Eelco Dolstra
ff6becafa8
Require seccomp only in multi-user setups
2017-05-30 12:37:04 +02:00
Eelco Dolstra
1d9ab273ba
Add test for setuid seccomp filter
2017-05-29 16:14:10 +02:00
Eelco Dolstra
cf93397d3f
Fix seccomp initialisation on i686-linux
2017-05-29 16:14:10 +02:00
Eelco Dolstra
6cc6c15a2d
Add a seccomp filter to prevent creating setuid/setgid binaries
...
This prevents builders from setting the S_ISUID or S_ISGID bits,
preventing users from using a nixbld* user to create a setuid/setgid
binary to interfere with subsequent builds under the same nixbld* uid.
This is based on aszlig's seccomp code
(47f587700d
).
Reported by Linus Heckemann.
2017-05-29 16:14:10 +02:00
Eelco Dolstra
6e01ecd112
Fix nix-copy-closure test
...
Fixes
client# error: size mismatch importing path ‘/nix/store/ywf5fihjlxwijm6ygh6s0a353b5yvq4d-libidn2-0.16’; expected 0, got 120264
This is mostly an artifact of the NixOS VM test environment, where the
Nix database doesn't contain hashes/sizes.
http://hydra.nixos.org/build/53537471
2017-05-29 16:08:56 +02:00
Eelco Dolstra
588dad4084
Fix build failure on Debian/Ubuntu
...
http://hydra.nixos.org/build/53537463
2017-05-29 15:59:18 +02:00
Eelco Dolstra
63145be2a5
Fix typo
2017-05-29 15:52:36 +02:00
Eelco Dolstra
d6064dd19b
Merge pull request #1393 from pyrtsa/patch-1
...
Fix variable name typo in derivations doc
2017-05-29 11:32:06 +02:00
Eelco Dolstra
2740a22d2c
Merge pull request #1394 from pyrtsa/patch-2
...
Remove stray `>` in builtins doc
2017-05-29 11:31:40 +02:00
Pyry Jahkola
370428f86d
Remove stray >
in builtins doc
2017-05-28 20:47:35 +03:00
Pyry Jahkola
86ea7d1566
Fix variable name typo in derivations doc
2017-05-28 15:48:57 +03:00
Eelco Dolstra
a7e55151a8
Fix #1314
...
Also, make nix-shell respect --option. (Previously it only passed it
along to nix-instantiate and nix-build.)
2017-05-24 11:33:42 +02:00
Eelco Dolstra
fbe9fe0e75
Merge branch 'topic/cores-master' of https://github.com/neilmayhew/nix
2017-05-24 11:28:36 +02:00
Eelco Dolstra
9e43a4a041
Merge pull request #1376 from Mic92/patch-1
...
nix-profile.sh: remove sbin from PATH
2017-05-24 11:25:32 +02:00
Eelco Dolstra
9711524188
Fix #1380
...
It lacked a backslash. Use a raw string and single quotes around PS1
to simplify this.
2017-05-24 11:23:28 +02:00
Eelco Dolstra
01200d07d2
Merge branch 'prompt-terminator' of https://github.com/lheckemann/nix
2017-05-24 11:22:48 +02:00
Eelco Dolstra
b303ad012c
Merge pull request #1382 from FRidh/patch-1
...
Document fetchTarball can take a sha256
2017-05-24 11:07:36 +02:00
Eelco Dolstra
edbb105e98
Merge branch 'nar-accessor-tree' of https://github.com/bennofs/nix
2017-05-24 11:04:43 +02:00
Eelco Dolstra
f134fc4cbe
Document that builtins.match takes a POSIX extended RE
2017-05-17 12:18:18 +02:00
Eelco Dolstra
e46090edb1
builtins.match: Improve error message for bad regular expression
...
Issue #1331 .
2017-05-17 11:58:01 +02:00
Eelco Dolstra
b01d62285c
Improve progress indicator
2017-05-16 16:09:57 +02:00
Benno Fünfstück
a1f428b13b
nar-accessor.cc: remove unused member NarIndexer::currentName
2017-05-15 19:41:59 +02:00
Benno Fünfstück
5ee06e612a
nar-accessor: non-recursive NarMember::find
...
This avoids a possible stack overflow if directories are very deeply nested.
2017-05-15 19:34:18 +02:00
Eelco Dolstra
e80257f122
Simplify fixed-output check
2017-05-15 18:50:54 +02:00
Eelco Dolstra
c05d9ae7a5
Disallow outputHash being null or an empty string
...
Fixes #1384 .
2017-05-15 18:47:13 +02:00
Eelco Dolstra
a2d92bb20e
Add --with-sandbox-shell configure flag
...
And add a 116 KiB ash shell from busybox to the release build. This
helps to make sandbox builds work out of the box on non-NixOS systems
and with diverted stores.
