Commit graph

15150 commits

Author SHA1 Message Date
"Vincent Ambo ext:(%22)
9719b5a62d Used stylish-haskell on all source files 2013-04-28 14:30:00 +02:00
"Vincent Ambo ext:(%22)
8f1b6b5c4e * added Markdown support 2013-04-28 14:26:45 +02:00
"Vincent Ambo ext:(%22)
0f98c3f489 * removed iMessage 2013-04-28 13:45:08 +02:00
"Vincent Ambo ext:(%22)
247265f354 * saved the function that I cleaned the comments with. The function is horrendous 2013-04-28 13:12:08 +02:00
"Vincent Ambo ext:(%22)
b3fb7f0f34 * re-enabled captchas 2013-04-28 13:11:38 +02:00
"Vincent Ambo ext:(%22)
1bdbe4af64 * switched main language to English 2013-04-27 22:17:54 +02:00
"Vincent Ambo ext:(%22)
de09c2cc68 * fixed comment deletion link
* updated contact info
* fixed compatibility with current blaze
2013-04-27 22:15:46 +02:00
Eelco Dolstra
4ddd077bfa find-runtime-roots.pl: Don't hardcode /nix/store 2013-04-26 12:15:54 +02:00
Eelco Dolstra
0374d94437 addAdditionalRoots(): Check each path only once 2013-04-26 12:07:25 +02:00
Eelco Dolstra
00f698eb8b find-runtime-roots.pl: Search process environments for roots
For instance, this prevents paths from being deleted that are in use
by a "nix-build --run-env" session.
2013-04-26 12:06:39 +02:00
Eelco Dolstra
938092a213 find-runtime-roots.pl: Use Nix::Utils::readFile 2013-04-26 11:44:19 +02:00
"Vincent Ambo ext:(%22)
3a39dfc19e * small fixes that I don't remember 2013-04-24 14:35:25 +02:00
Eelco Dolstra
772b70952f Fix --timeout
I'm not sure if it has ever worked correctly.  The line "lastWait =
after;" seems to mean that the timer was reset every time a build
produced log output.

Note that the timeout is now per build, as documented ("the maximum
number of seconds that a builder can run").
2013-04-23 18:04:59 +02:00
Eelco Dolstra
f9974f856e Show that --timeout doesn't work if the build produces log output 2013-04-23 17:16:29 +02:00
Eelco Dolstra
6955d41f2b nix-build: Respect --timeout 2013-04-23 17:16:01 +02:00
Eelco Dolstra
934cf2d1f4 Nix daemon: respect build timeout from the client 2013-04-23 16:59:06 +02:00
Eelco Dolstra
08d96ffad0 Fix --fallback with the binary cache substituter
Reported by Peter Simons.
2013-04-23 12:45:01 +02:00
Eelco Dolstra
a9b4e26b5c Test whether --fallback works if NARS have disappeared from the binary cache 2013-04-23 12:44:01 +02:00
Eelco Dolstra
c642441beb Test NAR info caching 2013-04-23 12:43:28 +02:00
Eelco Dolstra
05420e7883 Manual: Add a missing step to the build instructions
Reported by Johan Grande.
2013-04-09 17:57:48 +02:00
Eelco Dolstra
258897c265 Complain if /homeless-shelter exists 2013-04-04 11:16:26 +02:00
Eelco Dolstra
239841787b Fix evaluation of the VM tests 2013-03-25 21:59:11 +01:00
Shea Levy
cc63db1dd5 makeStoreWritable: Ask forgiveness, not permission
It is surprisingly impossible to check if a mountpoint is a bind mount
on Linux, and in my previous commit I forgot to check if /nix/store was
even a mountpoint at all. statvfs.f_flag is not populated with MS_BIND
(and even if it were, my check was wrong in the previous commit).

Luckily, the semantics of mount with MS_REMOUNT | MS_BIND make both
checks unnecessary: if /nix/store is not a mountpoint, then mount will
fail with EINVAL, and if /nix/store is not a bind-mount, then it will
not be made writable. Thus, if /nix/store is not a mountpoint, we fail
immediately (since we don't know how to make it writable), and if
/nix/store IS a mountpoint but not a bind-mount, we fail at first write
(see below for why we can't check and fail immediately).

Note that, due to what is IMO buggy behavior in Linux, calling mount
with MS_REMOUNT | MS_BIND on a non-bind readonly mount makes the
mountpoint appear writable in two places: In the sixth (but not the
10th!) column of mountinfo, and in the f_flags member of struct statfs.
All other syscalls behave as if the mount point were still readonly (at
least for Linux 3.9-rc1, but I don't think this has changed recently or
is expected to soon). My preferred semantics would be for MS_REMOUNT |
MS_BIND to fail on a non-bind mount, as it doesn't make sense to remount
a non bind-mount as a bind mount.
2013-03-25 19:00:16 +01:00
Shea Levy
2c9cf50746 makeStoreWritable: Use statvfs instead of /proc/self/mountinfo to find out if /nix/store is a read-only bind mount
/nix/store could be a read-only bind mount even if it is / in its own filesystem, so checking the 4th field in mountinfo is insufficient.

