setuidEelco Dolstra1-0/+2
2014-12-10 Rename functionEelco Dolstra1-4/+4
2014-11-24 Build derivations in a more predictable orderEelco Dolstra1-7/+41
Derivations are now built in order of derivation name, so a package named "aardvark" is built before "baboon". Fixes #399.
2014-11-24 Don't create unnecessary substitution goals for derivationsEelco Dolstra1-0/+5
2014-11-17 Fix messageEelco Dolstra1-1/+1
2014-11-14 Don't use ADDR_LIMIT_3GBEelco Dolstra1-1/+1
This gives 32-bit builds on x86_64-linux more memory.
2014-11-12 Make ~DerivationGoal more reliableEelco Dolstra1-7/+3
2014-10-29 Remove comments claiming we use a private PID namespaceEelco Dolstra1-8/+1
This is no longer the case since 524f89f1399724e596f61faba2c6861b1bb7b9c5.
2014-09-17 On Linux, disable address space randomizationEelco Dolstra1-5/+9
2014-09-17 Settings: Add bool get()Eelco Dolstra1-2/+2
2014-08-28 Add disallowedReferences / disallowedRequisitesEelco Dolstra1-26/+29
For the "stdenv accidentally referring to bootstrap-tools", it seems easier to specify the path that we don't want to depend on, e.g. disallowedRequisites = [ bootstrapTools ];
2014-08-28 Introduce allowedRequisites featureGergely Risko1-1/+18
2014-08-21 fix disappearing bash argumentsJoel Taylor1-2/+7
2014-08-21 Use unshare() instead of clone()Eelco Dolstra1-55/+35
It turns out that using clone() to start a child process is unsafe in a multithreaded program. It can cause the initialisation of a build child process to hang in setgroups(), as seen several times in the build farm: The reason is that Glibc thinks that the other threads of the parent exist in the child, so in setxid_mark_thread() it tries to get a futex that has been acquired by another thread just before the clone(). With fork(), Glibc runs pthread_atfork() handlers that take care of this (in particular, __reclaim_stacks()). But clone() doesn't do that. Fortunately, we can use fork()+unshare() instead of clone() to set up private namespaces. See also https://www.mail-archive.com/lxc-devel@lists.linuxcontainers.org/msg03434.html.
2014-08-20 Use proper quotes everywhereEelco Dolstra1-87/+87
2014-08-20 Add some colorEelco Dolstra1-37/+1
2014-08-20 Filter Nix-specific ANSI escape sequences from stderrEelco Dolstra1-1/+37
The Nixpkgs stdenv prints some custom escape sequences to denote nesting and stuff like that. Most terminals (e.g. xterm, konsole) ignore them, but some do not (e.g. xfce4-terminal). So for the benefit of the latter, filter them out.
2014-08-19 Make hook shutdown more reliableEelco Dolstra1-1/+1
2014-08-18 DohEelco Dolstra1-4/+1
2014-08-17 Reduce verbosityEelco Dolstra1-1/+2
2014-08-17 Propagate remote timeouts properlyEelco Dolstra1-21/+33
2014-08-04 RefactorEelco Dolstra1-2/+2
2014-08-04 Add option ‘build-extra-chroot-dirs’Eelco Dolstra1-4/+7
This is useful for extending (rather than overriding) the default set of chroot paths.
2014-08-04 Get rid of "killing <pid>" message for unused build hooksEelco Dolstra1-1/+1
2014-08-01 Remove ugly hack for detecting build environment setup errorsEelco Dolstra1-13/+10
2014-08-01 Call commonChildInit() before doing chroot initEelco Dolstra1-4/+6
This ensures that daemon clients see error messages from the chroot setup.
2014-07-31 Restore default SIGPIPE handler before invoking ‘man’Eelco Dolstra1-12/+0
Fixes NixOS/nixpkgs#3410.
2014-07-19 Revert old useBuildHook behaviourEelco Dolstra1-1/+1
2014-07-11 Allow $NIX_BUILD_HOOK to be relative to Nix libexec directoryEelco Dolstra1-2/+4
2014-07-10 Remove tabsEelco Dolstra1-3/+3
2014-07-10 Refactoring: Move all fork handling into a higher-order functionEelco Dolstra1-50/+23
C++11 lambdas ftw.
2014-07-10 Remove maybeVforkEelco Dolstra1-2/+2
2014-04-03 Fix compile errors on IllumosDanny Wilson1-0/+1
2014-04-03 Make sure /dev/pts/ptmx is world-writableLudovic Courtès1-0/+4
While running Python 3’s test suite, we noticed that on some systems /dev/pts/ptmx is created with permissions 0 (that’s the case with my Nixpkgs-originating 3.0.43 kernel, but someone with a Debian-originating 3.10-3 reported not having this problem.) There’s still the problem that people without CONFIG_DEVPTS_MULTIPLE_INSTANCES=y are screwed (as noted in build.cc), but I don’t see how we could work around it.
2014-03-30 boost::shared_ptr -> std::shared_ptrEelco Dolstra1-20/+26
2014-03-29 Fix potential segfault in waitForInput()Eelco Dolstra1-3/+5
Since the addition of build-max-log-size, a call to handleChildOutput() can result in cancellation of a goal. This invalidated the "j" iterator in the waitForInput() loop, even though it was still used afterwards. Likewise for the maxSilentTime handling. Probably fixes #231. At least it gets rid of the valgrind warnings.
2014-03-29 restoreSIGPIPE(): Fill in sa_maskEelco Dolstra1-0/+1
Issue #231.
2014-03-21 Make /dev/kvm optionalLudovic Courtès1-1/+4
The daemon now creates /dev deterministically (thanks!). However, it expects /dev/kvm to be present. The patch below restricts that requirement (1) to Linux-based systems, and (2) to systems where /dev/kvm already exists. I’m not sure about the way to handle (2). We could special-case /dev/kvm and create it (instead of bind-mounting it) in the chroot, so it’s always available; however, it wouldn’t help much since most likely, if /dev/kvm missing, then KVM support is missing.