aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-09-17* Don't assume that we want a shared Nix store.Eelco Dolstra
2011-09-12* Ouch. A store upgrade could cause a substituter to be triggered,Eelco Dolstra
causing a deadlock.
2011-09-06bootstrap: Simplify & make more robust.Ludovic Courtès
2011-09-06* Added a command ‘nix-store --verify-paths PATHS’ to check whetherEelco Dolstra
the contents of any of the given store paths have been modified. E.g. $ nix-store --verify-path $(nix-store -qR /var/run/current-system) path `/nix/store/m2smyiwbxidlprfxfz4rjlvz2c3mg58y-etc' was modified! expected hash `fc87e271c5fdf179b47939b08ad13440493805584b35e3014109d04d8436e7b8', got `20f1a47281b3c0cbe299ce47ad5ca7340b20ab34246426915fce0ee9116483aa' All paths are checked; the exit code is 1 if any path has been modified, 0 otherwise.
2011-09-06* Add some -f flags, never hurts.Eelco Dolstra
2011-08-31* Eliminate all uses of the global variable ‘store’ from libstore.Eelco Dolstra
This should also fix: nix-instantiate: ./../boost/shared_ptr.hpp:254: T* boost::shared_ptr<T>::operator->() const [with T = nix::StoreAPI]: Assertion `px != 0' failed. which was caused by hashDerivationModulo() calling the ‘store’ object (during store upgrades) before openStore() assigned it.
2011-08-27* Update the cleanup script.Eelco Dolstra
2011-08-17* Use last_insert_id instead of sqlite_last_insert_rowid, which you'reEelco Dolstra
not really supposed to use according to the DBD::SQLite docs, and fails on some systems (e.g. http://hydra.nixos.org/build/1246662).
2011-08-08* On FreeBSD, ‘touch’ is not in the test $PATH, so don't use it.Eelco Dolstra
2011-08-08* Add perl-DBD-SQLite as a dependency of the RPM builds.Eelco Dolstra
2011-08-08* Add DBD-SQLite as a dependency to the Debian/Ubuntu builds.Eelco Dolstra
* Drop some old Fedora/Debian/Ubuntu releases.
2011-08-06* Cache the result of file evaluation (i.e, memoize evalFile()). ThisEelco Dolstra
prevents files from being evaluated and stored as values multiple times. For instance, evaluation of the ‘system’ attribute in NixOS causes ‘nixpkgs/pkgs/lib/lists.nix’ to be evaluated 2019 times. Caching gives a modest speedup and a decent memory footprint reduction (e.g., from 1.44s to 1.28s, and from 81 MiB to 59 MiB with GC_INITIAL_HEAP_SIZE=100000 on my system).
2011-08-06* Handle <path> syntax.Eelco Dolstra
2011-08-06* Handle the case where the search path element is a regular file.Eelco Dolstra
2011-08-06* Remove a debug statement.Eelco Dolstra
2011-08-06* Add the Nix corepkgs to the end of the search path. This makes itEelco Dolstra
possible for other Nix expressions to use corepkgs (mostly useful for the buildenv function).
2011-08-06* Allow redirections in search path entries. E.g. if you have aEelco Dolstra
directory /home/eelco/src/stdenv-updates that you want to use as the directory for import such as with (import <nixpkgs> { }); then you can say $ nix-build -I nixpkgs=/home/eelco/src/stdenv-updates
2011-08-06* Add lang/dir* to the distribution.Eelco Dolstra
2011-08-06* Add a Nix expression search path feature. Paths between angleEelco Dolstra
brackets, e.g. import <nixpkgs/pkgs/lib> are resolved by looking them up relative to the elements listed in the search path. This allows us to get rid of hacks like import "${builtins.getEnv "NIXPKGS_ALL"}/pkgs/lib" The search path can be specified through the ‘-I’ command-line flag and through the colon-separated ‘NIX_PATH’ environment variable, e.g., $ nix-build -I /etc/nixos ... If a file is not found in the search path, an error message is lazily thrown.
