Commit graph

37 commits

Author SHA1 Message Date
Ludovic Courtès
5229399617 setuid-wrapper: Disallow empty `.real' files.
svn path=/nixos/trunk/; revision=11122
2008-03-14 13:10:30 +00:00
Eelco Dolstra
1b89e8a55b * Write a partial ordering of modules to $out/insmod-list (for when we
don't have modprobe in the initrd).

svn path=/nixos/trunk/; revision=11079
2008-03-12 12:16:32 +00:00
Michael Raskin
b615a392a2 Some updates to Live DVD building
svn path=/nixos/trunk/; revision=11044
2008-03-10 20:19:33 +00:00
Michael Raskin
e4215fe020 Updates to LiveDVD
svn path=/nixos/trunk/; revision=10884
2008-02-28 11:42:53 +00:00
Ludovic Courtès
bfbe92236a Remove remaining `abort ()'.
svn path=/nixos/trunk/; revision=10680
2008-02-14 11:44:54 +00:00
Ludovic Courtès
bdc729ea6c Use assert (!C)' instead of if (C) abort ();' in setuid wrappers.
svn path=/nixos/trunk/; revision=10679
2008-02-14 11:08:06 +00:00
Eelco Dolstra
a05d842575 * Close fdSelf.
svn path=/nixos/trunk/; revision=10678
2008-02-14 10:56:14 +00:00
Eelco Dolstra
65c1f9882c * Less verbosity.
svn path=/nixos/trunk/; revision=10506
2008-02-05 14:33:21 +00:00
Eelco Dolstra
9fd5d70968 * The CD is now a true live CD: you can run Nix operations in it
thanks to unionfs.  For instance, nix-env and nixos-rebuild work.
  The tricky part was to build a Nix database (in the tmpfs/unionfs)
  which is now necessary to prevent store paths on the CD from being
  deleted right away because they otherwise wouldn't be valid.
  
* nixos-install: use the /etc/nixos/configuration.nix from the target
  file system (don't copy it anymore).  Since the user is supposed to
  mount the target file system on /mnt anyway, we may as well require
  that configuration.nix is placed in /mnt/etc/nixos.  This also makes
  upgrading / reinstalling much easier, since it will automatically
  use the right configuration.nix.

svn path=/nixos/trunk/; revision=10399
2008-01-30 01:28:56 +00:00
Eelco Dolstra
49e8829053 * Use unionfs to provide a real Live CD, i.e., the files on the CD
appear writable (though all writes go to a tmpfs).  This allows you
  to run Nix operations on the Live CD.  However, we're not quite
  there yet since the CD doesn't have a valid Nix database.  So for
  instance a garbage collect will cause everything to be deleted,
  hanging the system.

svn path=/nixos/trunk/; revision=10276
2008-01-24 16:56:09 +00:00
Michael Raskin
ec727d660a Corrections to make-iso9660-image.sh for bigger path lists.
svn path=/nixos/trunk/; revision=10156
2008-01-15 15:39:34 +00:00
Michael Raskin
4475a74fb8 LiveDVD with X and sources made.
svn path=/nixos/trunk/; revision=10119
2008-01-11 16:59:39 +00:00
Eelco Dolstra
f499a74998 * Use cdrkit instead of cdrtools.
svn path=/nixos/trunk/; revision=10073
2008-01-04 15:17:54 +00:00
Eelco Dolstra
6ef8fe2a31 * Use unpackFile so that gzipped themes also work.
svn path=/nixos/trunk/; revision=10061
2008-01-03 16:03:11 +00:00
Michael Raskin
05d23c076b I hope it is the final LiveDVD
svn path=/nixos/trunk/; revision=9988
2007-12-31 14:15:34 +00:00
Eelco Dolstra
4b1ed0ded2 * Don't complain about groups with no gid.
svn path=/nixos/trunk/; revision=9757
2007-11-19 16:56:40 +00:00
Eelco Dolstra
b880647870 * Options users.extraUsers and users.extraGroups to specify additional
users and groups that the system should create automatically.

svn path=/nixos/trunk/; revision=9705
2007-11-16 13:26:34 +00:00
Eelco Dolstra
2fc94b76fe * Eliminate all calls to config.get.
svn path=/nixos/trunk/; revision=9619
2007-11-09 18:49:45 +00:00
Eelco Dolstra
2a4417d637 * make-etc / activate-configuration: allow /etc files to be installed
as regular files instead of symlinks to the store.
* Sudo configuration, enabled through security.sudo.enable (on by
  default).  The contents of the sudoers file is specified in
  security.sudo.configFile.  The default sudoers file allows members
  of the new "wheel" group to run any command.

svn path=/nixos/trunk/; revision=9138
2007-08-16 15:09:06 +00:00
Eelco Dolstra
29c5178bdf * Declarative specification of user accounts. Jobs can now specify a
list of user accounts that the job needs to run.  For instance, the
  SSH daemon job says:

    { name = "sshd";
      uid = (import ../system/ids.nix).uids.sshd;
      description = "SSH privilege separation user";
      home = "/var/empty";
    }

