Eelco Dolstra
04e071a5e4
Bump version
2017-07-13 15:10:09 +02:00
Domen Kožar
44f51a5dd2
Fix rpm build
2017-07-13 14:11:21 +02:00
Eelco Dolstra
e135db704f
Merge pull request #1453 from grahamc/multi-user-darwin
...
Multi user darwin installer
2017-07-13 13:03:28 +02:00
Graham Christensen
c82126790d
Cleanup and more specificity around set -e
2017-07-12 20:43:57 -04:00
Graham Christensen
85acfcd6bd
Only clean if the file exists
2017-07-12 20:31:33 -04:00
Graham Christensen
b2917c8246
Clean up nix hints from the old insstaller
2017-07-12 20:29:58 -04:00
Graham Christensen
a31347d6ec
release: don't build libseccomp if we're on darwin
2017-07-12 19:23:42 -04:00
Graham Christensen
c4f349d572
Run nix-build inside a fresh bash login
2017-07-12 17:10:14 -04:00
Graham Christensen
163d93125e
chmod
2017-07-12 12:58:37 -04:00
Graham Christensen
302e820660
Test the installer
2017-07-12 11:45:38 -04:00
Graham Christensen
2442c4684d
Address feedback around printf & exec
2017-07-12 11:45:35 -04:00
Graham Christensen
d4f128352e
Don't install a second nix after the initial installation, and the rsync change fixes a bug hidden by the nix replacement where the store files were being owned by the installing user due to rsync's -a implying -og.
2017-07-12 11:45:32 -04:00
Graham Christensen
0c13077d83
nix: build with libsodium on macOS
2017-07-12 11:45:28 -04:00
Graham Christensen
661daed683
Clean up issues around uninstall directions, and only show
...
relevant directions
2017-07-12 11:45:25 -04:00
Graham Christensen
262a08c0e2
Prompt for sudo before validating assumptions, and check ourselves for root-owned files instead of making a scary warning.
2017-07-12 11:45:22 -04:00
Graham Christensen
3ebd25a644
multi-user install: move the profile in to the nix etc/profiles.d output
2017-07-12 11:45:19 -04:00
Graham Christensen
218978154a
Switch to a fancy multi-user installer on Darwin
2017-07-12 11:45:13 -04:00
Graham Christensen
799f5adf79
Shellcheck the existing installer
2017-07-12 11:44:28 -04:00
Eelco Dolstra
84d10d248e
Fix build
2017-07-12 13:00:41 +02:00
Robert Vollmert
758a3044f1
Fix nix-instantiate manpage indentation
...
The second command variant is now its own cmdsynopsis, which ensures
it's not indented as was the case using sbrk.
(cherry picked from commit 60da5d2b8f
)
2017-07-12 11:31:24 +02:00
Matthew Bauer
5a7d00ced8
Don’t hardlink disallowed paths in OS X.
...
Fixes #1443
(cherry picked from commit 72e80c59b5
)
2017-07-12 11:31:17 +02:00
Eelco Dolstra
9943f98c35
Add X32 to the seccomp filter
...
Fixes #1432 .
(cherry picked from commit a3dc1e65ab
)
2017-07-12 11:30:28 +02:00
Eelco Dolstra
b59788fc48
fetchTarball: Prevent concurrent downloads of the same file
...
Fixes #849 .
(cherry picked from commit 8e8caf7f3e
)
2017-07-12 11:28:59 +02:00
Eelco Dolstra
7577d35895
replaceSymlink(): Handle the case where the temporary file already exists
...
Not really necessary anymore for #849 , but still nice to have.
(cherry picked from commit 2965d40612
)
2017-07-12 11:28:05 +02:00
Shea Levy
2a0112a370
Merge branch 'add-nix-profile-daemon' of git://github.com/grahamc/nix into 1.11-maintenance
2017-07-09 16:03:15 -04:00
Graham Christensen
3e0a503bf7
Create a profile suitable for multi-user installs
2017-07-09 14:52:33 -04:00
Eelco Dolstra
026f4f9ae8
macOS: Remove flags
...
In particular, UF_IMMUTABLE (uchg) needs to be cleared to allow the
path to be garbage-collected or optimised.
See https://github.com/NixOS/nixpkgs/issues/25819 .
+ the file from being garbage-collected.
(cherry picked from commit b5bdfdef73
)
2017-06-19 14:32:38 +02:00
Eelco Dolstra
11dd08f02e
macOS: Ugly hack to make the tests succeed
...
