Commit graph

253 commits

Author SHA1 Message Date
Eelco Dolstra fd86dd93dd
Improve SQLite busy handling 2017-02-28 13:59:11 +01:00
Eelco Dolstra c0a133876e
Revert "configure.ac: We require C++14 now"
This reverts commit 81c53fe8e5. This
check appears to be stricter than we need (it broke a bunch of
platforms that previously did build:
http://hydra.nixos.org/eval/1331921#tabs-now-fail).
2017-02-21 15:03:32 +01:00
Tuomas Tynkkynen 81c53fe8e5 configure.ac: We require C++14 now
At least in the main Makefile we have:

GLOBAL_CXXFLAGS += -std=c++14 -g -Wall
2017-02-08 21:08:44 +02:00
Eelco Dolstra 3a4bd320c2
Revert "Merge branch 'seccomp' of https://github.com/aszlig/nix"
This reverts commit 9f3f2e21ed, reversing
changes made to 47f587700d.
2016-12-19 11:52:57 +01:00
Eelco Dolstra 9f3f2e21ed
Merge branch 'seccomp' of https://github.com/aszlig/nix 2016-12-15 12:04:45 +01:00
Eelco Dolstra 8df1a3b579
Drop unused dblatex reference 2016-12-08 13:41:51 +01:00
Eelco Dolstra d1da6967b8
Drop unused WWW::Curl dependency 2016-12-06 17:17:29 +01:00
aszlig 1c52e344c4
Add build dependency for libseccomp
We're going to use libseccomp instead of creating the raw BPF program,
because we have different syscall numbers on different architectures.

Although our initial seccomp rules will be quite small it really doesn't
make sense to generate the raw BPF program because we need to duplicate
it and/or make branches on every single architecture we want to suuport.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:26 +01:00
Adrien Devresse 7ef053c632 Add a new option to disable documentation generation at configure time 2016-09-20 14:34:43 +00:00
Jude Taylor 5b01f5cbb2 remove otool check 2016-08-13 15:30:35 -07:00
Eelco Dolstra 202683a4fc Use O_CLOEXEC in most places 2016-06-09 16:37:08 +02:00
Domen Kožar f53b3ef693 fix tarball job 2016-05-30 15:31:32 +01:00
Eelco Dolstra 75d2492f20 Make the aws-cpp-sdk dependency optional 2016-05-04 17:16:48 +02:00
Eelco Dolstra 16d9c872e4 Remove obsolete err.h check 2016-05-04 16:21:28 +02:00
Eelco Dolstra f435f82475 Remove OpenSSL-based signing 2016-05-04 11:01:48 +02:00
Nathan Zadoks c6beaf5708 Handle ARM triples without an endianness suffix
Alpine seems to use this, and it results in a wrong
builtins.currentSystem. Big-endian ARM systems have triples starting
with armv6eb- or armv7eb-, so this doesn't change any systems that
already worked.
2016-03-11 21:53:06 +01:00
Nathan Zadoks 62d81aadba configure.ac: strip -musl in the same way as -gnu 2016-03-03 14:11:00 +01:00
Eelco Dolstra ef7c2d8b3e Revert "Do not override environment CFLAGS and CXXFLAGS"
This reverts commit 80ebd60e7c. The
reason why we cleared CFLAGS/CXXFLAGS was because otherwise we get a
default value of -O2, which interferes with the defaults set in the
Makefile. (E.g. "make OPTIMIZE=0" should not pass -O2.)
2016-01-12 13:51:38 +01:00
Ilya Novoselov 80ebd60e7c Do not override environment CFLAGS and CXXFLAGS
Looks like 5a05cf4063 removed usage of
environment CFLAGS and CXXFLAGS by mistake. That change broke building
of nix on fedora core 23.
2016-01-05 14:06:51 +01:00
Eelco Dolstra 6298afc047 Merge pull request #685 from vizanto/master
POSIX compliant directory access (fixes build on Solaris)
2016-01-05 13:49:55 +01:00
Eelco Dolstra 8f67325a7c Build sandbox support etc. unconditionally on Linux
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent
ambiguity.
2015-12-10 11:47:17 +01:00
Danny Wilson cdb346c65e Fix build on Solaris
d_type is not part of the POSIX spec unfortunately.
2015-11-07 04:51:33 +01:00
Eelco Dolstra a6ca68a70c Require OpenSSL 2015-11-04 16:37:49 +01:00
Eelco Dolstra 1f735a3440 <nix/fetchurl.nix>: Support xz-compressed NARs 2015-10-30 12:34:30 +01:00
Jude Taylor ff6953cb03 Add resolve-system-dependencies.pl 2015-10-21 12:38:52 -07:00
Eelco Dolstra be1ff23352 Add dependency on libcurl-dev
http://hydra.nixos.org/eval/1179370
2015-03-27 12:27:36 +01:00
Harald van Dijk 5451b8db9d Use pivot_root in addition to chroot when possible
chroot only changes the process root directory, not the mount namespace root
directory, and it is well-known that any process with chroot capability can
break out of a chroot "jail". By using pivot_root as well, and unmounting the
original mount namespace root directory, breaking out becomes impossible.

