max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-14 02:06:16 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
17911 commits 7 branches 0 tags 64 MiB
Commit graph

17911 commits

This branch
This branch
All branches
Author SHA1 Message Date
Emily
af2e1142b1 libstore: fix sandboxed builds on macOS 
The recent fix for CVE-2024-38531 broke the sandbox on macOS
completely. As it’s not practical to use `chroot(2)` on
macOS, the build takes place in the main filesystem tree, and the
world‐unreadable wrapper directory prevents the build from accessing
its `$TMPDIR` at all.

The macOS sandbox probably shouldn’t be treated as any kind of a
security boundary in its current state, but this specific vulnerability
wasn’t possible to exploit on macOS anyway, as creating `set{u,g}id`
binaries is blocked by sandbox policy.

Locking down the build sandbox further may be a good idea in future,
but it already has significant compatibility issues. For now, restore
the previous status quo on macOS.

Thanks to @alois31 for helping me come to a better understanding of
the vulnerability.

Fixes: 1d3696f0fb
Closes: #11002
 2024-07-04 16:28:37 +01:00
Emily
76e4adfaac libstore: clean up the build directory properly 
After the fix for CVE-2024-38531, this was only removing the nested
build directory, rather than the top‐level temporary directory.

Fixes: 1d3696f0fb
 2024-07-04 16:22:02 +01:00
Valentin Gagarin
c66079f1e8 use self-descriptive name for config file parser, document 
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
 2024-07-04 10:36:48 +02:00
siddhantCodes
976c05879f factor duplicate code into util function append 2024-07-04 11:09:23 +05:30
Eelco Dolstra
5b4102c3b2 Tarball fetcher: Include revCount/lastModified in the fingerprint 
This can influence the evaluation result so they should be included in
the fingerprint.
 2024-07-03 22:05:45 +02:00
John Ericson
509be0e77a
Merge pull request #11022 from obsidiansystems/fix-openbsd-socket-peercred 
Use proper struct sockpeercred for SO_PEERCRED for OpenBSD
 2024-07-03 11:56:39 -04:00
kn
10ccdb7a41 Use proper struct sockpeercred for SO_PEERCRED for OpenBSD 
getsockopt(2) documents this;  ucred is wrong ("cr_" member prefix, no pid).
 2024-07-03 11:16:39 -04:00
John Ericson
a09360400b Ident some CPP in nix daemon 
Makes it easier for me to read.
 2024-07-03 11:15:56 -04:00
Eelco Dolstra
1ff186fc6e nix flake metadata: Show flake fingerprint 
This is useful for testing/debugging and maybe for sharing eval caches
(since it tells you what file in ~/.cache/nix/eval-cache-v5 to copy).
 2024-07-03 17:00:30 +02:00
Eelco Dolstra
9d95c228ee Tarball fetcher: Fix fetchToStore() and eval caching 2024-07-03 16:50:45 +02:00
John Ericson
30de61f16d
Merge pull request #11018 from siddhantk232/canonpath-fs-sink 
Use `CanonPath` in `fs-sink.hh`
 2024-07-03 10:36:18 -04:00
Eelco Dolstra
8bdd0ecd80 Add a test 2024-07-03 15:57:05 +02:00
Eelco Dolstra
79ed3df8f8 Tarball fetcher: Fix handling of cached tarballs 
Fixes a regression introduced in
5a9e1c0d20 where downloading a cached
file causes the error "Failed to open archive (Unrecognized archive
format)".
 2024-07-03 14:14:20 +02:00
siddhantCodes
2cf24a2df0 fix tests and minor changes 
- use the iterator in `CanonPath` to count `level`
- use the `CanonPath::basename` method
- use `CanonPath::root` instead of `CanonPath{""}`
- remove `Path` and `PathView`, use `std::filesystem::path` directly
 2024-07-03 17:43:55 +05:30
Valentin Gagarin
a713476790
docs: split types from syntax (#11013) 
move together all syntactic and semantic information into one
page, and add a page on data types, which in turn links to the syntax and
semantics.

also split out the note on scoping rules into its own page.

Co-authored-by: Ryan Hendrickson <ryan.hendrickson@alum.mit.edu>
 2024-07-03 09:03:41 +02:00
John Ericson
b0bc2a97bf Put unit tests back in old build system for now 2024-07-02 09:26:22 -04:00
John Ericson
451f8a8c19 Put back files for now 
We'll revert this sometime later
 2024-07-02 09:26:22 -04:00
John Ericson
11946817f0 fileset for store unit test data 2024-07-02 09:26:22 -04:00
John Ericson
4d6bc61b8d Fix things 2024-07-02 09:26:22 -04:00
John Ericson
4727d5c3c5 Fix format blacklist 2024-07-02 09:26:22 -04:00
John Ericson
11dab30be9 Update docs on the unit tests 2024-07-02 09:26:22 -04:00
John Ericson
224c6c3256 Fix test symlinks 2024-07-02 09:26:22 -04:00
John Ericson
496b4a9cd2 Move around unit test dirs to match new names 2024-07-02 09:26:22 -04:00
John Ericson
3ad39d2afb Fix library name 2024-07-02 09:26:22 -04:00
John Ericson
513f6b9718 meson: Prelink links to avoid missing C++ initializers 
This is the same as what the old build system did in
7eca8a16ea, done for the same reasons.
 2024-07-02 09:26:22 -04:00
John Ericson
912c517bc0 Fix build of unit tests 2024-07-02 09:26:22 -04:00
John Ericson
f7ce10dbc1 Fix static build 2024-07-02 09:26:22 -04:00
John Ericson
874ff000d4 Fix format 2024-07-02 09:26:22 -04:00
John Ericson
7312d13acc Keep another test dir 2024-07-02 09:26:22 -04:00
John Ericson
17c843c5c5 Fix more issues 2024-07-02 09:26:22 -04:00
John Ericson
479befa76d More fixes 2024-07-02 09:26:22 -04:00
John Ericson
5ba9f6cec6 Fix typo 2024-07-02 09:26:22 -04:00
John Ericson
6a0582d9fd Rename file to avoid reserved name 2024-07-02 09:26:22 -04:00
John Ericson
79e0ef88bf Include missing components 2024-07-02 09:26:22 -04:00
John Ericson
2c184f694b Ensure we have data dir for libexpr unit tests 2024-07-02 09:26:22 -04:00
John Ericson
46ec69a483 Everything builds in the dev shell now 2024-07-02 09:26:22 -04:00
John Ericson
429d6ae2b5 Add missing package.nix 2024-07-02 09:26:22 -04:00
John Ericson
92d3a06b25 Remove overrides of removed flags since unit tests broken out 2024-07-02 09:26:22 -04:00
John Ericson
0b539dea4a Improve boost hacks 2024-07-02 09:26:22 -04:00
John Ericson
8399bd6b8f Dedup 2024-07-02 09:26:21 -04:00
John Ericson
8198888bc4 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
d6f57f3260 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
c88f83b471 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
4609ab318c Fix internal API docs 2024-07-02 09:23:25 -04:00
John Ericson
d902481a36 Better org 2024-07-02 09:23:25 -04:00
John Ericson
a81e319528 Deduplicating 2024-07-02 09:23:24 -04:00
John Ericson
17a8c2bfce Unit tests and external libraries 2024-07-02 09:23:24 -04:00
John Ericson
4fa8068b78 Mesonify other external API 2024-07-02 09:23:24 -04:00
John Ericson
31257009e1 Meson build for libexpr and libflake 2024-07-02 09:23:24 -04:00
John Ericson
fbdc554908 Fix Nix shell for building Perl too 2024-07-02 09:23:24 -04:00