| Age | Commit message (Collapse) | Author |
|---|
|
|
|
signal. This is necessary because those processes may have joined
the BDB environment, so they have to be given a chance to clean up.
(NIX-85)
|
|
checking to be turned off on machines with way too many roots.
|
|
|
|
openssl through $PATH at runtime.
|
|
|
|
|
|
under the references relation. This is useful for commands that
want to copy paths to another Nix store in the right order.
|
|
|
|
always requires a signature on the archive. This is to ensure that
unprivileged users cannot add Trojan horses to the Nix store.
|
|
|
|
* exportPath(): lock the path, use a transaction.
|
|
--export' into the Nix store, and optionally check the cryptographic
signatures against /nix/etc/nix/signing-key.pub. (TODO: verify
against a set of public keys.)
|
|
in /nix/etc/nix/signing-key.sec
|
|
path. This is like `nix-store --dump', only it also dumps the
meta-information of the store path (references, deriver). Will add
a `--sign' flag later to add a cryptographic signature, which we
will use for exchanging store paths between build farm machines in a
secure manner.
|
|
|
|
|
|
computing the store path (NIX-77). This is an important security
property in multi-user Nix stores.
Note that this changes the store paths of derivations (since the
derivation aterms are added using addTextToStore), but not most
outputs (unless they use builtins.toFile).
|
|
|
|
important to get garbage collection to work if there is any
inconsistency in the database (because the referrer table is used to
determine whether it is safe to delete a path).
* `nix-store --verify': show some progress.
|
|
errors: in-use paths now cause a warning, not a fatal error.
|
|
from a source directory. All files for which a predicate function
returns true are copied to the store. Typical example is to leave
out the .svn directory:
stdenv.mkDerivation {
...
src = builtins.filterSource
(path: baseNameOf (toString path) != ".svn")
./source-dir;
# as opposed to
# src = ./source-dir;
}
This is important because the .svn directory influences the hash in
a rather unpredictable and variable way.
|
|
matters when running as root, since then we don't use the setuid
helper (which already used lchown()).
* Also check for an obscure security problem on platforms that don't
have lchown. Then we can't change the ownership of symlinks, which
doesn't matter *except* when the containing directory is writable by
the owner (which is the case with the top-level Nix store directory).
|
|
|
|
very carefully, since it can invalidate iterators into the
`children' map.
|
|
* Throw more exceptions as BuildErrors instead of Errors. This
matters when --keep-going is turned on. (A BuildError is caught
and terminates the goal in question, an Error terminates the
program.)
|
|
seconds without producing output on stdout or stderr (NIX-65). This
timeout can be specified using the `--max-silent-time' option or the
`build-max-silent-time' configuration setting. The default is
infinity (0).
* Fix a tricky race condition: if we kill the build user before the
child has done its setuid() to the build user uid, then it won't be
killed, and we'll potentially lock up in pid.wait(). So also send a
conventional kill to the child.
|
|
in case of failure.
|
|
|
|
back to the Nix account.
|
|
|
|
since if we're running a build user in non-root mode, we can't. Let
the setuid helper do it.
|
|
processes before and after the build.
|
|
ownership, then try again.
|
|
ownership of the build result after the build.
|
|
deleting them using the setuid helper.
|
|
|
|
builder under the desired build user.
|
|
|
|
|
|
`build-users-group'. This makes configuration easier: you can just
add users in /etc/group.
|
|
that have to be done as root: running builders under different uids,
changing ownership of build results, and deleting paths in the store
with the wrong ownership).
|
|
|
|
changes completely depending on whether you're root...
|
|
|
|
|
|
`nix-store --delete'. But unprivileged users are not allowed to
ignore liveness.
* `nix-store --delete --ignore-liveness': ignore the runtime roots as
well.
|
|
process, so forward the operation.
* Spam the user about GC misconfigurations (NIX-71).
* findRoots: skip all roots that are unreadable - the warnings with
which we spam the user should be enough.
|
|
the store path (inside the store).
|
|
found by the garbage collector. This addresses NIX-71 and is a
particular concern in multi-user stores.
|
