Commit graph

225 commits

Author SHA1 Message Date
Eelco Dolstra 9f3f2e21ed
Merge branch 'seccomp' of https://github.com/aszlig/nix 2016-12-15 12:04:45 +01:00
Eelco Dolstra d1da6967b8
Drop unused WWW::Curl dependency 2016-12-06 17:17:29 +01:00
aszlig 651a18dd24
release.nix: Add a test for sandboxing
Right now it only tests whether seccomp correctly forges the return
value of chown, but the long-term goal is to test the full sandboxing
functionality at some point in the future.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:34 +01:00
aszlig 1c52e344c4
Add build dependency for libseccomp
We're going to use libseccomp instead of creating the raw BPF program,
because we have different syscall numbers on different architectures.

Although our initial seccomp rules will be quite small it really doesn't
make sense to generate the raw BPF program because we need to duplicate
it and/or make branches on every single architecture we want to suuport.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:26 +01:00
Eelco Dolstra 21c55ab3b5 Implement backwards-compatible RemoteStore::addToStore()
The SSHStore PR adds this functionality to the daemon, but we have to
handle the case where the Nix daemon is 1.11.

Also, don't require signatures for trusted users. This restores 1.11
behaviour.

Fixes https://github.com/NixOS/hydra/issues/398.
2016-11-09 18:45:06 +01:00
Eelco Dolstra dd85fc1c5a Drop Fedora 19/20 builds
These don't support regex_replace either.
2016-08-30 14:36:04 +02:00
Eelco Dolstra 042c060f78 Drop Ubuntu 13.10, 14.04 builds
These don't support regex_replace.

http://hydra.nixos.org/build/39363999
http://hydra.nixos.org/build/39363981
2016-08-30 13:26:08 +02:00
Eelco Dolstra 2fad86f361 Remove $NIX_DB_DIR
This variable has no reason to exist, given $NIX_STATE_DIR.
2016-08-10 18:05:35 +02:00
Eelco Dolstra 1b5b654fe2 Fix OOM in the installer test
http://hydra.nixos.org/build/36462209
2016-05-31 15:16:21 +02:00
Eelco Dolstra 0a9d627e50 Doh 2016-05-31 13:38:36 +02:00
Eelco Dolstra 88b79cd55c Fix Debian 8 build
http://hydra.nixos.org/build/36462150
2016-05-31 13:37:33 +02:00
Eelco Dolstra 10f3a2e5f2 Fix clang build failure
Apparently opinion is divided on whether [[noreturn]] is allowed on a
lambda: http://stackoverflow.com/questions/26888805/how-to-declare-a-lambdas-operator-as-noreturn

http://hydra.nixos.org/build/36462100
2016-05-31 13:23:54 +02:00
Eelco Dolstra 75d2492f20 Make the aws-cpp-sdk dependency optional 2016-05-04 17:16:48 +02:00
Eelco Dolstra 0f4dd4417e Merge pull request #892 from domenkozar/ubuntu1604
add Ubuntu 16.03 .deb builds
2016-05-02 15:36:58 +02:00
Domen Kožar bf386de9f2 add Ubuntu 16.03 .deb builds 2016-04-29 16:11:51 +01:00
Eelco Dolstra d155d80155 Move S3BinaryCacheStore from Hydra
This allows running arbitrary Nix commands against an S3 binary cache.

To do: make this a compile time option to prevent a dependency on
aws-sdk-cpp.
2016-04-21 16:08:51 +02:00
Eelco Dolstra 58e423ce32 Remove PDF manual
More spring cleaning.
2016-04-14 12:50:01 +02:00
Dan Peebles c89783b6a7 Kill the temporary darwin-specific channel
The issues have been resolved upstream in the main nixpkgs channel now
2016-03-28 20:06:46 -04:00
Eelco Dolstra 7251a81bde Drop all distros that are not down with C++11 2016-02-17 13:36:56 +01:00
Eelco Dolstra da4495eb17 Fix eval 2016-01-20 00:26:51 +01:00
Eelco Dolstra 9fff492561 Add tests for Nixpkgs/NixOS evaluation 2016-01-19 21:10:32 +01:00
Eelco Dolstra 4202b17666 Temporarily do Darwin builds from a different Nixpkgs branch 2016-01-08 10:48:48 +01:00
Eelco Dolstra 10a6aa3ad4 Revert accidental disable of doInstallCheck 2016-01-07 16:05:02 +01:00
Eelco Dolstra 458711e4ee Fix "Bad address" executing build hook
This was observed in the deb_debian7x86_64 build:
http://hydra.nixos.org/build/29973215

