aboutsummaryrefslogtreecommitdiff
path: root/src/libexpr/eval.cc
AgeCommit message (Collapse)Author
2019-04-11Add environment variable NIX_SHOW_SYMBOLS for dumping the symbol tableEelco Dolstra
2019-03-21eval: improve type description for primops and applied primopsLinus Heckemann
This can make type errors a little easier to understand.
2018-12-31EvalState::resetFileCache: clear parse cache as well as eval cacheWill Dietz
Fixes #2546. (at least the basic reproduction I've been testing)
2018-09-05Convert NIX_COUNT_CALLS to JSON tooEelco Dolstra
2018-09-05Log stats to stderrEelco Dolstra
We shouldn't pollute stdout.
2018-09-02remove the old text format outputMichael Bishop
2018-09-01add JSON to NIX_SHOW_STATSMichael Bishop
2018-09-01improve the stats when profilingMichael Bishop
2018-08-03Merge pull request #2326 from aszlig/fix-symlink-leakEelco Dolstra
Fix symlink leak in restricted eval mode
2018-08-03Fix symlink leak in restricted eval modeaszlig
In EvalState::checkSourcePath, the path is checked against the list of allowed paths first and later it's checked again *after* resolving symlinks. The resolving of the symlinks is done via canonPath, which also strips out "../" and "./". However after the canonicalisation the error message pointing out that the path is not allowed prints the symlink target in the error message. Even if we'd suppress the message, symlink targets could still be leaked if the symlink target doesn't exist (in this case the error is thrown in canonPath). So instead, we now do canonPath() without symlink resolving first before even checking against the list of allowed paths and then later do the symlink resolving and checking the allowed paths again. The first call to canonPath() should get rid of all the "../" and "./", so in theory the only way to leak a symlink if the attacker is able to put a symlink in one of the paths allowed by restricted evaluation mode. For the latter I don't think this is part of the threat model, because if the attacker can write to that path, the attack vector is even larger. Signed-off-by: aszlig <aszlig@nix.build>
2018-07-31Merge branch 'prim_mapAttr-fix' of https://github.com/volth/nixEelco Dolstra
2018-07-11Remove unused function printStats2()Eelco Dolstra
Closes #2282.
2018-07-06prim_mapAttrs: `f' must be evaluated lazily to avoid infinite recursionvolth
2018-06-12GC_malloc -> GC_MALLOCEelco Dolstra
This makes it possible to build with -DGC_DEBUG.
2018-06-12Don't scan for roots in dynamic librariesEelco Dolstra
This reduces the risk of object liveness misdetection. For example, Glibc has an internal variable "mp_" that often points to a Boehm object, keeping it alive unnecessarily. Since we don't store any actual roots in global variables, we can just disable data segment scanning. With this, the max RSS doing 100 evaluations of nixos.tests.firefox.x86_64-linux.drvPath went from 718 MiB to 455 MiB.
2018-06-12Add temporary statsEelco Dolstra
2018-06-12Cache parse treesEelco Dolstra
This prevents EvalState::resetFileCache() from parsing everything all over again.
2018-06-12Remove duplicate definition of allocBytes()Eelco Dolstra
2018-05-30Fix static assertion failure on 32-bit systemsEelco Dolstra
2018-05-30Move evaluator-specific settings out of libstoreEelco Dolstra
2018-05-26eval.cc: add message to static_assert, message can be omitted w/c++17Will Dietz
2018-05-22Make Env self-describingEelco Dolstra
If the Env denotes a 'with', then values[0] may be an Expr* cast to a Value*. For code that generically traverses Values/Envs, it's useful to know this.
2018-05-22Memoise checkSourcePath()Eelco Dolstra
This prevents hydra-eval-jobs from statting the same files over and over again.
2018-05-09In restricted eval mode, allow access to the closure of store pathsEelco Dolstra
E.g. this makes nix eval --restrict-eval -I /nix/store/foo '(builtins.readFile "/nix/store/foo/symlink/bla")' (where /nix/store/foo/symlink is a symlink to another path in the closure of /nix/store/foo) succeed. This fixes a regression in Hydra compared to Nix 1.x (where there were no restrictions at all on access to the Nix store).
2018-05-02Fix some random -Wconversion warningsEelco Dolstra
2018-04-03libexpr: Make unsafeGetAttrPos not crash on noPosTuomas Tynkkynen
Currently e.g. `builtins.unsafeGetAttrPos "abort" builtins` will eventually segfault because pos->file is an unset Symbol. Found by afl-fuzz.
2018-03-14concatLists: Don't pass NULL pointers to memcpy.Shea Levy
This is UB, even if the size is 0. See #1976. Fixes #1976.
2018-02-28Actually fix nixDataDir in non-canonical pathShea Levy
2018-02-22Merge branch 'data-dir-non-canon' of https://github.com/shlevy/nixEelco Dolstra
2018-02-22Fix restricted mode when installing in non-canonical data dirShea Levy
2018-02-17libexpr: Optimize prim_derivationStrict by using more symbol comparisonsTuomas Tynkkynen
2018-02-17libexpr: Rely on Boehm returning zeroed memory in EvalState::allocEnv()Tuomas Tynkkynen
Boehm guarantees that memory returned by GC_malloc() is zeroed, so take advantage of that.
2018-02-13Merge branch 'register-constant' of https://github.com/shlevy/nixEelco Dolstra
2018-02-11Nix stats: flatten statisticsFrederik Rietdijk
Flattens the list of statistics as suggested in https://github.com/NixOS/ofborg/issues/67. This makes it easier to work with.
2018-02-08Allow using RegisterPrimop to define constants.Shea Levy
This enables plugins to add new constants, as well as new primops.
