about summary refs log tree commit diff
path: root/src/libstore
AgeCommit message (Collapse)AuthorFilesLines
2017-07-11 fetchTarball: Prevent concurrent downloads of the same fileEelco Dolstra1-0/+4
Fixes #849.
2017-07-07 Merge pull request #1445 from matthewbauer/macos-skip-hardlinkEelco Dolstra1-0/+14
Don’t hardlink disallowed paths in OS X.
2017-07-06 Don’t hardlink disallowed paths in OS X.Matthew Bauer1-0/+14
Fixes #1443
2017-07-04 Add X32 to the seccomp filterEelco Dolstra1-0/+4
Fixes #1432.
2017-07-04 Sort substituters by priorityEelco Dolstra3-0/+11
Fixes #1438.
2017-07-04 getDefaultSubstituters(): Simplify initialisationEelco Dolstra1-20/+14
As shlevy pointed out, static variables in C++11 have thread-safe initialisation.
2017-07-04 Add allow-new-privileges optionEelco Dolstra2-0/+9
This allows builds to call setuid binaries. This was previously possible until we started using seccomp. Turns out that seccomp by default disallows processes from acquiring new privileges. Generally, any use of setuid binaries (except those created by the builder itself) is by definition impure, but some people were relying on this ability for certain tests. Example: $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines: cannot raise the capability into the Ambient set : Operation not permitted $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms Fixes #1429.
2017-07-04 Support base-64 hashesEelco Dolstra12-44/+33
Also simplify the Hash API. Fixes #1437.
2017-07-03 Replace a few bool flags with enumsEelco Dolstra14-123/+116
Functions like copyClosure() had 3 bool arguments, which creates a severe risk of mixing up arguments. Also, implement copyClosure() using copyPaths().
2017-06-20 Call SetDllDirectory("") after sqlite3 init on cygwinDavid McFarland1-0/+14
Cygwin sqlite3 is patched to call SetDllDirectory("/usr/bin") on init, which affects the current process and is inherited by child processes. It causes DLLs to be loaded from /usr/bin/ before $PATH, which breaks all sorts of things. A typical failures would be header/lib version mismatches (e.g. openssl when running checkPhase on openssh). We'll just set it back to the default value. Note that this is a problem with the cygwin version of sqlite3 (currently 3.18.0). nixpkgs doesn't have the problematic patch.
2017-06-19 Disable use of virtual hosting in aws-sdk-cppEelco Dolstra1-1/+1
Recently aws-sdk-cpp quietly switched to using S3 virtual host URIs (https://github.com/aws/aws-sdk-cpp/commit/69d9c53882), i.e. it sends requests to http://<bucket>.<region>.s3.amazonaws.com rather than http://<region>.s3.amazonaws.com/<bucket>. However this interacts badly with curl connection reuse. For example, if we do the following: 1) Check whether a bucket exists using GetBucketLocation. 2) If it doesn't, create it using CreateBucket. 3) Do operations on the bucket. then 3) will fail for a minute or so with a NoSuchBucket exception, presumably because the server being hit is a fallback for cases when buckets don't exist. Disabling the use of virtual hosts ensures that 3) succeeds immediately. (I don't know what S3's consistency guarantees are for bucket creation, but in practice buckets appear to be available immediately.)
2017-06-19 Support creating S3 caches in other regions than us-east-1Eelco Dolstra1-4/+10
2017-06-19 Handle S3Errors::RESOURCE_NOT_FOUND from aws-sdk-cppEelco Dolstra1-2/+4
This is returned by recent versions. Also handle NO_SUCH_KEY even though the library doesn't actually return that at the moment.
2017-06-19 Suppress "will retry in N ms" for non-retriable errorsEelco Dolstra1-5/+6
Newer versions of aws-sdk-cpp call CalculateDelayBeforeNextRetry() even for non-retriable errors (like NoSuchKey) whih causes log spam in hydra-queue-runner.
2017-06-19 Show aws-sdk-cpp log messagesEelco Dolstra1-0/+22
2017-06-19 macOS: Ugly hack to make the tests succeedEelco Dolstra1-3/+2
Sandboxes cannot be nested, so if Nix's build runs inside a sandbox, it cannot use a sandbox itself. I don't see a clean way to detect whether we're in a sandbox, so use a test-specific hack. https://github.com/NixOS/nix/issues/1413
2017-06-19 macOS: Remove flagsEelco Dolstra1-0/+10
In particular, UF_IMMUTABLE (uchg) needs to be cleared to allow the path to be garbage-collected or optimised. See https://github.com/NixOS/nixpkgs/issues/25819. + the file from being garbage-collected.
2017-06-14 Remove redundant debug lineEelco Dolstra1-2/+0
2017-06-14 canonicalisePathMetaData(): Ignore security.selinux attributeEelco Dolstra1-2/+6
Untested, hopefully fixes #1406.
2017-06-12 Provide a builtin default for $NIX_SSL_CERT_FILEEelco Dolstra2-4/+13
This is mostly to ensure that when Nix is started on macOS via a launchd service or sshd (for a remote build), it gets a certificate bundle.
2017-06-12 Don't run pre-build-hook if we don't have a derivationEelco Dolstra1-1/+1
This fixes a build failure on OS X when using Hydra or Nix 1.12's build-remote (since they don't copy the derivation to the build machine).
