1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-28 00:22:13 +00:00
Commit graph

10 commits

Author SHA1 Message Date
Graham Christensen 6504df6732 Merge pull request #25955 from matthewbauer/nixpkgs-manual-declarative-package-management
manual: add "declarative package management" section
2017-07-16 16:50:14 -04:00
Jan Tojnar e35f3c0679
doc: Fix some typos 2017-06-11 22:13:42 +02:00
Matthew Bauer 0bbbdfbc52
manual: add "declarative package management" section
This section gives some details on how to setup an "environment"
without having to go through NixOS (although it could be used there
too). I’ve tried to make it straightforward and have a kind of
"tutorial" feel. Not sure if that’s appropriate for the manual, so any
recommended changes would be helpful.
2017-05-20 22:25:05 -05:00
Vladimír Čunát a50222b1a3
doc/configuration: tidy up text around #23130 changes 2017-02-26 10:32:59 +01:00
Graham Christensen a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Eelco Dolstra 9d6a55aefd
~/.nixpkgs -> ~/.config/nixpkgs
The former is still respected as a fallback for config.nix for
backwards compatibility (but not for overlays because they're a new
feature).
2017-02-01 16:07:55 +01:00
Théo Zimmermann 24b715d16d nixpkgs manual: more extensible example (#15557)
By checking if the package name appears in a list, this new example allows for easy user-customization.
2016-05-23 11:02:46 +01:00
Vladimír Čunát 4ca2332bac nixpkgs manual: fix typo in filename 2016-02-17 10:52:42 +01:00
Eelco Dolstra 6bd0519918 Manual: Fix indent of config section 2015-12-10 16:06:12 +01:00
Eelco Dolstra e115e3fd76 Manual: Rename file 2015-12-10 16:06:12 +01:00
Renamed from doc/packageconfig.xml (Browse further)