| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2015-01-13 | Don't resolve symlinks while checking __impureHostDeps | Eelco Dolstra | 1 | -2/+5 | |
| Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix. | |||||
| 2015-01-12 | Add basic Apple sandbox support | Daniel Peebles | 1 | -17/+169 | |
| 2015-01-08 | Set /nix/store permission to 1737 | Eelco Dolstra | 1 | -15/+0 | |
| I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about). | |||||
| 2015-01-06 | Fix building on Darwin | Eelco Dolstra | 1 | -1/+4 | |
| Fixes #433. | |||||
| 2014-12-23 | Revive running builds in a PID namespace | Eelco Dolstra | 1 | -30/+59 | |
| 2014-12-12 | Silence some warnings on GCC 4.9 | Eelco Dolstra | 1 | -2/+4 | |
| 2014-12-12 | Fix some memory leaks | Eelco Dolstra | 1 | -29/+9 | |
| 2014-12-12 | Ensure we're writing to stderr in the builder | Eelco Dolstra | 1 | -3/+3 | |
| http://hydra.nixos.org/build/17862041 | |||||
| 2014-12-12 | Remove chatty message | Eelco Dolstra | 1 | -2/+0 | |
| This broke building with "-vv", because the builder is not allowed to write to stderr at this point. | |||||
| 2014-12-12 | Doh | Eelco Dolstra | 1 | -1/+1 | |
| 2014-12-10 | Don't do vfork in conjunction with setuid | Eelco Dolstra | 1 | -0/+2 | |
| 2014-12-10 | Rename function | Eelco Dolstra | 1 | -4/+4 | |
| 2014-11-24 | Build derivations in a more predictable order | Eelco Dolstra | 1 | -7/+41 | |
| Derivations are now built in order of derivation name, so a package named "aardvark" is built before "baboon". Fixes #399. | |||||
| 2014-11-24 | Don't create unnecessary substitution goals for derivations | Eelco Dolstra | 1 | -0/+5 | |
| 2014-11-17 | Fix message | Eelco Dolstra | 1 | -1/+1 | |
| 2014-11-14 | Don't use ADDR_LIMIT_3GB | Eelco Dolstra | 1 | -1/+1 | |
| This gives 32-bit builds on x86_64-linux more memory. | |||||
| 2014-11-12 | Make ~DerivationGoal more reliable | Eelco Dolstra | 1 | -7/+3 | |
| 2014-10-29 | Remove comments claiming we use a private PID namespace | Eelco Dolstra | 1 | -8/+1 | |
| This is no longer the case since 524f89f1399724e596f61faba2c6861b1bb7b9c5. | |||||
| 2014-09-17 | On Linux, disable address space randomization | Eelco Dolstra | 1 | -5/+9 | |
| 2014-09-17 | Settings: Add bool get() | Eelco Dolstra | 1 | -2/+2 | |
| 2014-08-28 | Add disallowedReferences / disallowedRequisites | Eelco Dolstra | 1 | -26/+29 | |
| For the "stdenv accidentally referring to bootstrap-tools", it seems easier to specify the path that we don't want to depend on, e.g. disallowedRequisites = [ bootstrapTools ]; | |||||
| 2014-08-28 | Introduce allowedRequisites feature | Gergely Risko | 1 | -1/+18 | |
| 2014-08-21 | fix disappearing bash arguments | Joel Taylor | 1 | -2/+7 | |
| 2014-08-21 | Use unshare() instead of clone() | Eelco Dolstra | 1 | -55/+35 | |
| It turns out that using clone() to start a child process is unsafe in a multithreaded program. It can cause the initialisation of a build child process to hang in setgroups(), as seen several times in the build farm: The reason is that Glibc thinks that the other threads of the parent exist in the child, so in setxid_mark_thread() it tries to get a futex that has been acquired by another thread just before the clone(). With fork(), Glibc runs pthread_atfork() handlers that take care of this (in particular, __reclaim_stacks()). But clone() doesn't do that. Fortunately, we can use fork()+unshare() instead of clone() to set up private namespaces. See also https://www.mail-archive.com/lxc-devel@lists.linuxcontainers.org/msg03434.html. | |||||
| 2014-08-20 | Use proper quotes everywhere | Eelco Dolstra | 1 | -87/+87 | |
| 2014-08-20 | Add some color | Eelco Dolstra | 1 | -37/+1 | |
| 2014-08-20 | Filter Nix-specific ANSI escape sequences from stderr | Eelco Dolstra | 1 | -1/+37 | |
