about summary refs log tree commit diff
path: root/src/libstore
AgeCommit message (Collapse)AuthorFilesLines
2006-12-06 * Get rid of `build-users'. We'll just take all the members ofEelco Dolstra1-35/+53
`build-users-group'. This makes configuration easier: you can just add users in /etc/group.
2006-12-06 * Start of the setuid helper (the program that performs the operationsEelco Dolstra1-3/+4
that have to be done as root: running builders under different uids, changing ownership of build results, and deleting paths in the store with the wrong ownership).
2006-12-05 * Be less chatty.Eelco Dolstra1-2/+2
2006-12-05 * Urgh. Do setgid() before setuid(), because the semantics of setgid() Eelco Dolstra1-4/+4
changes completely depending on whether you're root...
2006-12-05 * FreeBSD returns ESRCH when there are no processes to kill.Eelco Dolstra1-4/+8
2006-12-05 * Better message.Eelco Dolstra1-1/+1
2006-12-05 * Allow unprivileged users to run the garbage collector and to doEelco Dolstra10-49/+81
`nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * `nix-store --delete --ignore-liveness': ignore the runtime roots as well.
2006-12-05 * The determination of the root set should be made by the privilegedEelco Dolstra6-60/+124
process, so forward the operation. * Spam the user about GC misconfigurations (NIX-71). * findRoots: skip all roots that are unreadable - the warnings with which we spam the user should be enough.
2006-12-05 * findRoots: return a map from the symlink (outside of the store) toEelco Dolstra1-11/+16
the store path (inside the store).
2006-12-05 * In addPermRoot, check that the root that we just registered can beEelco Dolstra1-17/+41
found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores.
2006-12-04 * Add indirect root registration to the protocol so that unprivilegedEelco Dolstra6-6/+32
processes can register indirect roots. Of course, there is still the problem that the garbage collector can only read the targets of the indirect roots when it's running as root...
2006-12-04 * Don't redirect stderr.Eelco Dolstra1-6/+0
2006-12-04 * Handle exceptions and stderr for all protocol functions.Eelco Dolstra1-0/+10
* SIGIO -> SIGPOLL (POSIX calls it that). * Use sigaction instead of signal to register the SIGPOLL handler. Sigaction is better defined, and a handler registered with signal appears not to interrupt fcntl(..., F_SETLKW, ...), which is bad.
2006-12-04 * Daemon mode (`nix-worker --daemon'). Clients connect to the serverEelco Dolstra1-1/+2
via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes.
2006-12-04 * When NIX_REMOTE=daemon, connect to /nix/var/nix/daemon.socketEelco Dolstra3-8/+37
instead of forking a worker.
2006-12-04 * Refactoring.Eelco Dolstra3-17/+33
2006-12-04 * Pass the verbosity level to the worker.Eelco Dolstra1-2/+8
2006-12-04 * Install the worker in bindir, not libexecdir.Eelco Dolstra3-1/+8
* Allow the worker path to be overriden through the NIX_WORKER environment variable.
2006-12-03 * Don't run setuid root when build-users is empty.Eelco Dolstra1-0/+1
* Send startup errors to the client.
2006-12-03 * Removed `build-allow-root'.Eelco Dolstra2-21/+29
* Added `build-users-group', the group under which builds are to be performed. * Check that /nix/store has 1775 permission and is owner by the build-users-group.
2006-12-03 * Use a Unix domain socket instead of pipes.Eelco Dolstra2-15/+18
2006-12-03 * Better error message if the worker doesn't start.Eelco Dolstra1-4/+8
2006-12-03 * Some hackery to propagate the worker's stderr and exceptions to theEelco Dolstra4-8/+44
client.
2006-12-02 * Move addTempRoot() to the store API, and add another functionEelco Dolstra8-13/+64
syncWithGC() to allow clients to register GC roots without needing write access to the global roots directory or the GC lock.
2006-12-02 * Remove SwitchToOriginalUser, we're not going to need it anymore.Eelco Dolstra3-20/+4
2006-12-02 * Remove queryPathHash().Eelco Dolstra1-1/+4
* Help for nix-worker.
2006-12-01 * Replace read-only calls to addTextToStore.Eelco Dolstra1-2/+6
2006-12-01 * Merge addToStore and addToStoreFixed.Eelco Dolstra7-80/+30
* addToStore now adds unconditionally, it doesn't use readOnlyMode. Read-only operation is up to the caller (who can call computeStorePathForPath).
