Commit graph

5303 commits

Author SHA1 Message Date
Eelco Dolstra 536595b072 * Remove most of the old setuid code.
* Much simpler setuid code for the worker in slave mode.
2006-12-02 15:45:51 +00:00
Eelco Dolstra 9c9cdb06d0 * Remove SwitchToOriginalUser, we're not going to need it anymore. 2006-12-02 14:34:14 +00:00
Eelco Dolstra 626f8ee42f * Clear NIX_REMOTE in the tests. 2006-12-02 14:33:39 +00:00
Eelco Dolstra 8ba5d32769 * Remove queryPathHash().
* Help for nix-worker.
2006-12-02 14:27:24 +00:00
Eelco Dolstra fcd9900d74 * Replace read-only calls to addTextToStore. 2006-12-01 21:00:39 +00:00
Eelco Dolstra a824d58b56 * Merge addToStore and addToStoreFixed.
* addToStore now adds unconditionally, it doesn't use readOnlyMode.
  Read-only operation is up to the caller (who can call
  computeStorePathForPath).
2006-12-01 20:51:18 +00:00
Eelco Dolstra ceb982a1be * Right name. 2006-12-01 18:02:05 +00:00
Eelco Dolstra b0d8e05be1 * More operations.
* addToStore() and friends: don't do a round-trip to the worker if
  we're only interested in the path (i.e., in read-only mode).
2006-12-01 18:00:01 +00:00
Eelco Dolstra 0565b5f2b3 * More remote operations.
* Added new operation hasSubstitutes(), which is more efficient than
  querySubstitutes().size() > 0.
2006-11-30 22:43:55 +00:00
Eelco Dolstra aac547a8b3 * Doh. 2006-11-30 21:32:46 +00:00
Eelco Dolstra 0263279071 * More operations. 2006-11-30 20:45:20 +00:00
Eelco Dolstra a711689368 * First remote operation: isValidPath(). 2006-11-30 20:13:59 +00:00
Eelco Dolstra 765bdfe542 * When NIX_REMOTE is set to "slave", fork off nix-worker in slave
mode.  Presumably nix-worker would be setuid to the Nix store user.
  The worker performs all operations on the Nix store and database, so
  the caller can be completely unprivileged.

  This is already much more secure than the old setuid scheme, since
  the worker doesn't need to do Nix expression evaluation and so on.
  Most importantly, this means that it doesn't need to access any user
  files, with all resulting security risks; it only performs pure
  store operations.

  Once this works, it is easy to move to a daemon model that forks off
  a worker for connections established through a Unix domain socket.
  That would be even more secure.
2006-11-30 19:54:43 +00:00
Eelco Dolstra 40b3f64b55 * Skeleton of the privileged worker program.
* Some refactoring: put the NAR archive integer/string serialisation
  code in a separate file so it can be reused by the worker protocol
  implementation.
2006-11-30 19:19:59 +00:00
Eelco Dolstra 9adc074dc3 * Oops. 2006-11-30 18:35:50 +00:00
Eelco Dolstra 9cf1948993 * Skeleton of remote store implementation. 2006-11-30 18:35:36 +00:00
Eelco Dolstra 6ecb840fd1 * Put building in the store API. 2006-11-30 18:02:04 +00:00
Eelco Dolstra e2ef5e07fd * Refactoring. There is now an abstract interface class StoreAPI
containing functions that operate on the Nix store.  One
  implementation is LocalStore, which operates on the Nix store
  directly.  The next step, to enable secure multi-user Nix, is to
  create a different implementation RemoteStore that talks to a
  privileged daemon process that uses LocalStore to perform the actual
  operations.
2006-11-30 17:43:04 +00:00
Eelco Dolstra 5f0b9de6d8 * Benchmarking Unix domain sockets. 2006-11-30 15:06:46 +00:00
Eelco Dolstra fe15f991e3 * Troubleshooting information on fixing a b0rked Berkeley DB database. 2006-11-30 11:24:10 +00:00
Eelco Dolstra 80b742dd52 * Don't spam. 2006-11-29 22:07:49 +00:00
Roy van den Broek 92417600a1 * Example script to set permissions for setuid operation. 2006-11-29 21:58:09 +00:00
Eelco Dolstra 71e867c5f5 * Remove --enable-setuid, --with-nix-user and --with-nix-group.
Rather, setuid support is now always compiled in (at least on
  platforms that have the setresuid system call, e.g., Linux and
  FreeBSD), but it must enabled by chowning/chmodding the Nix
  binaries.
2006-11-29 21:06:58 +00:00
Eelco Dolstra c6a97e3b74 * Doh! Path sizes need to be computed recursively of course.
(NIX-70)
2006-11-24 20:24:14 +00:00
Eelco Dolstra a76efaeb3f * Dead files. 2006-11-24 20:07:30 +00:00
Eelco Dolstra d941186289 * Show more progress. 2006-11-18 19:03:45 +00:00
Eelco Dolstra 0541ddc7e3 * Turn off synchronisation between C and C++ I/O functions. This
gives a huge speedup in operations that read or write from standard
  input/output.  (So libstdc++'s I/O isn't that bad, you just have to
  call std::ios::sync_with_stdio(false).)  For instance, `nix-store
  --register-substitutes' went from 1.4 seconds to 0.1 seconds on a
  certain input.  Another victory for Valgrind.
2006-11-18 18:56:30 +00:00
Eelco Dolstra 471749ca7e * Grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr... 2006-11-14 19:18:52 +00:00
Eelco Dolstra 17d18b1a9c * Doh! 2006-11-14 19:11:36 +00:00
Eelco Dolstra 0ddaee756e * Doh. 2006-11-14 19:08:46 +00:00
Eelco Dolstra bce9ff7ece * Use the patched ATerm library. 2006-11-14 15:36:27 +00:00
Eelco Dolstra 745e354b19 * Push. 2006-11-14 10:23:21 +00:00
Eelco Dolstra f459a5bb3a * Remove the undocumented `noscan' feature. It's no longer necessary
now that reference scanning is sufficiently streamy.
2006-11-13 18:19:05 +00:00
Eelco Dolstra e2a70b7ec0 * Magic attribute `exportReferencesGraph' that allows the references
graph to be passed to a builder.  This attribute should be a list of
  pairs [name1 path1 name2 path2 ...].  The references graph of each
  `pathN' will be stored in a text file `nameN' in the temporary build
  directory.  The text files have the format used by `nix-store
  --register-validity'.  However, the deriver fields are left empty.

