Commit graph

1265 commits

Author SHA1 Message Date
Eelco Dolstra 2155c0a673 * Register channels as roots of the garbage collector (in
$(localstatedir)/nix/gcroots/channels). 
* In setuid installations, create gcroots/tmp and gcroots/channels
  group-writable.
2004-10-20 14:42:38 +00:00
Eelco Dolstra 88888160d2 * Fix nix-prefetch-url in setuid Nix installations. 2004-10-20 14:40:54 +00:00
Eelco Dolstra 99da51d4de * Show error messages from curl. 2004-10-20 14:05:48 +00:00
Eelco Dolstra 2cd590d96c * Instead of — use the actual Unicode character. By the way, to
edit the manual, you should have something like

    (modify-coding-system-alist 'file "\\.xml\\>" 'utf-8)

  in your ~/.emacs.
2004-10-18 12:22:14 +00:00
Eelco Dolstra 692204e0c5 * Rewrite of package management stuff. 2004-10-14 16:43:09 +00:00
Eelco Dolstra d830b2c1df * In `nix-env -q', sort derivations by name *without* case
sensitivity.
2004-10-14 15:09:55 +00:00
Eelco Dolstra febd8bed1b * Split overview chapter into a chapter on package management and a
chapter on writing Nix expressions.
2004-10-14 11:55:12 +00:00
Eelco Dolstra 98c69e5172 * Unindent. 2004-10-14 11:54:41 +00:00
Eelco Dolstra 371c57d8a7 * Updated the quick start section. Use channels instead of
downloading Nix expressions and calling nix-pull.  This is so
  user-friendly that even a Mac user can do it! :-)
2004-10-13 15:35:47 +00:00
Eelco Dolstra 2b20701f78 * Better introduction.
* Set notes in a different color than warnings.
2004-10-13 15:08:35 +00:00
Eelco Dolstra 1317242780 * Make store objects created by substitutes read-only. 2004-09-22 12:15:04 +00:00
Niels Janssen 995d08208e * prevent collision on log directory 2004-09-19 15:53:37 +00:00
Eelco Dolstra b357284a32 * Fallback didn't work for subderivations of an unnormalised the main
derivation, since NormalisationGoal would first run a
  NormalisationGoal on the subderivation (a no-op, since in a
  situation where we need fallback the successor is known), and then
  runs a RealisationGoal on the normal form, which then cannot do a
  fallback because it doesn't know the derivation expression for which
  it is a normal form.

  Tossed out the 2-phase normalisation/realisation in
  NormalisationGoal and SubstitutionGoal since it's no longer needed -
  a RealisationGoal will run a NormalisationGoal if necessary.
2004-09-12 19:08:57 +00:00
Eelco Dolstra dcc433de47 * Operation `--delete-generations' to delete generations of a
profile.  Arguments are either generation number, or `old' to delete
  all non-current generations.  Typical use:

  $ nix-env --delete-generations old
  $ nix-collect-garbage

* istringstream -> string2Int.
2004-09-10 13:32:08 +00:00
Eelco Dolstra c16be6ac92 * Remove write permission from store objects after they have been
added to the store.  Bug reported by Martin.
2004-09-09 21:19:20 +00:00
Eelco Dolstra 47f87072ad * A very dirty hack to make setuid installations a bit nicer to use.
Previously there was the problem that all files read by nix-env
  etc. should be reachable and readable by the Nix user.  So for
  instance building a Nix expression in your home directory meant that
  the home directory should have at least g+x or o+x permission so
  that the Nix user could reach the Nix expression.  Now we just
  switch back to the original user just prior to reading sources and
  the like.  The places where this happens are somewhat arbitrary,
  however.  Any scope that has a live SwitchToOriginalUser object in
  it is executed as the original user.

