about summary refs log tree commit diff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2015-06-04 Chown files created for passAsFileEelco Dolstra1-2/+7
Nixpkgs' writeTextAsFile does this: mv "$textPath" "$n" Since $textPath was owned by root, if $textPath is on the same filesystem as $n, $n will be owned as root. As a result, the build result was rejected as having suspicious ownership. http://hydra.nixos.org/build/22836807
2015-06-02 Don't let unprivileged users repair pathsEelco Dolstra1-7/+9
2015-06-02 Use StoreAPI::verifyStore()Eelco Dolstra1-1/+1
2015-06-02 Add a ‘verifyStore’ RPCLudovic Courtès5-1/+27
Hello! The patch below adds a ‘verifyStore’ RPC with the same signature as the current LocalStore::verifyStore method. Thanks, Ludo’. >From aef46c03ca77eb6344f4892672eb6d9d06432041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> Date: Mon, 1 Jun 2015 23:17:10 +0200 Subject: [PATCH] Add a 'verifyStore' remote procedure call.
2015-06-01 Add tarball testsEelco Dolstra1-1/+1
2015-06-01 Document tarball downloadingEelco Dolstra1-0/+1
2015-06-01 Fix fetchurl/fetchTarballEelco Dolstra1-1/+2
2015-06-01 readFile: Check against nul bytesEelco Dolstra1-1/+4
2015-05-22 Fix import-from-derivation in restricted eval modeEelco Dolstra1-0/+7
This relaxes restricted mode to allow access to anything in the store. In the future, it would be better to allow access to only paths that have been constructed in the current evaluation (so a hard-coded /nix/store/blabla in a Nix expression would still be rejected). However, note that reading /nix/store itself is still rejected, so you can't use this so get access to things you don't know about.
2015-05-22 Remove dead codeEelco Dolstra1-18/+0
2015-05-21 nix-collect-garbage: Don't call nix-envEelco Dolstra4-69/+110
Also, make sure --delete-older-than doesn't delete the current generation.
2015-05-21 Move profiles.{cc,hh} to libstoreEelco Dolstra2-0/+0
2015-05-21 nix-collect-garbage: Call collectGarbage() internallyEelco Dolstra4-24/+41
2015-05-21 nix-collect-garbage: Don't barf on unreadable directoriesEelco Dolstra1-5/+7
And don't try to delete generations from unwritable directories.
2015-05-21 nix-collect-garbage: Remove redundant call to getFileTypeEelco Dolstra1-1/+1
2015-05-21 Merge branch 'submit/sparse-generation-symlinks' of ↵Eelco Dolstra1-1/+19
https://github.com/ctheune/nix
2015-05-20 Mis-read Eelko's request to not make this an option: now, let's not makeChristian Theune5-18/+13
it an option. :)
2015-05-19 Implement alternative to lazy generations:Christian Theune5-17/+25
* only the last generation can be lazy * depend on the '--lazy-generation' flag to be set
2015-05-19 Don't install nix-worker symlinkEelco Dolstra1-2/+0
It has been obsolete since Nix 1.2. Closes #417.
2015-05-18 Enable lazy/sparse allocation of generation symlinks: avoid creatingChristian Theune1-1/+16
new generations if a generation already exists. Alternatively or additionally I propose a mode where only the *last* generation will be sparse.
2015-05-13 Fix "error: deriver of path ‘’ is not known"Eelco Dolstra1-6/+5
2015-05-13 cygwin: looks like stdout/stdin are reserved wordsRok Garbas1-10/+10
2015-05-13 cygwin: explicitly include required c headersRok Garbas2-0/+2
2015-05-12 Don't try to map /bin/sh to a store path on non-LinuxShea Levy1-0/+2
2015-05-06 nix-collect-garbage: Do not pass an empty argument. Closes #530Luca Bruno1-1/+5
2015-05-06 nix-env/nix-instantiate/nix-build: Support URIsEelco Dolstra5-14/+19
For instance, you can install Firefox from a specific Nixpkgs revision like this: $ nix-env -f https://github.com/NixOS/nixpkgs/archive/63def04891a0abc328b1b0b3a78ec02c58f48583.tar.gz -iA firefox Or build a package from the latest nixpkgs-unstable channel: $ nix-build https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz -A hello
2015-05-06 nix-collect-garbage: Fix deleting old generationsWilliam A. Kennington III1-1/+1
The call to nix-env expects a string which represents how old the derivations are or just "old" which means any generations other than the current one in use. Currently nix-collect-garbage passes an empty string to nix-env when using the -d option. This patch corrects the call to nix-env such that it follows the old behavior.
