1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-25 23:20:55 +00:00
Commit graph

2717 commits

Author SHA1 Message Date
John Ericson 0dbc006760
Merge pull request #28029 from cstrahan/hardening-fix
hardening: fix #18995
2018-04-10 19:48:02 -04:00
John Ericson ac4d74b6d9 hardening: Reindent 2018-04-10 16:33:47 -04:00
John Ericson 21818ae592 hardening: Tiny reindent 2018-04-10 16:33:47 -04:00
John Ericson 2364c22ec9 hardening: line order, spacing, and pointless quoting for consistency 2018-04-10 16:33:47 -04:00
John Ericson 4c76d87871 hardenning: Rejigger ifs and explicit declare and unset -v 2018-04-10 16:33:47 -04:00
Charles Strahan 386e77dae9
hardening: simplify reporting of disabled flags 2018-04-10 15:27:13 -04:00
Charles Strahan 273ce83f29
hardening: make requested fixes 2018-04-10 13:04:46 -04:00
Eelco Dolstra 8787c131ed
vmTools: Add crc32c_generic to the initrd
This is necessary due to a e2fsprogs update
(e6114781b0) that causes mke2fs to
enable a feature (metadata_csum) that depends on crc32c.

https://hydra.nixos.org/build/72636785
2018-04-10 14:31:05 +02:00
Ryan Trinkle 1034aa8e9c
Merge pull request #25148 from obsidiansystems/docker-dirlinks
dockerTools: optionally preserve directory symlinks
2018-04-09 17:44:09 -04:00
Kevin Cox 4499513e54
rust: Allow setting cargoSha256 to null.
Setting the hash to null is a convenient way to bypass the hash check
while developing. It looks like the ability to do this was inadvertently
removed while adding vendor directory support.

This still checks that the user is explicitly setting the value but
allows null as a valid option.
2018-04-07 22:48:55 +01:00
Jörg Thalheim 8a8a73701d
Merge pull request #37928 from VShell/patch-2
buildRustCrate: fix equality testing
2018-03-28 09:34:41 +01:00
Jörg Thalheim d12cab3bb1 buildRustCrate: remove ancient test guards
Let's leave x"" to the 1990s, where they belong
2018-03-28 09:24:22 +01:00
Will Fancher d390ee74e3 Added bionic dynamic linker 2018-03-27 21:24:27 -04:00
Shell Turner 8cc6897ae9
buildRustCrate: fix equality testing
Use string equality instead of integer equality.
2018-03-27 20:08:48 +01:00
Sarah Brofeldt 4874ce1701 dockerTools.tarsum: Fix upstream import 2018-03-26 18:47:31 +02:00
Eelco Dolstra 7b539c0629
Fix typo 2018-03-22 13:57:41 +01:00
lewo ea6f55f83b
Merge pull request #36906 from nlewo/pr/docker-reproducible
Improve Docker image build reproducibility
2018-03-21 08:13:26 +01:00
Tuomas Tynkkynen ef64208eba Merge commit '3ab2949' from staging into master
Conflicts:
	pkgs/development/compilers/llvm/6/llvm.nix
	pkgs/servers/home-assistant/component-packages.nix
2018-03-15 22:30:56 +02:00
lewo 65e5bc713b
Merge pull request #36845 from jbedo/singularity
singularity: 2.4 -> 2.4.2
2018-03-14 10:19:10 +01:00
Tuomas Tynkkynen 2fec9c6e29 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/development/tools/build-managers/conan/default.nix
2018-03-13 23:04:18 +02:00
Franz Pletz 4f17851fb2
fetchurl: remove broken samba mirror 2018-03-13 17:15:33 +01:00
Antoine Eiche ac0c491836 dockerTools: add --sort=name options on all tar calls
This is to go to a reproducible image build.
Note without this options image are identical from the Docker point of
view but generated docker archives could have different hashes.
2018-03-13 13:46:47 +01:00
Antoine Eiche 346996ceec dockerTools: dereference hard links in tar archives
This is to improve image creation reproducibility. Since the nar
format doesn't support hard link, the tar stream of a layer can be
different if a dependency of a layer has been built locally or if it
has been fetched from a binary cache.

