Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2007-03-19 | * Terminate build hooks and substitutes with a TERM signal, not a KILL | Eelco Dolstra | 1 | -6/+13 | |
signal. This is necessary because those processes may have joined the BDB environment, so they have to be given a chance to clean up. (NIX-85) | |||||
2007-03-19 | * Undocumented option `gc-check-reachability' to allow reachability | Eelco Dolstra | 1 | -7/+9 | |
checking to be turned off on machines with way too many roots. | |||||
2007-03-07 | * Delete the output paths before invoking the build hook. | Eelco Dolstra | 1 | -14/+14 | |
2007-03-01 | * Look for the openssl program at compile time. If not found, call | Eelco Dolstra | 1 | -2/+2 | |
openssl through $PATH at runtime. | |||||
2007-03-01 | * Don't check the signature unless we have to. | Eelco Dolstra | 1 | -21/+23 | |
2007-02-27 | * Doh! The deriver can be empty. | Eelco Dolstra | 1 | -1/+2 | |
2007-02-21 | * `nix-store -qR' and friends: print the paths sorted topologically | Eelco Dolstra | 2 | -2/+7 | |
under the references relation. This is useful for commands that want to copy paths to another Nix store in the right order. | |||||
2007-02-21 | * Check that the file containing the secret key is secret. | Eelco Dolstra | 1 | -1/+14 | |
2007-02-21 | * `nix-store --import' now also works in remote mode. The worker | Eelco Dolstra | 3 | -8/+27 | |
always requires a signature on the archive. This is to ensure that unprivileged users cannot add Trojan horses to the Nix store. | |||||
2007-02-21 | * Support exportPath() in remote mode. | Eelco Dolstra | 3 | -5/+16 | |
2007-02-21 | * importPath(): set the deriver. | Eelco Dolstra | 1 | -3/+13 | |
* exportPath(): lock the path, use a transaction. | |||||
2007-02-21 | * `nix-store --import': import an archive created by `nix-store | Eelco Dolstra | 5 | -4/+124 | |
--export' into the Nix store, and optionally check the cryptographic signatures against /nix/etc/nix/signing-key.pub. (TODO: verify against a set of public keys.) | |||||
2007-02-21 | * `nix-store --export --sign': sign the Nix archive using the RSA key | Eelco Dolstra | 2 | -6/+59 | |
in /nix/etc/nix/signing-key.sec | |||||
2007-02-20 | * Start of `nix-store --export' operation for serialising a store | Eelco Dolstra | 5 | -0/+39 | |
path. This is like `nix-store --dump', only it also dumps the meta-information of the store path (references, deriver). Will add a `--sign' flag later to add a cryptographic signature, which we will use for exchanging store paths between build farm machines in a secure manner. | |||||
2007-02-06 | * Fix 64-bit compiler warnings. | Eelco Dolstra | 1 | -2/+2 | |
2007-01-29 | * Doh! | Eelco Dolstra | 1 | -2/+0 | |
2007-01-29 | * computeStorePathForText: take the references into account when | Eelco Dolstra | 4 | -5/+17 | |
computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Note that this changes the store paths of derivations (since the derivation aterms are added using addTextToStore), but not most outputs (unless they use builtins.toFile). | |||||
2007-01-23 | * exportReferencesGraph: work on paths within store paths as well. | Eelco Dolstra | 1 | -2/+10 | |
2007-01-14 | * `nix-store --verify': revive checking the referrers table. This is | Eelco Dolstra | 1 | -42/+56 | |
important to get garbage collection to work if there is any inconsistency in the database (because the referrer table is used to determine whether it is safe to delete a path). * `nix-store --verify': show some progress. | |||||
2007-01-14 | * Make the garbage collector more resilient to certain consistency | Eelco Dolstra | 3 | -4/+10 | |
errors: in-use paths now cause a warning, not a fatal error. | |||||
2006-12-12 | * New primop builtins.filterSource, which can be used to filter files | Eelco Dolstra | 7 | -45/+25 | |
from a source directory. All files for which a predicate function returns true are copied to the store. Typical example is to leave out the .svn directory: stdenv.mkDerivation { ... src = builtins.filterSource (path: baseNameOf (toString path) != ".svn") ./source-dir; # as opposed to # src = ./source-dir; } This is important because the .svn directory influences the hash in a rather unpredictable and variable way. | |||||
2006-12-09 | * Use lchown() instead of chown() in canonicalisePathMetaData(). This | Eelco Dolstra | 1 | -8/+38 | |
matters when running as root, since then we don't use the setuid helper (which already used lchown()). * Also check for an obscure security problem on platforms that don't have lchown. Then we can't change the ownership of symlinks, which doesn't matter *except* when the containing directory is writable by the owner (which is the case with the top-level Nix store directory). | |||||
2006-12-09 | * Use deletePathWrapped() in more places. | Eelco Dolstra | 3 | -22/+31 | |
