about summary refs log tree commit diff
path: root/src (follow)
AgeCommit message (Collapse)AuthorFilesLines
2015-11-15 Use AutoDelete for sandbox profile fileShea Levy1-5/+14
2015-11-14 simplify build.cc using modern C++ featuresJude Taylor1-33/+31
2015-11-14 simplify build permissionsJude Taylor1-13/+3
2015-11-14 remove sandbox-defaults.sbJude Taylor2-64/+0
2015-11-14 use per-derivation sandbox profilesJude Taylor1-28/+39
2015-11-09 Add option to verify build determinismEelco Dolstra2-12/+64
Passing "--option build-repeat <N>" will cause every build to be repeated N times. If the build output differs between any round, the build is rejected, and the output paths are not registered as valid. This is primarily useful to verify build determinism. (We already had a --check option to repeat a previously succeeded build. However, with --check, non-deterministic builds are registered in the DB. Preventing that is useful for Hydra to ensure that non-deterministic builds don't end up getting published at all.)
2015-11-09 Revert "Allow using /bin and /usr/bin as impure prefixes on non-darwin by ↵Eelco Dolstra1-1/+1
default" This reverts commit 79ca5033329053caa364bb2f7e50953f859cc97f. Ouch, never noticed this. We definitely don't want to allow builds to have arbitrary access to /bin and /usr/bin, because then they can (for instance) bring in a bunch of setuid programs. Also, we shouldn't be encouraging the use of impurities in the default configuration.
2015-11-09 optimizePath(): Detect some .links corruptionEelco Dolstra1-2/+9
If automatic store optimisation is enabled, and a hard-linked file in the store gets corrupted, then the corresponding .links entry will also be corrupted. In that case, trying to repair with --repair or --repair-path won't work, because the new "good" file will be replaced by a hard link to the corrupted file. We can catch most of these cases by doing a sanity-check on the file sizes.
2015-11-09 Fix namespace issueEelco Dolstra1-2/+2
2015-11-04 Merge branch 'master' of https://github.com/pikajude/nixShea Levy1-2/+6
> I made this change for two reasons: > 1. Darwin's locale data doesn't appear to be open source > 2. Privileged processes will always use /usr/share/locale regardless of environment variables
2015-11-04 Support SHA-512 hashesEelco Dolstra2-2/+10
Fixes #679. Note: on x86_64, SHA-512 is considerably faster than SHA-256 (198 MB/s versus 131 MB/s).
2015-11-04 Require OpenSSLEelco Dolstra9-1752/+1
2015-11-03 fix syntax errorJude Taylor1-1/+1
2015-11-03 darwin: allow reading system locale and zoneinfoJude Taylor1-2/+6
2015-10-31 allow reading ICU dataJude Taylor1-1/+2
2015-10-30 add special devices to sandbox-defaultsJude Taylor1-1/+4
2015-10-30 <nix/fetchurl.nix>: Support xz-compressed NARsEelco Dolstra4-1/+61
2015-10-30 <nix/fetchurl.nix>: Support downloading and unpacking NARsEelco Dolstra1-3/+14
This removes the need to have multiple downloads in the stdenv bootstrap process (like a separate busybox binary for Linux, or curl/mkdir/sh/bzip2 for Darwin). Now all those files can be combined into a single NAR.
