bb010g/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Commit graph

  • 9dbfe242e3 * Kill a build if it has gone for more than a certain number of seconds without producing output on stdout or stderr (NIX-65). This timeout can be specified using the --max-silent-time' option or the build-max-silent-time' configuration setting. The default is infinity (0). Eelco Dolstra 2006-12-08 15:44:00 +0000
  • d3fe6ab024 * Also for convenience, change the ownership of the build output even in case of failure. Eelco Dolstra 2006-12-08 00:19:50 +0000
  • 096194ab29 * Remove ancient terminology. Eelco Dolstra 2006-12-07 23:58:36 +0000
  • 6833e8bbe8 * When keeping the temporary build directory (-K), change the owner back to the Nix account. Eelco Dolstra 2006-12-07 23:27:40 +0000
  • e24d0201c2 * Doh! Eelco Dolstra 2006-12-07 22:07:05 +0000
  • 2819eb36a4 * Be less verbose. Eelco Dolstra 2006-12-07 21:43:35 +0000
  • 4ca01065c3 * Rename all those main.cc files. Eelco Dolstra 2006-12-07 20:47:30 +0000
  • d03f0d4117 * Check for lchown. Eelco Dolstra 2006-12-07 18:51:11 +0000
  • c3286ec020 * Don't count on the Pid deconstructor to kill the child process, since if we're running a build user in non-root mode, we can't. Let the setuid helper do it. Eelco Dolstra 2006-12-07 17:52:58 +0000
  • a82d80ddeb * Move setuidCleanup() to libutil. Eelco Dolstra 2006-12-07 16:40:41 +0000
  • f76fdb6d42 * If not running as root, let the setuid helper kill the build user's processes before and after the build. Eelco Dolstra 2006-12-07 16:33:31 +0000
  • ec23ecc64d * In the garbage collector, if deleting a path fails, try to fix its ownership, then try again. Eelco Dolstra 2006-12-07 15:54:52 +0000
  • a0a43c3206 * When not running as root, call the setuid helper to change the ownership of the build result after the build. Eelco Dolstra 2006-12-07 15:18:14 +0000
  • 6a07ff1ec0 * Change the ownership of store paths to the Nix account before deleting them using the setuid helper. Eelco Dolstra 2006-12-07 14:14:35 +0000
  • 7d8cf316ee * Pass the actual build user to the setuid helper. Eelco Dolstra 2006-12-07 11:27:32 +0000
  • a45c498e4e * If Nix is not running as root, call the setuid helper to start the builder under the desired build user. Eelco Dolstra 2006-12-07 00:42:30 +0000
  • 813a7c65c9 * Sanity check. Eelco Dolstra 2006-12-07 00:19:27 +0000
  • 6a8e60913a * Move killUser() to libutil so that the setuid helper can use it. Eelco Dolstra 2006-12-07 00:16:07 +0000
  • 79875c5e42 * Change the ownership of the current directory to the build user. Eelco Dolstra 2006-12-06 23:52:25 +0000
  • 62ab131412 * Verify that the desired target user is in the build users group (as specified in the setuid config file). Eelco Dolstra 2006-12-06 23:15:26 +0000
  • f07ac41656 * Check that the caller is allowed to call the setuid helper. The allowed uid is specified in a configuration file in /etc/nix-setuid.conf. Eelco Dolstra 2006-12-06 22:45:41 +0000
  • 173d328351 * Urgh. Eelco Dolstra 2006-12-06 20:19:25 +0000
  • ef281b93c2 * Fix the safety check. Eelco Dolstra 2006-12-06 20:18:29 +0000
  • a14d491f09 * Oops. Eelco Dolstra 2006-12-06 20:16:28 +0000
  • 6e5ec1029a * Get rid of build-users'. We'll just take all the members of build-users-group'. This makes configuration easier: you can just add users in /etc/group. Eelco Dolstra 2006-12-06 20:00:15 +0000
  • 751f6d2157 * nix-setuid-helper: allow running programs under a different uid. Eelco Dolstra 2006-12-06 17:29:10 +0000
  • 9f0efa6611 * Start of the setuid helper (the program that performs the operations that have to be done as root: running builders under different uids, changing ownership of build results, and deleting paths in the store with the wrong ownership). Eelco Dolstra 2006-12-06 01:24:02 +0000
  • 2b558843a2 * Be less chatty. Eelco Dolstra 2006-12-05 19:01:19 +0000
