aboutsummaryrefslogtreecommitdiff
path: root/perl
AgeCommit message (Collapse)Author
2016-11-26Revert "Get rid of unicode quotes (#1140)"Eelco Dolstra
This reverts commit f78126bfd6b6c8477fcdbc09b2f98772dbe9a1e7. There really is no need for such a massive change...
2016-11-25Get rid of unicode quotes (#1140)Guillaume Maudoux
2016-07-26makeFixedOutputPath(): Drop superfluous HashType argumentEelco Dolstra
2016-06-01Make the store directory a member variable of StoreEelco Dolstra
2016-05-31nix-copy-closure / build-remote.pl: Disable signature checkingEelco Dolstra
This restores the Nix 1.11 behaviour.
2016-05-31nix-copy-closure: Drop Nix <= 1.7 compatEelco Dolstra
2016-05-04Fix segfault in nix-copy-closureEelco Dolstra
2016-05-04Remove OpenSSL-based signingEelco Dolstra
2016-04-19Move path info caching from BinaryCacheStore to StoreEelco Dolstra
Caching path info is generally useful. For instance, it speeds up "nix path-info -rS /run/current-system" (i.e. showing the closure sizes of all paths in the closure of the current system) from 5.6s to 0.15s. This also eliminates some APIs like Store::queryDeriver() and Store::queryReferences().
2016-04-11Remove manifest supportEelco Dolstra
Manifests have been superseded by binary caches for years. This also gets rid of nix-pull, nix-generate-patches and bsdiff/bspatch.
2016-02-26importPaths(): Optionally add NARs to binary cache accessorEelco Dolstra
This enables an optimisation in hydra-queue-runner, preventing a download of a NAR it just uploaded to the cache when reading files like hydra-build-products.
2016-02-16Add C++ functions for .narinfo processing / signingEelco Dolstra
This is currently only used by the Hydra queue runner rework, but like eff5021eaa6dc69f65ea1a8abe8f3ab11ef5eb0a it presumably will be useful for the C++ rewrite of nix-push and download-from-binary-cache. (@shlevy)
2016-02-16Rename ValidPathInfo::hash -> narHash for consistencyEelco Dolstra
2016-02-15Fix nix-copy-closureEelco Dolstra
http://hydra.nixos.org/build/32005971
2016-02-04StoreAPI -> StoreEelco Dolstra
Calling a class an API is a bit redundant...
2016-02-04Eliminate the "store" global variableEelco Dolstra
Also, move a few free-standing functions into StoreAPI and Derivation. Also, introduce a non-nullable smart pointer, ref<T>, which is just a wrapper around std::shared_ptr ensuring that the pointer is never null. (For reference-counted values, this is better than passing a "T&", because the latter doesn't maintain the refcount. Usually, the caller will have a shared_ptr keeping the value alive, but that's not always the case, e.g., when passing a reference to a std::thread via std::bind.)
2016-01-07Fix bad use of croak()Eelco Dolstra
Detected by -Werror=format-security. http://hydra.nixos.org/build/29973207
2015-10-09Provide addTempRoot in the Perl APIEelco Dolstra
Needed by Hydra.
2015-09-18Shut up clang warningsEelco Dolstra
2015-06-03Handle base-16 NarHash fields in signed .narinfo filesEelco Dolstra
2015-06-03Be more robust wrt broken .narinfo filesEelco Dolstra
2015-06-01Include the cache.nixos.org signing key by defaultEelco Dolstra
2015-03-25addToStore(): Take explicit name argumentEelco Dolstra
2015-03-04Reduce verbosity in build-remote.plEelco Dolstra
2015-02-17Include NAR size in fingerprint computationEelco Dolstra
This is not strictly needed for integrity (since we already include the NAR hash in the fingerprint) but it helps against endless data attacks [1]. (However, this will also require download-from-binary-cache.pl to bail out if it receives more than the specified number of bytes.) [1] https://isis.poly.edu/~jcappos/papers/cappos_mirror_ccs_08.pdf
2015-02-10Make libsodium an optional dependencyEelco Dolstra
2015-02-04Sign a subset of the .narinfoEelco Dolstra
We only need to sign the store path, NAR hash and references (the "fingerprint"). Everything else is irrelevant to security. For instance, the compression algorithm or the hash of the compressed NAR don't matter as long as the contents of the uncompressed NAR are correct. (Maybe we should include derivers in the fingerprint, but they're broken and nobody cares about them. Also, it might be nice in the future if .narinfos contained signatures from multiple independent signers. But that's impossible if the deriver is included in the fingerprint, since everybody will tend to have a different deriver for the same store path.) Also renamed the "Signature" field to "Sig" since the format changed in an incompatible way.
