aboutsummaryrefslogtreecommitdiff
path: root/doc/guix-cookbook.texi
blob: 1cddaa7faff2674ae3e29a276952c5683d534910 (about) (plain)
blob size (102KB) exceeds display size limit (100KB).
ès <ludo@gnu.org> Eelco Dolstra 2015-06-03Merge branch 'nix'....* config-daemon.ac: Add check for sys/syscall.h, remove check tr1/unordered_set. The nix/ part is a squashed commit of the following: commit e531520ddcd54903bbea0f3ce08dfbed830f40aa Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Jun 2 02:21:54 2015 +0200 Don't let unprivileged users repair paths commit 715478fe09a73cec70f5c6f869cac482f004596f Author: Ludovic Courtès <ludo@gnu.org> Date: Mon Jun 1 23:20:11 2015 +0200 Add a ‘verifyStore’ RPC Hello! The patch below adds a ‘verifyStore’ RPC with the same signature as the current LocalStore::verifyStore method. Thanks, Ludo’. >From aef46c03ca77eb6344f4892672eb6d9d06432041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org> Date: Mon, 1 Jun 2015 23:17:10 +0200 Subject: [PATCH] Add a 'verifyStore' remote procedure call. commit 64a998ebcb6ebf8c11efa0a0332cce3d8f1c538e Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Apr 7 13:21:26 2015 +0200 Revert /nix/store permission back to 01775 This broke NixOS VM tests. Mostly reverts 27b7b94923d2f207781b438bb7a57669bddf7d2b, 5ce50cd99e740d0d0f18c30327ae687be9356553, afa433e58c3fe6029660a43fdc2073c9d15b4210. commit 44f1b1851ccf836411ca09f5ebc50fc08d92e7e8 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Apr 2 16:59:40 2015 +0200 Chroot builds: Provide world-readable /nix/store This was causing NixOS VM tests to fail mysteriously since 5ce50cd99e740d0d0f18c30327ae687be9356553. Nscd could (sometimes) no longer read /etc/hosts: open("/etc/hosts", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) Probably there was some wacky interaction between the guest kernel and the 9pfs implementation in QEMU. commit b6ecbd266f614288db3468f9f054abea694105b1 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Mar 25 17:06:12 2015 +0100 addToStore(): Take explicit name argument commit 1f595ba474d8112e73df1ef7578014e59ebfccd0 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Mar 24 11:35:53 2015 +0100 Tighten permissions on chroot directories commit ba5888bccd2c5dfd0de73b91c3a5c18fa8c4866e Author: Daniel Hahler <git@thequod.de> Date: Fri Mar 6 16:39:48 2015 +0100 Fix typos: s/the the/the/ commit 67af480244250409c8cf41e66a4995258b8ccc9b Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Feb 23 15:41:41 2015 +0100 Use chroots for all derivations If ‘build-use-chroot’ is set to ‘true’, fixed-output derivations are now also chrooted. However, unlike normal derivations, they don't get a private network namespace, so they can still access the network. Also, the use of the ‘__noChroot’ derivation attribute is no longer allowed. Setting ‘build-use-chroot’ to ‘relaxed’ gives the old behaviour. Note for Guix: unlike Nix commit 99897f6, we keep 'settings.useChroot'. commit 638f3675e140af1214b82ff162baadd3ef1bb6e6 Author: Harald van Dijk <harald@gigawatt.nl> Date: Fri Feb 13 16:05:49 2015 +0000 Use pivot_root in addition to chroot when possible chroot only changes the process root directory, not the mount namespace root directory, and it is well-known that any process with chroot capability can break out of a chroot "jail". By using pivot_root as well, and unmounting the original mount namespace root directory, breaking out becomes impossible. Non-root processes typically have no ability to use chroot() anyway, but they can gain that capability through the use of clone() or unshare(). For security reasons, these syscalls are limited in functionality when used inside a normal chroot environment. Using pivot_root() this way does allow those syscalls to be put to their full use. commit 8ab23f2924b70ac572ad0bcf950b4649361bfae2 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Feb 3 18:56:47 2015 +0100 Simplify