Age | Commit message (Collapse) | Author |
|
|
|
This fixes warnings about "structured binding declaration" requiring
"-std=c++1z".
|
|
This tells Nix to not build the shared libraries.
|
|
This reverts commit e8b0efdcc9d6329b299937790360cac8b9b256c9.
|
|
This reverts commit 80f464d9d72839841422f75e78ce725365cc3d71.
|
|
This patch attempts to solve the regression introduced in e8b0efdc
(#2607).
|
|
Remove some bashisms from configure.ac
|
|
The manual reference was commented out, and the sole reference to this
program other than the configure script. Removed both.
|
|
|
|
|
|
"configure.ac" is used to generate "configure", which is supposed to be
run with /bin/sh (as suggested by the shebang line of "configure"). As a
result it is a good idea to remove any /bin/sh-incompatible syntax from
configure.ac. Otherwise, systems that do not use Bash as their /bin/sh
are unable to run "configure" due to syntax errors.
|
|
|
|
Fixes #2396.
|
|
It's all dead code since 2014 (commit 0c6d62cf27b3b2).
|
|
|
|
|
|
|
|
Happily the failing tests should prevent anyone from using such a Nix
in situations where they expect sandboxing to be on,
which would otherwise be a risk.
|
|
configure.ac: check if lzma has MT support, fix deb build/etc.
|
|
This is needed for new arches where libseccomp support doesn't exist
yet.
Fixes #1878.
|
|
|
|
The latter breaks in the case of cross-compilation, when `cpp` bears a
target prefix.
|
|
* Look for both 'brotli' and 'bro' as external command,
since upstream has renamed it in newer versions.
If neither are found, current runtime behavior
is preserved: try to find 'bro' on PATH.
* Limit amount handed to BrotliEncoderCompressStream
to ensure interrupts are processed in a timely manner.
Testing shows negligible performance impact.
(Other compression sinks don't seem to require this)
|
|
|
|
This prevents builders from setting the S_ISUID or S_ISGID bits,
preventing users from using a nixbld* user to create a setuid/setgid
binary to interfere with subsequent builds under the same nixbld* uid.
This is based on aszlig's seccomp code
(47f587700d646f5b03a42f2fa57c28875a31efbe).
Reported by Linus Heckemann.
|
|
And add a 116 KiB ash shell from busybox to the release build. This
helps to make sandbox builds work out of the box on non-NixOS systems
and with diverted stores.
|
|
Using linenoise avoids a license compatibility issue (#1356), is a lot
smaller and doesn't pull in ncurses.
|
|
|
|
Also, don't use lsof on Linux since it's not needed.
Fixes #1328.
|
|
|
|
|
|
Build logs on cache.nixos.org are compressed using Brotli (since this
allows them to be decompressed automatically by Chrome and Firefox),
so it's handy if "nix log" can decompress them.
|
|
|
|
|
|
This reverts commit 81c53fe8e56f4a4ce10088fe2d7b6a524a6dc126. This
check appears to be stricter than we need (it broke a bunch of
platforms that previously did build:
http://hydra.nixos.org/eval/1331921#tabs-now-fail).
|
|
At least in the main Makefile we have:
GLOBAL_CXXFLAGS += -std=c++14 -g -Wall
|
|
Fixes #341
|
|
This reverts commit 9f3f2e21edb17dbcd674539dff96efb6cceca10c, reversing
changes made to 47f587700d646f5b03a42f2fa57c28875a31efbe.
|
|
|
|
|
|
|
|
We're going to use libseccomp instead of creating the raw BPF program,
because we have different syscall numbers on different architectures.
Although our initial seccomp rules will be quite small it really doesn't
make sense to generate the raw BPF program because we need to duplicate
it and/or make branches on every single architecture we want to suuport.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Alpine seems to use this, and it results in a wrong
builtins.currentSystem. Big-endian ARM systems have triples starting
with armv6eb- or armv7eb-, so this doesn't change any systems that
already worked.
|