1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-13 16:15:30 +00:00
Commit graph

473 commits

Author SHA1 Message Date
Maximilian Bosch 5caa22fe0a Revert restrictive validation behavior for DM/WM defaults in the X module
The original idea behind this change (described in ticket #11064) was to
improve the assertions to avoid that users of the X server accidentally
forget to configure a DM or WM.

However this caused several issues with setups that require X, but no DM
or WM. The keymap testcases became instable as well as now disabling DMs
needs to be done explicitly.
(see https://github.com/NixOS/nixpkgs/pull/31268#issuecomment-347080036)

In the end the idea behind the change and #11064 was obviously a
mistake, so reverting it completely for now should be fine.
2018-03-28 20:34:05 +02:00
WilliButz 8a13101226
release notes: add information about prometheus exporters 2018-03-22 14:52:22 +01:00
Robin Gloster 76ea0e1b2e
Merge pull request #32960 from florianjacob/prosody-0.10
Prosody 0.10.0
2018-03-22 14:12:57 +01:00
Robin Gloster 0a80f2c0f4
prosody: improve module handling 2018-03-22 03:40:46 +01:00
Vladimír Čunát 03cf538ef2
18.09: Jackrabbit -> Jellyfish
See eb0fa09232 and github discussion on that.
My misgiving about the t-shirts was refuted.
I don't think this flip may negatively affect anyone.
2018-03-16 12:26:03 +01:00
Vladimír Čunát eb0fa09232
18.09: let's call it "Jackrabbit"
I was mainly considering Jellyfish and Jaguar (and Jackrabbit).
Originally I was inclined for Jellyfish, but then I thought of the
release T-shirts someone makes and it didn't seem suitable...
Jaguar would keep the name referring to a car as well, but as a
not-too-old (Mac) OS version is codenamed that way, I didn't go for it.
2018-03-14 15:13:34 +01:00
Florian Jacob 226965da67 prosody: 0.9.12 -> 0.10.0
updating config options, removing luazlib as mod_compression was removed
for security reasons.
2018-03-12 20:19:03 +01:00
Vladimír Čunát 7e968a47cd
18.03 -> 18.09
I don't have a name ready :-(  so I have to fill it later.
2018-03-05 19:47:39 +01:00
Vladimír Čunát 2069a2a002
Merge #35454: nixos/pump.io: remove 2018-03-04 10:49:25 +01:00
Vladimír Čunát 729d72f9e4
18.03 release notes: nix-2.0 by default 2018-03-03 18:03:13 +01:00
Vladimír Čunát ac3b53707c
18.03 release notes: highlight linux and gcc updates 2018-03-03 18:01:20 +01:00
Vladimír Čunát 7b2cf5b12e
lib.addPassthru: removed as scheduled 2018-03-03 17:57:38 +01:00
Tor Hedin Brønner c58072309c programs/bash: install nix-bash-completions if completion is enabled 2018-02-28 19:13:02 +01:00
Rodney Lorrimar c95ef47c51
Release notes: mention removal of pump.io module 2018-02-27 12:52:52 +00:00
adisbladis 4f59f26faf nodejs: Add release note about dropped 4_x packages 2018-02-27 10:19:23 +01:00
Franz Pletz 37c009ca74
Merge pull request #34028 from florianjacob/matomo
piwik is now matomo
2018-02-26 06:53:58 +00:00
Aristid Breitkreuz e349ccc77f nixos/alsa: Do not make sound.enable conditional on stateVersion.
Eelco Dolstra wrote:

Hm, this is not really the intended use of stateVersion. From the description:

        Every once in a while, a new NixOS release may change
        configuration defaults in a way incompatible with stateful
        data. For instance, if the default version of PostgreSQL
        changes, the new version will probably be unable to read your
        existing databases. To prevent such breakage, you can set the
        value of this option to the NixOS release with which you want
        to be compatible. The effect is that NixOS will option
        defaults corresponding to the specified release (such as using
        an older version of PostgreSQL).

So this is only intended for options that have some corresponding on-disk state. AFAICT this is not the case for sound. In any case stateVersion is a necessary evil that only exists because we can't just upgrade Postgres databases or change SSH host keys. It's not necessary for things like whether sound is enabled. (If the user discovers that sound is suddenly disabled, they can just enable it.)