parseHash32 commit 70c3d2f1767a724db1e66d137a1d6b4cdee00738 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Feb 3 18:35:11 2015 +0100 Simplify printHash32 commit 7a7a15877f8f391a8a8a74f7a6e919a07dc19237 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Jan 8 16:59:22 2015 +0100 Doh^2 commit 8c94a864d806647736410326d496a8d668109f5a Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Jan 8 16:49:31 2015 +0100 Doh commit 35605c4407a677752ed51a0f829cc0f42047b115 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Jan 8 16:39:07 2015 +0100 Set /nix/store permission to 1737 I.e., not readable to the nixbld group. This improves purity a bit for non-chroot builds, because it prevents a builder from enumerating store paths (i.e. it can only access paths it knows about). commit 0b9c4a8b80b199ce82ca5bd08ed24b8d5d5c71f5 Author: aszlig <aszlig@redmoonstudios.org> Date: Fri Jan 2 03:45:47 2015 +0100 libutil: Limit readLink() error to only overflows. Let's not just improve the error message itself, but also the behaviour to actually work around the ntfs-3g symlink bug. If the readlink() call returns a smaller size than the stat() call, this really isn't a problem even if the symlink target really has changed between the calls. So if stat() reports the size for the absolute path, it's most likely that the relative path is smaller and thus it should also work for file system bugs as mentioned in 93002d69fc58c2b71e2dfad202139230c630c53a. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com> commit 0fed5fde65e4a0cd600dc181e5b3c42d1147df51 Author: aszlig <aszlig@redmoonstudios.org> Date: Fri Jan 2 03:27:39 2015 +0100 libutil: Improve errmsg on readLink size mismatch. A message like "error: reading symbolic link `...' : Success" really is quite confusing, so let's not indicate "success" but rather point out the real issue. We could also limit the check of this to just check for non-negative values, but this would introduce a race condition between stat() and readlink() if the link target changes between those two calls, thus leading to a buffer overflow vulnerability. Reported by @Ericson2314 on IRC. Happened due to a possible ntfs-3g bug where a relative symlink returned the absolute path (st_)size in stat() while readlink() returned the relative size. Signed-off-by: aszlig <aszlig@redmoonstudios.org> Tested-by: John Ericson <Ericson2314@Yahoo.com> commit 7dfd3f5c8f1fd1e47a737fdb3be9255000862ddb Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Sun Dec 14 01:51:14 2014 +0100 Pedantry commit 45a145c8b2b60d8500ad9bbb7fed226c46af0d7e Author: Marko Durkovic <marko@miding.de> Date: Tue Dec 9 12:16:27 2014 +0100 Explicitly include required C headers commit 66d086cc26c55bf317184b08dd8e04c9736c9514 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Sat Dec 13 16:54:40 2014 +0100 Better error message commit b499d2efbfbe83c4683e2c778494541937c816f3 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Dec 12 17:14:28 2014 +0100 Silence some warnings on GCC 4.9 commit 159b7103a7331db16f5db93e146217659e546cd8 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Dec 12 15:10:02 2014 +0100 Shut up a Valgrind warning commit 7930b2cb76d3d2f9874f99502f10114c9a413b08 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Dec 12 15:01:16 2014 +0100 Fix some memory leaks commit 5c84e4950d8504e386fc1f454fb4653993a8fbea Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Dec 12 14:35:44 2014 +0100 Ensure we're writing to stderr in the builder http://hydra.nixos.org/build/17862041 commit ccade8c120c53d56863aeda27bcd2f1f484779cb Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Dec 12 14:01:14 2014 +0100 Get rid of unnecessary "interrupted by the user" message with -vvv commit 8d9a0be27880d690e8045d27ea2ff5edad967750 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Dec 12 12:39:50 2014 +0100 Remove tabs commit 