max/nix-super
1
0
Fork 0
mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-24 14:56:15 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Commit graph

  • 9da367b7d5 * `nix-store -qR' and friends: print the paths sorted topologically under the references relation. This is useful for commands that want to copy paths to another Nix store in the right order. Eelco Dolstra 2007-02-21 22:45:10 +0000
  • 881feb9698 * Flag --print-invalid' in nix-store --check-validity' to print out which paths specified on the command line are invalid (i.e., don't barf when encountering an invalid path, just print it). This is useful for build-remote.pl to figure out which paths need to be copied to a remote machine. (Currently we use rsync, but that's rather inefficient.) Eelco Dolstra 2007-02-21 17:57:59 +0000
  • 65f195f4c7 * Check that the file containing the secret key is secret. Eelco Dolstra 2007-02-21 17:51:10 +0000
  • bdadb98de8 * `nix-store --import' now also works in remote mode. The worker always requires a signature on the archive. This is to ensure that unprivileged users cannot add Trojan horses to the Nix store. Eelco Dolstra 2007-02-21 17:34:02 +0000
  • 0f5da8a83c * Support exportPath() in remote mode. Eelco Dolstra 2007-02-21 16:34:00 +0000
  • dc7d594776 * importPath(): set the deriver. * exportPath(): lock the path, use a transaction. Eelco Dolstra 2007-02-21 16:23:25 +0000
  • 43c4d18c6a * nix-store --import': import an archive created by nix-store --export' into the Nix store, and optionally check the cryptographic signatures against /nix/etc/nix/signing-key.pub. (TODO: verify against a set of public keys.) Eelco Dolstra 2007-02-21 15:45:32 +0000
  • 46e0919ced * `nix-store --export --sign': sign the Nix archive using the RSA key in /nix/etc/nix/signing-key.sec Eelco Dolstra 2007-02-21 14:31:42 +0000
  • 6c9fdb17fb * Don't use $SHELL. Eelco Dolstra 2007-02-21 14:00:46 +0000
  • b824a1daee * Start of nix-store --export' operation for serialising a store path. This is like nix-store --dump', only it also dumps the meta-information of the store path (references, deriver). Will add a `--sign' flag later to add a cryptographic signature, which we will use for exchanging store paths between build farm machines in a secure manner. Eelco Dolstra 2007-02-20 23:17:20 +0000
  • 3390c1be76 * Temporary notes on how we're going to use OpenSSL. Eelco Dolstra 2007-02-20 22:57:46 +0000
  • 8181a1c3bb * Close the file - just in case. Eelco Dolstra 2007-02-20 22:49:08 +0000
  • 46605fb4f5 * Fix 64-bit compiler warnings. Eelco Dolstra 2007-02-06 20:03:53 +0000
  • 52d03276dd * Compatibility with docbook5-xsl. Eelco Dolstra 2007-02-05 12:10:10 +0000
  • 451dbf687f * nix-env now maintains meta info (from the meta' derivation attribute) about installed packages in user environments. Thus, an operation like nix-env -q --description' shows useful information not only on available packages but also on installed packages. Eelco Dolstra 2007-02-02 01:52:42 +0000
  • f52de527c7 * Doh! Eelco Dolstra 2007-01-29 15:55:49 +0000
  • b618fa6eb6 * computeStorePathForText: take the references into account when computing the store path (NIX-77). This is an important security property in multi-user Nix stores. Eelco Dolstra 2007-01-29 15:51:37 +0000
  • c558b1583c * Don't capitalise the primop functions. Eelco Dolstra 2007-01-29 15:15:37 +0000
  • 18e6096105 * Organise primops.cc a bit better. Eelco Dolstra 2007-01-29 15:11:32 +0000
  • 7349bd0176 New primitives: * sub' to subtract two numbers. * stringLength' to get the length of a string. * `substring' to get a substring of a string. These should be enough to allow most string operations to be expressed. Eelco Dolstra 2007-01-29 14:23:09 +0000
  • 7dedbd896a * filterSource: pass strings to the predicate function instead of paths. Paths can have unexpected semantics. Eelco Dolstra 2007-01-29 13:32:50 +0000
