alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
85665 commits 217 branches 121 tags 4.5 GiB
Commit graph

15262 commits

Author SHA1 Message Date
Joachim Fasting 75b9a7beac
grsecurity: implement a single NixOS kernel 
This patch replaces the old grsecurity kernels with a single NixOS
specific grsecurity kernel.  This kernel is intended as a general
purpose kernel, tuned for casual desktop use.

Providing only a single kernel may seem like a regression compared to
offering a multitude of flavors.  It is impossible, however, to
effectively test and support that many options.  This is amplified by
the reality that very few seem to actually use grsecurity on NixOS,
meaning that bugs go unnoticed for long periods of time, simply because
those code paths end up never being exercised.  More generally, it is
hopeless to anticipate imagined needs.  It is better to start from a
solid foundation and possibly add more flavours on demand.

While the generic kernel is intended to cover a wide range of use cases,
it cannot cover everything.  For some, the configuration will be either
too restrictive or too lenient.  In those cases, the recommended
solution is to build a custom kernel --- this is *strongly* recommended
for security sensitive deployments.

Building a custom grsec kernel should be as simple as
```nix
linux_grsec_nixos.override {
  extraConfig = ''
    GRKERNSEC y
    PAX y
    # and so on ...
  '';
}
```

The generic kernel should be usable both as a KVM guest and host.  When
running as a host, the kernel assumes hardware virtualisation support.
Virtualisation systems other than KVM are *unsupported*: users of
non-KVM systems are better served by compiling a custom kernel.

Unlike previous Grsecurity kernels, this configuration disables `/proc`
restrictions in favor of `security.hideProcessInformation`.