Calling c_str() on a temporary should be fine because the temporary
shouldn't be destroyed until after the execl() call, but who knows...
2016-01-07 15:10:14 +01:00
Jim Garrison b07b3b0264 Make Debian package depend on libcurl3-nss
Otherwise nix-env fails to start if it is not installed
2015-12-14 19:42:42 -08:00
Eelco Dolstra 399397c907 Fix coverage build 2015-12-10 11:47:34 +01:00
Eelco Dolstra efd6a8c9f6 Fix Ubuntu/Debian/Fedora builds 2015-11-25 16:12:30 +01:00
Eelco Dolstra 27d6ed5c68 Remove sandboxProfile from release.nix
There is really no conceivable reason why building Nix would need
access to the host's nix.conf. If it does, it's a bug, and we should
fix that instead.
2015-11-25 14:45:27 +01:00
Jude Taylor 279fa8f618 reintroduce host deps in tandem with sandbox profiles 2015-11-21 15:57:06 -08:00
Jude Taylor 4876bb012e simplify build permissions 2015-11-14 14:11:03 -08:00
Jude Taylor 22dfd023fa update sandbox profiles within nix 2015-11-14 14:11:03 -08:00
Eelco Dolstra b83fb35f79 Fix tarball build
Fixes #671.
2015-10-31 01:31:07 +01:00
Eelco Dolstra 1f735a3440 <nix/fetchurl.nix>: Support xz-compressed NARs 2015-10-30 12:34:30 +01:00
John Ericson a7dd26961d Don't depend on git when generating source tarball 2015-10-15 11:53:45 -07:00
John Ericson 164487a5ba Simplify source tarball postUnpack cleanupx 2015-10-15 11:42:24 -07:00
Vladimír Čunát fd74296e2f release: fix #652 - PDF build after dblatex updates
... while not changing behavior when used with older nixpkgs.
2015-09-25 12:48:35 +02:00
Eelco Dolstra 0d4d92fcf9 Debian package: Declare runtime dependency on libsodium13
Fixes #558.
2015-06-17 10:33:51 +02:00
Eelco Dolstra 898703e006 Build against libsodium on Ubuntu 15.04 and Debian 8 2015-06-02 13:14:31 +02:00
Benjamin Staffin 07c69aa03b Add Debian 8.0 builds
Change-Id: I68a54a0c3f97da2d062f43b638de817fd40f2dcd
2015-05-29 11:54:37 +02:00
Eelco Dolstra b2798902ea Build on Ubuntu 15.04 2015-05-22 13:32:03 +02:00
Eelco Dolstra be1ff23352 Add dependency on libcurl-dev
http://hydra.nixos.org/eval/1179370
2015-03-27 12:27:36 +01:00
Eelco Dolstra 5114a07d95 Improve setting the default chroot dirs 2015-03-24 11:57:46 +01:00
Eelco Dolstra fd89f97be9 Add the closure of store paths to the chroot
Thus, for example, to get /bin/sh in a chroot, you only need to
specify /bin/sh=${pkgs.bash}/bin/sh in build-chroot-dirs. The
dependencies of sh will be added automatically.
2015-03-24 11:52:34 +01:00
Eelco Dolstra b0bad3e615 Revert "Remove Fedora 18, 19 builds"
This reverts commit 9c58691ce3. Fedora
18/19 images should build again.
2015-02-12 17:44:29 +01:00
Eelco Dolstra b4e7eec16a Don't depend on libsodium on Darwin
It doesn't build at the moment.

http://hydra.nixos.org/build/19557641
2015-02-10 14:15:42 +01:00
Eelco Dolstra 5d9cd27dce Add Fedora 21 build
Fixes #467.
2015-02-10 11:33:33 +01:00
Eelco Dolstra e0def5bc4b Use libsodium instead of OpenSSL for binary cache signing
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA
signatures. Public keys are also much shorter, so they're now
specified directly in the nix.conf option ‘binary-cache-public-keys’.