2011-08-06* Refactoring: move parseExprFromFile() and parseExprFromString() intoEelco Dolstra
the EvalState class.
2011-07-20* Don't allow derivations with fixed and non-fixed outputs.Eelco Dolstra
2011-07-20* Fix a huuuuge security hole in the Nix daemon. It didn't check thatEelco Dolstra
derivations added to the store by clients have "correct" output paths (meaning that the output paths are computed by hashing the derivation according to a certain algorithm). This means that a malicious user could craft a special .drv file to build *any* desired path in the store with any desired contents (so long as the path doesn't already exist). Then the attacker just needs to wait for a victim to come along and install the compromised path. For instance, if Alice (the attacker) knows that the latest Firefox derivation in Nixpkgs produces the path /nix/store/1a5nyfd4ajxbyy97r1fslhgrv70gj8a7-firefox-5.0.1 then (provided this path doesn't already exist) she can craft a .drv file that creates that path (i.e., has it as one of its outputs), add it to the store using "nix-store --add", and build it with "nix-store -r". So the fake .drv could write a Trojan to the Firefox path. Then, if user Bob (the victim) comes along and does $ nix-env -i firefox $ firefox he executes the Trojan injected by Alice. The fix is to have the Nix daemon verify that derivation outputs are correct (in addValidPath()). This required some refactoring to move the hash computation code to libstore.
2011-07-20* Added a test that make sure that users cannot registerEelco Dolstra
specially-crafted derivations that produce output paths belonging to other derivations. This could be used to inject malware into the store.
2011-07-20* Refactoring.Eelco Dolstra
2011-07-20* Create a symlink to /nix/var/nix/manifests in /nix/var/nix/gcrootsEelco Dolstra
if it doesn't exist.
2011-07-18* Support multiple outputs. A derivation can declare multiple outputsEelco Dolstra
by setting the ‘outputs’ attribute. For example: stdenv.mkDerivation { name = "aterm-2.5"; src = ...; outputs = [ "out" "tools" "dev" ]; configureFlags = "--bindir=$(tools)/bin --includedir=$(dev)/include"; } This derivation creates three outputs, named like this: /nix/store/gcnqgllbh01p3d448q8q6pzn2nc2gpyl-aterm-2.5 /nix/store/gjf1sgirwfnrlr0bdxyrwzpw2r304j02-aterm-2.5-tools /nix/store/hp6108bqfgxvza25nnxfs7kj88xi2vdx-aterm-2.5-dev That is, the symbolic name of the output is suffixed to the store path (except for the ‘out’ output). Each path is passed to the builder through the corresponding environment variable, e.g., ${tools}. The main reason for multiple outputs is to allow parts of a package to be distributed and garbage-collected separately. For instance, most packages depend on Glibc for its libraries, but don't need its header files. If these are separated into different store paths, then a package that depends on the Glibc libraries only causes the libraries and not the headers to be downloaded. The main problem with multiple outputs is that if one output exists while the others have been garbage-collected (or never downloaded in the first place), and we want to rebuild the other outputs, then this isn't possible because we can't clobber a valid output (it might be in active use). This currently gives an error message like: error: derivation `/nix/store/1s9zw4c8qydpjyrayxamx2z7zzp5pcgh-aterm-2.5.drv' is blocked by its output paths There are two solutions: 1) Do the build in a chroot. Then we don't need to overwrite the existing path. 2) Use hash rewriting (see the ASE-2005 paper). Scary but it should work. This is not finished yet. There is not yet an easy way to refer to non-default outputs in Nix expressions. Also, mutually recursive outputs aren't detected yet and cause the garbage collector to crash.
2011-07-13* Show the default for --with-store-dir (Nix/211).Eelco Dolstra
2011-07-13* Allow attribute names to be strings. Based on theEelco Dolstra
allow-arbitrary-strinsg-in-names patch by Marc Weber.