  `exportReferencesGraph' is useful for builders that want to do
  something with the closure of a store path.  Examples: the builders
  that make initrds and ISO images for NixOS.

  `exportReferencesGraph' is entirely pure.  It's necessary because
  otherwise the only way for a builder to get this information would
  be to call `nix-store' directly, which is not allowed (though
  unfortunately possible).
2006-11-13 18:18:13 +00:00
Eelco Dolstra e40d4a5604 * Option --reregister' in nix-store --register-validity'. We need
this in the NixOS installer (or in the buildfarm) to ensure that the
  cryptographic hash of the path contents still matches the actual
  contents.
2006-11-13 16:48:27 +00:00
Eelco Dolstra e790404318 * Don't use the result of `uname -p' on x86_64 as it gives wacky
results on some machines. (NIX-69)
2006-11-13 14:54:18 +00:00
Eelco Dolstra 983c5e3fce * Fix the locking patch for Berkeley DB 4.5. 2006-11-07 14:51:28 +00:00
Eelco Dolstra 7e85a2af5f * Fix importing of derivation outputs. 2006-11-03 16:17:39 +00:00
Eelco Dolstra b3f916995a * Oops, `nix-build --no-out-link' was broken. 2006-10-31 18:45:17 +00:00
Eelco Dolstra 005eecfc4d * Release notes. 2006-10-30 16:29:05 +00:00
Eelco Dolstra 8478cd260f * readFile: don't overflow the stack on large files. 2006-10-30 11:56:09 +00:00
Eelco Dolstra 8d17265ac4 * Don't use EPSV. 2006-10-28 22:07:09 +00:00
Eelco Dolstra ae6fb27f18 * `nix-store --read-log / -l PATH' shows the build log of PATH, if
available.  For instance,

    $ nix-store -l $(which svn) | less

  lets you read the build log of the Subversion instance in your
  profile.

* `nix-store -qb': if applied to a non-derivation, take the deriver.
2006-10-28 16:33:54 +00:00
Eelco Dolstra 99b0ea7c67 * Typo reported by Arie Middelkoop.
* Left out close-quote in example.
2006-10-26 23:06:47 +00:00
Eelco Dolstra dd300fb48d * Some better error messages. 2006-10-23 16:45:19 +00:00
Eelco Dolstra 1d694eef4c * Require Perl 5.8.0 or newer. I mean, it *is* more than four years
old...
2006-10-19 19:20:18 +00:00
Eelco Dolstra 7a4497d98c * Checks for allowedReferences and some other features.
* Use nix-build in a test.
2006-10-19 17:44:51 +00:00
Eelco Dolstra 17f4883bfe * Better message. 2006-10-19 17:43:58 +00:00
Eelco Dolstra 9bd93f7606 * toFile: maintain the references. 2006-10-19 17:39:02 +00:00
Eelco Dolstra b3d3700e11 * nix-build: check the exit status of `nix-store -r'. 2006-10-19 17:30:09 +00:00