1f8456ff13dadb96c8540df240505a2d01a22f6c Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Aug 21 15:31:43 2014 +0200 Use PR_SET_PDEATHSIG to ensure child cleanup commit 909f1260e269e354c86c833ffb4ca27c9fb135f4 Author: Ludovic Courtès <ludo@gnu.org> Date: Wed Jun 3 17:45:32 2015 +0200 Rename 'initChild' to 'runChild'. This is similar to commit b5ed5b6 in upstream Nix. commit 3bfa70b7963e12be346900e64ae45fa019850675 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Dec 10 13:53:04 2014 +0100 Don't wait for PID -1 The pid field can be -1 if forking the substituter process failed. commit 5241aec531e9c9a4b2dd5e5b6ee3f07ff049d9a5 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Nov 24 16:48:04 2014 +0100 Build derivations in a more predictable order Derivations are now built in order of derivation name, so a package named "aardvark" is built before "baboon". Fixes #399. commit 9f355738e106f4ca49bba7276e8d520a2fc2955d Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Nov 24 16:44:35 2014 +0100 Don't create unnecessary substitution goals for derivations commit 554eaf5e8c82ddd6a42e4301f6d3dd5419c04060 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Nov 19 18:02:39 2014 +0100 Disable vacuuming the DB after garbage collection Especially in WAL mode on a highly loaded machine, this is not a good idea because it results in a WAL file of approximately the same size ad the database, which apparently cannot be deleted while anybody is accessing it. commit 4eb62b5230c29e2f6ab17352439521083846c259 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Nov 19 17:09:27 2014 +0100 nix-daemon: Call exit(), not _exit() This was preventing destructors from running. In particular, it was preventing the deletion of the temproot file for each worker process. It may also have been responsible for the excessive WAL growth on Hydra (due to the SQLite database not being closed properly). Apparently broken by accident in 8e9140cfdef9dbd1eb61e4c75c91d452ab5e4a74. commit f160a30d5612506de41a8206a57eccee1cd85fb7 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Nov 19 17:07:29 2014 +0100 Clean up temp roots in a more C++ way commit a64744477d95e6932ae0fefc7cc358b56b8c397f Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Nov 17 01:00:39 2014 +0100 Fix message commit b73de6e49b64d01974649a1e67a77113b768c2b1 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Nov 14 14:16:20 2014 +0100 Don't use ADDR_LIMIT_3GB This gives 32-bit builds on x86_64-linux more memory. commit e0825bd36b43f3c1d408745a9c61f92fdaf7dace Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Nov 12 11:35:53 2014 +0100 Make ~DerivationGoal more reliable commit 86b9e6d4575e5c93f428b8563ae259f0f4014173 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Nov 4 10:41:29 2014 +0100 nix-store --gc: Don't warn about missing manifests directory commit 1129a982c4e77ff465fd6102627477900af2f7f4 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Oct 31 09:36:09 2014 +0100 Improve error message if the daemon worker fails to start commit bed17f40fce27e1a31f70957b1d0dd912b58700d Author: Shea Levy <shea@shealevy.com> Date: Mon Oct 20 12:15:50 2014 -0400 Fix build on gcc < 4.7 commit ee8601cac4b353e551b238f546a0e7e8fcdcd3be Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Oct 14 10:51:19 2014 +0200 Improved error message when encountering unsupported file types Fixes #269. commit c2b65dd197a1b2e14d517b0b5ff307b149538917 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Oct 3 22:37:51 2014 +0200 Remove some duplicate code commit c95742283595cb01b44ddc8e6ff5e9c1d66db444 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Oct 3 16:53:28 2014 +0200 createDirs(): Handle ‘path’ being a symlink In particular, this fixes "nix-build -o /tmp/result" on Mac OS X (where /tmp is a symlink). commit 6092a48603ea7888f8a1f69db87835bc339c973a Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Sep 25 18:45:43 2014 +0200 nix-daemon: Close unnecessary