[Nix-dev] Nix 1.4 released
Hi, I'm pleased to announce the availability of a new stable release of the Nix package manager. Release 1.5 can be found at http://hydra.nixos.org/release/nix/nix-1.5 This is a brown paper bag release to fix a regression introduced by the hard link security fix in 1.4. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Nix 1.4 released
On 02/28/2013 01:08 PM, Eelco Dolstra wrote: I'm pleased to announce the availability of a new stable release of the Nix package manager. Release 1.5 can be found at http://hydra.nixos.org/release/nix/nix-1.5 This is a brown paper bag release to fix a regression introduced by the hard link security fix in 1.4. Nice. Personally I wouldn't bump the minor version number on bug fixes, but never mind. Vlada smime.p7s Description: S/MIME Cryptographic Signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Nix 1.4 released
Hi, On 26/02/13 21:25, Vladimír Čunát wrote: On 02/26/2013 02:46 PM, Eelco Dolstra wrote: * Language change: The expression ${./path} ... now evaluates to a string instead of a path. That means the such a file isn't copied into the store, and is included as a plain ./path string, etc. Right? It *is* copied, so an expression ${./file.sh} foo will evaluate to /nix/store/...-file.sh foo. Previously it would try to copy ./file.sh foo, which presumably doesn't exist. BTW, I believe the hardlink concept is one of worst original UNIX features. COW copy would make sense, but hardlinks are usually more trouble than worth. Well, the main problem is that you can make hard links to files you don't own. We should enable the kernel's hard link restrictions feature in NixOS... -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Nix 1.4 released
On 02/27/2013 12:00 PM, Eelco Dolstra wrote: On 26/02/13 21:25, Vladimír Čunát wrote: On 02/26/2013 02:46 PM, Eelco Dolstra wrote: * Language change: The expression ${./path} ... now evaluates to a string instead of a path. That means the such a file isn't copied into the store, and is included as a plain ./path string, etc. Right? It *is* copied, so an expression ${./file.sh} foo will evaluate to /nix/store/...-file.sh foo. Previously it would try to copy ./file.sh foo, which presumably doesn't exist. Ah :-) thanks for explaining. BTW, I believe the hardlink concept is one of worst original UNIX features. COW copy would make sense, but hardlinks are usually more trouble than worth. Well, the main problem is that you can make hard links to files you don't own. We should enable the kernel's hard link restrictions feature in NixOS... I certainly won't mind it. The option seems to be in-tree since around 3.6. Vlada smime.p7s Description: S/MIME Cryptographic Signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Nix 1.4 released
Hi, I'm pleased to announce the availability of a new stable release of the Nix package manager. Release 1.4 can be found at http://hydra.nixos.org/release/nix/nix-1.4 This release fixes a security bug in multi-user operation. It was possible for derivations to cause the mode of files outside of the Nix store to be changed to 444 (read-only but world-readable) by creating hard links to those files (see https://github.com/NixOS/nix/commit/5526a282b5b44e9296e61e07d7d2626a79141ac4 for details). There are also the following improvements: * New built-in function: builtins.hashString. * Build logs are now stored in /nix/var/log/nix/drvs/XX/, where XX is the first two characters of the derivation. This is useful on machines that keep a lot of build logs (such as Hydra servers). * The function corepkgs/fetchurl can now make the downloaded file executable. This will allow getting rid of all bootstrap binaries in the Nixpkgs source tree. * Language change: The expression ${./path} ... now evaluates to a string instead of a path. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Nix 1.4 released
On 02/26/2013 02:46 PM, Eelco Dolstra wrote: * Language change: The expression ${./path} ... now evaluates to a string instead of a path. That means the such a file isn't copied into the store, and is included as a plain ./path string, etc. Right? BTW, I believe the hardlink concept is one of worst original UNIX features. COW copy would make sense, but hardlinks are usually more trouble than worth. Vlada smime.p7s Description: S/MIME Cryptographic Signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev