Commit graph

577 commits

Author SHA1 Message Date
Eelco Dolstra
92d599c6a7 * Prevent uids from being used for more than one build
simultaneously.  We do this using exclusive locks on uid files in
  /nix/var/nix/userpool, e.g., /nix/var/nix/userpool/123 for uid 123.
2005-10-20 16:58:34 +00:00
Eelco Dolstra
e932c40f8e * Oops. Fixed-output derivations were broken. 2005-10-19 14:27:44 +00:00
Eelco Dolstra
13b089c890 * Also kill all processes of the build user after the build. This is
critical to prevent certain kinds of 0wnage.
2005-10-17 17:43:21 +00:00
Eelco Dolstra
f1b3a418fa * Before starting a build under some uid, kill all current processes
running under that uid.
2005-10-17 17:35:37 +00:00
Eelco Dolstra
439823ae80 * Check that the build result is owned by the build user, and that
nobody else has write permission to the build result.  This catches
  most hack attempts.
2005-10-17 16:59:25 +00:00
Eelco Dolstra
7ef574e5d0 * Don't use FIFOs to make Nix create the output path on behalf of the
builder.  Instead, require that the Nix store has sticky permission
  (S_ISVTX); everyone can created files in the Nix store, but they
  cannot delete, rename or modify files created by others.
2005-10-17 16:52:29 +00:00
Eelco Dolstra
32282abcea * Beginning of secure multi-user Nix stores. If Nix is started as
root (or setuid root), then builds will be performed under one of
  the users listed in the `build-users' configuration variables.  This
  is to make it impossible to influence build results externally,
  allowing locally built derivations to be shared safely between
  users (see ASE-2005 paper).

  To do: only one builder should be active per build user.
2005-10-17 15:33:24 +00:00
Eelco Dolstra
dfbf520ec2 * Swap the system and version comparion columns. 2005-10-06 15:51:59 +00:00
Eelco Dolstra
cec2be64f3 * Only colorise if we are attached to a terminal. 2005-10-06 15:01:46 +00:00
Eelco Dolstra
b87b9c0d1f * New query option: --compare-versions' or -c' to compare installed
versions to available versions, or vice versa.

  For example, the following compares installed versions to available
  versions:

    $ nix-env -qc
    autoconf-2.59            = 2.59
    automake-1.9.4           < 1.9.6
    f-spot-0.0.10            - ?
    firefox-1.0.4            < 1.0.7
    ...

  I.e., there are newer versions available (in the current default Nix
  expression) for Automake and Firefox, but not for Autoconf, and
  F-Spot is missing altogether.

  Conversely, the available versions can be compared to the installed
  versions:

    $ nix-env -qac
    autoconf-2.59                  = 2.59
    automake-1.9.6                 > 1.9.4
    bash-3.0                       - ?
    firefox-1.0.7                  > 1.0.4
    ...

  Note that bash is available but no version of it is installed.

  If multiple versions are available for comparison, then the highest
  is used.  E.g., if Subversion 1.2.0 is installed, and Subversion
  1.1.4 and 1.2.3 are available, then `nix-env -qc' will print `<
  1.2.3', not `> 1.1.4'.

  If higher versions are available, the version column is printed in
  red (using ANSI escape codes).
2005-10-06 14:44:54 +00:00
Eelco Dolstra
0e38578433 * log2xml -> nix-log2xml. 2005-10-05 09:42:13 +00:00
Eelco Dolstra
d47e03fccd * Install the XSL stylesheets for log to html conversion. 2005-10-05 09:37:58 +00:00
Eelco Dolstra
ebfe57166d * Lets not go wild with templates. 2005-09-22 17:23:43 +00:00
Eelco Dolstra
4578a490ce * Parse multi-valued options. 2005-09-22 15:43:22 +00:00
Eelco Dolstra
8d06842a76 * Configuration options for trusted local builds. 2005-09-21 12:19:39 +00:00
Eelco Dolstra
ef9e2c8e73 * Typo. 2005-09-20 16:14:00 +00:00
Eelco Dolstra
ed1db42915 * List concatenation must be right-associative for efficiency. 2005-09-14 11:41:59 +00:00
Eelco Dolstra
cf2bb91ec8 * Missing #include. 2005-09-13 13:17:01 +00:00
Eelco Dolstra
2bcd65ecf6 * `nix-env -e' corrupts memory due to incorrect use of iterators.
Reported by Rob Vermaas.
2005-09-01 18:14:04 +00:00
Eelco Dolstra
e1a6fb7870 * `dependencyClosure' now allows a search path, e.g.,
dependencyClosure { ... searchPath = [ ../foo ../bar ]; ... }

* Primop `dirOf' to return the directory part of a path (e.g., dirOf
  /a/b/c == /a/b).

