lix -

Age	Commit message (Collapse)	Author
2006-12-03	* Don't run setuid root when build-users is empty.	Eelco Dolstra
	* Send startup errors to the client.
2006-12-03	* Handle a subtle race condition: the client closing the socket	Eelco Dolstra
	between the last worker read/write and the enabling of the signal handler.
2006-12-03	* Some hardcore magic to handle asynchronous client disconnects.	Eelco Dolstra
	The problem is that when we kill the client while the worker is building, and the builder is not writing anything to stderr, then the worker never notice that the socket is closed on the other side, so it just continues indefinitely. The solution is to catch SIGIO, which is sent when the far side of the socket closes, and simulate an normal interruption. Of course, SIGIO is also sent every time the client sends data over the socket, so we only enable the signal handler when we're not expecting any data...
2006-12-03	* Some hackery to propagate the worker's stderr and exceptions to the	Eelco Dolstra
	client.
2006-12-03	* Run the worker in a separate session to prevent terminal signals	Eelco Dolstra
	from interfering.
2006-12-02	* Move addTempRoot() to the store API, and add another function	Eelco Dolstra
	syncWithGC() to allow clients to register GC roots without needing write access to the global roots directory or the GC lock.
2006-12-02	* Doh.	Eelco Dolstra

2006-12-02	* Remove queryPathHash().	Eelco Dolstra
	* Help for nix-worker.
2006-12-01	* Merge addToStore and addToStoreFixed.	Eelco Dolstra
	* addToStore now adds unconditionally, it doesn't use readOnlyMode. Read-only operation is up to the caller (who can call computeStorePathForPath).
2006-12-01	* Right name.	Eelco Dolstra

2006-12-01	* More operations.	Eelco Dolstra
	* addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode).
2006-11-30	* More remote operations.	Eelco Dolstra
	* Added new operation hasSubstitutes(), which is more efficient than querySubstitutes().size() > 0.
2006-11-30	* More operations.	Eelco Dolstra

2006-11-30	* First remote operation: isValidPath().	Eelco Dolstra

2006-11-30	* When NIX_REMOTE is set to "slave", fork off nix-worker in slave	Eelco Dolstra
	mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. This is already much more secure than the old setuid scheme, since the worker doesn't need to do Nix expression evaluation and so on. Most importantly, this means that it doesn't need to access any user files, with all resulting security risks; it only performs pure store operations. Once this works, it is easy to move to a daemon model that forks off a worker for connections established through a Unix domain socket. That would be even more secure.
2006-11-30	* Skeleton of the privileged worker program.	Eelco Dolstra
	* Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation.