about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2016-04-07 nix verify-paths: Add ‘--sigs-needed <N>’ flagEelco Dolstra3-16/+41
This specifies the number of distinct signatures required to consider each path "trusted". Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables verifying whether a path is trusted (since a path can also be trusted if it has no signatures, but was built locally).
2016-04-07 Use secret-key-files for verifyingEelco Dolstra1-1/+14
2016-04-07 Sign locally-built pathsEelco Dolstra3-1/+24
Locally-built paths are now signed automatically using the secret keys specified by the ‘secret-key-files’ option.
2016-04-06 Fix "tar: This does not look like a tar archive" with fetchTarball / -I http://Eelco Dolstra1-2/+1
The 304 Not Modified was not handled correctly, so the empty result from the conditional request would overwrite the previous tarball.
2016-04-05 Add "nix sign-paths" commandEelco Dolstra2-1/+52
E.g. $ nix sign-paths -k ./secret -r $(type -p geeqie) signs geeqie and all its dependencies using the key in ./secret.
2016-04-05 Add "nix copy-sigs" commandEelco Dolstra9-3/+185
This imports signatures from one store into another. E.g. $ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/ imported 595 signatures
2016-04-05 Probably fix SQLITE_BUSY errorsEelco Dolstra2-0/+7
2016-04-04 throwSQLiteError(): Check for SIGINT so we don't loop foreverEelco Dolstra1-0/+1
2016-03-31 Add missing -pthreadEelco Dolstra1-1/+1
https://hydra.nixos.org/build/33908385
2016-03-30 LocalStore: Keep track of ultimately trusted pathsEelco Dolstra7-12/+51
These are content-addressed paths or outputs of locally performed builds. They are trusted even if they don't have signatures, so "nix verify-paths" won't complain about them.
2016-03-30 Improve the SQLite wrapper APIEelco Dolstra5-224/+157
In particular, this eliminates a bunch of boilerplate code.
2016-03-30 Factour out SQLite handlingEelco Dolstra4-204/+224
2016-03-30 Turn retrying SQLite transactions into a higher-order functionEelco Dolstra1-33/+42
2016-03-30 nix verify: Support checking against signatures in other storesEelco Dolstra1-2/+33
Typical usage is to check local paths using the signatures from a binary cache: $ nix verify-paths -r /run/current-system -s https://cache.nixos.org path ‘/nix/store/c1k4zqfb74wba5sn4yflb044gvap0x6k-nixos-system-mandark-16.03.git.fc2d7a5M’ is untrusted ... checked 844 paths, 119 untrusted
2016-03-30 HttpBinaryCacheStore: Treat 403 errors as 404Eelco Dolstra1-1/+3
2016-03-30 CurlDownloader: Fix HTTP error processingEelco Dolstra1-1/+0
2016-03-29 Improve SIGINT handling in multi-threaded programsEelco Dolstra4-14/+12
The flag remembering whether an Interrupted exception was thrown is now thread-local. Thus, all threads will (eventually) throw Interrupted. Previously, one thread would throw Interrupted, and then the other threads wouldn't see that they were supposed to quit.
2016-03-29 Add "nix verify-store" commandEelco Dolstra1-13/+53
Like "nix-store --verify --check-contents", but with the same advantages as "nix verify-paths".
2016-03-29 Add "nix verify-paths" commandEelco Dolstra11-2/+432
Unlike "nix-store --verify-path", this command verifies signatures in addition to store path contents, is multi-threaded (especially useful when verifying binary caches), and has a progress indicator. Example use: $ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird) ... [17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’
2016-03-29 Re-enable sync_with_stdioEelco Dolstra1-3/+0
Otherwise writing to std::cerr is not thread-safe (in particular, lines will be randomly duplicated).
