Commit graph

251 commits

Author SHA1 Message Date
Shea Levy
418a837897 Remove perl dependency.
Fixes #341
2017-02-07 15:56:32 -05:00
Eelco Dolstra
3a4bd320c2
Revert "Merge branch 'seccomp' of https://github.com/aszlig/nix"
This reverts commit 9f3f2e21ed, reversing
changes made to 47f587700d.
2016-12-19 11:52:57 +01:00
Eelco Dolstra
9f3f2e21ed
Merge branch 'seccomp' of https://github.com/aszlig/nix 2016-12-15 12:04:45 +01:00
Eelco Dolstra
8df1a3b579
Drop unused dblatex reference 2016-12-08 13:41:51 +01:00
Eelco Dolstra
d1da6967b8
Drop unused WWW::Curl dependency 2016-12-06 17:17:29 +01:00
aszlig
1c52e344c4
Add build dependency for libseccomp
We're going to use libseccomp instead of creating the raw BPF program,
because we have different syscall numbers on different architectures.

Although our initial seccomp rules will be quite small it really doesn't
make sense to generate the raw BPF program because we need to duplicate
it and/or make branches on every single architecture we want to suuport.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-11-16 16:48:26 +01:00
Adrien Devresse
7ef053c632 Add a new option to disable documentation generation at configure time 2016-09-20 14:34:43 +00:00
Jude Taylor
5b01f5cbb2 remove otool check 2016-08-13 15:30:35 -07:00
Eelco Dolstra
202683a4fc Use O_CLOEXEC in most places 2016-06-09 16:37:08 +02:00
Domen Kožar
f53b3ef693 fix tarball job 2016-05-30 15:31:32 +01:00
Eelco Dolstra
75d2492f20 Make the aws-cpp-sdk dependency optional 2016-05-04 17:16:48 +02:00
Eelco Dolstra
16d9c872e4 Remove obsolete err.h check 2016-05-04 16:21:28 +02:00
Eelco Dolstra
f435f82475 Remove OpenSSL-based signing 2016-05-04 11:01:48 +02:00
Nathan Zadoks
c6beaf5708 Handle ARM triples without an endianness suffix
Alpine seems to use this, and it results in a wrong
builtins.currentSystem. Big-endian ARM systems have triples starting
with armv6eb- or armv7eb-, so this doesn't change any systems that
already worked.
2016-03-11 21:53:06 +01:00
Nathan Zadoks
62d81aadba configure.ac: strip -musl in the same way as -gnu 2016-03-03 14:11:00 +01:00
Eelco Dolstra
ef7c2d8b3e Revert "Do not override environment CFLAGS and CXXFLAGS"
This reverts commit 80ebd60e7c. The
reason why we cleared CFLAGS/CXXFLAGS was because otherwise we get a
default value of -O2, which interferes with the defaults set in the
Makefile. (E.g. "make OPTIMIZE=0" should not pass -O2.)
2016-01-12 13:51:38 +01:00
Ilya Novoselov
80ebd60e7c Do not override environment CFLAGS and CXXFLAGS
Looks like 5a05cf4063 removed usage of
environment CFLAGS and CXXFLAGS by mistake. That change broke building
of nix on fedora core 23.
2016-01-05 14:06:51 +01:00
Eelco Dolstra
6298afc047 Merge pull request #685 from vizanto/master
POSIX compliant directory access (fixes build on Solaris)
2016-01-05 13:49:55 +01:00
Eelco Dolstra
8f67325a7c Build sandbox support etc. unconditionally on Linux
Also, use "#if __APPLE__" instead of "#if SANDBOX_ENABLED" to prevent
ambiguity.
2015-12-10 11:47:17 +01:00
Danny Wilson
cdb346c65e Fix build on Solaris
d_type is not part of the POSIX spec unfortunately.
2015-11-07 04:51:33 +01:00
Eelco Dolstra
a6ca68a70c Require OpenSSL 2015-11-04 16:37:49 +01:00
Eelco Dolstra
1f735a3440 <nix/fetchurl.nix>: Support xz-compressed NARs 2015-10-30 12:34:30 +01:00
Jude Taylor
ff6953cb03 Add resolve-system-dependencies.pl 2015-10-21 12:38:52 -07:00
Eelco Dolstra
be1ff23352 Add dependency on libcurl-dev
http://hydra.nixos.org/eval/1179370
2015-03-27 12:27:36 +01:00
Harald van Dijk
5451b8db9d Use pivot_root in addition to chroot when possible
chroot only changes the process root directory, not the mount namespace root
directory, and it is well-known that any process with chroot capability can
break out of a chroot "jail". By using pivot_root as well, and unmounting the
original mount namespace root directory, breaking out becomes impossible.

