John Ericson
0dbc006760
Merge pull request #28029 from cstrahan/hardening-fix
...
hardening: fix #18995
2018-04-10 19:48:02 -04:00
John Ericson
ac4d74b6d9
hardening: Reindent
2018-04-10 16:33:47 -04:00
John Ericson
21818ae592
hardening: Tiny reindent
2018-04-10 16:33:47 -04:00
John Ericson
2364c22ec9
hardening: line order, spacing, and pointless quoting for consistency
2018-04-10 16:33:47 -04:00
John Ericson
4c76d87871
hardenning: Rejigger ifs and explicit declare and unset -v
2018-04-10 16:33:47 -04:00
Charles Strahan
386e77dae9
hardening: simplify reporting of disabled flags
2018-04-10 15:27:13 -04:00
Charles Strahan
273ce83f29
hardening: make requested fixes
2018-04-10 13:04:46 -04:00
Eelco Dolstra
8787c131ed
vmTools: Add crc32c_generic to the initrd
...
This is necessary due to a e2fsprogs update
(e6114781b0
) that causes mke2fs to
enable a feature (metadata_csum) that depends on crc32c.
https://hydra.nixos.org/build/72636785
2018-04-10 14:31:05 +02:00
Ryan Trinkle
1034aa8e9c
Merge pull request #25148 from obsidiansystems/docker-dirlinks
...
dockerTools: optionally preserve directory symlinks
2018-04-09 17:44:09 -04:00
Kevin Cox
4499513e54
rust: Allow setting cargoSha256 to null.
...
Setting the hash to null is a convenient way to bypass the hash check
while developing. It looks like the ability to do this was inadvertently
removed while adding vendor directory support.
This still checks that the user is explicitly setting the value but
allows null as a valid option.
2018-04-07 22:48:55 +01:00
Jörg Thalheim
8a8a73701d
Merge pull request #37928 from VShell/patch-2
...
buildRustCrate: fix equality testing
2018-03-28 09:34:41 +01:00
Jörg Thalheim
d12cab3bb1
buildRustCrate: remove ancient test guards
...
Let's leave x"" to the 1990s, where they belong
2018-03-28 09:24:22 +01:00
Will Fancher
d390ee74e3
Added bionic dynamic linker
2018-03-27 21:24:27 -04:00
Shell Turner
8cc6897ae9
buildRustCrate: fix equality testing
...
Use string equality instead of integer equality.
2018-03-27 20:08:48 +01:00
Sarah Brofeldt
4874ce1701
dockerTools.tarsum: Fix upstream import
2018-03-26 18:47:31 +02:00
Eelco Dolstra
7b539c0629
Fix typo
2018-03-22 13:57:41 +01:00
lewo
ea6f55f83b
Merge pull request #36906 from nlewo/pr/docker-reproducible
...
Improve Docker image build reproducibility
2018-03-21 08:13:26 +01:00
Tuomas Tynkkynen
ef64208eba
Merge commit '3ab2949' from staging into master
...
Conflicts:
pkgs/development/compilers/llvm/6/llvm.nix
pkgs/servers/home-assistant/component-packages.nix
2018-03-15 22:30:56 +02:00
lewo
65e5bc713b
Merge pull request #36845 from jbedo/singularity
...
singularity: 2.4 -> 2.4.2
2018-03-14 10:19:10 +01:00
Tuomas Tynkkynen
2fec9c6e29
Merge remote-tracking branch 'upstream/master' into staging
...
Conflicts:
pkgs/development/tools/build-managers/conan/default.nix
2018-03-13 23:04:18 +02:00
Franz Pletz
4f17851fb2
fetchurl: remove broken samba mirror
2018-03-13 17:15:33 +01:00
Antoine Eiche
ac0c491836
dockerTools: add --sort=name options on all tar calls
...
This is to go to a reproducible image build.
Note without this options image are identical from the Docker point of
view but generated docker archives could have different hashes.
2018-03-13 13:46:47 +01:00
Antoine Eiche
346996ceec
dockerTools: dereference hard links in tar archives
...
This is to improve image creation reproducibility. Since the nar
format doesn't support hard link, the tar stream of a layer can be
different if a dependency of a layer has been built locally or if it
has been fetched from a binary cache.
If the dependency has been build locally, it can contain hard links
which are encoded in the tar stream. If the dependency has been
fetched from a binary cache, the tar stream doesn't contain any hard
link. So even if the content is the same, tar streams are different.
2018-03-13 13:46:41 +01:00
Antoine Eiche
e8f452f110
dockerTools: add an onTopOfPulledImage example
...
This allows to test if a pulled image can be updated by using our
Docker tools.
2018-03-13 11:59:22 +01:00
Justin Bedo
5c1e42276d
singularity: 2.4 -> 2.4.2
2018-03-12 15:13:31 +11:00
Nikolay Amiantov
9db2a3e638
buildFHSEnv: export TZDIR
...