If the dependency has been build locally, it can contain hard links
which are encoded in the tar stream. If the dependency has been
fetched from a binary cache, the tar stream doesn't contain any hard
link. So even if the content is the same, tar streams are different.
2018-03-13 13:46:41 +01:00
Antoine Eiche e8f452f110 dockerTools: add an onTopOfPulledImage example
This allows to test if a pulled image can be updated by using our
Docker tools.
2018-03-13 11:59:22 +01:00
Justin Bedo 5c1e42276d
singularity: 2.4 -> 2.4.2 2018-03-12 15:13:31 +11:00
Nikolay Amiantov 9db2a3e638 buildFHSEnv: export TZDIR
This is needed since NixOS keeps tzdata in non-standard /etc/zoneinfo path.
2018-03-11 02:14:49 +03:00
Nikolay Amiantov 94f0ef6628 buildFHSEnv: fix compiler search paths
Fixes OpenWrt compilation.
2018-03-10 23:57:12 +03:00
Jan Malakhovski 7079e744d4 Merge branch 'master' into staging
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):

   pkgs/development/libraries/epoxy/default.nix
   pkgs/development/libraries/gtk+/3.x.nix
   pkgs/development/python-modules/asgiref/default.nix
   pkgs/development/python-modules/daphne/default.nix
   pkgs/os-specific/linux/systemd/default.nix
2018-03-10 20:38:13 +00:00
Shea Levy c46cd6cefe
Merge branch 'patch-10' of git://github.com/matthewbauer/nixpkgs 2018-03-08 18:31:55 -05:00
Shea Levy c69d8bf5e6
treewide: Remove gnat support.
See discussion in 6ac7b19c97.
2018-03-08 13:56:36 -05:00
Charles Strahan 806edaa0a2
hardening: ld wrapper changes, setup-hook, etc 2018-03-06 19:21:10 -05:00
Charles Strahan 634c748050
hardening: initial cross support 2018-03-06 18:03:13 -05:00
Charles Strahan fc46895e86
hardening: allow user supplied flags to override
Put hardening flags before user supplied flags.
2018-03-06 00:30:09 -05:00
Charles Strahan cc7ce57f86
hardening: clarify the whitelist logic
Per @Ericson2314's suggestion [1], make it more clear that the active
hardenings are decided via whitelist; the blacklist is merely for the
debug messages.

1: 36d5ce41d4 (r133279731)
2018-03-06 00:30:09 -05:00
Charles Strahan 9920923cde
hardening: fix careless bugs
I got a substitution backwards (used '+' instead of '-').

Also, this now works under `set -u` (had to fix a couple unbound
variable references).
2018-03-06 00:30:08 -05:00
Charles Strahan 0937df463f
hardening: fix bug/typo 2018-03-06 00:30:08 -05:00
Charles Strahan 9fe17b2153
hardening: fix #18995 2018-03-06 00:30:00 -05:00
Vladimír Čunát a373fe8322
makeInitrd: explain why we don't use closureInfo
/cc #36268.
2018-03-05 13:04:55 +01:00
Eelco Dolstra 165b32d386
Revert "makeInitrd: Use closureInfo"
This reverts commit 776a5e6ebf.

Fixes #36268.
2018-03-05 12:49:59 +01:00
Franz Pletz 0f78afdf25
Merge pull request #32248 from awakesecurity/parnell/fetchdocker
Support fetching docker images from V2 registries
2018-03-04 17:10:27 +00:00
Vladimír Čunát b70c93f211
Merge branch 'master' into nix-2.0 2018-03-03 18:02:35 +01:00
Shea Levy 95579af5ec
Merge remote-tracking branch 'origin/staging' into cross-nixos 2018-03-01 14:56:58 -05:00
Tuomas Tynkkynen b8b2225f6b Merge remote-tracking branch 'upstream/master' into staging 2018-03-01 06:09:20 +02:00
Shea Levy 6a32291523
makeModulesClosure: Fix cross-compilation 2018-02-28 15:01:32 -05:00
Shea Levy 7f623cfa45
callCabal2nix: Fix filtering for non-cleanSourceable sources.
What was here before wasn't correct anyway, and now it works in
restricted mode.

Fixes #35207
2018-02-28 14:22:19 -05:00
Tuomas Tynkkynen 34f95d92a2 Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/applications/misc/pytrainer/default.nix
	pkgs/development/tools/pew/default.nix
	pkgs/tools/misc/you-get/default.nix
2018-02-28 20:52:49 +02:00
Will Dietz f14ff86ec9 bintools-wrapper: fix breakage on aarch64, where "isArm" is false
Unintentionally changed in #35247
2018-02-28 09:42:13 -06:00
John Ericson dfc5d7835d
Merge pull request #35247 from telent/mips32
lib, treewide: Add missing MIPS arches, and fix existing usage
2018-02-27 14:01:15 -05:00
Eelco Dolstra 0d00215880
Cleanup 2018-02-27 19:59:26 +01:00
John Ericson 4a29081a94
Merge pull request #35071 from oxij/stdenv/infopages
stdenv, bash: fixing info pages and stuff
2018-02-26 18:06:11 -05:00