Sandboxes cannot be nested, so if Nix's build runs inside a sandbox,
it cannot use a sandbox itself. I don't see a clean way to detect
whether we're in a sandbox, so use a test-specific hack.
https://github.com/NixOS/nix/issues/1413
(cherry picked from commit 1888f7889b
)
2017-06-19 14:28:04 +02:00
Shea Levy
3e574c3691
Merge branch '1.11-maintenance' of git://github.com/cyraxjoe/nix into 1.11-maintenance
2017-06-14 07:52:36 -04:00
Eelco Dolstra
5ac7088726
Bump version
2017-06-14 11:43:51 +02:00
Eelco Dolstra
35ea3d62dc
canonicalisePathMetaData(): Ignore security.selinux attribute
...
Untested, hopefully fixes #1406 .
(cherry picked from commit 88b291ffc4
)
2017-06-14 11:43:33 +02:00
Joel Rivera
7917494c45
Add support for the curl netrc file in nix-channel/nix-pull.
...
Based on the implementation in download-from-binary-cache.pl.in.
2017-06-13 18:18:20 -05:00
Eelco Dolstra
1e4885e316
Grmbl
2017-06-12 18:52:26 +02:00
Eelco Dolstra
36f363b8f0
On macOS, don't use /var/folders for TMPDIR
...
This broke "nix-store --serve".
(cherry picked from commit 25230a17a9
)
2017-06-12 18:39:34 +02:00
Eelco Dolstra
c33854513a
Remove Ubuntu 13.10 build
...
Seccomp is too old there.
2017-06-12 16:47:16 +02:00
Eelco Dolstra
0be5b949d3
Don't run pre-build-hook if we don't have a derivation
...
This fixes a build failure on OS X when using Hydra or Nix 1.12's
build-remote (since they don't copy the derivation to the build
machine).
(cherry picked from commit 7f5b750b40
)
2017-06-12 16:46:31 +02:00
Eelco Dolstra
c20641ce56
OS X -> macOS
2017-06-12 14:04:52 +02:00
Eelco Dolstra
0fb60e4e0f
Add 1.11.10 release notes
2017-06-12 13:56:38 +02:00
Eelco Dolstra
3414f3804c
Fix build
2017-06-12 13:55:59 +02:00
Eelco Dolstra
8e298e8ad9
Always use the Darwin sandbox
...
Even with "build-use-sandbox = false", we now use sandboxing with a
permissive profile that allows everything except the creation of
setuid/setgid binaries.
Based on 85e93d7b87
.
2017-06-06 20:35:55 +02:00
Eelco Dolstra
f534627929
Fix bad cherrypick
2017-06-06 19:52:40 +02:00
Eelco Dolstra
0ca9502264
Disable the build user mechanism on all platforms except Linux and OS X
...
(cherry picked from commit c8cc50d46e
)
2017-06-06 19:52:24 +02:00
Eelco Dolstra
bcc21744df
Bump version
2017-06-01 16:53:10 +02:00
Eelco Dolstra
833aae4509
Fix coverage job
...
(cherry picked from commit b4b1f4525f
)
2017-06-01 16:51:32 +02:00
Eelco Dolstra
aabe20bf78
RPM, Deb: Add dependency on libseccomp
...
(cherry picked from commit ab5834f7a1
)
2017-06-01 16:51:03 +02:00
Eelco Dolstra
c48697d617
Remove listxattr assertion
...
It appears that sometimes, listxattr() returns a different value for
the query case (i.e. when the buffer size is 0).
(cherry picked from commit 52fec8dde8
)
2017-06-01 16:50:23 +02:00
Eelco Dolstra
4be5a65b39
Fix seccomp build failure on clang
...
Fixes
src/libstore/build.cc:2321:45: error: non-constant-expression cannot be narrowed from type 'int' to 'scmp_datum_t' (aka 'unsigned long') in initializer list [-Wc++11-narrowing]
(cherry picked from commit fe08d17934
)
2017-06-01 16:50:08 +02:00
Eelco Dolstra
634d117ede
Add a seccomp rule to disallow setxattr()
...
(cherry picked from commit 2ac99a32da
)
2017-06-01 16:50:04 +02:00
Eelco Dolstra
66618dbad5
canonicalisePathMetaData(): Remove extended attributes / ACLs
...
EAs/ACLs are not part of the NAR canonicalisation. Worse, setting an
ACL allows a builder to create writable files in the Nix store. So get
rid of them.
Closes #185 .
(cherry picked from commit d798349ede
)
2017-06-01 16:50:00 +02:00
Eelco Dolstra
1e0f1dab1e
Require seccomp only in multi-user setups
...
(cherry picked from commit ff6becafa8
)
2017-06-01 16:49:52 +02:00