2015-05-05 Allow URLs in the Nix search pathEelco Dolstra6-99/+123
E.g. to install "hello" from the latest Nixpkgs: $ nix-build '<nixpkgs>' -A hello -I nixpkgs=https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz Or to install a specific version of NixOS: $ nixos-rebuild switch -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/63def04891a0abc328b1b0b3a78ec02c58f48583.tar.gz
2015-05-05 Make downloads interruptableEelco Dolstra1-0/+9
2015-04-22 nix-collect-garbage: translate to C++Luca Bruno2-0/+94
2015-04-18 Add the pre-build hook.Shea Levy3-0/+41
This hook can be used to set system-specific per-derivation build settings that don't fit into the derivation model and are too complex or volatile to be hard-coded into nix. Currently, the pre-build hook can only add chroot dirs/files through the interface, but it also has full access to the chroot root. The specific use case for this is systems where the operating system ABI is more complex than just the kernel-support system calls. For example, on OS X there is a set of system-provided frameworks that can reliably be accessed by any program linked to them, no matter the version the program is running on. Unfortunately, those frameworks do not necessarily live in the same locations on each version of OS X, nor do their dependencies, and thus nix needs to know the specific version of OS X currently running in order to make those frameworks available. The pre-build hook is a perfect mechanism for doing just that.
2015-04-18 Revert "Add the pre-build hook."Shea Levy3-112/+0
Going to reimplement differently. This reverts commit 1e4a4a2e9fc382f47f58b448f3ee034cdd28218a.
2015-04-16 Fix using restricted mode with chrootsEelco Dolstra4-0/+9
2015-04-12 Add the pre-build hook.Shea Levy3-0/+112
This hook can be used to set system specific per-derivation build settings that don't fit into the derivation model and are too complex or volatile to be hard-coded into nix. Currently, the pre-build hook can only add chroot dirs/files. The specific use case for this is systems where the operating system ABI is more complex than just the kernel-supported system calls. For example, on OS X there is a set of system-provided frameworks that can reliably be accessed by any program linked to them, no matter the version the program is running on. Unfortunately, those frameworks do not necessarily live in the same locations on each version of OS X, nor do their dependencies, and thus nix needs to know the specific version of OS X currently running in order to make those frameworks available. The pre-build hook is a perfect mechanism for doing just that.
2015-04-09 Use cached result if there is a network errorEelco Dolstra3-8/+15
2015-04-09 Move curl stuff into a separate fileEelco Dolstra3-112/+150
2015-04-09 Implement a TTL on cached fetchurl/fetchTarball resultsEelco Dolstra3-13/+34
This is because we don't want to do HTTP requests on every evaluation, even though we can prevent a full redownload via the cached ETag. The default is one hour.
2015-04-09 Implement caching of fetchurl/fetchTarball resultsEelco Dolstra4-24/+147
ETags are used to prevent redownloading unchanged files.
2015-04-07 Revert /nix/store permission back to 01775Eelco Dolstra2-2/+2
This broke NixOS VM tests. Mostly reverts 27b7b94923d2f207781b438bb7a57669bddf7d2b, 5ce50cd99e740d0d0f18c30327ae687be9356553, afa433e58c3fe6029660a43fdc2073c9d15b4210.
2015-04-02 Chroot builds: Provide world-readable /nix/storeEelco Dolstra1-1/+1
This was causing NixOS VM tests to fail mysteriously since 5ce50cd99e740d0d0f18c30327ae687be9356553. Nscd could (sometimes) no longer read /etc/hosts: open("/etc/hosts", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) Probably there was some wacky interaction between the guest kernel and the 9pfs implementation in QEMU.
2015-03-25 Add fetchTarball builtinEelco Dolstra2-1/+120
This function downloads and unpacks the given URL at evaluation time. This is primarily intended to make it easier to deal with Nix expressions that have external dependencies. For instance, to fetch Nixpkgs 14.12: with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz) {}; Or to fetch a specific revision: with import (fetchTarball https://github.com/NixOS/nixpkgs/archive/2766a4b44ee6eafae03a042801270c7f6b8ed32a.tar.gz) {}; This patch also adds a ‘fetchurl’ builtin that downloads but doesn't unpack its argument. Not sure if it's useful though.
2015-03-25 addToStore(): Take explicit name argumentEelco Dolstra8-35/+35
2015-03-24 Improve setting the default chroot dirsEelco Dolstra2-2/+7
2015-03-24 Add the closure of store paths to the chrootEelco Dolstra1-0/+8
Thus, for example, to get /bin/sh in a chroot, you only need to specify /bin/sh=${pkgs.bash}/bin/sh in build-chroot-dirs. The dependencies of sh will be added automatically.
2015-03-24 Tighten permissions on chroot directoriesEelco Dolstra1-2/+12
2015-03-24 Don't rely on __noChroot for corepkgsEelco Dolstra1-2/+5
This doesn't work anymore if the "strict" chroot mode is enabled. Instead, add Nix's store path as a dependency. This ensures that its closure is present in the chroot.
2015-03-19 Disable scanning for interior pointersEelco Dolstra1-0/+2
This may remove the "Repeated allocation of very large block" warnings.
2015-03-19 Fix Boehm API violationEelco Dolstra4-38/+48
We were calling GC_INIT() after doing an allocation (in the baseEnv construction), which is not allowed.
2015-03-19 Check return values from malloc/strdupEelco Dolstra1-11/+34
2015-03-18 Print some Boehm GC statsEelco Dolstra1-0/+7