about summary refs log tree commit diff
path: root/src/libutil/util.cc
AgeCommit message (Collapse)AuthorFilesLines
2015-02-10 Add base64 encoder/decoderEelco Dolstra1-0/+59
2015-02-04 Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra1-6/+19
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2015-01-02 libutil: Limit readLink() error to only overflows.aszlig1-2/+2
Let's not just improve the error message itself, but also the behaviour to actually work around the ntfs-3g symlink bug. If the readlink() call returns a smaller size than the stat() call, this really isn't a problem even if the symlink target really has changed between the calls. So if stat() reports the size for the absolute path, it's most likely that the relative path is smaller and thus it should also work for file system bugs as mentioned in 93002d69fc58c2b71e2dfad202139230c630c53a. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02 libutil: Improve errmsg on readLink size mismatch.aszlig1-1/+5
A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2014-12-12 Fix some memory leaksEelco Dolstra1-6/+13
2014-12-12 Ensure we're writing to stderr in the builderEelco Dolstra1-12/+13
http://hydra.nixos.org/build/17862041
2014-12-12 DohEelco Dolstra1-2/+2
2014-12-10 Don't do vfork in conjunction with setuidEelco Dolstra1-0/+3
2014-12-10 Use vforkEelco Dolstra1-8/+23
2014-12-10 Revert "Use posix_spawn to run the pager"Eelco Dolstra1-8/+2
This reverts commit d34d2b2bbf784c0bb420a50905af25e02c6e4989.
2014-12-05 Use posix_spawn to run the pagerEelco Dolstra1-2/+8
In low memory environments, "nix-env -qa" failed because the fork to run the pager hit the kernel's overcommit limits. Using posix_spawn gets around this. (Actually, you have to use posix_spawn with the undocumented POSIX_SPAWN_USEVFORK flag, otherwise it just uses fork/exec...)
2014-11-19 nix-daemon: Call exit(), not _exit()Eelco Dolstra1-2/+5
This was preventing destructors from running. In particular, it was preventing the deletion of the temproot file for each worker process. It may also have been responsible for the excessive WAL growth on Hydra (due to the SQLite database not being closed properly). Apparently broken by accident in 8e9140cfdef9dbd1eb61e4c75c91d452ab5e4a74.
2014-10-03 Remove some duplicate codeEelco Dolstra1-0/+10
2014-10-03 createDirs(): Handle ‘path’ being a symlinkEelco Dolstra1-0/+3
In particular, this fixes "nix-build -o /tmp/result" on Mac OS X (where /tmp is a symlink).
2014-09-19 Remove bogus commentEelco Dolstra1-1/+0
2014-08-21 Use PR_SET_PDEATHSIG to ensure child cleanupEelco Dolstra1-1/+10
2014-08-20 Use proper quotes everywhereEelco Dolstra1-26/+26
2014-08-20 Add some colorEelco Dolstra1-0/+35
2014-08-20 nix-store -l: Automatically pipe output into $PAGEREelco Dolstra1-2/+2
2014-08-04 Get rid of "killing <pid>" message for unused build hooksEelco Dolstra1-2/+3
2014-08-01 Call commonChildInit() before doing chroot initEelco Dolstra1-8/+10
This ensures that daemon clients see error messages from the chroot setup.
2014-08-01 Eliminate redundant copyEelco Dolstra1-1/+1
2014-08-01 Make readDirectory() return inode / file typeEelco Dolstra1-8/+7
2014-07-31 Restore default SIGPIPE handler before invoking ‘man’Eelco Dolstra1-0/+10
Fixes NixOS/nixpkgs#3410.
2014-07-23 nix-daemon: Simplify stderr handlingEelco Dolstra1-0/+1
2014-07-23 startProcess: Make writing error messages from the child more robustEelco Dolstra1-2/+4
2014-07-10 Fix broken Pid constructorEelco Dolstra1-5/+2
2014-07-10 Refactoring: Move all fork handling into a higher-order functionEelco Dolstra1-54/+53
C++11 lambdas ftw.
2014-07-10 Remove maybeVforkEelco Dolstra1-8/+1
2014-05-21 nix-store -l: Fetch build logs from the InternetEelco Dolstra1-1/+1
If a build log is not available locally, then ‘nix-store -l’ will now try to download it from the servers listed in the ‘log-servers’ option in nix.conf. For instance, if you have: log-servers = http://hydra.nixos.org/log then it will try to get logs from http://hydra.nixos.org/log/<base name of the store path>. So you can do things like: $ nix-store -l $(which xterm) and get a log even if xterm wasn't built locally.
