Eelco Dolstra
a82d80ddeb
* Move setuidCleanup() to libutil.
2006-12-07 16:40:41 +00:00
Eelco Dolstra
f76fdb6d42
* If not running as root, let the setuid helper kill the build user's
...
processes before and after the build.
2006-12-07 16:33:31 +00:00
Eelco Dolstra
ec23ecc64d
* In the garbage collector, if deleting a path fails, try to fix its
...
ownership, then try again.
2006-12-07 15:54:52 +00:00
Eelco Dolstra
a0a43c3206
* When not running as root, call the setuid helper to change the
...
ownership of the build result after the build.
2006-12-07 15:18:14 +00:00
Eelco Dolstra
6a07ff1ec0
* Change the ownership of store paths to the Nix account before
...
deleting them using the setuid helper.
2006-12-07 14:14:35 +00:00
Eelco Dolstra
7d8cf316ee
* Pass the actual build user to the setuid helper.
2006-12-07 11:27:32 +00:00
Eelco Dolstra
a45c498e4e
* If Nix is not running as root, call the setuid helper to start the
...
builder under the desired build user.
2006-12-07 00:42:30 +00:00
Eelco Dolstra
813a7c65c9
* Sanity check.
2006-12-07 00:19:27 +00:00
Eelco Dolstra
6a8e60913a
* Move killUser() to libutil so that the setuid helper can use it.
2006-12-07 00:16:07 +00:00
Eelco Dolstra
79875c5e42
* Change the ownership of the current directory to the build user.
2006-12-06 23:52:25 +00:00
Eelco Dolstra
62ab131412
* Verify that the desired target user is in the build users group (as
...
specified in the setuid config file).
2006-12-06 23:15:26 +00:00
Eelco Dolstra
f07ac41656
* Check that the caller is allowed to call the setuid helper. The
...
allowed uid is specified in a configuration file in
/etc/nix-setuid.conf.
2006-12-06 22:45:41 +00:00
Eelco Dolstra
ef281b93c2
* Fix the safety check.
2006-12-06 20:18:29 +00:00
Eelco Dolstra
6e5ec1029a
* Get rid of `build-users'. We'll just take all the members of
...
`build-users-group'. This makes configuration easier: you can just
add users in /etc/group.
2006-12-06 20:00:15 +00:00
Eelco Dolstra
751f6d2157
* nix-setuid-helper: allow running programs under a different uid.
2006-12-06 17:29:10 +00:00
Eelco Dolstra
9f0efa6611
* Start of the setuid helper (the program that performs the operations
...
that have to be done as root: running builders under different uids,
changing ownership of build results, and deleting paths in the store
with the wrong ownership).
2006-12-06 01:24:02 +00:00
Eelco Dolstra
2b558843a2
* Be less chatty.
2006-12-05 19:01:19 +00:00
Eelco Dolstra
44cad9630f
* Urgh. Do setgid() before setuid(), because the semantics of setgid()
...
changes completely depending on whether you're root...
2006-12-05 18:28:15 +00:00
Eelco Dolstra
6f0d050324
* Tricky: child processes should not send data to the client since
...
that might mess up the protocol. And besides, the socket file
descriptor is probably closed.
2006-12-05 18:21:16 +00:00
Eelco Dolstra
4c1c37d0b6
* FreeBSD returns ESRCH when there are no processes to kill.
2006-12-05 18:07:46 +00:00
Eelco Dolstra
8d1854c3f1
* Oops! In daemon mode, we can't run as root either if build-users is empty.
2006-12-05 17:44:19 +00:00
Eelco Dolstra
99655245ae
* Use an explicit handler for SIGCHLD, since SIG_IGN doesn't do the
...
right thing on FreeBSD 4 (it leaves zombies).
2006-12-05 17:21:42 +00:00
Eelco Dolstra
62b0497c0f
* Better message.
2006-12-05 16:17:01 +00:00
Eelco Dolstra
c808e6252f
* Ugly hack to handle spurious SIGPOLLs.
2006-12-05 15:36:31 +00:00
Eelco Dolstra
fd4a9db91f
* Some renaming.
2006-12-05 14:15:51 +00:00
Eelco Dolstra
a9c4f66cfb
* Allow unprivileged users to run the garbage collector and to do
...
`nix-store --delete'. But unprivileged users are not allowed to
ignore liveness.
* `nix-store --delete --ignore-liveness': ignore the runtime roots as
well.
2006-12-05 02:18:46 +00:00
Eelco Dolstra
29cf434a35
* The determination of the root set should be made by the privileged
...
process, so forward the operation.
* Spam the user about GC misconfigurations (NIX-71).
* findRoots: skip all roots that are unreadable - the warnings with
which we spam the user should be enough.
