It adds a new operation, cmdAddToStoreNar, that does the same thing as
the corresponding nix-daemon operation, i.e. call addToStore(). This
replaces cmdImportPaths, which has the major issue that it sends the
NAR first and the store path second, thus requiring us to store the
incoming NAR either in memory or on disk until we decide what to do
with it.
For example, this reduces the memory usage of
$ nix copy --to 'ssh://localhost?remote-store=/tmp/nix' /nix/store/95cwv4q54dc6giaqv6q6p4r02ia2km35-blender-2.79
from 267 MiB to 12 MiB.
Probably fixes#1988.
In EvalState::checkSourcePath, the path is checked against the list of
allowed paths first and later it's checked again *after* resolving
symlinks.
The resolving of the symlinks is done via canonPath, which also strips
out "../" and "./". However after the canonicalisation the error message
pointing out that the path is not allowed prints the symlink target in
the error message.
Even if we'd suppress the message, symlink targets could still be leaked
if the symlink target doesn't exist (in this case the error is thrown in
canonPath).
So instead, we now do canonPath() without symlink resolving first before
even checking against the list of allowed paths and then later do the
symlink resolving and checking the allowed paths again.
The first call to canonPath() should get rid of all the "../" and "./",
so in theory the only way to leak a symlink if the attacker is able to
put a symlink in one of the paths allowed by restricted evaluation mode.
For the latter I don't think this is part of the threat model, because
if the attacker can write to that path, the attack vector is even
larger.
Signed-off-by: aszlig <aszlig@nix.build>
--
586c41e29e80d9613434f18347d4a70a92a90989 by Jon Cohen <cohenjon@google.com>:
Whitespace cleanup
PiperOrigin-RevId: 207119388
--
e28fc6932d68f7097918f3092079f07112e684c1 by Abseil Team <absl-team@google.com>:
Fix comment typo in mutex.h
PiperOrigin-RevId: 207024211
--
b7714a5f189b2863f9cfc285ba428ca2059b83f4 by Abseil Team <absl-team@google.com>:
Raise the floor for gcc from gcc 4.7 to gcc 4.8.
PiperOrigin-RevId: 207021220
--
262ae79150278ea1b4e512dfe8ff05c32768f429 by Matt Armstrong <marmstrong@google.com>:
Raise the floor for gcc from gcc 4.7 to gcc 4.8.
PiperOrigin-RevId: 206997741
--
5aba0b15eaf6c5beff0e91670a7cdf5ad1151886 by Derek Mauro <dmauro@google.com>:
Use std::chrono to get the current time on both Apple and Windows
platforms, eliminating the unnecessarily complicated logic on Apple
platforms.
PiperOrigin-RevId: 206979219
--
807a91adf876f7532050d442f00268754c0f260b by Derek Mauro <dmauro@google.com>:
Fix multiple definition problem when Abseil is combined with
gperftools on PowerPC.
https://github.com/abseil/abseil-cpp/pull/152
PiperOrigin-RevId: 206963083
GitOrigin-RevId: 586c41e29e80d9613434f18347d4a70a92a90989
Change-Id: I0ee65a733c423890b97dd3500f2d17449792387c
This particular `shell` variable wasn't used, since a new one was
declared in the only side of the `if` branch that used a `shell`
variable.
It could realistically confuse developers thinking it could use `$SHELL`
under some situations.
--
ac7508120c60dfe689c40929e416b6a486f83ee3 by Gennadiy Rozental <rogeeff@google.com>:
Internal change
PiperOrigin-RevId: 206912089
--
bd709faba88565367b6d337466e6456481b5f3e8 by Matt Calabrese <calabrese@google.com>:
Implement `std::experimental::is_detected` in type_traits internals and move `is_detected_convertible` from variant's internals to type_traits internals. This is in preparation of creating workarounds for broken standard traits.
PiperOrigin-RevId: 206825598
--
0dbddea569370eb9b6348cee172d1874f9046eb4 by Jorg Brown <jorg@google.com>:
Support users who turn on floating-point conversion warnings
PiperOrigin-RevId: 206813209
--
30991f757c8f0100584619d8a9c41897d029f112 by Jorg Brown <jorg@google.com>:
Speed up the absl::Seconds() function for floating-point values, roughly by 4.5x, since
we can take advantage of the fact that we're just taking a floating-point number and
splitting it into its integral and fractional parts.
