Commit graph

61 commits

Author SHA1 Message Date
Eelco Dolstra
47f87072ad * A very dirty hack to make setuid installations a bit nicer to use.
Previously there was the problem that all files read by nix-env
  etc. should be reachable and readable by the Nix user.  So for
  instance building a Nix expression in your home directory meant that
  the home directory should have at least g+x or o+x permission so
  that the Nix user could reach the Nix expression.  Now we just
  switch back to the original user just prior to reading sources and
  the like.  The places where this happens are somewhat arbitrary,
  however.  Any scope that has a live SwitchToOriginalUser object in
  it is executed as the original user.

* Back out r1385.  setreuid() sets the saved uid to the new
  real/effective uid, which prevents us from switching back to the
  original uid.  setresuid() doesn't have this problem (although the
  manpage has a bug: specifying -1 for the saved uid doesn't leave it
  unchanged; an explicit value must be specified).
2004-09-09 21:12:53 +00:00
Eelco Dolstra
5396304c73 * Use setre[ug]id() instead of setres[ug]id(), since the former is
more common than the latter (which exists only on Linux and
  FreeBSD).  We don't really care about dropping the saved IDs since
  there apparently is no way to quiry them in any case, so it can't
  influence the build (unlike the effective IDs which are checked by
  Perl for instance).
2004-09-09 15:55:31 +00:00
Eelco Dolstra
e77fbe0fa2 * On systems that have the setresuid() and setresgid() system calls to
set the real uid and gid to the effective uid and gid, the Nix
  binaries can be installed as owned by the Nix user and group instead
  of root, so no root involvement of any kind is necessary.

  Linux and FreeBSD have these functions.
2004-08-20 15:22:33 +00:00
Eelco Dolstra
2d35116c13 * Setuid support for sharing a Nix installation between multiple
users.

  If the configure flag `--enable-setuid' is used, the Nix programs
  nix-env, nix-store, etc. are installed with the setuid bit turned on
  so that they are executed as the user and group specified by
  `--with-nix-user=USER' and `--with-nix-group=GROUP', respectively
  (with defaults `nix' and `nix').

  The setuid programs drop all special privileges if they are executed
  by a user who is not a member of the Nix group.

  The setuid feature is a quick hack to enable sharing of a Nix
  installation between users who trust each other.  It is not
  generally secure, since any user in the Nix group can modify (by
  building an appropriate derivation) any object in the store, and for
  instance inject trojans into binaries used by other users.

  The setuid programs are owned by root, not the Nix user.  This is
  because on Unix normal users cannot change the real uid, only the
  effective uid.  Many programs don't work properly when the real uid
  differs from the effective uid.  For instance, Perl will turn on
  taint mode.  However, the setuid programs drop all root privileges
  immediately, changing all uids and gids to the Nix user and group.
2004-08-20 14:49:05 +00:00
Eelco Dolstra
966bd9d19f * WTF? More canonical system name problems ("athlon-linux" instead of
"i686-linux").
2004-08-13 09:57:51 +00:00
Eelco Dolstra
39eaecbc98 * Slightly better heuristic for picking the canonical system type.
Now SuSE and Red Hat should yield the same type (`i686-linux').  Mac
  OS X should now give `powerpc-darwin' (i.e., the version number is
  gone).
2004-07-18 21:07:27 +00:00
Eelco Dolstra
37ee6cef99 * Adapted nix-pull to use the new substitute mechanism. 2004-06-21 09:51:23 +00:00
Eelco Dolstra
e8411948ff * A Nix mode for Emacs. 2004-06-04 14:31:57 +00:00
Eelco Dolstra
19479899fb * Don't set the rpath here --- it's not portable. 2004-05-18 12:57:26 +00:00
Eelco Dolstra
1d08093b48 * Go back to the old way of generating the system name, and allow it
to be specified in configure (using `--with-system=SYSTEM').
2004-05-18 09:45:46 +00:00
Eelco Dolstra
256eeab711 * Allow the location of the store etc. to be specified using
environment variables.
* Started adding some automatic tests.
* Do a `make check' when building RPMs.
2004-05-04 12:15:30 +00:00
Eelco Dolstra
fd927c5d25 * Bump the version number. 2004-04-26 13:44:26 +00:00
Eelco Dolstra
bcce9c1ff5 * Only add `-preRELEASE' to the version if STABLE != 1.
* Documented release procedures.
2004-04-26 09:52:06 +00:00
Eelco Dolstra
d4779abc04 * Pass SYSTEM through config.h, and allow spaces. 2004-04-23 15:16:08 +00:00
Eelco Dolstra
21655a70f5 * Channels. These allow you to stay current with an evolving set of
Nix expressions.