  • 44cad9630f * Urgh. Do setgid() before setuid(), because the semantics of setgid() changes completely depending on whether you're root... Eelco Dolstra 2006-12-05 18:28:15 +0000
  • 6f0d050324 * Tricky: child processes should not send data to the client since that might mess up the protocol. And besides, the socket file descriptor is probably closed. Eelco Dolstra 2006-12-05 18:21:16 +0000
  • 4c1c37d0b6 * FreeBSD returns ESRCH when there are no processes to kill. Eelco Dolstra 2006-12-05 18:07:46 +0000
  • 8d1854c3f1 * Oops! In daemon mode, we can't run as root either if build-users is empty. Eelco Dolstra 2006-12-05 17:44:19 +0000
  • 99655245ae * Use an explicit handler for SIGCHLD, since SIG_IGN doesn't do the right thing on FreeBSD 4 (it leaves zombies). Eelco Dolstra 2006-12-05 17:21:42 +0000
  • 62b0497c0f * Better message. Eelco Dolstra 2006-12-05 16:17:01 +0000
  • c808e6252f * Ugly hack to handle spurious SIGPOLLs. Eelco Dolstra 2006-12-05 15:36:31 +0000
  • fd4a9db91f * Some renaming. Eelco Dolstra 2006-12-05 14:15:51 +0000
  • fc1c20d11b * Redundant. Eelco Dolstra 2006-12-05 13:57:35 +0000
  • a9c4f66cfb * Allow unprivileged users to run the garbage collector and to do nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * nix-store --delete --ignore-liveness': ignore the runtime roots as well. Eelco Dolstra 2006-12-05 02:18:46 +0000
  • 29cf434a35 * The determination of the root set should be made by the privileged process, so forward the operation. * Spam the user about GC misconfigurations (NIX-71). * findRoots: skip all roots that are unreadable - the warnings with which we spam the user should be enough. Eelco Dolstra 2006-12-05 01:31:45 +0000
  • 8623256f48 * findRoots: return a map from the symlink (outside of the store) to the store path (inside the store). Eelco Dolstra 2006-12-05 00:48:36 +0000
  • d27a73b1a9 * In addPermRoot, check that the root that we just registered can be found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores. Eelco Dolstra 2006-12-05 00:34:42 +0000
  • 74033a844f * Add indirect root registration to the protocol so that unprivileged processes can register indirect roots. Of course, there is still the problem that the garbage collector can only read the targets of the indirect roots when it's running as root... Eelco Dolstra 2006-12-04 23:29:16 +0000
  • 0d40f6d7bb * Not every OS knows about SIGPOLL. Eelco Dolstra 2006-12-04 22:58:44 +0000
  • 7751160e9f * Don't redirect stderr. Eelco Dolstra 2006-12-04 19:10:23 +0000
  • 40c3529909 * Handle exceptions and stderr for all protocol functions. * SIGIO -> SIGPOLL (POSIX calls it that). * Use sigaction instead of signal to register the SIGPOLL handler. Sigaction is better defined, and a handler registered with signal appears not to interrupt fcntl(..., F_SETLKW, ...), which is bad. Eelco Dolstra 2006-12-04 17:55:14 +0000
  • 0130ef88ea * Daemon mode (`nix-worker --daemon'). Clients connect to the server via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes. Eelco Dolstra 2006-12-04 17:17:13 +0000
  • 4740baf3a6 * When NIX_REMOTE=daemon, connect to /nix/var/nix/daemon.socket instead of forking a worker. Eelco Dolstra 2006-12-04 14:21:39 +0000
  • f5f0cf423f * Refactoring. Eelco Dolstra 2006-12-04 13:28:14 +0000
  • 052b6fb149 * Pass the verbosity level to the worker. Eelco Dolstra 2006-12-04 13:15:29 +0000
  • 1e16d20655 * Install the worker in bindir, not libexecdir. * Allow the worker path to be overriden through the NIX_WORKER environment variable. Eelco Dolstra 2006-12-04 13:09:16 +0000
  • 9322b399f3 * Doh. Eelco Dolstra 2006-12-03 20:41:22 +0000
  • f4279bcde0 * Don't run setuid root when build-users is empty. * Send startup errors to the client. Eelco Dolstra 2006-12-03 16:25:19 +0000
