Eelco Dolstra
84f1e01646
* Doh.
...
svn path=/nixos/trunk/; revision=7384
2006-12-18 15:52:43 +00:00
Eelco Dolstra
87e2456814
* Use getenv/useradd.
...
svn path=/nixos/trunk/; revision=7382
2006-12-18 15:48:29 +00:00
Eelco Dolstra
4ae268739d
* Use services.mingetty.ttys.
...
svn path=/nixos/trunk/; revision=7381
2006-12-18 15:41:18 +00:00
Eelco Dolstra
1852d493f4
* Fix the sshd and xserver jobs.
...
svn path=/nixos/trunk/; revision=7379
2006-12-18 15:16:20 +00:00
Eelco Dolstra
0e1082ffa9
* Needed for the release job.
...
svn path=/nixos/trunk/; revision=7362
2006-12-18 00:55:28 +00:00
Armijn Hemel
07c3eefe27
add instruction to add symlink to nixpkgs
...
svn path=/nixos/trunk/; revision=7361
2006-12-18 00:12:45 +00:00
Eelco Dolstra
c5ab0cec9f
* More installer fixes.
...
svn path=/nixos/trunk/; revision=7359
2006-12-17 00:10:28 +00:00
Eelco Dolstra
a0759a51e9
* Some installer fixes.
...
* Readme.
svn path=/nixos/trunk/; revision=7358
2006-12-16 23:50:10 +00:00
Eelco Dolstra
3e7f4280df
* activate-configuration.sh: make sure that we're running on a NixOS
...
installation to prevent horrible accidents.
* Add the kernel parameters to isolinux.cfg.
* Use useradd/groupadd to create users/groups; use Glibc's getent to
check for existence.
* Create the root account properly.
svn path=/nixos/trunk/; revision=7357
2006-12-16 21:48:12 +00:00
Eelco Dolstra
8f21b0119c
* Get the CD to build again.
...
svn path=/nixos/trunk/; revision=7356
2006-12-16 18:24:49 +00:00
Eelco Dolstra
57663aae6b
* Some basic udev rules: give the right permission to /dev/null etc.,
...
put input devices in /dev/input, and create a symlink /dev/cdrom for
CD-ROM devices.
svn path=/nixos/trunk/; revision=7335
2006-12-13 14:24:33 +00:00
Eelco Dolstra
f29c93830e
* "set" -> "env".
...
svn path=/nixos/trunk/; revision=7333
2006-12-13 13:09:20 +00:00
Eelco Dolstra
0eb46ca409
* Idem.
...
svn path=/nixos/trunk/; revision=7332
2006-12-13 12:21:37 +00:00
Eelco Dolstra
d663f88c65
* Use nix-env --set.
...
svn path=/nixos/trunk/; revision=7331
2006-12-13 12:21:06 +00:00
Eelco Dolstra
07627d8cdd
* Move starting of udevd (and udevtrigger/settle) into an Upstart
...
job.
svn path=/nixos/trunk/; revision=7330
2006-12-13 12:17:38 +00:00
Eelco Dolstra
4b5b0d2c66
* Purify the sshd configuration file (don't put it in /etc/ssh).
...
svn path=/nixos/trunk/; revision=7320
2006-12-12 15:32:28 +00:00
Eelco Dolstra
482a6625a9
* Use the configuration in /etc/nixos/configuration.nix by default.
...
svn path=/nixos/trunk/; revision=7319
2006-12-12 00:08:26 +00:00
Eelco Dolstra
2d0f190f20
* More refactoring: renamed boot-environment.nix to system.nix (since
...
it does a lot more than just booting), and merged
system-configuration.nix into system.nix.
svn path=/nixos/trunk/; revision=7318
2006-12-11 17:36:57 +00:00
Eelco Dolstra
74783a4510
* More refactoring; move some of the boot time options into the
...
options framework.
svn path=/nixos/trunk/; revision=7317
2006-12-11 16:10:23 +00:00
Eelco Dolstra
7573a88ca6
* More refactoring.