PiperOrigin-RevId: 206806270
--
6883837176838aa5a517e7a8cb4c99afd24c0d12 by Jon Cohen <cohenjon@google.com>:
Remove the DISABLE_INSTALL from absl_container. It doesn't do anything.
PiperOrigin-RevId: 206802544
--
92ab14fed06e6dd1f01a0284bd7f95d3e2c0c3d8 by Jon Cohen <cohenjon@google.com>:
Internal change
PiperOrigin-RevId: 206776244
--
17b76c7f364ac562d9e0faeca0320f63aa3fdb85 by Jorg Brown <jorg@google.com>:
Fix absl/strings:numbers_test flakiness due to exceeding the 1-minute timeout
PiperOrigin-RevId: 206763175
--
6637843f2e198b8efd90e5577fbc86bdea43b2cc by Abseil Team <absl-team@google.com>:
Adds templated allocator to absl::FixedArray with corresponding tests
PiperOrigin-RevId: 206354178
--
bced22f81add828c9b4c60eb45554d36c22e2f96 by Abseil Team <absl-team@google.com>:
Adds templated allocator to absl::FixedArray with corresponding tests
PiperOrigin-RevId: 206347377
--
75be14a71d2d5e335812d5b7670120271fb5bd79 by Abseil Team <absl-team@google.com>:
Internal change.
PiperOrigin-RevId: 206326935
--
6929e43f4c7898b1f51e441911a19092a06fbf97 by Abseil Team <absl-team@google.com>:
Adds templated allocator to absl::FixedArray with corresponding tests
PiperOrigin-RevId: 206326368
--
55ae34b75ff029eb267f9519e577bab8a575b487 by Abseil Team <absl-team@google.com>:
Internal change.
PiperOrigin-RevId: 206233448
--
6950a8ccddf35d451eec2d02cd28a797c8b7cf6a by Matt Kulukundis <kfm@google.com>:
Internal change
PiperOrigin-RevId: 206035613
GitOrigin-RevId: ac7508120c60dfe689c40929e416b6a486f83ee3
Change-Id: I675605abbedab6b3ac9aa82195cbd059ff7c82b1
building anything, e.g. envoy, that also builds gperftools, results in
the error that StacktracePowerPCDummyFunction was previously defined.
Rename this one, as its only a dummy function and is only used in this
one place.
Signed-off-by: Christy Norman <christy@linux.vnet.ibm.com>
* exwm-manage.el (exwm-manage--unmanage-window): Set the Emacs window
of an full screen X window as non-dedicated before killing its buffer
so as not to cause other side effects.
--
eb6cc81ef7e89e10fc9df47418af93e22fd116d2 by Abseil Team <absl-team@google.com>:
Workaround clang bug https://bugs.llvm.org/show_bug.cgi?id=38289
PiperOrigin-RevId: 206006290
--
509e9829295bfc429b82de42f2e073c756ea5709 by Jon Cohen <cohenjon@google.com>:
Remove make_unique ambiguity when using gcc 4.9 in C++14 mode.
gcc 4.9.4 has __cplusplus at 201300L instead of 201402L when in C++14 mode, I guess indicating incomplete support. Anyways, it causes a problem with this check as in c++14 mode in old gcc we were defining absl::make_unique when std::make_unique was present
PiperOrigin-RevId: 205886589
GitOrigin-RevId: eb6cc81ef7e89e10fc9df47418af93e22fd116d2
Change-Id: I9acf3f3d0fd3b0b46ae099821f3bf21b72c28b2b
--
ee644a89fb1429d9337852690a01182853f68964 by Derek Mauro <dmauro@google.com>:
Lower the thread limit in the Mutex benchmark on some platforms.
https://github.com/abseil/abseil-cpp/issues/147
PiperOrigin-RevId: 205663768
GitOrigin-RevId: ee644a89fb1429d9337852690a01182853f68964
Change-Id: Ic5db4061809aa65f73e6a63dba90b2554376b38c