about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2011-07-20 * Don't allow derivations with fixed and non-fixed outputs.Eelco Dolstra1-43/+38
2011-07-20 * Fix a huuuuge security hole in the Nix daemon. It didn't check thatEelco Dolstra9-81/+180
derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-18 * Support multiple outputs. A derivation can declare multiple outputsEelco Dolstra1-45/+84
by setting the ‘outputs’ attribute. For example: stdenv.mkDerivation { name = "aterm-2.5"; src = ...; outputs = [ "out" "tools" "dev" ]; configureFlags = "--bindir=$(tools)/bin --includedir=$(dev)/include"; } This derivation creates three outputs, named like this: /nix/store/gcnqgllbh01p3d448q8q6pzn2nc2gpyl-aterm-2.5 /nix/store/gjf1sgirwfnrlr0bdxyrwzpw2r304j02-aterm-2.5-tools /nix/store/hp6108bqfgxvza25nnxfs7kj88xi2vdx-aterm-2.5-dev That is, the symbolic name of the output is suffixed to the store path (except for the ‘out’ output). Each path is passed to the builder through the corresponding environment variable, e.g., ${tools}. The main reason for multiple outputs is to allow parts of a package to be distributed and garbage-collected separately. For instance, most packages depend on Glibc for its libraries, but don't need its header files. If these are separated into different store paths, then a package that depends on the Glibc libraries only causes the libraries and not the headers to be downloaded. The main problem with multiple outputs is that if one output exists while the others have been garbage-collected (or never downloaded in the first place), and we want to rebuild the other outputs, then this isn't possible because we can't clobber a valid output (it might be in active use). This currently gives an error message like: error: derivation `/nix/store/1s9zw4c8qydpjyrayxamx2z7zzp5pcgh-aterm-2.5.drv' is blocked by its output paths There are two solutions: 1) Do the build in a chroot. Then we don't need to overwrite the existing path. 2) Use hash rewriting (see the ASE-2005 paper). Scary but it should work. This is not finished yet. There is not yet an easy way to refer to non-default outputs in Nix expressions. Also, mutually recursive outputs aren't detected yet and cause the garbage collector to crash.
2011-07-13 * Allow attribute names to be strings. Based on theEelco Dolstra1-0/+2
allow-arbitrary-strinsg-in-names patch by Marc Weber.
2011-07-13 * Allow a default value in attribute selection by writingEelco Dolstra5-21/+43
x.y.z or default (as originally proposed in https://mail.cs.uu.nl/pipermail/nix-dev/2009-September/002989.html). For instance, an expression like stdenv.lib.attrByPath ["features" "ckSched"] false args can now be written as args.features.ckSched or false
2011-07-06 * Change the right-hand side of the ‘.’ operator from an attribute toEelco Dolstra4-18/+33
an attribute path. This is a refactoring to support default values.
2011-07-06 * In the ‘?’ operator, allow attribute paths. For instance, you canEelco Dolstra4-24/+47
write ‘attrs ? a.b’ to test whether ‘attrs’ has an attribute ‘a’ containing an attribute ‘b’. This is more convenient than ‘attrs ? a && attrs.a ? b’. Slight change in the semantics: it's no longer an error if the left-hand side of ‘?’ is not an attribute set. In that case it just returns false. So, ‘null ? foo’ no longer throws an error.
2011-06-30 Add support for the `build-timeout' and `--timeout' options.Ludovic Courtès4-4/+38
2011-04-19 * Handle error messages from the Nix worker containing the `%'Eelco Dolstra1-1/+1
character. (Nix/216)
2011-04-11 * `nix-env -ub' (`--prebuilt-only') didn't really work because itEelco Dolstra1-17/+20
checked too soon whether substitutes are available. That is, it did so for every available package, rather than those matching installed packages. This was very slow and subject to assertion failures. So do the check much later. Idem for `nix-env -qab' and `nix-env -ib'.
2011-02-10 * Don't allocate a big initial GC address space on machines withEelco Dolstra1-11/+24
little RAM. Even if the memory isn't actually used, it can cause problems with the overcommit heuristics in the kernel. So use a VM space of 25% of RAM, up to 384 MB.
2011-02-09 * Don't call GC_expand_hp unless we're actually using the garbageEelco Dolstra2-12/+18
collector.
2011-02-09 Use $BDW_GC_LIBS instead of a custom variable.Ludovic Courtès2-2/+2
2011-02-09 * Sync with the trunk.Eelco Dolstra1-2/+0
2011-02-05 * Clang compatibility fix. Clang actually checks template definitionsEelco Dolstra1-1/+1
when they are defined
2011-01-14 Remove useless <config.h> inclusion from public header.Ludovic Courtès1-2/+0
2011-01-14 * builtins.substring: if "start" is beyond the end of the string,Eelco Dolstra1-1/+1
return the empty string.
2010-12-17 * Do a short sleep after SQLITE_BUSY.Eelco Dolstra1-0/+11
2010-12-17 * Propagate the "100" exit status for failed builds through the NixEelco Dolstra3-5/+9
daemon.
2010-12-14 * I forgot to catch SQLiteBusy in registerValidPaths(). SoEelco Dolstra1-38/+31
registerValidPaths() now handles busy errors and registerValidPath() is simply a wrapper around it.
