Commit graph

17512 commits

Author SHA1 Message Date
William Carroll
c5a96b49b7 Adds relative number settings for line numbers 2016-11-16 15:12:22 -05:00
William Carroll
a69a30792f Inits wishlist 2016-11-16 15:11:42 -05:00
aszlig
4e1a2cd537
seccomp: Forge return values for *chown32
These syscalls are only available in 32bit architectures, but libseccomp
should handle them correctly even if we're on native architectures that
do not have these syscalls.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 17:29:36 +01:00
aszlig
ed64976cec
seccomp: Forge return codes for POSIX ACL syscalls
Commands such as "cp -p" also use fsetxattr() in addition to fchown(),
so we need to make sure these syscalls always return successful as well
in order to avoid nasty "Invalid value" errors.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 17:29:14 +01:00
aszlig
651a18dd24
release.nix: Add a test for sandboxing
Right now it only tests whether seccomp correctly forges the return
value of chown, but the long-term goal is to test the full sandboxing
functionality at some point in the future.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:34 +01:00
aszlig
b90a435332
libstore/build: Forge chown() to return success
What we basically want is a seccomp mode 2 BPF program like this but for
every architecture:

  BPF_STMT(BPF_LD+BPF_W+BPF_ABS, offsetof(struct seccomp_data, nr)),
  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_chown, 4, 0),
  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_fchown, 3, 0),
  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_fchownat, 2, 0),
  BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, __NR_lchown, 1, 0),
  BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW),
  BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ERRNO)

However, on 32 bit architectures we do have chown32, lchown32 and
fchown32, so we'd need to add all the architecture blurb which
libseccomp handles for us.

So we only need to make sure that we add the 32bit seccomp arch while
we're on x86_64 and otherwise we just stay at the native architecture
which was set during seccomp_init(), which more or less replicates
setting 32bit personality during runChild().

The FORCE_SUCCESS() macro here could be a bit less ugly but I think
repeating the seccomp_rule_add() all over the place is way uglier.

Another way would have been to create a vector of syscalls to iterate
over, but that would make error messages uglier because we can either
only print the (libseccomp-internal) syscall number or use
seccomp_syscall_resolve_num_arch() to get the name or even make the
vector a pair number/name, essentially duplicating everything again.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:30 +01:00
aszlig
1c52e344c4
Add build dependency for libseccomp
We're going to use libseccomp instead of creating the raw BPF program,
because we have different syscall numbers on different architectures.

Although our initial seccomp rules will be quite small it really doesn't
make sense to generate the raw BPF program because we need to duplicate
it and/or make branches on every single architecture we want to suuport.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:26 +01:00
aszlig
e8838713df
Run builds as root in user namespace again
This reverts commit ff0c0b645c.

We're going to use seccomp to allow "cp -p" and force chown-related
syscalls to always return 0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:08 +01:00
Eelco Dolstra
4be4f6de56
S3BinaryCacheStore:: Eliminate a string copy while uploading
This cuts hydra-queue-runner's peak memory usage by about a third.
2016-11-16 16:21:30 +01:00
William Carroll
a96c00a36c Supports less pre-save trailing whitespace trim 2016-11-14 18:02:42 -05:00
Eelco Dolstra
10ae8fabf1 buildPaths(): Handle ecIncompleteClosure
buildPaths() on a non-derivation would incorrectly not throw an error
if the path didn't have a substitute.
2016-11-14 15:00:17 +01:00
Eelco Dolstra
b77fb8acb5 Don't rely on %m 2016-11-14 13:37:16 +01:00
Ludovic Courtès
ccb1022022 daemon: Do not error out when deduplication fails due to ENOSPC.
This solves a problem whereby if /gnu/store/.links had enough entries,
ext4's directory index would be full, leading to link(2) returning
ENOSPC.

* nix/libstore/optimise-store.cc (LocalStore::optimisePath_): Upon
ENOSPC from link(2), print a message and return instead of throwing a
'SysError'.
2016-11-14 13:35:03 +01:00
Eelco Dolstra
b8d9616af1 Merge pull request #1129 from layus/fix-comments
Fix comments parsing
2016-11-14 11:06:30 +01:00
Guillaume Maudoux
a5e761dddb Fix comments parsing
Fixed the parsing of multiline strings ending with an even number of
stars, like /** this **/.
Added test cases for comments.
2016-11-13 17:20:34 +01:00
Chris Feng
bb0c5f4c6b Grab global prefix keys with num-lock mask set.
* exwm-input.el (exwm-input--update-global-prefix-keys): Grab global
prefix keys with num-lock mask set, or those keys won't be activated
when num-lock is enabled.
2016-11-13 19:23:10 +08:00
Matthew Garrett
c174e40f59 Add experimental support for smartplugs
This adds a set_power() call that should work for the SP2 - unsure whether
it will work for the SP3.
2016-11-13 14:29:07 +13:00
William Carroll
f4f6a79481 Updates brew packages and supports Elm syntax in Vim 2016-11-11 15:20:00 -05:00
William Carroll
62cabc2e99 Changes tmux prefix and updates vimrc 2016-11-10 17:57:12 -05:00
William Carroll
662c668c48 Changes default-terminal value according to tmux FAQ 2016-11-10 16:21:54 -05:00
Matthew Garrett
61efc7ae29 Merge pull request #14 from msh100/master
each send_packet() needs a unique count
2016-11-11 09:15:08 +13:00
Marcus Stewart Hughes
4705fdf011 each send_packet() needs a unique count
Increment count instead of randomly generating on each send_packet() as per @mjg59's suggestion.

