aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2006-12-01* Right name.Eelco Dolstra
2006-12-01* More operations.Eelco Dolstra
* addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-11-30* More remote operations.Eelco Dolstra
* Added new operation hasSubstitutes(), which is more efficient than querySubstitutes().size() > 0.
2006-11-30* Doh.Eelco Dolstra
2006-11-30* More operations.Eelco Dolstra
2006-11-30* First remote operation: isValidPath().Eelco Dolstra
2006-11-30* When NIX_REMOTE is set to "slave", fork off nix-worker in slaveEelco Dolstra
mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure.
2006-11-30* Skeleton of the privileged worker program.Eelco Dolstra
* Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation.
2006-11-30* Oops.Eelco Dolstra
2006-11-30* Skeleton of remote store implementation.Eelco Dolstra
2006-11-30* Put building in the store API.Eelco Dolstra
2006-11-30* Refactoring. There is now an abstract interface class StoreAPIEelco Dolstra
containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations.
2006-11-30* Benchmarking Unix domain sockets.Eelco Dolstra
2006-11-30* Troubleshooting information on fixing a b0rked Berkeley DB database.Eelco Dolstra
2006-11-29* Don't spam.Eelco Dolstra
2006-11-29* Example script to set permissions for setuid operation.Roy van den Broek
2006-11-29* Remove --enable-setuid, --with-nix-user and --with-nix-group.Eelco Dolstra
Rather, setuid support is now always compiled in (at least on platforms that have the setresuid system call, e.g., Linux and FreeBSD), but it must enabled by chowning/chmodding the Nix binaries.
2006-11-24* Doh! Path sizes need to be computed recursively of course.Eelco Dolstra
(NIX-70)
2006-11-24* Dead files.Eelco Dolstra
2006-11-18* Show more progress.Eelco Dolstra
2006-11-18* Turn off synchronisation between C and C++ I/O functions. ThisEelco Dolstra
gives a huge speedup in operations that read or write from standard input/output. (So libstdc++'s I/O isn't that bad, you just have to call std::ios::sync_with_stdio(false).) For instance, `nix-store --register-substitutes' went from 1.4 seconds to 0.1 seconds on a certain input. Another victory for Valgrind.
2006-11-14* Grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr...Eelco Dolstra
2006-11-14* Doh!Eelco Dolstra
2006-11-14* Doh.Eelco Dolstra
2006-11-14* Use the patched ATerm library.Eelco Dolstra
2006-11-14* Push.Eelco Dolstra
2006-11-13* Remove the undocumented `noscan' feature. It's no longer necessaryEelco Dolstra
now that reference scanning is sufficiently streamy.
2006-11-13* Magic attribute `exportReferencesGraph' that allows the referencesEelco Dolstra
graph to be passed to a builder. This attribute should be a list of pairs [name1 path1 name2 path2 ...]. The references graph of each `pathN' will be stored in a text file `nameN' in the temporary build directory. The text files have the format used by `nix-store --register-validity'. However, the deriver fields are left empty. `exportReferencesGraph' is useful for builders that want to do something with the closure of a store path. Examples: the builders that make initrds and ISO images for NixOS. `exportReferencesGraph' is entirely pure. It's necessary because otherwise the only way for a builder to get this information would be to call `nix-store' directly, which is not allowed (though unfortunately possible).
2006-11-13* Option `--reregister' in `nix-store --register-validity'. We needEelco Dolstra
this in the NixOS installer (or in the buildfarm) to ensure that the cryptographic hash of the path contents still matches the actual contents.
2006-11-13* Don't use the result of `uname -p' on x86_64 as it gives wackyEelco Dolstra
results on some machines. (NIX-69)
2006-11-07* Fix the locking patch for Berkeley DB 4.5.Eelco Dolstra
2006-11-03* Fix importing of derivation outputs.Eelco Dolstra
2006-10-31* Oops, `nix-build --no-out-link' was broken.Eelco Dolstra
2006-10-30* Release notes.Eelco Dolstra
2006-10-30* readFile: don't overflow the stack on large files.Eelco Dolstra
2006-10-28* Don't use EPSV.Eelco Dolstra
2006-10-28* `nix-store --read-log / -l PATH' shows the build log of PATH, ifEelco Dolstra
available. For instance, $ nix-store -l $(which svn) | less lets you read the build log of the Subversion instance in your profile. * `nix-store -qb': if applied to a non-derivation, take the deriver.
2006-10-26* Typo reported by Arie Middelkoop.Eelco Dolstra
* Left out close-quote in example.
2006-10-23* Some better error messages.Eelco Dolstra
2006-10-19* Require Perl 5.8.0 or newer. I mean, it *is* more than four yearsEelco Dolstra
old...
2006-10-19* Checks for allowedReferences and some other features.Eelco Dolstra
* Use nix-build in a test.
2006-10-19* Better message.Eelco Dolstra
2006-10-19* toFile: maintain the references.Eelco Dolstra
2006-10-19* nix-build: check the exit status of `nix-store -r'.Eelco Dolstra
2006-10-19* Special derivation attribute `allowedReferences' that causes Nix toEelco Dolstra
check that the references of the output of a derivation are in the specified set. For instance, allowedReferences = []; specifies that the output cannot have any references. (This is useful, for instance, for the generation of bootstrap binaries for stdenv-linux, which must not have any references for purity). It could also be used to guard against undesired runtime dependencies, e.g., {gcc, dynlib}: derivation { ... allowedReferences = [dynlib]; } says that the output can refer to the path of `dynlib' but not `gcc'. A `forbiddedReferences' attribute would be more useful for this, though.
2006-10-17* Backwards compatibility hack for user environments made by Nix <= 0.10.Eelco Dolstra
2006-10-17* Backwards compatibility with old user environment manifests.Eelco Dolstra
2006-10-17* Print out the offending path.Eelco Dolstra
2006-10-17* An awful backwards compatibility hack.Eelco Dolstra
2006-10-17* baseNameOf: paths don't have to be absolute.Eelco Dolstra