2006-12-05 01:31:45 +00:00
Eelco Dolstra
8623256f48
* findRoots: return a map from the symlink (outside of the store) to
...
the store path (inside the store).
2006-12-05 00:48:36 +00:00
Eelco Dolstra
d27a73b1a9
* In addPermRoot, check that the root that we just registered can be
...
found by the garbage collector. This addresses NIX-71 and is a
particular concern in multi-user stores.
2006-12-05 00:34:42 +00:00
Eelco Dolstra
74033a844f
* Add indirect root registration to the protocol so that unprivileged
...
processes can register indirect roots. Of course, there is still
the problem that the garbage collector can only read the targets of
the indirect roots when it's running as root...
2006-12-04 23:29:16 +00:00
Eelco Dolstra
0d40f6d7bb
* Not every OS knows about SIGPOLL.
2006-12-04 22:58:44 +00:00
Eelco Dolstra
7751160e9f
* Don't redirect stderr.
2006-12-04 19:10:23 +00:00
Eelco Dolstra
40c3529909
* Handle exceptions and stderr for all protocol functions.
...
* SIGIO -> SIGPOLL (POSIX calls it that).
* Use sigaction instead of signal to register the SIGPOLL handler.
Sigaction is better defined, and a handler registered with signal
appears not to interrupt fcntl(..., F_SETLKW, ...), which is bad.
2006-12-04 17:55:14 +00:00
Eelco Dolstra
0130ef88ea
* Daemon mode (`nix-worker --daemon'). Clients connect to the server
...
via the Unix domain socket in /nix/var/nix/daemon.socket. The
server forks a worker process per connection.
* readString(): use the heap, not the stack.
* Some protocol fixes.
2006-12-04 17:17:13 +00:00
Eelco Dolstra
4740baf3a6
* When NIX_REMOTE=daemon, connect to /nix/var/nix/daemon.socket
...
instead of forking a worker.
2006-12-04 14:21:39 +00:00
Eelco Dolstra
f5f0cf423f
* Refactoring.
2006-12-04 13:28:14 +00:00
Eelco Dolstra
052b6fb149
* Pass the verbosity level to the worker.
2006-12-04 13:15:29 +00:00
Eelco Dolstra
1e16d20655
* Install the worker in bindir, not libexecdir.
...
* Allow the worker path to be overriden through the NIX_WORKER
environment variable.
2006-12-04 13:09:16 +00:00
Eelco Dolstra
9322b399f3
* Doh.
2006-12-03 20:41:22 +00:00
Eelco Dolstra
f4279bcde0
* Don't run setuid root when build-users is empty.
...
* Send startup errors to the client.
2006-12-03 16:25:19 +00:00
Eelco Dolstra
35247c4c9f
* Removed `build-allow-root'.
...
* Added `build-users-group', the group under which builds are to be
performed.
* Check that /nix/store has 1775 permission and is owner by the
build-users-group.
2006-12-03 15:32:38 +00:00
Eelco Dolstra
84d6459bd5
* Use setreuid if setresuid is not available.
2006-12-03 14:32:22 +00:00
Eelco Dolstra
a9f9241054
* Handle a subtle race condition: the client closing the socket
...
between the last worker read/write and the enabling of the signal
handler.
2006-12-03 03:16:27 +00:00
Eelco Dolstra
3ed9e4ad9b
* Some hardcore magic to handle asynchronous client disconnects.
...
The problem is that when we kill the client while the worker is
building, and the builder is not writing anything to stderr, then
the worker never notice that the socket is closed on the other side,
so it just continues indefinitely. The solution is to catch SIGIO,
which is sent when the far side of the socket closes, and simulate
an normal interruption. Of course, SIGIO is also sent every time
the client sends data over the socket, so we only enable the signal
handler when we're not expecting any data...
2006-12-03 03:03:36 +00:00
Eelco Dolstra
4251f94b32
* Use a Unix domain socket instead of pipes.
2006-12-03 02:36:44 +00:00
Eelco Dolstra
8c76df93e6
* Better error message if the worker doesn't start.
2006-12-03 02:22:04 +00:00
Eelco Dolstra
363f40022f
* Pid::kill() should be interruptable.
2006-12-03 02:12:26 +00:00
Eelco Dolstra
7951c3c546
* Some hackery to propagate the worker's stderr and exceptions to the
...
client.
2006-12-03 02:08:13 +00:00
Eelco Dolstra
714fa24cfb
* Run the worker in a separate session to prevent terminal signals
...
from interfering.
2006-12-03 00:52:27 +00:00
Eelco Dolstra
e25fad691a
* Move addTempRoot() to the store API, and add another function
...
syncWithGC() to allow clients to register GC roots without needing
write access to the global roots directory or the GC lock.
2006-12-02 16:41:36 +00:00