aboutsummaryrefslogtreecommitdiff
path: root/src/libstore
AgeCommit message (Collapse)Author
2017-05-30Darwin sandbox: Disallow creating setuid/setgid binariesEelco Dolstra
Suggested by Daiderd Jordan.
2017-05-30Fix seccomp build failure on clangEelco Dolstra
Fixes src/libstore/build.cc:2321:45: error: non-constant-expression cannot be narrowed from type 'int' to 'scmp_datum_t' (aka 'unsigned long') in initializer list [-Wc++11-narrowing]
2017-05-30Shut up some clang warningsEelco Dolstra
2017-05-30Add a seccomp rule to disallow setxattr()Eelco Dolstra
2017-05-30canonicalisePathMetaData(): Remove extended attributes / ACLsEelco Dolstra
EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an ACL allows a builder to create writable files in the Nix store. So get rid of them. Closes #185.
2017-05-30Require seccomp only in multi-user setupsEelco Dolstra
2017-05-29Fix seccomp initialisation on i686-linuxEelco Dolstra
2017-05-29Add a seccomp filter to prevent creating setuid/setgid binariesEelco Dolstra
This prevents builders from setting the S_ISUID or S_ISGID bits, preventing users from using a nixbld* user to create a setuid/setgid binary to interfere with subsequent builds under the same nixbld* uid. This is based on aszlig's seccomp code (47f587700d646f5b03a42f2fa57c28875a31efbe). Reported by Linus Heckemann.
2017-05-29Fix nix-copy-closure testEelco Dolstra
Fixes client# error: size mismatch importing path ‘/nix/store/ywf5fihjlxwijm6ygh6s0a353b5yvq4d-libidn2-0.16’; expected 0, got 120264 This is mostly an artifact of the NixOS VM test environment, where the Nix database doesn't contain hashes/sizes. http://hydra.nixos.org/build/53537471
2017-05-29Fix typoEelco Dolstra
2017-05-24Merge branch 'nar-accessor-tree' of https://github.com/bennofs/nixEelco Dolstra
2017-05-16Improve progress indicatorEelco Dolstra
2017-05-15nar-accessor.cc: remove unused member NarIndexer::currentNameBenno Fünfstück
2017-05-15nar-accessor: non-recursive NarMember::findBenno Fünfstück
This avoids a possible stack overflow if directories are very deeply nested.
2017-05-15Simplify fixed-output checkEelco Dolstra
2017-05-15Add --with-sandbox-shell configure flagEelco Dolstra
And add a 116 KiB ash shell from busybox to the release build. This helps to make sandbox builds work out of the box on non-NixOS systems and with diverted stores.
2017-05-15Linux sandbox: Don't barf on invalid pathsEelco Dolstra
This is useful when we're using a diverted store (e.g. "--store local?root=/tmp/nix") in conjunction with a statically-linked sh from the host store (e.g. "sandbox-paths =/bin/sh=/nix/store/.../bin/busybox").
2017-05-15nar-accessor: use tree, fixes readDirectory missing childrenBenno Fünfstück
Previously, if a directory `foo` existed and a file `foo-` (where `-` is any character that is sorted before `/`), then `readDirectory` would return an empty list. To fix this, we now use a tree where we can just access the children of the node, and do not need to rely on sorting behavior to list the contents of a directory.
2017-05-11Add an option for extending the user agent headerEelco Dolstra
This is useful e.g. for distinguishing traffic to a binary cache (e.g. certain machines can use a different tag in the user agent).
2017-05-11Fix typoEelco Dolstra
2017-05-11Tweak error messageEelco Dolstra
2017-05-11Change the meaning of info.ultimateEelco Dolstra
It now means "paths that were built locally". It no longer includes paths that were added locally. For those we don't need info.ultimate, since we have the content-addressability assertion (info.ca).
2017-05-11LocalStore::addToStore(): Check info.narSizeEelco Dolstra
It allowed the client to specify bogus narSize values. In particular, Downloader::downloadCached wasn't setting narSize at all.
2017-05-08Minor cleanupEelco Dolstra
2017-05-08Linux sandbox: Fix compatibility with older kernelsEelco Dolstra
2017-05-08Remove superfluous #ifdefEelco Dolstra
2017-05-05Make the location of the build directory in the sandbox configurableEelco Dolstra
This is mostly for use in the sandbox tests, since if the Nix store is under /build, then we can't use /build as the build directory.
