about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2017-05-30 resolve-system-dependencies: Several fixesEelco Dolstra1-53/+65
This fixes error: getting attributes of path ‘Versions/Current/CoreFoundation’: No such file or directory when /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation is a symlink. Also fixes a segfault when encounting a file that is not a MACH binary (such as /dev/null, which is included in __impureHostDeps in Nixpkgs). Possibly fixes #786.
2017-05-30 Fix seccomp build failure on clangEelco Dolstra1-3/+3
Fixes src/libstore/build.cc:2321:45: error: non-constant-expression cannot be narrowed from type 'int' to 'scmp_datum_t' (aka 'unsigned long') in initializer list [-Wc++11-narrowing]
2017-05-30 Shut up some clang warningsEelco Dolstra1-7/+7
2017-05-30 Add a seccomp rule to disallow setxattr()Eelco Dolstra1-1/+9
2017-05-30 canonicalisePathMetaData(): Remove extended attributes / ACLsEelco Dolstra1-0/+22
EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an ACL allows a builder to create writable files in the Nix store. So get rid of them. Closes #185.
2017-05-30 Require seccomp only in multi-user setupsEelco Dolstra1-1/+5
2017-05-29 Fix seccomp initialisation on i686-linuxEelco Dolstra1-1/+2
2017-05-29 Add a seccomp filter to prevent creating setuid/setgid binariesEelco Dolstra2-0/+43
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann.
2017-05-29 Fix nix-copy-closure testEelco Dolstra1-0/+1
Fixes client# error: size mismatch importing path ‘/nix/store/ywf5fihjlxwijm6ygh6s0a353b5yvq4d-libidn2-0.16’; expected 0, got 120264 This is mostly an artifact of the NixOS VM test environment, where the Nix database doesn't contain hashes/sizes. http://hydra.nixos.org/build/53537471
2017-05-29 Fix build failure on Debian/UbuntuEelco Dolstra3-2/+2
http://hydra.nixos.org/build/53537463
2017-05-29 Fix typoEelco Dolstra1-1/+1
2017-05-24 Fix #1314Eelco Dolstra1-1/+2
Also, make nix-shell respect --option. (Previously it only passed it along to nix-instantiate and nix-build.)
2017-05-24 Merge branch 'topic/cores-master' of https://github.com/neilmayhew/nixEelco Dolstra1-0/+1
2017-05-24 Fix #1380Eelco Dolstra1-1/+1
It lacked a backslash. Use a raw string and single quotes around PS1 to simplify this.
2017-05-24 Merge branch 'prompt-terminator' of https://github.com/lheckemann/nixEelco Dolstra1-1/+1
2017-05-24 Merge branch 'nar-accessor-tree' of https://github.com/bennofs/nixEelco Dolstra1-33/+75
2017-05-17 builtins.match: Improve error message for bad regular expressionEelco Dolstra1-16/+23
Issue #1331.
2017-05-16 Improve progress indicatorEelco Dolstra26-168/+339
2017-05-15 nar-accessor.cc: remove unused member NarIndexer::currentNameBenno Fünfstück1-2/+1
2017-05-15 nar-accessor: non-recursive NarMember::findBenno Fünfstück1-21/+21
This avoids a possible stack overflow if directories are very deeply nested.
2017-05-15 Simplify fixed-output checkEelco Dolstra1-6/+2
2017-05-15 Disallow outputHash being null or an empty stringEelco Dolstra1-4/+5
Fixes #1384.
2017-05-15 Add --with-sandbox-shell configure flagEelco Dolstra2-3/+3
And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores.
2017-05-15 Linux sandbox: Don't barf on invalid pathsEelco Dolstra1-0/+1
This is useful when we're using a diverted store (e.g. "--store local?root=/tmp/nix") in conjunction with a statically-linked sh from the host store (e.g. "sandbox-paths =/bin/sh=/nix/store/.../bin/busybox").
