| Age | Commit message (Collapse) | Author |
|---|
|
The current usage technically works by putting multiple different
repos in to the same git directory. However, it is very slow as
Git tries very hard to find common commits between the two
repositories. If the two repositories are large (like Nixpkgs and
another long-running project,) it is maddeningly slow.
This change busts the cache for existing deployments, but users
will be promptly repaid in per-repository performance.
|
|
Fun fact: rules with multiple targets don't work properly with 'make
-j'. For example, a rule like
a b: c
touch a b
is equivalent to
a: c
touch a b
b: c
touch a b
so with 'make -j', the 'touch' command will be run twice. See
e.g. https://stackoverflow.com/questions/2973445/gnu-makefile-rule-generating-a-few-targets-from-a-single-source-file.
|
|
Fix symlink leak in restricted eval mode
|
|
In EvalState::checkSourcePath, the path is checked against the list of
allowed paths first and later it's checked again *after* resolving
symlinks.
The resolving of the symlinks is done via canonPath, which also strips
out "../" and "./". However after the canonicalisation the error message
pointing out that the path is not allowed prints the symlink target in
the error message.
Even if we'd suppress the message, symlink targets could still be leaked
if the symlink target doesn't exist (in this case the error is thrown in
canonPath).
So instead, we now do canonPath() without symlink resolving first before
even checking against the list of allowed paths and then later do the
symlink resolving and checking the allowed paths again.
The first call to canonPath() should get rid of all the "../" and "./",
so in theory the only way to leak a symlink if the attacker is able to
put a symlink in one of the paths allowed by restricted evaluation mode.
For the latter I don't think this is part of the threat model, because
if the attacker can write to that path, the attack vector is even
larger.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
parser.y: fix assoc of -> and < > <= >=
|
|
|
|
The parser allowed senseless `a > b > c` but disallowed `a -> b -> c` which seems valid
It might be a typo
|
|
forceValue() were called after a value is copied effectively forcing only one of the copies keeping another copy not evaluated.
This resulted in its evaluation of the same lazy value more than once (the number of hits is not big though)
|
|
Apparently, on macOS, 'long' != 'int64_t'.
https://hydra.nixos.org/build/77100756
|
|
|
|
Closes #2282.
|
|
stored in mkApp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is primarily useful for processing Cargo.lock files.
|
|
Even on 32-bit systems, Value has enough space to hold a double.
|
|
This makes it possible to build with -DGC_DEBUG.
|
|
This reduces the risk of object liveness misdetection. For example,
Glibc has an internal variable "mp_" that often points to a Boehm
object, keeping it alive unnecessarily. Since we don't store any
actual roots in global variables, we can just disable data segment
scanning.
With this, the max RSS doing 100 evaluations of
nixos.tests.firefox.x86_64-linux.drvPath went from 718 MiB to 455 MiB.
|
|
|
|
This prevents EvalState::resetFileCache() from parsing everything all
over again.
|
|
|
|
|
|
|
|
json-to-value: Use strtol instead of strtoi
|
|
NixInt is long, so strtoi is too restrictive.
|
|
|
|
add builtins: __bitAnd, __bitOr, __bitXor
|
|
If the Env denotes a 'with', then values[0] may be an Expr* cast to a
Value*. For code that generically traverses Values/Envs, it's useful
to know this.
|
|
This prevents hydra-eval-jobs from statting the same files over and
over again.
|
|
|
|
|
|
|
|
|
|
Fixes #1374.
Closes #2129.
|
|
This reverts commit 6498adb002bcf7e715afe46c23b8635d4592c156. We don't
actually use IncompleteParseError in 'nix repl'.
|
|
E.g. this makes
nix eval --restrict-eval -I /nix/store/foo '(builtins.readFile "/nix/store/foo/symlink/bla")'
(where /nix/store/foo/symlink is a symlink to another path in the
closure of /nix/store/foo) succeed.
This fixes a regression in Hydra compared to Nix 1.x (where there were
no restrictions at all on access to the Nix store).
|
|
|
|
|
|
Fixes #2073
|
|
|
|
|
|
Currently e.g. `builtins.unsafeGetAttrPos "abort" builtins` will
eventually segfault because pos->file is an unset Symbol.
Found by afl-fuzz.
|
|
|
|
libexpr: Recognize newline in more places in lexer
|