I had some vague recollection that we also had a configVersion option setting to control the defaults for non-state-related options, but I can't find it so maybe it was only discussed.
2018-02-23 23:14:42 +01:00
Franz Pletz a04f6245a8
nixos/manual: fix build
Broken due to a43e33d0e4.
2018-02-23 00:28:20 +01:00
Aristid Breitkreuz a43e33d0e4 nixos: disable sound by default, if stateVersion >= 18.03 (#35355) 2018-02-22 22:06:31 +00:00
Florian Jacob 885e762d47 nixos/matomo: improve serverName default
when we need to change it anyway for the rename.
2018-02-22 22:03:55 +01:00
Florian Jacob 48e449ee70 nixos/piwik: rename to matomo 2018-02-22 22:03:55 +01:00
Robert Schütz 663d6e8f9d attic: uninit
Attic is currently broken on master.
The Attic git repo has not been updated since May 2015.
Arch Linux also does not have an Attic package anymore.
Borg should be able to read Attic backups using
http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x.
2018-02-20 11:32:35 +01:00
rnhmjoj 0651754751
nixos/doc: document networking.interfaces module changes 2018-02-17 14:57:07 +01:00
Frederik Rietdijk 672bb6b4ab Merge remote-tracking branch 'upstream/master' into HEAD 2018-02-14 21:30:08 +01:00
Jan Tojnar 8e6ea91496
18.03 release notes: highlight gnome 3.26 2018-02-14 02:18:51 +01:00
Jan Tojnar d8f6c3fd63
18.03 release notes: warn about libinput 2018-02-14 02:18:51 +01:00
Tuomas Tynkkynen 1a06373c0a Merge remote-tracking branch 'upstream/master' into staging
Conflicts:
	pkgs/development/libraries/libclc/default.nix
	pkgs/top-level/all-packages.nix
2018-02-13 16:42:55 +02:00
Franz Pletz 08d3754a89
Merge pull request #34705 from etu/php-upgrade
php: 7.1.14 -> 7.2.2
2018-02-13 12:50:45 +00:00
Profpatsch b806863a82 jid: remove package 2018-02-12 06:23:33 +01:00
Jörg Thalheim c6bd88155e
Merge pull request #34518 from aneeshusa/document-default-kerberos-in-openssh
openssh: Document default Kerberos support
2018-02-10 11:31:35 +00:00
Elis Hirwing 9bbe112dc5
php: 7.1.14 -> 7.2.2 2018-02-07 18:31:29 +01:00
David McFarland a4b7de74a5 matrix-synapse: default to postgresql on 18.03 2018-02-04 21:22:55 -04:00
Jörg Thalheim a4170403e6
Merge pull request #33897 from rnhmjoj/digits
Avoid package attributes starting with a digit
2018-02-02 19:30:23 +00:00
Aneesh Agrawal 478e510ddd openssh: Document default Kerberos support 2018-02-02 00:18:54 -08:00
Franz Pletz 1c2e33f3cf
Merge pull request #34060 from WilliButz/fix-postfix-module
nixos/postfix: fix default postfix config
2018-01-26 13:33:49 +00:00
Franz Pletz f646e9051d
release notes: mention the postfix config option fix
cc #34060
2018-01-26 14:27:15 +01:00
Orivej Desh ce1d740fa6 addPassthru: fix argument order
addPassthru became unused in #33057, but its signature was changed at the same
time.  This commit restores the original signature and updates the warning and
the changelog.
2018-01-24 23:06:12 +00:00
rnhmjoj aff5137fc0
docs: document changes regarding package attribute with a digit 2018-01-16 21:13:16 +01:00
Linus Heckemann 730f8530a8 amd-hybrid-graphics module: remove
This was only applicable to very specific hardware, and the only person
with an apparent interest in maintaining it (me) no longer uses the
hardware in question.
2018-01-15 23:17:12 +00:00
Vladimír Čunát 67e8392383
Merge #33057: stdenv meta checks: make them lazy
Closes #22277 - it's superseded;  I have some WIP on evaluation
performance, but best do that in a separate PR/thread.
2018-01-14 21:41:31 +01:00
Vladimír Čunát 799b941a2b
release notes: mention removal of lib.addPassthru 2018-01-14 21:34:55 +01:00
rnhmjoj 4ebb9621f4
Revert "nixos/dnscrypt-proxy: remove"
This reverts commit 5dc2853981.
The project has a new maintainer.
2018-01-08 15:09:33 +01:00
Joachim Fasting 5dc2853981 nixos/dnscrypt-proxy: remove
The upstream project ceased.

