picnoir
/
nix-gh
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,498 Commits 46 Branches 55 Tags 27 MiB
Commit Graph

4498 Commits

Author SHA1 Message Date
Eelco Dolstra 04e071a5e4
Bump version 2017-07-13 15:10:09 +02:00
Domen Kožar 44f51a5dd2
Fix rpm build 2017-07-13 14:11:21 +02:00
Eelco Dolstra e135db704f Merge pull request #1453 from grahamc/multi-user-darwin 
Multi user darwin installer
 2017-07-13 13:03:28 +02:00
Graham Christensen c82126790d
Cleanup and more specificity around set -e 2017-07-12 20:43:57 -04:00
Graham Christensen 85acfcd6bd
Only clean if the file exists 2017-07-12 20:31:33 -04:00
Graham Christensen b2917c8246
Clean up nix hints from the old insstaller 2017-07-12 20:29:58 -04:00
Graham Christensen a31347d6ec
release: don't build libseccomp if we're on darwin 2017-07-12 19:23:42 -04:00
Graham Christensen c4f349d572
Run nix-build inside a fresh bash login 2017-07-12 17:10:14 -04:00
Graham Christensen 163d93125e
chmod 2017-07-12 12:58:37 -04:00
Graham Christensen 302e820660
Test the installer 2017-07-12 11:45:38 -04:00
Graham Christensen 2442c4684d
Address feedback around printf & exec 2017-07-12 11:45:35 -04:00
Graham Christensen d4f128352e
Don't install a second nix after the initial installation, and the rsync change fixes a bug hidden by the nix replacement where the store files were being owned by the installing user due to rsync's -a implying -og. 2017-07-12 11:45:32 -04:00
Graham Christensen 0c13077d83
nix: build with libsodium on macOS 2017-07-12 11:45:28 -04:00
Graham Christensen 661daed683
Clean up issues around uninstall directions, and only show 
relevant directions
 2017-07-12 11:45:25 -04:00
Graham Christensen 262a08c0e2
Prompt for sudo before validating assumptions, and check ourselves for root-owned files instead of making a scary warning. 2017-07-12 11:45:22 -04:00
Graham Christensen 3ebd25a644
multi-user install: move the profile in to the nix etc/profiles.d output 2017-07-12 11:45:19 -04:00
Graham Christensen 218978154a
Switch to a fancy multi-user installer on Darwin 2017-07-12 11:45:13 -04:00
Graham Christensen 799f5adf79
Shellcheck the existing installer 2017-07-12 11:44:28 -04:00
Eelco Dolstra 84d10d248e
Fix build 2017-07-12 13:00:41 +02:00
Robert Vollmert 758a3044f1
Fix nix-instantiate manpage indentation 
The second command variant is now its own cmdsynopsis, which ensures
it's not indented as was the case using sbrk.

(cherry picked from commit 60da5d2b8f)
 2017-07-12 11:31:24 +02:00
Matthew Bauer 5a7d00ced8
Don’t hardlink disallowed paths in OS X. 
Fixes #1443

(cherry picked from commit 72e80c59b5)
 2017-07-12 11:31:17 +02:00
Eelco Dolstra 9943f98c35
Add X32 to the seccomp filter 
Fixes #1432.

(cherry picked from commit a3dc1e65ab)
 2017-07-12 11:30:28 +02:00
Eelco Dolstra b59788fc48
fetchTarball: Prevent concurrent downloads of the same file 
Fixes #849.

(cherry picked from commit 8e8caf7f3e)
 2017-07-12 11:28:59 +02:00
Eelco Dolstra 7577d35895
replaceSymlink(): Handle the case where the temporary file already exists 
Not really necessary anymore for #849, but still nice to have.

(cherry picked from commit 2965d40612)
 2017-07-12 11:28:05 +02:00
Shea Levy 2a0112a370 Merge branch 'add-nix-profile-daemon' of git://github.com/grahamc/nix into 1.11-maintenance 2017-07-09 16:03:15 -04:00
Graham Christensen 3e0a503bf7
Create a profile suitable for multi-user installs 2017-07-09 14:52:33 -04:00
Eelco Dolstra 026f4f9ae8
macOS: Remove flags 
In particular, UF_IMMUTABLE (uchg) needs to be cleared to allow the
path to be garbage-collected or optimised.

See https://github.com/NixOS/nixpkgs/issues/25819.
+       the file from being garbage-collected.

