Wout Mertens
ef00999fb7
Remove information about nix-store --optimise
2016-04-10 21:55:26 +02:00
wmertens
4916d92092
Always verify nix store on install
...
Just wasted a couple hours chasing shadows because the nix store got
corrupted and there was no indication of that anywhere.
Since an install is one-time only, might as well verify. Optimization
showed that the copied files aren't read-only; fixed that as well.
Also, use /bin/sh since there's a good chance that this script will be
run on systems without /bin/bash
2016-04-10 21:55:26 +02:00
Eelco Dolstra
8cffec8485
Remove failed build caching
...
This feature was implemented for Hydra, but Hydra no longer uses it.
2016-04-08 18:19:04 +02:00
Eelco Dolstra
f398949b40
Make LocalStore thread-safe
...
Necessary for multi-threaded commands like "nix verify-paths".
2016-04-08 18:07:13 +02:00
Eelco Dolstra
05fbc606fc
nix verify-paths: Add ‘--sigs-needed <N>’ flag
...
This specifies the number of distinct signatures required to consider
each path "trusted".
Also renamed ‘--no-sigs’ to ‘--no-trust’ for the flag that disables
verifying whether a path is trusted (since a path can also be trusted
if it has no signatures, but was built locally).
2016-04-07 15:16:57 +02:00
Eelco Dolstra
6b2ae52808
Use secret-key-files for verifying
2016-04-07 15:16:57 +02:00
Eelco Dolstra
e39999ed48
Sign locally-built paths
...
Locally-built paths are now signed automatically using the secret keys
specified by the ‘secret-key-files’ option.
2016-04-07 15:16:57 +02:00
Eelco Dolstra
dc82160164
Fix "tar: This does not look like a tar archive" with fetchTarball / -I http://
...
The 304 Not Modified was not handled correctly, so the empty result
from the conditional request would overwrite the previous tarball.
2016-04-06 16:57:20 +02:00
Eelco Dolstra
b654381eb3
Add "nix sign-paths" command
...
E.g.
$ nix sign-paths -k ./secret -r $(type -p geeqie)
signs geeqie and all its dependencies using the key in ./secret.
2016-04-05 16:39:29 +02:00
Eelco Dolstra
d0f5719c2a
Add "nix copy-sigs" command
...
This imports signatures from one store into another. E.g.
$ nix copy-sigs -r /run/current-system -s https://cache.nixos.org/
imported 595 signatures
2016-04-05 16:39:23 +02:00
Eelco Dolstra
80da7a6375
Probably fix SQLITE_BUSY errors
2016-04-05 15:29:56 +02:00
Eelco Dolstra
37a337bcec
throwSQLiteError(): Check for SIGINT so we don't loop forever
2016-04-04 15:08:08 +02:00
Eelco Dolstra
6e120b76ee
Add missing -pthread
...
https://hydra.nixos.org/build/33908385
2016-03-31 12:42:48 +02:00
Eelco Dolstra
9cee600c88
LocalStore: Keep track of ultimately trusted paths
...
These are content-addressed paths or outputs of locally performed
builds. They are trusted even if they don't have signatures, so "nix
verify-paths" won't complain about them.
2016-03-30 17:35:48 +02:00
Eelco Dolstra
b86555aa2b
Fix nix-copy-closure test on 16.03
2016-03-30 17:20:53 +02:00
Eelco Dolstra
3d119f0a3b
Improve the SQLite wrapper API
...
In particular, this eliminates a bunch of boilerplate code.
2016-03-30 15:50:45 +02:00
Eelco Dolstra
d9c5e3bbf0
Factour out SQLite handling
2016-03-30 13:27:25 +02:00
Eelco Dolstra
2ae43ced9a
Turn retrying SQLite transactions into a higher-order function
2016-03-30 12:04:27 +02:00
Eelco Dolstra
39a6abc0bc
nix verify: Support checking against signatures in other stores
...
Typical usage is to check local paths using the signatures from a
binary cache:
$ nix verify-paths -r /run/current-system -s https://cache.nixos.org
path ‘/nix/store/c1k4zqfb74wba5sn4yflb044gvap0x6k-nixos-system-mandark-16.03.git.fc2d7a5M’ is untrusted
...
checked 844 paths, 119 untrusted
2016-03-30 11:39:34 +02:00
Eelco Dolstra
88541569a2
HttpBinaryCacheStore: Treat 403 errors as 404
2016-03-30 11:17:51 +02:00
Eelco Dolstra
de88004a9d
CurlDownloader: Fix HTTP error processing
2016-03-30 11:17:35 +02:00
Eelco Dolstra
ab3ce1cc13
Improve SIGINT handling in multi-threaded programs
...
The flag remembering whether an Interrupted exception was thrown is
now thread-local. Thus, all threads will (eventually) throw
Interrupted. Previously, one thread would throw Interrupted, and then
the other threads wouldn't see that they were supposed to quit.
2016-03-29 16:37:16 +02:00
Eelco Dolstra
4f34c40398
Add "nix verify-store" command
...
Like "nix-store --verify --check-contents", but with the same
advantages as "nix verify-paths".
2016-03-29 16:37:16 +02:00
Eelco Dolstra
784ee35c80
Add "nix verify-paths" command
...