...
svn path=/nixos/trunk/; revision=7316
2006-12-11 15:47:30 +00:00
Eelco Dolstra
ce29e4efc7
* More refactoring.
...
svn path=/nixos/trunk/; revision=7314
2006-12-11 15:42:02 +00:00
Eelco Dolstra
16a9702c4a
* Move some stuff out of boot-environment.nix.
...
svn path=/nixos/trunk/; revision=7313
2006-12-11 15:32:10 +00:00
Eelco Dolstra
970924e487
* Forgotten to add.
...
svn path=/nixos/trunk/; revision=7312
2006-12-11 14:16:03 +00:00
Eelco Dolstra
1561e2421d
* Enable PAM in the SSH daemon.
...
svn path=/nixos/trunk/; revision=7311
2006-12-11 03:25:13 +00:00
Eelco Dolstra
efa9b1ba88
* Grmbl.
...
svn path=/nixos/trunk/; revision=7309
2006-12-11 03:03:42 +00:00
Eelco Dolstra
b80769d5ae
* Hm, "set" doesn't seem to do the right thing.
...
svn path=/nixos/trunk/; revision=7308
2006-12-11 02:55:28 +00:00
Eelco Dolstra
85fc6aedf2
* Cleanup.
...
svn path=/nixos/trunk/; revision=7307
2006-12-11 02:52:23 +00:00
Eelco Dolstra
f327b072cb
* Very basic PAM configuration. We now use Blowfish hashing for
...
/etc/shadow.
svn path=/nixos/trunk/; revision=7306
2006-12-11 02:44:26 +00:00
Eelco Dolstra
06256e22d8
* A script to test configurations, i.e., make them current without
...
making them the boot default. So if we screw up, we can just reset
to get back to normal.
svn path=/nixos/trunk/; revision=7303
2006-12-11 01:03:26 +00:00
Eelco Dolstra
578b56d3c6
* Make halt/reboot work again (umount and reboot were no longer in
...
$PATH).
* Use the login from pam_login instead of shadowutils.
svn path=/nixos/trunk/; revision=7302
2006-12-11 00:52:36 +00:00
Eelco Dolstra
c063ea2bfa
* Use runCommand.
...
svn path=/nixos/trunk/; revision=7300
2006-12-10 22:43:04 +00:00
Eelco Dolstra
acf656125c
* Lots of refactoring.
...
* Clear the PATH in most scripts. This helps to ensure purity.
svn path=/nixos/trunk/; revision=7299
2006-12-10 22:29:44 +00:00
Eelco Dolstra
4ac288e724
* Allow switching to a new configuration without rebooting. However,
...
we don't stop/start/restart Upstart jobs yet.
svn path=/nixos/trunk/; revision=7297
2006-12-10 00:04:58 +00:00
Eelco Dolstra
9986bda673
* Move the stuff in boot-stage-2-init.sh that doesn't have to happen
...
at boot time into a separate script. This will allow us to change
the configuration without rebooting (provided that the configuration
doesn't have a different kernel, init, etc.).
svn path=/nixos/trunk/; revision=7294
2006-12-09 19:25:23 +00:00
Eelco Dolstra
af8dc724d1
* Remove symlinks in /etc that are not in the current configuration.
...
svn path=/nixos/trunk/; revision=7293
2006-12-09 18:18:27 +00:00
Eelco Dolstra
2fe4badb9a
* Start the Nix daemon to enable multi-user package management in
...
NixOS.
svn path=/nixos/trunk/; revision=7291
2006-12-09 03:11:14 +00:00
Eelco Dolstra
f049c35a86
* More semi-purification of /etc.
...
svn path=/nixos/trunk/; revision=7290
2006-12-09 02:51:42 +00:00
Eelco Dolstra
f20d572814
* Multi-user Nix setup has changed.