  The activation script creates the system users/groups and updates
  them as well.  So a change in the Nix expression can be realised in
  /etc/{group,passwd} by running nixos-rebuild.

svn path=/nixos/trunk/; revision=8846
2007-06-08 15:41:12 +00:00
Eelco Dolstra
6c529fac77 * Very naughty of me not to use -boot-info-table. Now I know better.
svn path=/nixos/trunk/; revision=7875
2007-02-07 15:23:19 +00:00
Eelco Dolstra
241b28d101 * Register everything in the Nix store on the installation CD as a
substitute to speed up installation.

svn path=/nixos/trunk/; revision=7783
2007-01-23 17:17:10 +00:00
Eelco Dolstra
c56d3a8ce4 * Actually put the manifest on the CD.
svn path=/nixos/trunk/; revision=7780
2007-01-23 16:48:27 +00:00
Eelco Dolstra
995b749f70 * Put a nix-pull manifest of the Nix store on the CD.
svn path=/nixos/trunk/; revision=7777
2007-01-23 15:08:00 +00:00
Eelco Dolstra
d197a0f2cc * Use the Perl version of paths-from-graphs everywhere.
svn path=/nixos/trunk/; revision=7774
2007-01-23 14:37:42 +00:00
Eelco Dolstra
903a64c87d * Some things are best done in Perl.
svn path=/nixos/trunk/; revision=7773
2007-01-23 14:34:44 +00:00
Eelco Dolstra
668c146e33 * Doh! Make sure that we put *only* splash_helper in the initrd and
not all of splashutils, otherwise we get Glibc in the initrd.

svn path=/nixos/trunk/; revision=7771
2007-01-23 13:44:41 +00:00
Eelco Dolstra
8d09b9066c * Purity: don't access /etc/modules.conf.
svn path=/nixos/trunk/; revision=7467
2006-12-22 23:51:18 +00:00
Eelco Dolstra
87e2456814 * Use getenv/useradd.
svn path=/nixos/trunk/; revision=7382
2006-12-18 15:48:29 +00:00
Eelco Dolstra
3e7f4280df * activate-configuration.sh: make sure that we're running on a NixOS
installation to prevent horrible accidents.
* Add the kernel parameters to isolinux.cfg.
* Use useradd/groupadd to create users/groups; use Glibc's getent to
  check for existence.
* Create the root account properly.

svn path=/nixos/trunk/; revision=7357
2006-12-16 21:48:12 +00:00
Eelco Dolstra
f049c35a86 * More semi-purification of /etc.
svn path=/nixos/trunk/; revision=7290
2006-12-09 02:51:42 +00:00
Eelco Dolstra
ec764b7c08 * Helper script to check for and create accounts.
svn path=/nixos/trunk/; revision=7171
2006-11-29 23:10:22 +00:00
Eelco Dolstra
a66bae7b2f * Strip.
svn path=/nixos/trunk/; revision=7164
2006-11-28 17:40:56 +00:00
Eelco Dolstra
39ac293b58 * Create setuid wrappers for a few programs (su and passwd). This is
still a bit ad hoc, but it works.

svn path=/nixos/trunk/; revision=7163
2006-11-28 17:34:27 +00:00
Eelco Dolstra
cba92bbdf1 * First step towards setuid/setgid support: a setuid/setgid wrapper
program.

  The Nix store cannot directly support setuid binaries for a number
  of reasons:

  - Builds are generally not performed as root (and they shouldn't
    be), so the builder cannot chown/chmod executables to the right
    setuid ownership.

  - Unpacking a NAR archive containing a setuid binary would only work
    when Nix is run as root.

  - Worst of all, setuid binaries don't fit in the purely functional
    model: if a security bug is discovered in a setuid binary, that
    binary should be removed from the system to prevent users from
    calling it.  But we cannot garbage collect it unless all
    references to it are gone, which might never happen.  Of course,
    we could just remove setuid permission, but that would also be
    impure.

  So the solution is to keep setuid-ness out of the Nix store.
  Rather, for programs that we want to execute as setuid, we generate
  wrapper programs (as root) that are setuid and do an execve() to
  call the real, non-setuid program in the Nix store.

  That's what setuid-wrapper does.  It determines its own name (e.g.,
  /var/setuid-wrappers/passwd), reads the name of the wrapped program
  from <self>.real (e.g., /var/setuid-wrappers/passwd.real, which
  might contain /nix/var/nix/profiles/system/bin/passwd), and executes
  it.  Thus, the non-setuid passwd in the Nix store would be executed
  with the effective user set to root.

  Setuid-wrapper also performs a few security checks to prevent it
  from reading a fake <self>.real file through hard-linking tricks.

svn path=/nixos/trunk/; revision=7157
2006-11-28 13:36:27 +00:00
Eelco Dolstra
5c89e891df * Refactoring.
svn path=/nixos/trunk/; revision=7156
2006-11-28 10:45:21 +00:00
Eelco Dolstra
0817c307dc * Moving stuff around.
svn path=/nixos/trunk/; revision=7155
2006-11-27 19:49:05 +00:00