alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
90553 commits 217 branches 116 tags 4 GiB
Commit graph

5596 commits

Author SHA1 Message Date
Parnell Springmeyer 81b33eb466 security: Updating the machinery for creating the wrapper programs dir in var and updating ping and ping6 for changed config interface. 2016-09-01 19:16:36 -05:00
Parnell Springmeyer 79e81aa31b security: Removing the old wrappers and replacing with 'permissions-wrappers' 2016-09-01 19:15:56 -05:00
Parnell Springmeyer c16647ec29 security: switching to linuxHeaders so we always stay current with the selected kernel. 2016-09-01 19:15:56 -05:00
Parnell Springmeyer 79f1a1e07a security: need to specify the ping binary paths for setcap wrappers. 2016-09-01 19:15:56 -05:00
Parnell Springmeyer 2efb60c8e9 security: tweaking the setcap-wrapper example to be more relevant 2016-09-01 19:15:56 -05:00
Parnell Springmeyer 4e98aa639f module-list: adding setcap-wrappers to the import list 2016-09-01 19:15:56 -05:00
Parnell Springmeyer 1c0f672f7a security: update setcap-wrappers dir to match the system-level dir we're creating on init 2016-09-01 19:15:56 -05:00
Parnell Springmeyer 12a23b3d91 boot: create setcap-wrappers dir as a tmpfs 2016-09-01 19:15:56 -05:00
Parnell Springmeyer 6fe93ae42a installer: adding perl 'next if' skip command for setcap-wrappers dir 2016-09-01 19:15:09 -05:00
Parnell Springmeyer 00dc2c559c installer: adding mkdir command for the setcap-wrappers dir 2016-09-01 19:15:09 -05:00
Parnell Springmeyer b3d63f8191 security: whitespace wibble 2016-09-01 19:13:54 -05:00
Parnell Springmeyer bfc3956376 security: adding setcap-wrapper functionality 2016-09-01 19:13:54 -05:00
Parnell Springmeyer 5deed1cb86 network-interfaces: use setcap-wrappers for ping and ping6 iff linux kernel is at-least 4.3 2016-09-01 19:13:54 -05:00
Domen Kožar a6670c1a0b Fixes #18124: atomically replace /var/setuid-wrappers/ (#18186) 
Before this commit updating /var/setuid-wrappers/ folder introduced
a small window where NixOS activation scripts could be terminated
and resulted into empty /var/setuid-wrappers/ folder.

That's very unfortunate because one might lose sudo binary.

Instead we use two atomic operations mv and ln (as described in
https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/)
to achieve atomicity.

Since /var/setuid-wrappers is not a directory anymore, tmpfs mountpoints
were removed in installation scripts and in boot process.

Tested:

- upgrade /var/setuid-wrappers/ from folder to a symlink
- make sure /run/setuid-wrappers-dirs/ legacy symlink is really deleted
 2016-09-01 20:57:51 +02:00
Данило Глинський (Danylo Hlynskyi) 78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Domen Kožar d163882770 Merge pull request #18172 from Profpatsch/startAt-type 
systemd-unit-options: startAt can be a list
 2016-09-01 20:44:32 +02:00
Joachim Fasting 6df8de50f3
unbound service: whitespace fixes 2016-09-01 14:51:33 +02:00
Joachim Fasting 03c2c87ed6
unbound service: use mkEnableOption 2016-09-01 14:51:32 +02:00
Tuomas Tynkkynen 8c4aeb1780 Merge staging into master 
Brings in:
    - changed output order for multiple outputs:
      https://github.com/NixOS/nixpkgs/pull/14766
    - audit disabled by default
      https://github.com/NixOS/nixpkgs/pull/17916

 Conflicts:
	pkgs/development/libraries/openldap/default.nix
 2016-09-01 13:27:27 +03:00
Tuomas Tynkkynen d02e5a7d8f nixos/filesystems: Drop compat code for filesystems.*.options type 2016-09-01 12:18:33 +03:00
Domen Kožar f5271680c4 Fixes #14831 by using full path for binaries used in install-grub.pl 
Both btrfs-progs and utillinux are ~5MB, we may discuss in future
to handle this better but I see no better way at the moment than
increaing purity in the install process.
 2016-09-01 10:36:38 +02:00
Domen Kožar 2a7293fd9d install-grub.pl: fix a double slash prefix bug 2016-09-01 10:14:44 +02:00
Domen Kožar 5e5b0d039c install-grub.pl: add comments 2016-09-01 10:14:44 +02:00
Profpatsch 488f0d9cb3 systemd-unit-options: startAt can be a list 
OnCalendar entrys can be specified multiple times in a systemd timer, to
make more complex scheduling possible.