See https://github.com/NixOS/nixpkgs/issues/33540
2018-01-07 17:00:32 +01:00
Maximilian Bosch e18b0b6033
test-driver: mention $user argument in the NixOS manual and the Impala release notes 2018-01-06 10:09:18 +01:00
José Romildo Malaquias d0eb40b311 lightdm-gtk-greater: add configuration options for clock format and indicators 2018-01-06 02:20:53 +00:00
Jörg Thalheim c9c8a2c5b3 nixos/memcached: make unix sockets usuable
before:
  - /var/run/memcached is a bad default for a socket path, since its
    parent directory must be writeable by memcached.
  - Socket directory was not created by the module itself -> this was
    left as a burden to the user?
  - Having a static uid with a dynamic user name is not very useful.

after:
  - Replace services.memcached.socket by a boolean flag. This simplifies
    our code, since we do not have to check if the user specifies a
    path with a parent directory that should be owned by memcached
    (/run/memcached/memcached.sock -> /run/memcached).
  - Remove fixed uid/gid allocation. The only file ever owned by the
    daemon is the socket that will be recreated on every start.
    Therefore user and group ids do not need to be static.
  - only create the memcached user, if the user has not specified a
    different one. The major use case for changing option is to allow
    existing services (such as php-fpm) opening the local unix socket.
    If we would unconditionally create a user that option would be
    useless.
2018-01-03 12:33:36 +01:00
John Ericson 4d2b763817
Merge pull request #26805 from obsidiansystems/cross-elegant
Make cross compilation elegant
2017-12-30 22:58:02 -05:00
John Ericson a98e68676d doc: Breaking change release not for dependency propagation logic 2017-12-30 22:42:15 -05:00
John Ericson 553fd19e67 Merge branch 'ericson2314-cross-base' into staging 2017-12-30 22:39:19 -05:00
John Ericson d67e0921e9 doc: Breaking change release note for bintools-wrapper 2017-12-30 19:27:52 -05:00
Vladimír Čunát 0ac589246a
release-notes 18.03: fixup build after 553e8be1 2017-12-29 11:28:17 +01:00
Robin Gloster 553e8be1d9 release-notes 18.03: add MariaDB update notes 2017-12-29 02:18:35 +01:00
Samuel Leathers 7becd38cdf
Merge pull request #31068 from dalaing/fdisk-examples
nixos manual: Adds some examples of how to use fdisk.
2017-12-17 14:24:32 -05:00
Florian Jacob fc21593352 nixos/btrfs: add services.btrfs.autoScrub
for automatic regular scrubbing of mounted btrfs filesystems,
similar to what's already there for zfs.
2017-12-13 11:00:28 +01:00
Sarah Brofeldt b694fa0054 nixos/logstash: Listen on 127.0.0.1 instead of 0.0.0.0 2017-12-09 11:32:14 +01:00
jeaye 03f7adfdd1
nixos/ssh: Update 18.03 release notes
Since ssh-dss is no longer supported by default, users relying on those
keys for their login may be locked out. They should ideally use stronger
keys, but adding the support for ssh-dss back in can also be done
through extraConfig.
2017-11-18 15:35:56 -08:00
Tim Steinbach c9b8bbd039
Merge pull request #31268 from Ma27/x11-defaults
services.xserver: fix defaults of X11
2017-11-15 16:41:52 +00:00
rnhmjoj ebbe165860
docs: document networking.wireless changes 2017-11-12 00:39:17 +01:00
Maximilian Bosch 5b70c1855b
Revert "Revert "services.xserver: assert that either desktop- or window manager is not "none"""
This reverts commit e64dc25434.
2017-11-05 07:32:56 +01:00
Herwig Hochleitner e64dc25434 Revert "services.xserver: assert that either desktop- or window manager is not "none""
This reverts commit 93c54acf97.
This reopens #30517 @nbp @Ma27

Breaking people's config for this is hardly reasonable as is. If it
absolutely cannot be avoided, at the very least, we need to provide
clear instructions on what people need to upgrade in their config. I
actually had to bisect to the commit, to even find out what property I
should change or define, as the error message was useless. It didn't
even mention a property name.

