Commit graph

811 commits

Author SHA1 Message Date
Eelco Dolstra
fcd9900d74 * Replace read-only calls to addTextToStore. 2006-12-01 21:00:39 +00:00
Eelco Dolstra
a824d58b56 * Merge addToStore and addToStoreFixed.
* addToStore now adds unconditionally, it doesn't use readOnlyMode.
  Read-only operation is up to the caller (who can call
  computeStorePathForPath).
2006-12-01 20:51:18 +00:00
Eelco Dolstra
ceb982a1be * Right name. 2006-12-01 18:02:05 +00:00
Eelco Dolstra
b0d8e05be1 * More operations.
* addToStore() and friends: don't do a round-trip to the worker if
  we're only interested in the path (i.e., in read-only mode).
2006-12-01 18:00:01 +00:00
Eelco Dolstra
0565b5f2b3 * More remote operations.
* Added new operation hasSubstitutes(), which is more efficient than
  querySubstitutes().size() > 0.
2006-11-30 22:43:55 +00:00
Eelco Dolstra
aac547a8b3 * Doh. 2006-11-30 21:32:46 +00:00
Eelco Dolstra
0263279071 * More operations. 2006-11-30 20:45:20 +00:00
Eelco Dolstra
a711689368 * First remote operation: isValidPath(). 2006-11-30 20:13:59 +00:00
Eelco Dolstra
765bdfe542 * When NIX_REMOTE is set to "slave", fork off nix-worker in slave
mode.  Presumably nix-worker would be setuid to the Nix store user.
  The worker performs all operations on the Nix store and database, so
  the caller can be completely unprivileged.

  This is already much more secure than the old setuid scheme, since
  the worker doesn't need to do Nix expression evaluation and so on.
  Most importantly, this means that it doesn't need to access any user
  files, with all resulting security risks; it only performs pure
  store operations.

  Once this works, it is easy to move to a daemon model that forks off
  a worker for connections established through a Unix domain socket.
  That would be even more secure.
2006-11-30 19:54:43 +00:00
Eelco Dolstra
40b3f64b55 * Skeleton of the privileged worker program.
* Some refactoring: put the NAR archive integer/string serialisation
  code in a separate file so it can be reused by the worker protocol
  implementation.
2006-11-30 19:19:59 +00:00
Eelco Dolstra
9adc074dc3 * Oops. 2006-11-30 18:35:50 +00:00
Eelco Dolstra
9cf1948993 * Skeleton of remote store implementation. 2006-11-30 18:35:36 +00:00
Eelco Dolstra
6ecb840fd1 * Put building in the store API. 2006-11-30 18:02:04 +00:00
Eelco Dolstra
e2ef5e07fd * Refactoring. There is now an abstract interface class StoreAPI
containing functions that operate on the Nix store.  One
  implementation is LocalStore, which operates on the Nix store
  directly.  The next step, to enable secure multi-user Nix, is to
  create a different implementation RemoteStore that talks to a
  privileged daemon process that uses LocalStore to perform the actual
  operations.
2006-11-30 17:43:04 +00:00
Eelco Dolstra
80b742dd52 * Don't spam. 2006-11-29 22:07:49 +00:00
Roy van den Broek
92417600a1 * Example script to set permissions for setuid operation. 2006-11-29 21:58:09 +00:00
Eelco Dolstra
71e867c5f5 * Remove --enable-setuid, --with-nix-user and --with-nix-group.
Rather, setuid support is now always compiled in (at least on
  platforms that have the setresuid system call, e.g., Linux and
  FreeBSD), but it must enabled by chowning/chmodding the Nix
  binaries.
2006-11-29 21:06:58 +00:00
Eelco Dolstra
c6a97e3b74 * Doh! Path sizes need to be computed recursively of course.
(NIX-70)
2006-11-24 20:24:14 +00:00
Eelco Dolstra
a76efaeb3f * Dead files. 2006-11-24 20:07:30 +00:00
Eelco Dolstra
0541ddc7e3 * Turn off synchronisation between C and C++ I/O functions. This
gives a huge speedup in operations that read or write from standard
  input/output.  (So libstdc++'s I/O isn't that bad, you just have to
  call std::ios::sync_with_stdio(false).)  For instance, `nix-store
  --register-substitutes' went from 1.4 seconds to 0.1 seconds on a
  certain input.  Another victory for Valgrind.
2006-11-18 18:56:30 +00:00
Eelco Dolstra
f459a5bb3a * Remove the undocumented `noscan' feature. It's no longer necessary
now that reference scanning is sufficiently streamy.
2006-11-13 18:19:05 +00:00
Eelco Dolstra
e2a70b7ec0 * Magic attribute `exportReferencesGraph' that allows the references
graph to be passed to a builder.  This attribute should be a list of
  pairs [name1 path1 name2 path2 ...].  The references graph of each
  `pathN' will be stored in a text file `nameN' in the temporary build
  directory.  The text files have the format used by `nix-store
  --register-validity'.  However, the deriver fields are left empty.

  `exportReferencesGraph' is useful for builders that want to do
  something with the closure of a store path.  Examples: the builders
  that make initrds and ISO images for NixOS.