  • 84a84afb0e * Nasty: Glibc clears the TMPDIR environment variable in setuid programs, so if a builder uses TMPDIR, then it will fail when executed through nix-setuid-helper. In fact Glibc clears a whole bunch of variables (see sysdeps/generic/unsecvars.h in the Glibc sources), but only TMPDIR should matter in practice. As a workaround, we reinitialise TMPDIR from NIX_BUILD_TOP. Eelco Dolstra 2007-01-24 13:31:20 +0000
  • fac63d6416 * exportReferencesGraph: work on paths within store paths as well. Eelco Dolstra 2007-01-23 16:57:43 +0000
  • bae75ca5a1 * New kind of manifest object: "localPath", which denotes that a store path can be created by copying it from another location in the file system. This is useful in the NixOS installation. Eelco Dolstra 2007-01-23 16:50:19 +0000
  • 36d9258c0d * Successors have been gone for ages. Eelco Dolstra 2007-01-23 16:05:59 +0000
  • 7bc30e1ca8 * nix-prefetch-url: change the default hash to SHA-256 (in base-32). Eelco Dolstra 2007-01-22 09:53:36 +0000
  • 71ceb1c161 * Handle multiple indirect symlinks when loading a Nix expression. Eelco Dolstra 2007-01-15 14:50:25 +0000
  • e4b0666f8e * builtins.filterSource: pass the type of the file ("regular", "directory", "symlink") as the second argument to the filter predicate. Eelco Dolstra 2007-01-15 08:54:51 +0000
  • 63f3ce6d9a * nix-store --verify': revive checking the referrers table. This is important to get garbage collection to work if there is any inconsistency in the database (because the referrer table is used to determine whether it is safe to delete a path). * nix-store --verify': show some progress. Eelco Dolstra 2007-01-14 17:28:30 +0000
  • 8f67b35886 * Make the garbage collector more resilient to certain consistency errors: in-use paths now cause a warning, not a fatal error. Eelco Dolstra 2007-01-14 16:24:49 +0000
  • 8659edc098 * Don't forget the .flags files. Eelco Dolstra 2007-01-14 12:33:04 +0000
  • e418976107 * Option --argstr for passing string arguments easily. (NIX-75) Eelco Dolstra 2007-01-14 12:32:44 +0000
  • 4e329f173f * Doh. Eelco Dolstra 2007-01-14 12:16:58 +0000
  • afe23b5f38 * nix-pack-closure: store the top-level store paths in the closure. * nix-unpack-closure: extract the top-level paths from the closure and print them on stdout. This allows them to be installed, e.g., "nix-env -i $(nix-unpack-closure)". (NIX-64) Eelco Dolstra 2007-01-13 19:50:42 +0000
  • f25f900045 * Allow multiple --attr / -A arguments in nix-build / nix-instantiate (NIX-74). Eelco Dolstra 2007-01-13 18:25:30 +0000
  • 215505bb46 * Removed chroot support. Eelco Dolstra 2007-01-13 17:54:01 +0000
  • f23dcdd603 * Canonicalise ASTs in `nix-instantiate --eval': remove position info, sort attribute sets. Eelco Dolstra 2007-01-13 16:17:07 +0000
  • 05879db628 * Memoize strict evaluation. Eelco Dolstra 2007-01-13 15:41:54 +0000
  • 5011588459 * printTermAsXML: treat derivations specially; emit an element <derivation outPath=... drvPath=...> attrs </derivation>. Only emit the attributes of any specific derivation only. This prevents exponententially large XML output due to the absense of sharing. Eelco Dolstra 2007-01-13 15:11:10 +0000
  • 792878af91 * Make printing an expression as XML interruptible. Eelco Dolstra 2007-01-13 14:48:41 +0000
  • 11158028be * Cleanup. Eelco Dolstra 2007-01-13 14:21:49 +0000
  • 1b7840b949 Eelco Dolstra 2007-01-11 19:28:28 +0000
  • 69c8b5b8a7 * Install generate-patches into libexec. Eelco Dolstra 2007-01-11 16:19:45 +0000
  • 1f3722bd4a * Reject patches that are larger than a certain fraction of the full archive (currently 60%). Large patches aren't very economical. Eelco Dolstra 2007-01-08 15:32:15 +0000
  • 50bdec410a * Huge speedup in patch propagation (20 minutes or so to 3 seconds). Eelco Dolstra 2007-01-08 15:17:18 +0000
  • 4c63f9fe04 * Another great success. Eelco Dolstra 2006-12-29 22:23:51 +0000
  • 57969b95b3 * Testing 1 2 3. Eelco Dolstra 2006-12-29 20:37:55 +0000
