aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2013-03-07Prevent config.h from being clobberedEelco Dolstra
2013-02-28Handle systems without lutimes() or lchown()Eelco Dolstra
2013-02-28Handle symlinks properlyEelco Dolstra
Now it's really brown paper bag time...
2013-02-27Handle hard links to other files in the outputEelco Dolstra
2013-02-27Refactoring: Split off the non-recursive canonicalisePathMetaData()Eelco Dolstra
Also, change the file mode before changing the owner. This prevents a slight time window in which a setuid binary would be setuid root.
2013-02-26Security: Don't allow builders to change permissions on files they don't ownEelco Dolstra
It turns out that in multi-user Nix, a builder may be able to do ln /etc/shadow $out/foo Afterwards, canonicalisePathMetaData() will be applied to $out/foo, causing /etc/shadow's mode to be set to 444 (readable by everybody but writable by nobody). That's obviously Very Bad. Fortunately, this fails in NixOS's default configuration because /nix/store is a bind mount, so "ln" will fail with "Invalid cross-device link". It also fails if hard-link restrictions are enabled, so a workaround is: echo 1 > /proc/sys/fs/protected_hardlinks The solution is to check that all files in $out are owned by the build user. This means that innocuous operations like "ln ${pkgs.foo}/some-file $out/" are now rejected, but that already failed in chroot builds anyway.
2013-02-19build-remote: Use the --quiet flagEelco Dolstra
‘--option verbosity 0’ doesn't actually do anything.
2013-02-19Add `Settings::nixDaemonSocketFile'.Ludovic Courtès
2013-02-19Enable chroot support on old glibc versions.Ludovic Courtès
2013-02-08Make "${./path} ..." evaluate to a string, not a pathEelco Dolstra
Wacky string coercion semantics caused expressions like exec = "${./my-script} params..."; to evaluate to a path (‘/path/my-script params’), because anti-quotations are desuged to string concatenation: exec = ./my-script + " params..."; By constrast, adding a space at the start would yield a string as expected: exec = " ${./my-script} params..."; Now the first example also evaluates to a string.
2013-02-08Rename "hash" to "hashString" and handle SHA-1Eelco Dolstra
2013-02-08experimental/hashMarc Weber
adding primop function calculating hash of a string Signed-off-by: Marc Weber <marco-oweber@gmx.de>
2013-01-30Support the coloniesEelco Dolstra
2013-01-23Only warn about SQLite being busy onceEelco Dolstra
No need to get annoying.
2013-01-22Correctly handle missing logsEelco Dolstra
2013-01-17Store build logs in /nix/var/log/nix/drvs/<XX>Eelco Dolstra
...where <XX> is the first two characters of the derivation. Otherwise /nix/var/log/nix/drvs may become so large that we run into all sorts of weird filesystem limits/inefficiences. For instance, ext3/ext4 filesystems will barf with "ext4_dx_add_entry:1551: Directory index full!" once you hit a few million files.
2013-01-05Delete a left-over trash directory before doing a GCEelco Dolstra
2013-01-04Fix "0 store paths deleted" messageEelco Dolstra
2013-01-03Open the database after removing immutable bitsEelco Dolstra
2013-01-03Remove tabsEelco Dolstra
2013-01-03Clear any immutable bits in the Nix storeEelco Dolstra
Doing this once makes subsequent operations like garbage collecting more efficient since we don't have to call makeMutable() first.
2013-01-02If a substitute closure is incomplete, build dependencies, then retry the ↵Eelco Dolstra
substituter Issue #77.
2013-01-02Automatically fall back if the references of a substitute are not substitutableEelco Dolstra
Fixes #77.
2012-12-29nix-build: Support talking to old daemonsEelco Dolstra
Fixes #76.
2012-12-29Allow mounting a path in a different location in the chrootEelco Dolstra
Fixes #24.
2012-12-20nix-store -q --roots: Respect the gc-keep-outputs/gc-keep-derivations settingsEelco Dolstra
So if a path is not garbage solely because it's reachable from a root due to the gc-keep-outputs or gc-keep-derivations settings, ‘nix-store -q --roots’ now shows that root.
2012-12-20Yet another rewrite of the garbage collectorEelco Dolstra
But this time it's *obviously* correct! No more segfaults due to infinite recursions for sure, etc. Also, move directories to /nix/store/trash instead of renaming them to /nix/store/bla-gc-<pid>. Then we can just delete /nix/store/trash at the end.
2012-12-19If gc-keep-derivations is set, only keep the actual deriverEelco Dolstra
This prevents zillions of derivations from being kept, and fixes an infinite recursion in the garbage collector (due to an obscure cycle that can occur with fixed-output derivations).
2012-12-19Kill the build hook rather than shutting it down cleanlyEelco Dolstra
Waiting for the hook to shut down cleanly sometimes seems to lead to hangs.
2012-12-18Revert brain fartEelco Dolstra
This reverts commit cc511fd65b7b6de9e87e72fb4bed16fc7efeb8b7.