The new command ‘nix-store --generate-binary-cache-key’ generates and
prints a public and secret key.
2015-02-04 17:10:31 +01:00
Eelco Dolstra 20cf0127f5 Include cacert in the binary tarball
This prevents having to fetch Nixpkgs or cacert over http.
2014-12-10 16:05:08 +01:00
Eelco Dolstra 9c58691ce3 Remove Fedora 18, 19 builds
http://hydra.nixos.org/build/17703462
2014-12-08 18:01:18 +01:00
Eelco Dolstra b6f99e5a23 Remove some platforms with too-old compilers 2014-12-05 21:16:26 +01:00
Eelco Dolstra d4c8ee7059 Rely on XML catalogs to find the DocBook schemas and stylesheets 2014-11-25 15:54:26 +01:00
Eelco Dolstra fe37ed1219 Remove Hydra scheduling priorities
They're not so important anymore now that Hydra has jobset scheduling.
2014-11-20 13:26:10 +01:00
Eelco Dolstra 05cddf0f5a Build Ubuntu 14.10 package
Fixes #397.
2014-11-20 11:16:46 +01:00
Eelco Dolstra ed306febb5 Remove Hydra build product 2014-11-18 18:40:47 +01:00
Eelco Dolstra 5d064e2698 Add a test for the binary tarball installer 2014-11-18 14:50:05 +01:00
Eelco Dolstra 087581a642 Doh 2014-11-05 13:32:57 +01:00
Eelco Dolstra 1cdbb9d724 Revert "Revert "Revert "Temporarily disable darwin builds while hydra's darwin is borked"""
This reverts commit a51f8d6747.
2014-10-31 08:58:19 +01:00
Eelco Dolstra 1d02431b60 Don't pull in git when doing a nix-shell 2014-10-31 08:49:15 +01:00
Eelco Dolstra a51f8d6747 Revert "Revert "Temporarily disable darwin builds while hydra's darwin is borked""
This reverts commit f72944b42f.
2014-10-30 09:30:49 +01:00
Eelco Dolstra f72944b42f Revert "Temporarily disable darwin builds while hydra's darwin is borked"
This reverts commit 29f7e142fc.
2014-10-29 16:34:48 +01:00
Shea Levy 29f7e142fc Temporarily disable darwin builds while hydra's darwin is borked 2014-10-23 09:16:55 -04:00
Shea Levy f040159f77 Revert "Drop support for pre-c++11 compilers."
The breakage this fixed can be worked around without removing support.

This reverts commit 84a13dc576.
2014-10-20 11:33:48 -04:00
Shea Levy 84a13dc576 Drop support for pre-c++11 compilers.
In particular, gcc 4.6's std::exception::~exception has an exception
specification in c++0x mode, which requires us to use that deprecated
feature in nix (and led to breakage after some recent changes that were
valid c++11).

nix already uses several c++11 features and gcc 4.7 has been around for
over 2 years.
2014-10-18 22:44:59 -04:00
Eelco Dolstra 570571a2b7 Remove release notes Hydra product 2014-09-23 10:55:38 +02:00
Eelco Dolstra d64b8e9e53 Remove unused w3m dependency 2014-09-17 17:42:00 +02:00
Eelco Dolstra a6a45bb722 Tweak 2014-09-05 11:49:35 +02:00
Eelco Dolstra d5a076c36f Add option ‘build-extra-chroot-dirs’
This is useful for extending (rather than overriding) the default set
of chroot paths.
2014-08-04 18:00:00 +02:00
Eelco Dolstra bb45092f72 Make chroot builds easier to set up
By default, we now include /bin/sh as a bind-mount of bash.
2014-08-04 17:09:26 +02:00
Eelco Dolstra 7a60ff9a62 Speed up nix-shell 2014-08-04 17:09:26 +02:00
Eelco Dolstra beac05c206 Don't build on Ubuntu 10.10
Its C++ compiler is too old.