| The Nixpkgs stdenv prints some custom escape sequences to denote nesting and stuff like that. Most terminals (e.g. xterm, konsole) ignore them, but some do not (e.g. xfce4-terminal). So for the benefit of the latter, filter them out. | |||||
| 2014-08-19 | Make hook shutdown more reliable | Eelco Dolstra | 1 | -1/+1 | |
| 2014-08-18 | Doh | Eelco Dolstra | 1 | -4/+1 | |
| 2014-08-17 | Reduce verbosity | Eelco Dolstra | 1 | -1/+2 | |
| 2014-08-17 | Propagate remote timeouts properly | Eelco Dolstra | 1 | -21/+33 | |
| 2014-08-04 | Refactor | Eelco Dolstra | 1 | -2/+2 | |
| 2014-08-04 | Add option ‘build-extra-chroot-dirs’ | Eelco Dolstra | 1 | -4/+7 | |
| This is useful for extending (rather than overriding) the default set of chroot paths. | |||||
| 2014-08-04 | Get rid of "killing <pid>" message for unused build hooks | Eelco Dolstra | 1 | -1/+1 | |
| 2014-08-01 | Remove ugly hack for detecting build environment setup errors | Eelco Dolstra | 1 | -13/+10 | |
| 2014-08-01 | Call commonChildInit() before doing chroot init | Eelco Dolstra | 1 | -4/+6 | |
| This ensures that daemon clients see error messages from the chroot setup. | |||||
| 2014-07-31 | Restore default SIGPIPE handler before invoking ‘man’ | Eelco Dolstra | 1 | -12/+0 | |
| Fixes NixOS/nixpkgs#3410. | |||||
| 2014-07-19 | Revert old useBuildHook behaviour | Eelco Dolstra | 1 | -1/+1 | |
| 2014-07-11 | Allow $NIX_BUILD_HOOK to be relative to Nix libexec directory | Eelco Dolstra | 1 | -2/+4 | |
| 2014-07-10 | Remove tabs | Eelco Dolstra | 1 | -3/+3 | |
| 2014-07-10 | Refactoring: Move all fork handling into a higher-order function | Eelco Dolstra | 1 | -50/+23 | |
| C++11 lambdas ftw. | |||||
| 2014-07-10 | Remove maybeVfork | Eelco Dolstra | 1 | -2/+2 | |
| 2014-04-03 | Fix compile errors on Illumos | Danny Wilson | 1 | -0/+1 | |
| 2014-04-03 | Make sure /dev/pts/ptmx is world-writable | Ludovic Courtès | 1 | -0/+4 | |
| While running Python 3’s test suite, we noticed that on some systems /dev/pts/ptmx is created with permissions 0 (that’s the case with my Nixpkgs-originating 3.0.43 kernel, but someone with a Debian-originating 3.10-3 reported not having this problem.) There’s still the problem that people without CONFIG_DEVPTS_MULTIPLE_INSTANCES=y are screwed (as noted in build.cc), but I don’t see how we could work around it. | |||||
| 2014-03-30 | boost::shared_ptr -> std::shared_ptr | Eelco Dolstra | 1 | -20/+26 | |
| 2014-03-29 | Fix potential segfault in waitForInput() | Eelco Dolstra | 1 | -3/+5 | |
| Since the addition of build-max-log-size, a call to handleChildOutput() can result in cancellation of a goal. This invalidated the "j" iterator in the waitForInput() loop, even though it was still used afterwards. Likewise for the maxSilentTime handling. Probably fixes #231. At least it gets rid of the valgrind warnings. | |||||
| 2014-03-29 | restoreSIGPIPE(): Fill in sa_mask | Eelco Dolstra | 1 | -0/+1 | |
| Issue #231. | |||||
| 2014-03-21 | Make /dev/kvm optional | Ludovic Courtès | 1 | -1/+4 | |
| The daemon now creates /dev deterministically (thanks!). However, it expects /dev/kvm to be present. The patch below restricts that requirement (1) to Linux-based systems, and (2) to systems where /dev/kvm already exists. I’m not sure about the way to handle (2). We could special-case /dev/kvm and create it (instead of bind-mounting it) in the chroot, so it’s always available; however, it wouldn’t help much since most likely, if /dev/kvm missing, then KVM support is missing. | |||||
| 2014-02-27 | Set up a private /dev/pts in the chroot | Eelco Dolstra | 1 | -1/+14 | |
| 2014-02-27 | Set up a minimal /dev in chroots | Eelco Dolstra | 1 | -3/+22 | |
| Not bind-mounting the /dev from the host also solves the problem with /dev/shm being a symlink to something not in the chroot. | |||||
 |
depot | |
| monorepo for the virus lounge | The Virus Lounge |
| about summary refs log tree commit diff |