aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-01-13Allow using /bin and /usr/bin as impure prefixes on non-darwin by defaultShea Levy
These directories are generally world-readable anyway, and give us the two most common linux impurities (env and sh)
2015-01-13SysError -> ErrorEelco Dolstra
2015-01-13Don't resolve symlinks while checking __impureHostDepsEelco Dolstra
Since these come from untrusted users, we shouldn't do any I/O on them before we've checked that they're in an allowed prefix.
2015-01-12Add basic Apple sandbox supportDaniel Peebles
2015-01-12doc: `nix-channel --remove` takes a name, not a urlTobias Geerinckx-Rice
2015-01-09Fix builtins.readDir on XFSEelco Dolstra
The DT_UNKNOWN fallback code was getting the type of the wrong path, causing readDir to report "directory" as the type of every file. Reported by deepfire on IRC.
2015-01-08Doh^2Eelco Dolstra
2015-01-08DohEelco Dolstra
2015-01-08Fix typo (assuming this is a typo)Данило Глинський (Danylo Hlynskyi)
Fix typo (assuming this is a typo) `allowedRequisites` mentions `allowedReferences` in code example
2015-01-08Set /nix/store permission to 1737Eelco Dolstra
I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about).
2015-01-08nix-shell: Add --run flagEelco Dolstra
‘--run’ is like ‘--command’, except that it runs the command in a non-interactive shell. This is important if you do things like: $ nix-shell --command make Hitting Ctrl-C while make is running drops you into the interactive Nix shell, which is probably not what you want. So you can now do $ nix-shell --run make instead.
2015-01-08nix-shell: Interpret filenames relative to the #!-scriptEelco Dolstra
So you can have a script like: #! /usr/bin/env nix-shell #! nix-shell script.nix -i python import prettytable x = prettytable.PrettyTable(["Foo", "Bar"]) for i in range(1, 10): x.add_row([i, i**2]) print x with a ‘script.nix’ in the same directory: with import <nixpkgs> {}; runCommand "dummy" { buildInputs = [ python pythonPackages.prettytable ]; } "" (Of course, in this particular case, using the ‘-p’ flag is more convenient.)
2015-01-08Allow nix-shell to be used as a #! interpreterEelco Dolstra
This allows scripts to fetch their own dependencies via nix-shell. For instance, here is a Haskell script that, when executed, pulls in GHC and the HTTP package: #! /usr/bin/env nix-shell #! nix-shell -i runghc -p haskellPackages.ghc haskellPackages.HTTP import Network.HTTP main = do resp <- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/") body <- getResponseBody resp print (take 100 body) Or a Perl script that pulls in Perl and some CPAN packages: #! /usr/bin/env nix-shell #! nix-shell -i perl -p perl perlPackages.HTMLTokeParserSimple perlPackages.LWP use HTML::TokeParser::Simple; my $p = HTML::TokeParser::Simple->new(url => 'http://nixos.org/'); while (my $token = $p->get_tag("a")) { my $href = $token->get_attr("href"); print "$href\n" if $href; } Note that the options to nix-shell must be given on a separate line that starts with the magic string ‘#! nix-shell’. This is because ‘env’ does not allow passing arguments to an interpreter directly.
2015-01-07nix-shell --command: Remove bogus argument to "exit"Eelco Dolstra
Fixes "exit: Inappropriate: numeric argument required" errors.
2015-01-07Show position info for failing <...> lookupsEelco Dolstra
2015-01-07Remove quotes around filenames in position infoEelco Dolstra
2015-01-06Document how to set up build users on Mac OS XEelco Dolstra
2015-01-06Fix building on DarwinEelco Dolstra
Fixes #433.
2015-01-05Merge pull request #431 from j-keck/masterRob Vermaas
small documentation fixes
2015-01-05doc: remove wrong phrase.j-keck
'... another level of indirection not shown in the figure above ...' but in the 'user-environments.png' figure there is '~/.nix-profile'. the figure was updated with the commit: f982df3 on Mar 16, 2005.
2015-01-05doc: remove double wordj-keck
'... when when ...' -> '... when ...'
2015-01-02Allow $NIX_PAGER to override $PAGEREelco Dolstra
2015-01-02libutil: Limit readLink() error to only overflows.aszlig
Let's not just improve the error message itself, but also the behaviour to actually work around the ntfs-3g symlink bug. If the readlink() call returns a smaller size than the stat() call, this really isn't a problem even if the symlink target really has changed between the calls. So if stat() reports the size for the absolute path, it's most likely that the relative path is smaller and thus it should also work for file system bugs as mentioned in 93002d69fc58c2b71e2dfad202139230c630c53a. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02libutil: Improve errmsg on readLink size mismatch.aszlig
A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com>
2015-01-02edition -> subtitleEelco Dolstra
For some reason, docbook-xsl doesn't render edition.
2014-12-29LocalStore initialization: Don't die if build-users-group doesn't existShea Levy
See NixOS/nixpkgs@9245516
2014-12-23Revive running builds in a PID namespaceEelco Dolstra
2014-12-16Belatedly add contributorsEelco Dolstra
2014-12-15Bump version numberEelco Dolstra
2014-12-15Merge pull request #420 from linquize/cygwinEelco Dolstra
Add exe, dll to .gitignore
2014-12-15Add exe, dll to .gitignoreLinquize
2014-12-14GrmblEelco Dolstra
2014-12-14Add a section on nix-serveEelco Dolstra
2014-12-14Add section on SSH substituterEelco Dolstra
2014-12-14PedantryEelco Dolstra
2014-12-14Merge branch 'cygwin-master' of https://github.com/ternaris/nixEelco Dolstra
2014-12-14Merge commit '36c67860363c93eb00cf5b8e2ad34f6f775e6901'Eelco Dolstra
2014-12-14Delete the stdenv sectionEelco Dolstra
It's outdated and better covered in the Nixpkgs manual.
2014-12-14BlaEelco Dolstra
2014-12-14Fix buildEelco Dolstra
http://hydra.nixos.org/build/17894500
2014-12-14Fix image in PDFEelco Dolstra
Closes #415.
2014-12-14Rename filesEelco Dolstra
2014-12-13Update .nixpkg descriptionEelco Dolstra
2014-12-13ReiserFS -> ext4Eelco Dolstra
2014-12-13StyleEelco Dolstra
2014-12-13Undocument nix-generate-patchesEelco Dolstra
2014-12-13Document channel format and excise most mentions of manifests and nix-pullEelco Dolstra
2014-12-13StyleEelco Dolstra
2014-12-13Better error messageEelco Dolstra
2014-12-13Install cacert before running nix-channelEelco Dolstra
Also, make it more robust against incorrent SSL_CERT_FILE values.