(cherry picked from commit b5bdfdef73)
 2017-06-19 14:32:38 +02:00
Eelco Dolstra 11dd08f02e
macOS: Ugly hack to make the tests succeed 
Sandboxes cannot be nested, so if Nix's build runs inside a sandbox,
it cannot use a sandbox itself. I don't see a clean way to detect
whether we're in a sandbox, so use a test-specific hack.

https://github.com/NixOS/nix/issues/1413
(cherry picked from commit 1888f7889b)
 2017-06-19 14:28:04 +02:00
Shea Levy 3e574c3691 Merge branch '1.11-maintenance' of git://github.com/cyraxjoe/nix into 1.11-maintenance 2017-06-14 07:52:36 -04:00
Eelco Dolstra 5ac7088726
Bump version 2017-06-14 11:43:51 +02:00
Eelco Dolstra 35ea3d62dc
canonicalisePathMetaData(): Ignore security.selinux attribute 
Untested, hopefully fixes #1406.

(cherry picked from commit 88b291ffc4)
 2017-06-14 11:43:33 +02:00
Joel Rivera 7917494c45 Add support for the curl netrc file in nix-channel/nix-pull. 
Based on the implementation in download-from-binary-cache.pl.in.
 2017-06-13 18:18:20 -05:00
Eelco Dolstra 1e4885e316
Grmbl 2017-06-12 18:52:26 +02:00
Eelco Dolstra 36f363b8f0
On macOS, don't use /var/folders for TMPDIR 
This broke "nix-store --serve".

(cherry picked from commit 25230a17a9)
 2017-06-12 18:39:34 +02:00
Eelco Dolstra c33854513a
Remove Ubuntu 13.10 build 
Seccomp is too old there.
 2017-06-12 16:47:16 +02:00
Eelco Dolstra 0be5b949d3
Don't run pre-build-hook if we don't have a derivation 
This fixes a build failure on OS X when using Hydra or Nix 1.12's
build-remote (since they don't copy the derivation to the build
machine).

(cherry picked from commit 7f5b750b40)
 2017-06-12 16:46:31 +02:00
Eelco Dolstra c20641ce56
OS X -> macOS 2017-06-12 14:04:52 +02:00
Eelco Dolstra 0fb60e4e0f
Add 1.11.10 release notes 2017-06-12 13:56:38 +02:00
Eelco Dolstra 3414f3804c
Fix build 2017-06-12 13:55:59 +02:00
Eelco Dolstra 8e298e8ad9
Always use the Darwin sandbox 
Even with "build-use-sandbox = false", we now use sandboxing with a
permissive profile that allows everything except the creation of
setuid/setgid binaries.

Based on 85e93d7b87.
 2017-06-06 20:35:55 +02:00
Eelco Dolstra f534627929
Fix bad cherrypick 2017-06-06 19:52:40 +02:00
Eelco Dolstra 0ca9502264
Disable the build user mechanism on all platforms except Linux and OS X 
(cherry picked from commit c8cc50d46e)
 2017-06-06 19:52:24 +02:00
Eelco Dolstra bcc21744df
Bump version 2017-06-01 16:53:10 +02:00
Eelco Dolstra 833aae4509
Fix coverage job 
(cherry picked from commit b4b1f4525f)
 2017-06-01 16:51:32 +02:00
Eelco Dolstra aabe20bf78
RPM, Deb: Add dependency on libseccomp 
(cherry picked from commit ab5834f7a1)
 2017-06-01 16:51:03 +02:00
Eelco Dolstra c48697d617
Remove listxattr assertion 
It appears that sometimes, listxattr() returns a different value for
the query case (i.e. when the buffer size is 0).

(cherry picked from commit 52fec8dde8)
 2017-06-01 16:50:23 +02:00
Eelco Dolstra 4be5a65b39
Fix seccomp build failure on clang 
Fixes

  src/libstore/build.cc:2321:45: error: non-constant-expression cannot be narrowed from type 'int' to 'scmp_datum_t' (aka 'unsigned long') in initializer list [-Wc++11-narrowing]

(cherry picked from commit fe08d17934)
 2017-06-01 16:50:08 +02:00
Eelco Dolstra 634d117ede
Add a seccomp rule to disallow setxattr() 
(cherry picked from commit 2ac99a32da)
 2017-06-01 16:50:04 +02:00
Eelco Dolstra 66618dbad5
canonicalisePathMetaData(): Remove extended attributes / ACLs 
EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an
ACL allows a builder to create writable files in the Nix store. So get
rid of them.

Closes #185.

(cherry picked from commit d798349ede)
 2017-06-01 16:50:00 +02:00
Eelco Dolstra 1e0f1dab1e
Require seccomp only in multi-user setups 
(cherry picked from commit ff6becafa8)
 2017-06-01 16:49:52 +02:00