about summary refs log tree commit diff
path: root/src/libutil
AgeCommit message (Collapse)AuthorFilesLines
2007-10-27 * Support for doing builds in a chroot under Linux. The builder isEelco Dolstra2-12/+28
executed in a chroot that contains just the Nix store, the temporary build directory, and a configurable set of additional directories (/dev and /proc by default). This allows a bit more purity enforcement: hidden build-time dependencies on directories such as /usr or /nix/var/nix/profiles are no longer possible. As an added benefit, accidental network downloads (cf. NIXPKGS-52) are prevented as well (because files such as /etc/resolv.conf are not available in the chroot). However the usefulness of chroots is diminished by the fact that many builders depend on /bin/sh, so you need /bin in the list of additional directories. (And then on non-NixOS you need /lib as well...)
2007-09-17 * nix-env: allow ~/.nix-defexpr to be a directory. If it is, then theEelco Dolstra1-0/+1
Nix expressions in that directory are combined into an attribute set {file1 = import file1; file2 = import file2; ...}, i.e. each Nix expression is an attribute with the file name as the attribute name. Also recurses into directories. * nix-env: removed the "--import" (-I) option which set the ~/.nix-defexpr symlink. * nix-channel: don't use "nix-env --import", instead symlink ~/.nix-defexpr/channels. So finally nix-channel --update doesn't override any default Nix expressions but combines with them. This means that you can have (say) a local Nixpkgs SVN tree and use it as a default for nix-env: $ ln -s .../path-to-nixpkgs-tree ~/.nix-defexpr/nixpkgs_svn and be subscribed to channels (including Nixpkgs) at the same time. (If there is any ambiguity, the -A flag can be used to disambiguate, e.g. "nix-env -i -A nixpkgs_svn.pan".)
2007-08-12 * Get rid of the substitutes database table (NIX-47). Instead, if weEelco Dolstra3-14/+21
need any info on substitutable paths, we just call the substituters (such as download-using-manifests.pl) directly. This means that it's no longer necessary for nix-pull to register substitutes or for nix-channel to clear them, which makes those operations much faster (NIX-95). Also, we don't have to worry about keeping nix-pull manifests (in /nix/var/nix/manifests) and the database in sync with each other. The downside is that there is some overhead in calling an external program to get the substitutes info. For instance, "nix-env -qas" takes a bit longer. Abolishing the substitutes table also makes the logic in local-store.cc simpler, as we don't need to store info for invalid paths. On the downside, you cannot do things like "nix-store -qR" on a substitutable but invalid path (but nobody did that anyway). * Never catch interrupts (the Interrupted exception).
2007-05-01 * Set a terminate() handler to ensure that we leave the BDBEelco Dolstra2-3/+22
environment cleanly even when an exception is thrown from a destructor. We still crash, but we don't take all other Nix processes with us.
2007-03-19 * Terminate build hooks and substitutes with a TERM signal, not a KILLEelco Dolstra2-4/+14
signal. This is necessary because those processes may have joined the BDB environment, so they have to be given a chance to clean up. (NIX-85)
2007-02-21 * `nix-store --import': import an archive created by `nix-storeEelco Dolstra2-6/+6
--export' into the Nix store, and optionally check the cryptographic signatures against /nix/etc/nix/signing-key.pub. (TODO: verify against a set of public keys.)
2007-02-21 * `nix-store --export --sign': sign the Nix archive using the RSA keyEelco Dolstra4-20/+56
in /nix/etc/nix/signing-key.sec
2007-01-13 * Cleanup.Eelco Dolstra1-1/+1
2006-12-12 * New primop builtins.filterSource, which can be used to filter filesEelco Dolstra6-19/+50
from a source directory. All files for which a predicate function returns true are copied to the store. Typical example is to leave out the .svn directory: stdenv.mkDerivation { ... src = builtins.filterSource (path: baseNameOf (toString path) != ".svn") ./source-dir; # as opposed to # src = ./source-dir; } This is important because the .svn directory influences the hash in a rather unpredictable and variable way.
2006-12-12 * In dumpPath(): pass a function object that allows files to beEelco Dolstra2-14/+28
selectively in/excluded from the dump.
2006-12-07 * Move setuidCleanup() to libutil.Eelco Dolstra2-0/+20
2006-12-07 * Change the ownership of store paths to the Nix account beforeEelco Dolstra1-1/+1
deleting them using the setuid helper.
2006-12-07 * Move killUser() to libutil so that the setuid helper can use it.Eelco Dolstra2-0/+52
2006-12-05 * The determination of the root set should be made by the privilegedEelco Dolstra2-0/+2
process, so forward the operation. * Spam the user about GC misconfigurations (NIX-71). * findRoots: skip all roots that are unreadable - the warnings with which we spam the user should be enough.
2006-12-04 * Daemon mode (`nix-worker --daemon'). Clients connect to the serverEelco Dolstra4-19/+24
via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes.