2012-12-18Check for potential infinite select() loops when buildingEelco Dolstra
2012-12-13fix use-after-free bug in mkString(Value&, Symbol&)Stuart Pernsteiner
2012-12-12Allow setting the profile location using $NIX_PROFILEEelco Dolstra
Fixes #69.
2012-12-11On SQLITE_BUSY, wait a random amount of timeEelco Dolstra
If all contending processes wait a fixed amount of time (100 ms), there is a good probability that they'll just collide again.
2012-12-04Tiny optimisation in the filter primopEelco Dolstra
2012-12-04nix-env: Install all outputs of a derivationEelco Dolstra
If you explicitly install a package, presumably you want all of it. So symlink all outputs in the user environment.
2012-12-03Fix the ‘--prebuilt-only’ flagEelco Dolstra
2012-12-03WhitespaceEelco Dolstra
2012-11-28nix-env -q --out-path: Support multiple outputsEelco Dolstra
We now print all output paths of a package, e.g. openssl-1.0.0i bin=/nix/store/gq2mvh0wb9l90djvsagln3aqywqmr6vl-openssl-1.0.0i-bin;man=/nix/store/7zwf5r5hsdarl3n86dasvb4chm2xzw9n-openssl-1.0.0i-man;/nix/store/cj7xvk7fjp9q887359j75pw3pzjfmqf1-openssl-1.0.0i or (in XML mode) <item attrPath="openssl" name="openssl-1.0.0i" system="x86_64-linux"> <output name="bin" path="/nix/store/gq2mvh0wb9l90djvsagln3aqywqmr6vl-openssl-1.0.0i-bin" /> <output name="man" path="/nix/store/7zwf5r5hsdarl3n86dasvb4chm2xzw9n-openssl-1.0.0i-man" /> <output name="out" path="/nix/store/cj7xvk7fjp9q887359j75pw3pzjfmqf1-openssl-1.0.0i" /> </item>
2012-11-27Optionally ignore null-valued derivation attributesEelco Dolstra
This allows adding attributes like attr = if stdenv.system == "bla" then something else null; without changing the resulting derivation on non-<bla> platforms. We once considered adding a special "ignore" value for this purpose, but using null seems more elegant.
2012-11-27Add builtin constants ‘langVersion’ and ‘nixVersion’Eelco Dolstra
The integer constant ‘langVersion’ denotes the current language version. It gets increased every time a language feature is added/changed/removed. It's currently 1. The string constant ‘nixVersion’ contains the current Nix version, e.g. "1.2pre2980_9de6bc5".
2012-11-26queryMissing(): Handle partially valid derivationsEelco Dolstra
2012-11-26nix-instantiate: Fix read-only evaluationEelco Dolstra
2012-11-26Only substitute wanted outputs of a derivationEelco Dolstra
If a derivation has multiple outputs, then we only want to download those outputs that are actuallty needed. So if we do "nix-build -A openssl.man", then only the "man" output should be downloaded. Likewise if another package depends on ${openssl.man}. The tricky part is that different derivations can depend on different outputs of a given derivation, so we may need to restart the corresponding derivation goal if that happens.
2012-11-26Make "nix-build -A <derivation>.<output>" do the right thingEelco Dolstra
For example, given a derivation with outputs "out", "man" and "bin": $ nix-build -A pkg produces ./result pointing to the "out" output; $ nix-build -A pkg.man produces ./result-man pointing to the "man" output; $ nix-build -A pkg.all produces ./result, ./result-man and ./result-bin; $ nix-build -A pkg.all -A pkg2 produces ./result, ./result-man, ./result-bin and ./result-2.
2012-11-20nix-store -r: Add ‘--ignore-unknown’ flagEelco Dolstra
This flag causes paths that do not have a known substitute to be quietly ignored. This is mostly useful for Charon, allowing it to speed up deployment by letting a machine use substitutes for all substitutable paths, instead of uploading them. The latter is frequently faster, e.g. if the target machine has a fast Internet connection while the source machine is on a slow ADSL line.
2012-11-19nix-store -r: Don't quietly ignore missing pathsEelco Dolstra
2012-11-15Revert "prim_toPath: Actually make the string a path"Eelco Dolstra
This reverts commit 2980d1fba97069805c3649c5d99d0356bce6c303. It causes a regression in NixOS evaluation: string `/nix/store/ya3s5gmj3b28170fpbjhgsk8wzymkpa1-pommed-1.39/etc/pommed.conf' cannot refer to other paths
2012-11-15Disable use of vfork()Eelco Dolstra
vfork() is just too weird. For instance, in this build: http://hydra.nixos.org/build/3330487 the value fromHook.writeSide becomes corrupted in the parent, even though the child only reads from it. At -O0 the problem goes away. Probably the child is overriding some spilled temporary variable. If I get bored I may implement using posix_spawn() instead.
2012-11-15Don't use std::cerr in a few placesEelco Dolstra
Slightly scared of using std::cerr in a vforked process...