Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2006-11-30 | * When NIX_REMOTE is set to "slave", fork off nix-worker in slave | Eelco Dolstra | 1 | -0/+10 | |
mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure. | |||||
2006-11-30 | * Skeleton of the privileged worker program. | Eelco Dolstra | 6 | -100/+177 | |
* Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation. | |||||
2006-11-29 | * Don't spam. | Eelco Dolstra | 1 | -0/+2 | |
2006-11-29 | * Example script to set permissions for setuid operation. | Roy van den Broek | 1 | -1/+1 | |
2006-11-29 | * Remove --enable-setuid, --with-nix-user and --with-nix-group. | Eelco Dolstra | 1 | -26/+45 | |
Rather, setuid support is now always compiled in (at least on platforms that have the setresuid system call, e.g., Linux and FreeBSD), but it must enabled by chowning/chmodding the Nix binaries. | |||||
2006-11-24 | * Doh! Path sizes need to be computed recursively of course. | Eelco Dolstra | 2 | -0/+26 | |
(NIX-70) | |||||
2006-10-30 | * readFile: don't overflow the stack on large files. | Eelco Dolstra | 1 | -1/+15 | |
2006-10-16 | * Big cleanup of the semantics of paths, strings, contexts, string | Eelco Dolstra | 2 | -0/+11 | |
concatenation and string coercion. This was a big mess (see e.g. NIX-67). Contexts are now folded into strings, so that they don't cause evaluation errors when they're not expected. The semantics of paths has been clarified (see nixexpr-ast.def). toString() and coerceToString() have been merged. Semantic change: paths are now copied to the store when they're in a concatenation (and in most other situations - that's the formalisation of the meaning of a path). So "foo " + ./bla evaluates to "foo /nix/store/hash...-bla", not "foo /path/to/current-dir/bla". This prevents accidental impurities, and is more consistent with the treatment of derivation outputs, e.g., `"foo " + bla' where `bla' is a derivation. (Here `bla' would be replaced by the output path of `bla'.) | |||||
2006-09-27 | * Fix setuid builds. | Eelco Dolstra | 1 | -5/+9 | |
2006-09-20 | * Print a better error message for wrong hashes (NIX-49). | Eelco Dolstra | 2 | -1/+10 | |
2006-09-04 | * Move setuid stuff to libutil. | Eelco Dolstra | 2 | -3/+139 | |
* Install libexpr header files. | |||||
2006-09-04 | * Install header files in /nix/include/nix. | Eelco Dolstra | 1 | -5/+5 | |
2006-09-04 | * Remove unnecessary inclusions of aterm2.h. | Eelco Dolstra | 2 | -1/+4 | |
2006-09-04 | * Don't need extern "C". | Eelco Dolstra | 1 | -2/+0 | |
2006-09-04 | * Use a proper namespace. | Eelco Dolstra | 14 | -91/+178 | |
* Optimise header file usage a bit. * Compile the parser as C++. | |||||
2006-09-04 | * Store the Nix libraries in ${libdir}/nix instead of ${libdir}. | Eelco Dolstra | 1 | -1/+1 | |
2006-08-31 | * Doh! Doh! Doh! | Eelco Dolstra | 1 | -1/+1 | |
2006-08-31 | * Better error checking. | Eelco Dolstra | 1 | -11/+6 | |
2006-08-29 | * Fix the ~ operator. | Eelco Dolstra | 2 | -0/+11 | |
2006-08-26 | * Refactoring. | Eelco Dolstra | 2 | -4/+10 | |
2006-08-24 | * Escape newlines in XML attributes to prevent them from being | Eelco Dolstra | 1 | -0/+3 | |
normalised away. | |||||
2006-08-16 | * `nix-instantiate --{eval|parse}-only --xml': print an XML | Eelco Dolstra | 2 | -3/+19 | |
representation instead of an ATerm. * Indent XML output. | |||||
2006-08-04 | * Weird issue on Cygwin with the include file order. | Eelco Dolstra | 1 | -4/+4 | |
2006-08-03 | * `nix-env -q --xml': show query result in XML format for easier | Eelco Dolstra | 2 | -2/+2 | |
automated processing. | |||||
