Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2015-11-24 | Merge pull request #704 from ysangkok/freebsd-support | Eelco Dolstra | 2 | -1/+3 | |
FreeBSD support with knowledge about Linux emulation | |||||
2015-11-21 | reintroduce host deps in tandem with sandbox profiles | Jude Taylor | 1 | -2/+1 | |
2015-11-21 | Revert "remove sandbox-defaults.sb" | Shea Levy | 2 | -0/+64 | |
As discussed in NixOS/nixpkgs#11001, we still need some of the old sandbox mechanism. This reverts commit d760c2638c9e1f4b8cd9b4ec90d68bf0c76a800b. | |||||
2015-11-19 | re-fix permissions for GHC | Jude Taylor | 1 | -2/+5 | |
2015-11-19 | Merge branch 'sandbox-profiles' of git://github.com/pikajude/nix | Shea Levy | 3 | -84/+28 | |
Temporarily allow derivations to describe their full sandbox profile. This will be eventually scaled back to a more secure setup, see the discussion at #695 | |||||
2015-11-19 | src/libstore/build.cc: clarify error message for hash mismatches | Peter Simons | 1 | -1/+1 | |
Nix reports a hash mismatch saying: output path ‘foo’ should have sha256 hash ‘abc’, instead has ‘xyz’ That message is slightly ambiguous and some people read that statement to mean the exact opposite of what it is supposed to mean. After this patch, the message will be: Nix expects output path ‘foo’ to have sha256 hash ‘abc’, instead it has ‘xyz’ | |||||
2015-11-17 | FreeBSD can build Linux 32-bit binaries | janus | 1 | -0/+2 | |
2015-11-16 | AutoDelete: Add default constructor with deletion disabled | Shea Levy | 1 | -1/+1 | |
2015-11-15 | Use AutoDelete for sandbox profile file | Shea Levy | 1 | -5/+14 | |
2015-11-14 | simplify build.cc using modern C++ features | Jude Taylor | 1 | -33/+31 | |
2015-11-14 | simplify build permissions | Jude Taylor | 1 | -13/+3 | |
2015-11-14 | remove sandbox-defaults.sb | Jude Taylor | 2 | -64/+0 | |
2015-11-14 | use per-derivation sandbox profiles | Jude Taylor | 1 | -28/+39 | |
2015-11-09 | Add option to verify build determinism | Eelco Dolstra | 2 | -12/+64 | |
Passing "--option build-repeat <N>" will cause every build to be repeated N times. If the build output differs between any round, the build is rejected, and the output paths are not registered as valid. This is primarily useful to verify build determinism. (We already had a --check option to repeat a previously succeeded build. However, with --check, non-deterministic builds are registered in the DB. Preventing that is useful for Hydra to ensure that non-deterministic builds don't end up getting published at all.) | |||||
2015-11-09 | Revert "Allow using /bin and /usr/bin as impure prefixes on non-darwin by ↵ | Eelco Dolstra | 1 | -1/+1 | |
default" This reverts commit 79ca5033329053caa364bb2f7e50953f859cc97f. Ouch, never noticed this. We definitely don't want to allow builds to have arbitrary access to /bin and /usr/bin, because then they can (for instance) bring in a bunch of setuid programs. Also, we shouldn't be encouraging the use of impurities in the default configuration. | |||||
2015-11-09 | optimizePath(): Detect some .links corruption | Eelco Dolstra | 1 | -2/+9 | |
If automatic store optimisation is enabled, and a hard-linked file in the store gets corrupted, then the corresponding .links entry will also be corrupted. In that case, trying to repair with --repair or --repair-path won't work, because the new "good" file will be replaced by a hard link to the corrupted file. We can catch most of these cases by doing a sanity-check on the file sizes. | |||||
2015-11-03 | fix syntax error | Jude Taylor | 1 | -1/+1 | |
2015-11-03 | darwin: allow reading system locale and zoneinfo | Jude Taylor | 1 | -2/+6 | |
2015-10-31 | allow reading ICU data | Jude Taylor | 1 | -1/+2 | |
2015-10-30 | add special devices to sandbox-defaults | Jude Taylor | 1 | -1/+4 | |
2015-10-30 | <nix/fetchurl.nix>: Support xz-compressed NARs | Eelco Dolstra | 1 | -0/+3 | |