2016-03-24 Move signature support from NarInfo to ValidPathInfoEelco Dolstra4-39/+43
2016-03-24 TyposEelco Dolstra1-2/+2
2016-03-24 HttpBinaryCacheStore: Make thread-safeEelco Dolstra1-2/+6
2016-03-23 Drop support for daemon socket path >= 108 charactersEelco Dolstra1-15/+3
Doing a chdir() is a bad idea in multi-threaded programs, leading to failures such as error: cannot connect to daemon at ‘/nix/var/nix/daemon-socket/socket’: No such file or directory Since Linux doesn't have a connectat() syscall like FreeBSD, there is no way we can support this in a race-free way.
2016-03-23 LocalStoreAccessor::stat: Handle ENOTDIREelco Dolstra1-1/+1
Closes https://github.com/NixOS/hydra/pull/286.
2016-03-22 Don't overload dumpPath()Eelco Dolstra7-11/+13
2016-03-21 Move signatures from NarInfo to ValidPathInfoEelco Dolstra4-11/+21
This allows queryPathInfo() to return signatures.
2016-03-21 nix: Add --store flagEelco Dolstra2-4/+10
This is a bit user-friendlier than using $NIX_REMOTE.
2016-03-21 Add Store::dumpPath() methodEelco Dolstra7-7/+29
This allows applying nix-store --verify-path to binary cache stores: NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7...
2016-03-21 Drop support for upgrading from Nix <= 0.12Eelco Dolstra1-84/+7
2016-03-15 Fix Darwin buildEelco Dolstra6-4/+8
http://hydra.nixos.org/build/33279996
2016-03-14 Fix another mismatched tagEelco Dolstra1-1/+1
http://hydra.nixos.org/build/33279570
2016-03-14 Fix build on clang due to -Wmismatched-tagsEelco Dolstra1-1/+2
http://hydra.nixos.org/build/33073389
2016-03-14 BinaryCacheStore::isValidPath(): Use .narinfo cacheEelco Dolstra1-0/+9
If a path is in the .narinfo cache, obviously it's valid.
2016-03-10 Merge pull request #834 from abbradar/masterEelco Dolstra1-1/+1
Propagate path context via builtins.readFile
2016-03-04 Add option binary-cache-secret-key-file for signing binary cachesEelco Dolstra2-2/+4
2016-03-04 BinaryCacheStore: Remove publicKeyFile argumentEelco Dolstra7-25/+39
The public key can be derived from the secret key, so there's no need for the user to supply it separately.
2016-03-04 Eliminate some large string copyingEelco Dolstra5-23/+25
2016-03-04 Add warning about "nix" being experimentalEelco Dolstra1-0/+1
2016-03-04 Merge branch 'new-cli'Eelco Dolstra24-157/+1284
2016-03-04 Propagate path context via builtins.readFileNikolay Amiantov1-1/+1
2016-03-03 Add file missing from 201b48de60751979835037a4b4f78128ba3fb7b3Eelco Dolstra1-0/+76
2016-03-03 build.cc: fs.h doesn't appear to be necessary anymoreNathan Zadoks1-1/+0
2016-03-02 Provide function required by HydraEelco Dolstra2-3/+16
2016-03-02 Force stack trace for boost format errorsEelco Dolstra1-5/+5
2016-03-02 Add an HTTP binary cache storeEelco Dolstra7-59/+100
Allowing stuff like NIX_REMOTE=https://cache.nixos.org nix-store -qR /nix/store/x1p1gl3a4kkz5ci0nfbayjqlqmczp1kq-geeqie-1.1 or NIX_REMOTE=https://cache.nixos.org nix-store --export /nix/store/x1p1gl3a4kkz5ci0nfbayjqlqmczp1kq-geeqie-1.1 | nix-store --import
2016-03-02 Eliminate local-binary-cache-store.hhEelco Dolstra2-32/+25
2016-03-02 Make store implementations pluggableEelco Dolstra3-19/+50
This for instance allows hydra-queue-runner to add the S3 backend at runtime.
2016-03-02 Fix reading symlinksEelco Dolstra1-1/+1
The st_size field of a symlink doesn't have to be correct, e.g. for /dev/fd symlinks.
2016-03-02 Remove bad assertionEelco Dolstra1-1/+0