aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-05-04Linux sandbox: Use /build instead of /tmp as $TMPDIREelco Dolstra
There is a security issue when a build accidentally stores its $TMPDIR in some critical place, such as an RPATH. If TMPDIR=/tmp/nix-build-..., then any user on the system can recreate that directory and inject libraries into the RPATH of programs executed by other users. Since /build probably doesn't exist (or isn't world-writable), this mitigates the issue.
2017-05-04nix dump-path: AddEelco Dolstra
This is primarily useful for extracting NARs from other stores (like binary caches), which "nix-store --dump" cannot do.
2017-05-03Fix Ubuntu 16.10 buildEelco Dolstra
http://hydra.nixos.org/build/52420073
2017-05-03perl-bindings: Remove unused --with-store-dir flagEelco Dolstra
2017-05-03Fix build on gcc 4.9Eelco Dolstra
http://hydra.nixos.org/build/52408843
2017-05-03nix-shell: Implement passAsFileEelco Dolstra
2017-05-03nix eval: Add a --raw flagEelco Dolstra
Similar to "jq -r", this prints the evaluation result (which must be a string value) unquoted.
2017-05-03Fix perlBindings.x86_64-darwinEelco Dolstra
http://hydra.nixos.org/build/52401151
2017-05-03Merge pull request #1371 from regnat/doc_--xml_fixEelco Dolstra
fix the description of --xml and --json
2017-05-03doc: fix the description of --xml and --jsonregnat
Those options seem to only apply with --eval and not with --parse.
2017-05-02build-remote: Add a basic testEelco Dolstra
This only runs on Linux because it requires a diverted store (which uses mount/user namespaces).
2017-05-02Fix "nix ... --all"Eelco Dolstra
When "--all" is used, we should not fill in a default installable.
2017-05-02Add a test for diverted storesEelco Dolstra
2017-05-02LocalStoreAccessor: Fix handling of diverted storesEelco Dolstra
2017-05-02Replace $NIX_REMOTE_SYSTEMS with an option "builder-files"Eelco Dolstra
Also, to unify with hydra-queue-runner, allow it to be a list of files.
2017-05-02build-remote: Fix fallback to other machines when connecting failsEelco Dolstra
Opening an SSHStore or LegacySSHStore does not actually establish a connection, so the try/catch block here did nothing. Added a Store::connect() method to test whether a connection can be established.
2017-05-02Add an option for specifying remote buildersEelco Dolstra
This is useful for one-off situations where you want to specify a builder on the command line instead of having to mess with nix.machines. E.g. $ nix-build -A hello --argstr system x86_64-darwin \ --option builders 'root@macstadium1 x86_64-darwin' will perform the specified build on "macstadium1". It also removes the need for a separate nix.machines file since you can specify builders in nix.conf directly. (In fact nix.machines is yet another hack that predates the general nix.conf configuration file, IIRC.) Note: this option is supported by the daemon for trusted users. The fact that this allows trusted users to specify paths to SSH keys to which they don't normally have access is maybe a bit too much trust...
2017-05-02Factor out machines.conf parsingEelco Dolstra
This allows hydra-queue-runner to use it.
2017-05-02build-hook: If there are no machines defined, quit permanentlyEelco Dolstra
2017-05-02Fix build hook testEelco Dolstra
2017-05-02build-remote: Ugly hackery to get build logs to workEelco Dolstra
The build hook mechanism expects build log output to go to file descriptor 4, so do that.
2017-05-01build-remote: Don't require signaturesEelco Dolstra
This restores the old behaviour.
2017-05-01Support arbitrary store URIs in nix.machinesEelco Dolstra
For backwards compatibility, if the URI is just a hostname, ssh:// (i.e. LegacySSHStore) is prepended automatically. Also, all fields except the URI are now optional. For example, this is a valid nix.machines file: local?root=/tmp/nix This is useful for testing the remote build machinery since you don't have to mess around with ssh.
2017-05-01Minor cleanupEelco Dolstra
2017-05-01Implement LegacySSHStore::buildDerivation()Eelco Dolstra
This makes LegacySSHStore usable by build-remote and hydra-queue-runner.
2017-05-01Chomp log output from the build hookEelco Dolstra
2017-05-01Remove $NIX_BUILD_HOOK and $NIX_CURRENT_LOADEelco Dolstra
This is to simplify remote build configuration. These environment variables predate nix.conf. The build hook now has a sensible default (namely build-remote). The current load is kept in the Nix state directory now.