2006-12-01 * More operations.Eelco Dolstra4-31/+95
* addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-11-30 * More remote operations.Eelco Dolstra8-33/+63
* Added new operation hasSubstitutes(), which is more efficient than querySubstitutes().size() > 0.
2006-11-30 * Doh.Eelco Dolstra1-1/+1
2006-11-30 * More operations.Eelco Dolstra2-8/+23
2006-11-30 * First remote operation: isValidPath().Eelco Dolstra3-5/+32
2006-11-30 * When NIX_REMOTE is set to "slave", fork off nix-worker in slaveEelco Dolstra3-1/+65
mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure.
2006-11-30 * Skeleton of the privileged worker program.Eelco Dolstra1-2/+2
* Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation.
2006-11-30 * Oops.Eelco Dolstra2-0/+135
2006-11-30 * Skeleton of remote store implementation.Eelco Dolstra3-5/+13
2006-11-30 * Put building in the store API.Eelco Dolstra7-37/+24
2006-11-30 * Refactoring. There is now an abstract interface class StoreAPIEelco Dolstra10-310/+428
containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-24 * Doh! Path sizes need to be computed recursively of course.Eelco Dolstra1-6/+2
(NIX-70)
2006-11-24 * Dead files.Eelco Dolstra2-12/+0
2006-11-13 * Remove the undocumented `noscan' feature. It's no longer necessaryEelco Dolstra1-15/+12
now that reference scanning is sufficiently streamy.
2006-11-13 * Magic attribute `exportReferencesGraph' that allows the referencesEelco Dolstra2-20/+60
graph to be passed to a builder. This attribute should be a list of pairs [name1 path1 name2 path2 ...]. The references graph of each `pathN' will be stored in a text file `nameN' in the temporary build directory. The text files have the format used by `nix-store --register-validity'. However, the deriver fields are left empty. `exportReferencesGraph' is useful for builders that want to do something with the closure of a store path. Examples: the builders that make initrds and ISO images for NixOS. `exportReferencesGraph' is entirely pure. It's necessary because otherwise the only way for a builder to get this information would be to call `nix-store' directly, which is not allowed (though unfortunately possible).
2006-10-28 * `nix-store --read-log / -l PATH' shows the build log of PATH, ifEelco Dolstra2-1/+4
available. For instance, $ nix-store -l $(which svn) | less lets you read the build log of the Subversion instance in your profile. * `nix-store -qb': if applied to a non-derivation, take the deriver.
2006-10-19 * Special derivation attribute `allowedReferences' that causes Nix toEelco Dolstra1-0/+31
check that the references of the output of a derivation are in the specified set. For instance, allowedReferences = []; specifies that the output cannot have any references. (This is useful, for instance, for the generation of bootstrap binaries for stdenv-linux, which must not have any references for purity). It could also be used to guard against undesired runtime dependencies, e.g., {gcc, dynlib}: derivation { ... allowedReferences = [dynlib]; } says that the output can refer to the path of `dynlib' but not `gcc'. A `forbiddedReferences' attribute would be more useful for this, though.
2006-10-16 * Big cleanup of the semantics of paths, strings, contexts, stringEelco Dolstra1-12/+2
concatenation and string coercion. This was a big mess (see e.g. NIX-67). Contexts are now folded into strings, so that they don't cause evaluation errors when they're not expected. The semantics of paths has been clarified (see nixexpr-ast.def). toString() and coerceToString() have been merged. Semantic change: paths are now copied to the store when they're in a concatenation (and in most other situations - that's the formalisation of the meaning of a path). So "foo " + ./bla evaluates to "foo /nix/store/hash...-bla", not "foo /path/to/current-dir/bla". This prevents accidental impurities, and is more consistent with the treatment of derivation outputs, e.g., `"foo " + bla' where `bla' is a derivation. (Here `bla' would be replaced by the output path of `bla'.)
2006-10-13 * A helpful message.Eelco Dolstra1-0/+2
2006-10-13 * Don't crash when upgrading the Berkeley DB environment.Eelco Dolstra1-1/+6
2006-09-22 * Use a bounded amount of memory in scanForReferences() by not readingEelco Dolstra1-9/+26
regular files into memory all at once.
2006-09-22 * Don't allocate the buffer twice.Eelco Dolstra1-7/+9