* Primop `relativise' (according to Webster that's a real word!) that
  given paths A and B returns a string representing path B relative
  path to A; e.g., relativise /a/b/c a/b/x/y => "../x/y".
2005-08-14 14:00:39 +00:00
Eelco Dolstra
08c53923db * A primitive operation `dependencyClosure' to do automatic dependency
determination (e.g., finding the header files dependencies of a C
  file) in Nix low-level builds automatically.

  For instance, in the function `compileC' in make/lib/default.nix, we
  find the header file dependencies of C file `main' as follows:

    localIncludes =
      dependencyClosure {
        scanner = file:
          import (findIncludes {
            inherit file;
          });
        startSet = [main];
      };

  The function works by "growing" the set of dependencies, starting
  with the set `startSet', and calling the function `scanner' for each
  file to get its dependencies (which should yield a list of strings
  representing relative paths).  For instance, when `scanner' is
  called on a file `foo.c' that includes the line

    #include "../bar/fnord.h"

  then `scanner' should yield ["../bar/fnord.h"].  This list of
  dependencies is absolutised relative to the including file and added
  to the set of dependencies.  The process continues until no more
  dependencies are found (hence its a closure).

  `dependencyClosure' yields a list that contains in alternation a
  dependency, and its relative path to the directory of the start
  file, e.g.,

    [ /bla/bla/foo.c
      "foo.c"
      /bla/bar/fnord.h
      "../bar/fnord.h"
    ]

  These relative paths are necessary for the builder that compiles
  foo.c to reconstruct the relative directory structure expected by
  foo.c.

  The advantage of `dependencyClosure' over the old approach (using
  the impure `__currentTime') is that it's completely pure, and more
  efficient because it only rescans for dependencies (i.e., by
  building the derivations yielded by `scanner') if sources have
  actually changed.  The old approach rescanned every time.
2005-08-14 12:38:47 +00:00
Eelco Dolstra
0399365675 * nix-hash: option `--truncate' to truncate the hash to 160 bits. Hmm,
kind of ad hoc ;-)
2005-08-14 10:09:56 +00:00
Eelco Dolstra
c680f835c9 * Escape ASCII characters < 32 to Unicode FFFD (REPLACEMENT CHARACTER)
so that we don't produce un-wellformed XML.
2005-08-01 13:39:19 +00:00
Eelco Dolstra
f450c8ea2f * Oops. XSL stylesheet to mark errors. 2005-08-01 13:24:04 +00:00
Eelco Dolstra
800a6ff845 * Mark error lines in red, and expand subtrees containing errors
automatically.
2005-08-01 13:23:43 +00:00
Eelco Dolstra
991a130b1e * Added a list concatenation operator:
[1 2 3] ++ [4 5 6] => [1 2 3 4 5 6]
2005-07-25 15:05:34 +00:00
Eelco Dolstra
4c20a08293 * Build dynamic libraries. 2005-07-22 14:52:45 +00:00
Eelco Dolstra
0f827cc607 * Prevent repeated wrapping of closed terms
(closed(closed(closed(...)))) since this reduces performance by
  producing bigger terms and killing caching (which incidentally also
  prevents useful infinite recursion detection).
2005-07-19 11:48:05 +00:00
Eelco Dolstra
2135e7c041 * Wat cleanups. 2005-07-16 23:19:20 +00:00
Eelco Dolstra
6f82a78de7 * Define paths using regexps, as is done in the Flex definition. 2005-07-16 21:38:15 +00:00
Eelco Dolstra
6f91f02f75 * Make the rejects a bit more compact.
* Add lexical restrictions for keywords.
2005-07-16 20:43:58 +00:00
Eelco Dolstra
9590009a74 * Fix ambiguity. 2005-07-16 15:41:27 +00:00
Eelco Dolstra
f797cb5855 * Revive and update the SDF grammar for Nix expressions. 2005-07-16 14:07:35 +00:00
Eelco Dolstra
22d3587f3b * In nix-instantiate, at top-level, call functions that have arguments
with default values automatically.  I.e., e -> e {}.

