about summary refs log tree commit diff
path: root/src/libstore
AgeCommit message (Collapse)AuthorFilesLines
2015-02-04 Require linux 3.13 or later for chrootShea Levy1-1/+6
Fixes #453
2015-01-18 Make inputs writeable in the sandbox (builds still can’t actually write ↵Daniel Peebles1-2/+7
due to user permissions)
2015-01-13 Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy1-1/+1
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 SysError -> ErrorEelco Dolstra1-1/+1
2015-01-13 Don't resolve symlinks while checking __impureHostDepsEelco Dolstra1-2/+5
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12 Add basic Apple sandbox supportDaniel Peebles1-17/+169
2015-01-08 Doh^2Eelco Dolstra1-1/+1
2015-01-08 DohEelco Dolstra1-3/+3
2015-01-08 Set /nix/store permission to 1737Eelco Dolstra2-19/+6
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-06 Fix building on DarwinEelco Dolstra1-1/+4
Fixes #433.
2014-12-29 LocalStore initialization: Don't die if build-users-group doesn't existShea Levy1-11/+12
See NixOS/nixpkgs@9245516
2014-12-23 Revive running builds in a PID namespaceEelco Dolstra1-30/+59
2014-12-14 PedantryEelco Dolstra1-1/+1
2014-12-14 Merge branch 'cygwin-master' of https://github.com/ternaris/nixEelco Dolstra2-0/+2
2014-12-13 Better error messageEelco Dolstra1-1/+1
2014-12-12 Silence some warnings on GCC 4.9Eelco Dolstra2-3/+5
2014-12-12 Shut up a Valgrind warningEelco Dolstra1-1/+1
2014-12-12 Fix some memory leaksEelco Dolstra1-29/+9
2014-12-12 Ensure we're writing to stderr in the builderEelco Dolstra3-6/+6
http://hydra.nixos.org/build/17862041
2014-12-12 Remove chatty messageEelco Dolstra1-2/+0
This broke building with "-vv", because the builder is not allowed to write to stderr at this point.
2014-12-12 DohEelco Dolstra1-1/+1
2014-12-10 Don't do vfork in conjunction with setuidEelco Dolstra1-0/+2
2014-12-10 Rename functionEelco Dolstra1-4/+4
2014-12-10 Don't wait for PID -1Eelco Dolstra1-1/+2
The pid field can be -1 if forking the substituter process failed.
2014-12-09 Explicitly include required C headersMarko Durkovic2-0/+2
2014-11-24 Build derivations in a more predictable orderEelco Dolstra1-7/+41
Derivations are now built in order of derivation name, so a package named "aardvark" is built before "baboon". Fixes #399.
2014-11-24 Don't create unnecessary substitution goals for derivationsEelco Dolstra1-0/+5
2014-11-19 Disable vacuuming the DB after garbage collectionEelco Dolstra1-1/+1
Especially in WAL mode on a highly loaded machine, this is not a good idea because it results in a WAL file of approximately the same size ad the database, which apparently cannot be deleted while anybody is accessing it.
2014-11-19 Clean up temp roots in a more C++ wayEelco Dolstra3-26/+13
2014-11-17 Fix messageEelco Dolstra1-1/+1
2014-11-14 Don't use ADDR_LIMIT_3GBEelco Dolstra1-1/+1
This gives 32-bit builds on x86_64-linux more memory.
2014-11-12 Make ~DerivationGoal more reliableEelco Dolstra1-7/+3
2014-11-04 nix-store --gc: Don't warn about missing manifests directoryEelco Dolstra1-1/+2
2014-10-31 Improve error message if the daemon worker fails to startEelco Dolstra1-2/+1
2014-10-29 Remove comments claiming we use a private PID namespaceEelco Dolstra1-8/+1
This is no longer the case since 524f89f1399724e596f61faba2c6861b1bb7b9c5.
2014-10-14 Improved error message when encountering unsupported file typesEelco Dolstra1-3/+3
Fixes #269.
2014-10-03 Remove some duplicate codeEelco Dolstra1-6/+2
2014-09-18 Update spec fileEelco Dolstra1-1/+1
http://hydra.nixos.org/build/14344391
2014-09-18 Install some pkgconfig filesEelco Dolstra2-0/+11
2014-09-17 On Linux, disable address space randomizationEelco Dolstra1-5/+9
2014-09-17 Settings: Add bool get()Eelco Dolstra3-2/+12
2014-09-01 Add an 'optimiseStore' remote procedure call.Ludovic Courtès6-1/+34
2014-08-28 Add disallowedReferences / disallowedRequisitesEelco Dolstra1-26/+29
For the "stdenv accidentally referring to bootstrap-tools", it seems easier to specify the path that we don't want to depend on, e.g. disallowedRequisites = [ bootstrapTools ];
2014-08-28 Introduce allowedRequisites featureGergely Risko1-1/+18
2014-08-21 fix disappearing bash argumentsJoel Taylor1-2/+7
2014-08-21 Use unshare() instead of clone()Eelco Dolstra1-55/+35
It turns out that using clone() to start a child process is unsafe in a multithreaded program. It can cause the initialisation of a build child process to hang in setgroups(), as seen several times in the build farm: The reason is that Glibc thinks that the other threads of the parent exist in the child, so in setxid_mark_thread() it tries to get a futex that has been acquired by another thread just before the clone(). With fork(), Glibc runs pthread_atfork() handlers that take care of this (in particular, __reclaim_stacks()). But clone() doesn't do that. Fortunately, we can use fork()+unshare() instead of clone() to set up private namespaces. See also https://www.mail-archive.com/lxc-devel@lists.linuxcontainers.org/msg03434.html.
2014-08-20 Use proper quotes everywhereEelco Dolstra11-234/+234
2014-08-20 Add some colorEelco Dolstra1-37/+1
2014-08-20 Filter Nix-specific ANSI escape sequences from stderrEelco Dolstra1-1/+37
The Nixpkgs stdenv prints some custom escape sequences to denote nesting and stuff like that. Most terminals (e.g. xterm, konsole) ignore them, but some do not (e.g. xfce4-terminal). So for the benefit of the latter, filter them out.
2014-08-19 Make hook shutdown more reliableEelco Dolstra1-1/+1
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-10T09·52+0000