| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
in the attribute variable `impureEnvVars' from the caller to the
builder.
|
|
|
|
|
|
will be built or substituted.
|
|
|
|
creates a new process group but also a new session. New sessions
have no controlling tty, so child processes like ssh cannot open
/dev/tty (which is bad).
|
|
intended). This ensures that any ssh child processes to remote
machines are also killed, and thus the Nix process on the remote
machine also exits. Without this, the remote Nix process will
continue until it exists or until its stdout buffer gets full and it
locks up. (Partially fixes NIX-35.)
|
|
much faster.
|
|
simultaneously. We do this using exclusive locks on uid files in
/nix/var/nix/userpool, e.g., /nix/var/nix/userpool/123 for uid 123.
|
|
|
|
critical to prevent certain kinds of 0wnage.
|
|
running under that uid.
|
|
nobody else has write permission to the build result. This catches
most hack attempts.
|
|
builder. Instead, require that the Nix store has sticky permission
(S_ISVTX); everyone can created files in the Nix store, but they
cannot delete, rename or modify files created by others.
|
|
root (or setuid root), then builds will be performed under one of
the users listed in the `build-users' configuration variables. This
is to make it impossible to influence build results externally,
allowing locally built derivations to be shared safely between
users (see ASE-2005 paper).
To do: only one builder should be active per build user.
|
|
|
|
|
|
|
|
|
|
by Rob).
|
|
|
|
continue building when one fails unless `--keep-going' is
specified.
* When `--keep-going' is specified, print out the set of failing
derivations at the end (otherwise it can be hard to find out which
failed).
|
|
NAR dump of the path).
|
|
in `fetchurl' in Nix <= 0.7, but doesn't in Nix 0.8.
|
|
multiple times is also a top-level goal, then the second and later
instantiations would never be created because there would be a
stable pointer to the first one that would keep it alive in the
WeakGoalMap.
* Some tracing code for debugging this kind of problem.
|
|
|
|
|
|
* Removed some dead code (successor stuff) from nix-push.
* Updated terminology in the tests (store expr -> drv path).
* Check that the deriver is set properly in the tests.
|
|
|
|
derivation that produced them.
* `nix-store -qd PATH' prints out the derivation that produced a path.
|
|
* Fix GC and substitute bugs related to self-references. Add a
regression test.
|
|
roots to a per-process temporary file in /nix/var/nix/temproots
while holding a write lock on that file. The garbage collector
acquires read locks on all those files, thus blocking further
progress in other Nix processes, and reads the sets of temporary
roots.
|
|
though). In particular it's now much easier to register a GC root.
Just place a symlink to whatever store path it is that you want to
keep in /nix/var/nix/gcroots.
|
|
This simplifies garbage collection and `nix-store --query
--requisites' since we no longer need to treat derivations
specially.
* Better maintaining of the invariants, e.g., setReferences() can only
be called on a valid/substitutable path.
|
|
longer need the former since there we no longer have the
substitutes-rev table (which triggered a O(n^2) cost in updating
them).
|
|
invariant by registering references through the manifest.
* Added a test for nix-pull.
|
|
* Fix the substitutes tests.
|
|
|
|
back the query flag `--force-realise'.
* Fixed some of the tests.
|
|
|
|
promise :-) This allows derivations to specify on *what* output
paths of input derivations they are dependent. This helps to
prevent unnecessary downloads. For instance, a build might be
dependent on the `devel' and `lib' outputs of some library
component, but not the `docs' output.
|
|
`derivations.cc', etc.
* Store the SHA-256 content hash of store paths in the database after
they have been built/added. This is so that we can check whether
the store has been messed with (a la `rpm --verify').
* When registering path validity, verify that the closure property
holds.
|