fd commit e74390a16f74233283572661f64ed4f03ae1650d Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Sep 19 15:07:22 2014 +0200 Remove bogus comment commit e63c8aaa0511d1d0a5487c45dec9f8cbd66b4cc6 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Sep 17 17:21:13 2014 +0200 On Linux, disable address space randomization commit 55939b1a4b34b904eedba90ac6c14efc6258f40d Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Sep 17 15:18:13 2014 +0200 Settings: Add bool get() commit 6621195e48f8e0cbbe6e19dbcde30bd8a7da0399 Author: Ludovic Courtès <ludo@gnu.org> Date: Mon Sep 1 22:21:42 2014 +0200 Add an 'optimiseStore' remote procedure call. commit 3bb89c3a31b9cf6e056f3659389e2d2e7afd17fa Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Thu Aug 28 18:57:13 2014 +0200 Add disallowedReferences / disallowedRequisites For the "stdenv accidentally referring to bootstrap-tools", it seems easier to specify the path that we don't want to depend on, e.g. disallowedRequisites = [ bootstrapTools ]; commit abd9d61e6201ddbde3305dd27c286e883e950bec Author: Gergely Risko <errge@nilcons.com> Date: Wed Aug 27 16:46:02 2014 +0200 Introduce allowedRequisites feature commit 8c766e48d5c4741b63a4f24dc91138f587c04a5a Author: Joel Taylor <me@joelt.io> Date: Thu Aug 21 14:06:49 2014 -0700 fix disappearing bash arguments commit d4e7c195fabf0f24c2ffbd4ca8f189489bbbf44d Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Aug 19 17:44:59 2014 +0200 Make hook shutdown more reliable commit ea837e470f70900481d00b0d1cd73e6855c4f70d Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Aug 18 11:35:50 2014 +0200 Doh commit 790271559cb8b36cd8fcdc533f41be88ec15ad08 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Sun Aug 17 19:11:50 2014 +0200 Reduce verbosity commit 3f6d4f63ec0d1d6cfc3233998b7dd9608b2f6ff3 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Sun Aug 17 19:09:03 2014 +0200 Propagate remote timeouts properly commit aa98ba506739b885b3ce0b392dade5e1e1bb07f7 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed Aug 13 17:44:41 2014 +0200 Use regular file GC roots if possible This makes hydra-eval-jobs create roots as regular files. See 1c208f2b7ef8ffb5e6d435d703dad83223a67bd6. commit 5fe5ff77800c2911c011f582d8dfa90c44d4a3a5 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Aug 5 16:41:42 2014 +0200 Remove unnecessary call to addTempRoot() commit 1820845c44c8cbe1121e78d5f16e7778532477f6 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Tue Aug 5 10:19:57 2014 +0200 Doh commit e9070bf4226b225a0b42798b20ea3947abf58a6f Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Aug 4 18:13:14 2014 +0200 Move some options out of globals commit 31909515634d74e4c3d92be6186c5c48244582ae Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Aug 4 18:02:29 2014 +0200 Refactor commit f530ee6f356f4299ca343dde7f4c0742300ffa08 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Aug 4 18:00:00 2014 +0200 Add option ‘build-extra-chroot-dirs’ This is useful for extending (rather than overriding) the default set of chroot paths. commit 75f746f018e34868b8057bed87c90d2cbe2c0b6c Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Mon Aug 4 17:27:45 2014 +0200 Get rid of "killing <pid>" message for unused build hooks commit 42c6246f674ca2d5ea166d1ae676b7087ea1b0d8 Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Aug 1 19:38:21 2014 +0200 Remove ugly hack for detecting build environment setup errors commit b732ffd28ddf50d3150e4f276a0e8488e38eaacb Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Aug 1 19:29:03 2014 +0200 Call commonChildInit() before doing chroot init This ensures that daemon clients see error messages from the chroot setup. commit c51374c128cbe1f06acd95ba2d627a118a95aabf Author: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Fri Aug 1 17:30:51 2014 +0200 Eliminate redundant copy commit 666c9b7108e460f0d3450015a3379bfeb3e3a497 Author: Eelco Dolstra