  This feature makes convenience expressions such as
  pkgs/system/i686-linux.nix in Nixpkgs obsolete, since we can just do

  $ nix-instantiate ./pkgs/system/all-packages.nix

  since all-packages.nix takes a single argument (system) that has a
  default value (__thisSystem).
2005-07-12 16:06:25 +00:00
Eelco Dolstra
040140dd1c * Added a primop `removeAttrs' to remove attributes from a set, e.g.,
`removeAttrs attrs ["x", "y"]' returns the set `attrs' with the
  attributes named `x' and `y' removed.  It is not an error for the
  named attributes to be missing from the input set.
2005-05-18 17:19:21 +00:00
Eelco Dolstra
109cde6706 * Ignore (with a warning) invalid garbage collector roots. 2005-05-10 14:56:10 +00:00
Eelco Dolstra
456f3251d2 * Typo. 2005-05-10 14:21:46 +00:00
Eelco Dolstra
9ec7e58aa4 * Handle store path arguments in `nix-env -i' correctly again. 2005-05-09 17:55:35 +00:00
Eelco Dolstra
8f57634c14 * Automatically upgrade the Berkeley DB environment if necessary. 2005-05-09 15:25:47 +00:00
Eelco Dolstra
edd145d2fb * Lazily compute the derivation and output paths of derivations. This
makes most query and installation operations much faster (e.g.,
  `nix-env -qa' on the current Nixpkgs is about 10 times faster).
2005-05-08 10:32:09 +00:00
Eelco Dolstra
426593162e * ATermMap needs an assignment operator, otherwise we are screwed. 2005-05-08 10:28:19 +00:00
Eelco Dolstra
77557a6f06 Commit 3000!
* Make the `derivation' primitive much more lazy.  The expression
  `derivation attrs' now evaluates to (essentially)

    attrs // {
      type = "derivation";
      outPath = derivation! attrs;
      drvPath = derivation! attrs;
    }

  where `derivation!' is a primop that does the actual derivation
  instantiation (i.e., it does what `derivation' used to do).  The
  advantage is that it allows commands such as `nix-env -qa' and
  `nix-env -i' to be much faster since they no longer need to
  instantiate all derivations, just the `name' attribute.  (However,
  `nix-env' doesn't yet take advantage of this since it still always
  evaluates the `outPath' and `drvPath' attributes).

  Also, this allows derivations to cyclically reference each other,
  for example,

    webServer = derivation {
      ...
      hostName = "svn.cs.uu.nl";
      services = [svnService];
    };

    svnService = derivation {
      ...
      hostName = webServer.hostName;
    };

  Previously, this would yield a black hole (infinite recursion).
2005-05-07 21:48:49 +00:00
Eelco Dolstra
6057b51835 * Don't try to register GC roots in read-only mode. 2005-05-07 21:33:31 +00:00
Eelco Dolstra
52a2f41320 * Include some required header files. 2005-05-04 16:33:20 +00:00
Eelco Dolstra
26fd28432d * FreeBSD 4.x doesn't have stdint.h, use inttypes.h instead (which is
also part of ISO C).
2005-05-04 16:32:54 +00:00
Eelco Dolstra
5dea0622d1 * Idem (constness fix).
* `compare' in GCC 2.95 is broken.
2005-05-04 16:31:49 +00:00
Eelco Dolstra
4a266e35d4 * GCC 2.95 compatibility fix in constness; strangely, I think this
should not have worked at all.
2005-05-04 16:31:24 +00:00
Eelco Dolstra
d7b3cdbd91 * GCC 2.95 compatibility. Prevents internal compiler error in member
template friends.
2005-05-04 16:30:35 +00:00
Eelco Dolstra
ae6d9033a1 * The eof() state isn't guaranteed to be set non-lazily. GCC 2.95
compatibility fix.
2005-05-04 16:29:44 +00:00
Eelco Dolstra
02f2da0142 * Merging from nix-make branch:
- Add __currentTime primitive (dangerous!).
  - Allow imports of derivations.
2005-05-02 14:44:58 +00:00