nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-15 23:12:44 +01:00
Code Activity
nix/src/libstore
History
Théophane Hufschmitt 1d3696f0fb Run the builds in a daemon-controled directory 
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.

This achieves two things:

1. It prevents builders from making their build directory world-readable
   (or even writeable), which would allow the outside world to interact
   with them.
2. It prevents external processes running as the build user (either
   because that somehow leaked, maybe as a consequence of 1., or because
   `build-users` isn't in use) from gaining access to the build
   directory.
2024-06-21 17:06:19 +02:00
..
build Build nix-store with Meson 2024-06-14 10:25:14 -04:00
builtins Merge pull request #10852 from siddhantk232/add-interrupts 2024-06-04 17:21:03 +02:00
linux Build nix-store with Meson 2024-06-14 10:25:14 -04:00
unix Run the builds in a daemon-controled directory 2024-06-21 17:06:19 +02:00
windows Build nix-store with Meson 2024-06-14 10:25:14 -04:00
.version Build nix-store with Meson 2024-06-14 10:25:14 -04:00
binary-cache-store.cc Merge remote-tracking branch 'origin/master' into large-path-warning 2024-06-03 15:32:27 +02:00
binary-cache-store.hh Use SourcePath in more places 2024-05-06 19:05:42 +02:00
build-result.cc Test the rest of the worker protocol serializers 2023-10-04 15:31:52 -04:00
build-result.hh Fix gcc 12 warnings 2024-02-28 22:59:20 +01:00
builtins.hh builtin:{unpack-channel,buildenv}: Get output path from the derivation 2024-02-12 16:34:59 +01:00
ca-specific-schema.sql Build the local store on Windows 2024-05-10 13:05:23 -04:00
common-protocol-impl.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
common-protocol.cc Merge pull request #6236 from obsidiansystems/store-dir-config 2023-12-01 15:38:14 +01:00
common-protocol.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
content-address.cc Add Git object hashing to the store layer 2024-02-27 11:27:34 -05:00
content-address.hh treewide: hash type -> hash algorithm 2024-02-26 18:09:06 +08:00
daemon.cc Merge pull request #10782 from obsidiansystems/both-connections 2024-06-03 15:10:38 +02:00
daemon.hh Add Store::isTrustedClient() 2023-04-06 19:59:57 -04:00
derivations.cc Require drvPath attribute to end with .drv 2024-05-22 12:50:24 -04:00
derivations.hh refactor: Impure derivation type isPure -> isImpure 2024-01-27 11:00:10 +01:00
derived-path-map.cc Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
derived-path-map.hh Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
derived-path.cc use std::tie() for macro-generated operators 2023-12-19 19:32:16 +01:00
derived-path.hh Merge pull request #6236 from obsidiansystems/store-dir-config 2023-12-01 15:38:14 +01:00
downstream-placeholder.cc Renamed HashFormat::Base32 to HashFormat::Nix32 2023-12-06 23:43:42 +01:00
downstream-placeholder.hh Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
dummy-store.cc Ensure all store types support "real" URIs 2024-05-21 11:56:40 -04:00
dummy-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
export-import.cc ParseSink -> FileSystemObjectSink 2024-01-22 18:01:18 -05:00
filetransfer.cc tryUnshareFilesystem: Ignore ENOSYS too 2024-05-22 16:07:38 -04:00
filetransfer.hh Tarball fetcher: Use the content-addressed Git cache 2024-02-20 12:57:36 +01:00
gc-store.hh Clean up store hierarchy with IndirectRootStore 2023-07-24 09:19:44 -04:00
gc.cc Merge pull request #10852 from siddhantk232/add-interrupts 2024-06-04 17:21:03 +02:00
globals.cc add call to checkInterrupt in a bunch of places 2024-06-04 19:35:40 +05:30
globals.hh Rename large-path-warning-threshold -> warn-large-path-threshold 2024-06-03 15:49:15 +02:00
http-binary-cache-store.cc Ensure all store types support "real" URIs 2024-05-21 11:56:40 -04:00
http-binary-cache-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
indirect-root-store.cc inline the usage of nix::renameFile 2024-05-12 18:40:16 +05:30
indirect-root-store.hh Enable the unix:// store on Windows 2024-04-18 16:58:32 -04:00
