aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/apl.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/apl.scm')
0 files changed, 0 insertions, 0 deletions
generated by cgit
23c7'>daemon: Make 'profiles/per-user' non-world-writable.Ludovic Courtès Fixes <https://bugs.gnu.org/37744>. Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>. Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d by Eelco Dolstra <edolstra@gmail.com>. * nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir' to #o755 instead of #o1777. (LocalStore::createUser): New function. * nix/libstore/local-store.hh (LocalStore): Add it. * nix/libstore/store-api.hh (StoreAPI): Add it. * nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add condition to handle "user-name" property and honor it. (processConnection): Add 'userId' parameter. Call 'store->createUser' when userId is not -1. * guix/profiles.scm (ensure-profile-directory): Note that this is now handled by the daemon. * guix/store.scm (current-user-name): New procedure. (set-build-options): Add #:user-name parameter and pass it to the daemon. * tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when listening on a TCP socket. * tests/store.scm ("profiles/per-user exists and is not writable") ("profiles/per-user/$USER exists"): New tests. 2019-10-16daemon: Remove traces of 'NIX_ROOT_FINDER'.Ludovic Courtès This is a followup to 2e3e5d21988fc2cafb2a9eaf4b00976ea425629d. * build-aux/test-env.in: Remove mentions of 'NIX_ROOT_FINDER'. * nix/libstore/gc.cc (LocalStore::collectGarbage): Adjust comment accordingly. 2019-09-28daemon: Strictly respect timeouts for 'guix offload'.Ludovic Courtès Until now it was up to 'guix offload' to honor timeouts. Unfortunately it would sometimes fail to do that, for example due to the libssh bug at <https://bugs.libssh.org/T33>. With this change, 'guix offload' is automatically killed by the daemon when one of the timeouts expires. Thus, data transfers performed by 'guix offload' now count as part of the timeouts, rather than just actual build time. * nix/libstore/build.cc (DerivationGoal::tryBuildHook): Pass true as the 'respectTimeouts' argument to 'childStarted'.