2011-07-13* Fix concurrency issues in download-using-manifests' handling of theEelco Dolstra
SQLite manifest cache. The DBI AutoCommit feature caused every process to have an active transaction at all times, which could indefinitely block processes wanting to update the manifest cache. * Disable fsync() in the manifest cache because we don't need integrity (the cache can always be recreated if it gets corrupted).
2011-07-13* Allow a default value in attribute selection by writingEelco Dolstra
x.y.z or default (as originally proposed in https://mail.cs.uu.nl/pipermail/nix-dev/2009-September/002989.html). For instance, an expression like stdenv.lib.attrByPath ["features" "ckSched"] false args can now be written as args.features.ckSched or false
2011-07-06* Change the right-hand side of the ‘.’ operator from an attribute toEelco Dolstra
an attribute path. This is a refactoring to support default values.
2011-07-06* Test case.Eelco Dolstra
2011-07-06* In the ‘?’ operator, allow attribute paths. For instance, you canEelco Dolstra
write ‘attrs ? a.b’ to test whether ‘attrs’ has an attribute ‘a’ containing an attribute ‘b’. This is more convenient than ‘attrs ? a && attrs.a ? b’. Slight change in the semantics: it's no longer an error if the left-hand side of ‘?’ is not an attribute set. In that case it just returns false. So, ‘null ? foo’ no longer throws an error.
2011-07-04(no commit message)Eelco Dolstra
2011-06-30doc: Fix typo.Ludovic Courtès
2011-06-30Add support for the `build-timeout' and `--timeout' options.Ludovic Courtès
2011-06-27(no commit message)Eelco Dolstra
2011-06-27(no commit message)Eelco Dolstra
2011-05-03* Use SQLite 3.7.6.2.Eelco Dolstra
2011-04-19* nix-install-package: unset NIX_REMOTE because $NIX_MANIFESTS_DIREelco Dolstra
doesn't work when building through the Nix daemon. This also ensures an error message when the user doesn't have sufficient privileges to do nix-pull.
2011-04-19* Handle error messages from the Nix worker containing the `%'Eelco Dolstra
character. (Nix/216)
2011-04-11* `nix-env -ub' (`--prebuilt-only') didn't really work because itEelco Dolstra
checked too soon whether substitutes are available. That is, it did so for every available package, rather than those matching installed packages. This was very slow and subject to assertion failures. So do the check much later. Idem for `nix-env -qab' and `nix-env -ib'.
2011-04-11* Read manifests directly into the database, rather than first readingEelco Dolstra
them into memory. This brings memory use down to (more or less) O(1). For instance, on my test case, the maximum resident size of download-using-manifests while filling the DB went from 142 MiB to 11 MiB.
2011-04-11* Lock the database during updates.Eelco Dolstra
2011-04-11(no commit message)Eelco Dolstra
2011-04-11* configure: detect whether DBD::SQLite is present. If necessary theEelco Dolstra
location to DBI and DBD::SQLite can be passed with --with-dbi and --with-dbd-sqlite.
2011-04-11* Subtle bug: if you import File::stat in one module, it affects otherEelco Dolstra
modules as well. So use symbolic field names everywhere (which is nicer anyway).
2011-04-11* Create $manifestDir if it doesn't exist.Eelco Dolstra
2011-04-10* Cache the manifests in /nix/var/nix/manifests in a SQLite database.Eelco Dolstra
This significantly speeds up the download-using-manifests substituter, especially if manifests are very large. For instance, one "nix-build -A geeqie" operation that updated four packages using binary patches went from 18.5s to 1.6s. It also significantly reduces memory use. The cache is kept in /nix/var/nix/manifests/cache.sqlite. It's updated automatically when manifests are added to or removed from /nix/var/nix/manifests. It might be interesting to have nix-pull store manifests directly in the DB, rather than storing them as separate flat files, but then we would need a command line interface to delete manifests from the DB.
2011-04-06* Remove the localPaths feature in manifests since it's no longer usedEelco Dolstra
and redundant anyway.