Commit Graph

15524 Commits

Author SHA1 Message Date
Emily
f59307a565 libstore: clean up the build directory properly
After the fix for CVE-2024-38531, this was only removing the nested
build directory, rather than the top‐level temporary directory.

Fixes: 1d3696f0fb
(cherry picked from commit 76e4adfaac)
(cherry picked from commit 0d68b40dda)
2024-07-05 15:59:22 +00:00
Robert Hensing
ead814bfa3
Merge pull request #11025 from NixOS/backport-11022-to-2.19-maintenance
[Backport 2.19-maintenance] Use proper struct sockpeercred for SO_PEERCRED for OpenBSD
2024-07-03 19:59:00 +02:00
kn
d8c86ee2c4 Use proper struct sockpeercred for SO_PEERCRED for OpenBSD
getsockopt(2) documents this;  ucred is wrong ("cr_" member prefix, no pid).

(cherry picked from commit 10ccdb7a41)
2024-07-03 15:57:03 +00:00
John Ericson
7b2b4d03bb Ident some CPP in nix daemon
Makes it easier for me to read.

(cherry picked from commit a09360400b)
2024-07-03 15:57:03 +00:00
Eelco Dolstra
3db5e32b39 Bump version 2024-06-27 11:14:04 +02:00
tomberek
aab22e30b1
Merge pull request from GHSA-q82p-44mg-mgh5
Fix sandbox escape 2.19
2024-06-26 18:49:22 -04:00
Eelco Dolstra
4a3c799531 Fix --no-sandbox
When sandboxing is disabled, we cannot put $TMPDIR underneath an
inaccessible directory.

(cherry picked from commit 86ca2d6d94c0581fda0c666c5e022784952f3542)
(cherry picked from commit 8f58b98770)
2024-06-21 16:40:06 +02:00
Eelco Dolstra
a7af2e9d20 Formatting
(cherry picked from commit 3af22860759509d5040ff70618247031d96a095c)
2024-06-21 16:40:03 +02:00
Eelco Dolstra
8b11eb672a Put the chroot inside a directory that isn't group/world-accessible
Previously, the .chroot directory had permission 750 or 755 (depending
on the uid-range system feature) and was owned by root/nixbld. This
makes it possible for any nixbld user (if uid-range is disabled) or
any user (if uid-range is enabled) to inspect the contents of the
chroot of an active build and maybe interfere with it (e.g. via /tmp
in the chroot, which has 1777 permission).

To prevent this, the root is now a subdirectory of .chroot, which has
permission 700 and is owned by root/root.

(cherry picked from commit af280e72fa0e62e1c2eaccfb992c0dbb6f27f895)
2024-06-21 16:40:03 +02:00
John Ericson
0cd7527998
Merge pull request #10849 from NixOS/backport-10549-to-2.19-maintenance
[Backport 2.19-maintenance] Fix exportReferencesGraph when given store subpath
2024-06-04 06:47:05 -04:00
Alyssa Ross
4628cb89eb Fix exportReferencesGraph when given store subpath
With Nix 2.3, it was possible to pass a subpath of a store path to
exportReferencesGraph:

	with import <nixpkgs> {};

	let
	  hello = writeShellScriptBin "hello" ''
	    echo ${toString builtins.currentTime}
	  '';
	in

	writeClosure [ "${hello}/bin/hello" ]

This regressed with Nix 2.4, with a very confusing error message, that
presumably indicates it was unintentional:

	error: path '/nix/store/3gl7kgjr4pwf03f0x70dgx9ln3bhl7zc-hello/bin/hello' is not in the Nix store

(cherry picked from commit 0774e8ba33)
2024-06-04 10:26:17 +00:00
Robert Hensing
7e8ea6a843
Merge pull request #10843 from NixOS/backport-9897-to-2.19-maintenance
[Backport 2.19-maintenance] libutil/url: fix git+file:./ parse error
2024-06-04 11:04:04 +02:00
Bryan Lai
c45b2b06d0 libutil/url: fix git+file:./ parse error
Previously, the "file:./" prefix was not correctly recognized in
fixGitURL; instead, it was mistaken as a file path, which resulted in a
parsed url of the form "file://file:./".

This commit fixes the issue by properly detecting the "file:" prefix.
Note, however, that unlike "file://", the "file:./" URI is _not_
standardized, but has been widely used to referred to relative file
paths. In particular, the "git+file:./" did work for nix<=2.18, and was
broken since nix 2.19.0.

