about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2017-07-07 Merge pull request #1445 from matthewbauer/macos-skip-hardlinkEelco Dolstra1-0/+14
Don’t hardlink disallowed paths in OS X.
2017-07-06 Don’t hardlink disallowed paths in OS X.Matthew Bauer1-0/+14
Fixes #1443
2017-07-04 Add X32 to the seccomp filterEelco Dolstra1-0/+4
Fixes #1432.
2017-07-04 Sort substituters by priorityEelco Dolstra3-0/+11
Fixes #1438.
2017-07-04 getDefaultSubstituters(): Simplify initialisationEelco Dolstra1-20/+14
As shlevy pointed out, static variables in C++11 have thread-safe initialisation.
2017-07-04 Add allow-new-privileges optionEelco Dolstra2-0/+9
This allows builds to call setuid binaries. This was previously possible until we started using seccomp. Turns out that seccomp by default disallows processes from acquiring new privileges. Generally, any use of setuid binaries (except those created by the builder itself) is by definition impure, but some people were relying on this ability for certain tests. Example: $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines: cannot raise the capability into the Ambient set : Operation not permitted $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms Fixes #1429.
2017-07-04 Fix handling of expression installables with a / in themEelco Dolstra1-4/+4
2017-07-04 Support base-64 hashesEelco Dolstra20-199/+180
Also simplify the Hash API. Fixes #1437.
2017-07-03 nix-shell: Respect --dry-runEelco Dolstra1-0/+2
Fixes #824.
2017-07-03 Replace a few bool flags with enumsEelco Dolstra22-141/+138
Functions like copyClosure() had 3 bool arguments, which creates a severe risk of mixing up arguments. Also, implement copyClosure() using copyPaths().
2017-07-03 processGraph(): Call getEdges in parallelEelco Dolstra1-28/+47
2017-06-20 Call SetDllDirectory("") after sqlite3 init on cygwinDavid McFarland1-0/+14
Cygwin sqlite3 is patched to call SetDllDirectory("/usr/bin") on init, which affects the current process and is inherited by child processes. It causes DLLs to be loaded from /usr/bin/ before $PATH, which breaks all sorts of things. A typical failures would be header/lib version mismatches (e.g. openssl when running checkPhase on openssh). We'll just set it back to the default value. Note that this is a problem with the cygwin version of sqlite3 (currently 3.18.0). nixpkgs doesn't have the problematic patch.
2017-06-20 Restore thunks on any exceptionEelco Dolstra1-1/+1
There's no reason to restrict this to Error exceptions. This shouldn't matter to #1407 since the repl doesn't catch non-Error exceptions anyway, but you never know...
2017-06-19 Disable use of virtual hosting in aws-sdk-cppEelco Dolstra1-1/+1
Recently aws-sdk-cpp quietly switched to using S3 virtual host URIs (https://github.com/aws/aws-sdk-cpp/commit/69d9c53882), i.e. it sends requests to http://<bucket>.<region>.s3.amazonaws.com rather than http://<region>.s3.amazonaws.com/<bucket>. However this interacts badly with curl connection reuse. For example, if we do the following: 1) Check whether a bucket exists using GetBucketLocation. 2) If it doesn't, create it using CreateBucket. 3) Do operations on the bucket. then 3) will fail for a minute or so with a NoSuchBucket exception, presumably because the server being hit is a fallback for cases when buckets don't exist. Disabling the use of virtual hosts ensures that 3) succeeds immediately. (I don't know what S3's consistency guarantees are for bucket creation, but in practice buckets appear to be available immediately.)
2017-06-19 Support creating S3 caches in other regions than us-east-1Eelco Dolstra1-4/+10
2017-06-19 Handle S3Errors::RESOURCE_NOT_FOUND from aws-sdk-cppEelco Dolstra1-2/+4
This is returned by recent versions. Also handle NO_SUCH_KEY even though the library doesn't actually return that at the moment.
2017-06-19 Suppress "will retry in N ms" for non-retriable errorsEelco Dolstra1-5/+6
Newer versions of aws-sdk-cpp call CalculateDelayBeforeNextRetry() even for non-retriable errors (like NoSuchKey) whih causes log spam in hydra-queue-runner.
2017-06-19 Show aws-sdk-cpp log messagesEelco Dolstra1-0/+22
2017-06-19 macOS: Ugly hack to make the tests succeedEelco Dolstra1-3/+2
Sandboxes cannot be nested, so if Nix's build runs inside a sandbox, it cannot use a sandbox itself. I don't see a clean way to detect whether we're in a sandbox, so use a test-specific hack. https://github.com/NixOS/nix/issues/1413
2017-06-19 macOS: Remove flagsEelco Dolstra1-0/+10
In particular, UF_IMMUTABLE (uchg) needs to be cleared to allow the path to be garbage-collected or optimised. See https://github.com/NixOS/nixpkgs/issues/25819. + the file from being garbage-collected.
2017-06-14 Remove redundant debug lineEelco Dolstra1-2/+0
2017-06-14 canonicalisePathMetaData(): Ignore security.selinux attributeEelco Dolstra1-2/+6
Untested, hopefully fixes #1406.
2017-06-12 Suppress spurious "killing process N: Operation not permitted" on macOSEelco Dolstra1-2/+9
2017-06-12 On macOS, don't use /var/folders for TMPDIREelco Dolstra1-0/+8
This broke "nix-store --serve".