Unlike "nix-store --verify-path", this command verifies signatures in
addition to store path contents, is multi-threaded (especially useful
when verifying binary caches), and has a progress indicator.
Example use:
$ nix verify-paths --store https://cache.nixos.org -r $(type -p thunderbird)
...
[17/132 checked] checking ‘/nix/store/rawakphadqrqxr6zri2rmnxh03gqkrl3-autogen-5.18.6’
2016-03-29 16:37:16 +02:00
Eelco Dolstra
0ebe69dc67
Re-enable sync_with_stdio
...
Otherwise writing to std::cerr is not thread-safe (in particular,
lines will be randomly duplicated).
2016-03-29 16:37:16 +02:00
Eelco Dolstra
0f754280a4
Merge pull request #864 from copumpkin/remove-hack
...
Kill the temporary darwin-specific channel
2016-03-29 11:35:07 +02:00
Dan Peebles
c89783b6a7
Kill the temporary darwin-specific channel
...
The issues have been resolved upstream in the main nixpkgs channel now
2016-03-28 20:06:46 -04:00
Eelco Dolstra
3b81b26457
Use shorter daemon socket path in tests
...
Otherwise we hit the 104 character limit.
http://hydra.nixos.org/build/33562028
2016-03-24 14:45:55 +01:00
Eelco Dolstra
374198ad6d
Move signature support from NarInfo to ValidPathInfo
2016-03-24 11:41:00 +01:00
Eelco Dolstra
11525377e1
Typos
2016-03-24 11:27:58 +01:00
Eelco Dolstra
8b7839b608
HttpBinaryCacheStore: Make thread-safe
2016-03-24 11:10:05 +01:00
Eelco Dolstra
c7d44bad00
Drop support for daemon socket path >= 108 characters
...
Doing a chdir() is a bad idea in multi-threaded programs, leading to
failures such as
error: cannot connect to daemon at ‘/nix/var/nix/daemon-socket/socket’: No such file or directory
Since Linux doesn't have a connectat() syscall like FreeBSD, there is
no way we can support this in a race-free way.
2016-03-23 17:16:16 +01:00
Eelco Dolstra
056b3ecfa4
LocalStoreAccessor::stat: Handle ENOTDIR
...
Closes https://github.com/NixOS/hydra/pull/286 .
2016-03-23 11:17:46 +01:00
Eelco Dolstra
525c78a2c3
Remove references to old-school signing
2016-03-22 15:39:59 +01:00
Eelco Dolstra
bb1034316d
Don't overload dumpPath()
2016-03-22 14:21:45 +01:00
Eelco Dolstra
712b616a84
Move signatures from NarInfo to ValidPathInfo
...
This allows queryPathInfo() to return signatures.
2016-03-21 18:05:47 +01:00
Eelco Dolstra
cebc150b7c
nix: Add --store flag
...
This is a bit user-friendlier than using $NIX_REMOTE.
2016-03-21 18:03:36 +01:00
Eelco Dolstra
1c5f73f529
Add Store::dumpPath() method
...
This allows applying nix-store --verify-path to binary cache stores:
NIX_REMOTE=https://cache.nixos.org nix-store --verify-path /nix/store/s5c7...
2016-03-21 17:55:57 +01:00
Eelco Dolstra
87295b9844
Drop support for upgrading from Nix <= 0.12
2016-03-21 15:09:03 +01:00
Eelco Dolstra
141a65de09
Merge pull request #852 from domenkozar/docker/1.11.2
...
Dockerfile: 1.9 -> 1.11.2, add more users
2016-03-17 13:37:18 +01:00
Domen Kožar
c588f79e4d
Dockerfile: 1.9 -> 1.11.2, add more users
2016-03-16 21:26:09 +00:00
Eelco Dolstra
69f28eb335
Fix RPM build
...
http://hydra.nixos.org/build/33280008
2016-03-15 12:15:19 +01:00
Eelco Dolstra
02654f782f
Fix Darwin build
...
http://hydra.nixos.org/build/33279996
2016-03-15 12:11:27 +01:00
Eelco Dolstra
00a75b1cd2
Fix another mismatched tag
...
http://hydra.nixos.org/build/33279570
2016-03-14 15:32:34 +01:00
Eelco Dolstra
dc4a71aae5
Fix build on clang due to -Wmismatched-tags
...
http://hydra.nixos.org/build/33073389
2016-03-14 12:37:30 +01:00
Eelco Dolstra
e69c48dc43
Fix bad DocBook
...
http://hydra.nixos.org/build/33087405
2016-03-14 12:34:11 +01:00
Eelco Dolstra
e7c76f7274
BinaryCacheStore::isValidPath(): Use .narinfo cache
...
If a path is in the .narinfo cache, obviously it's valid.
2016-03-14 12:33:06 +01:00
Eelco Dolstra
674c5ff64f
Merge pull request #834 from abbradar/master
...
Propagate path context via builtins.readFile
2016-03-10 20:17:03 +01:00
Eelco Dolstra
1b18991082
Merge pull request #822 from cstrahan/nix-store-serve
...
add docs for `nix-store --serve`
2016-03-10 15:30:54 +01:00
Eelco Dolstra
b4e0335d4d
Add option binary-cache-secret-key-file for signing binary caches
2016-03-04 17:45:22 +01:00