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-25 19:00:16 +01:00
Eelco Dolstra
c3fc60d936 Fix evaluation 2013-03-18 21:49:42 +01:00
Eelco Dolstra
f72ed36025 Bump version number 2013-03-15 14:21:05 +01:00
Eelco Dolstra
78d777ca15 Remove the "system" jobset input 2013-03-15 13:18:49 +01:00
Eelco Dolstra
a68ebf8e37 Require Bison 2.6 2013-03-14 18:33:15 +01:00
Eelco Dolstra
804709706c Fix building against Bison 2.6 2013-03-14 18:31:08 +01:00
Eelco Dolstra
c56bc3d81c Make sure that thunks are restored properly if an exception occurs
Fixes Hydra bug #67.
2013-03-14 17:21:13 +01:00
Vincent Ambo
384b4e1ec1 * added config for PCKeyboardHack and KeyRemap4MacBook 2013-03-13 22:02:31 +01:00
Vincent Ambo
2225a11289 * updated zshrc 2013-03-13 13:34:03 +01:00
Vincent Ambo
bb3c6afb7f * moved plist configurations to plist folder 2013-03-13 13:33:05 +01:00
Eelco Dolstra
4b07476848 Prevent config.h from being clobbered 2013-03-08 01:27:04 +01:00
Eelco Dolstra
bdd4646338 Revert "Prevent config.h from being clobbered"
This reverts commit 28bba8c44f.
2013-03-08 01:24:59 +01:00
Eelco Dolstra
e73d9e9488 Fix annoying Perl 5.16 warnings
I.e.

Subroutine Nix::Store::isValidPath redefined at /nix/store/clfzsf6gi7qh5i9c0vks1ifjam47rijn-perl-5.16.2/lib/perl5/5.16.2/XSLoader.pm line 92.

and so on.
2013-03-08 00:27:32 +01:00
Eelco Dolstra
28bba8c44f Prevent config.h from being clobbered 2013-03-07 23:55:55 +01:00
Vincent Ambo
19dd5c8bac iTerm 2 config 2013-03-06 23:21:00 +01:00
Vincent Ambo
8dfa868c2f xnomad & zshrc 2013-03-06 21:13:01 +01:00
Vincent
7cec58210a Initial commit 2013-03-06 11:51:13 -08:00
Eelco Dolstra
8057a192e3 Handle systems without lutimes() or lchown() 2013-02-28 19:55:09 +01:00
Eelco Dolstra
9fa1bee575 Update release notes
Also use a point release version number as suggested by several
people.
2013-02-28 19:36:02 +01:00
Eelco Dolstra
f45c731cd7 Handle symlinks properly
Now it's really brown paper bag time...
2013-02-28 14:51:08 +01:00
Eelco Dolstra
88936411bc Bump version number 2013-02-28 13:03:53 +01:00
Eelco Dolstra
0111ba98ea Handle hard links to other files in the output 2013-02-27 17:18:41 +01:00
Eelco Dolstra
b008674e46 Refactoring: Split off the non-recursive canonicalisePathMetaData()
Also, change the file mode before changing the owner.  This prevents a
slight time window in which a setuid binary would be setuid root.
2013-02-27 16:42:19 +01:00
Eelco Dolstra
826dc0d07d Remove outdated file 2013-02-26 14:32:48 +01:00
Eelco Dolstra
97c6009c47 Bump version number 2013-02-26 14:32:14 +01:00
Eelco Dolstra
ca9c02dff1 Update release notes 2013-02-26 13:23:09 +01:00
Eelco Dolstra
5526a282b5 Security: Don't allow builders to change permissions on files they don't own
It turns out that in multi-user Nix, a builder may be able to do

  ln /etc/shadow $out/foo

Afterwards, canonicalisePathMetaData() will be applied to $out/foo,
causing /etc/shadow's mode to be set to 444 (readable by everybody but
writable by nobody).  That's obviously Very Bad.

Fortunately, this fails in NixOS's default configuration because
/nix/store is a bind mount, so "ln" will fail with "Invalid
cross-device link".  It also fails if hard-link restrictions are
enabled, so a workaround is:

  echo 1 > /proc/sys/fs/protected_hardlinks

The solution is to check that all files in $out are owned by the build
user.  This means that innocuous operations like "ln
${pkgs.foo}/some-file $out/" are now rejected, but that already failed
in chroot builds anyway.
2013-02-26 02:30:19 +01:00