2017-05-15 17:36:32 +02:00
Eelco Dolstra
b30f5784d0
Linux sandbox: Don't barf on invalid paths
...
This is useful when we're using a diverted store (e.g. "--store
local?root=/tmp/nix") in conjunction with a statically-linked sh from
the host store (e.g. "sandbox-paths =/bin/sh=/nix/store/.../bin/busybox").
2017-05-15 17:36:32 +02:00
Eelco Dolstra
2b761d5f50
Make fmt() non-recursive
2017-05-15 17:36:32 +02:00
Benno Fünfstück
4412f7c083
nar-archive.cc: add tests for the nar index
2017-05-15 12:23:21 +02:00
Eelco Dolstra
0124d118ef
Merge pull request #1387 from bennofs/nix-ls-slash
...
nix ls: support '/' for the root directory
2017-05-15 11:02:14 +02:00
Benno Fünfstück
06880d7ed8
nix ls: support '/' for the root directory
2017-05-15 10:25:55 +02:00
Benno Fünfstück
75a1d9849d
nar-accessor: use tree, fixes readDirectory missing children
...
Previously, if a directory `foo` existed and a file `foo-` (where `-` is any character that is sorted before `/`), then `readDirectory` would return an empty list.
To fix this, we now use a tree where we can just access the children of the node, and do not need to rely on sorting behavior to list the contents of a directory.
2017-05-15 10:23:16 +02:00
Eelco Dolstra
510bc1735b
Add an option for extending the user agent header
...
This is useful e.g. for distinguishing traffic to a binary cache
(e.g. certain machines can use a different tag in the user agent).
2017-05-11 15:10:22 +02:00
Eelco Dolstra
62d476c7ee
Fix typo
2017-05-11 14:02:03 +02:00
Eelco Dolstra
ea65ae0f9c
Tweak error message
2017-05-11 13:59:47 +02:00
Eelco Dolstra
1a8e15053a
Don't allow untrusted users to set info.ultimate
...
Note that a trusted signature was still required in this case so it
was not a huge deal.
2017-05-11 13:58:09 +02:00
Frederik Rietdijk
2b2de5ef6a
Document fetchTarball can take a sha256
...
Note that I refer to `nix-prefetch-url`.
2017-05-11 13:38:13 +02:00
Eelco Dolstra
6f245bf24a
Change the meaning of info.ultimate
...
It now means "paths that were built locally". It no longer includes
paths that were added locally. For those we don't need info.ultimate,
since we have the content-addressability assertion (info.ca).
2017-05-11 13:31:23 +02:00
Eelco Dolstra
45d7b1a9e9
LocalStore::addToStore(): Check info.narSize
...
It allowed the client to specify bogus narSize values. In particular,
Downloader::downloadCached wasn't setting narSize at all.
2017-05-11 13:26:03 +02:00
Eelco Dolstra
1fd59447d5
Typo
2017-05-10 18:38:17 +02:00
Eelco Dolstra
c5f23f10a8
Replace readline by linenoise
...
Using linenoise avoids a license compatibility issue (#1356 ), is a lot
smaller and doesn't pull in ncurses.
2017-05-10 18:37:42 +02:00
Linus Heckemann
d48edcc3a5
nix-shell: use appropriate prompt terminator
...
If running nix-shell as root, the terminator should be # and not $.
2017-05-10 12:03:45 +01:00
Domen Kožar
82a9c93c7f
doc: builtins.attrNames returns alphabetically sorted list
2017-05-10 11:23:12 +02:00
Eelco Dolstra
03ae5e6459
Add "nix edit" command
...
This is a little convenience command that opens the Nix expression of
the specified package. For example,
nix edit nixpkgs.perlPackages.Moose
opens <nixpkgs/pkgs/top-level/perl-packages.nix> in $EDITOR (at the
right line number for some editors).
This requires the package to have a meta.position attribute.
2017-05-08 18:42:30 +02:00
Eelco Dolstra
7689181e4f
Minor cleanup
2017-05-08 15:56:52 +02:00
Eelco Dolstra
00b286275c
Linux sandbox: Fix compatibility with older kernels
2017-05-08 15:42:59 +02:00
Eelco Dolstra
ebfceeb333
build-remote: Check remote build status
2017-05-08 14:27:12 +02:00
Eelco Dolstra
0a97eb6bd7
Remove superfluous #ifdef
2017-05-08 11:27:20 +02:00
Jörg Thalheim
542fe0d8f3
nix-profile.sh: remove sbin from PATH
...
sbin is a symlink to bin.
profiles only contains packages, which have this symlink.
It is a subset of bin.
related to https://github.com/NixOS/nixpkgs/pull/25550
2017-05-07 07:41:19 +01:00
Eelco Dolstra
bb50c89319
Make the location of the build directory in the sandbox configurable
...
This is mostly for use in the sandbox tests, since if the Nix store is
under /build, then we can't use /build as the build directory.
2017-05-05 17:45:22 +02:00