2014-04-08 If a .drv cannot be parsed, show its pathEelco Dolstra1-1/+1
Otherwise you just get ‘expected string `Derive(['’ which isn't very helpful.
2014-03-28 Don't interpret strings as format stringsEelco Dolstra1-13/+13
Ludo reported this error: unexpected Nix daemon error: boost::too_few_args: format-string refered to more arguments than were passed coming from this line: printMsg(lvlError, run.program + ": " + string(err, 0, p)); The problem here is that the string ends up implicitly converted to a Boost format() object, so % characters are treated specially. I always assumed (wrongly) that strings are converted to a format object that outputs the string as-is. Since this assumption appears in several places that may be hard to grep for, I've added some C++ type hackery to ensures that the right thing happens. So you don't have to worry about % in statements like printMsg(lvlError, "foo: " + s); or throw Error("foo: " + s);
2014-02-27 Set up a minimal /dev in chrootsEelco Dolstra1-0/+7
Not bind-mounting the /dev from the host also solves the problem with /dev/shm being a symlink to something not in the chroot.
2014-02-26 Remove another unused functionEelco Dolstra1-19/+0
2014-02-26 Remove unused functionEelco Dolstra1-28/+0
2013-11-14 Remove nix-setuid-helperEelco Dolstra1-13/+0
AFAIK, nobody uses it, it's not maintained, and it has no tests.
2013-08-26 Fix typos, especially those that end up in the Nix manualIvan Kozik1-2/+2
2013-08-19 Store Nix integers as longsEelco Dolstra1-8/+0
So on 64-bit systems, integers are now 64-bit. Fixes #158.
2013-07-30 killUser: Don't let the child kill itself on AppleShea Levy1-0/+13
The kill(2) in Apple's libc follows POSIX semantics, which means that kill(-1, SIGKILL) will kill the calling process too. Since nix has no way to distinguish between the process successfully killing everything and the process being killed by a rogue builder in that case, it can't safely conclude that killUser was successful. Luckily, the actual kill syscall takes a parameter that determines whether POSIX semantics are followed, so we can call that syscall directly and avoid the issue on Apple. Signed-off-by: Shea Levy <shea@shealevy.com>
2013-07-12 Garbage collector: Don't follow symlinks arbitrarilyEelco Dolstra1-0/+9
Only indirect roots (symlinks to symlinks to the Nix store) are now supported.
2013-06-20 Don't keep "disabled" substituters runningEelco Dolstra1-0/+1
For instance, it's pointless to keep copy-from-other-stores running if there are no other stores, or download-using-manifests if there are no manifests. This also speeds things up because we don't send queries to those substituters.
2013-01-03 Remove tabsEelco Dolstra1-44/+44
2013-01-03 Clear any immutable bits in the Nix storeEelco Dolstra1-3/+0
Doing this once makes subsequent operations like garbage collecting more efficient since we don't have to call makeMutable() first.
2012-11-26 Make "nix-build -A <derivation>.<output>" do the right thingEelco Dolstra1-1/+13
For example, given a derivation with outputs "out", "man" and "bin": $ nix-build -A pkg produces ./result pointing to the "out" output; $ nix-build -A pkg.man produces ./result-man pointing to the "man" output; $ nix-build -A pkg.all produces ./result, ./result-man and ./result-bin; $ nix-build -A pkg.all -A pkg2 produces ./result, ./result-man, ./result-bin and ./result-2.
2012-11-15 Don't use std::cerr in a few placesEelco Dolstra1-15/+20
Slightly scared of using std::cerr in a vforked process...
2012-11-15 Add some debug codeEelco Dolstra1-1/+1
2012-11-09 Use vfork() instead of fork() if availableEelco Dolstra1-3/+11
Hopefully this reduces the chance of hitting ‘unable to fork: Cannot allocate memory’ errors. vfork() is used for everything except starting builders.
2012-11-09 Remove some redundant close() callsEelco Dolstra1-10/+8
They are unnecessary because we set the close-on-exec flag.
2012-11-09 Remove the quickExit functionEelco Dolstra1-9/+3
2012-09-28 Handle octal escapes in /proc/self/mountinfoEelco Dolstra1-0/+15