Nix, the purely functional package manager
Go to file
Théophane Hufschmitt 1d3696f0fb Run the builds in a daemon-controled directory
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.

This achieves two things:

1. It prevents builders from making their build directory world-readable
   (or even writeable), which would allow the outside world to interact
   with them.
2. It prevents external processes running as the build user (either
   because that somehow leaked, maybe as a consequence of 1., or because
   `build-users` isn't in use) from gaining access to the build
   directory.
2024-06-21 17:06:19 +02:00
.github document how to test github ci fully in your own fork 2024-06-06 12:55:45 +02:00
config Remove and gitignore the autoreconf generated files 2024-03-02 10:18:47 +01:00
contrib function-trace: always show the trace 2019-09-18 23:23:21 +02:00
dep-patches libexpr: Use GC_set_sp_corrector instead of patch 2024-06-03 16:37:39 +02:00
doc/manual Port C API docs to Meson (#10936) 2024-06-19 22:43:54 +02:00
m4 Build a minimized Nix with MinGW 2024-04-17 12:26:10 -04:00
maintainers Port C API docs to Meson (#10936) 2024-06-19 22:43:54 +02:00
misc Use Nixpkgs changelog-d 2024-06-03 18:47:53 +02:00
mk Fix precompiled headers building with clang 2024-06-12 10:51:43 -04:00
scripts fix: copy in install-multi-user.sh (#10902) 2024-06-13 21:13:21 +00:00
src Run the builds in a daemon-controled directory 2024-06-21 17:06:19 +02:00
tests Run the builds in a daemon-controled directory 2024-06-21 17:06:19 +02:00
.clang-format .clang-format: Remove duplicated key 2024-06-03 18:38:56 +02:00
.clang-tidy Add .clang-tidy 2024-02-01 01:01:39 +01:00
.dir-locals.el .dir-locals.el: Set c-block-comment-prefix 2020-07-10 11:21:06 +02:00
.editorconfig .editorconfig: Also affect Perl FFI xs file 2023-11-09 23:11:52 -05:00
.gitignore Build nix-util with Meson 2024-06-12 18:31:02 -04:00
.shellcheckrc housekeeping: shellcheck for tests/functional/ca/build-cache.sh 2024-06-12 17:41:16 -04:00
.version Bump version 2024-06-12 14:57:40 +02:00
CITATION.cff chore: PhD thesis as reference in CITATION.cff 2024-05-18 20:05:22 +02:00
configure.ac Port C API docs to Meson (#10936) 2024-06-19 22:43:54 +02:00
CONTRIBUTING.md add a recommendation for first-time contributors (#10605) 2024-04-25 13:34:15 +02:00
COPYING * Change this to LGPL to keep the government happy. 2006-04-25 16:41:06 +00:00
default.nix add flake-compat to flake.nix and use sha256 in default.nix 2023-03-06 21:11:24 +01:00
docker.nix fix "add an option to include flake-registry..." 2023-05-16 14:35:31 +02:00
flake.lock Update nixpkgs 2024-06-03 18:47:53 +02:00
flake.nix Port C API docs to Meson (#10936) 2024-06-19 22:43:54 +02:00
local.mk local.mk: Solve warnings 2024-04-17 15:37:14 +02:00
Makefile Port C API docs to Meson (#10936) 2024-06-19 22:43:54 +02:00
Makefile.config.in Port C API docs to Meson (#10936) 2024-06-19 22:43:54 +02:00
meson.build Port C API docs to Meson (#10936) 2024-06-19 22:43:54 +02:00
package.nix Port C API docs to Meson (#10936) 2024-06-19 22:43:54 +02:00
precompiled-headers.h Build a minimized Nix with MinGW 2024-04-17 12:26:10 -04:00
README.md add more context on the README (#9871) 2024-06-11 15:52:33 +00:00
shell.nix Remove url literals 2022-01-24 13:28:21 +01:00

Nix

Open Collective supporters Test

Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible. Please refer to the Nix manual for more details.

Installation and first steps

Visit nix.dev for installation instructions and beginner tutorials.

Full reference documentation can be found in the Nix manual.

Building and developing

See our Hacking guide in our manual for instruction on how to set up a development environment and build Nix from source.

Contributing

Check the contributing guide if you want to get involved with developing Nix.

Additional resources

Nix was created by Eelco Dolstra and developed as the subject of his PhD thesis The Purely Functional Software Deployment Model, published 2006. Today, a world-wide developer community contributes to Nix and the ecosystem that has grown around it.

License

Nix is released under the LGPL v2.1.