2015-10-29 int2String() -> std::to_string()Eelco Dolstra9-24/+17
2015-10-26 Merge pull request #668 from svanderburg/masterEelco Dolstra1-0/+1
Fix compilation error due to missing ENOENT on cygwin
2015-10-21 use nixDataDir instead of appending /share to PREFIXJude Taylor1-1/+1
2015-10-21 revert libutil changeJude Taylor1-5/+4
2015-10-21 clarifying commentJude Taylor1-1/+5
2015-10-21 move preBuildHook defaulting to globals.ccJude Taylor2-7/+5
2015-10-21 restore old DEFAULT_ALLOWED_IMPURE_PREFIXESJude Taylor1-1/+1
2015-10-21 Add resolve-system-dependencies.plJude Taylor2-1/+8
2015-10-21 remove usr paths from allowed inputsJude Taylor1-2/+0
2015-10-21 allow access to SystemVersion for python buildersJude Taylor1-0/+1
2015-10-21 fix line reading in preBuildHookJude Taylor1-1/+1
2015-10-21 remove sandbox defaults into a new fileJude Taylor3-65/+62
2015-10-21 restore allowed impure prefixesJude Taylor1-1/+1
2015-10-21 remove an unneeded default impure-depJude Taylor1-1/+0
2015-10-21 make sandbox builds more permissiveJude Taylor2-6/+7
2015-10-21 add a few more permissionsJude Taylor1-3/+45
2015-10-21 Allow builtin fetchurl regardless of the derivation's system attributeEelco Dolstra1-12/+13
2015-10-21 Show progress indicator for builtin fetchurlEelco Dolstra3-4/+7
2015-10-21 Disable TLS verification for builtin fetchurlEelco Dolstra4-12/+32
This makes it consistent with the Nixpkgs fetchurl and makes it work in chroots. We don't need verification because the hash of the result is checked anyway.
2015-10-21 Fix segfault in builtin fetchurlEelco Dolstra1-3/+7
The stack allocated for the builder was way too small (32 KB). This is sufficient for normal derivations, because they just do some setup and then exec() the actual builder. But for the fetchurl builtin derivation it's not enough. Also, allocating the stack on the caller's stack was fishy business.
2015-10-18 Fix compilation error due to missing ENOENT on cygwinSander van der Burg1-0/+1
2015-10-08 Allow building ARMv6 stuff on ARMv7Tuomas Tynkkynen1-0/+1
This allows building a Raspberry Pi image on modern, faster boards.
2015-10-08 isFunctor: SimplifyEelco Dolstra2-11/+6
2015-10-08 forceFunction: allow functors as wellMathnerd3143-1/+13
2015-10-08 Revert to CURLOPT_PROGRESSFUNCTIONEelco Dolstra1-5/+5
CURLOPT_XFERINFOFUNCTION isn't widely supported yet. http://hydra.nixos.org/build/26679495
2015-10-07 Show progress during downloadsEelco Dolstra2-8/+47
2015-10-07 nix-prefetch-url: Add --name optionEelco Dolstra1-3/+7
This allows overriding the name component of the resulting Nix store path, which is necessary if the base name of the URI contains "illegal" characters.
2015-10-07 nix-prefetch-url -A: Use "name" attribute from Nix expressionEelco Dolstra1-1/+8
This is in particular useful for fetchFromGitHub et al., ensuring that the store path produced by nix-prefetch-url corresponds to what those functions expect.
2015-10-07 nix-prefetch-url: Support unpacking tarballsEelco Dolstra1-15/+47
This allows nix-prefetch-url to prefetch the output of fetchzip and its wrappers (like fetchFromGitHub). For example: $ nix-prefetch-url --unpack https://github.com/NixOS/patchelf/archive/0.8.tar.gz or from a Nix expression: $ nix-prefetch-url -A nix-repl.src In the latter case, --unpack can be omitted because nix-repl.src is a fetchFromGitHub derivation and thus has "outputHashMode" set to "recursive".
2015-10-06 nix-store --serve: Implement log size limitEelco Dolstra4-4/+8
2015-10-01 nix-prefetch-url: Support prefetching from a Nix expressionEelco Dolstra1-4/+36
For example, $ nix-prefetch-url -A hello.src will prefetch the file specified by the fetchurl call in the attribute ‘hello.src’ from the Nix expression in the current directory. This differs from ‘nix-build -A hello.src’ in that it doesn't verify the hash. You can also specify a path to the Nix expression: $ nix-prefetch-url ~/Dev/nixpkgs -A hello.src List elements (typically used in ‘patches’ attributes) also work: $ nix-prefetch-url -A portmidi.patches.0
2015-10-01 nix-prefetch-url: $PRINT_PATH -> --print-pathEelco Dolstra1-2/+6
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-08-15T12·32+0000