2006-08-03 | * `nix-instantiate --print-args': produce XML output so that the | Eelco Dolstra | 3 | -57/+69 | |
result can be used more easily by scripts. | |||||
2006-08-03 | * Simple class for writing XML files. | Eelco Dolstra | 1 | -0/+161 | |
2006-07-20 | * Call find-runtime-roots.pl from the garbage collector to prevent | Eelco Dolstra | 2 | -0/+98 | |
running applications etc. from being garbage collected. | |||||
2006-07-06 | * Allow the canonical system name to be specified at runtime in the | Eelco Dolstra | 2 | -7/+0 | |
Nix config file. | |||||
2006-06-19 | * Write messages to stderr in a slightly more atomic way. Useful when | Eelco Dolstra | 1 | -1/+2 | |
there are several parallel processes. | |||||
2006-06-14 | * Fix for a problem with BSD's group ownership semantics when the user | Eelco Dolstra | 1 | -1/+13 | |
is not in the "wheel" group. | |||||
2006-05-24 | * Some Cygwin fixes. | Eelco Dolstra | 1 | -6/+6 | |
2006-05-12 | * Support for srcdir != builddir (NIX-41). | Eelco Dolstra | 1 | -1/+1 | |
2006-05-11 | * 64-bit compatibility fixes (for problems revealed by building on an Athlon | Eelco Dolstra | 3 | -11/+12 | |
64 running 64-bit SUSE). A patched ATerm library is required to run Nix succesfully. | |||||
2006-05-08 | * GCC 2.95 compatibility. | Eelco Dolstra | 1 | -0/+2 | |
2006-05-08 | * Allow function argument default values to refer to other arguments | Eelco Dolstra | 2 | -3/+8 | |
of the function. Implements NIX-45. | |||||
2006-05-08 | * Show evaluation stats when NIX_SHOW_STATS=1. | Eelco Dolstra | 2 | -14/+26 | |
2006-05-04 | * Use the new ATermMap. | Eelco Dolstra | 3 | -1/+428 | |
2006-03-09 | * Ugh, printHash() was very inefficient because it used | Eelco Dolstra | 1 | -5/+7 | |
ostringstreams. Around 11% of execution time was spent here (now it's 0.5%). | |||||
2006-03-08 | * Some refactoring of the exception handling code so that we can catch | Eelco Dolstra | 2 | -5/+16 | |
Nix expression assertion failures. | |||||
2006-03-01 | * Ouch, parseHash32 was completely broken. All digits >= 4 were | Eelco Dolstra | 1 | -1/+1 | |
parsed as 4. For a moment I worried that printHash32 was broken, and that would have been really, *really* bad ;-) | |||||
2006-02-13 | * Optional switch "--with-openssl=<PATH>" to use OpenSSL's | Eelco Dolstra | 6 | -40/+48 | |
implementations of MD5, SHA-1 and SHA-256. The main benefit is that we get assembler-optimised implementations of MD5 and SHA-1 (though not SHA-256 (at least on x86), unfortunately). OpenSSL's SHA-1 implementation on Intel is twice as fast as ours. | |||||
2006-02-13 | * Use a union. | Eelco Dolstra | 1 | -2/+1 | |
2006-02-01 | * bsdiff updated to 4.3. This makes Nix depend on libbz2. | Eelco Dolstra | 1 | -1/+1 | |
2006-01-09 | * dirOf: return "/", not "", for paths in the root directory. Fixes NIX-26. | Eelco Dolstra | 1 | -2/+2 | |
2006-01-08 | * Resolve all symlink components in the location of the temporary | Eelco Dolstra | 2 | -4/+25 | |
build directory (TMPDIR, i.e., /tmp). Fixes NIX-26. | |||||
2005-12-15 | * `nix-store --gc' prints out the number of bytes freed on stdout | Eelco Dolstra | 2 | -4/+17 | |
(even when it is interrupted by a signal). | |||||
2005-11-16 | * Did something useful while waiting at IAD: reference scanning is now | Eelco Dolstra | 2 | -1/+7 | |
much faster. | |||||
2005-09-22 | * Parse multi-valued options. | Eelco Dolstra | 2 | -0/+19 | |
2005-07-22 | * Build dynamic libraries. | Eelco Dolstra | 1 | -2/+2 | |
2005-05-04 | * FreeBSD 4.x doesn't have stdint.h, use inttypes.h instead (which is | Eelco Dolstra | 3 | -3/+3 | |
also part of ISO C). |