nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-27 20:51:00 +01:00
Code Activity
1661 commits 186 branches 219 tags 168 MiB
Commit graph

47 commits

Author SHA1 Message Date
Wouter den Breejen
30cf65af26 Fixed some more remote-store store bugs. Users can now add state store components with nix-env. Paths in /nix/state are now chowned and chmodded to their owners 2007-08-30 18:20:20 +00:00
Wouter den Breejen
2e7539bd27 Added state marshall functions in RemoteStore.cc (still unfinished in Nix-worker.cc) 2007-08-27 18:54:05 +00:00
Wouter den Breejen
bdcce95a39 Added / Removed state functions to the Store API 2007-08-27 13:09:24 +00:00
Wouter den Breejen
13f321e397 State revisions are now printed like this: Rev. 01 @ Mon Aug 6 15:48:37 2007 (1186408117) -- Initial build revision. 2007-08-06 15:01:39 +00:00
Wouter den Breejen
83ec65edf5 2007-07-27 16:22:53 +00:00
Wouter den Breejen
0fc5accd86 Replaced SVN by Ext3COW as a backend for state (still some things need to happen: reverting doesn't go right in all cases yet) 2007-07-25 21:52:33 +00:00
Wouter den Breejen
dc4395b737 2007-07-24 12:47:28 +00:00
Wouter den Breejen
f3dabd6206 before making computeFSClosure recursively transactional ..... (adding Transaction txn) 2007-07-12 14:46:15 +00:00
Wouter den Breejen
7bfed0c104 2007-07-12 11:34:17 +00:00
Wouter den Breejen
b7654ab716 before removing isStateComponentTxn 2007-07-09 14:30:57 +00:00
Wouter den Breejen
9f00b42f38 downscaled to 1 repos per statePath 2007-07-08 22:40:16 +00:00
Wouter den Breejen
ca5fc7c582 major update 2007-07-08 19:02:08 +00:00
Wouter den Breejen
4f483aad0f runProgram backup 2007-07-06 15:12:20 +00:00
Wouter den Breejen
ad2b815b5e added scanAndUpdateAllReferencesTxn(..) moving on to create a db-table that can save state-revision-closures and state-revision-reference-closures 2007-07-02 19:15:10 +00:00
Wouter den Breejen
c370c9f535 adjusted to: void computeFSClosure(const Path & path, PathSet & paths, const bool & withComponents, const bool & withState, bool flipDirection) 2007-06-29 15:24:51 +00:00
Wouter den Breejen
04dd3fdf34 Bugfix: Before adjusting registerValidPath to also be able to take state paths 2007-06-28 17:12:02 +00:00
Wouter den Breejen
3d22bd50b3 nix-state now works, state is recursively commited (when necessary) 2007-06-27 15:43:16 +00:00
Wouter den Breejen
6351b7e728 added dbValidStatePaths, StatePaths are now also registered as valid and can be query'd on validity 2007-06-22 14:04:06 +00:00
Wouter den Breejen
51fad07fbd Before adding dbValidStatePaths 2007-06-22 13:03:06 +00:00
Wouter den Breejen
0e41b191bf 2007-06-21 16:47:48 +00:00
Wouter den Breejen
a4fda31ad5 Before editting get-drvs.hh: DrvInfo 2007-06-21 13:26:58 +00:00
Wouter den Breejen
235c91dd7f State paths can now be scanned and queryed (references), referres still need to be added 2007-06-19 15:23:00 +00:00
Wouter den Breejen
b1cc9e9a45 Before moving scanForStateReferences(...) 2007-06-19 13:04:05 +00:00
Wouter den Breejen
bdecf3bdbc In the middle of adding state references to derivations and the db... 2007-06-18 19:54:31 +00:00
Wouter den Breejen
b909d57f5d broken, in the middle of edditting user / drv mod 2007-06-12 19:08:05 +00:00
Wouter den Breejen
79d5604780 Changed commit script: it recursively walkes through all dirs itself now, uses svn stat where needed, and doesnt use svn add *,svn revert anymore and is much faster 2007-06-07 13:16:38 +00:00
Wouter den Breejen
7166ad8eba Completed updateStateDerivation(Path storepath) method 2007-06-04 19:41:46 +00:00
Wouter den Breejen
bcf9d3ab2f 2007-06-04 16:51:15 +00:00
Wouter den Breejen
cbd0d39583 Added beginnnings of getStatePathClosure and GetDrv in local-store.cc, next: setting up variables in nix-state to recursively commit state 2007-05-29 15:42:44 +00:00
Wouter den Breejen
fbd1b78a9d Finished set-up for nix-state, now: adding runtime state parameters & exclude state-identifier as input from state-hash 2007-05-29 11:34:54 +00:00
Eelco Dolstra
bdadb98de8 * `nix-store --import' now also works in remote mode. The worker 
always requires a signature on the archive.  This is to ensure that
  unprivileged users cannot add Trojan horses to the Nix store.
 2007-02-21 17:34:02 +00:00
Eelco Dolstra
0f5da8a83c * Support exportPath() in remote mode. 2007-02-21 16:34:00 +00:00
Eelco Dolstra
43c4d18c6a * nix-store --import': import an archive created by nix-store 
--export' into the Nix store, and optionally check the cryptographic
  signatures against /nix/etc/nix/signing-key.pub.  (TODO: verify
  against a set of public keys.)
 2007-02-21 15:45:32 +00:00
Eelco Dolstra
b824a1daee * Start of `nix-store --export' operation for serialising a store 
path.  This is like `nix-store --dump', only it also dumps the
  meta-information of the store path (references, deriver).  Will add
  a `--sign' flag later to add a cryptographic signature, which we
  will use for exchanging store paths between build farm machines in a
  secure manner.
 2007-02-20 23:17:20 +00:00
Eelco Dolstra
a3e6415ba8 * New primop builtins.filterSource, which can be used to filter files 
from a source directory.  All files for which a predicate function
  returns true are copied to the store.  Typical example is to leave
  out the .svn directory:

