wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-06-25 06:31:14 +02:00
Code Activity
No description
14947 commits 244 branches 205 tags 158 MiB
Find a file
Maximilian Bosch a75c34a2c9
Require at least libseccomp 2.5.5 
Closes #10585

As it turns out, libseccomp maintains an internal syscall table and
validates each rule against it. This means that when using libseccomp
2.5.4 or older, one may pass `452` as syscall number against it, but
since it doesn't exist in the internal structure, `libseccomp` will refuse
to create a filter for that. This happens with nixpkgs-23.11, i.e. on
stable NixOS and when building Nix against the project's flake.

To work around that

* a backport of libseccomp 2.5.5 on upstream nixpkgs has been
  scheduled[1].

* the package now uses libseccomp 2.5.5 on its own already. This is to
  provide a quick fix since the correct fix for 23.11 is still a staging cycle
  away.

It must not be possible to build a Nix with an incompatible libseccomp
version (nothing can be built in a sandbox on Linux!), so configure.ac
rejects libseccomp if `__SNR_fchmodat2` is not defined.

We still need the compat header though since `SCMP_SYS(fchmodat2)`
internally transforms this into `__SNR_fchmodat2` which points to
`__NR_fchmodat2` from glibc 2.39, so it wouldn't build on glibc 2.38.
The updated syscall table from libseccomp 2.5.5 is NOT used for that
step, but used later, so we need both, our compat header and their
syscall table 🤷

[1] https://github.com/NixOS/nixpkgs/pull/306070

(cherry picked from commit 73918b0ae4)
2024-04-24 23:41:46 +02:00
.github Put functional tests in tests/functional 2023-12-01 12:06:43 -05:00
config Run autoupdate 2021-06-01 11:42:38 +02:00
contrib function-trace: always show the trace 2019-09-18 23:23:21 +02:00
doc show Nix logo in the manual (#10445) 2024-04-09 09:37:44 +00:00
m4 autoconf: Fix C++17 detection not working on Ubuntu 16.04. 2019-07-03 04:32:25 +02:00
maintainers maintainers: add note on marking PRs as draft 2023-06-19 10:55:34 +02:00
misc Choose a reasonable number similar to LimitNOFile 2023-07-07 07:52:16 -07:00
mk Put functional tests in tests/functional 2023-12-01 12:06:43 -05:00
perl Allow dynamic derivation deps in inputDrvs 2023-09-07 10:39:37 -04:00
scripts Merge pull request #8512 from scarf005/install-show-uid 2023-06-15 13:49:44 +02:00
src libstore/local-derivation-goal: prohibit creating setuid/setgid binaries 2024-04-24 23:28:23 +02:00
tests Disallow store path names that are . or .. (plus opt. -) 2024-03-26 13:47:41 +01:00
.dir-locals.el .dir-locals.el: Set c-block-comment-prefix 2020-07-10 11:21:06 +02:00
.editorconfig Add .editorconfig 2017-06-05 22:57:28 +01:00
.gitignore Move tests to separate directories, and document 2023-12-01 13:05:03 -05:00
.version Bump version 2024-03-07 15:03:40 +01:00
boehmgc-coroutine-sp-fallback.diff Always disable GC in a coroutine unless the patch is applied 2023-04-07 14:54:38 +02:00
bootstrap.sh bootstrap: Simplify & make more robust. 2011-09-06 12:11:05 +00:00
configure.ac Require at least libseccomp 2.5.5 2024-04-24 23:41:46 +02:00
CONTRIBUTING.md Put functional tests in tests/functional 2023-12-01 12:06:43 -05:00
COPYING * Change this to LGPL to keep the government happy. 2006-04-25 16:41:06 +00:00
default.nix add flake-compat to flake.nix and use sha256 in default.nix 2023-03-06 21:11:24 +01:00
docker.nix fix "add an option to include flake-registry..." 2023-05-16 14:35:31 +02:00
flake.lock flake.lock: Update 2023-12-01 11:08:15 -05:00
flake.nix Require at least libseccomp 2.5.5 2024-04-24 23:41:46 +02:00
local.mk Enable -Werror=switch-enum 2023-04-03 18:45:20 +02:00
Makefile Move tests to separate directories, and document 2023-12-01 13:05:03 -05:00
Makefile.config.in Generate API docs with Doxygen 2023-03-10 12:51:06 -05:00
precompiled-headers.h Config: Use nlohmann/json 2020-08-20 11:02:16 +02:00
README.md Improve hacking.md 2023-02-13 12:00:00 +04:00
shell.nix Remove url literals 2022-01-24 13:28:21 +01:00

README.md

Nix

Open Collective supporters Test

Nix is a powerful package manager for Linux and other Unix systems that makes package management reliable and reproducible. Please refer to the Nix manual for more details.

Installation

On Linux and macOS the easiest way to install Nix is to run the following shell command (as a user other than root):

$ curl -L https://nixos.org/nix/install | sh

Information on additional installation methods is available on the Nix download page.

Building And Developing

See our Hacking guide in our manual for instruction on how to to set up a development environment and build Nix from source.

Additional Resources

License

Nix is released under the LGPL v2.1.