2015-10-30 | <nix/fetchurl.nix>: Support downloading and unpacking NARs | Eelco Dolstra | 1 | -3/+14 | |
This removes the need to have multiple downloads in the stdenv bootstrap process (like a separate busybox binary for Linux, or curl/mkdir/sh/bzip2 for Darwin). Now all those files can be combined into a single NAR. | |||||
2015-10-29 | int2String() -> std::to_string() | Eelco Dolstra | 2 | -3/+3 | |
2015-10-21 | use nixDataDir instead of appending /share to PREFIX | Jude Taylor | 1 | -1/+1 | |
2015-10-21 | clarifying comment | Jude Taylor | 1 | -1/+5 | |
2015-10-21 | move preBuildHook defaulting to globals.cc | Jude Taylor | 2 | -7/+5 | |
2015-10-21 | restore old DEFAULT_ALLOWED_IMPURE_PREFIXES | Jude Taylor | 1 | -1/+1 | |
2015-10-21 | Add resolve-system-dependencies.pl | Jude Taylor | 2 | -1/+8 | |
2015-10-21 | remove usr paths from allowed inputs | Jude Taylor | 1 | -2/+0 | |
2015-10-21 | allow access to SystemVersion for python builders | Jude Taylor | 1 | -0/+1 | |
2015-10-21 | fix line reading in preBuildHook | Jude Taylor | 1 | -1/+1 | |
2015-10-21 | remove sandbox defaults into a new file | Jude Taylor | 3 | -65/+62 | |
2015-10-21 | restore allowed impure prefixes | Jude Taylor | 1 | -1/+1 | |
2015-10-21 | remove an unneeded default impure-dep | Jude Taylor | 1 | -1/+0 | |
2015-10-21 | make sandbox builds more permissive | Jude Taylor | 1 | -2/+2 | |
2015-10-21 | add a few more permissions | Jude Taylor | 1 | -3/+45 | |
2015-10-21 | Allow builtin fetchurl regardless of the derivation's system attribute | Eelco Dolstra | 1 | -12/+13 | |
2015-10-21 | Show progress indicator for builtin fetchurl | Eelco Dolstra | 3 | -4/+7 | |
2015-10-21 | Disable TLS verification for builtin fetchurl | Eelco Dolstra | 3 | -11/+31 | |
This makes it consistent with the Nixpkgs fetchurl and makes it work in chroots. We don't need verification because the hash of the result is checked anyway. | |||||
2015-10-21 | Fix segfault in builtin fetchurl | Eelco Dolstra | 1 | -3/+7 | |
The stack allocated for the builder was way too small (32 KB). This is sufficient for normal derivations, because they just do some setup and then exec() the actual builder. But for the fetchurl builtin derivation it's not enough. Also, allocating the stack on the caller's stack was fishy business. | |||||
2015-10-08 | Allow building ARMv6 stuff on ARMv7 | Tuomas Tynkkynen | 1 | -0/+1 | |
This allows building a Raspberry Pi image on modern, faster boards. | |||||
2015-10-08 | Revert to CURLOPT_PROGRESSFUNCTION | Eelco Dolstra | 1 | -5/+5 | |
CURLOPT_XFERINFOFUNCTION isn't widely supported yet. http://hydra.nixos.org/build/26679495 | |||||
2015-10-07 | Show progress during downloads | Eelco Dolstra | 1 | -7/+47 | |
2015-10-06 | Use pkg-config-provided LDFLAGS for libsqlite3 and libcurl. | Manuel Jacob | 1 | -1/+1 | |
Previously, pkg-config was already queried for libsqlite3's and libcurl's link flags. However they were not used, but hardcoded instead. This commit replaces the hardcoded LDFLAGS by the ones provided by pkg-config in a similar pattern as already used for libsodium. | |||||
2015-10-06 | nix-store --serve: Implement log size limit | Eelco Dolstra | 2 | -2/+4 | |
2015-09-18 | Shut up clang warnings | Eelco Dolstra | 3 | -62/+63 | |
2015-09-03 | Implement buildDerivation() via the daemon | Eelco Dolstra | 2 | -2/+11 | |
2015-09-02 | Filter build-chroot-dirs entries that conflict with derivation outputs | Eelco Dolstra | 1 | -4/+4 | |
Fixes https://github.com/NixOS/nixpkgs/issues/9504. Note that this means we may have a non-functional /bin/sh in the chroot while rebuilding Bash or one of its dependencies. Ideally those packages don't rely on /bin/sh though. | |||||
2015-09-02 | Remove unused variable | Eelco Dolstra | 1 | -5/+0 | |
2015-08-24 | Prevent .chroot from being GC'ed when using LocalStore::buildDerivation() | Eelco Dolstra | 1 | -0/+4 | |
Fixes #616. |