about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2015-02-04 Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra4-10/+53
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2015-02-03 Simplify parseHash32Eelco Dolstra1-37/+10
2015-02-03 Simplify printHash32Eelco Dolstra1-35/+17
2015-01-29 Merge remote-tracking branch 'shlevy/baseNameOf-no-copy'Shea Levy1-1/+1
baseNameOf: Don't copy paths to the store first
2015-01-18 Make inputs writeable in the sandbox (builds still can’t actually write ↵Daniel Peebles1-2/+7
due to user permissions)
2015-01-15 Fix assertion failure in nix-envEelco Dolstra2-4/+8
$ nix-env -f ~/Dev/nixops/ -iA foo nix-env: src/libexpr/eval.hh:57: void nix::Bindings::push_back(const nix::Attr&): Assertion `size_ < capacity' failed. Aborted
2015-01-13 Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy1-1/+1
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13 SysError -> ErrorEelco Dolstra1-1/+1
2015-01-13 Don't resolve symlinks while checking __impureHostDepsEelco Dolstra1-2/+5
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12 Add basic Apple sandbox supportDaniel Peebles1-17/+169
2015-01-09 Fix builtins.readDir on XFSEelco Dolstra1-1/+1
The DT_UNKNOWN fallback code was getting the type of the wrong path, causing readDir to report "directory" as the type of every file. Reported by deepfire on IRC.
2015-01-08 Doh^2Eelco Dolstra1-1/+1
2015-01-08 DohEelco Dolstra1-3/+3
2015-01-08 Set /nix/store permission to 1737Eelco Dolstra2-19/+6
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-07 Show position info for failing <...> lookupsEelco Dolstra3-4/+8
2015-01-07 Remove quotes around filenames in position infoEelco Dolstra1-1/+1
2015-01-06 Fix building on DarwinEelco Dolstra1-1/+4
Fixes #433.
2015-01-02 Allow $NIX_PAGER to override $PAGEREelco Dolstra1-4/+5
2015-01-02 libutil: Limit readLink() error to only overflows.aszlig1-2/+2
Let's not just improve the error message itself, but also the behaviour to actually work around the ntfs-3g symlink bug. If the readlink() call returns a smaller size than the stat() call, this really isn't a problem even if the symlink target really has changed between the calls. So if stat() reports the size for the absolute path, it's most likely that the relative path is smaller and thus it should also work for file system bugs as mentioned in 93002d69fc58c2b71e2dfad202139230c630c53a. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02 libutil: Improve errmsg on readLink size mismatch.aszlig1-1/+5
A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2014-12-29 LocalStore initialization: Don't die if build-users-group doesn't existShea Levy1-11/+12
See NixOS/nixpkgs@9245516
2014-12-23 Revive running builds in a PID namespaceEelco Dolstra1-30/+59
2014-12-14 PedantryEelco Dolstra5-8/+4
2014-12-14 Merge branch 'cygwin-master' of https://github.com/ternaris/nixEelco Dolstra5-0/+5
2014-12-13 Better error messageEelco Dolstra1-1/+1
2014-12-12 Silence some warnings on GCC 4.9Eelco Dolstra4-7/+12
2014-12-12 Shut up a Valgrind warningEelco Dolstra1-1/+1
2014-12-12 Fix some memory leaksEelco Dolstra3-35/+27
2014-12-12 Ensure we're writing to stderr in the builderEelco Dolstra6-19/+21
http://hydra.nixos.org/build/17862041
2014-12-12 Don't abort if we get a signal while waiting for the pagerEelco Dolstra1-4/+8
2014-12-12 Get rid of unnecessary "interrupted by the user" message with -vvvEelco Dolstra1-0/+2
2014-12-12 Remove chatty messageEelco Dolstra1-2/+0
This broke building with "-vv", because the builder is not allowed to write to stderr at this point.
2014-12-12 DohEelco Dolstra2-3/+3
2014-12-12 Remove tabsEelco Dolstra1-5/+5
2014-12-12 Remove dead codeEelco Dolstra1-9/+0
2014-12-12 Remove canary stuffEelco Dolstra4-58/+0
2014-12-10 Provide default pagersEelco Dolstra1-3/+8
Borrowed from systemd.
2014-12-10 Don't do vfork in conjunction with setuidEelco Dolstra2-0/+5
2014-12-10 Use vforkEelco Dolstra3-11/+39
2014-12-10 Rename functionEelco Dolstra1-4/+4
2014-12-10 Don't wait for PID -1Eelco Dolstra1-1/+2
The pid field can be -1 if forking the substituter process failed.
2014-12-10 Revert "Use posix_spawn to run the pager"Eelco Dolstra3-39/+10
This reverts commit d34d2b2bbf784c0bb420a50905af25e02c6e4989.
2014-12-10 builtins.readFile: realise context associated with the pathShea Levy1-2/+6
2014-12-09 Explicitly include required C headersMarko Durkovic5-0/+5
2014-12-05 Define ‘environ’Eelco Dolstra1-0/+2
http://hydra.nixos.org/build/17690555
2014-12-05 Use posix_spawn to run the pagerEelco Dolstra3-10/+39
In low memory environments, "nix-env -qa" failed because the fork to run the pager hit the kernel's overcommit limits. Using posix_spawn gets around this. (Actually, you have to use posix_spawn with the undocumented POSIX_SPAWN_USEVFORK flag, otherwise it just uses fork/exec...)
2014-12-02 Make all ExternalValueBase functions constShea Levy4-15/+15
2014-12-02 Allow external code using libnixexpr to add typesShea Levy5-0/+108
Code that links to libnixexpr (e.g. plugins loaded with importNative, or nix-exec) may want to provide custom value types and operations on values of those types. For example, nix-exec is currently using sets where a custom IO value type would be more appropriate. This commit provides a generic hook for such types in the form of tExternal and the ExternalBase virtual class, which contains all functions necessary for libnixexpr's type-polymorphic functions (e.g. `showType`) to be implemented.
2014-11-25 Add a primop for regular expression pattern matchingEelco Dolstra3-5/+57
The function ‘builtins.match’ takes a POSIX extended regular expression and an arbitrary string. It returns ‘null’ if the string does not match the regular expression. Otherwise, it returns a list containing substring matches corresponding to parenthesis groups in the regex. The regex must match the entire string (i.e. there is an implied "^<pat>$" around the regex). For example: match "foo" "foobar" => null match "foo" "foo" => [] match "f(o+)(.*)" "foooobar" => ["oooo" "bar"] match "(.*/)?([^/]*)" "/dir/file.nix" => ["/dir/" "file.nix"] match "(.*/)?([^/]*)" "file.nix" => [null "file.nix"] The following example finds all regular files with extension .nix or .patch underneath the current directory: let findFiles = pat: dir: concatLists (mapAttrsToList (name: type: if type == "directory" then findFiles pat (dir + "/" + name) else if type == "regular" && match pat name != null then [(dir + "/" + name)] else []) (readDir dir)); in findFiles ".*\\.(nix|patch)" (toString ./.)
2014-11-25 forceString(): Accept pos argumentEelco Dolstra3-5/+5
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-06T16·44+0000