;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu packages cppi) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix build-system gnu) #:use-module (guix licenses)) (define-public cppi (package (name "cppi") (version "1.18") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/cppi/cppi-" version ".tar.xz")) (sha256 (base32 "1jk42cjaggk71rimjnx3qpmb6hivps0917vl3z7wbxk3i2whb98j")))) (build-system gnu-build-system) (home-page "https://www.gnu.org/software/cppi/") (synopsis "Indent C preprocessor directives to reflect nesting and more") (description "GNU Cppi processes C source code files to properly indent the preprocessor directives to reflect their nesting. It also performs other standardizations, such as correcting the number of spaces between directives and the text following them.") (license gpl3+))) e='qt'>
path: root/etc/init.d/guix-daemon.in
fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88
AgeCommit message (Expand)Author
2024-06-26etc: Add explicit ‘--substitute-urls’ in guix-daemon service files....Having substitute URLs explicitly listed in the service startup file makes it clearer what should be modified to permanently change the list of substitute URLs. * config-daemon.ac: Rename ‘guix_substitute_urls’ to ‘GUIX_SUBSTITUTE_URLS’ and substitute it. * nix/local.mk (etc/guix-%.service, etc/init.d/guix-daemon) (etc/guix-%.conf): Substitute it. * etc/guix-daemon.conf.in, etc/guix-daemon.service.in, etc/init.d/guix-daemon.in: Add an explicit ‘--substitute-urls’ option. Change-Id: Ie491b7fab5c42e54dca582801c03805a85de2bf9 Ludovic Courtès
2021-07-07guix-install.sh: Prompt for configuring substitutes discovery....Also ensure prompt_yes_no always print the message with a trailing space, which is more pleasing to the eye. * etc/guix-daemon.conf.in <--discover=no>: New guix-daemon option. * etc/guix-daemon.service.in: Likewise. * etc/init.d/guix-daemon.in: Likewise. * etc/openrc/guix-daemon.in: Likewise. * etc/guix-install.sh (configure_substitute_discovery): New procedure. (sys_enable_guix_daemon): Ask the user whether automatic substitute discovery should be enabled. Set the '--discover' argument accordingly. (prompt_yes_no): Add a trailing space to the message. (sys_authorize_build_farms): Remove trailing space from the message argument. * NEWS (Distribution): Add news. Maxim Cournoyer
Ludovic Courtès
2023-01-09daemon: Improve error message for wrong hash sizes....* nix/libutil/hash.cc (parseHash): Show the hash algorithm name and expected size in the error message. * tests/derivations.scm ("fixed-output derivation, invalid hash size"): New test. Ludovic Courtès
2022-12-18daemon: Make "opening file" error messages distinguishable....* nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. Ludovic Courtès