  To subscribe to a channel (needs to be done only once):

    nix-channel --add \
      http://catamaran.labs.cs.uu.nl/dist/nix/channels/nixpkgs-unstable

  This just adds the given URL to ~/.nix-channels (which can also be
  edited manually).

  To update from all channels:

    nix-channel --update

  This fetches the latest expressions and pulls cache manifests.  The
  default Nix expression (~/.nix-defexpr) is made to point to the
  conjunction of the expressions downloaded from all channels.

  So to update all installed derivations in the current user
  environment:

    nix-channel --update
    nix-env --upgrade '*'

  If you are really courageous, you can put this in a cronjob or
  something.

  You can subscribe to multiple channels.  It is not entirely clear
  what happens when there are name clashes between derivations from
  different channels.  From nix-env/main.cc it appears that the one
  with the lowest (highest?) hash will be used, which is pretty
  meaningless.
2004-04-21 14:54:05 +00:00
Eelco Dolstra
f79e9c2d22 * Do initialise state (the DB etc.) when doing a `make install',
unless `--disable-init-state' is passed to configure.
2004-04-21 10:54:46 +00:00
Eelco Dolstra
b0c9baf1b5 * EBNF grammar for the Nix expression language. 2004-04-08 13:31:57 +00:00
Eelco Dolstra
bf3863b546 * Fail if prerequisites are missing. 2004-04-06 08:40:19 +00:00
Eelco Dolstra
03f1d1ecb5 * Switched from wget to curl.
* Made the dependencies on bzip2 and the shell explicit.
2004-04-06 08:18:51 +00:00
Eelco Dolstra
9d2669d218 * Added a utility that can be used to produce nice HTML pages from Nix
build logs.  The program `log2xml' converts a Nix build log (read
  from standard input) into XML file that can then be converted to
  XHTML by the `log2html.xsl' stylesheet.  The CSS stylesheet
  `logfile.css' is necessary to make it look good.

  This is primarily useful if the log file has a *tree structure*,
  i.e., that sub-tasks such as the various phases of a build (unpack,
  configure, make, etc.) or recursive invocations of Make are
  represented as such.  While a log file is in principle an
  unstructured plain text file, builders can communicate this tree
  structure to `log2xml' by using escape sequences:

  - "\e[p" starts a new nesting level; the first line following the
    escape code is the header;

  - "\e[q" ends the current nesting level.

  The generic builder in nixpkgs (not yet committed) uses this.  It
  shouldn't be to hard to patch GNU Make to speak this protocol.

