Commit graph

4589 commits

Author SHA1 Message Date
Eelco Dolstra
e049d38290 Merge remote-tracking branch 'origin/master' into fsync-store-paths 2024-08-21 16:37:21 +02:00
eldritch horrors
03b258bf97 libutil: rename and optimize closeMostFDs
this is only used to close non-stdio files in derivation sandboxes. we
may as well encode that in its name, drop the unnecessary integer set,
and use close_range to deal with the actual closing of files. not only
is this clearer, it also makes sandbox setup on linux fast by 1ms each

(cherry-picked and adapted from
c7d97802e4)

Co-authored-by: Eelco Dolstra <edolstra@gmail.com>
Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>
Co-authored-by: John Ericson <git@JohnEricson.me>
2024-08-21 06:45:31 +02:00
Eelco Dolstra
257470b58d Merge remote-tracking branch 'origin/master' into flip-coroutines 2024-08-20 17:19:17 +02:00
tomberek
43e82c9446
Merge pull request #11300 from noamraph/homeless-shelter-to-proc
Make $HOME=/proc/homeless-shelter instead of /homeless-shelter
2024-08-19 23:26:41 -04:00
tomberek
d79b9bdec0
Merge pull request #11246 from NixOS/tomberek.ssl_warning
feat: better warning for common SSL error
2024-08-19 13:51:42 -04:00
Noam Yorav-Raphael
62b9a26f60 Set $HOME=/proc/homeless-shelter on Linux, and /homeless-shelter on OSX. 2024-08-19 20:18:08 +03:00
Eelco Dolstra
39daa4a0d3 withFramedSink(): Don't use a thread to monitor the other side
Since withFramedSink() is now used a lot more than in the past (for
every addToStore() variant), we were creating a lot of threads, e.g.

  nix flake show --no-eval-cache --all-systems github:NixOS/nix/afdd12be5e19c0001ff3297dea544301108d298

would create 46418 threads. While threads on Linux are cheap, this is
still substantial overhead.

So instead, just poll from FramedSink before every write whether there
are pending messages from the daemon. This could slightly increase the
latency on log messages from the daemon, but not on exceptions (which
were only synchronously checked from FramedSink anyway).

This speeds up the command above from 19.2s to 17.5s on my machine (a
9% speedup).
2024-08-19 18:15:15 +02:00
Tom Bereknyei
3e5bf90341 feat: better warning for common SSL errors 2024-08-19 11:01:56 -04:00
tomberek
9e37a93229
Merge pull request #11270 from amarshall/fix-darwin-sandbox-local-networking
libstore: fix port binding in __darwinAllowLocalNetworking sandbox
2024-08-16 23:17:21 -04:00
Robert Hensing
a03bb4455c Fix SSH invocation when local SHELL misbehaves
Setting it to /bin/sh will make it more predictable when users have
their favorite shell in SHELL, which might not behave as expected.
For instance, a bad rc file could send something to stdout before
our LocalCommand gets to write "started".

This may help https://github.com/NixOS/nix/issues/11010
2024-08-16 15:53:30 +02:00
John Ericson
34fe2478a2 Build Functional tests with Meson
Co-Authored-By: Qyriad <qyriad@qyriad.me>
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-14 15:35:40 -04:00
Noam Yorav-Raphael
77d84a8d8b /homeless-shelter -> /proc/homeless/shelter
This makes it so even root can't create $HOME, for example by running `mkdir -p $HOME/.cache/foo`.
2024-08-14 14:35:42 +03:00
John Ericson
58b03ef1cd Move NIX_BIN_DIR and all logic using it to the Nix executable itself
This is because with the split packages of the Meson build, we simply
have no idea what directory the binaries will be installed in when we
build the library.

In the process of doing so, consolidate and make more sophisticated the
logic to cope with a few corner cases (e.g. `NIX_BIN_DIR` exists, but no
binaries are inside it).