Discussion on the PR seems to be ongoing, so I'm reverting this, so we
don't break people's systems on unstable.
2017-11-05 01:51:13 +01:00
Maximilian Bosch 93c54acf97 services.xserver: assert that either desktop- or window manager is not "none"
resolves #11064
2017-11-04 15:30:20 +01:00
Bas van Dijk c894327215 postage: replaced by pgmanage-10.0.2
postage is no longer maintained and has been replaced by the identical pgmanage. See:

https://github.com/workflowproducts/postage#postage-has-been-replaced-with-pgmanage

The following error is raised when a user enables the deprecated `services.postage.enable` option:

Failed assertions:
- services.postage is deprecated in favor of pgmanage. They have the same options so just substitute postage for pgmanage.
2017-11-03 00:14:00 +01:00
Dave Laing 0cf74190a9 nixos manual: Adds some examples of how to use fdisk.
Also unifies the BIOS and UEFI installation instructions.

It's a fairly basic usage, but it makes explicity the fact that
you should at least have a main partition and a swap partition,
and will save some users a bit of internet searching while they
are getting set up.
2017-11-01 13:48:09 +10:00
Ryan Hendrickson c522aaafde nixos/postfix: allow dollar parameters in lists (#30612) 2017-10-23 17:57:20 +02:00
Guillaume Maudoux 10dcf5897c 18.03 release notes: mention ZNC mutability change 2017-10-08 00:43:40 +01:00
Nikita Uvarov a2ce4f25fe 17.09 release notes: fix typo 2017-10-01 12:44:06 +02:00
Franz Pletz 5b8a798137
17.09 release notes: mention KDE upgrades 2017-09-29 01:52:17 +02:00
Franz Pletz c22d717c75
17.09 release notes: fix typos & ordering 2017-09-29 01:52:17 +02:00
Franz Pletz 49f175cd0c
17.09 release notes: add network interface rename note
Fixes #29197.
2017-09-29 00:07:37 +02:00
Robin Gloster 83405798e6
17.09 release notes: update information on gitlab 2017-09-28 23:14:31 +02:00
Robin Gloster 4ca4d6afca
18.03 release notes: reformat 2017-09-28 16:41:20 +02:00
Robin Gloster a19c52a101
17.09 release notes: reformat and generate added services 2017-09-28 16:41:20 +02:00
Robin Gloster 69344de783
Revert "dockerTools.pullImage: release note regarding sha256 argument value"
This reverts commit ea6d37c2bb.
2017-09-28 14:09:49 +02:00
Joachim Fasting a06f839439
nixos/release-notes: notable changes to the dnscrypt-proxy service 2017-09-27 23:47:15 +02:00
Robin Gloster 34750bb51c
17.09 release notes: redis cluster mass-restart needed
see #29516
2017-09-27 22:15:13 +02:00
Vladimír Čunát f2955e4fde
manuals: fixup steam note, as the change is in 17.09
I didn't notice the cherry-pick, but Globin found out immediately.
/cc #29180.
2017-09-27 20:33:24 +02:00
Vladimír Čunát 4013b381b3
manuals: document removal of newStdcpp from steam
/cc #29180.
2017-09-27 20:12:06 +02:00
Rodney Lorrimar 34eefdfb9d nixos/release-notes: MySQL backup service breaking changes 2017-09-27 18:44:49 +02:00
Robin Gloster 6ab200b066
17.09 release notes: fix typo 2017-09-26 22:40:02 +02:00
Robin Gloster 3414265efa
17.09 release notes: add module changes 2017-09-26 03:28:05 +02:00
Rodney Lorrimar 151b34460c nixos/release-notes: MySQL declarative users/databases
Documents a possible migration step required to use the new options.
2017-09-26 02:22:31 +02:00
Aneesh Agrawal 28c2cea847 radicale: Test migration functionality
This also provides an example of how to migrate.
2017-09-18 09:11:36 -07:00
Aneesh Agrawal fcd590d116 radicale: Add extraArgs option to assist in data migration 2017-09-18 00:29:01 -07:00
Antoine Eiche ea6d37c2bb dockerTools.pullImage: release note regarding sha256 argument value 2017-09-17 08:26:02 +01:00
Graham Christensen 83043c948e
release notes: gnupg programs are no longer suffixed 2017-09-03 09:02:41 -04:00
Joachim Fasting 268eb4adb7
nixos: purge remaining grsecurity bits
:(