  • 35247c4c9f * Removed build-allow-root'. * Added build-users-group', the group under which builds are to be performed. * Check that /nix/store has 1775 permission and is owner by the build-users-group. Eelco Dolstra 2006-12-03 15:32:38 +0000
  • 84d6459bd5 * Use setreuid if setresuid is not available. Eelco Dolstra 2006-12-03 14:32:22 +0000
  • a9f9241054 * Handle a subtle race condition: the client closing the socket between the last worker read/write and the enabling of the signal handler. Eelco Dolstra 2006-12-03 03:16:27 +0000
  • 3ed9e4ad9b * Some hardcore magic to handle asynchronous client disconnects. The problem is that when we kill the client while the worker is building, and the builder is not writing anything to stderr, then the worker never notice that the socket is closed on the other side, so it just continues indefinitely. The solution is to catch SIGIO, which is sent when the far side of the socket closes, and simulate an normal interruption. Of course, SIGIO is also sent every time the client sends data over the socket, so we only enable the signal handler when we're not expecting any data... Eelco Dolstra 2006-12-03 03:03:36 +0000
  • 4251f94b32 * Use a Unix domain socket instead of pipes. Eelco Dolstra 2006-12-03 02:36:44 +0000
  • 8c76df93e6 * Better error message if the worker doesn't start. Eelco Dolstra 2006-12-03 02:22:04 +0000
  • 363f40022f * Pid::kill() should be interruptable. Eelco Dolstra 2006-12-03 02:12:26 +0000
  • 7951c3c546 * Some hackery to propagate the worker's stderr and exceptions to the client. Eelco Dolstra 2006-12-03 02:08:13 +0000
  • 714fa24cfb * Run the worker in a separate session to prevent terminal signals from interfering. Eelco Dolstra 2006-12-03 00:52:27 +0000
  • e25fad691a * Move addTempRoot() to the store API, and add another function syncWithGC() to allow clients to register GC roots without needing write access to the global roots directory or the GC lock. Eelco Dolstra 2006-12-02 16:41:36 +0000
  • 30bf547f4f * Doh. Eelco Dolstra 2006-12-02 15:46:17 +0000
  • 536595b072 * Remove most of the old setuid code. * Much simpler setuid code for the worker in slave mode. Eelco Dolstra 2006-12-02 15:45:51 +0000
  • 9c9cdb06d0 * Remove SwitchToOriginalUser, we're not going to need it anymore. Eelco Dolstra 2006-12-02 14:34:14 +0000
  • 626f8ee42f * Clear NIX_REMOTE in the tests. Eelco Dolstra 2006-12-02 14:33:39 +0000
  • 8ba5d32769 * Remove queryPathHash(). * Help for nix-worker. Eelco Dolstra 2006-12-02 14:27:24 +0000
  • fcd9900d74 * Replace read-only calls to addTextToStore. Eelco Dolstra 2006-12-01 21:00:39 +0000
  • a824d58b56 * Merge addToStore and addToStoreFixed. * addToStore now adds unconditionally, it doesn't use readOnlyMode. Read-only operation is up to the caller (who can call computeStorePathForPath). Eelco Dolstra 2006-12-01 20:51:18 +0000
  • ceb982a1be * Right name. Eelco Dolstra 2006-12-01 18:02:05 +0000
  • b0d8e05be1 * More operations. * addToStore() and friends: don't do a round-trip to the worker if we're only interested in the path (i.e., in read-only mode). Eelco Dolstra 2006-12-01 18:00:01 +0000
  • 0565b5f2b3 * More remote operations. * Added new operation hasSubstitutes(), which is more efficient than querySubstitutes().size() > 0. Eelco Dolstra 2006-11-30 22:43:55 +0000
  • aac547a8b3 * Doh. Eelco Dolstra 2006-11-30 21:32:46 +0000
  • 0263279071 * More operations. Eelco Dolstra 2006-11-30 20:45:20 +0000
  • a711689368 * First remote operation: isValidPath(). Eelco Dolstra 2006-11-30 20:13:59 +0000
  • 765bdfe542 * When NIX_REMOTE is set to "slave", fork off nix-worker in slave mode. Presumably nix-worker would be setuid to the Nix store user. The worker performs all operations on the Nix store and database, so the caller can be completely unprivileged. Eelco Dolstra 2006-11-30 19:54:43 +0000