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-08-12 12:29:17 -04:00
Robert Hensing
18485d2d53
Merge pull request #11188 from lf-/jade/kill-int-overflow
Ban integer overflow in the Nix language
2024-08-11 04:24:16 +02:00
Andrew Marshall
00f6db36fd libstore: fix port binding in __darwinAllowLocalNetworking sandbox
In d60c3f7f7c, this was changed to close a
hole in the sandbox. Unfortunately, this was too restrictive such that it
made local port binding fail, thus making derivations that needed
`__darwinAllowLocalNetworking` gain nearly nothing, and thus largely
fail (as the primary use for it is to enable port binding).

This unfortunately does mean that a sandboxed build process can, in
coordination with an actor outside the sandbox, escape the sandbox by
binding a port and connecting to it externally to send data. I do not
see a way around this with my experimentation and understanding of the
(quite undocumented) macOS sandbox profile API. Notably it seems not
possible to use the sandbox to do any of:

- Restrict the remote IP of inbound network requests
- Restrict the address being bound to

As such, the `(local ip "*:*")` here appears to be functionally no
different than `(local ip "localhost:*")` (however it *should* be
different than removing the filter entirely, as that would make it also
apply to non-IP networking). Doing `(allow network-inbound (require-all
(local ip "localhost:*") (remote ip "localhost:*")))` causes listening
to fail.

Note that `network-inbound` implies `network-bind`.
2024-08-08 14:31:26 -04:00
Eelco Dolstra
0a00bd07b2 PathSubstitutionGoal: Fix spurious "failed" count in the progress bar
It is not an error if queryPathInfo() indicates that a path does not
exist in the substituter.

Fixes #11198. This was broken in 846869da0e.
2024-08-05 18:56:02 +02:00
Eelco Dolstra
9b5b7b7963 Fix the S3 store
It was failing with:

   error: AWS error fetching 'nix-cache-info': The specified bucket does not exist

because `S3BinaryCacheStoreImpl` had a `bucketName` field that
shadowed the inherited `bucketName from `S3BinaryCacheStoreConfig`.
2024-08-01 16:51:57 +02:00
John Ericson
733c816d34
Small windows cross fixes (#11230) 2024-07-31 20:04:18 +00:00
Eelco Dolstra
ed0934b884
Merge pull request #11140 from DeterminateSystems/protocol-features
WorkerProto: Support fine-grained protocol feature negotiation
2024-07-31 17:47:38 +02:00
Jade Lovelace
7b6622d733 language: cleanly ban integer overflows
This also bans various sneaking of negative numbers from the language
into unsuspecting builtins as was exposed while auditing the
consequences of changing the Nix language integer type to a newtype.

It's unlikely that this change comprehensively ensures correctness when
passing integers out of the Nix language and we should probably add a
checked-narrowing function or something similar, but that's out of scope
for the immediate change.

During the development of this I found a few fun facts about the
language:
- You could overflow integers by converting from unsigned JSON values.
- You could overflow unsigned integers by converting negative numbers
  into them when going into Nix config, into fetchTree, and into flake
  inputs.

  The flake inputs and Nix config cannot actually be tested properly
  since they both ban thunks, however, we put in checks anyway because
  it's possible these could somehow be used to do such shenanigans some
  other way.

Note that Lix has banned Nix language integer overflows since the very
first public beta, but threw a SIGILL about them because we run with
-fsanitize=signed-overflow -fsanitize-undefined-trap-on-error in
production builds. Since the Nix language uses signed integers, overflow
was simply undefined behaviour, and since we defined that to trap, it
did.

Trapping on it was a bad UX, but we didn't even entirely notice
that we had done this at all until it was reported as a bug a couple of
months later (which is, to be fair, that flag working as intended), and
it's got enough production time that, aside from code that is IMHO buggy
(and which is, in any case, not in nixpkgs) such as
https://git.lix.systems/lix-project/lix/issues/445, we don't think
anyone doing anything reasonable actually depends on wrapping overflow.

