aboutsummaryrefslogtreecommitdiff
path: root/src/libstore/globals.hh
AgeCommit message (Collapse)Author
2024-06-12doc: rewrite the multi-user documentation to actually talk about securityJade Lovelace
It's in the security section, and it was totally outdated anyway. I took the opportunity to write down the stuff we already believed. Change-Id: I73e62ae85a82dad13ef846e31f377c3efce13cb0
2024-06-01chore: rebrand Nix to Lix when it makes senseRaito Bezarius
Here's my guide so far: $ rg '((?!(recursive).*) Nix (?!(daemon|store|expression|Rocks!|Packages|language|derivation|archive|account|user|sandbox|flake).*))' -g '!doc/' --pcre2 All items from this query have been tackled. For the documentation side: that's for https://git.lix.systems/lix-project/lix/issues/162. Additionally, all remaining references to github.com/NixOS/nix which were not relevant were also replaced. Fixes: https://git.lix.systems/lix-project/lix/issues/148. Fixes: https://git.lix.systems/lix-project/lix/issues/162. Change-Id: Ib3451fae5cb8ab8cd9ac9e4e4551284ee6794545 Signed-off-by: Raito Bezarius <raito@lix.systems>
2024-05-28util.{hh,cc}: Split out environment-variables.{hh,cc}Tom Hubrecht
Change-Id: Icff0aa33fda5147bd5dbe256a0b9d6a6c8a2c3f6
2024-05-24libstore/build: always enable seccomp filtering and no-new-privilegesAlois Wohlschlager
Seccomp filtering and the no-new-privileges functionality improve the security of the sandbox, and have been enabled by default for a long time. In https://git.lix.systems/lix-project/lix/issues/265 it was decided that they should be enabled unconditionally. Accordingly, remove the allow-new-privileges (which had weird behavior anyway) and filter-syscall settings, and force the security features on. Syscall filtering can still be enabled at build time to support building on architectures libseccomp doesn't support. Change-Id: Iedbfa18d720ae557dee07a24f69b2520f30119cb
2024-05-16Allow enabling core dumps from builds for nix & child processesmidnightveil
Fixes https://git.lix.systems/lix-project/lix/issues/268 Change-Id: I3f1b0ddf064f891cca8b53229c5c31c74cea3d9f
2024-04-11libstore: fix glossary link in documentationeldritch horrors
this should be a link, not an anchor. it should also point to the `gloss-store` element, not the `#gloss-store` element. Change-Id: I1f2803093179549637e10f917ad73399a419131b
2024-03-05Merge pull request #9443 from ivan770/reproducibilityeldritch horrors
doc: fix machine-specific capabilities leaking (cherry picked from commit dda0e34ecf16bb1c736d585414122a7e3587db70) Change-Id: I3d07cc5039ee954b215a7a27caa3bf7359d92c26
2024-03-04Merge pull request #9670 from DavHau/log-lineseldritch horrors
saner default for log-lines: change to 25 (cherry picked from commit dedbbbb451bb8f2bd0925e59a8b3d127157015f8) Change-Id: I8847df4aeb6e5c2d2be0e04f2a0a1aa595cb3b2f
2024-03-04Merge pull request #4093 from matthewbauer/eval-systemeldritch horrors
Add eval-system option (cherry picked from commit 071dbbee33af9f27338c3e53e4ea067dbfa14010) Change-Id: Ia81358c8cfb60241da07a4d0e84b9ee62a18a53f
2024-03-04Merge pull request #8047 from lovesegfault/always-allow-substituteseldritch horrors
feat: add always-allow-substitutes (cherry picked from commit da2b59a08878b3c6c7074595e3b6d26b6928b4c1) Change-Id: I50481cd8fe643c673c610fec28bad84519a4d650
2023-11-16libstore: Add apple-virt to system features when availableRobert Hensing
I'm sure that we'll adjust the implementation over time, but this at least discerns between an apple silicon bare metal machine and a tart VM. (cherry picked from commit 9277eb276bf0a942e88fcf499f6a6b9c262be853)
2023-09-06Fix globals.hh typoChristina Sørensen
2023-07-19Merge pull request #7973 from fricklerhandwerk/remove-channelsRobert Hensing
remove the Channels section
2023-07-19fix broken linksValentin Gagarin
2023-07-19expand on the `extra-platforms` optionValentin Gagarin
2023-07-19mention `extra-platforms`Valentin Gagarin
2023-07-19fix wordingValentin Gagarin
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-07-19add cross-linksValentin Gagarin
2023-07-19shorten `system` setting descriptionValentin Gagarin
2023-07-19move docs of the current system to the system settingValentin Gagarin
add information what happens when Nix itself is cross-compiled
2023-07-19one line per sentence for easier reviewValentin Gagarin
2023-07-12Update src/libstore/globals.hhBen Radford