2017-05-15 Make fmt() non-recursiveEelco Dolstra2-12/+7
2017-05-15 nix ls: support '/' for the root directoryBenno Fünfstück1-0/+4
2017-05-15 nar-accessor: use tree, fixes readDirectory missing childrenBenno Fünfstück1-33/+76
Previously, if a directory `foo` existed and a file `foo-` (where `-` is any character that is sorted before `/`), then `readDirectory` would return an empty list. To fix this, we now use a tree where we can just access the children of the node, and do not need to rely on sorting behavior to list the contents of a directory.
2017-05-11 Add an option for extending the user agent headerEelco Dolstra2-1/+6
This is useful e.g. for distinguishing traffic to a binary cache (e.g. certain machines can use a different tag in the user agent).
2017-05-11 Fix typoEelco Dolstra1-1/+1
2017-05-11 Tweak error messageEelco Dolstra1-1/+1
2017-05-11 Don't allow untrusted users to set info.ultimateEelco Dolstra1-0/+2
Note that a trusted signature was still required in this case so it was not a huge deal.
2017-05-11 Change the meaning of info.ultimateEelco Dolstra2-5/+2
It now means "paths that were built locally". It no longer includes paths that were added locally. For those we don't need info.ultimate, since we have the content-addressability assertion (info.ca).
2017-05-11 LocalStore::addToStore(): Check info.narSizeEelco Dolstra2-2/+7
It allowed the client to specify bogus narSize values. In particular, Downloader::downloadCached wasn't setting narSize at all.
2017-05-10 Replace readline by linenoiseEelco Dolstra5-110/+1360
Using linenoise avoids a license compatibility issue (#1356), is a lot smaller and doesn't pull in ncurses.
2017-05-10 nix-shell: use appropriate prompt terminatorLinus Heckemann1-1/+1
If running nix-shell as root, the terminator should be # and not $.
2017-05-08 Add "nix edit" commandEelco Dolstra1-0/+75
This is a little convenience command that opens the Nix expression of the specified package. For example, nix edit nixpkgs.perlPackages.Moose opens <nixpkgs/pkgs/top-level/perl-packages.nix> in $EDITOR (at the right line number for some editors). This requires the package to have a meta.position attribute.
2017-05-08 Minor cleanupEelco Dolstra1-11/+13
2017-05-08 Linux sandbox: Fix compatibility with older kernelsEelco Dolstra1-15/+23
2017-05-08 build-remote: Check remote build statusEelco Dolstra1-1/+4
2017-05-08 Remove superfluous #ifdefEelco Dolstra1-2/+0
2017-05-05 Make the location of the build directory in the sandbox configurableEelco Dolstra3-6/+6
This is mostly for use in the sandbox tests, since if the Nix store is under /build, then we can't use /build as the build directory.
2017-05-05 Figure out the user's home directory if $HOME is not setEelco Dolstra6-32/+84
2017-05-04 Linux sandbox: Use /build instead of /tmp as $TMPDIREelco Dolstra1-5/+15
There is a security issue when a build accidentally stores its $TMPDIR in some critical place, such as an RPATH. If TMPDIR=/tmp/nix-build-..., then any user on the system can recreate that directory and inject libraries into the RPATH of programs executed by other users. Since /build probably doesn't exist (or isn't world-writable), this mitigates the issue.
2017-05-04 nix dump-path: AddEelco Dolstra3-0/+55
This is primarily useful for extracting NARs from other stores (like binary caches), which "nix-store --dump" cannot do.
2017-05-03 Fix build on gcc 4.9Eelco Dolstra2-3/+6
http://hydra.nixos.org/build/52408843
2017-05-03 nix-shell: Implement passAsFileEelco Dolstra1-2/+15
2017-05-03 nix eval: Add a --raw flagEelco Dolstra1-1/+13
Similar to "jq -r", this prints the evaluation result (which must be a string value) unquoted.
2017-05-02 Fix "nix ... --all"Eelco Dolstra2-12/+16
When "--all" is used, we should not fill in a default installable.
2017-05-02 LocalStoreAccessor: Fix handling of diverted storesEelco Dolstra1-3/+4
2017-05-02 Replace $NIX_REMOTE_SYSTEMS with an option "builder-files"Eelco Dolstra4-14/+34
Also, to unify with hydra-queue-runner, allow it to be a list of files.