Even for weird use cases such as doing funny bit crimes, it doesn't make
sense IMO to have wrapping behaviour, since two's complement arithmetic
overflow behaviour is so *aggressively* not what you want for *any* kind
of mathematics/algorithms. The Nix language exists for package
management, a domain where bit crimes are already only dubiously in
scope to begin with, and it makes a lot more sense for that domain for
the integers to never lose precision, either by throwing errors if they
would, or by being arbitrary-precision.

Fixes: https://github.com/NixOS/nix/issues/10968
Original-CL: https://gerrit.lix.systems/c/lix/+/1596

Change-Id: I51f253840c4af2ea5422b8a420aa5fafbf8fae75
2024-07-30 18:13:05 -07:00
Jade Lovelace
dd75711895 Use std::strong_ordering for version comparison
The actual motive here is the avoidance of integer overflow if we were
to make these use checked NixInts and retain the subtraction.

However, the actual *intent* of this code is a three-way comparison,
which can be done with operator<=>, so we should just do *that* instead.

Change-Id: I7f9a7da1f3176424b528af6d1b4f1591e4ab26bf
2024-07-30 18:13:05 -07:00
John Ericson
12717325cc Make sure we use -isystem with Meson on some deps
Otherwise we get warnings on external code.
2024-07-29 13:06:26 -04:00
Robert Hensing
6e3bba5e26
Merge pull request #11171 from DeterminateSystems/speed-up-tarball-downloads
Increase download buffer size and improve tarball import logging
2024-07-29 15:02:35 +02:00
Eelco Dolstra
3c0963487e
Merge pull request #11196 from NixOS/rename-lock-read
Rename SyncBase::read() -> readLock()
2024-07-29 14:10:46 +02:00
Ivan Trubach
1b47748e5a libstore: return ENOTSUP for getxattr functions
This change updates the seccomp profile to return ENOTSUP for getxattr
functions family. This reflects the behavior of filesystems that don’t
support extended attributes (or have an option to disable them), e.g.
ext2.

The current behavior is confusing for some programs because we can read
extended attributes, but only get to know that they are not supported
when setting them. In addition to that, ACLs on Linux are implemented
via extended attributes internally and if we don’t return ENOTSUP, acl
library converts file mode to ACL.
https://git.savannah.nongnu.org/cgit/acl.git/tree/libacl/acl_get_file.c?id=d9bb1759d4dad2f28a6dcc8c1742ff75d16dd10d#n69
2024-07-28 13:28:52 +03:00
Robert Hensing
22f943bb1f dependencies: Centralize aws-sdk-cpp and sync with Nixpkgs
By syncing with Nixpkgs, we reuse the same derivation, which is
generally a good idea, and has the benefit that it is transitively
a channel blocker.

Changes:

- https://github.com/NixOS/nixpkgs/pull/163313 (SuperSandro2000)

  > nix: disable big-parallel for aws-sdk-cpp

  > aws-sdk-cpp only takes ~1m52s on a 4 core machine under 50% load
  > which does not justify the requirement on big parallel.

  > Tested with `nix-build -A nixVersions.nix_2_6.aws-sdk-cpp`.

  > I can finally build nix without requiring a big-parallel machine.

- https://github.com/NixOS/nixpkgs/pull/227506 (Artturin)

