Age | Commit message (Collapse) | Author | Files | Lines |
|
Typical usage is to check local paths using the signatures from a
binary cache:
$ nix verify-paths -r /run/current-system -s https://cache.nixos.org
path ‘/nix/store/c1k4zqfb74wba5sn4yflb044gvap0x6k-nixos-system-mandark-16.03.git.fc2d7a5M’ is untrusted
...
checked 844 paths, 119 untrusted
|
|
|
|
|
|
The flag remembering whether an Interrupted exception was thrown is
now thread-local. Thus, all threads will (eventually) throw
Interrupted. Previously, one thread would throw Interrupted, and then
the other threads wouldn't see that they were supposed to quit.
|
|
Like "nix-store --verify --check-contents", but with the same
advantages as "nix verify-paths".
|
|
Unlike "nix-store --verify-path", this command verifies signatures in
addition to store path contents, is multi-threaded (especially useful
when verifying binary caches), and has a progress indicator.
Example use:
$ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird)
...
[17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’
|
|
Otherwise writing to std::cerr is not thread-safe (in particular,
lines will be randomly duplicated).
|
|
|
|
|
|
|
|
Doing a chdir() is a bad idea in multi-threaded programs, leading to
failures such as
error: cannot connect to daemon at ‘/nix/var/nix/daemon-socket/socket’: No such file or directory
Since Linux doesn't have a connectat() syscall like FreeBSD, there is
no way we can support this in a race-free way.
|
|
Closes https://github.com/NixOS/hydra/pull/286.
|
|
|
|
This allows queryPathInfo() to return signatures.
|
|
This is a bit user-friendlier than using $NIX_REMOTE.
|
|
This allows applying nix-store --verify-path to binary cache stores:
NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7...
|
|
|
|
http://hydra.nixos.org/build/33279996
|
|
http://hydra.nixos.org/build/33279570
|
|
http://hydra.nixos.org/build/33073389
|
|
If a path is in the .narinfo cache, obviously it's valid.
|
|
Propagate path context via builtins.readFile
|
|
|
|
The public key can be derived from the secret key, so there's no need
for the user to supply it separately.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Allowing stuff like
NIX_REMOTE=https://cache.nixos.org nix-store -qR /nix/store/x1p1gl3a4kkz5ci0nfbayjqlqmczp1kq-geeqie-1.1
or
NIX_REMOTE=https://cache.nixos.org nix-store --export /nix/store/x1p1gl3a4kkz5ci0nfbayjqlqmczp1kq-geeqie-1.1 | nix-store --import
|
|
|
|
This for instance allows hydra-queue-runner to add the S3 backend
at runtime.
|
|
The st_size field of a symlink doesn't have to be correct, e.g. for
/dev/fd symlinks.
|
|
|
|
|
|
This enables an optimisation in hydra-queue-runner, preventing a
download of a NAR it just uploaded to the cache when reading files
like hydra-build-products.
|
|
Allowing stuff like
NIX_REMOTE=https://cache.nixos.org nix-store -qR /nix/store/x1p1gl3a4kkz5ci0nfbayjqlqmczp1kq-geeqie-1.1
or
NIX_REMOTE=https://cache.nixos.org nix-store --export /nix/store/x1p1gl3a4kkz5ci0nfbayjqlqmczp1kq-geeqie-1.1 | nix-store --import
|
|
|
|
This for instance allows hydra-queue-runner to add the S3 backend
at runtime.
|
|
The st_size field of a symlink doesn't have to be correct, e.g. for
/dev/fd symlinks.
|
|
|
|
|
|
This enables an optimisation in hydra-queue-runner, preventing a
download of a NAR it just uploaded to the cache when reading files
like hydra-build-products.
|
|
For example,
$ NIX_REMOTE=file:///my-cache nix ls-store -lR /nix/store/f4kbgl8shhyy76rkk3nbxr0lz8d2ip7q-binutils-2.23.1
dr-xr-xr-x 0 ./bin
-r-xr-xr-x 30748 ./bin/addr2line
-r-xr-xr-x 66973 ./bin/ar
...
Similarly, "nix ls-nar" lists the contents of a NAR file, "nix
cat-nar" extracts a file from a NAR file, and "nix cat-store" extract
a file from a Nix store.
|
|
|
|
This is primary to allow hydra-queue-runner to extract files like
"nix-support/hydra-build-products" from NARs in binary caches.
|
|
|