2017-05-01build-remote: Don't copy the .drv closureEelco Dolstra
Since build-remote uses buildDerivation() now, we don't need to copy the .drv file anymore. This greatly reduces the set of input paths copied to the remote side (e.g. from 392 to 51 store paths for GNU hello on x86_64-darwin).
2017-05-01Pass verbosity level to build hookEelco Dolstra
2017-05-01Reduce severity of EMLINK warningsEelco Dolstra
Fixes #1357.
2017-05-01Add a dummy Store::buildPaths() methodEelco Dolstra
This default implementation of buildPaths() does nothing if all requested paths are already valid, and throws an "unsupported operation" error otherwise. This fixes a regression introduced by c30330df6f67c81986dfb124631bc756c8e58c0d in binary cache and legacy SSH stores.
2017-05-01Merge pull request #1366 from Mic92/fix-nix-daemon-serviceEelco Dolstra
nix-daemon.service: fix startup
2017-05-01Merge branch 'remove-catchall' of https://github.com/layus/nixEelco Dolstra
2017-05-01lexer: remove catch-all rules hiding real errorsGuillaume Maudoux
With catch-all rules, we hide potential errors. It turns out that a4744254 made one cath-all useless. Flex detected that is was impossible to reach. The other is more subtle, as it can only trigger on unfinished escapes in unfinished strings, which only occurs at EOF.
2017-05-01Fix lexer to support `$'` in multiline strings.Guillaume Maudoux
2017-04-29nix-daemon.service: set XDG_CONFIG_HOMEJörg Thalheim
Otherwise starting nix-daemon fails ● nix-daemon.service - Nix Daemon Loaded: loaded (/nix/store/mnf00a6gc55xl47smk0b32gmi7xpvlfp-nix-1.12pre5308_2f21d522/lib/systemd/system/nix-daemon.service; enabled; vendor preset: enabled) Drop-In: /nix/store/m2rgjp71n4kyp8j5fxgbrlv13scd5vvv-system-units/nix-daemon.service.d └─overrides.conf Active: failed (Result: exit-code) since Sat 2017-04-29 11:29:21 CEST; 9s ago Process: 7299 ExecStart=nix-daemon --daemon (code=exited, status=1/FAILURE) Main PID: 7299 (code=exited, status=1/FAILURE) CPU: 19ms ... systemd[1]: Started Nix Daemon. ... nix-daemon[7299]: error: $XDG_CONFIG_HOME and $HOME are not set ... systemd[1]: nix-daemon.service: Main process exited, code=exited, status=1/FAILURE ... systemd[1]: nix-daemon.service: Unit entered failed state. ... systemd[1]: nix-daemon.service: Failed with result 'exit-code'. ... systemd[1]: nix-daemon.service: Start request repeated too quickly. ... systemd[1]: Failed to start Nix Daemon. ... systemd[1]: nix-daemon.service: Failed with result 'exit-code'.
2017-04-28Hopefully fix the Darwin buildEelco Dolstra
http://hydra.nixos.org/build/52080911
2017-04-28Suppress warning about ssh-auth-sockEelco Dolstra
2017-04-28Check for libreadlineEelco Dolstra
2017-04-28Fix brainfartEelco Dolstra
2017-04-28Fix hash computation when importing NARs greater than 4 GiBEelco Dolstra
This caused "nix-store --import" to compute an incorrect hash on NARs that don't fit in an unsigned int. The import would succeed, but "nix-store --verify-path" or subsequent exports would detect an incorrect hash. A deeper issue is that the export/import format does not contain a hash, so we can't detect such issues early. Also, I learned that -Wall does not warn about this.
2017-04-26Merge pull request #1358 from shlevy/store-nestingEelco Dolstra
Add Store nesting to fix import-from-derivation within filterSource
2017-04-26Add Store nesting to fix import-from-derivation within filterSourceShea Levy
2017-04-26DohEelco Dolstra
2017-04-26Simplify building nix-perl in nix-shellEelco Dolstra
2017-04-25nix repl: Fix Ctrl-CEelco Dolstra
2017-04-25Minor cleanupEelco Dolstra
2017-04-25Fix nix-shell testEelco Dolstra
2017-04-25"using namespace std" considered harmfulEelco Dolstra
2017-04-25nix repl: Use $XDG_DATA_HOME for the readline historyEelco Dolstra