keys.cc Separate SystemError from SysError 2024-01-12 12:00:33 -05:00
keys.hh Signer infrastructure: Prep for #9076 2024-01-03 16:13:55 -05:00
legacy-ssh-store.cc Merge pull request #10782 from obsidiansystems/both-connections 2024-06-03 15:10:38 +02:00
legacy-ssh-store.hh Misc Windows fixes 2024-06-01 19:19:35 -04:00
legacy-ssh-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
length-prefixed-protocol-helper.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
local-binary-cache-store.cc Merge pull request #10852 from siddhantk232/add-interrupts 2024-06-04 17:21:03 +02:00
local-binary-cache-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
local-fs-store.cc nix shell: Handle output paths that are symlinks 2024-04-10 23:49:19 +02:00
local-fs-store.hh Add Git object hashing to the store layer 2024-02-27 11:27:34 -05:00
local-overlay-store.cc Misc Windows fixes 2024-06-01 19:19:35 -04:00
local-overlay-store.hh Misc Windows fixes 2024-06-01 19:19:35 -04:00
local-overlay-store.md Misc Windows fixes 2024-06-01 19:19:35 -04:00
local-store.cc Don't chown when local-store is read-only 2024-06-16 23:03:33 -07:00
local-store.hh Ensure all store types support "real" URIs 2024-05-21 11:56:40 -04:00
local-store.md Build the local store on Windows 2024-05-10 13:05:23 -04:00
local.mk Misc Windows fixes 2024-06-01 19:19:35 -04:00
log-store.cc Move the getBuildLog implementation to its own implementation file 2023-01-13 11:05:44 +01:00
log-store.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
machines.cc Remove 100s of CPU time (10%) from build times (1465s -> 1302s) 2024-05-31 13:00:09 +02:00
machines.hh Restore exposing machine file parsing 2024-05-23 00:03:52 -04:00
make-content-addressed.cc HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
make-content-addressed.hh makeContentAddressed: Add single path helper 2023-06-30 18:22:47 +02:00
meson.build build: meson for libfetchers 2024-06-17 17:25:56 -04:00
meson.options Build nix-store with Meson 2024-06-14 10:25:14 -04:00
misc.cc Build a minimized Nix with MinGW 2024-04-17 12:26:10 -04:00
mounted-ssh-store.md MountedSSHStore: stores on shared filesystems 2023-11-21 13:34:01 -05:00
names.cc return string_views from forceString* 2022-01-27 17:15:43 +01:00
names.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
nar-accessor.cc CanonPath, SourcePath: Change operator + to / 2024-02-05 15:17:39 +01:00
nar-accessor.hh Fix consts and casts 2023-11-08 17:29:55 +01:00
nar-info-disk-cache.cc Update nar-info-disk-cache.cc 2024-02-12 23:37:40 +03:00
nar-info-disk-cache.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
nar-info.cc Improve checked json casting (#10087) 2024-04-03 18:04:00 +00:00
nar-info.hh Fix consts and casts 2023-11-08 17:29:55 +01:00
nix-store.pc.in Create and install a nix-util.pc 2024-06-03 14:14:40 -04:00
optimise-store.cc optimize-store.cc: Update macos exclusion comments 2024-06-18 12:05:59 +08:00
outputs-spec.cc Fix moves that accidentally copy anyway 2023-10-16 21:48:35 +01:00
outputs-spec.hh Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
package.nix Build nix-store with Meson 2024-06-14 10:25:14 -04:00
parsed-derivations.cc Decouple within-build (structured attrs) and unstable CLI path info JSON 2024-06-03 08:21:22 -04:00
parsed-derivations.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
path-info.cc ValidPathInfo JSON format should use null not omit field 2024-06-03 08:21:22 -04:00
path-info.hh Signer infrastructure: Prep for #9076 2024-01-03 16:13:55 -05:00
path-references.cc HashType: Rename to HashAlgorithm 2023-12-06 23:43:42 +01:00
path-references.hh Split up util.{hh,cc} 2023-11-05 12:20:02 -05:00
path-regex.hh Disallow store path names that are . or .. (plus opt. -) 2024-01-31 18:35:19 +01:00
path-with-outputs.cc Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
path-with-outputs.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
path.cc Require drvPath attribute to end with .drv 2024-05-22 12:50:24 -04:00
path.hh Require drvPath attribute to end with .drv 2024-05-22 12:50:24 -04:00
