Commit graph

56 commits

Author SHA1 Message Date
Eelco Dolstra
9f0efa6611 * Start of the setuid helper (the program that performs the operations
that have to be done as root: running builders under different uids,
  changing ownership of build results, and deleting paths in the store
  with the wrong ownership).
2006-12-06 01:24:02 +00:00
Eelco Dolstra
a824d58b56 * Merge addToStore and addToStoreFixed.
* addToStore now adds unconditionally, it doesn't use readOnlyMode.
  Read-only operation is up to the caller (who can call
  computeStorePathForPath).
2006-12-01 20:51:18 +00:00
Eelco Dolstra
40b3f64b55 * Skeleton of the privileged worker program.
* Some refactoring: put the NAR archive integer/string serialisation
  code in a separate file so it can be reused by the worker protocol
  implementation.
2006-11-30 19:19:59 +00:00
Eelco Dolstra
71e867c5f5 * Remove --enable-setuid, --with-nix-user and --with-nix-group.
Rather, setuid support is now always compiled in (at least on
  platforms that have the setresuid system call, e.g., Linux and
  FreeBSD), but it must enabled by chowning/chmodding the Nix
  binaries.
2006-11-29 21:06:58 +00:00
Eelco Dolstra
8291f6d968 * bsdiff updated to 4.3. This makes Nix depend on libbz2. 2006-02-01 16:48:49 +00:00
Eelco Dolstra
0e38578433 * log2xml -> nix-log2xml. 2005-10-05 09:42:13 +00:00
Eelco Dolstra
4f07ebc67e * Integrated bsdiff/bspatch 4.2 (from
http://www.daemonology.net/bsdiff/bsdiff-4.2.tar.gz) into the source
  tree.  The license is a bit peculiar, but it does allow verbatim
  copying, which is what we do here (i.e., so don't make any changes
  to the sources).
2004-12-29 22:08:48 +00:00
Eelco Dolstra
a69534fc21 * Drop ATmake / ATMatcher also in handling store expressions. 2004-10-29 11:22:49 +00:00
Eelco Dolstra
47f87072ad * A very dirty hack to make setuid installations a bit nicer to use.
Previously there was the problem that all files read by nix-env
  etc. should be reachable and readable by the Nix user.  So for
  instance building a Nix expression in your home directory meant that
  the home directory should have at least g+x or o+x permission so
  that the Nix user could reach the Nix expression.  Now we just
  switch back to the original user just prior to reading sources and
  the like.  The places where this happens are somewhat arbitrary,
  however.  Any scope that has a live SwitchToOriginalUser object in
  it is executed as the original user.

* Back out r1385.  setreuid() sets the saved uid to the new
  real/effective uid, which prevents us from switching back to the
  original uid.  setresuid() doesn't have this problem (although the
  manpage has a bug: specifying -1 for the saved uid doesn't leave it
  unchanged; an explicit value must be specified).
2004-09-09 21:12:53 +00:00
Eelco Dolstra
5396304c73 * Use setre[ug]id() instead of setres[ug]id(), since the former is
more common than the latter (which exists only on Linux and
  FreeBSD).  We don't really care about dropping the saved IDs since
  there apparently is no way to quiry them in any case, so it can't
  influence the build (unlike the effective IDs which are checked by
  Perl for instance).
2004-09-09 15:55:31 +00:00
Eelco Dolstra
e77fbe0fa2 * On systems that have the setresuid() and setresgid() system calls to
set the real uid and gid to the effective uid and gid, the Nix
  binaries can be installed as owned by the Nix user and group instead
  of root, so no root involvement of any kind is necessary.

  Linux and FreeBSD have these functions.
2004-08-20 15:22:33 +00:00
Eelco Dolstra
2d35116c13 * Setuid support for sharing a Nix installation between multiple
users.

  If the configure flag `--enable-setuid' is used, the Nix programs
  nix-env, nix-store, etc. are installed with the setuid bit turned on
  so that they are executed as the user and group specified by
  `--with-nix-user=USER' and `--with-nix-group=GROUP', respectively
  (with defaults `nix' and `nix').

  The setuid programs drop all special privileges if they are executed
  by a user who is not a member of the Nix group.