  • 40b3f64b55 * Skeleton of the privileged worker program. * Some refactoring: put the NAR archive integer/string serialisation code in a separate file so it can be reused by the worker protocol implementation. Eelco Dolstra 2006-11-30 19:19:59 +0000
  • 9adc074dc3 * Oops. Eelco Dolstra 2006-11-30 18:35:50 +0000
  • 9cf1948993 * Skeleton of remote store implementation. Eelco Dolstra 2006-11-30 18:35:36 +0000
  • 6ecb840fd1 * Put building in the store API. Eelco Dolstra 2006-11-30 18:02:04 +0000
  • e2ef5e07fd * Refactoring. There is now an abstract interface class StoreAPI containing functions that operate on the Nix store. One implementation is LocalStore, which operates on the Nix store directly. The next step, to enable secure multi-user Nix, is to create a different implementation RemoteStore that talks to a privileged daemon process that uses LocalStore to perform the actual operations. Eelco Dolstra 2006-11-30 17:43:04 +0000
  • 5f0b9de6d8 * Benchmarking Unix domain sockets. Eelco Dolstra 2006-11-30 15:06:46 +0000
  • fe15f991e3 * Troubleshooting information on fixing a b0rked Berkeley DB database. Eelco Dolstra 2006-11-30 11:24:10 +0000
  • 80b742dd52 * Don't spam. Eelco Dolstra 2006-11-29 22:07:49 +0000
  • 92417600a1 * Example script to set permissions for setuid operation. Roy van den Broek 2006-11-29 21:58:09 +0000
  • 71e867c5f5 * Remove --enable-setuid, --with-nix-user and --with-nix-group. Rather, setuid support is now always compiled in (at least on platforms that have the setresuid system call, e.g., Linux and FreeBSD), but it must enabled by chowning/chmodding the Nix binaries. Eelco Dolstra 2006-11-29 21:06:58 +0000
  • c6a97e3b74 * Doh! Path sizes need to be computed recursively of course. (NIX-70) Eelco Dolstra 2006-11-24 20:24:14 +0000
  • a76efaeb3f * Dead files. Eelco Dolstra 2006-11-24 20:07:30 +0000
  • d941186289 * Show more progress. Eelco Dolstra 2006-11-18 19:03:45 +0000
  • 0541ddc7e3 * Turn off synchronisation between C and C++ I/O functions. This gives a huge speedup in operations that read or write from standard input/output. (So libstdc++'s I/O isn't that bad, you just have to call std::ios::sync_with_stdio(false).) For instance, `nix-store --register-substitutes' went from 1.4 seconds to 0.1 seconds on a certain input. Another victory for Valgrind. Eelco Dolstra 2006-11-18 18:56:30 +0000
  • 471749ca7e * Grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr... Eelco Dolstra 2006-11-14 19:18:52 +0000
  • 17d18b1a9c * Doh! Eelco Dolstra 2006-11-14 19:11:36 +0000
  • 0ddaee756e * Doh. Eelco Dolstra 2006-11-14 19:08:46 +0000
  • bce9ff7ece * Use the patched ATerm library. Eelco Dolstra 2006-11-14 15:36:27 +0000
  • 745e354b19 * Push. Eelco Dolstra 2006-11-14 10:23:21 +0000
  • f459a5bb3a * Remove the undocumented `noscan' feature. It's no longer necessary now that reference scanning is sufficiently streamy. Eelco Dolstra 2006-11-13 18:19:05 +0000
  • e2a70b7ec0 * Magic attribute exportReferencesGraph' that allows the references graph to be passed to a builder. This attribute should be a list of pairs [name1 path1 name2 path2 ...]. The references graph of each pathN' will be stored in a text file nameN' in the temporary build directory. The text files have the format used by nix-store --register-validity'. However, the deriver fields are left empty. Eelco Dolstra 2006-11-13 18:18:13 +0000
  • e40d4a5604 * Option --reregister' in nix-store --register-validity'. We need this in the NixOS installer (or in the buildfarm) to ensure that the cryptographic hash of the path contents still matches the actual contents. Eelco Dolstra 2006-11-13 16:48:27 +0000
  • e790404318 * Don't use the result of `uname -p' on x86_64 as it gives wacky results on some machines. (NIX-69) Eelco Dolstra 2006-11-13 14:54:18 +0000
  • 983c5e3fce * Fix the locking patch for Berkeley DB 4.5. Eelco Dolstra 2006-11-07 14:51:28 +0000