Finally, this commit fixes the issue completely for the 2.19 series, but
is still inadequate for the 2.20 series due to new behaviors from the
switch to libgit2. However, it does improve the correctness of parsing
even though it is not yet a complete solution.

(cherry picked from commit 8594f3cd5a)
2024-06-04 08:27:08 +00:00
github-actions[bot]
8c6ea4ee60
remove link to relocated manual page (#10704)
fix old anchor redirects to point to the correct location

(cherry picked from commit 45697ba502)

Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-05-15 22:39:34 +02:00
Théophane Hufschmitt
6976a8e670 Add a release note for the build-dir hardening 2024-04-22 15:38:04 +02:00
Théophane Hufschmitt
e919c0bf8f Run the builds in a daemon-controled directory
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.

This achieves two things:

1. It prevents builders from making their build directory world-readable
   (or even writeable), which would allow the outside world to interact
   with them.
2. It prevents external processes running as the build user (either
   because that somehow leaked, maybe as a consequence of 1., or because
   `build-users` isn't in use) from gaining access to the build
   directory.
2024-04-22 15:38:04 +02:00
Théophane Hufschmitt
21cd71d250 Add a test for the user sandboxing 2024-04-22 15:38:04 +02:00
Théophane Hufschmitt
7986891980
Merge pull request #10469 from NixOS/backport-10456-to-2.19-maintenance
[Backport 2.19-maintenance] Fix adding symlink to the sandbox paths
2024-04-11 15:27:21 +02:00
Théophane Hufschmitt
34611986f9 Fix permission denied when building symlink derivation which points to a symlink out of the store
Bind-mounting symlinks is apparently not possible, which is why the
thing was failing.

Fortunately, symlinks are small, so we can fallback to copy them at no cost.

Fix https://github.com/NixOS/nix/issues/9579

Co-authored-by: Artturin <Artturin@artturin.com>
(cherry picked from commit 913db9f738)
2024-04-11 12:08:19 +00:00
Théophane Hufschmitt
661e63a734 Add a test for depending on a symlink store path
Regression test for https://github.com/NixOS/nix/issues/9579

(cherry picked from commit 872d93eb13)
2024-04-11 12:08:18 +00:00
Eelco Dolstra
940586366e
Merge pull request #10460 from NixOS/backport-10413-to-2.19-maintenance
[Backport 2.19-maintenance] path-info: print correct path when using `nix path-info --store file://... --all --json`
2024-04-10 22:25:09 +02:00
Maximilian Bosch
df30b26066 path-info: print correct path when using nix path-info --store file://... --all --json
When querying all paths in a binary cache store, the path's representation
is `<hash>-x` (where `x` is the value of `MissingName`) because the .narinfo
filenames only contain the hash.

Before cc46ea1630 this worked correctly,
because the entire path info was read and the path from this
representation was printed, i.e. in the form `<hash>-<name>`. Since then
however, the direct result from `queryAllValidPaths()` was used as `path`.

Added a regression test to make sure the behavior remains correct.

(cherry picked from commit c80cd6bb06)
2024-04-10 17:37:34 +00:00
Valentin Gagarin
f79eb2c31f
show Nix logo in the manual (#10446)
the location of files is hard-coded by mdBook.
there is also seems to be no way to define custom templates, therefore
all styling has to be done in the CSS override.

Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2024-04-09 09:50:52 +00:00
Théophane Hufschmitt
82f44d8633
Merge pull request #10354 from NixOS/backport-10259-to-2.19-maintenance
[Backport 2.19-maintenance] doc: builtins.addDrvOutputDependencies: fix link target
2024-03-29 12:22:01 +01:00
Yueh-Shun Li
5d79af46dd builtins.addDrvOutputDependencies: fix commentary
(cherry picked from commit d2b512959c)
2024-03-29 10:56:43 +00:00
Yueh-Shun Li
a612b90505 doc: builtins.addDrvOutputDependencies: fix link target
(cherry picked from commit 39b0b8452f)
2024-03-29 10:56:43 +00:00
Eelco Dolstra
dd0ba589f4
Merge pull request #10169 from johnrichardrinehart/jrinehart/2_19-faster-flake-lock-parsing
[Backport 2.19-maintenance] Faster flake lock parsing
2024-03-07 17:31:05 +01:00
Eelco Dolstra
a2e3a07da4 Bump version 2024-03-07 15:43:55 +01:00
Eelco Dolstra
7794354a98 Fix sandbox escape patch 2024-03-07 13:16:15 +01:00
Eelco Dolstra
9179bc5a6e
Merge pull request from GHSA-2ffj-w4mj-pg37
Sandbox escape 2.19
2024-03-07 11:56:24 +01:00
Graham Dennis
89cadf5d64 Faster flake.lock parsing
This PR reduces the creation of short-lived basic_json objects while
parsing flake.lock files. For large flake.lock files (~1.5MB) I was
observing ~60s being spent for trivial nix build operations while
after this change it is now taking ~1.6s.