* Back out r1385.  setreuid() sets the saved uid to the new
  real/effective uid, which prevents us from switching back to the
  original uid.  setresuid() doesn't have this problem (although the
  manpage has a bug: specifying -1 for the saved uid doesn't leave it
  unchanged; an explicit value must be specified).
2004-09-09 21:12:53 +00:00
Eelco Dolstra 5396304c73 * Use setre[ug]id() instead of setres[ug]id(), since the former is
more common than the latter (which exists only on Linux and
  FreeBSD).  We don't really care about dropping the saved IDs since
  there apparently is no way to quiry them in any case, so it can't
  influence the build (unlike the effective IDs which are checked by
  Perl for instance).
2004-09-09 15:55:31 +00:00
Eelco Dolstra e043fc7d0b * Set the umask to known value (0022). This is important in a
setuid installation, since the calling user may have a more fascist
  umask (say, 0077), which would cause the store objects built by Nix
  to be unreadable to anyone other than the Nix user.
2004-09-09 14:16:02 +00:00
Eelco Dolstra 550d960586 * Hack for perl(readmanifest) dependency. 2004-09-08 12:07:19 +00:00
Eelco Dolstra 17c8252fc9 * Spec file options to create the Nix user and group in the RPM
pre-install script.  By default this is turned off; you should edit
  the spec file to enable it.
2004-09-06 10:05:21 +00:00
Eelco Dolstra fb28cfc86d * Add some variability to RPM spec files: allow setuid options to be
set on the rpmbuild command line.
2004-09-06 08:17:55 +00:00
Eelco Dolstra 5c443b6550 * Main the `substitutes-rev' table again, but now in a way that
doesn't take \Theta(n^2) space/time complexity.
2004-08-31 16:13:10 +00:00
Eelco Dolstra c25f2883b1 * Quadruple the Berkeley DB locking limits to get rid of out of memory
errors while running `nix-store --verify'.
2004-08-31 10:50:08 +00:00
Eelco Dolstra fe122c5a15 * Removed nrWaitees field. It was redundant with waitees.size() and
could get out of sync if multiple input derivations mapped to the
  same closure expression (since waitees is a set).
2004-08-30 11:51:36 +00:00
Eelco Dolstra eb233e728f * `--min-age' flag in nix-store and nix-collect-garbage to only delete
unreachable paths that haven't been used for N hours.  For instance,
  `nix-collect-garbage --min-age 168' only deletes paths that haven't
  been accessed in the last week.

  This is useful for instance in the build farm where many derivations
  can be shared between consecutive builds, and we wouldn't want a
  garbage collect to throw them all away.  We could of course register
  them as roots, but then we'd to unregister them at some point, which
  would be a pain to manage.  The `--min-age' flag gives us a sort of
  MRU caching scheme.

  BUG: this really shouldn't be in gc.cc since that violates
  mechanism/policy separation.
2004-08-25 16:54:08 +00:00
Eelco Dolstra fdec72c6cc * `nix-collect-garbage' now actually performs a garbage collection, it
doesn't just print the set of paths that should be deleted.  So
  there is no more need to pipe the result into `nix-store --delete'
  (which doesn't even exist anymore).
2004-08-25 15:39:13 +00:00
Eelco Dolstra 818047881e * Put the garbage collector in nix-store: operation `--gc',
suboperations `--print-live', `--print-dead', and `--delete'.  The
  roots are not determined by nix-store; they are read from standard
  input.  This is to make it easy to customise what the roots are.

  The collector now no longer fails when store expressions are missing
  (which legally happens when using substitutes).  It never tries to
  fetch paths through substitutes.

  TODO: acquire a global lock on the store while garbage collecting.
  
* Removed `nix-store --delete'.
2004-08-25 11:43:49 +00:00
Eelco Dolstra 9994c1dd9f * Validate derivation names. In particular don't allow spaces.
* Drop support for the outPath attribute in derivations.
2004-08-24 11:46:05 +00:00
Eelco Dolstra 8f58733ef1 * The gid should also match. 2004-08-20 15:47:58 +00:00
Eelco Dolstra 1c90fabccc * Unbreak programs that are not setuid (such as nix-hash). 2004-08-20 15:31:46 +00:00
Eelco Dolstra e77fbe0fa2 * On systems that have the setresuid() and setresgid() system calls to
set the real uid and gid to the effective uid and gid, the Nix
  binaries can be installed as owned by the Nix user and group instead
  of root, so no root involvement of any kind is necessary.

  Linux and FreeBSD have these functions.
2004-08-20 15:22:33 +00:00
Eelco Dolstra 2d35116c13 * Setuid support for sharing a Nix installation between multiple
users.