  The setuid feature is a quick hack to enable sharing of a Nix
  installation between users who trust each other.  It is not
  generally secure, since any user in the Nix group can modify (by
  building an appropriate derivation) any object in the store, and for
  instance inject trojans into binaries used by other users.

  The setuid programs are owned by root, not the Nix user.  This is
  because on Unix normal users cannot change the real uid, only the
  effective uid.  Many programs don't work properly when the real uid
  differs from the effective uid.  For instance, Perl will turn on
  taint mode.  However, the setuid programs drop all root privileges
  immediately, changing all uids and gids to the Nix user and group.
2004-08-20 14:49:05 +00:00
Eelco Dolstra
9d2669d218 * Added a utility that can be used to produce nice HTML pages from Nix
build logs.  The program `log2xml' converts a Nix build log (read
  from standard input) into XML file that can then be converted to
  XHTML by the `log2html.xsl' stylesheet.  The CSS stylesheet
  `logfile.css' is necessary to make it look good.

  This is primarily useful if the log file has a *tree structure*,
  i.e., that sub-tasks such as the various phases of a build (unpack,
  configure, make, etc.) or recursive invocations of Make are
  represented as such.  While a log file is in principle an
  unstructured plain text file, builders can communicate this tree
  structure to `log2xml' by using escape sequences:

  - "\e[p" starts a new nesting level; the first line following the
    escape code is the header;

  - "\e[q" ends the current nesting level.

  The generic builder in nixpkgs (not yet committed) uses this.  It
  shouldn't be to hard to patch GNU Make to speak this protocol.

  Further improvements to the generated HTML pages are to allow
  collapsing/expanding of subtrees, and to abbreviate store paths (but
  to show the full path by hovering the mouse over it).
2004-03-15 21:51:14 +00:00
Eelco Dolstra
9898746ef3 * nix-env: a tool to manage user environments.
* Replace all directory reading code by a generic readDirectory()
  function.
2003-11-19 17:27:16 +00:00
Eelco Dolstra
fd7ac09f10 * Refactoring (step 2). 2003-11-19 12:03:01 +00:00
Eelco Dolstra
ac68840e79 * Refactoring: put the Nix expression evaluator in its own library so
that it can be used by multiple programs.
2003-11-19 11:35:41 +00:00
Eelco Dolstra
dfc9c64ead * "Fix expression" -> "Nix expression".
* More refactoring.
2003-11-18 12:06:07 +00:00
Eelco Dolstra
b1117ef29d * nix -> nix-store, fix -> nix-instantiate. 2003-11-18 11:38:25 +00:00
Eelco Dolstra
9f0f020929 * libnix -> libstore. 2003-11-18 10:55:27 +00:00
Eelco Dolstra
8798fae304 * Source tree refactoring. 2003-11-18 10:47:59 +00:00
Eelco Dolstra
4d728f6a36 * Forked new version of Fix. 2003-10-29 15:05:18 +00:00
Eelco Dolstra
c62433751d * Finished refactoring the tree. 2003-10-20 10:05:01 +00:00
Eelco Dolstra
5d4171f7fb * Synchronise terminology with the ICSE paper (e.g., slice -> closure,
fstate -> Nix expression).
* Fix src/test.cc.
2003-10-07 12:27:49 +00:00
Eelco Dolstra
e78f753aa8 * Include the right files in a distribution. 2003-10-02 12:22:19 +00:00
Eelco Dolstra
1c7d6bf5fc * Removed references to char_traits so that boost/format also works on
GCC 2.95.
2003-09-11 10:23:55 +00:00
Eelco Dolstra
c0bbed0959 * Factored out dot graph generation into a separate file. 2003-09-03 11:20:18 +00:00
Eelco Dolstra
545145cd58 * normaliseFState() now locks all output paths prior to building, thus
ensuring that simultaneous invocations of Nix don't clobber
  each other's  builds.