(cherry picked from commit 7fd0de38c6)
2024-03-06 17:56:26 -08:00
Théophane Hufschmitt
6566d3c565
Merge pull request #10159 from johnrichardrinehart/2.19-maintenance
feat: show status bar with 'store copy-sigs'
2024-03-06 07:20:23 +01:00
Théophane Hufschmitt
e77d3b805e
Don't print too loudly if a substituter is missing a path when copying signatures 2024-03-06 06:56:31 +01:00
Théophane Hufschmitt
9b40a46abe
Explicitly instantiate the progress-bar counter in copy-sigs 2024-03-06 06:56:03 +01:00
John Rinehart
5d534dc30f feat: show status bar with 'store copy-sigs' 2024-03-05 18:21:43 -08:00
Théophane Hufschmitt
157524874d
Merge pull request #10137 from fricklerhandwerk/fix-help-stores
fix `nix help-stores` for 2.19
2024-03-05 07:32:30 +01:00
Valentin Gagarin
c2122d0ebc add tests for showing help 2024-03-04 21:06:51 +01:00
Théophane Hufschmitt
f3c9656afd
Merge pull request #10141 from NixOS/backport-10073-to-2.19-maintenance
[Backport 2.19-maintenance] Accept multiple inputs in `nix flake update`
2024-03-04 10:31:16 +01:00
Olmo Kramer
bcdea81c96 Add test for nix flake update with multiple inputs
(cherry picked from commit b1ad729add)
2024-03-04 08:53:58 +00:00
Olmo Kramer
44ef603335 Accept multiple inputs in nix flake update
(cherry picked from commit 9f11b1b0c4)
2024-03-04 08:53:58 +00:00
Valentin Gagarin
ac5f147afc fix nix help-stores
the crash when calling `nix help-stores` was probably introduced an
artifact from a prior untangling of merge conflicts.
that said, `nix help-stores` should eventually cease to exist in favor
of dedicated `--help` outputs and `man` pages for the various store
types.
2024-03-03 22:38:00 +01:00
Théophane Hufschmitt
90f9a350fb Add release notes 2024-03-01 09:43:42 +01:00
Théophane Hufschmitt
e744fe293b Fix a typo in a test comment
Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io>
2024-03-01 09:43:42 +01:00
Théophane Hufschmitt
68b6f897e4 Copy the output of fixed-output derivations before registering them
It is possible to exfiltrate a file descriptor out of the build sandbox
of FODs, and use it to modify the store path after it has been
registered.
To avoid that issue, don't register the output of the build, but a copy
of it (that will be free of any leaked file descriptor).
2024-03-01 09:43:42 +01:00
Théophane Hufschmitt
ca05f6d203 Add a NixOS test for the sandbox escape
Test that we can't leverage abstract unix domain sockets to leak file
descriptors out of the sandbox and modify the path after it has been
registered.
2024-03-01 09:43:42 +01:00
github-actions[bot]
d829c21ef3
fix location of _redirects file (#9957) 2024-02-07 11:43:55 +01:00
John Ericson
2c4bb93ba5
Merge pull request #9851 from NixOS/backport-9848-to-2.19-maintenance
[Backport 2.19-maintenance] Make `StoreConfig::getDefaultSystemFeatures` a static method
2024-01-25 13:45:40 -05:00
John Ericson
5c1fa89f78 Make StoreConfig::getDefaultSystemFeatures a static method
This makes something in Hydra bit simpler. If someday the default
depends on the other config options, we can always change it back.

(cherry picked from commit a9e10a1dbd)
2024-01-25 16:58:00 +00:00
Eelco Dolstra
03e96b9dc0 Bump version 2024-01-19 13:07:31 +01:00
Eelco Dolstra
91e60868bd Use BackedStringView
(cherry picked from commit 1fe8f54bd3)
2024-01-19 10:14:17 +01:00