Age | Commit message (Collapse) | Author | Files | Lines |
|
under the references relation. This is useful for commands that
want to copy paths to another Nix store in the right order.
|
|
|
|
always requires a signature on the archive. This is to ensure that
unprivileged users cannot add Trojan horses to the Nix store.
|
|
|
|
* exportPath(): lock the path, use a transaction.
|
|
--export' into the Nix store, and optionally check the cryptographic
signatures against /nix/etc/nix/signing-key.pub. (TODO: verify
against a set of public keys.)
|
|
in /nix/etc/nix/signing-key.sec
|
|
path. This is like `nix-store --dump', only it also dumps the
meta-information of the store path (references, deriver). Will add
a `--sign' flag later to add a cryptographic signature, which we
will use for exchanging store paths between build farm machines in a
secure manner.
|
|
|
|
|
|
computing the store path (NIX-77). This is an important security
property in multi-user Nix stores.
Note that this changes the store paths of derivations (since the
derivation aterms are added using addTextToStore), but not most
outputs (unless they use builtins.toFile).
|
|
|
|
important to get garbage collection to work if there is any
inconsistency in the database (because the referrer table is used to
determine whether it is safe to delete a path).
* `nix-store --verify': show some progress.
|
|
errors: in-use paths now cause a warning, not a fatal error.
|
|
from a source directory. All files for which a predicate function
returns true are copied to the store. Typical example is to leave
out the .svn directory:
stdenv.mkDerivation {
...
src = builtins.filterSource
(path: baseNameOf (toString path) != ".svn")
./source-dir;
# as opposed to
# src = ./source-dir;
}
This is important because the .svn directory influences the hash in
a rather unpredictable and variable way.
|
|
matters when running as root, since then we don't use the setuid
helper (which already used lchown()).
* Also check for an obscure security problem on platforms that don't
have lchown. Then we can't change the ownership of symlinks, which
doesn't matter *except* when the containing directory is writable by
the owner (which is the case with the top-level Nix store directory).
|
|
|
|
very carefully, since it can invalidate iterators into the
`children' map.
|
|
* Throw more exceptions as BuildErrors instead of Errors. This
matters when --keep-going is turned on. (A BuildError is caught
and terminates the goal in question, an Error terminates the
program.)
|
|
seconds without producing output on stdout or stderr (NIX-65). This
timeout can be specified using the `--max-silent-time' option or the
`build-max-silent-time' configuration setting. The default is
infinity (0).
* Fix a tricky race condition: if we kill the build user before the
child has done its setuid() to the build user uid, then it won't be
killed, and we'll potentially lock up in pid.wait(). So also send a
conventional kill to the child.
|
|
in case of failure.
|
|
|
|
back to the Nix account.
|
|
|
|
since if we're running a build user in non-root mode, we can't. Let
the setuid helper do it.
|
|
processes before and after the build.
|
|
ownership, then try again.
|
|
ownership of the build result after the build.
|
|
deleting them using the setuid helper.
|
|
|
|
builder under the desired build user.
|
|
|
|
|
|
`build-users-group'. This makes configuration easier: you can just
add users in /etc/group.
|
|
that have to be done as root: running builders under different uids,
changing ownership of build results, and deleting paths in the store
with the wrong ownership).
|
|
|
|
changes completely depending on whether you're root...
|
|
|
|
|
|
`nix-store --delete'. But unprivileged users are not allowed to
ignore liveness.
* `nix-store --delete --ignore-liveness': ignore the runtime roots as
well.
|
|
process, so forward the operation.
* Spam the user about GC misconfigurations (NIX-71).
* findRoots: skip all roots that are unreadable - the warnings with
which we spam the user should be enough.
|
|
the store path (inside the store).
|
|
found by the garbage collector. This addresses NIX-71 and is a
particular concern in multi-user stores.
|
|
processes can register indirect roots. Of course, there is still
the problem that the garbage collector can only read the targets of
the indirect roots when it's running as root...
|
|
|
|
* SIGIO -> SIGPOLL (POSIX calls it that).
* Use sigaction instead of signal to register the SIGPOLL handler.
Sigaction is better defined, and a handler registered with signal
appears not to interrupt fcntl(..., F_SETLKW, ...), which is bad.
|
|
via the Unix domain socket in /nix/var/nix/daemon.socket. The
server forks a worker process per connection.
* readString(): use the heap, not the stack.
* Some protocol fixes.
|
|
instead of forking a worker.
|
|
|
|
|