Non-root processes typically have no ability to use chroot() anyway, but they
can gain that capability through the use of clone() or unshare(). For security
reasons, these syscalls are limited in functionality when used inside a normal
chroot environment. Using pivot_root() this way does allow those syscalls to be
put to their full use.
2015-02-16 12:18:19 +01:00
Eelco Dolstra
1c972cba14 Make libsodium an optional dependency 2015-02-10 11:54:06 +01:00
Eelco Dolstra
e0def5bc4b Use libsodium instead of OpenSSL for binary cache signing
Sodium's Ed25519 signatures are much shorter than OpenSSL's RSA
signatures. Public keys are also much shorter, so they're now
specified directly in the nix.conf option ‘binary-cache-public-keys’.

The new command ‘nix-store --generate-binary-cache-key’ generates and
prints a public and secret key.
2015-02-04 17:10:31 +01:00
Eelco Dolstra
d4c8ee7059 Rely on XML catalogs to find the DocBook schemas and stylesheets 2014-11-25 15:54:26 +01:00
Eelco Dolstra
68cf98c4d2 configure: Force regeneration of Makefile.config 2014-09-22 13:00:58 +02:00
Eelco Dolstra
d64b8e9e53 Remove unused w3m dependency 2014-09-17 17:42:00 +02:00
Eelco Dolstra
d98bfcbf81 On Linux, disable address space randomization 2014-09-17 17:21:13 +02:00
Eelco Dolstra
5a05cf4063 Add Make flag to disable optimization 2014-09-17 17:07:05 +02:00
Eelco Dolstra
7911e4c27a Remove maybeVfork 2014-07-10 13:35:44 +02:00
Eelco Dolstra
54a34119f3 Use std::unordered_set 2014-05-26 17:53:17 +02:00
Eelco Dolstra
ac8c2ef1aa Build/install manual 2014-02-01 11:30:21 +01:00
Eelco Dolstra
a26307b281 Fix build 2014-01-21 17:39:19 +01:00
Eelco Dolstra
cf918b889b Handle systems where "echo -n" doesn't work 2014-01-09 17:33:55 +01:00
Eelco Dolstra
8f08046606 Expand configure variables before writing config.status
This way, we can use config.status for generating scripts/* (without
ending up with lines like "#! /usr/bin/perl -I${libexecdir}/...").
2013-11-25 15:52:14 +00:00
Eelco Dolstra
cac06ed0a4 Remove obsolete setting of $CC_FOR_BUILD 2013-11-25 11:26:51 +00:00
Eelco Dolstra
0c504a756c Don't install Libtool 2013-11-25 11:25:27 +00:00
Eelco Dolstra
2cc591c7b5 Don't instantiate Automake makefiles 2013-11-25 11:05:51 +00:00
Eelco Dolstra
6b5f89f2cf Drop the dependency on Automake 2013-11-22 19:30:24 +00:00
Eelco Dolstra
b8e9efc476 New non-recursive, plain Make-based build system 2013-11-22 15:54:18 +01:00
Eelco Dolstra
a478e8a7bb Remove nix-setuid-helper
AFAIK, nobody uses it, it's not maintained, and it has no tests.
2013-11-14 11:57:37 +01:00
Eelco Dolstra
297b762513 Turn on -Wall 2013-08-19 11:41:15 +02:00
Eelco Dolstra
a583a2bc59 Run the daemon worker on the same CPU as the client
On a system with multiple CPUs, running Nix operations through the
daemon is significantly slower than "direct" mode:

$ NIX_REMOTE= nix-instantiate '<nixos>' -A system
real    0m0.974s
user    0m0.875s
sys     0m0.088s

$ NIX_REMOTE=daemon nix-instantiate '<nixos>' -A system
real    0m2.118s
user    0m1.463s
sys     0m0.218s

The main reason seems to be that the client and the worker get moved
to a different CPU after every call to the worker.  This patch adds a
hack to lock them to the same CPU.  With this, the overhead of going
through the daemon is very small:

$ NIX_REMOTE=daemon nix-instantiate '<nixos>' -A system
real    0m1.074s
user    0m0.809s
sys     0m0.098s
2013-08-07 14:02:04 +02:00
Eelco Dolstra
263d668222 Set the default GCC optimisation level to -O3 2013-08-06 14:21:46 +02:00
Gergely Risko
25a00cae5b Add gzip support for channel unpacking 2013-07-12 11:29:37 +02:00
Shea Levy
2c9cf50746 makeStoreWritable: Use statvfs instead of /proc/self/mountinfo to find out if /nix/store is a read-only bind mount
/nix/store could be a read-only bind mount even if it is / in its own filesystem, so checking the 4th field in mountinfo is insufficient.

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-03-25 19:00:16 +01:00
Eelco Dolstra
0a4e90395c Urgggh
http://hydra.nixos.org/build/3661100
2013-01-02 23:52:15 +01:00