bbjubjub2494/lix: A modern, delicious implementation of the Nix package manager, focused on correctness, usability, and growth — and committed to doing right by its community

A modern, delicious implementation of the Nix package manager, focused on correctness, usability, and growth — and committed to doing right by its community

Find a file

Eelco Dolstra 6cf23c3e8f Add allow-new-privileges option This allows builds to call setuid binaries. This was previously possible until we started using seccomp. Turns out that seccomp by default disallows processes from acquiring new privileges. Generally, any use of setuid binaries (except those created by the builder itself) is by definition impure, but some people were relying on this ability for certain tests. Example: $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --no-allow-new-privileges builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 2 log lines: cannot raise the capability into the Ambient set : Operation not permitted $ nix build '(with import <nixpkgs> {}; runCommand "foo" {} "/run/wrappers/bin/ping -c 1 8.8.8.8; exit 1")' --allow-new-privileges builder for ‘/nix/store/j0nd8kv85hd6r4kxgnwzvr0k65ykf6fv-foo.drv’ failed with exit code 1; last 6 log lines: PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=15.2 ms Fixes #1429.		2017-07-04 15:48:25 +02:00
config	Add config.guess, config.sub and install-sh	2013-11-25 11:26:02 +00:00
corepkgs	<nix/fetchurl.nix>: Support sha512 argument	2017-07-04 14:45:50 +02:00
doc/manual	Add allow-new-privileges option	2017-07-04 15:48:25 +02:00
maintainers	Update upload-release script	2017-01-03 11:42:56 +01:00
misc	Provide a builtin default for $NIX_SSL_CERT_FILE	2017-06-12 16:44:43 +02:00
mk	set _GNU_SOURCE on cygwin	2017-04-21 11:27:27 -03:00
perl	Support base-64 hashes	2017-07-04 15:07:41 +02:00
scripts	nix-profile.sh: remove sbin from PATH	2017-05-07 07:41:19 +01:00
src	Add allow-new-privileges option	2017-07-04 15:48:25 +02:00
tests	Support base-64 hashes	2017-07-04 15:07:41 +02:00
.dir-locals.el	Add .dir-locals.el for Emacs	2016-01-28 11:12:04 +01:00
.editorconfig	Add .editorconfig	2017-06-05 22:57:28 +01:00
.gitignore	Always use the Darwin sandbox	2017-06-06 18:44:49 +02:00
bootstrap.sh	bootstrap: Simplify & make more robust.	2011-09-06 12:11:05 +00:00
configure.ac	Add a seccomp filter to prevent creating setuid/setgid binaries	2017-05-29 16:14:10 +02:00
COPYING	* Change this to LGPL to keep the government happy.	2006-04-25 16:41:06 +00:00
local.mk	Shut up some warnings	2017-04-14 14:42:20 +02:00
Makefile	Merge branch 'remove-perl' of https://github.com/shlevy/nix	2017-03-31 14:13:32 +02:00
Makefile.config.in	Add --with-sandbox-shell configure flag	2017-05-15 17:36:32 +02:00
nix.spec.in	RPM, Deb: Add dependency on libseccomp	2017-06-01 14:28:21 +02:00
README.md	Fix minor grammatical nitpick ("it's" vs. "its") in `README.md`.	2017-03-22 10:11:23 -04:00
release-common.nix	Only pass --with-sandbox-shell on Linux	2017-05-30 15:56:15 +02:00
release.nix	Let hydra choose an alternate list of systems	2017-06-19 14:21:06 -04:00
shell.nix	Add a seccomp filter to prevent creating setuid/setgid binaries	2017-05-29 16:14:10 +02:00
version	Bump	2016-01-20 16:34:37 +01:00

README.md

Nix, the purely functional package manager

Nix is a new take on package management that is fairly unique. Because of its purity aspects, a lot of issues found in traditional package managers don't appear with Nix.

To find out more about the tool, usage and installation instructions, please read the manual, which is available on the Nix website at http://nixos.org/nix/manual.

Contributing

Take a look at the Hacking Section of the manual. It helps you to get started with building Nix from source.

License

Nix is released under the LGPL v2.1

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.