  Further improvements to the generated HTML pages are to allow
  collapsing/expanding of subtrees, and to abbreviate store paths (but
  to show the full path by hovering the mouse over it).
2004-03-15 21:51:14 +00:00
Eelco Dolstra
beda10f5a2 * Make perl a dependency of Nix. 2004-03-15 15:23:53 +00:00
Eelco Dolstra
0dfdafdf6d * Allow linking against an external Berkeley DB / ATerm library. 2004-02-16 16:37:16 +00:00
Eelco Dolstra
f34de12140 * Allow the location of the store to be specified (--with-store-dir).
* Do not create stuff in localstatedir when doing `make install'
  (since we may not have write access).  In general, installation of
  constant code/data should be separate from the initialisation of
  mutable state.
2004-02-16 15:23:19 +00:00
Eelco Dolstra
c625718513 * Detect flex and bison; updated the manual. 2004-01-30 16:32:14 +00:00
Eelco Dolstra
0e68af0ce3 * RPM sucks. 2004-01-02 16:09:59 +00:00
Eelco Dolstra
9ff3657095 * Generate RPM spec file. 2004-01-02 16:04:53 +00:00
Eelco Dolstra
833f2fc92d * GCC 2.95 compatibility. 2003-12-22 16:40:46 +00:00
Eelco Dolstra
5d2b424804 * Use a system name that does not include the OS manufacturer (i.e.,
"i686-linux" instead of "i686-suse-linux").
2003-12-01 14:36:50 +00:00
Eelco Dolstra
80f8c38384 * Typo fix. 2003-11-26 10:41:59 +00:00
Eelco Dolstra
c38ba181ed * Configure flags to specify the location of the DocBook DTD / stylesheets. 2003-11-26 10:41:21 +00:00
Eelco Dolstra
4da9316c8f * Use svn-revision to construct package version. 2003-11-25 16:49:23 +00:00
Eelco Dolstra
af7e6fe22e * Don't use a hard-coded path. 2003-11-22 21:12:36 +00:00
Eelco Dolstra
9898746ef3 * nix-env: a tool to manage user environments.
* Replace all directory reading code by a generic readDirectory()
  function.
2003-11-19 17:27:16 +00:00
Eelco Dolstra
fd7ac09f10 * Refactoring (step 2). 2003-11-19 12:03:01 +00:00
Eelco Dolstra
ac68840e79 * Refactoring: put the Nix expression evaluator in its own library so
that it can be used by multiple programs.
2003-11-19 11:35:41 +00:00
Eelco Dolstra
38946e1378 * Forgot this one. 2003-11-18 12:07:39 +00:00
Eelco Dolstra
b1117ef29d * nix -> nix-store, fix -> nix-instantiate. 2003-11-18 11:38:25 +00:00
Eelco Dolstra
9f0f020929 * libnix -> libstore. 2003-11-18 10:55:27 +00:00
Eelco Dolstra
8798fae304 * Source tree refactoring. 2003-11-18 10:47:59 +00:00
Eelco Dolstra
4d728f6a36 * Forked new version of Fix. 2003-10-29 15:05:18 +00:00
Eelco Dolstra
c62433751d * Finished refactoring the tree. 2003-10-20 10:05:01 +00:00
Eelco Dolstra
0791282b2f * Substitutes and nix-pull now work again.
* Fixed a segfault caused by the buffering of stderr.
* Fix now allows the specification of the full output path.  This
  should be used with great care, since it by-passes the normal hash
  generation.
* Incremented the version number to 0.4 (prerelease).
2003-10-16 16:29:57 +00:00
Eelco Dolstra
41730f5779 * Put the SVN revision number in the version string. 2003-09-23 14:26:58 +00:00
Eelco Dolstra
1c7d6bf5fc * Removed references to char_traits so that boost/format also works on
GCC 2.95.
2003-09-11 10:23:55 +00:00
Eelco Dolstra
710175e6a0 * Bumped the version number to 0.3. 2003-08-20 11:31:15 +00:00
Eelco Dolstra
e405ca506e * Generate man pages from the manual. 2003-08-12 13:54:42 +00:00
Eelco Dolstra
d551062ec4 * Scan for wget and use the full path in fetchurl.sh.
* Use nix-hash (not md5sum) in fetchurl.sh.
2003-08-06 09:35:05 +00:00
Eelco Dolstra
dec8fbc52b * Check for the pthread library (db4 needs it on some platforms). 2003-07-28 14:13:42 +00:00
Eelco Dolstra
39ce70025b * Incorporated Berkeley DB and ATerm into the source tree.
* `make dist'.
2003-07-23 15:53:34 +00:00
Eelco Dolstra
ab350eafd2 * Generate nar.sh, fetchurl.sh. 2003-07-18 07:42:57 +00:00