On 12/12/2012 02:30 AM, Mathijs Kwik wrote: > On Wed, Dec 12, 2012 at 3:38 AM, Shea Levy <[email protected]> wrote: >> On 12/11/2012 09:28 PM, Florian Friesdorf wrote: >> >> Hi Eelco, >> >> great work! >> >> Eelco Dolstra <[email protected]> writes: >> >> * Nix no longer sets the immutable bit on files in the Nix store. Instead, >> the recommended way to guard the Nix store against accidental >> modification >> on Linux is to make it a read-only bind mount, like this: >> >> $ mount --bind /nix/store /nix/store >> $ mount -o remount,ro,bind /nix/store >> >> Nix will automatically make /nix/store writable as needed (using a >> private >> mount namespace) to allow modifications. >> >> Where would be the correct place to put these commands? >> >> >> The NixOS option nix.readOnlyStore in the systemd branch adds a command to >> the stage-2 init (the "real" init after the initrd finishes its setup). This >> is done very early in stage-2 >> (https://github.com/NixOS/nixos/blob/859badc9663240f7d3c4279d9e657134f8395f17/modules/system/boot/stage-2-init.sh#L48). >> So that's probably a good guide for non-nixos systems. > Ah, I was looking for this, didn't know it was in the systemd branch only. > > Is there a reason for the "if ! mountpoint -q /nix/store; then" line? > I have my nix store on a separate partition, so this won't work for me. >
I'm not completely clear about that... Nor about the /nix/rw-store, which seems to be created and then not touched (and indeed is empty on my system). >> >> * Basic Nix expression evaluation profiling: setting the environment >> variable >> NIX_COUNT_CALLS to 1 will cause Nix to print how many times each primop >> or >> function was executed. >> >> * New primops: concatLists, elem, elemAt and filter. >> >> The elem library function evaluates all list elements instead of >> returning "true" after finding a matching element. How does the builtin >> elem function behave? >> >> >> The builtin function breaks out of the comparison loop after a match is >> found (https://github.com/NixOS/nix/blob/1.2/src/libexpr/primops.cc#L980). >> >> regards >> florian >> >> >> >> _______________________________________________ >> nix-dev mailing list >> [email protected] >> http://lists.science.uu.nl/mailman/listinfo/nix-dev >> >> >> >> _______________________________________________ >> nix-dev mailing list >> [email protected] >> http://lists.science.uu.nl/mailman/listinfo/nix-dev >> _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