  > nix: use [ ] instead null to empty requiredSystemFeatures

  > fixes 'error: value is null while a list was expected' with 'nixpkgs.hostPlatform.gcc.arch = "x86_64";'
2024-07-27 02:16:05 +02:00
Robert Hensing
6af40f488a Rename SyncBase::read() -> readLock()
Make it explicit so it's clear what it's about when I and other
contributors read its call sites.
2024-07-27 01:39:13 +02:00
Robert Hensing
95845d92f7
Merge pull request #11192 from DeterminateSystems/store-sharedsync
Store: Use SharedSync
2024-07-27 01:32:13 +02:00
Robert Hensing
861bd102a6
Merge pull request #11167 from NixOS/repl-test-rejiggle
Fix repl test for `buildReadlineNoMarkdown`
2024-07-27 00:55:57 +02:00
Eelco Dolstra
ea46264bd3 Store: Use SharedSync for state 2024-07-26 16:14:03 +02:00
Eelco Dolstra
99c20d6624
Merge pull request #11179 from obsidiansystems/misc-fix
Misc fixes
2024-07-25 14:01:54 +02:00
Jörg Thalheim
63e50a4b56 add werror=suggest-override
Improves code readability by making overrides explicit.
Inspired by lix code-base
2024-07-25 07:41:12 +02:00
John Ericson
1ae5738317 Fix some warnings
I think they came from the last Nixpkgs bump.
2024-07-25 00:02:43 -04:00
John Ericson
3b49f7a143
Deduplicate our many package.nix a bit (#11175)
- They should all be built in parallel

- They should all use strict deps by default
2024-07-25 03:12:39 +00:00
Valentin Gagarin
a2fed6db9e
manual: Contributing -> Development, Hacking -> Building (#9014)
* manual: Contributing -> Development, Hacking -> Building

what's currently called "hacking" are really instructions for setting up
a development environment and compiling from source. we have
a contribution guide in the repo (which rightly focuses on GitHub
workflows), and the material in the manual is more about working
on the code itself.

since we'd otherwise have three headings that amount to "Building Nix",
this change also moves the "classic Nix" instructions to the top.

we may want to reorganise this in the future, and bring
contributor-oriented information closer to the code, but for now let's
stick to more accurate names to ease navigation.
2024-07-25 02:53:06 +00:00
Eelco Dolstra
f6a9a71b38 Warn if the download buffer is full 2024-07-24 20:14:31 +02:00
Eelco Dolstra
8ffea0a018 Add 'download-buffer-size' setting
We are piping curl downloads into `unpackTarfileToSink()`, but the
latter is typically slower than the former if you're on a fast
connection. So the download could appear unnecessarily slow. (There is
even a risk that if the Git import is *really* slow for whatever
reason, the TCP connection could time out.)

So let's make the download buffer bigger by default - 64 MiB is big
enough for the Nixpkgs tarball. Perhaps in the future, we could have
an unlimited buffer that spills data to disk beyond a certain
threshold, but that's probably overkill.
2024-07-24 20:10:45 +02:00
Eelco Dolstra
caf4e98f0c Log download durations 2024-07-24 20:10:41 +02:00
Robert Hensing
3172e88af5 Make abort() call sites log first 2024-07-24 16:52:04 +02:00
Eelco Dolstra
609df83c01 sourceToSink(): Throw EndOfFile 2024-07-24 16:24:38 +02:00
Eelco Dolstra
0194f81587 addToStore(): Do evaluation on the main stack
This hopefully avoids the need for all our Boehm GC coroutine
workarounds, since the GC roots will be on the main stack of the
thread.

Fixes #11141.
2024-07-24 16:24:38 +02:00
Eelco Dolstra
3be7c0037e WorkerProto: Support fine-grained protocol feature negotiation
Currently, the worker protocol has a version number that we increment
whenever we change something in the protocol. However, this can cause
a collision between Nix PRs / forks that make protocol changes
(e.g. PR #9857 increments the version, which could collide with
another PR). So instead, the client and daemon now exchange a set of
protocol features (such as `auth-forwarding`). They will use the
intersection of the sets of features, i.e. the features they both
support.

Note that protocol features are completely distinct from
`ExperimentalFeature`s.
2024-07-24 16:23:37 +02:00
John Ericson
d7024ac9b7 Add S3 opt dep to Meson, and simplify build
Numeric version macros are now defined upstream, so we don't need roll
our own.
2024-07-22 11:11:38 -04:00
John Ericson
823baa25f3 Meson build: libstore check for statvfs 2024-07-22 11:09:53 -04:00
Eelco Dolstra
40f80e1b5c
Merge pull request #11142 from detroyejr/fix-alias-flags
Allow flag aliases
2024-07-22 15:53:41 +02:00
poweredbypie
0ec5e3a1bc
Progress on Wine CI support, MinGW dev shell with Meson (#10975)
* Only build perl subproject on Linux

* Fix various Windows regressions

* Don't put the emulator hook in test builds

  We run the tests in a separate derivation. Only need it for the dev shell.