2006-12-08 | * Goal cancellation inside the waitForInput() loop needs to be handled | Eelco Dolstra | 1 | -38/+85 | |
very carefully, since it can invalidate iterators into the `children' map. | |||||
2006-12-08 | * Some refactoring. | Eelco Dolstra | 1 | -95/+118 | |
* Throw more exceptions as BuildErrors instead of Errors. This matters when --keep-going is turned on. (A BuildError is caught and terminates the goal in question, an Error terminates the program.) | |||||
2006-12-08 | * Kill a build if it has gone for more than a certain number of | Eelco Dolstra | 3 | -6/+61 | |
seconds without producing output on stdout or stderr (NIX-65). This timeout can be specified using the `--max-silent-time' option or the `build-max-silent-time' configuration setting. The default is infinity (0). * Fix a tricky race condition: if we kill the build user before the child has done its setuid() to the build user uid, then it won't be killed, and we'll potentially lock up in pid.wait(). So also send a conventional kill to the child. | |||||
2006-12-08 | * Also for convenience, change the ownership of the build output even | Eelco Dolstra | 1 | -22/+36 | |
in case of failure. | |||||
2006-12-07 | * Remove ancient terminology. | Eelco Dolstra | 1 | -3/+3 | |
2006-12-07 | * When keeping the temporary build directory (-K), change the owner | Eelco Dolstra | 1 | -1/+4 | |
back to the Nix account. | |||||
2006-12-07 | * Be less verbose. | Eelco Dolstra | 1 | -1/+1 | |
2006-12-07 | * Don't count on the Pid deconstructor to kill the child process, | Eelco Dolstra | 1 | -2/+14 | |
since if we're running a build user in non-root mode, we can't. Let the setuid helper do it. | |||||
2006-12-07 | * If not running as root, let the setuid helper kill the build user's | Eelco Dolstra | 1 | -27/+36 | |
processes before and after the build. | |||||
2006-12-07 | * In the garbage collector, if deleting a path fails, try to fix its | Eelco Dolstra | 3 | -6/+31 | |
ownership, then try again. | |||||
2006-12-07 | * When not running as root, call the setuid helper to change the | Eelco Dolstra | 2 | -7/+13 | |
ownership of the build result after the build. | |||||
2006-12-07 | * Change the ownership of store paths to the Nix account before | Eelco Dolstra | 1 | -4/+56 | |
deleting them using the setuid helper. | |||||
2006-12-07 | * Pass the actual build user to the setuid helper. | Eelco Dolstra | 1 | -22/+10 | |
2006-12-07 | * If Nix is not running as root, call the setuid helper to start the | Eelco Dolstra | 1 | -21/+37 | |
builder under the desired build user. | |||||
2006-12-07 | * Sanity check. | Eelco Dolstra | 1 | -1/+7 | |
2006-12-07 | * Move killUser() to libutil so that the setuid helper can use it. | Eelco Dolstra | 1 | -48/+27 | |
2006-12-06 | * Get rid of `build-users'. We'll just take all the members of | Eelco Dolstra | 1 | -35/+53 | |
`build-users-group'. This makes configuration easier: you can just add users in /etc/group. | |||||
2006-12-06 | * Start of the setuid helper (the program that performs the operations | Eelco Dolstra | 1 | -3/+4 | |
that have to be done as root: running builders under different uids, changing ownership of build results, and deleting paths in the store with the wrong ownership). | |||||
2006-12-05 | * Be less chatty. | Eelco Dolstra | 1 | -2/+2 | |
2006-12-05 | * Urgh. Do setgid() before setuid(), because the semantics of setgid() | Eelco Dolstra | 1 | -4/+4 | |
changes completely depending on whether you're root... | |||||
2006-12-05 | * FreeBSD returns ESRCH when there are no processes to kill. | Eelco Dolstra | 1 | -4/+8 | |
2006-12-05 | * Better message. | Eelco Dolstra | 1 | -1/+1 | |
2006-12-05 | * Allow unprivileged users to run the garbage collector and to do | Eelco Dolstra | 10 | -49/+81 | |
`nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * `nix-store --delete --ignore-liveness': ignore the runtime roots as well. | |||||
2006-12-05 | * The determination of the root set should be made by the privileged | Eelco Dolstra | 6 | -60/+124 | |
process, so forward the operation. * Spam the user about GC misconfigurations (NIX-71). * findRoots: skip all roots that are unreadable - the warnings with which we spam the user should be enough. | |||||
2006-12-05 | * findRoots: return a map from the symlink (outside of the store) to | Eelco Dolstra | 1 | -11/+16 | |
the store path (inside the store). | |||||
2006-12-05 | * In addPermRoot, check that the root that we just registered can be | Eelco Dolstra | 1 | -17/+41 | |
found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores. | |||||
2006-12-04 | * Add indirect root registration to the protocol so that unprivileged | Eelco Dolstra | 6 | -6/+32 | |
processes can register indirect roots. Of course, there is still the problem that the garbage collector can only read the targets of the indirect roots when it's running as root... |