2017-06-07 Don't show flags from config settings in "nix --help"Eelco Dolstra1-4/+16
2017-06-07 nix: Make all options available as flagsEelco Dolstra1-0/+7
Thus, instead of ‘--option <name> <value>’, you can write ‘--<name> <value>’. So --option http-connections 100 becomes --http-connections 100 Apart from brevity, the difference is that it's not an error to set a non-existent option via --option, but unrecognized arguments are fatal. Boolean options have special treatment: they're mapped to the argument-less flags ‘--<name>’ and ‘--no-<name>’. E.g. --option auto-optimise-store false becomes --no-auto-optimise-store
2017-06-06 Disable the build user mechanism on all platforms except Linux and OS XEelco Dolstra1-0/+6
2017-06-06 Always use the Darwin sandboxEelco Dolstra4-83/+98
Even with "build-use-sandbox = false", we now use sandboxing with a permissive profile that allows everything except the creation of setuid/setgid binaries.
2017-05-31 Remove listxattr assertionEelco Dolstra1-2/+0
It appears that sometimes, listxattr() returns a different value for the query case (i.e. when the buffer size is 0).
2017-05-31 OS X sandbox: Improve builtin sandbox profileEelco Dolstra4-59/+76
Also, add rules to allow fixed-output derivations to access the network. These rules are sufficient to build stdenvDarwin without any __sandboxProfile magic.
2017-05-31 OS X sandbox: Don't use a deterministic $TMPDIREelco Dolstra1-3/+0
This doesn't work because the OS X sandbox cannot bind-mount path to a different location.
2017-05-31 OS X sandbox: Store .sb file in $TMPDIR rather than the Nix storeEelco Dolstra1-4/+1
The filename used was not unique and owned by the build user, so builds could fail with error: while setting up the build environment: cannot unlink ‘/nix/store/99i210ihnsjacajaw8r33fmgjvzpg6nr-bison-3.0.4.drv.sb’: Permission denied
2017-05-30 Darwin sandbox: Use sandbox-defaults.sbEelco Dolstra4-14/+17
Issue #759. Also, remove nix.conf from the sandbox since I don't really see a legitimate reason for builders to access the Nix configuration.
2017-05-30 Darwin sandbox: Disallow creating setuid/setgid binariesEelco Dolstra1-0/+4
Suggested by Daiderd Jordan.
2017-05-30 Fix seccomp build failure on clangEelco Dolstra1-3/+3
Fixes src/libstore/build.cc:2321:45: error: non-constant-expression cannot be narrowed from type 'int' to 'scmp_datum_t' (aka 'unsigned long') in initializer list [-Wc++11-narrowing]
2017-05-30 Shut up some clang warningsEelco Dolstra1-7/+7
2017-05-30 Add a seccomp rule to disallow setxattr()Eelco Dolstra1-1/+9
2017-05-30 canonicalisePathMetaData(): Remove extended attributes / ACLsEelco Dolstra1-0/+22
EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an ACL allows a builder to create writable files in the Nix store. So get rid of them. Closes #185.
2017-05-30 Require seccomp only in multi-user setupsEelco Dolstra1-1/+5
2017-05-29 Fix seccomp initialisation on i686-linuxEelco Dolstra1-1/+2
2017-05-29 Add a seccomp filter to prevent creating setuid/setgid binariesEelco Dolstra2-0/+43
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann.
2017-05-29 Fix nix-copy-closure testEelco Dolstra1-0/+1
Fixes client# error: size mismatch importing path ‘/nix/store/ywf5fihjlxwijm6ygh6s0a353b5yvq4d-libidn2-0.16’; expected 0, got 120264 This is mostly an artifact of the NixOS VM test environment, where the Nix database doesn't contain hashes/sizes. http://hydra.nixos.org/build/53537471
2017-05-29 Fix typoEelco Dolstra1-1/+1
2017-05-24 Merge branch 'nar-accessor-tree' of https://github.com/bennofs/nixEelco Dolstra1-33/+75
2017-05-16 Improve progress indicatorEelco Dolstra9-51/+45
2017-05-15 nar-accessor.cc: remove unused member NarIndexer::currentNameBenno Fünfstück1-2/+1
2017-05-15 nar-accessor: non-recursive NarMember::findBenno Fünfstück1-21/+21
This avoids a possible stack overflow if directories are very deeply nested.
2017-05-15 Simplify fixed-output checkEelco Dolstra1-6/+2
2017-05-15 Add --with-sandbox-shell configure flagEelco Dolstra2-3/+3
And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores.
2017-05-15 Linux sandbox: Don't barf on invalid pathsEelco Dolstra1-0/+1
This is useful when we're using a diverted store (e.g. "--store local?root=/tmp/nix") in conjunction with a statically-linked sh from the host store (e.g. "sandbox-paths =/bin/sh=/nix/store/.../bin/busybox").
2017-05-15 nar-accessor: use tree, fixes readDirectory missing childrenBenno Fünfstück1-33/+76
Previously, if a directory `foo` existed and a file `foo-` (where `-` is any character that is sorted before `/`), then `readDirectory` would return an empty list. To fix this, we now use a tree where we can just access the children of the node, and do not need to rely on sorting behavior to list the contents of a directory.
2017-05-11 Add an option for extending the user agent headerEelco Dolstra2-1/+6
This is useful e.g. for distinguishing traffic to a binary cache (e.g. certain machines can use a different tag in the user agent).
2017-05-11 Fix typoEelco Dolstra1-1/+1