...
svn path=/nixos/trunk/; revision=7285
2006-12-09 00:06:18 +00:00
Eelco Dolstra
bc3f4f8352
* Set up Nix so that builds are never performed as root, but rather
...
under nix-build-N.
svn path=/nixos/trunk/; revision=7172
2006-11-29 23:41:21 +00:00
Eelco Dolstra
ec764b7c08
* Helper script to check for and create accounts.
...
svn path=/nixos/trunk/; revision=7171
2006-11-29 23:10:22 +00:00
Eelco Dolstra
79464e0d9c
* Don't start X by default.
...
svn path=/nixos/trunk/; revision=7170
2006-11-29 22:34:59 +00:00
Eelco Dolstra
8532f2be8e
* Add the X server as an Upstart service. The X server is pure,
...
except for the fonts, which are still hardcoded. The current
configuration uses the VESA driver, which should work on most
machines. Of course, the configuration should now be generated from
a higher-level specification.
svn path=/nixos/trunk/; revision=7165
2006-11-28 22:27:56 +00:00
Eelco Dolstra
a66bae7b2f
* Strip.
...
svn path=/nixos/trunk/; revision=7164
2006-11-28 17:40:56 +00:00
Eelco Dolstra
39ac293b58
* Create setuid wrappers for a few programs (su and passwd). This is
...
still a bit ad hoc, but it works.
svn path=/nixos/trunk/; revision=7163
2006-11-28 17:34:27 +00:00
Eelco Dolstra
4b3525fa80
* Handle the case where nix-env is a symlink.
...
svn path=/nixos/trunk/; revision=7162
2006-11-28 16:59:47 +00:00
Eelco Dolstra
362f0f752b
* Don't put every package in the boot environment in $PATH but rather
...
create a symlink tree and put that in $PATH.
svn path=/nixos/trunk/; revision=7161
2006-11-28 16:47:14 +00:00
Eelco Dolstra
cb6c02f092
* Set NIX_CONF_DIR.
...
svn path=/nixos/trunk/; revision=7158
2006-11-28 15:06:08 +00:00
Eelco Dolstra
cba92bbdf1
* First step towards setuid/setgid support: a setuid/setgid wrapper
...
program.
The Nix store cannot directly support setuid binaries for a number
of reasons:
- Builds are generally not performed as root (and they shouldn't
be), so the builder cannot chown/chmod executables to the right
setuid ownership.
- Unpacking a NAR archive containing a setuid binary would only work
when Nix is run as root.
- Worst of all, setuid binaries don't fit in the purely functional
model: if a security bug is discovered in a setuid binary, that
binary should be removed from the system to prevent users from
calling it. But we cannot garbage collect it unless all
references to it are gone, which might never happen. Of course,
we could just remove setuid permission, but that would also be
impure.
So the solution is to keep setuid-ness out of the Nix store.
Rather, for programs that we want to execute as setuid, we generate
wrapper programs (as root) that are setuid and do an execve() to
call the real, non-setuid program in the Nix store.
That's what setuid-wrapper does. It determines its own name (e.g.,
/var/setuid-wrappers/passwd), reads the name of the wrapped program
from <self>.real (e.g., /var/setuid-wrappers/passwd.real, which
might contain /nix/var/nix/profiles/system/bin/passwd), and executes
it. Thus, the non-setuid passwd in the Nix store would be executed
with the effective user set to root.
Setuid-wrapper also performs a few security checks to prevent it
from reading a fake <self>.real file through hard-linking tricks.
svn path=/nixos/trunk/; revision=7157
2006-11-28 13:36:27 +00:00
Eelco Dolstra
5c89e891df
* Refactoring.
...
svn path=/nixos/trunk/; revision=7156
2006-11-28 10:45:21 +00:00
Eelco Dolstra
a9234b5c07
* Moving stuff around.
...
svn path=/nixu/trunk/; revision=7155
2006-11-27 19:49:05 +00:00