Age | Commit message (Collapse) | Author | Files | Lines |
|
They're a little bit too recent (only supported since GCC 4.7).
http://hydra.nixos.org/build/11851475
|
|
Also, yay for C++11 non-static initialisers.
|
|
I.e. if you have a derivation with
src = ./huge-directory;
you'll get a warning that this is not a good idea.
|
|
|
|
|
|
|
|
stream it's now necessary for the daemon to process the entire
sequence of exported paths, rather than letting the client do it.
|
|
|
|
(way fewer roundtrips) by allowing the client to send data in bigger
chunks.
* Some refactoring.
|
|
|
|
* Buffer the HashSink. This speeds up hashing a bit because it
prevents lots of calls to the hash update functions (e.g. nix-hash
went from 9.3s to 8.7s of user time on the closure of my
/var/run/current-system).
|
|
significantly cuts down the number of syscalls (e.g., for "nix-store
-qR /var/run/current-system" via the daemon, it reduced the number
of syscalls in the client from 29134 to 4766 and in the daemon from
44266 to 20666).
|
|
system calls / context switches when dumping a NAR and in the worker
protocol.
|
|
would just silently store only (fileSize % 2^32) bytes.
* Use posix_fallocate if available when unpacking archives.
* Provide a better error message when trying to unpack something that
isn't a NAR archive.
|
|
read-only operations (like nix-env -qa) work properly when the
daemon isn't running.
|
|
|
|
* The garbage collector now also prints the number of blocks freed.
|
|
from a source directory. All files for which a predicate function
returns true are copied to the store. Typical example is to leave
out the .svn directory:
stdenv.mkDerivation {
...
src = builtins.filterSource
(path: baseNameOf (toString path) != ".svn")
./source-dir;
# as opposed to
# src = ./source-dir;
}
This is important because the .svn directory influences the hash in
a rather unpredictable and variable way.
|
|
* Added new operation hasSubstitutes(), which is more efficient than
querySubstitutes().size() > 0.
|
|
mode. Presumably nix-worker would be setuid to the Nix store user.
The worker performs all operations on the Nix store and database, so
the caller can be completely unprivileged.
This is already much more secure than the old setuid scheme, since
the worker doesn't need to do Nix expression evaluation and so on.
Most importantly, this means that it doesn't need to access any user
files, with all resulting security risks; it only performs pure
store operations.
Once this works, it is easy to move to a daemon model that forks off
a worker for connections established through a Unix domain socket.
That would be even more secure.
|
|
* Some refactoring: put the NAR archive integer/string serialisation
code in a separate file so it can be reused by the worker protocol
implementation.
|