From e09250d41ccaf65c570ba94c0335493365807770 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra <eelco.dolstra@logicblox.com> Date: Wed, 9 Apr 2014 00:09:31 +0200 Subject: [PATCH] Disable allowUnfree by default Fixes #2134. --- nixos/doc/manual/release-notes.xml | 21 +++++++++++++++++++-- nixos/lib/eval-config.nix | 7 ++++++- nixos/modules/services/security/fprot.nix | 6 ++++-- pkgs/stdenv/generic/default.nix | 2 +- 4 files changed, 30 insertions(+), 6 deletions(-) diff --git a/nixos/doc/manual/release-notes.xml b/nixos/doc/manual/release-notes.xml index 68feb80e090b..10815ba613ad 100644 --- a/nixos/doc/manual/release-notes.xml +++ b/nixos/doc/manual/release-notes.xml @@ -7,7 +7,7 @@ <section xml:id="sec-release-14.02"> -<title>Release 14.02 (“Baboon”, 2014/02/??)</title> +<title>Release 14.04 (“Baboon”, 2014/04/??)</title> <para>This is the second stable release branch of NixOS. The main enhancements are the following: @@ -18,7 +18,7 @@ enhancements are the following: <xref linkend="sec-uefi-installation"/> for details.</para></listitem> - <listitem><para>NixOS is now based on Glibc 2.18 and GCC + <listitem><para>NixOS is now based on Glibc 2.19 and GCC 4.8.</para></listitem> </itemizedlist> @@ -30,6 +30,23 @@ following incompatible changes: <itemizedlist> + <listitem><para>Nixpkgs no longer exposes unfree packages by + default. If your NixOS configuration requires unfree packages from + Nixpkgs, you need to enable support for them explicitly by setting: + +<programlisting> +nixpkgs.config.allowUnfree = true; +</programlisting> + + Otherwise, you get an error message such as: + +<screen> +error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:56’ + has an unfree license, refusing to evaluate +</screen> + + </para></listitem> + <listitem><para>The firewall is now enabled by default. If you don’t want this, you need to disable it explicitly: diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix index 4b8c7354a7ec..e082b174454e 100644 --- a/nixos/lib/eval-config.nix +++ b/nixos/lib/eval-config.nix @@ -26,10 +26,15 @@ rec { # These are the extra arguments passed to every module. In # particular, Nixpkgs is passed through the "pkgs" argument. + # FIXME: we enable config.allowUnfree to make packages like + # nvidia-x11 available. This isn't a problem because if the user has + # ‘nixpkgs.config.allowUnfree = false’, then evaluation will fail on + # the 64-bit package anyway. However, it would be cleaner to respect + # nixpkgs.config here. extraArgs = extraArgs_ // { inherit pkgs modules baseModules; modulesPath = ../modules; - pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; }; + pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; config.allowUnfree = true; }; utils = import ./utils.nix pkgs; }; diff --git a/nixos/modules/services/security/fprot.nix b/nixos/modules/services/security/fprot.nix index 9f1fc4ed6d8b..a109191be550 100644 --- a/nixos/modules/services/security/fprot.nix +++ b/nixos/modules/services/security/fprot.nix @@ -18,7 +18,6 @@ in { }; productData = mkOption { - default = "${pkgs.fprot}/opt/f-prot/product.data"; description = '' product.data file. Defaults to the one supplied with installation package. ''; @@ -32,7 +31,6 @@ in { }; licenseKeyfile = mkOption { - default = "${pkgs.fprot}/opt/f-prot/license.key"; description = '' License keyfile. Defaults to the one supplied with installation package. ''; @@ -45,6 +43,10 @@ in { ###### implementation config = mkIf cfg.updater.enable { + + services.fprot.updater.productData = "${pkgs.fprot}/opt/f-prot/product.data"; + services.fprot.updater.licenseKeyfile = "${pkgs.fprot}/opt/f-prot/license.key"; + environment.systemPackages = [ pkgs.fprot ]; environment.etc = singleton { source = "${pkgs.fprot}/opt/f-prot/f-prot.conf"; diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix index f1cf34b160c6..03000d0cdd89 100644 --- a/pkgs/stdenv/generic/default.nix +++ b/pkgs/stdenv/generic/default.nix @@ -14,7 +14,7 @@ let lib = import ../../../lib; in lib.makeOverridable ( let - allowUnfree = config.allowUnfree or true && builtins.getEnv "HYDRA_DISALLOW_UNFREE" != "1"; + allowUnfree = config.allowUnfree or false && builtins.getEnv "HYDRA_DISALLOW_UNFREE" != "1"; allowBroken = builtins.getEnv "NIXPKGS_ALLOW_BROKEN" == "1";