2015-02-04Use libsodium instead of OpenSSL for binary cache signingEelco Dolstra
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA signatures. Public keys are also much shorter, so they're now specified directly in the nix.conf option ‘binary-cache-public-keys’. The new command ‘nix-store --generate-binary-cache-key’ generates and prints a public and secret key.
2014-12-09Link against perl.dll on CygwinMarko Durkovic
2014-11-20Fix bad operatorEelco Dolstra
Spotted by Perl 5.20: Possible precedence issue with control flow operator at /usr/lib/perl5/site_perl/5.20.1/x86_64-linux-gnu-thread-multi/Nix/Utils.pm line 46.
2014-11-10SSH.pm: Print a friendlier message if connecting failsEelco Dolstra
"got EOF while expecting 8 bytes from remote side" is not very helpful.
2014-10-14Remove unused @sshOpts flagEelco Dolstra
Closes #300.
2014-09-18Remove debug statementEelco Dolstra
2014-09-18Store.so: Add dependency on libnixutilEelco Dolstra
Issue #346.
2014-08-23Fix building with ClangEelco Dolstra
2014-08-20Use proper quotes everywhereEelco Dolstra
2014-08-13Use $XDG_RUNTIME_DIR for temporary filesEelco Dolstra
2014-07-24nix-copy-closure: Drop --bzip2, --xz, --show-progressEelco Dolstra
These are too difficult to implement via nix-store --serve. ‘--show-progress’ could be re-implemented fairly easily via a sink/source wrapper class.
2014-07-24Fix NIX_SSHOPTSEelco Dolstra
Closes #302.
2014-07-24Remove obsolete SSH master connection codeEelco Dolstra
2014-07-24RefactorEelco Dolstra
2014-07-12build-remote.pl: Don't keep a shell process aroundEelco Dolstra
2014-07-12build-remote.pl: Fix build logEelco Dolstra
2014-07-11build-remote.pl: Use ‘nix-store --serve’ on the remote sideEelco Dolstra
This makes things more efficient (we don't need to use an SSH master connection, and we only start a single remote process) and gets rid of locking issues (the remote nix-store process will keep inputs and outputs locked as long as they're needed). It also makes it more or less secure to connect directly to the root account on the build machine, using a forced command (e.g. ‘command="nix-store --serve --write"’). This bypasses the Nix daemon and is therefore more efficient. Also, don't call nix-store to import the output paths.
2014-07-11Fix closure size displayEelco Dolstra
2014-07-10Fix use of sysreadEelco Dolstra
2014-07-10nix-copy-closure -s: Do substitutions via ‘nix-store --serve’Eelco Dolstra
This means we no longer need an SSH master connection, since we only execute a single command on the remote host.
2014-07-10nix-copy-closure: Fix --dry-runEelco Dolstra
2014-07-10nix-copy-closure: Restore compression and the progress viewerEelco Dolstra
2014-07-10nix-copy-closure: Fix race conditionEelco Dolstra
There is a long-standing race condition when copying a closure to a remote machine, particularly affecting build-remote.pl: the client first asks the remote machine which paths it already has, then copies over the missing paths. If the garbage collector kicks in on the remote machine between the first and second step, the already-present paths may be deleted. The missing paths may then refer to deleted paths, causing nix-copy-closure to fail. The client now performs both steps using a single remote Nix call (using ‘nix-store --serve’), locking all paths in the closure while querying. I changed the --serve protocol a bit (getting rid of QueryCommand), so this breaks the SSH substituter from older versions. But it was marked experimental anyway. Fixes #141.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 21:59:25 +0000