  • cafaceb707 * Handle weird cases when the server redirects us while setting a cookie. Eelco Dolstra 2006-12-15 21:27:26 +0000
  • 1073b1780a * Remove debug message. Eelco Dolstra 2006-12-13 14:29:05 +0000
  • a3e6415ba8 * New primop builtins.filterSource, which can be used to filter files from a source directory. All files for which a predicate function returns true are copied to the store. Typical example is to leave out the .svn directory: Eelco Dolstra 2006-12-12 23:05:01 +0000
  • b438d37558 * In dumpPath(): pass a function object that allows files to be selectively in/excluded from the dump. Eelco Dolstra 2006-12-12 21:51:02 +0000
  • 3130f1f0fa * Push. Eelco Dolstra 2006-12-12 20:17:14 +0000
  • 7ace29dae7 * New operation `nix-env --set' which sets a user environment to a single derivation specified by the argument. This is useful when we want to have a profile for a single derivation, such as a server configuration. Then we can just say (e.g.) Eelco Dolstra 2006-12-12 19:06:02 +0000
  • 1a7e88bbd9 * New built-in function `builtins.attrNames' that returns the names of the attributes in an attribute set. Eelco Dolstra 2006-12-12 16:14:31 +0000
  • 5e6699188f Eelco Dolstra 2006-12-09 23:14:55 +0000
  • b17677462c * Use lchown() instead of chown() in canonicalisePathMetaData(). This matters when running as root, since then we don't use the setuid helper (which already used lchown()). Eelco Dolstra 2006-12-09 20:02:27 +0000
  • 5f681988f2 * Use deletePathWrapped() in more places. Eelco Dolstra 2006-12-09 00:26:24 +0000
  • fa33303146 * Goal cancellation inside the waitForInput() loop needs to be handled very carefully, since it can invalidate iterators into the `children' map. Eelco Dolstra 2006-12-08 18:41:48 +0000
  • 06c4929958 * Some refactoring. * Throw more exceptions as BuildErrors instead of Errors. This matters when --keep-going is turned on. (A BuildError is caught and terminates the goal in question, an Error terminates the program.) Eelco Dolstra 2006-12-08 17:26:21 +0000
  • 9dbfe242e3 * Kill a build if it has gone for more than a certain number of seconds without producing output on stdout or stderr (NIX-65). This timeout can be specified using the --max-silent-time' option or the build-max-silent-time' configuration setting. The default is infinity (0). Eelco Dolstra 2006-12-08 15:44:00 +0000
  • d3fe6ab024 * Also for convenience, change the ownership of the build output even in case of failure. Eelco Dolstra 2006-12-08 00:19:50 +0000
  • 096194ab29 * Remove ancient terminology. Eelco Dolstra 2006-12-07 23:58:36 +0000
  • 6833e8bbe8 * When keeping the temporary build directory (-K), change the owner back to the Nix account. Eelco Dolstra 2006-12-07 23:27:40 +0000
  • e24d0201c2 * Doh! Eelco Dolstra 2006-12-07 22:07:05 +0000
  • 2819eb36a4 * Be less verbose. Eelco Dolstra 2006-12-07 21:43:35 +0000
  • 4ca01065c3 * Rename all those main.cc files. Eelco Dolstra 2006-12-07 20:47:30 +0000
  • d03f0d4117 * Check for lchown. Eelco Dolstra 2006-12-07 18:51:11 +0000
  • c3286ec020 * Don't count on the Pid deconstructor to kill the child process, since if we're running a build user in non-root mode, we can't. Let the setuid helper do it. Eelco Dolstra 2006-12-07 17:52:58 +0000
  • a82d80ddeb * Move setuidCleanup() to libutil. Eelco Dolstra 2006-12-07 16:40:41 +0000
  • f76fdb6d42 * If not running as root, let the setuid helper kill the build user's processes before and after the build. Eelco Dolstra 2006-12-07 16:33:31 +0000
  • ec23ecc64d * In the garbage collector, if deleting a path fails, try to fix its ownership, then try again. Eelco Dolstra 2006-12-07 15:54:52 +0000
  • a0a43c3206 * When not running as root, call the setuid helper to change the ownership of the build result after the build. Eelco Dolstra 2006-12-07 15:18:14 +0000
  • 6a07ff1ec0 * Change the ownership of store paths to the Nix account before deleting them using the setuid helper. Eelco Dolstra 2006-12-07 14:14:35 +0000