2006-12-03 * Pid::kill() should be interruptable.Eelco Dolstra1-1/+3
2006-12-03 * Some hackery to propagate the worker's stderr and exceptions to theEelco Dolstra2-1/+12
client.
2006-12-02 * Move addTempRoot() to the store API, and add another functionEelco Dolstra1-2/+2
syncWithGC() to allow clients to register GC roots without needing write access to the global roots directory or the GC lock.
2006-12-02 * Remove most of the old setuid code.Eelco Dolstra2-134/+1
* Much simpler setuid code for the worker in slave mode.
2006-12-02 * Remove SwitchToOriginalUser, we're not going to need it anymore.Eelco Dolstra2-37/+0
2006-11-30 * More remote operations.Eelco Dolstra2-1/+21
* Added new operation hasSubstitutes(), which is more efficient than querySubstitutes().size() > 0.
2006-11-30 * When NIX_REMOTE is set to "slave", fork off nix-worker in slaveEelco Dolstra1-0/+10
mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure.
2006-11-30 * Skeleton of the privileged worker program.Eelco Dolstra6-100/+177
* Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation.
2006-11-29 * Don't spam.Eelco Dolstra1-0/+2
2006-11-29 * Example script to set permissions for setuid operation.Roy van den Broek1-1/+1
2006-11-29 * Remove --enable-setuid, --with-nix-user and --with-nix-group.Eelco Dolstra1-26/+45
Rather, setuid support is now always compiled in (at least on platforms that have the setresuid system call, e.g., Linux and FreeBSD), but it must enabled by chowning/chmodding the Nix binaries.
2006-11-24 * Doh! Path sizes need to be computed recursively of course.Eelco Dolstra2-0/+26
(NIX-70)
2006-10-30 * readFile: don't overflow the stack on large files.Eelco Dolstra1-1/+15
2006-10-16 * Big cleanup of the semantics of paths, strings, contexts, stringEelco Dolstra2-0/+11
concatenation and string coercion. This was a big mess (see e.g. NIX-67). Contexts are now folded into strings, so that they don't cause evaluation errors when they're not expected. The semantics of paths has been clarified (see nixexpr-ast.def). toString() and coerceToString() have been merged. Semantic change: paths are now copied to the store when they're in a concatenation (and in most other situations - that's the formalisation of the meaning of a path). So "foo " + ./bla evaluates to "foo /nix/store/hash...-bla", not "foo /path/to/current-dir/bla". This prevents accidental impurities, and is more consistent with the treatment of derivation outputs, e.g., `"foo " + bla' where `bla' is a derivation. (Here `bla' would be replaced by the output path of `bla'.)
2006-09-27 * Fix setuid builds.Eelco Dolstra1-5/+9
2006-09-20 * Print a better error message for wrong hashes (NIX-49).Eelco Dolstra2-1/+10
2006-09-04 * Move setuid stuff to libutil.Eelco Dolstra2-3/+139
* Install libexpr header files.
2006-09-04 * Install header files in /nix/include/nix.Eelco Dolstra1-5/+5
2006-09-04 * Remove unnecessary inclusions of aterm2.h.Eelco Dolstra2-1/+4
2006-09-04 * Don't need extern "C".Eelco Dolstra1-2/+0
2006-09-04 * Use a proper namespace.Eelco Dolstra14-91/+178
* Optimise header file usage a bit. * Compile the parser as C++.
2006-09-04 * Store the Nix libraries in ${libdir}/nix instead of ${libdir}.Eelco Dolstra1-1/+1
2006-08-31 * Doh! Doh! Doh!Eelco Dolstra1-1/+1
2006-08-31 * Better error checking.Eelco Dolstra1-11/+6
2006-08-29 * Fix the ~ operator.Eelco Dolstra2-0/+11
2006-08-26 * Refactoring.Eelco Dolstra2-4/+10
2006-08-24 * Escape newlines in XML attributes to prevent them from beingEelco Dolstra1-0/+3
normalised away.
2006-08-16 * `nix-instantiate --{eval|parse}-only --xml': print an XMLEelco Dolstra2-3/+19
representation instead of an ATerm. * Indent XML output.
2006-08-04 * Weird issue on Cygwin with the include file order.Eelco Dolstra1-4/+4
2006-08-03 * `nix-env -q --xml': show query result in XML format for easierEelco Dolstra2-2/+2
automated processing.
2006-08-03 * `nix-instantiate --print-args': produce XML output so that theEelco Dolstra3-57/+69
result can be used more easily by scripts.
2006-08-03 * Simple class for writing XML files.Eelco Dolstra1-0/+161
2006-07-20 * Call find-runtime-roots.pl from the garbage collector to preventEelco Dolstra2-0/+98
running applications etc. from being garbage collected.
2006-07-06 * Allow the canonical system name to be specified at runtime in theEelco Dolstra2-7/+0
Nix config file.
2006-06-19 * Write messages to stderr in a slightly more atomic way. Useful whenEelco Dolstra1-1/+2
there are several parallel processes.