Commit graph

15 commits

Author SHA1 Message Date
Eelco Dolstra 6cc6c15a2d
Add a seccomp filter to prevent creating setuid/setgid binaries
This prevents builders from setting the S_ISUID or S_ISGID bits,
preventing users from using a nixbld* user to create a setuid/setgid
binary to interfere with subsequent builds under the same nixbld* uid.

This is based on aszlig's seccomp code
(47f587700d).

Reported by Linus Heckemann.
2017-05-29 16:14:10 +02:00
Eelco Dolstra a2d92bb20e
Add --with-sandbox-shell configure flag
And add a 116 KiB ash shell from busybox to the release build. This
helps to make sandbox builds work out of the box on non-NixOS systems
and with diverted stores.
2017-05-15 17:36:32 +02:00
Eelco Dolstra c5f23f10a8
Replace readline by linenoise
Using linenoise avoids a license compatibility issue (#1356), is a lot
smaller and doesn't pull in ncurses.
2017-05-10 18:37:42 +02:00
Eelco Dolstra 73bba12d8b
Check for libreadline 2017-04-28 16:53:56 +02:00
Eelco Dolstra 98a2adb135
Simplify building nix-perl in nix-shell 2017-04-26 17:04:45 +02:00
Eelco Dolstra 921a2aeb05
Make "nix repl" build 2017-04-25 18:48:40 +02:00
Eelco Dolstra 915f62fa19
shell.nix: Remove more dependencies
Thanks @copumpkin.
2017-04-10 17:23:15 +02:00
Eelco Dolstra 53edb55588
shell.nix: Remove obsolete flags 2017-04-10 11:50:01 +02:00
Eelco Dolstra e8186085e0
Add support for brotli compression
Build logs on cache.nixos.org are compressed using Brotli (since this
allows them to be decompressed automatically by Chrome and Firefox),
so it's handy if "nix log" can decompress them.
2017-03-15 16:49:06 +01:00
Eelco Dolstra 1102c77919
shell.nix: Add a flag for using clang 2017-01-24 10:53:18 +01:00
Eelco Dolstra 11f0680f69
Revert "shell.nix: Add libseccomp"
This reverts commit 1df82b6245.
2016-12-19 11:52:18 +01:00
Eelco Dolstra 5278bb7c16
Merge branch 'master' of github.com:NixOS/nix 2016-12-15 12:31:52 +01:00
Eelco Dolstra 1df82b6245
shell.nix: Add libseccomp 2016-12-15 12:31:35 +01:00
Linus Heckemann 6b30e1462e Add missing DBD::SQLite to shell.nix 2016-12-11 17:13:18 +00:00
Eelco Dolstra 09191caea8
Add shell.nix 2016-12-06 17:17:29 +01:00