2017-05-04Linux sandbox: Use /build instead of /tmp as $TMPDIREelco Dolstra
There is a security issue when a build accidentally stores its $TMPDIR in some critical place, such as an RPATH. If TMPDIR=/tmp/nix-build-..., then any user on the system can recreate that directory and inject libraries into the RPATH of programs executed by other users. Since /build probably doesn't exist (or isn't world-writable), this mitigates the issue.
2017-05-02LocalStoreAccessor: Fix handling of diverted storesEelco Dolstra
2017-05-02Replace $NIX_REMOTE_SYSTEMS with an option "builder-files"Eelco Dolstra
Also, to unify with hydra-queue-runner, allow it to be a list of files.
2017-05-02build-remote: Fix fallback to other machines when connecting failsEelco Dolstra
Opening an SSHStore or LegacySSHStore does not actually establish a connection, so the try/catch block here did nothing. Added a Store::connect() method to test whether a connection can be established.
2017-05-02Add an option for specifying remote buildersEelco Dolstra
This is useful for one-off situations where you want to specify a builder on the command line instead of having to mess with nix.machines. E.g. $ nix-build -A hello --argstr system x86_64-darwin \ --option builders 'root@macstadium1 x86_64-darwin' will perform the specified build on "macstadium1". It also removes the need for a separate nix.machines file since you can specify builders in nix.conf directly. (In fact nix.machines is yet another hack that predates the general nix.conf configuration file, IIRC.) Note: this option is supported by the daemon for trusted users. The fact that this allows trusted users to specify paths to SSH keys to which they don't normally have access is maybe a bit too much trust...
2017-05-02Factor out machines.conf parsingEelco Dolstra
This allows hydra-queue-runner to use it.
2017-05-02build-hook: If there are no machines defined, quit permanentlyEelco Dolstra
2017-05-02build-remote: Ugly hackery to get build logs to workEelco Dolstra
The build hook mechanism expects build log output to go to file descriptor 4, so do that.
2017-05-01build-remote: Don't require signaturesEelco Dolstra
This restores the old behaviour.
2017-05-01Support arbitrary store URIs in nix.machinesEelco Dolstra
For backwards compatibility, if the URI is just a hostname, ssh:// (i.e. LegacySSHStore) is prepended automatically. Also, all fields except the URI are now optional. For example, this is a valid nix.machines file: local?root=/tmp/nix This is useful for testing the remote build machinery since you don't have to mess around with ssh.
2017-05-01Implement LegacySSHStore::buildDerivation()Eelco Dolstra
This makes LegacySSHStore usable by build-remote and hydra-queue-runner.
2017-05-01Chomp log output from the build hookEelco Dolstra
2017-05-01Remove $NIX_BUILD_HOOK and $NIX_CURRENT_LOADEelco Dolstra
This is to simplify remote build configuration. These environment variables predate nix.conf. The build hook now has a sensible default (namely build-remote). The current load is kept in the Nix state directory now.
2017-05-01build-remote: Don't copy the .drv closureEelco Dolstra
Since build-remote uses buildDerivation() now, we don't need to copy the .drv file anymore. This greatly reduces the set of input paths copied to the remote side (e.g. from 392 to 51 store paths for GNU hello on x86_64-darwin).
2017-05-01Pass verbosity level to build hookEelco Dolstra
2017-05-01Reduce severity of EMLINK warningsEelco Dolstra
Fixes #1357.
2017-05-01Add a dummy Store::buildPaths() methodEelco Dolstra
This default implementation of buildPaths() does nothing if all requested paths are already valid, and throws an "unsupported operation" error otherwise. This fixes a regression introduced by c30330df6f67c81986dfb124631bc756c8e58c0d in binary cache and legacy SSH stores.
2017-04-28Fix brainfartEelco Dolstra
2017-04-26Add Store nesting to fix import-from-derivation within filterSourceShea Levy
2017-04-24Remove debug statementEelco Dolstra
2017-04-20Detect lsofEelco Dolstra
Also, don't use lsof on Linux since it's not needed. Fixes #1328.
2017-04-20Improve nix show-config --jsonEelco Dolstra
In particular, show descriptions. This could be used for manpage generation etc.
2017-04-20Setting: Remove "Tag" template argumentEelco Dolstra