Tested by manually checking the timer generated by the following:

    systemd = {
      services.huhu = {
        description = "meh";
        wantedBy = [ "default.target" ];
        serviceConfig.ExecStart = "/bin/sh -c 'printf HUHU!'";
        startAt = [ "*:*:0/30" "*:0/1:15" ];
      };
    };

It prints HUHU to the log at seconds 0, 15 and 30 of each minute.
 2016-09-01 00:39:36 +02:00
Tuomas Tynkkynen 838c75398c release notes: Fix unclosed tag 2016-09-01 01:11:50 +03:00
Tuomas Tynkkynen 5ad122b500 release notes: Add note about audit being disabled by default 2016-08-31 23:15:47 +03:00
Tuomas Tynkkynen 16b3e26da4 audit: Disable by default 
Because in its default enabled state it it causes a global performance
hit on all system calls (https://fedorahosted.org/fesco/ticket/1311) and
unwanted spam in dmesg, in particular when using Chromium
(https://github.com/NixOS/nixpkgs/issues/13710).
 2016-08-31 23:15:41 +03:00
Tuomas Tynkkynen 5eff0b990c audit service: Explicitly call auditctl to disable everything 
Otherwise, journald might be starting auditing.
Some reading:
    - https://fedorahosted.org/fesco/ticket/1311
    - https://github.com/systemd/systemd/issues/959
    - 64f83d3087
 2016-08-31 23:15:32 +03:00
obadz a3621b1047 nixos/…/swap.nix: add some safety assertions for randomEncryption 2016-08-31 15:29:11 +01:00
Domen Kožar d8d75ddec6 Revert "setuid-wrappers: Update wrapper dir atomically." 
This reverts commit ee535056ce.

It doesn't work yet.
 2016-08-31 16:25:18 +02:00
Nikolay Amiantov 4499a505ed hidepid service: use new boot.specialFileSystems 2016-08-31 17:16:41 +03:00
Nikolay Amiantov a4879c44c9 Merge pull request #18160 from obadz/swap-encryption 
nixos/…/swap.nix: remove backslashes from deviceName
 2016-08-31 17:59:45 +04:00
Nikolay Amiantov 7fa8c424bd nixos filesystems: move special filesystems to a dedicated option 
Fixes #18159.
 2016-08-31 16:50:13 +03:00
obadz a7d238136d nixos/…/swap.nix: remove backslashes from deviceName 
Fixes #8277

Prior to this, backslashes would end up in fstab and the swap partition
was not activated.  Swap files seemed to work fine.
 2016-08-31 14:40:21 +01:00
Shea Levy ee535056ce setuid-wrappers: Update wrapper dir atomically. 
Fixes #18124.
 2016-08-31 08:00:57 -04:00
zimbatm 17dbfeb450 Merge pull request #18152 from roblabla/bugfix-zeroTierOneConfigurablePackage 
zerotierone: make package configurable
 2016-08-31 12:34:59 +01:00
roblabla caa1350e07 zerotierone: make package configurable 2016-08-31 12:39:55 +02:00
Domen Kožar da421bc75f Fix #4210: Remove builderDefs 
This was one of the ways to build packages, we are trying
hard to minimize different ways so it's easier for newcomers
to learn only one way.

This also:

- removes texLive (old), fixes #14807
- removed upstream-updater, if that code is still used it should be in
  separate repo
- changes a few packages like gitit/mit-scheme to use new texlive
 2016-08-31 11:34:46 +02:00
Mango Chutney 40d2fa2a1b Don't break grow-partition 2016-08-31 03:06:46 +00:00
Nathan Zadoks f503f648b3 virtualbox-image module: enable partition / filesystem growth 2016-08-30 16:48:05 -04:00
Nathan Zadoks 346c31000b amazon-grow-partition module: rename to grow-partition 2016-08-30 16:48:04 -04:00
Nathan Zadoks 1de8e1b02e amazon-grow-partition module: autodetect the root device 2016-08-30 16:48:04 -04:00
Nikolay Amiantov 509733a343 Merge pull request #17822 from abbradar/systemd-mounts 
nixos filesystems: unify special filesystems handling
 2016-08-30 22:42:19 +04:00
Domen Kožar e561edc322 update-users-groups.pl: correctly guard duplicate uids for declarative users 
Verified that following nixos configuration:

    users.users.foo = {
      uid = 1000;
      name = "foo";
    };
    users.users.bar = {
      name = "bar";
    };

Before this commit both users will get uid of 1000, after it's applied
bar will correctly get 1001.
 2016-08-30 17:14:14 +02:00
Tuomas Tynkkynen d3dc3d4130 Merge remote-tracking branch 'dezgeg/shuffle-outputs' into staging 
https://github.com/NixOS/nixpkgs/pull/14766
 2016-08-30 12:43:37 +03:00
Eelco Dolstra 83103dc267 Merge pull request #18104 from ericsagnes/feat/nixos-manual-gen-cleanup 
nixos manual: cleanup generation
 2016-08-30 10:35:18 +02:00
Tuomas Tynkkynen 03fb2c1f32 doc: Document changes to multiple-output conventions 2016-08-30 04:46:59 +03:00
obadz 03b9a159fe opensmtpd nixos module: chmod & chown until the daemon's heart's content 2016-08-30 02:13:22 +01:00
Eric Sagnes b50e627ef6 nixos manual: cleanup generation 2016-08-30 09:40:05 +09:00
Joachim Fasting dab32a1fa6
nixos manual: move chapter on grsecurity to auto-generated module docs 2016-08-29 23:48:12 +02:00