  • 7d8cf316ee * Pass the actual build user to the setuid helper. Eelco Dolstra 2006-12-07 11:27:32 +0000
  • a45c498e4e * If Nix is not running as root, call the setuid helper to start the builder under the desired build user. Eelco Dolstra 2006-12-07 00:42:30 +0000
  • 813a7c65c9 * Sanity check. Eelco Dolstra 2006-12-07 00:19:27 +0000
  • 6a8e60913a * Move killUser() to libutil so that the setuid helper can use it. Eelco Dolstra 2006-12-07 00:16:07 +0000
  • 79875c5e42 * Change the ownership of the current directory to the build user. Eelco Dolstra 2006-12-06 23:52:25 +0000
  • 62ab131412 * Verify that the desired target user is in the build users group (as specified in the setuid config file). Eelco Dolstra 2006-12-06 23:15:26 +0000
  • f07ac41656 * Check that the caller is allowed to call the setuid helper. The allowed uid is specified in a configuration file in /etc/nix-setuid.conf. Eelco Dolstra 2006-12-06 22:45:41 +0000
  • 173d328351 * Urgh. Eelco Dolstra 2006-12-06 20:19:25 +0000
  • ef281b93c2 * Fix the safety check. Eelco Dolstra 2006-12-06 20:18:29 +0000
  • a14d491f09 * Oops. Eelco Dolstra 2006-12-06 20:16:28 +0000
  • 6e5ec1029a * Get rid of build-users'. We'll just take all the members of build-users-group'. This makes configuration easier: you can just add users in /etc/group. Eelco Dolstra 2006-12-06 20:00:15 +0000
  • 751f6d2157 * nix-setuid-helper: allow running programs under a different uid. Eelco Dolstra 2006-12-06 17:29:10 +0000
  • 9f0efa6611 * Start of the setuid helper (the program that performs the operations that have to be done as root: running builders under different uids, changing ownership of build results, and deleting paths in the store with the wrong ownership). Eelco Dolstra 2006-12-06 01:24:02 +0000
  • 2b558843a2 * Be less chatty. Eelco Dolstra 2006-12-05 19:01:19 +0000
  • 44cad9630f * Urgh. Do setgid() before setuid(), because the semantics of setgid() changes completely depending on whether you're root... Eelco Dolstra 2006-12-05 18:28:15 +0000
  • 6f0d050324 * Tricky: child processes should not send data to the client since that might mess up the protocol. And besides, the socket file descriptor is probably closed. Eelco Dolstra 2006-12-05 18:21:16 +0000
  • 4c1c37d0b6 * FreeBSD returns ESRCH when there are no processes to kill. Eelco Dolstra 2006-12-05 18:07:46 +0000
  • 8d1854c3f1 * Oops! In daemon mode, we can't run as root either if build-users is empty. Eelco Dolstra 2006-12-05 17:44:19 +0000
  • 99655245ae * Use an explicit handler for SIGCHLD, since SIG_IGN doesn't do the right thing on FreeBSD 4 (it leaves zombies). Eelco Dolstra 2006-12-05 17:21:42 +0000
  • 62b0497c0f * Better message. Eelco Dolstra 2006-12-05 16:17:01 +0000
  • c808e6252f * Ugly hack to handle spurious SIGPOLLs. Eelco Dolstra 2006-12-05 15:36:31 +0000
  • fd4a9db91f * Some renaming. Eelco Dolstra 2006-12-05 14:15:51 +0000
  • fc1c20d11b * Redundant. Eelco Dolstra 2006-12-05 13:57:35 +0000
  • a9c4f66cfb * Allow unprivileged users to run the garbage collector and to do nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * nix-store --delete --ignore-liveness': ignore the runtime roots as well. Eelco Dolstra 2006-12-05 02:18:46 +0000
  • 29cf434a35 * The determination of the root set should be made by the privileged process, so forward the operation. * Spam the user about GC misconfigurations (NIX-71). * findRoots: skip all roots that are unreadable - the warnings with which we spam the user should be enough. Eelco Dolstra 2006-12-05 01:31:45 +0000
  • 8623256f48 * findRoots: return a map from the symlink (outside of the store) to the store path (inside the store). Eelco Dolstra 2006-12-05 00:48:36 +0000
  • d27a73b1a9 * In addPermRoot, check that the root that we just registered can be found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores. Eelco Dolstra 2006-12-05 00:34:42 +0000