2017-06-12 Provide a builtin default for $NIX_SSL_CERT_FILEEelco Dolstra2-4/+13
This is mostly to ensure that when Nix is started on macOS via a launchd service or sshd (for a remote build), it gets a certificate bundle.
2017-06-12 Don't run pre-build-hook if we don't have a derivationEelco Dolstra1-1/+1
This fixes a build failure on OS X when using Hydra or Nix 1.12's build-remote (since they don't copy the derivation to the build machine).
2017-06-07 Don't show flags from config settings in "nix --help"Eelco Dolstra9-54/+140
2017-06-07 nix: Add --help-config flagEelco Dolstra3-2/+30
2017-06-07 nix: Make all options available as flagsEelco Dolstra4-0/+40
Thus, instead of ‘--option <name> <value>’, you can write ‘--<name> <value>’. So --option http-connections 100 becomes --http-connections 100 Apart from brevity, the difference is that it's not an error to set a non-existent option via --option, but unrecognized arguments are fatal. Boolean options have special treatment: they're mapped to the argument-less flags ‘--<name>’ and ‘--no-<name>’. E.g. --option auto-optimise-store false becomes --no-auto-optimise-store
2017-06-06 Disable the build user mechanism on all platforms except Linux and OS XEelco Dolstra1-0/+6
2017-06-06 Always use the Darwin sandboxEelco Dolstra4-83/+98
Even with "build-use-sandbox = false", we now use sandboxing with a permissive profile that allows everything except the creation of setuid/setgid binaries.
2017-05-31 Remove listxattr assertionEelco Dolstra1-2/+0
It appears that sometimes, listxattr() returns a different value for the query case (i.e. when the buffer size is 0).
2017-05-31 OS X sandbox: Improve builtin sandbox profileEelco Dolstra4-59/+76
Also, add rules to allow fixed-output derivations to access the network. These rules are sufficient to build stdenvDarwin without any __sandboxProfile magic.
2017-05-31 resolve-system-dependencies: Misc fixesEelco Dolstra1-22/+20
This fixes Could not find any mach64 blobs in file ‘/usr/lib/libSystem.B.dylib’, continuing...
2017-05-31 resolve-system-dependencies: SimplifyEelco Dolstra1-10/+1
2017-05-31 OS X sandbox: Don't use a deterministic $TMPDIREelco Dolstra1-3/+0
This doesn't work because the OS X sandbox cannot bind-mount path to a different location.
2017-05-31 OS X sandbox: Store .sb file in $TMPDIR rather than the Nix storeEelco Dolstra1-4/+1
The filename used was not unique and owned by the build user, so builds could fail with error: while setting up the build environment: cannot unlink ‘/nix/store/99i210ihnsjacajaw8r33fmgjvzpg6nr-bison-3.0.4.drv.sb’: Permission denied
2017-05-30 resolve-system-dependencies: Fix another segfaultEelco Dolstra1-0/+5
runResolver() was barfing on directories like /System/Library/Frameworks/Security.framework/Versions/Current/PlugIns. It should probably do something sophisticated for frameworks, but let's ignore them for now.
2017-05-30 Darwin sandbox: Use sandbox-defaults.sbEelco Dolstra4-14/+17
Issue #759. Also, remove nix.conf from the sandbox since I don't really see a legitimate reason for builders to access the Nix configuration.
2017-05-30 Darwin sandbox: Disallow creating setuid/setgid binariesEelco Dolstra1-0/+4
Suggested by Daiderd Jordan.
2017-05-30 resolve-system-dependencies: Several fixesEelco Dolstra1-53/+65
This fixes error: getting attributes of path ‘Versions/Current/CoreFoundation’: No such file or directory when /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation is a symlink. Also fixes a segfault when encounting a file that is not a MACH binary (such as /dev/null, which is included in __impureHostDeps in Nixpkgs). Possibly fixes #786.
2017-05-30 Fix seccomp build failure on clangEelco Dolstra1-3/+3
Fixes src/libstore/build.cc:2321:45: error: non-constant-expression cannot be narrowed from type 'int' to 'scmp_datum_t' (aka 'unsigned long') in initializer list [-Wc++11-narrowing]
2017-05-30 Shut up some clang warningsEelco Dolstra1-7/+7
2017-05-30 Add a seccomp rule to disallow setxattr()Eelco Dolstra1-1/+9
2017-05-30 canonicalisePathMetaData(): Remove extended attributes / ACLsEelco Dolstra1-0/+22
EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an ACL allows a builder to create writable files in the Nix store. So get rid of them. Closes #185.
2017-05-30 Require seccomp only in multi-user setupsEelco Dolstra1-1/+5
2017-05-29 Fix seccomp initialisation on i686-linuxEelco Dolstra1-1/+2
2017-05-29 Add a seccomp filter to prevent creating setuid/setgid binariesEelco Dolstra2-0/+43
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann.
2017-05-29 Fix nix-copy-closure testEelco Dolstra1-0/+1
Fixes client# error: size mismatch importing path ‘/nix/store/ywf5fihjlxwijm6ygh6s0a353b5yvq4d-libidn2-0.16’; expected 0, got 120264 This is mostly an artifact of the NixOS VM test environment, where the Nix database doesn't contain hashes/sizes. http://hydra.nixos.org/build/53537471
2017-05-29 Fix build failure on Debian/UbuntuEelco Dolstra3-2/+2
http://hydra.nixos.org/build/53537463