* Fix native dev shells

* Fix cross dev shells we don't know how to emulate

Co-authored-by: PoweredByPie <poweredbypie@users.noreply.github.com>
Co-authored-by: Joachim Schiele <js@lastlog.de>
Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2024-07-21 22:03:04 +00:00
detroyejr
74dccef004 addFlag: use aliases 2024-07-19 15:05:00 -04:00
Eelco Dolstra
58a79b6943 performOp(): Take a WorkerProto::BasicServerConnection 2024-07-19 13:35:46 +02:00
Eelco Dolstra
d231d802f5 Typo 2024-07-18 16:10:48 +02:00
Eelco Dolstra
c1d5cf6f34 Factor out commonality between WorkerProto::Basic{Client,Server}Connection
This also renames clientVersion and daemonVersion to the more correct
protoVersion (since it's the version agreed to by both sides).
2024-07-18 16:10:48 +02:00
John Ericson
2aa9cf34dd Move uriSchemes to *StoreConfig
It is a property of the configuration of a store --- how a store URL is
parsed into a store config, not a store itself.

Progress towards #10766
2024-07-17 23:48:19 -04:00
Farid Zakaria
57399bfc0e
Refactor unix domain socket store config (#11109)
Following what is outlined in #10766 refactor the uds-remote-store such
that the member variables (state) don't live in the store itself but in
the config object.

Additionally, the config object includes a new necessary constructor
that takes a scheme & authority.

Tests are commented out because of linking errors with the current config system.
When there is a new config system we can reenable them.

Co-authored-by: John Ericson <John.Ericson@Obsidian.Systems>
2024-07-17 23:32:27 -04:00
Eelco Dolstra
87f8ff23fe BasicClientConnection::handshake(): Don't send our version twice
This was accidentally introduced
in f71b4da0b3.  We didn't notice this
because the version got interpreted by the daemon as the obsolete "CPU
affinity will follow" field, and being non-zero, it would then read
another integer for the ignored CPU affinity.
2024-07-17 16:51:53 +02:00
Robert Hensing
b230c01f73
Merge pull request #11014 from obsidiansystems/plugins-libmain
Move plugins infra to `libnixmain`
2024-07-17 09:42:09 +02:00
Las Safin
a1f3f103bc
Check if drv is initialized in DerivationGoal::waiteeDone
It might not be set, in which case we shouldn't do anything.
Surprisingly, this somehow did not cause segfaults before?

Caught by UBSan.
2024-07-16 22:01:39 +00:00
John Ericson
808082ea03 Ensure we can construct remote store configs in isolation
Progress towards #10766

I thought that #10768 achieved, but when I went to use this stuff (in
Hydra), turns out it did not. (Those `using FooConfig;` lines were not
working --- they are so finicky!) This PR gets the job done, and adds
some trivial unit tests to make sure I did what I intended.

I had to add add a header to expose `SSHStoreConfig`, after which the
preexisting `ssh-store-config.*` were very confusingly named files, so I
renamed them to `common-ssh-store-config.hh` to match the type defined
therein.
2024-07-15 17:32:49 -04:00
John Ericson
0feeab755a Move plugins infra to libnixmain
They are not actually part of the store layer, but instead part of the
Nix executable infra (libraries don't need plugins, executables do).

This is part of a larger project of moving all of our legacy settings
infra to libmain, and having the underlying libraries just have plain
configuration structs detached from any settings infra / UI layer.

Progress on #5638
2024-07-15 17:26:03 -04:00
John Ericson
1a273a623f Inline settings.pluginFiles.name
In theory the warning is more noisy now, but in practice this will not
happen unless the client is older than 2.14 (highly unlikely).
2024-07-15 16:50:57 -04:00
Las Safin
846869da0e
Make goals use C++20 coroutines (#11005)
undefined
2024-07-15 16:49:15 -04:00
Robert Hensing
7e604f716c concatStrings: Give compiler access to definition for inlining
... at call sites that are may be in the hot path.