Non-root processes typically have no ability to use chroot() anyway, but they
can gain that capability through the use of clone() or unshare(). For security
reasons, these syscalls are limited in functionality when used inside a normal
chroot environment. Using pivot_root() this way does allow those syscalls to be
put to their full use.
2015-02-16 12:18:19 +01:00
Eelco Dolstra 1c972cba14 Make libsodium an optional dependency 2015-02-10 11:54:06 +01:00
Eelco Dolstra e0def5bc4b Use libsodium instead of OpenSSL for binary cache signing
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA
signatures. Public keys are also much shorter, so they're now
specified directly in the nix.conf option ‘binary-cache-public-keys’.

The new command ‘nix-store --generate-binary-cache-key’ generates and
prints a public and secret key.
2015-02-04 17:10:31 +01:00
Eelco Dolstra d4c8ee7059 Rely on XML catalogs to find the DocBook schemas and stylesheets 2014-11-25 15:54:26 +01:00
Eelco Dolstra 68cf98c4d2 configure: Force regeneration of Makefile.config 2014-09-22 13:00:58 +02:00
Eelco Dolstra d64b8e9e53 Remove unused w3m dependency 2014-09-17 17:42:00 +02:00
Eelco Dolstra d98bfcbf81 On Linux, disable address space randomization 2014-09-17 17:21:13 +02:00
Eelco Dolstra 5a05cf4063 Add Make flag to disable optimization 2014-09-17 17:07:05 +02:00
Eelco Dolstra 7911e4c27a Remove maybeVfork 2014-07-10 13:35:44 +02:00
Eelco Dolstra 54a34119f3 Use std::unordered_set 2014-05-26 17:53:17 +02:00
Eelco Dolstra ac8c2ef1aa Build/install manual 2014-02-01 11:30:21 +01:00
Eelco Dolstra a26307b281 Fix build 2014-01-21 17:39:19 +01:00
Eelco Dolstra cf918b889b Handle systems where "echo -n" doesn't work 2014-01-09 17:33:55 +01:00
Eelco Dolstra 8f08046606 Expand configure variables before writing config.status
This way, we can use config.status for generating scripts/* (without
ending up with lines like "#! /usr/bin/perl -I${libexecdir}/...").
2013-11-25 15:52:14 +00:00
Eelco Dolstra cac06ed0a4 Remove obsolete setting of $CC_FOR_BUILD 2013-11-25 11:26:51 +00:00
Eelco Dolstra 0c504a756c Don't install Libtool 2013-11-25 11:25:27 +00:00
Eelco Dolstra 2cc591c7b5 Don't instantiate Automake makefiles 2013-11-25 11:05:51 +00:00
Eelco Dolstra 6b5f89f2cf Drop the dependency on Automake 2013-11-22 19:30:24 +00:00
Eelco Dolstra b8e9efc476 New non-recursive, plain Make-based build system 2013-11-22 15:54:18 +01:00
Eelco Dolstra a478e8a7bb Remove nix-setuid-helper
AFAIK, nobody uses it, it's not maintained, and it has no tests.
2013-11-14 11:57:37 +01:00
Eelco Dolstra 297b762513 Turn on -Wall 2013-08-19 11:41:15 +02:00
Eelco Dolstra a583a2bc59 Run the daemon worker on the same CPU as the client
On a system with multiple CPUs, running Nix operations through the
daemon is significantly slower than "direct" mode:

$ NIX_REMOTE= nix-instantiate '<nixos>' -A system
real    0m0.974s
user    0m0.875s
sys     0m0.088s

$ NIX_REMOTE=daemon nix-instantiate '<nixos>' -A system
real    0m2.118s
user    0m1.463s
sys     0m0.218s

The main reason seems to be that the client and the worker get moved
to a different CPU after every call to the worker.  This patch adds a
hack to lock them to the same CPU.  With this, the overhead of going
through the daemon is very small:

$ NIX_REMOTE=daemon nix-instantiate '<nixos>' -A system
real    0m1.074s
user    0m0.809s
sys     0m0.098s
2013-08-07 14:02:04 +02:00
Eelco Dolstra 263d668222 Set the default GCC optimisation level to -O3 2013-08-06 14:21:46 +02:00
Gergely Risko 25a00cae5b Add gzip support for channel unpacking 2013-07-12 11:29:37 +02:00