This is needed since NixOS keeps tzdata in non-standard /etc/zoneinfo path.
2018-03-11 02:14:49 +03:00
Nikolay Amiantov
94f0ef6628
buildFHSEnv: fix compiler search paths
...
Fixes OpenWrt compilation.
2018-03-10 23:57:12 +03:00
Jan Malakhovski
7079e744d4
Merge branch 'master' into staging
...
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):
pkgs/development/libraries/epoxy/default.nix
pkgs/development/libraries/gtk+/3.x.nix
pkgs/development/python-modules/asgiref/default.nix
pkgs/development/python-modules/daphne/default.nix
pkgs/os-specific/linux/systemd/default.nix
2018-03-10 20:38:13 +00:00
Shea Levy
c46cd6cefe
Merge branch 'patch-10' of git://github.com/matthewbauer/nixpkgs
2018-03-08 18:31:55 -05:00
Shea Levy
c69d8bf5e6
treewide: Remove gnat support.
...
See discussion in 6ac7b19c97
.
2018-03-08 13:56:36 -05:00
Charles Strahan
806edaa0a2
hardening: ld wrapper changes, setup-hook, etc
2018-03-06 19:21:10 -05:00
Charles Strahan
634c748050
hardening: initial cross support
2018-03-06 18:03:13 -05:00
Charles Strahan
fc46895e86
hardening: allow user supplied flags to override
...
Put hardening flags before user supplied flags.
2018-03-06 00:30:09 -05:00
Charles Strahan
cc7ce57f86
hardening: clarify the whitelist logic
...
Per @Ericson2314's suggestion [1], make it more clear that the active
hardenings are decided via whitelist; the blacklist is merely for the
debug messages.
1: 36d5ce41d4 (r133279731)
2018-03-06 00:30:09 -05:00
Charles Strahan
9920923cde
hardening: fix careless bugs
...
I got a substitution backwards (used '+' instead of '-').
Also, this now works under `set -u` (had to fix a couple unbound
variable references).
2018-03-06 00:30:08 -05:00
Charles Strahan
0937df463f
hardening: fix bug/typo
2018-03-06 00:30:08 -05:00
Charles Strahan
9fe17b2153
hardening: fix #18995
2018-03-06 00:30:00 -05:00
Vladimír Čunát
a373fe8322
makeInitrd: explain why we don't use closureInfo
...
/cc #36268 .
2018-03-05 13:04:55 +01:00
Eelco Dolstra
165b32d386
Revert "makeInitrd: Use closureInfo"
...
This reverts commit 776a5e6ebf
.
Fixes #36268 .
2018-03-05 12:49:59 +01:00
Franz Pletz
0f78afdf25
Merge pull request #32248 from awakesecurity/parnell/fetchdocker
...
Support fetching docker images from V2 registries
2018-03-04 17:10:27 +00:00
Vladimír Čunát
b70c93f211
Merge branch 'master' into nix-2.0
2018-03-03 18:02:35 +01:00
Shea Levy
95579af5ec
Merge remote-tracking branch 'origin/staging' into cross-nixos
2018-03-01 14:56:58 -05:00
Tuomas Tynkkynen
b8b2225f6b
Merge remote-tracking branch 'upstream/master' into staging
2018-03-01 06:09:20 +02:00
Shea Levy
6a32291523
makeModulesClosure: Fix cross-compilation
2018-02-28 15:01:32 -05:00
Shea Levy
7f623cfa45
callCabal2nix: Fix filtering for non-cleanSourceable sources.
...
What was here before wasn't correct anyway, and now it works in
restricted mode.
Fixes #35207
2018-02-28 14:22:19 -05:00
Tuomas Tynkkynen
34f95d92a2
Merge remote-tracking branch 'upstream/master' into staging
...
Conflicts:
pkgs/applications/misc/pytrainer/default.nix
pkgs/development/tools/pew/default.nix
pkgs/tools/misc/you-get/default.nix
2018-02-28 20:52:49 +02:00
Will Dietz
f14ff86ec9
bintools-wrapper: fix breakage on aarch64, where "isArm" is false
...
Unintentionally changed in #35247
2018-02-28 09:42:13 -06:00
John Ericson
dfc5d7835d
Merge pull request #35247 from telent/mips32
...
lib, treewide: Add missing MIPS arches, and fix existing usage
2018-02-27 14:01:15 -05:00
Eelco Dolstra
0d00215880
Cleanup
2018-02-27 19:59:26 +01:00
John Ericson
4a29081a94
Merge pull request #35071 from oxij/stdenv/infopages
...
stdenv, bash: fixing info pages and stuff
2018-02-26 18:06:11 -05:00