about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2006-12-04 * Install the worker in bindir, not libexecdir.Eelco Dolstra6-2/+11
* Allow the worker path to be overriden through the NIX_WORKER environment variable.
2006-12-03 * Doh.Eelco Dolstra2-1/+4
2006-12-03 * Don't run setuid root when build-users is empty.Eelco Dolstra3-26/+51
* Send startup errors to the client.
2006-12-03 * Removed `build-allow-root'.Eelco Dolstra4-21/+34
* Added `build-users-group', the group under which builds are to be performed. * Check that /nix/store has 1775 permission and is owner by the build-users-group.
2006-12-03 * Use setreuid if setresuid is not available.Eelco Dolstra1-6/+12
2006-12-03 * Handle a subtle race condition: the client closing the socketEelco Dolstra1-2/+30
between the last worker read/write and the enabling of the signal handler.
2006-12-03 * Some hardcore magic to handle asynchronous client disconnects.Eelco Dolstra1-1/+37
The problem is that when we kill the client while the worker is building, and the builder is not writing anything to stderr, then the worker never notice that the socket is closed on the other side, so it just continues indefinitely. The solution is to catch SIGIO, which is sent when the far side of the socket closes, and simulate an normal interruption. Of course, SIGIO is also sent every time the client sends data over the socket, so we only enable the signal handler when we're not expecting any data...
2006-12-03 * Use a Unix domain socket instead of pipes.Eelco Dolstra2-15/+18
2006-12-03 * Better error message if the worker doesn't start.Eelco Dolstra1-4/+8
2006-12-03 * Pid::kill() should be interruptable.Eelco Dolstra1-1/+3
2006-12-03 * Some hackery to propagate the worker's stderr and exceptions to theEelco Dolstra7-104/+206
client.
2006-12-03 * Run the worker in a separate session to prevent terminal signalsEelco Dolstra1-0/+6
from interfering.
2006-12-02 * Move addTempRoot() to the store API, and add another functionEelco Dolstra11-17/+81
syncWithGC() to allow clients to register GC roots without needing write access to the global roots directory or the GC lock.
2006-12-02 * Doh.Eelco Dolstra1-1/+1
2006-12-02 * Remove most of the old setuid code.Eelco Dolstra3-138/+57
* Much simpler setuid code for the worker in slave mode.
2006-12-02 * Remove SwitchToOriginalUser, we're not going to need it anymore.Eelco Dolstra8-63/+4
2006-12-02 * Remove queryPathHash().Eelco Dolstra4-2/+32
* Help for nix-worker.
2006-12-01 * Replace read-only calls to addTextToStore.Eelco Dolstra2-3/+9
2006-12-01 * Merge addToStore and addToStoreFixed.Eelco Dolstra11-96/+40
* addToStore now adds unconditionally, it doesn't use readOnlyMode. Read-only operation is up to the caller (who can call computeStorePathForPath).
2006-12-01 * Right name.Eelco Dolstra1-2/+2
2006-12-01 * More operations.Eelco Dolstra5-33/+116
* addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-11-30 * More remote operations.Eelco Dolstra12-46/+138
* Added new operation hasSubstitutes(), which is more efficient than querySubstitutes().size() > 0.
2006-11-30 * Doh.Eelco Dolstra1-1/+1
2006-11-30 * More operations.Eelco Dolstra3-9/+50
2006-11-30 * First remote operation: isValidPath().Eelco Dolstra4-7/+63
2006-11-30 * When NIX_REMOTE is set to "slave", fork off nix-worker in slaveEelco Dolstra5-24/+87
mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure.
2006-11-30 * Skeleton of the privileged worker program.Eelco Dolstra11-126/+254
* Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation.