pathlocks.cc Create no-op Window pathlocks implementation 2024-04-17 11:48:14 -04:00
pathlocks.hh Pathlocks Implementation for Windows (#10586) 2024-04-22 15:08:10 +00:00
posix-fs-canonicalise.cc add call to checkInterrupt in a bunch of places 2024-06-04 19:35:40 +05:30
posix-fs-canonicalise.hh Build the local store on Windows 2024-05-10 13:05:23 -04:00
profiles.cc add call to checkInterrupt in a bunch of places 2024-06-04 19:35:40 +05:30
profiles.hh Build a minimized Nix with MinGW 2024-04-17 12:26:10 -04:00
realisation.cc Signer infrastructure: Prep for #9076 2024-01-03 16:13:55 -05:00
realisation.hh Signer infrastructure: Prep for #9076 2024-01-03 16:13:55 -05:00
remote-fs-accessor.cc Build a minimized Nix with MinGW 2024-04-17 12:26:10 -04:00
remote-fs-accessor.hh Merge FSAccessor into SourceAccessor 2023-11-01 17:09:28 +01:00
remote-store-connection.hh Factor our connection code for worker proto like serve proto 2024-05-27 00:43:46 -04:00
remote-store.cc Factor our connection code for worker proto like serve proto 2024-05-27 00:43:46 -04:00
remote-store.hh Avoid creating temporary store object for git over the wire 2024-02-27 11:27:34 -05:00
s3-binary-cache-store.cc Ensure all store types support "real" URIs 2024-05-21 11:56:40 -04:00
s3-binary-cache-store.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
s3-binary-cache-store.md Merge how-to section on S3 buckets into S3 store docs (#7972) 2023-10-23 13:22:33 -04:00
s3.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
schema.sql Build the local store on Windows 2024-05-10 13:05:23 -04:00
serve-protocol-connection.cc Factor our connection code for worker proto like serve proto 2024-05-27 00:43:46 -04:00
serve-protocol-connection.hh Factor our connection code for worker proto like serve proto 2024-05-27 00:43:46 -04:00
serve-protocol-impl.hh Factor our connection code for worker proto like serve proto 2024-05-27 00:43:46 -04:00
serve-protocol.cc Create ServeProto::BuildOptions and a serializer for it 2023-12-09 11:35:13 -05:00
serve-protocol.hh Factor our ServeProto::BasicServerConnection::handshake 2024-01-22 12:43:11 -05:00
sqlite.cc Make SQLite busy back-off logic portable 2024-04-04 12:43:33 -04:00
sqlite.hh Rename hintfmt to HintFmt 2024-02-08 11:58:25 -08:00
ssh-store-config.cc Create CommonSSHStoreConfig::createSSHMaster 2024-05-27 16:12:53 -04:00
ssh-store-config.hh Create CommonSSHStoreConfig::createSSHMaster 2024-05-27 16:12:53 -04:00
ssh-store.cc Create CommonSSHStoreConfig::createSSHMaster 2024-05-27 16:12:53 -04:00
ssh-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
ssh.cc Create CommonSSHStoreConfig::createSSHMaster 2024-05-27 16:12:53 -04:00
ssh.hh Create CommonSSHStoreConfig::createSSHMaster 2024-05-27 16:12:53 -04:00
store-api.cc Rename large-path-warning-threshold -> warn-large-path-threshold 2024-06-03 15:49:15 +02:00
store-api.hh Worker proto use proper serialiser for BuildMode 2024-05-27 00:22:55 -04:00
store-cast.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
store-dir-config.hh Use SourcePath in more places 2024-05-06 19:05:42 +02:00
store-reference.cc Add StoreReference::render 2024-05-22 09:20:15 -04:00
store-reference.hh Add StoreReference::render 2024-05-22 09:20:15 -04:00
uds-remote-store.cc Ensure all store types support "real" URIs 2024-05-21 11:56:40 -04:00
uds-remote-store.hh Ensure all store types support "real" URIs 2024-05-21 11:56:40 -04:00
uds-remote-store.md Enable the unix:// store on Windows 2024-04-18 16:58:32 -04:00
worker-protocol-connection.cc Factor our connection code for worker proto like serve proto 2024-05-27 00:43:46 -04:00
worker-protocol-connection.hh Factor our connection code for worker proto like serve proto 2024-05-27 00:43:46 -04:00
worker-protocol-impl.hh Restrict some code to StoreDirConfig 2023-11-04 19:05:36 -04:00
worker-protocol.cc Merge pull request #10782 from obsidiansystems/both-connections 2024-06-03 15:10:38 +02:00
worker-protocol.hh Merge pull request #10782 from obsidiansystems/both-connections 2024-06-03 15:10:38 +02:00