  `exportReferencesGraph' is entirely pure.  It's necessary because
  otherwise the only way for a builder to get this information would
  be to call `nix-store' directly, which is not allowed (though
  unfortunately possible).
2006-11-13 18:18:13 +00:00
Eelco Dolstra
e40d4a5604 * Option --reregister' in nix-store --register-validity'. We need
this in the NixOS installer (or in the buildfarm) to ensure that the
  cryptographic hash of the path contents still matches the actual
  contents.
2006-11-13 16:48:27 +00:00
Eelco Dolstra
7e85a2af5f * Fix importing of derivation outputs. 2006-11-03 16:17:39 +00:00
Eelco Dolstra
8478cd260f * readFile: don't overflow the stack on large files. 2006-10-30 11:56:09 +00:00
Eelco Dolstra
ae6fb27f18 * `nix-store --read-log / -l PATH' shows the build log of PATH, if
available.  For instance,

    $ nix-store -l $(which svn) | less

  lets you read the build log of the Subversion instance in your
  profile.

* `nix-store -qb': if applied to a non-derivation, take the deriver.
2006-10-28 16:33:54 +00:00
Eelco Dolstra
dd300fb48d * Some better error messages. 2006-10-23 16:45:19 +00:00
Eelco Dolstra
17f4883bfe * Better message. 2006-10-19 17:43:58 +00:00
Eelco Dolstra
9bd93f7606 * toFile: maintain the references. 2006-10-19 17:39:02 +00:00
Eelco Dolstra
6a67556f71 * Special derivation attribute `allowedReferences' that causes Nix to
check that the references of the output of a derivation are in the
  specified set.  For instance,

    allowedReferences = [];

  specifies that the output cannot have any references.  (This is
  useful, for instance, for the generation of bootstrap binaries for
  stdenv-linux, which must not have any references for purity).  It
  could also be used to guard against undesired runtime dependencies,
  e.g.,

    {gcc, dynlib}: derivation {
      ...
      allowedReferences = [dynlib];
    }

  says that the output can refer to the path of `dynlib' but not
  `gcc'.  A `forbiddedReferences' attribute would be more useful for
  this, though.
2006-10-19 16:09:24 +00:00
Eelco Dolstra
daa8f85fcd * Backwards compatibility hack for user environments made by Nix <= 0.10. 2006-10-17 14:13:15 +00:00
Eelco Dolstra
24737f279e * Backwards compatibility with old user environment manifests. 2006-10-17 14:01:45 +00:00
Eelco Dolstra
4bd5cdb90b * Print out the offending path. 2006-10-17 14:01:28 +00:00
Eelco Dolstra
58ff6939f4 * An awful backwards compatibility hack. 2006-10-17 12:58:42 +00:00
Eelco Dolstra
3059df0f1e * baseNameOf: paths don't have to be absolute. 2006-10-17 12:34:13 +00:00
Eelco Dolstra
822dba2210 * Maintain the references for the user environment properly. 2006-10-17 12:15:15 +00:00
Eelco Dolstra
be1961c9f8 * toPath: should be the identity on paths. 2006-10-17 11:07:11 +00:00
Eelco Dolstra
cba913c521 * dirOf: return a path if the argument is a path. 2006-10-17 11:05:34 +00:00
Eelco Dolstra
cf705eaf78 * toString: don't copy paths. So toString can be used to pass
non-store paths to a builder.
2006-10-17 10:58:12 +00:00
Eelco Dolstra
7de5fe2fc2 * Do the path check on the normal form. 2006-10-17 10:57:25 +00:00
Eelco Dolstra
46b631b6c4 * Don't generate an empty drvPath attribute in the manifest. 2006-10-17 10:15:42 +00:00
Eelco Dolstra
d7efd76394 * Big cleanup of the semantics of paths, strings, contexts, string
concatenation and string coercion.  This was a big mess (see
  e.g. NIX-67).  Contexts are now folded into strings, so that they
  don't cause evaluation errors when they're not expected.  The
  semantics of paths has been clarified (see nixexpr-ast.def).
  toString() and coerceToString() have been merged.

  Semantic change: paths are now copied to the store when they're in a
  concatenation (and in most other situations - that's the
  formalisation of the meaning of a path).  So

    "foo " + ./bla

  evaluates to "foo /nix/store/hash...-bla", not "foo
  /path/to/current-dir/bla".  This prevents accidental impurities, and
  is more consistent with the treatment of derivation outputs, e.g.,
  `"foo " + bla' where `bla' is a derivation.  (Here `bla' would be
  replaced by the output path of `bla'.)
2006-10-16 15:55:34 +00:00
Eelco Dolstra
37c8a664f3 * A helpful message. 2006-10-13 11:49:55 +00:00
Eelco Dolstra
e4af398681 * Don't crash when upgrading the Berkeley DB environment. 2006-10-13 11:15:53 +00:00
Eelco Dolstra
7d4567f2cc * Removed URIs from the evaluator (NIX-66). They are now just another
kind of notation for strings.
2006-10-11 21:59:33 +00:00
Eelco Dolstra
0c4c5c2020 * Quick hack to fix NIX-67: evaluation result differing if the Nix
expression resides in the store.
2006-10-10 21:23:35 +00:00
Eelco Dolstra
bd0c40e1e9 * import': unwrap the context. Necessary to make import (x + y)'
work, where x is a store path.
2006-10-10 15:07:23 +00:00
Eelco Dolstra
9e08f5efe1 * Documented nix-store --dump / --restore. 2006-10-05 22:57:07 +00:00
Eelco Dolstra
5fd44654db * toXML: propagate the context to allow derivations to be used in the
argument.
2006-10-03 15:38:59 +00:00
Eelco Dolstra
d20c3011a0 * toFile: added an additional argument to specify the store path
suffix, e.g., `builtins.toFile "builder.sh" "..."'.
* toFile: handle references to other files correctly.
2006-10-03 14:55:54 +00:00