nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-11-10 04:26:01 +01:00
Code Activity
Nix, the purely functional package manager
14549 commits 177 branches 218 tags 164 MiB
Find a file
Théophane Hufschmitt e5a211d77e Add an owner check when searching for the flake root 
When searching up the filesystem for the root of the flake (the
directory that contains the `flake.nix`), don’t go anywhere up if we
encounter a directory owned by a different user, as otherwise this other
user could craft an arbitrary flake, potentially causing bad stuff to
happen (shouldn’t in most cases since all it could do is run sanboxed
builds, but there’s probably a lot of edge-cases that would make this
very undesirable).

This is to fix Nix’s equivalent of CVE-2022-24765

This check is intentionnally not applied to the exact directory
specified since:
1. It’s up to the user to not point to an untrusted input
2. In multi-user Nix installations, that would prevent from using a
   flake in the Nix store (since it’s owned by root and not the current
   user)

Fix #6408
2023-06-19 15:01:12 +02:00
.github ci: bump install-nix-action, don't fail fast 2023-06-17 15:05:10 +02:00
config Run autoupdate 2021-06-01 11:42:38 +02:00
contrib function-trace: always show the trace 2019-09-18 23:23:21 +02:00
doc Add an owner check when searching for the flake root 2023-06-19 15:01:12 +02:00
m4 autoconf: Fix C++17 detection not working on Ubuntu 16.04. 2019-07-03 04:32:25 +02:00
maintainers maintainers: add note on marking PRs as draft 2023-06-19 10:55:34 +02:00
misc Add a setting for configuring the SSL certificates file 2023-03-17 18:32:18 +01:00
mk Dedup some markdown -> C++ big literal stuff in build system 2023-05-15 10:38:11 -04:00
perl Merge pull request #3746 from obsidiansystems/path-info 2023-04-17 15:49:48 +02:00
scripts Merge pull request #8512 from scarf005/install-show-uid 2023-06-15 13:49:44 +02:00
src Add an owner check when searching for the flake root 2023-06-19 15:01:12 +02:00
tests Merge pull request #8477 from edolstra/tarball-flake-redirects 2023-06-16 18:03:50 +02:00
.dir-locals.el .dir-locals.el: Set c-block-comment-prefix 2020-07-10 11:21:06 +02:00
.editorconfig Add .editorconfig 2017-06-05 22:57:28 +01:00
.gitignore Fix build hook error for libstore library users 2023-06-15 14:32:00 +02:00
.version Bump version 2023-05-31 17:09:38 +02:00
boehmgc-coroutine-sp-fallback.diff Always disable GC in a coroutine unless the patch is applied 2023-04-07 14:54:38 +02:00
bootstrap.sh bootstrap: Simplify & make more robust. 2011-09-06 12:11:05 +00:00
configure.ac Merge pull request #7732 from hercules-ci/make-initLibStore-viable-alternative 2023-04-17 08:04:41 -04:00
CONTRIBUTING.md CONTRIBUTING.md: add link to "good first issues" 2023-06-19 10:39:19 +02:00
COPYING * Change this to LGPL to keep the government happy. 2006-04-25 16:41:06 +00:00
default.nix add flake-compat to flake.nix and use sha256 in default.nix 2023-03-06 21:11:24 +01:00
docker.nix fix "add an option to include flake-registry..." 2023-05-16 14:35:31 +02:00
flake.lock add flake-compat to flake.nix and use sha256 in default.nix 2023-03-06 21:11:24 +01:00
flake.nix Allow tarball URLs to redirect to a lockable immutable URL 2023-06-13 14:17:45 +02:00
local.mk Enable -Werror=switch-enum 2023-04-03 18:45:20 +02:00
Makefile Fix build hook error for libstore library users 2023-06-15 14:32:00 +02:00
Makefile.config.in Generate API docs with Doxygen 2023-03-10 12:51:06 -05:00
precompiled-headers.h Config: Use nlohmann/json 2020-08-20 11:02:16 +02:00
README.md Improve hacking.md 2023-02-13 12:00:00 +04:00
shell.nix Remove url literals 2022-01-24 13:28:21 +01:00

README.md

Nix

Open Collective supporters Test

Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible. Please refer to the Nix manual for more details.

Installation

On Linux and macOS the easiest way to install Nix is to run the following shell command (as a user other than root):

$ curl -L https://nixos.org/nix/install | sh

Information on additional installation methods is available on the Nix download page.

Building And Developing

See our Hacking guide in our manual for instruction on how to to set up a development environment and build Nix from source.

Additional Resources

License

Nix is released under the LGPL v2.1.