* Fixed a bug in `make install'.
2003-08-01 14:11:19 +00:00
Eelco Dolstra
4a013962bd * Started using Berkeley DB environments. This is necessary for
transaction support (but we don't actually use transactions yet).
2003-07-31 13:47:13 +00:00
Eelco Dolstra
8846465934 * Get garbage collection and cache population to work *properly*.
Renamed `fstateRefs' to `fstateRequisites'.  The semantics of this
  function is that it returns a list of all paths necessary to realise
  a given expression.  For a derive expression, this is the union of
  requisites of the inputs; for a slice expression, it is the path of
  each element in the slice.  Also included are the paths of the
  expressions themselves.  Optionally, one can also include the
  requisites of successor expressions (to recycle intermediate
  results).

* `nix-switch' now distinguishes between an expression and its normal
  form.  Usually, only the normal form is registered as a root of the
  garbage collector.  With the `--source-root' flag, it will also
  register the original expression as a root.

* `nix-collect-garbage' now has a flag `--keep-successors' which
  causes successors not to be included in the list of garbage paths.

* `nix-collect-garbage' now has a flag `--invert' which will print all
  paths that should *not* be garbage collected.
2003-07-29 14:28:17 +00:00
Eelco Dolstra
949c4fa1a8 * `nix --help'.
* `nix --query --graph' to print a dot dependency graph of derive
  expressions.
2003-07-28 12:19:23 +00:00
Eelco Dolstra
39ce70025b * Incorporated Berkeley DB and ATerm into the source tree.
* `make dist'.
2003-07-23 15:53:34 +00:00
Eelco Dolstra
9202570f8c * libdb_cxx-4 -> libdb_cxx 2003-07-22 20:02:33 +00:00
Eelco Dolstra
6f1a0f948d * Refactorings. 2003-07-20 19:29:38 +00:00
Eelco Dolstra
3509299aca * After building, scan for actual file system references as
opposed to declared references.  This prunes the reference
  graph, thus allowing better garbage collection and more
  efficient derivate distribution.
2003-07-14 10:23:11 +00:00
Eelco Dolstra
e6363b05ae * Pass $(prefix) and other variables through -D..., not
through config.h, to prevent silly Autoconf problems.
2003-07-13 19:26:00 +00:00
Eelco Dolstra
9c620e4afa * Generate the scripts so that we can substitute the prefix
etc. correctly.
* Fixed nix-switch.
2003-07-13 18:58:03 +00:00
Eelco Dolstra
5895c160c4 * Make dbRefs a mapping from Hash to [Path]. 2003-07-07 09:25:26 +00:00
Eelco Dolstra
224c585aba * Refactoring on the file names. 2003-07-07 07:43:58 +00:00
Eelco Dolstra
7952a8053c * A utility `nix-hash' to compute Nix path hashes. 2003-07-06 15:11:02 +00:00
Eelco Dolstra
82e3d8fafe * Got Fix working again. 2003-07-06 14:20:47 +00:00
Eelco Dolstra
f826e432aa * Refactoring: move initialisation and argument parsing into a shared
file.
2003-07-04 15:42:03 +00:00
Eelco Dolstra
207ff2caf0 * Caching of expression successors. 2003-07-04 12:18:06 +00:00
Eelco Dolstra
2b07b0e7eb * Minor cleanups. 2003-06-25 14:58:56 +00:00
Eelco Dolstra
5079ccb455 * Move most of Nix into a library (libnix.a).
* Run `test' on `make check'.
2003-06-20 10:53:04 +00:00
Eelco Dolstra
1849aa2a72 * Refactoring: move dump function into archive.cc. 2003-06-20 10:40:25 +00:00
Eelco Dolstra
fab7b128b9 * Automake sucks. 2003-06-18 08:07:28 +00:00
Eelco Dolstra
34fcf5fa0c * Started integrating the new evaluation model into Nix.
* Cleaned up command-line syntax.
2003-06-17 21:12:58 +00:00
Eelco Dolstra
822794001c * Started implementing the new evaluation model.
* Lots of refactorings.
* Unit tests.
2003-06-16 13:33:38 +00:00
Eelco Dolstra
21fe717ce2 * Refactoring: hash class. 2003-06-15 13:41:32 +00:00
Eelco Dolstra
d1f5fd7216 * Log the output of builders to $prefix/var/log/nix. 2003-05-30 15:21:52 +00:00