Known incompatibilities:
- ZFS: can't load spl and zfs kernel modules; claims incompatibility
  with KERNEXEC method `or` and RAP; changing to `bts` does not fix the
  problem, which implies we'd have to disable RAP as well for ZFS to
  work
- `kexec()`: likely incompatible with KERNEXEC (unverified)
- Xen: likely incompatible with KERNEXEC and UDEREF (unverified)
- Virtualbox: likely incompatible with UDEREF (unverified)
 2016-06-14 00:08:20 +02:00
Paweł Pacana d2b58dd39a buildkite-agent: init at 2.1.8 
* nixos module included
* install compiled binary
* only one platform now
* limited config options
* relies on providing ssh keys for agent
 2016-06-13 17:21:08 +01:00
José Romildo Malaquias 0072cb8ff1 faba-mono-icons: init at 2016-04-30 
Closes #16109.
 2016-06-13 09:40:51 +02:00
José Romildo Malaquias fa447287b0 arc-icon-theme: init at 2016-06-06 2016-06-13 09:40:44 +02:00
José Romildo Malaquias 4e44a330cb moka-icon-theme: init at 2016-06-07 2016-06-13 09:40:43 +02:00
José Romildo Malaquias c33cf02337 faba-icon-theme: init at 2016-06-02 2016-06-13 09:40:43 +02:00
Rahul Gopinath e19c5ce2e7 green-pdf-viewer: init at nightly-2014-04-22 
Green pdf viewer uses SDL and libpoppler to render pdf.
 2016-06-12 20:27:45 -07:00
Rahul Gopinath ea8fb0aee5 SDL_sixel: init at 1.2-nightly 
SDL_sixel is a fork of SDL1.2 that supports sixel as a video driver (for
console graphics)
 2016-06-12 20:27:44 -07:00
Rahul Gopinath 9b01ad3ce8 rebol: init at 3-alpha 
Rebol is a cross-platform data exchange language and a multi-paradigm dynamic
programming language for network communications and distributed computing.
 2016-06-12 16:32:10 -07:00
Rahul Gopinath 4227aa2c4f ffmpeg-sixel: init at nightly-2.3.x 2016-06-12 16:23:25 -07:00
Benno Fünfstück 96066935f2 fix build of pngcheck 2016-06-13 01:21:14 +02:00
zimbatm a95229a963 Merge pull request #15677 from womfoo/mod_auth_mellon 
mod_auth_mellon: init at 0.12.0 and dependency lasso: init at 2.5.1
 2016-06-12 23:38:57 +01:00
zimbatm ecdd2721da Merge pull request #16136 from vrthra/libsixel 
libsixel: init at 1.6.1
 2016-06-12 23:32:13 +01:00
zimbatm 04a8f4499e Merge pull request #16151 from vrthra/mlterm 
mlterm: init at 3.3.8
 2016-06-12 23:20:33 +01:00
zimbatm e1a487fa8f gx: init at 20160601 2016-06-12 23:14:42 +01:00
zimbatm 711456c632 Merge pull request #16187 from Profpatsch/bgnet 
bgnet: init at 3.0.21
 2016-06-12 22:08:14 +01:00
Profpatsch 0da4bb869e bgnet: init at 3.0.21 2016-06-12 21:28:40 +02:00
zimbatm e2413ad5a8 shadow: add shellPath passthru 
This one is a bit special, it's used to deny users from logging in.
 2016-06-12 20:13:32 +01:00
Rahul Gopinath af76a52c06 libsixel: init at 1.6.1 
libsixel is a library for display of graphics in console.
 2016-06-12 09:58:25 -07:00
Arseniy Seroka 852e9c3096 Merge pull request #16158 from juliendehos/armadillo 
armadillo: init at 7.200.1b
 2016-06-12 19:13:38 +03:00
José Romildo Malaquias f771bf9239 font-manager: git-2016-03-02 -> 2016-06-04 2016-06-12 08:00:31 -03:00
Tal Walter eacc13a3e6 uif2iso: init at 0.1.7 
a program for converting UIF files (Universal Image Format, used by MagicISO)
to uncompressed images depending on the input file type:
ISO, BIN/CUE, MDS/MDF, CCD/IMG/SUB and NRG.
 2016-06-12 13:16:14 +03:00
Phil Wetzel 7e9fbf4a1d squeezelite: init at git 2016-05-27 2016-06-11 22:03:56 -04:00
Julien Dehos cb6e9e5e24 armadillo: init at 7.200.1b 2016-06-12 03:06:07 +02:00
Rahul Gopinath c0316aaf84 mlterm: init at 3.3.8 
A multi-lingual terminal that supports REGIS and SIXEL graphics
 2016-06-11 12:35:34 -07:00
Arseniy Seroka 5347a118c2 Merge pull request #16139 from romildo/upd.catfish 
catfish: 1.4.1 -> 1.4.2
 2016-06-11 22:33:02 +03:00
José Romildo Malaquias 205ec15d1e catfish: 1.4.1 -> 1.4.2 2016-06-11 15:25:59 -03:00
Rushmore Mushambi 1965bd56e6 Merge pull request #16146 from kamilchm/rework-go 
all-packages references to Go packages includes all outputs
 2016-06-11 19:24:35 +02:00
Nikolay Amiantov b341de88e9 Merge pull request #16030 from abbradar/fhs-refactor 
Improvements for FHS user chrootenv
 2016-06-11 21:04:20 +04:00
Kamil Chmielewski 7d02cc1dd5 all-packages references to Go packages includes all outputs 2016-06-11 18:57:29 +02:00
Nikolay Amiantov 80b22a823c lambdabot: use LTS package set 2016-06-11 02:43:44 +03:00
Nikolay Amiantov 5f925c7e2b mueval: use LTS package set 2016-06-11 02:43:44 +03:00
Nikolay Amiantov 5dc116e456 julia-git: 0.4.4-pre-2016-02-08 -> 0.5.0-dev-2016-06-10 2016-06-11 02:43:44 +03:00
Rushmore Mushambi aa8cf825ce Merge pull request #16103 from kamilchm/go2nix 
go2nix: 20160307 -> 0.1.0
 2016-06-10 17:21:27 +02:00
Kamil Chmielewski d73f5d6993 icon-lang, xgeometry-select: FIX accidental remove after rebase in https://github.com/NixOS/nixpkgs/pull/16017 (#16121) 2016-06-10 14:04:46 +01:00
obadz ff42b489c1 xgeometry-select: add back entry in top level removed in 7eb671e 2016-06-10 14:00:50 +01:00
Nikolay Amiantov 21f5510a54 Merge pull request #15367 from bendlas/update-wine 
wine-unstable: 1.9.7 -> 1.9.11; add optional dependencies; opencl-icd: init; refactor flags
 2016-06-10 16:47:31 +04:00
Michael Raskin a6072331c0 gle: init at 3.1.0 2016-06-10 14:51:48 +02:00
Vladimír Čunát ce5cb1eff7 Merge #16117: mononoki: init at 1.2 2016-06-10 12:35:01 +02:00
Christian Lask e0e9df7c8d mononoki: init at 1.2 2016-06-10 12:19:17 +02:00
Kamil Chmielewski 76b331ae59 go2nix: 20160307 -> 0.1.0 2016-06-10 12:04:35 +02:00
Rickard Nilsson b9922661b8 jetty: Remove obsolete versions and init new default to 9.3.9.v20160517 2016-06-10 07:59:59 +00:00
Rushmore Mushambi 902b6d5691 Merge pull request #16093 from rushmorem/update-go 
go: v1.5.3 -> v1.5.4
 2016-06-10 00:14:56 +02:00
Rahul Gopinath b89d4a3a61 unicon: init at 11.7 
Unicon is a very high level goal-directed, object-oriented, general purpose
applications language
 2016-06-09 13:32:44 -07:00
Peter Simons 3a4ff5fc7e haskell-darcs: switch to LTS package set to fix the build 2016-06-09 21:51:19 +02:00
Peter Simons bcd46a3d9b haskell-cryptol: switch to LTS package set to fix the build 2016-06-09 21:51:09 +02:00
Nikolay Amiantov 69e97f8a45 Merge pull request #15891 from abbradar/krita 
krita: init at 3.0
 2016-06-09 23:34:07 +04:00
rushmorem 2a258d13ad go: make 1.6 default 2016-06-09 21:32:37 +02:00
Christopher Lübbemeier ac4903284c gmsh: init at 2.12.0 2016-06-09 18:54:26 +02:00
Rushmore Mushambi 83c40ada7e Merge pull request #16017 from kamilchm/rework-go 
Rework goPackages
 2016-06-09 17:09:13 +02:00
Vladimír Čunát cbca34b1a7 Merge #13977: ffmpeg: add 3.0 version 
I made the default not change for now.
 2016-06-09 14:11:30 +02:00
Vladimír Čunát 9bf6114147 ffmpeg: use 2 as the default for now 2016-06-09 14:07:39 +02:00
Kamil Chmielewski 1dfae0678d nomad: extracted from goPackages 2016-06-09 13:08:10 +02:00
Kamil Chmielewski 8cd1d4cda5 buildGoPackage: use Go 1.6 by default 2016-06-09 13:08:10 +02:00
Kamil Chmielewski 30acfc3b45 ipfs: extracted from goPackages 2016-06-09 13:08:09 +02:00
Kamil Chmielewski 7eb671ebcd no more goPackages 2016-06-09 13:08:00 +02:00
Vladimír Čunát cc174b3d55 pidgin: simplify using the wrapped version 
Now only the `pidgin` attribute is exposed and it's wrapped based on
whether the `plugins` parameter is overridden.