    stdenv.mkDerivation {
      ...
      src = builtins.filterSource
        (path: baseNameOf (toString path) != ".svn")
        ./source-dir;
      # as opposed to
      #   src = ./source-dir;
    }

  This is important because the .svn directory influences the hash in
  a rather unpredictable and variable way.
 2006-12-12 23:05:01 +00:00
Eelco Dolstra
a9c4f66cfb * Allow unprivileged users to run the garbage collector and to do 
`nix-store --delete'.  But unprivileged users are not allowed to
  ignore liveness.
* `nix-store --delete --ignore-liveness': ignore the runtime roots as
  well.
 2006-12-05 02:18:46 +00:00
Eelco Dolstra
29cf434a35 * The determination of the root set should be made by the privileged 
process, so forward the operation.
* Spam the user about GC misconfigurations (NIX-71).
* findRoots: skip all roots that are unreadable - the warnings with
  which we spam the user should be enough.
 2006-12-05 01:31:45 +00:00
Eelco Dolstra
74033a844f * Add indirect root registration to the protocol so that unprivileged 
processes can register indirect roots.  Of course, there is still
  the problem that the garbage collector can only read the targets of
  the indirect roots when it's running as root...
 2006-12-04 23:29:16 +00:00
Eelco Dolstra
4740baf3a6 * When NIX_REMOTE=daemon, connect to /nix/var/nix/daemon.socket 
instead of forking a worker.
 2006-12-04 14:21:39 +00:00
Eelco Dolstra
f5f0cf423f * Refactoring. 2006-12-04 13:28:14 +00:00
Eelco Dolstra
4251f94b32 * Use a Unix domain socket instead of pipes. 2006-12-03 02:36:44 +00:00
Eelco Dolstra
7951c3c546 * Some hackery to propagate the worker's stderr and exceptions to the 
client.
 2006-12-03 02:08:13 +00:00
Eelco Dolstra
e25fad691a * Move addTempRoot() to the store API, and add another function 
syncWithGC() to allow clients to register GC roots without needing
  write access to the global roots directory or the GC lock.
 2006-12-02 16:41:36 +00:00
Eelco Dolstra
a824d58b56 * Merge addToStore and addToStoreFixed. 
* addToStore now adds unconditionally, it doesn't use readOnlyMode.
  Read-only operation is up to the caller (who can call
  computeStorePathForPath).
 2006-12-01 20:51:18 +00:00
Eelco Dolstra
0565b5f2b3 * More remote operations. 
* Added new operation hasSubstitutes(), which is more efficient than
  querySubstitutes().size() > 0.
 2006-11-30 22:43:55 +00:00
Eelco Dolstra
765bdfe542 * When NIX_REMOTE is set to "slave", fork off nix-worker in slave 
mode.  Presumably nix-worker would be setuid to the Nix store user.
  The worker performs all operations on the Nix store and database, so
  the caller can be completely unprivileged.

  This is already much more secure than the old setuid scheme, since
  the worker doesn't need to do Nix expression evaluation and so on.
  Most importantly, this means that it doesn't need to access any user
  files, with all resulting security risks; it only performs pure
  store operations.

  Once this works, it is easy to move to a daemon model that forks off
  a worker for connections established through a Unix domain socket.
  That would be even more secure.
 2006-11-30 19:54:43 +00:00
Eelco Dolstra
9adc074dc3 * Oops. 2006-11-30 18:35:50 +00:00