2006-11-30 * Oops.Eelco Dolstra2-0/+135
2006-11-30 * Skeleton of remote store implementation.Eelco Dolstra4-6/+14
2006-11-30 * Put building in the store API.Eelco Dolstra11-48/+31
2006-11-30 * Refactoring. There is now an abstract interface class StoreAPIEelco Dolstra17-338/+458
containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-29 * Don't spam.Eelco Dolstra1-0/+2
2006-11-29 * Example script to set permissions for setuid operation.Roy van den Broek1-1/+1
2006-11-29 * Remove --enable-setuid, --with-nix-user and --with-nix-group.Eelco Dolstra2-36/+46
Rather, setuid support is now always compiled in (at least on platforms that have the setresuid system call, e.g., Linux and FreeBSD), but it must enabled by chowning/chmodding the Nix binaries.
2006-11-24 * Doh! Path sizes need to be computed recursively of course.Eelco Dolstra3-6/+28
(NIX-70)
2006-11-24 * Dead files.Eelco Dolstra2-12/+0
2006-11-18 * Turn off synchronisation between C and C++ I/O functions. ThisEelco Dolstra2-1/+3
gives a huge speedup in operations that read or write from standard input/output. (So libstdc++'s I/O isn't that bad, you just have to call std::ios::sync_with_stdio(false).) For instance, `nix-store --register-substitutes' went from 1.4 seconds to 0.1 seconds on a certain input. Another victory for Valgrind.
2006-11-13 * Remove the undocumented `noscan' feature. It's no longer necessaryEelco Dolstra1-15/+12
now that reference scanning is sufficiently streamy.
2006-11-13 * Magic attribute `exportReferencesGraph' that allows the referencesEelco Dolstra2-20/+60
graph to be passed to a builder. This attribute should be a list of pairs [name1 path1 name2 path2 ...]. The references graph of each `pathN' will be stored in a text file `nameN' in the temporary build directory. The text files have the format used by `nix-store --register-validity'. However, the deriver fields are left empty. `exportReferencesGraph' is useful for builders that want to do something with the closure of a store path. Examples: the builders that make initrds and ISO images for NixOS. `exportReferencesGraph' is entirely pure. It's necessary because otherwise the only way for a builder to get this information would be to call `nix-store' directly, which is not allowed (though unfortunately possible).
2006-11-13 * Option `--reregister' in `nix-store --register-validity'. We needEelco Dolstra1-8/+18
this in the NixOS installer (or in the buildfarm) to ensure that the cryptographic hash of the path contents still matches the actual contents.
2006-11-03 * Fix importing of derivation outputs.Eelco Dolstra1-2/+9
2006-10-30 * readFile: don't overflow the stack on large files.Eelco Dolstra1-1/+15
2006-10-28 * `nix-store --read-log / -l PATH' shows the build log of PATH, ifEelco Dolstra4-4/+43
available. For instance, $ nix-store -l $(which svn) | less lets you read the build log of the Subversion instance in your profile. * `nix-store -qb': if applied to a non-derivation, take the deriver.
2006-10-23 * Some better error messages.Eelco Dolstra2-5/+12
2006-10-19 * Better message.Eelco Dolstra1-1/+1
2006-10-19 * toFile: maintain the references.Eelco Dolstra1-10/+4
2006-10-19 * Special derivation attribute `allowedReferences' that causes Nix toEelco Dolstra1-0/+31
check that the references of the output of a derivation are in the specified set. For instance, allowedReferences = []; specifies that the output cannot have any references. (This is useful, for instance, for the generation of bootstrap binaries for stdenv-linux, which must not have any references for purity). It could also be used to guard against undesired runtime dependencies, e.g., {gcc, dynlib}: derivation { ... allowedReferences = [dynlib]; } says that the output can refer to the path of `dynlib' but not `gcc'. A `forbiddedReferences' attribute would be more useful for this, though.
2006-10-17 * Backwards compatibility hack for user environments made by Nix <= 0.10.Eelco Dolstra1-0/+7
2006-10-17 * Backwards compatibility with old user environment manifests.Eelco Dolstra2-4/+8
2006-10-17 * Print out the offending path.Eelco Dolstra1-2/+3