2010-12-13 * nix-instantiate: return exit status 100 to denote a permanent buildEelco Dolstra4-7/+22
failure. The build hook can use this to distinguish between transient and permanent failures on the remote side.
2010-12-13 * Create /nix/var/nix/db if it's missing.Eelco Dolstra1-0/+1
2010-12-13 * createDirs(path): if path already exists, make sure it's aEelco Dolstra2-20/+26
directory. * Provide a C++ wrapper around lstat().
2010-12-13 * Update some comments.Eelco Dolstra2-4/+3
2010-12-08 * Ignore the result of sqlite3_reset().Eelco Dolstra1-3/+4
2010-12-06 * `nix-store --verify --check-contents': don't hold the global GC lockEelco Dolstra2-11/+49
while checking the contents, since this operation can take a very long time to finish. Also, fill in missing narSize fields in the DB while doing this.
2010-12-05 * Retry a transaction if SQLite returns SQLITE_BUSY. This can happenEelco Dolstra1-61/+83
even with a very long busy timeout, because SQLITE_BUSY is also returned to resolve deadlocks. This should get rid of random "database is locked" errors. This is kind of hard to test though. * Fix a horrible bug in deleteFromStore(): deletePathWrapped() should be called after committing the transaction, not before, because the commit might not succeed.
2010-11-29 * Quick hack around one of the pathological cases in bsdiffEelco Dolstra1-0/+1
(namely, when there is a long region of 0s). On one 86 MiB case, this cut patch generation time from 44m to 2m.
2010-11-25 * Sync with the trunk.Eelco Dolstra1-0/+4
2010-11-25 * DrvInfo contains pointers to expressions, so DrvInfos should beEelco Dolstra1-0/+4
traced by the garbage collector. Otherwise "nix-env -u" can crash randomly.
2010-11-17 * Before a build, show the disk space that the downloaded store pathsEelco Dolstra8-12/+18
will approximately require.
2010-11-17 * Add an operation `nix-store -q --size'.Eelco Dolstra4-7/+24
2010-11-17 * Implement RemoteStore::queryPathInfo().Eelco Dolstra3-1/+27
2010-11-16 * Store the size of a store path in the database (to be precise, theEelco Dolstra15-90/+143
size of the NAR serialisation of the path, i.e., `nix-store --dump PATH'). This is useful for Hydra.
2010-11-16 * Sync with the trunk.Eelco Dolstra25-437/+643
2010-10-29 * Document Boehm GC support.Eelco Dolstra1-1/+1
2010-10-29 * Set libgc's initial heap size to 384 MiB to prevent garbageEelco Dolstra1-0/+12
collection in most cases (and therefore its performance overhead).
2010-10-28 * new(UseGC) is inexplicably slower than GC_MALLOC, so prefer theEelco Dolstra1-4/+4
latter.
2010-10-28 * Handle out of memory condition.Eelco Dolstra5-10/+28
2010-10-24 * When allocating an attribute set, reserve enough space for allEelco Dolstra4-28/+21
elements. This prevents the vector from having to resize itself.
2010-10-24 * Keep attribute sets in sorted order to speed up attribute lookups.Eelco Dolstra11-146/+184
* Simplify the representation of attributes in the AST. * Change the behaviour of listToAttrs() in case of duplicate names.
2010-10-24 * Don't create thunks for variable lookups (if possible). ThisEelco Dolstra3-23/+60
significantly reduces the number of values allocated (e.g. from 8.7m to 4.9m for the Bittorrent test).
2010-10-24 * Store attribute sets as a vector instead of a map (i.e. a red-blackEelco Dolstra7-90/+129
tree). This saves a lot of memory. The vector should be sorted so that names can be looked up using binary search, but this is not the case yet. (Surprisingly, looking up attributes using linear search doesn't have a big impact on performance.) Memory consumption for $ nix-instantiate /etc/nixos/nixos/tests -A bittorrent.test --readonly-mode on x86_64-linux with GC enabled is now 185 MiB (compared to 946 MiB on the trunk).
2010-10-23 * Fix compiling without Boehm.Eelco Dolstra1-10/+8
* Fix the stats.
2010-10-23 * Optimise string constants by putting them in the symbol table.Eelco Dolstra4-39/+55
2010-10-23 * Make Value smaller by not storing redundant PrimOp info.Eelco Dolstra2-25/+44
* Clear pointers in Values after overwriting them to make sure that no objects are kept alive unnecessarily.
2010-10-23 * Remove allocValues().Eelco Dolstra4-36/+14
2010-10-22 * In environments, store pointers to values rather than values. ThisEelco Dolstra2-35/+25
improves GC effectiveness a bit more (because a live value doesn't keep other values in the environment plus the parent environments alive), and removes the need for copy nodes.
2010-10-22 * Store Value nodes outside of attribute sets. I.e., Attr now storesEelco Dolstra15-130/+150
a pointer to a Value, rather than the Value directly. This improves the effectiveness of garbage collection a lot: if the Value is stored inside the set directly, then any live pointer to the Value causes all other attributes in the set to be live as well.
2010-10-22 * Make building against the Boehm GC a configure option.Eelco Dolstra5-14/+29