Discussion: https://github.com/NixOS/nixpkgs/issues/8999#issuecomment-224851642
 2016-06-09 12:21:36 +02:00
Kamil Chmielewski 6f51fdd81c drive: extracted from goPackges 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 7b4e868173 govers: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski fc88548b5d go2nix: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 5d3f8fec7c prometheus-statsd-bridge: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 5fec17a3e2 prometheus-pushgateway: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 28b6e9863c prometheus-node-exporter: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 0f13eab7c8 prometheus-nginx-exporter: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski f44b557476 prometheus-mysqld-exporter: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 485ad053e0 prometheus-mesos-exporter: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski fdebbdb889 prometheus-haproxy-exporter: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski a3cf92fdba prometheus-collectd-exporter: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 2665cae1f4 prometheus-cli: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski a6cd1321b9 prometheus-alertmanager: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 4bf5a93f2d prom2json: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski a95e0b9385 prometheus: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 03feac7937 pond: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski e89a086f06 terraform: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 826ff3efc2 glide: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 4ce39be8ea caddy: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 5017469197 xmpp-client: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 06327d22d6 syncthing012: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski b70c24f1f2 vault: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 9e273d5b29 consul--template: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 6fe27955fd consul-alerts: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 5db153b7a1 consul: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski abcec97b1e confd: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski f473582a75 hologram: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 8bfff0f5a6 i3cat: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 7c8852e355 goimports: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 3cf803fca7 golant: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski ec9edbe172 gotags: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski dc2bb06a1b gocode: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 4ddfe1fc40 serfdom: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 6b41b6b908 oauth2_proxy: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 2bee32508c nsq: extracted from goPackages 2016-06-09 11:22:02 +02:00
Kamil Chmielewski 144ea78753 etcd: extracted from goPackages 2016-06-09 11:21:30 +02:00
Kamil Chmielewski 6909d0e456 vimPlugins: FIX fzf outside goPackages 2016-06-09 11:21:30 +02:00
Kamil Chmielewski 20a457faf7 gotty: extracted from goPackages 2016-06-09 11:21:30 +02:00
Kamil Chmielewski 26d231c536 mesos-dns: extracted from goPackages 2016-06-09 11:21:30 +02:00
Kamil Chmielewski 6dc8237385 gox: extracted from goPackages 2016-06-09 11:21:30 +02:00
Kamil Chmielewski 0066d89b0c go-repo-root: extracted from goPackages 2016-06-09 11:21:30 +02:00
Kamil Chmielewski c7bf8afbfc oh: extracted from goPackages 2016-06-09 11:21:30 +02:00
Kamil Chmielewski bce93755b9 textql: extracted from goPackages 2016-06-09 11:21:30 +02:00