I do not know how clever the compiler gets at these sites.
My primary concern is to not regress performance and I am confident
that this achieves it the easy way.
2024-07-14 12:20:45 +02:00
Robert Hensing
e64643bf63 dropEmptyInitThenConcatStringsSep -> concatStringSep: feature should not be empty
(System) features are unlikely to be empty strings, but when they
come in through structuredAttrs, they probably can.
I don't think this means we should drop them, but most likely they
will be dropped after this because next time they'll be parsed with
tokenizeString.

TODO: We should forbid empty features.
2024-07-13 03:06:24 +02:00
Robert Hensing
f1966e22d9 dropEmptyInitThenConcatStringsSep -> concatStringSep: store paths are not empty 2024-07-13 03:06:24 +02:00
Robert Hensing
49d100ba8b dropEmptyInitThenConcatStringsSep -> concatStringSep: output name empty not feasible
I don't think it's completely impossible, but I can't construct
one easily as derivationStrict seems to (re)tokenize the outputs
attribute, dropping the empty output.

It's not a scenario we have to account for here.
2024-07-13 03:06:24 +02:00
Robert Hensing
d3e49ac881 dropEmptyInitThenConcatStringsSep -> concatStringSep: shortRefs are not empty 2024-07-13 03:06:24 +02:00
Robert Hensing
608a425550 dropEmptyInitThenConcatStringsSep -> concatStringSep: diag 2024-07-13 03:06:24 +02:00
Robert Hensing
75dde71ff9 dropEmptyInitThenConcatStringsSep -> concatStringSep: sigs are non-empty
The sigs field is produced by tokenizeStrings, which does not return
empty strings.
2024-07-13 03:06:24 +02:00
Robert Hensing
3f37785afd NIX_REMOTE_SYSTEMS: actually support multiple :-separated entries
Bug not reported in 6 years, but here you go.

Also it is safe to switch to normal concatStringsSep behavior
because tokenizeString does not produce empty items.
2024-07-13 03:06:24 +02:00
Robert Hensing
ea966a70fc dropEmptyInitThenConcatStringsSep -> concatStringSep: diagnostics and docs
These are non-critical, so their behavior is ok to change.
Dropping empty items is not needed and usually not expected.
2024-07-13 03:06:24 +02:00
Robert Hensing
1a8defd06f Refactor: rename C++ concatStringsSep -> dropEmptyInitThenConcatStringsSep 2024-07-13 03:05:50 +02:00
John Ericson
bc83b9dc1f Remove comparator.hh and switch to <=> in a bunch of places
Known behavior changes:

- `MemorySourceAccessor`'s comparison operators no longer forget to
  compare the `SourceAccessor` base class.

