1
0
Fork 0
forked from lix-project/lix
Commit graph

23 commits

Author SHA1 Message Date
Eelco Dolstra 2d35116c13 * Setuid support for sharing a Nix installation between multiple
users.

  If the configure flag `--enable-setuid' is used, the Nix programs
  nix-env, nix-store, etc. are installed with the setuid bit turned on
  so that they are executed as the user and group specified by
  `--with-nix-user=USER' and `--with-nix-group=GROUP', respectively
  (with defaults `nix' and `nix').

  The setuid programs drop all special privileges if they are executed
  by a user who is not a member of the Nix group.

  The setuid feature is a quick hack to enable sharing of a Nix
  installation between users who trust each other.  It is not
  generally secure, since any user in the Nix group can modify (by
  building an appropriate derivation) any object in the store, and for
  instance inject trojans into binaries used by other users.

  The setuid programs are owned by root, not the Nix user.  This is
  because on Unix normal users cannot change the real uid, only the
  effective uid.  Many programs don't work properly when the real uid
  differs from the effective uid.  For instance, Perl will turn on
  taint mode.  However, the setuid programs drop all root privileges
  immediately, changing all uids and gids to the Nix user and group.
2004-08-20 14:49:05 +00:00
Eelco Dolstra 21655a70f5 * Channels. These allow you to stay current with an evolving set of
Nix expressions.

  To subscribe to a channel (needs to be done only once):

    nix-channel --add \
      http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable

  This just adds the given URL to ~/.nix-channels (which can also be
  edited manually).

  To update from all channels:

    nix-channel --update

  This fetches the latest expressions and pulls cache manifests.  The
  default Nix expression (~/.nix-defexpr) is made to point to the
  conjunction of the expressions downloaded from all channels.

  So to update all installed derivations in the current user
  environment:

    nix-channel --update
    nix-env --upgrade '*'

  If you are really courageous, you can put this in a cronjob or
  something.

  You can subscribe to multiple channels.  It is not entirely clear
  what happens when there are name clashes between derivations from
  different channels.  From nix-env/main.cc it appears that the one
  with the lowest (highest?) hash will be used, which is pretty
  meaningless.
2004-04-21 14:54:05 +00:00
Eelco Dolstra 7cce0c34e1 * Allow extra parameters to be passed to Curl through the `CURL_FLAGS'
environment variable.  This is useful for passing authentication
  information (it won't show up in `ps').  Hacky - nix-push should
  abstract over the use of Curl.
2004-04-15 15:14:16 +00:00
Eelco Dolstra 03f1d1ecb5 * Switched from wget to curl.
* Made the dependencies on bzip2 and the shell explicit.
2004-04-06 08:18:51 +00:00
Eelco Dolstra beda10f5a2 * Make perl a dependency of Nix. 2004-03-15 15:23:53 +00:00
Eelco Dolstra 1ad9d11247 * Only include predecessors that are themselves being pushed.
Otherwise the substitute mechanism can break in subtle ways.
2004-02-13 10:43:31 +00:00
Eelco Dolstra 92e832348d * Lots of manual stuff. Reference pages for most Nix commands.
* nix-pull now requires the full url to the manifest, i.e.,
  `/MANIFEST/' is no longer automatically appended.
* nix-prefetch-url works again.
2004-02-10 16:14:47 +00:00
Eelco Dolstra 9a404e45c9 * Synchronous nix-pull' with nix-push'.
* Use curl instead of wget.
2004-01-14 14:20:33 +00:00
Eelco Dolstra 16f9b133ec * Improved `nix-push': it now uses HTTP PUT (instead of rsync) to copy
files.  Target location is no longer hard-coded; it accepts a number
  of URLs on the command line.

* `nix-install-package': compatibility fixes.
2004-01-14 11:13:08 +00:00
Eelco Dolstra 397c8ba898 * Missing semicolons. 2003-12-21 21:56:54 +00:00
Eelco Dolstra a3ca74a1c3 * Bug fix in nix-push. 2003-12-01 16:34:35 +00:00
Eelco Dolstra 5d2b424804 * Use a system name that does not include the OS manufacturer (i.e.,
"i686-linux" instead of "i686-suse-linux").
2003-12-01 14:36:50 +00:00
Eelco Dolstra 9486dda115 * Fix nix-push. 2003-11-22 20:39:51 +00:00
Eelco Dolstra 0eab306466 * NarPath -> NarName. 2003-10-20 09:08:44 +00:00
Eelco Dolstra ab5e8767fa * Get nix-push to work again.
* Fixed svn:ignore on externals/.
2003-10-16 13:13:39 +00:00
Eelco Dolstra 5d4171f7fb * Synchronise terminology with the ICSE paper (e.g., slice -> closure,
fstate -> Nix expression).
* Fix src/test.cc.
2003-10-07 12:27:49 +00:00
Eelco Dolstra c4f1f49574 * nix-push generated invalid (old-style) slices.
* nar.sh needs a path.
2003-08-28 10:10:12 +00:00
Eelco Dolstra b9c9b461ea * Made nix-push much faster. 2003-08-05 12:30:06 +00:00
Eelco Dolstra a01629894d * Use `--query --requisites' and include successors when pushing. Don't
use `--query --generators' anymore.
2003-07-29 15:19:03 +00:00
Eelco Dolstra c7bdb76fe4 * Syntax fixes.
* When pushing, put the hash in the file name so that the 
  client can verify (proof-carrying file names?).
2003-07-21 21:34:56 +00:00
Eelco Dolstra 54664b6fb7 * The write() system call can write less than the requested
number of bytes, e.g., in case of a signal like SIGSTOP.  
  This caused `nix --dump' to fail sometimes.

  Note that this bug went unnoticed because the call to `nix 
  --dump' is in a pipeline, and the shell ignores non-zero 
  exit codes from all but the last element in the pipeline.  
  Is there any way to check the result of the initial elements
  in the pipeline?  (In other words, is it at all possible to 
  write reliable shell scripts?)
2003-07-16 21:24:02 +00:00
Eelco Dolstra 9d56ca219f * Substitute fixes. 2003-07-16 20:00:51 +00:00
Eelco Dolstra 9c620e4afa * Generate the scripts so that we can substitute the prefix
etc. correctly.
* Fixed nix-switch.
2003-07-13 18:58:03 +00:00
Renamed from scripts/nix-push (Browse further)