  If the configure flag `--enable-setuid' is used, the Nix programs
  nix-env, nix-store, etc. are installed with the setuid bit turned on
  so that they are executed as the user and group specified by
  `--with-nix-user=USER' and `--with-nix-group=GROUP', respectively
  (with defaults `nix' and `nix').

  The setuid programs drop all special privileges if they are executed
  by a user who is not a member of the Nix group.

  The setuid feature is a quick hack to enable sharing of a Nix
  installation between users who trust each other.  It is not
  generally secure, since any user in the Nix group can modify (by
  building an appropriate derivation) any object in the store, and for
  instance inject trojans into binaries used by other users.

  The setuid programs are owned by root, not the Nix user.  This is
  because on Unix normal users cannot change the real uid, only the
  effective uid.  Many programs don't work properly when the real uid
  differs from the effective uid.  For instance, Perl will turn on
  taint mode.  However, the setuid programs drop all root privileges
  immediately, changing all uids and gids to the Nix user and group.
2004-08-20 14:49:05 +00:00
Eelco Dolstra 8f1dcdfc0a * Make sure that no build hook is set by default in the tests.
* Don't use `seq' - some primitive, obsolete operating systems
  (Darwin) don't have it.
2004-08-19 09:09:09 +00:00
Eelco Dolstra 1eddee59f2 * The default verbosity level of all Nix commands is now lvlInfo.
* Builder output is written to standard error by default.
  * The option `-B' is gone.
  * The option `-Q' suppresses builder output.

The result of this is that most Nix invocations shouldn't need any
flags w.r.t. logging.
2004-08-18 12:19:06 +00:00
Eelco Dolstra 937ce0cd21 * Flag `--no-link' suppresses symlinking to the output path.
* Handle multiple derivations correctly.
2004-08-18 12:11:31 +00:00
Eelco Dolstra 966bd9d19f * WTF? More canonical system name problems ("athlon-linux" instead of
"i686-linux").
2004-08-13 09:57:51 +00:00
Eelco Dolstra 62fe5c4a22 * The predecessor of a successor need not be present. This in
particular happens on distributed builds or when using push/pull.
2004-08-11 19:03:13 +00:00
Eelco Dolstra ae1a1efa41 * Clean up the temporary directory for hook communication (and don't
print out incorrect "build failed" messages).
2004-08-05 14:53:27 +00:00
Eelco Dolstra d8989b1fb4 * Every real language has a `map' function. 2004-08-04 11:27:53 +00:00
Eelco Dolstra bbfdd64741 * Allow primops with more that 1 arguments. 2004-08-04 10:59:20 +00:00
Eelco Dolstra e3a50f7e25 * Creating a file nix-support/no-scan in the output path of a
derivation disables scanning for dependencies.  Use at your own
  risk.  This is a quick hack to speed up UML image generation (image
  are very big, say 1 GB).

  It would be better if the scanner were faster, and didn't read the
  whole file into memory.
2004-08-04 09:25:21 +00:00
Eelco Dolstra 18ebd7b030 * Doh! 2004-07-30 14:18:48 +00:00
Eelco Dolstra 5373aed1a8 * Use ATerm 2.2.
* Include bootstrap.sh in dist.
2004-07-30 14:17:05 +00:00
Eelco Dolstra 16c8b4c8e5 * A script to generate the Auto* stuff. 2004-07-30 13:45:13 +00:00
Eelco Dolstra e8a95108c0 * Nix-build places a symlink `result' in the current directory to the
store object just built.
2004-07-28 13:32:45 +00:00
Eelco Dolstra 9bf7a5f516 * Don't pass `--with-system'. 2004-07-18 21:08:24 +00:00
Eelco Dolstra 39eaecbc98 * Slightly better heuristic for picking the canonical system type.
Now SuSE and Red Hat should yield the same type (`i686-linux').  Mac
  OS X should now give `powerpc-darwin' (i.e., the version number is
  gone).
2004-07-18 21:07:27 +00:00
Eelco Dolstra 064a36cb54 * Hardcode the system id to be `i686-linux'. 2004-07-09 13:06:12 +00:00
Eelco Dolstra c1a18f543e * Fixed format string error. 2004-07-06 11:21:34 +00:00
Eelco Dolstra 056cd1d3b7 * Don't go into a (sometimes infinite) loop calling the build hook. 2004-07-01 16:24:35 +00:00