From: Tobias Geerinckx-Rice Date: Sun, 26 Aug 2018 17:24:42 +0200 Subject: [PATCH] snappy: Add O2 flag in CmakeLists.txt. Use ‘-O2’ optimisation when building with CMake, as is already done when using the Makefile. This patch was copied verbatim from the Snappy mailing list[0]. [0]: From 903c72fb29b2db07b4abc38a5feb83d88f739d80 Mon Sep 17 00:00:00 2001 From: huangwenjun Date: Fri, 10 Aug 2018 17:17:35 +0800 Subject: [PATCH] Add O2 optimize flag in CmakeLists.txt. --- CMakeLists.txt | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 62ecd09..29e0cdc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,6 +6,9 @@ set(CMAKE_CXX_STANDARD 11) set(CMAKE_CXX_STANDARD_REQUIRED ON) set(CMAKE_CXX_EXTENSIONS OFF) +SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2") +SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O2") + # BUILD_SHARED_LIBS is a standard CMake variable, but we declare it here to make # it prominent in the GUI. option(BUILD_SHARED_LIBS "Build shared libraries(DLLs)." OFF) -- 2.1.0 /a>logtreecommitdiff
path: root/gnu/tests/desktop.scm
e='2024-05-13 16:31:34 +0200'>2024-05-13 l'>...This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two ways: (1) it didn’t have any effet for fixed-output derivations performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156
AgeCommit message (Expand)Author
daemon: Loop over ‘copy_file_range’ upon short writes....Fixes <https://issues.guix.gnu.org/70877>. * nix/libutil/util.cc (copyFile): Loop over ‘copy_file_range’ instead of
2016-09-01Update 'TODO'....* TODO: Remove items about guix challenge & guix publish. Signed-off-by: Vincent Legoll <vincent.legoll@gmail.com> Signed-off-by: Ludovic Courtès <ludo@gnu.org> Vincent Legoll
Ludovic Courtès
2024-03-11daemon: Protect against FD escape when building fixed-output derivations (CVE......This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88 Ludovic Courtès
2022-12-18daemon: Make "opening file" error messages distinguishable....* nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. Ludovic Courtès