Progress on #10832

What remains for that issue is hopefully much easier!
2024-07-12 14:54:18 -04:00
Robert Hensing
11a6db5993 Remove unused operator<=>'s that darwin can't generate
It was complaining *a lot*, with dozens of MB of logs.
2024-07-12 17:37:27 +02:00
Robert Hensing
27eaeebc41 nar-accessor.cc: Silence unused variable warning 2024-07-12 15:38:17 +02:00
Robert Hensing
8df041cbc6 Solve unused header warnings reported by clangd 2024-07-12 15:37:54 +02:00
John Ericson
6e5cec292b Use a meson "generator" to deduplicate .gen.hh creation 2024-07-08 11:13:11 -04:00
John Ericson
d8850618b6
Merge pull request #11059 from rhendric/rhendric/reference-manual
docs: merge builtin-constants into builtins
2024-07-07 21:47:33 -04:00
Ryan Hendrickson
95890b3e1d docs: merge builtin-constants into builtins 2024-07-07 15:57:23 -04:00
Robert Hensing
a9592077fb
Merge pull request #11055 from NixOS/packaging-for-nixpkgs
Indirections for packaging meson-based granular build for Nixpkgs
2024-07-07 21:33:01 +02:00
Romain NEIL
514062c227 feat: configure aws s3 lib to use system defined proxy, if existent 2024-07-06 21:46:58 +02:00
Robert Hensing
0729f0a113 packaging: Pass version directly 2024-07-06 17:52:57 +02:00
Robert Hensing
ddff76f667
Merge pull request #10973 from NixOS/meson-libexpr
Meson build for libexpr libflake, external C API, unit tests
2024-07-05 20:27:12 +02:00
Robert Hensing
a476383f46
Merge pull request #11031 from emilazy/push-xsrvoyspsvqx
libstore: fix sandboxed builds on macOS
2024-07-05 17:08:39 +02:00
John Ericson
e4056b9afd
Apply suggestions from code review
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-07-04 17:48:27 -04:00
Emily
af2e1142b1 libstore: fix sandboxed builds on macOS
The recent fix for CVE-2024-38531 broke the sandbox on macOS
completely. As it’s not practical to use `chroot(2)` on
macOS, the build takes place in the main filesystem tree, and the
world‐unreadable wrapper directory prevents the build from accessing
its `$TMPDIR` at all.

The macOS sandbox probably shouldn’t be treated as any kind of a
security boundary in its current state, but this specific vulnerability
wasn’t possible to exploit on macOS anyway, as creating `set{u,g}id`
binaries is blocked by sandbox policy.

Locking down the build sandbox further may be a good idea in future,
but it already has significant compatibility issues. For now, restore
the previous status quo on macOS.

Thanks to @alois31 for helping me come to a better understanding of
the vulnerability.

Fixes: 1d3696f0fb
Closes: #11002
2024-07-04 16:28:37 +01:00
Emily
76e4adfaac libstore: clean up the build directory properly
After the fix for CVE-2024-38531, this was only removing the nested
build directory, rather than the top‐level temporary directory.

Fixes: 1d3696f0fb
2024-07-04 16:22:02 +01:00
John Ericson
30de61f16d
Merge pull request #11018 from siddhantk232/canonpath-fs-sink
Use `CanonPath` in `fs-sink.hh`
2024-07-03 10:36:18 -04:00
siddhantCodes
2cf24a2df0 fix tests and minor changes
- use the iterator in `CanonPath` to count `level`
- use the `CanonPath::basename` method
- use `CanonPath::root` instead of `CanonPath{""}`
- remove `Path` and `PathView`, use `std::filesystem::path` directly
2024-07-03 17:43:55 +05:30
John Ericson
4d6bc61b8d Fix things 2024-07-02 09:26:22 -04:00
John Ericson
513f6b9718 meson: Prelink links to avoid missing C++ initializers
This is the same as what the old build system did in
7eca8a16ea, done for the same reasons.
2024-07-02 09:26:22 -04:00
John Ericson
f7ce10dbc1 Fix static build 2024-07-02 09:26:22 -04:00
John Ericson
479befa76d More fixes 2024-07-02 09:26:22 -04:00
John Ericson
6a0582d9fd Rename file to avoid reserved name 2024-07-02 09:26:22 -04:00
John Ericson
0b539dea4a Improve boost hacks 2024-07-02 09:26:22 -04:00
John Ericson
8399bd6b8f Dedup 2024-07-02 09:26:21 -04:00
John Ericson
8198888bc4 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
d6f57f3260 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
c88f83b471 More dedup 2024-07-02 09:23:25 -04:00
John Ericson
d902481a36 Better org 2024-07-02 09:23:25 -04:00
John Ericson
a81e319528 Deduplicating 2024-07-02 09:23:24 -04:00
John Ericson
4fa8068b78 Mesonify other external API 2024-07-02 09:23:24 -04:00
John Ericson
31257009e1 Meson build for libexpr and libflake 2024-07-02 09:23:24 -04:00