2018-02-07Merge pull request #1816 from shlevy/add-pathEelco Dolstra
Add path primop.
2018-02-06Add path primop.Shea Levy
builtins.path allows specifying the name of a path (which makes paths with store-illegal names now addable), allows adding paths with flat instead of recursive hashes, allows specifying a filter (so is a generalization of filterSource), and allows specifying an expected hash (enabling safe path adding in pure mode).
2018-02-06checkURI(): Check file URIs against allowedPathsEelco Dolstra
This makes e.g. 'fetchGit ./.' work (assuming that ./. is an allowed path).
2018-01-19Don't use [[noreturn]]Eelco Dolstra
2018-01-16Add pure evaluation modeEelco Dolstra
In this mode, the following restrictions apply: * The builtins currentTime, currentSystem and storePath throw an error. * $NIX_PATH and -I are ignored. * fetchGit and fetchMercurial require a revision hash. * fetchurl and fetchTarball require a sha256 attribute. * No file system access is allowed outside of the paths returned by fetch{Git,Mercurial,url,Tarball}. Thus 'nix build -f ./foo.nix' is not allowed. Thus, the evaluation result is completely reproducible from the command line arguments. E.g. nix build --pure-eval '( let nix = fetchGit { url = https://github.com/NixOS/nixpkgs.git; rev = "9c927de4b179a6dd210dd88d34bda8af4b575680"; }; nixpkgs = fetchGit { url = https://github.com/NixOS/nixpkgs.git; ref = "release-17.09"; rev = "66b4de79e3841530e6d9c6baf98702aa1f7124e4"; }; in (import (nix + "/release.nix") { inherit nix nixpkgs; }).build.x86_64-linux )' The goal is to enable completely reproducible and traceable evaluation. For example, a NixOS configuration could be fully described by a single Git commit hash. 'nixos-rebuild' would do something like nix build --pure-eval '( (import (fetchGit { url = file:///my-nixos-config; rev = "..."; })).system ') where the Git repository /my-nixos-config would use further fetchGit calls or Git externals to fetch Nixpkgs and whatever other dependencies it has. Either way, the commit hash would uniquely identify the NixOS configuration and allow it to reproduced.
2018-01-12import, builtins.readFile: Handle diverted storesEelco Dolstra
Fixes #1791
2017-10-30Add option allowed-urisEelco Dolstra
This allows network access in restricted eval mode.
2017-10-29nix repl :t: Indicate strings that have a contextEelco Dolstra
2017-07-30Replace Unicode quotes in user-facing strings by ASCIIJörg Thalheim
Relevant RFC: NixOS/rfcs#4 $ ag -l | xargs sed -i -e "/\"/s/’/'/g;/\"/s/‘/'/g"
2017-07-03Replace a few bool flags with enumsEelco Dolstra
Functions like copyClosure() had 3 bool arguments, which creates a severe risk of mixing up arguments. Also, implement copyClosure() using copyPaths().
2017-05-16Improve progress indicatorEelco Dolstra
2017-04-14Shut up some warningsEelco Dolstra
2017-02-22Explicitly model all settings and fail on unrecognized onesDan Peebles
Previously, the Settings class allowed other code to query for string properties, which led to a proliferation of code all over the place making up new options without any sort of central registry of valid options. This commit pulls all those options back into the central Settings class and removes the public get() methods, to discourage future abuses like that. Furthermore, because we know the full set of options ahead of time, we now fail loudly if someone enters an unrecognized option, thus preventing subtle typos. With some template fun, we could probably also dump the full set of options (with documentation, defaults, etc.) to the command line, but I'm not doing that yet here.
2017-01-26Add support for passing structured data to buildersEelco Dolstra
Previously, all derivation attributes had to be coerced into strings so that they could be passed via the environment. This is lossy (e.g. lists get flattened, necessitating configureFlags vs. configureFlagsArray, of which the latter cannot be specified as an attribute), doesn't support attribute sets at all, and has size limitations (necessitating hacks like passAsFile). This patch adds a new mode for passing attributes to builders, namely encoded as a JSON file ".attrs.json" in the current directory of the builder. This mode is activated via the special attribute __structuredAttrs = true; (The idea is that one day we can set this in stdenv.mkDerivation.) For example, stdenv.mkDerivation { __structuredAttrs = true; name = "foo"; buildInputs = [ pkgs.hello pkgs.cowsay ]; doCheck = true; hardening.format = false; } results in a ".attrs.json" file containing (sans the indentation): { "buildInputs": [], "builder": "/nix/store/ygl61ycpr2vjqrx775l1r2mw1g2rb754-bash-4.3-p48/bin/bash", "configureFlags": [ "--with-foo", "--with-bar=1 2" ], "doCheck": true, "hardening": { "format": false }, "name": "foo", "nativeBuildInputs": [ "/nix/store/10h6li26i7g6z3mdpvra09yyf10mmzdr-hello-2.10", "/nix/store/4jnvjin0r6wp6cv1hdm5jbkx3vinlcvk-cowsay-3.03" ], "propagatedBuildInputs": [], "propagatedNativeBuildInputs": [], "stdenv": "/nix/store/f3hw3p8armnzy6xhd4h8s7anfjrs15n2-stdenv", "system": "x86_64-linux" } "passAsFile" is ignored in this mode because it's not needed - large strings are included directly in the JSON representation. It is up to the builder to do something with the JSON representation. For example, in bash-based builders, lists/attrsets of string values could be mapped to bash (associative) arrays.
2017-01-26Bindings: Add a method for iterating in lexicographically sorted orderEelco Dolstra