| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-11-14 | use per-derivation sandbox profiles | Jude Taylor | |
| 2015-11-10 | Fix bad characters in "copying 7 missing paths from ..." | Eelco Dolstra | |
| 2015-11-09 | Add option to verify build determinism | Eelco Dolstra | |
| Passing "--option build-repeat <N>" will cause every build to be repeated N times. If the build output differs between any round, the build is rejected, and the output paths are not registered as valid. This is primarily useful to verify build determinism. (We already had a --check option to repeat a previously succeeded build. However, with --check, non-deterministic builds are registered in the DB. Preventing that is useful for Hydra to ensure that non-deterministic builds don't end up getting published at all.) | |||
| 2015-11-09 | Revert "Allow using /bin and /usr/bin as impure prefixes on non-darwin by ↵ | Eelco Dolstra | |
| default" This reverts commit 79ca5033329053caa364bb2f7e50953f859cc97f. Ouch, never noticed this. We definitely don't want to allow builds to have arbitrary access to /bin and /usr/bin, because then they can (for instance) bring in a bunch of setuid programs. Also, we shouldn't be encouraging the use of impurities in the default configuration. | |||
| 2015-11-09 | optimizePath(): Detect some .links corruption | Eelco Dolstra | |
| If automatic store optimisation is enabled, and a hard-linked file in the store gets corrupted, then the corresponding .links entry will also be corrupted. In that case, trying to repair with --repair or --repair-path won't work, because the new "good" file will be replaced by a hard link to the corrupted file. We can catch most of these cases by doing a sanity-check on the file sizes. | |||
| 2015-11-09 | Fix namespace issue | Eelco Dolstra | |
| 2015-11-08 | Merge branch 'libsystem-darwin-only' | Shea Levy | |
| Only require libsystem on darwin | |||
| 2015-11-08 | Only require libsystem on darwin | Shea Levy | |
| Fixes #688 | |||
| 2015-11-04 | Merge branch 'master' of https://github.com/pikajude/nix | Shea Levy | |
| > I made this change for two reasons: > 1. Darwin's locale data doesn't appear to be open source > 2. Privileged processes will always use /usr/share/locale regardless of environment variables | |||
| 2015-11-04 | Support SHA-512 hashes | Eelco Dolstra | |
| Fixes #679. Note: on x86_64, SHA-512 is considerably faster than SHA-256 (198 MB/s versus 131 MB/s). | |||
| 2015-11-04 | Require OpenSSL | Eelco Dolstra | |
| 2015-11-03 | fix syntax error | Jude Taylor | |
| 2015-11-03 | darwin: allow reading system locale and zoneinfo | Jude Taylor | |
| 2015-11-01 | Merge https://github.com/pikajude/nix | Shea Levy | |
| > As far as I can tell, the CoreFoundation function CFNumberFormatterCopyProperty segfaults if the > directory added in this pull request is not readable. This change allows openjdk-darwin to build in > the sandbox. | |||
| 2015-10-31 | allow reading ICU data | Jude Taylor | |
| 2015-10-31 | Merge branch 'master' of git://github.com/pikajude/nix | Shea Levy | |
| @pikajude: "This is required for perlPackages.IOTty and, by extension, mosh" | |||
| 2015-10-30 | add special devices to sandbox-defaults | Jude Taylor | |
| 2015-10-31 | Fix tarball build | Eelco Dolstra | |
| Fixes #671. | |||
| 2015-10-30 | <nix/fetchurl.nix>: Support xz-compressed NARs | Eelco Dolstra | |
| 2015-10-30 | <nix/fetchurl.nix>: Support downloading and unpacking NARs | Eelco Dolstra | |
| This removes the need to have multiple downloads in the stdenv bootstrap process (like a separate busybox binary for Linux, or curl/mkdir/sh/bzip2 for Darwin). Now all those files can be combined into a single NAR. | |||
| 2015-10-29 | int2String() -> std::to_string() | Eelco Dolstra | |
| 2015-10-26 | Merge branch 'emacs-mode-keywords' of https://github.com/pSub/nix | Eelco Dolstra | |
| 2015-10-26 | Merge pull request #667 from Ericson2314/mk-dist | Eelco Dolstra | |
| Don't depend on .git/ when generating source tarball V2 | |||
| 2015-10-26 | Merge pull request #668 from svanderburg/master | Eelco Dolstra | |
| Fix compilation error due to missing ENOENT on cygwin | |||
| 2015-10-21 | resolve-system-dependencies.pl: Simplify union impl | Shea Levy | |
| Patch by @pikajude | |||
| 2015-10-21 | use nixDataDir instead of appending /share to PREFIX | Jude Taylor | |
| 2015-10-21 | revert libutil change | Jude Taylor | |
| 2015-10-21 | clarifying comment | Jude Taylor | |
| 2015-10-21 | move preBuildHook defaulting to globals.cc | Jude Taylor | |
| 2015-10-21 | restore old DEFAULT_ALLOWED_IMPURE_PREFIXES | Jude Taylor | |
| 2015-10-21 | appropriately handle lock acquisition failures in resolve-system-dependencies.pl | Jude Taylor | |
| 2015-10-21 | now that resolve-system-dependencies exists, remove redundant impureHostDeps ↵ | Jude Taylor | |
| from buildenv | |||
| 2015-10-21 | Add resolve-system-dependencies.pl | Jude Taylor | |
| 2015-10-21 | remove usr paths from allowed inputs | Jude Taylor | |
| 2015-10-21 | allow access to SystemVersion for python builders | Jude Taylor | |
| 2015-10-21 | fix line reading in preBuildHook | Jude Taylor | |
| 2015-10-21 | remove sandbox defaults into a new file | Jude Taylor | |
| 2015-10-21 | restore allowed impure prefixes | Jude Taylor | |
| 2015-10-21 | remove an unneeded default impure-dep | Jude Taylor | |
| 2015-10-21 | make sandbox builds more permissive | Jude Taylor | |
| 2015-10-21 | give buildenv __impureHostDeps | Jude Taylor | |
| 2015-10-21 | add a few more permissions | Jude Taylor | |
| 2015-10-21 | Allow builtin fetchurl regardless of the derivation's system attribute | Eelco Dolstra | |
| 2015-10-21 | Show progress indicator for builtin fetchurl | Eelco Dolstra | |
| 2015-10-21 | Disable TLS verification for builtin fetchurl | Eelco Dolstra | |
| This makes it consistent with the Nixpkgs fetchurl and makes it work in chroots. We don't need verification because the hash of the result is checked anyway. | |||
| 2015-10-21 | Fix segfault in builtin fetchurl | Eelco Dolstra | |
| The stack allocated for the builder was way too small (32 KB). This is sufficient for normal derivations, because they just do some setup and then exec() the actual builder. But for the fetchurl builtin derivation it's not enough. Also, allocating the stack on the caller's stack was fishy business. | |||
| 2015-10-18 | Fix compilation error due to missing ENOENT on cygwin | Sander van der Burg | |
| 2015-10-15 | Don't depend on git when generating source tarball | John Ericson | |
| 2015-10-15 | Simplify source tarball postUnpack cleanupx | John Ericson | |
| 2015-10-10 | emacs mode: match keywords on the start/end of symbols | Pascal Wittmann | |
| If keywords are matched on the start/end of words then keywords are also matched if they are surrounded by dashes or underscores. For example the keyword with is highlighted in geany-with-vte. When matching on the start/end of symbols the keyword is only highlighted if it is not part of an other identifier. | |||
 |
index : lix | |
| User & |
| aboutsummaryrefslogtreecommitdiff |