Tested and working as expected.
2016-11-10 20:13:21 +00:00
William Carroll
ccb74054be Adds tmux themes; remaps <Esc> binding; and more... 2016-11-10 14:49:13 -05:00
William Carroll
bd968db34a Adds vim config to script 2016-11-10 12:12:45 -05:00
William Carroll
b24cfc36cd Refactors script to use array 2016-11-10 11:47:44 -05:00
Eelco Dolstra
dd77f7d593 Store::computeFSClosure(): Support a set of paths
This way, callers can exploits the parallelism of computeFSClosure()
when they have multiple paths that they need the (combined) closure of.
2016-11-10 17:45:04 +01:00
Shea Levy
bff3ad767e build-remote: replace strtoull with stoull to take advantage of C++ error handling 2016-11-10 11:09:15 -05:00
Shea Levy
167d12b02c build-remote: Implement in C++ 2016-11-10 11:09:15 -05:00
William Carroll
ccd11f7197 Updates config to support ctags 2016-11-10 10:57:18 -05:00
Eelco Dolstra
2af5d35fdc Merge branch 'master' of github.com:NixOS/nix 2016-11-09 19:09:44 +01:00
Eelco Dolstra
e4655b166c copyClosure() / copyStorePath(): Expose dontCheckSigs
Needed by Hydra.
2016-11-09 19:08:20 +01:00
Eelco Dolstra
4b8f1b0ec0 Merge branch 'ssh-store' of https://github.com/shlevy/nix 2016-11-09 18:57:22 +01:00
Eelco Dolstra
21c55ab3b5 Implement backwards-compatible RemoteStore::addToStore()
The SSHStore PR adds this functionality to the daemon, but we have to
handle the case where the Nix daemon is 1.11.

Also, don't require signatures for trusted users. This restores 1.11
behaviour.

Fixes https://github.com/NixOS/hydra/issues/398.
2016-11-09 18:45:06 +01:00
William Carroll
251c7d72b9 Changes <Esc> mapping and updates highlighting features 2016-11-09 12:14:08 -05:00
William Carroll
ce6d38c5e8 Remaps leader key to C-w for window mgt 2016-11-08 15:10:34 -05:00
William Carroll
1870aadddb Reassigned leader; removes dead code; adds new mappings 2016-11-08 14:50:17 -05:00
Eelco Dolstra
a83b10f84c Typo 2016-11-08 20:19:02 +01:00
William Carroll
eee500b2aa Adds solarized support 2016-11-07 14:56:17 -05:00
Eelco Dolstra
b3ba762dbf Add missing #include 2016-11-07 14:35:47 +01:00
Vladimír Čunát
818aad3ec4
Detect and disallow base32 hash overflow
Example (before this commit):
$ nix-hash --type sha256 --to-base16 4n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0 \
    | xargs nix-hash --type sha256 --to-base32
0n0igfxbd3kqvvj2k2xgysrp63l4v2gd110fwkk4apfpm0hvzwh0

It's a real-life example:
https://github.com/NixOS/nixpkgs/pull/20208/files#r86695567
2016-11-06 22:17:37 +01:00
Matthew Garrett
0b9dd40921 Merge pull request #11 from kelvl/macos-cant-assign-address-fix
Fix for [Errno 49] Can't assign requested address
2016-11-04 16:33:02 -06:00
William Carroll
342779290a Adds visual mode support for H and L bindings 2016-11-04 17:00:16 -04:00
William Carroll
6db646d789 Adds additional bindings 2016-11-04 16:53:45 -04:00
William Carroll
0661c25246 Adds pasting commands and window controls 2016-11-04 16:12:41 -04:00
William Carroll
1e8a01d8d1 Adds new keybindings to vimrc 2016-11-04 15:24:30 -04:00
Manav Rathi
eec5409a69 installation: allow profile modification to be skipped (#1072)
The current behaviour modifies the first writeable file from amongst
.bash_profile, .bash_login and .profile.  So .bash_profile (if it is
writable) would be modified even if a user has already sourced nix.sh
in, say, .profile.

This commit introduces a new environment variable,
NIX_INSTALLER_NO_MODIFY_PROFILE.  If this is set during installation,
then the modifications are unconditionally skipped.

This is useful for users who have a manually curated set of dotfiles
that they are porting to a new machine. In such scenarios, nix.sh is
already sourced at a place where the user prefers.  Without this
change, the nix installer would insist on modifying .bash_profile if
it exists.

This commit also add documentations for both the current behaviour and
the new override.
2016-11-03 18:02:29 +01:00
Kelvin Law
bd1c44488d Fix for [Errno 49] Can't assign requested address
Fixes #3 on macOS
2016-11-02 20:34:46 -07:00
Eelco Dolstra
18b7363a69 Support optional sandbox paths
For example, you can now set

  build-sandbox-paths = /dev/nvidiactl?

to specify that /dev/nvidiactl should only be mounted in the sandbox
if it exists in the host filesystem. This is useful e.g. for EC2
images that should support both CUDA and non-CUDA instances.
2016-10-31 17:09:52 +01:00
Matthew Garrett
925742768d Update documentation to cover RF packets
RF packets behave identically to IR packets, so update the docs to match
2016-10-30 14:18:20 -07:00
Matthew Garrett
989009e21f Add support for multiple devices and update documentation
Add support for discovering more than one device on the network, and update
the documentation to describe that.
2016-10-30 14:16:40 -07:00