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-12Update src/libstore/globals.hhBen Radford
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-07-11Say a bit about default value in setting description.Ben Radford
2023-07-11Default should depend on whether we are root.Ben Radford
2023-07-11Be clearer about the security implications.Ben Radford
2023-07-11Update description for require-drop-supplementary-groups.Ben Radford
2023-07-11Always attempt setgroups but allow failure to be ignored.Ben Radford
2023-07-11Merge remote-tracking branch 'origin/master' into ↵Ben Radford
best-effort-supplementary-groups
2023-06-23Merge pull request #8519 from fricklerhandwerk/reword-trusted-usersRobert Hensing
reword documentation on trusted users and substituters
2023-06-18Split `OptionalPathSetting` from `PathSetting`John Ericson
Rather than doing `allowEmpty` as boolean, have separate types and use `std::optional`. This makes it harder to forget the possibility of an empty path. The `build-hook` setting was categorized as a `PathSetting`, but actually it was split into arguments. No good! Now, it is `Setting<Strings>` which actually reflects what it means and how it is used. Because of the subtyping, we now also have support for `Setting<std::optional<String>>` in general. I imagine this can be used to clean up many more settings also.
2023-06-16Update src/libstore/globals.hhValentin Gagarin
2023-06-16use "store URLs" consistentlyValentin Gagarin
2023-06-15Update src/libstore/globals.hhValentin Gagarin
2023-06-15fix wordingValentin Gagarin
2023-06-15reword documentation on trusted users and substitutersValentin Gagarin
this is to make it slightly easier to scan over
2023-06-14Fixup description of substituters (#8291)Valentin Gagarin
Introduce what substituters "are" in the configuration option entry. Remove arbitrary line breaks for easier editing in the future. Link glossary some more. Co-authored-by: Robert Hensing <roberth@users.noreply.github.com> Co-authored-by: John Ericson <git@JohnEricson.me>
2023-06-06Merge pull request #8391 from ↵Eelco Dolstra
aneeshusa/remove-wrong-default-value-in-docs-for-hashed-mirrors Remove old default from docs for `hashed-mirrors`
2023-06-02Document manual migration for use-xdg-base-directories (#8044)Alexander Bantyev
* Document manual migration for use-xdg-base-directories As there's currently no automatic migration for use-xdg-base-directories option, add instructions for manual migration to the option's description. Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2023-05-24Remove old default from docs for `hashed-mirrors`Aneesh Agrawal
The `hashed-mirrors` option did use to have this default value, but it was removed and re-added with an empty default value. As the autogenerated docs show the (actual) default values from code, remove this incorrect reference from the docs. I was updating my nix.conf settings after a few years and noticed this.
2023-05-15Merge remote-tracking branch 'upstream/master' into ↵John Ericson
best-effort-supplementary-groups
2023-05-15Merge pull request #8141 from tweag/user-files-docJohn Ericson
Document user files of nix
2023-05-08Create escape hatch for supplementary group sandboxing woesJohn Ericson
There is no obvious good solution for this that has occured to anyone.
2023-05-08removes MaxSubstitutionJobsSettingMatej Urbas
2023-05-07`max-substitution-jobs` settingMatej Urbas
2023-04-26Document user files of nixAlexander Bantyev
2023-04-17Fix some issues with experimental config settingsJohn Ericson
Issues: 1. Features gated on disabled experimental settings should warn and be ignored, not silently succeed. 2. Experimental settings in the same config "batch" (file or env var) as the enabling of the experimental feature should work. 3. For (2), the order should not matter. These are analogous to the issues @roberth caught with my changes for arg handling, but they are instead for config handling. Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2023-04-17Merge pull request #7732 from hercules-ci/make-initLibStore-viable-alternativeJohn Ericson
Make `initLibStore` a viable alternative
2023-04-16Mark experimental configuration settings programmaticallyJohn Ericson
Fix #8162 The test is changed to compare `nlohmann::json` values, not strings of dumped JSON, which allows us to format things more nicely.
2023-04-07libstore: Remove lockCPU dead codeRobert Hensing
Left over from 9747ea84b, https://github.com/NixOS/nix/pull/5821