aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-04-07Revert /nix/store permission back to 01775Eelco Dolstra
This broke NixOS VM tests. Mostly reverts 27b7b94923d2f207781b438bb7a57669bddf7d2b, 5ce50cd99e740d0d0f18c30327ae687be9356553, afa433e58c3fe6029660a43fdc2073c9d15b4210.
2015-04-02Chroot builds: Provide world-readable /nix/storeEelco Dolstra
This was causing NixOS VM tests to fail mysteriously since 5ce50cd99e740d0d0f18c30327ae687be9356553. Nscd could (sometimes) no longer read /etc/hosts: open("/etc/hosts", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) Probably there was some wacky interaction between the guest kernel and the 9pfs implementation in QEMU.
2015-03-27Add dependency on libcurl-devEelco Dolstra
http://hydra.nixos.org/eval/1179370
2015-03-25Add fetchTarball builtinEelco Dolstra
This function downloads and unpacks the given URL at evaluation time. This is primarily intended to make it easier to deal with Nix expressions that have external dependencies. For instance, to fetch Nixpkgs 14.12: with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz) {}; Or to fetch a specific revision: with import (fetchTarball https://github.com/NixOS/nixpkgs/archive/2766a4b44ee6eafae03a042801270c7f6b8ed32a.tar.gz) {}; This patch also adds a ‘fetchurl’ builtin that downloads but doesn't unpack its argument. Not sure if it's useful though.
2015-03-25addToStore(): Take explicit name argumentEelco Dolstra
2015-03-24Improve setting the default chroot dirsEelco Dolstra
2015-03-24Add the closure of store paths to the chrootEelco Dolstra
Thus, for example, to get /bin/sh in a chroot, you only need to specify /bin/sh=${pkgs.bash}/bin/sh in build-chroot-dirs. The dependencies of sh will be added automatically.
2015-03-24Tighten permissions on chroot directoriesEelco Dolstra
2015-03-24Don't rely on __noChroot for corepkgsEelco Dolstra
This doesn't work anymore if the "strict" chroot mode is enabled. Instead, add Nix's store path as a dependency. This ensures that its closure is present in the chroot.
2015-03-19Disable scanning for interior pointersEelco Dolstra
This may remove the "Repeated allocation of very large block" warnings.
2015-03-19Fix Boehm API violationEelco Dolstra
We were calling GC_INIT() after doing an allocation (in the baseEnv construction), which is not allowed.
2015-03-19Check return values from malloc/strdupEelco Dolstra
2015-03-18Print some Boehm GC statsEelco Dolstra
2015-03-18valueSize(): Take into account list/bindings/env sizeEelco Dolstra
2015-03-06Fix typos: s/the the/the/Daniel Hahler
2015-03-06forceValueDeep: Add to error prefixEelco Dolstra
2015-03-06Improve error messageEelco Dolstra
2015-03-04Reduce verbosity in build-remote.plEelco Dolstra
2015-03-04Add option to hide display of missing pathsEelco Dolstra
2015-03-04Don't use vfork() before clone()Eelco Dolstra
I'm seeing hangs in Glibc's setxid_mark_thread() again. This is probably because the use of an intermediate process to make clone() safe from a multi-threaded program (see 524f89f1399724e596f61faba2c6861b1bb7b9c5) is defeated by the use of vfork(), since the intermediate process will have a copy of Glibc's threading data structures due to the vfork(). So use a regular fork() again.
2015-03-03Merge branch 'allow-system-library' of git://github.com/copumpkin/nixShea Levy
Make the default impure prefix include all of /System/Library
2015-03-02Make the default impure prefix (not actual allowed impurities!) include all ↵Dan Peebles
of /System/Library, since we also want PrivateFrameworks from there and (briefly) TextEncodings, and who knows what else. Yay infectious impurities?
2015-03-02Allow local networking in the darwin sandbox to appease testsDan Peebles
2015-02-23TypoEelco Dolstra
2015-02-23More graceful fallback for chroots on Linux < 2.13Eelco Dolstra
2015-02-23Use chroots for all derivationsEelco Dolstra
If ‘build-use-chroot’ is set to ‘true’, fixed-output derivations are now also chrooted. However, unlike normal derivations, they don't get a private network namespace, so they can still access the network. Also, the use of the ‘__noChroot’ derivation attribute is no longer allowed. Setting ‘build-use-chroot’ to ‘relaxed’ gives the old behaviour.
2015-02-23Add restricted evaluation modeEelco Dolstra
If ‘--option restrict-eval true’ is given, the evaluator will throw an exception if an attempt is made to access any file outside of the Nix search path. This is primarily intended for Hydra, where we don't want people doing ‘builtins.readFile ~/.ssh/id_dsa’ or stuff like that.
2015-02-22Merge branch 'gh-476-fix-install-script' of git://github.com/jramnani/nixShea Levy
sometimes cd prints to stdout
2015-02-22Merge branch 'docs/channels-path' of git://github.com/iElectric/nixShea Levy
2015-02-22fixes https://github.com/NixOS/nixpkgs/issues/6485Domen Kožar
2015-02-19Merge branch 'tilde-paths' of https://github.com/shlevy/nixEelco Dolstra
2015-02-19tilde paths: The rest of the string has to start with a slash anywayShea Levy
2015-02-19tilde paths: construct the entire path at parse timeShea Levy
2015-02-19tilde paths: get HOME at parse timeShea Levy
2015-02-19Remove obsolete reference to ~ operatorEelco Dolstra
2015-02-19ExprConcatStrings: canonicalize concatenated pathsShea Levy
2015-02-19FIXMEsEelco Dolstra
2015-02-19Allow the leading component of a path to be a ~Shea Levy
2015-02-18Escape arguments to nix-shell #! scriptsEelco Dolstra
2015-02-18Support passing command line arguments to nix-shell #! scriptsEelco Dolstra
2015-02-18Fix nix-shell shebang scripts if -p is usedEelco Dolstra
2015-02-18nix-store --generate-binary-cache-key: Write key to diskEelco Dolstra
This ensures proper permissions for the secret key.
2015-02-17Use $<attr>Path instead of $<attr> for passAsFileEelco Dolstra
2015-02-17Allow passing attributes via files instead of environment variablesEelco Dolstra
Closes #473.
2015-02-17Keep sortedEelco Dolstra
2015-02-17Include NAR size in fingerprint computationEelco Dolstra
This is not strictly needed for integrity (since we already include the NAR hash in the fingerprint) but it helps against endless data attacks [1]. (However, this will also require download-from-binary-cache.pl to bail out if it receives more than the specified number of bytes.) [1] https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf
2015-02-16Test chroot buildingEelco Dolstra
2015-02-16Use pivot_root in addition to chroot when possibleHarald van Dijk
chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use.
2015-02-12Revert "Remove Fedora 18, 19 builds"Eelco Dolstra
This reverts commit 9c58691ce3a35833ddcbf157f9f174ab0cc1c37a. Fedora 18/19 images should build again.
2015-02-11Nix install script failed when "cd" printed to stdout.Jeff Ramnani
In some cases the bash builtin command "cd" can print the variable $CWD to stdout. This caused the install script to fail while copying files because the source path was wrong. Fixes #476.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 15:51:19 +0000