http://hydra.nixos.org/build/12385722
2014-07-08 20:41:25 +02:00
Rob Vermaas 93506e60d2 Add ubuntu 14.04 2014-05-03 17:54:48 +02:00
Eelco Dolstra d435e46daa Generate release notes again 2014-03-12 14:24:29 +01:00
Eelco Dolstra 99f14c2584 Don't build on Debian 6.0
Its linker is too old to understand --no-copy-dt-needed-entries.

http://hydra.nixos.org/build/9113883
2014-02-17 23:10:40 +01:00
Eelco Dolstra 57386c9bae Binary tarball: Automatically create /nix
The tarball can now be unpacked anywhere.  The installation script
uses "sudo" to create /nix if it doesn't exist.  It also fetches the
nixpkgs-unstable channel.
2014-02-10 16:35:59 +01:00
Eelco Dolstra 2a469ad31d Set a maintainer address
Issue #202.
2014-02-06 14:37:35 +01:00
Eelco Dolstra 762ef464f8 Fix the nix-profile test 2014-02-01 15:37:50 +01:00
Eelco Dolstra 844d83352c More "make dist" fixes 2014-02-01 15:18:48 +01:00
Eelco Dolstra 6ef32bddc1 Fix "make dist" 2014-02-01 14:38:12 +01:00
Eelco Dolstra c8fff6a77f Fix evaluation 2014-01-21 15:09:59 +01:00
Eelco Dolstra 0f2f44bb0f Build Fedora 20 RPMs 2014-01-20 14:22:59 +01:00
Eelco Dolstra fe23e28f12 Disable FreeBSD tests for now
The FreeBSD machines in the build farm are currently unreachable.
2014-01-06 11:35:42 +01:00
Eelco Dolstra 6123144933 Drop Cygwin and Solaris builds 2013-10-28 11:56:37 +00:00
Eelco Dolstra dc341811d6 Add rpm_fedora19i386 to the release-critical builds 2013-10-24 15:54:23 +02:00
Eelco Dolstra 3139481822 Add an aggregate job
Also, build for Ubuntu 13.10 and Fedora 19.
2013-10-23 11:52:25 +02:00
Eelco Dolstra e93acab852 Build Fedora 18 RPMs 2013-05-08 14:41:35 +02:00
Eelco Dolstra cc837e2458 Build Debian 7.0 debs 2013-05-07 11:21:30 +02:00
Eelco Dolstra 28034bfa49 Build Ubuntu 13.04 debs 2013-05-03 14:14:46 +02:00
Eelco Dolstra 239841787b Fix evaluation of the VM tests 2013-03-25 21:59:11 +01:00
Eelco Dolstra c3fc60d936 Fix evaluation 2013-03-18 21:49:42 +01:00
Eelco Dolstra 78d777ca15 Remove the "system" jobset input 2013-03-15 13:18:49 +01:00
Eelco Dolstra a68ebf8e37 Require Bison 2.6 2013-03-14 18:33:15 +01:00
Eelco Dolstra 0a4e90395c Urgggh
http://hydra.nixos.org/build/3661100
2013-01-02 23:52:15 +01:00
Eelco Dolstra 649bb60617 Use sysconfdir=/etc 2013-01-02 22:12:19 +01:00
Eelco Dolstra 3ad53e43c8 Debian package: Add dependency on libwww-curl-perl
Fixes issue #70.
2012-12-11 16:50:21 +01:00
Eelco Dolstra a6ce6d9e7c Fix manual generation
Grmbl.
2012-12-06 16:55:57 +01:00
Eelco Dolstra 8d100dbef1 Add a dependency on xz-utils 2012-12-05 12:18:07 +01:00
Eelco Dolstra 3631dc6b2f Typo 2012-12-05 12:15:06 +01:00
Eelco Dolstra 444b03a36f Produce an xz-compressed tarball
Footnote: doing "make dist-gzip dist-xz" doesn't work with Automake;
you have to do "make dist-gzip; dist-xz".  That's because the dist-*
targets delete the temporary distdir at the end.
2012-12-05 10:23:53 +01:00
Eelco Dolstra d5a01d0f9d Build Debs for Ubuntu 12.10 2012-12-05 09:54:41 +01:00
Florian Friesdorf 4387d19359 nix-channel --update needs bzip2 2012-12-04 16:35:27 +01:00