Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2015-02-19 | tilde paths: The rest of the string has to start with a slash anyway | Shea Levy | 1 | -1/+1 | |
2015-02-19 | tilde paths: construct the entire path at parse time | Shea Levy | 1 | -6/+1 | |
2015-02-19 | tilde paths: get HOME at parse time | Shea Levy | 1 | -3/+1 | |
2015-02-19 | ExprConcatStrings: canonicalize concatenated paths | Shea Levy | 1 | -1/+2 | |
2015-02-19 | Allow the leading component of a path to be a ~ | Shea Levy | 2 | -1/+11 | |
2015-02-18 | nix-store --generate-binary-cache-key: Write key to disk | Eelco Dolstra | 1 | -4/+8 | |
This ensures proper permissions for the secret key. | |||||
2015-02-17 | Use $<attr>Path instead of $<attr> for passAsFile | Eelco Dolstra | 1 | -1/+1 | |
2015-02-17 | Allow passing attributes via files instead of environment variables | Eelco Dolstra | 1 | -4/+16 | |
Closes #473. | |||||
2015-02-16 | Use pivot_root in addition to chroot when possible | Harald van Dijk | 1 | -7/+28 | |
chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use. | |||||
2015-02-10 | Make libsodium an optional dependency | Eelco Dolstra | 1 | -0/+6 | |
2015-02-10 | Add base64 encoder/decoder | Eelco Dolstra | 3 | -8/+66 | |
2015-02-05 | Remove tab | Eelco Dolstra | 1 | -1/+1 | |
2015-02-04 | Require linux 3.13 or later for chroot | Shea Levy | 1 | -1/+6 | |
Fixes #453 | |||||
2015-02-04 | Use libsodium instead of OpenSSL for binary cache signing | Eelco Dolstra | 4 | -10/+53 | |
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key. | |||||
2015-02-03 | Simplify parseHash32 | Eelco Dolstra | 1 | -37/+10 | |
2015-02-03 | Simplify printHash32 | Eelco Dolstra | 1 | -35/+17 | |
2015-01-29 | Merge remote-tracking branch 'shlevy/baseNameOf-no-copy' | Shea Levy | 1 | -1/+1 | |
baseNameOf: Don't copy paths to the store first | |||||
2015-01-18 | Make inputs writeable in the sandbox (builds still can’t actually write ↵ | Daniel Peebles | 1 | -2/+7 | |
due to user permissions) | |||||
2015-01-15 | Fix assertion failure in nix-env | Eelco Dolstra | 2 | -4/+8 | |
$ nix-env -f ~/Dev/nixops/ -iA foo nix-env: src/libexpr/eval.hh:57: void nix::Bindings::push_back(const nix::Attr&): Assertion `size_ < capacity' failed. Aborted | |||||
2015-01-13 | Allow using /bin and /usr/bin as impure prefixes on non-darwin by default | Shea Levy | 1 | -1/+1 | |
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh) | |||||
2015-01-13 | SysError -> Error | Eelco Dolstra | 1 | -1/+1 | |
2015-01-13 | Don't resolve symlinks while checking __impureHostDeps | Eelco Dolstra | 1 | -2/+5 | |
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix. | |||||
2015-01-12 | Add basic Apple sandbox support | Daniel Peebles | 1 | -17/+169 | |
2015-01-09 | Fix builtins.readDir on XFS | Eelco Dolstra | 1 | -1/+1 | |
The DT_UNKNOWN fallback code was getting the type of the wrong path, causing readDir to report "directory" as the type of every file. Reported by deepfire on IRC. | |||||
2015-01-08 | Doh^2 | Eelco Dolstra | 1 | -1/+1 | |
2015-01-08 | Doh | Eelco Dolstra | 1 | -3/+3 | |
2015-01-08 | Set /nix/store permission to 1737 | Eelco Dolstra | 2 | -19/+6 | |
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about). | |||||
2015-01-07 | Show position info for failing <...> lookups | Eelco Dolstra | 3 | -4/+8 | |
2015-01-07 | Remove quotes around filenames in position info | Eelco Dolstra | 1 | -1/+1 | |
2015-01-06 | Fix building on Darwin | Eelco Dolstra | 1 | -1/+4 | |
Fixes #433. | |||||
2015-01-02 | Allow $NIX_PAGER to override $PAGER | Eelco Dolstra | 1 | -4/+5 | |
2015-01-02 | libutil: Limit readLink() error to only overflows. | aszlig | 1 | -2/+2 | |
Let's not just improve the error message itself, but also the behaviour to actually work around the ntfs-3g symlink bug. If the readlink() call returns a smaller size than the stat() call, this really isn't a problem even if the symlink target really has changed between the calls. So if stat() reports the size for the absolute path, it's most likely that the relative path is smaller and thus it should also work for file system bugs as mentioned in 93002d69fc58c2b71e2dfad202139230c630c53a. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com> | |||||
2015-01-02 | libutil: Improve errmsg on readLink size mismatch. | aszlig | 1 | -1/+5 | |
A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com> | |||||
2014-12-29 | LocalStore initialization: Don't die if build-users-group doesn't exist | Shea Levy | 1 | -11/+12 | |
See NixOS/nixpkgs@9245516 | |||||
2014-12-23 | Revive running builds in a PID namespace | Eelco Dolstra | 1 | -30/+59 | |
2014-12-14 | Pedantry | Eelco Dolstra | 5 | -8/+4 | |
2014-12-14 | Merge branch 'cygwin-master' of https://github.com/ternaris/nix | Eelco Dolstra | 5 | -0/+5 | |
2014-12-13 | Better error message | Eelco Dolstra | 1 | -1/+1 | |
2014-12-12 | Silence some warnings on GCC 4.9 | Eelco Dolstra | 4 | -7/+12 | |
2014-12-12 | Shut up a Valgrind warning | Eelco Dolstra | 1 | -1/+1 | |
2014-12-12 | Fix some memory leaks | Eelco Dolstra | 3 | -35/+27 | |
2014-12-12 | Ensure we're writing to stderr in the builder | Eelco Dolstra | 6 | -19/+21 | |
http://hydra.nixos.org/build/17862041 | |||||
2014-12-12 | Don't abort if we get a signal while waiting for the pager | Eelco Dolstra | 1 | -4/+8 | |
2014-12-12 | Get rid of unnecessary "interrupted by the user" message with -vvv | Eelco Dolstra | 1 | -0/+2 | |
2014-12-12 | Remove chatty message | Eelco Dolstra | 1 | -2/+0 | |
This broke building with "-vv", because the builder is not allowed to write to stderr at this point. | |||||
2014-12-12 | Doh | Eelco Dolstra | 2 | -3/+3 | |
2014-12-12 | Remove tabs | Eelco Dolstra | 1 | -5/+5 | |
2014-12-12 | Remove dead code | Eelco Dolstra | 1 | -9/+0 | |
2014-12-12 | Remove canary stuff | Eelco Dolstra | 4 | -58/+0 | |
2014-12-10 | Provide default pagers | Eelco Dolstra | 1 | -3/+8 | |
Borrowed from systemd. |