Fixes https://github.com/NixOS/nixpkgs/issues/28859
2017-09-02 20:35:24 +02:00
Joachim Fasting 9935806894
nixos/release-notes: grsecurity support removed for 17.09 2017-09-02 20:35:07 +02:00
Graham Christensen 9d2777a5a5
Mark synaptics as deprecated 2017-08-30 20:32:45 -04:00
Franz Pletz 5d5be9706e
Impala makes packaging a life-long addiction
Take that recursive acronym, GNU!
2017-08-30 23:13:56 +02:00
Frederik Rietdijk 6d4bd78fad Merge commit '2858c41' into HEAD 2017-08-30 21:07:07 +02:00
Graham Christensen 128cdeffd0
compiz: drop 2017-08-30 06:59:20 -04:00
Franz Pletz 7d1d019650 Merge pull request #27826 from Infinisil/radicale
radicale: update to version 2
2017-08-30 02:17:34 +02:00
Tom Hunger d269d8dbd6 Uppercase GNOME version. 2017-08-28 19:50:59 +01:00
Linus Heckemann b73e3b6095 GNOME: 3.22 -> 3.24
This is a squash commit of the joint work from:

* Jan Tojnar (@jtojnar)
* Linus Heckemann (@lheckemann)
* Ryan Mulligan (@ryantm)
* romildo (@romildo)
* Tom Hunger (@teh)
2017-08-28 15:32:49 +01:00
Frederik Rietdijk 31ba3649ec Merge pull request #28189 from Nadrieril/ffsync-non-root
firefox syncserver service: run as non-root user by default
2017-08-24 20:47:52 +02:00
Michael Peyton Jones e675296a9c Release notes: add note for overlays via file 2017-08-17 22:13:39 +00:00
Silvan Mosberger e16a0988bc
radicale: 1.1.4 -> 2.1.2
This commit readds and updates the 1.x package from 1.1.4 to 1.1.6 which
also includes the needed command for migrating to 2.x

The module is adjusted to the version change, defaulting to radicale2 if
stateVersion >= 17.09 and radicale1 otherwise. It also now uses
ExecStart instead of the script service attribute. Some missing dots at
the end of sentences were also added.

I added a paragraph in the release notes on how to update to a newer
version.
2017-08-13 17:23:43 +02:00
Nadrieril 69a4836df5 firefox syncserver service: run as non-root user by default 2017-08-12 14:42:50 +01:00
Franz Pletz 0f4179aed2
fixup! reword 2017-08-06 15:16:57 +02:00
Linus Heckemann 0abf9d2b12 Document timezone changes in release notes 2017-08-05 12:06:31 +01:00
John Ericson a753f2fef7 17.09 release-notes: New breaking change: cc-wrapper exports more env vars 2017-08-04 13:43:38 -04:00
Robin Gloster dc13376ee2
wvdial: remove 2017-08-04 02:24:07 +02:00
Robin Gloster a4647bc33f
tlsdate: remove
Dead and does not build with openssl 1.1.
Debian has removed it, too.
2017-08-04 02:24:03 +02:00
Robin Gloster 2799a94963
zfs, spl: 0.6.5.11 -> 0.7.0 2017-07-27 19:00:54 +02:00
Graham Christensen ef95175ba3
manual: update mailing list links 2017-07-18 07:54:36 -04:00
Nadrieril 8669fb1f96 tinc service: BindToAddress and ListenAddress are different options, they should not be mistaken 2017-07-17 13:07:49 +02:00
Pascal Bach f71d556e18 mysql service: add changelog for changed dataDir 2017-07-08 00:28:01 +02:00
nonsequitur 8210d86041 Release notes: Fix syntax in code sample 2017-07-05 16:39:19 +03:00
Franz Pletz 994ffc01a0
ssh module: disable agent by default 2017-06-15 19:27:01 +02:00
Edward Tjörnhammar 3dcecf09fc
Remove aiccu package and service due to sunsetting.
https://www.sixxs.net/main/
2017-06-15 06:58:08 +02:00
Franz Pletz ac5258edb2
caddy service: don't use extra dotdir in dataDir 2017-06-13 21:21:59 +02:00
Jan Tojnar e35f3c0679
doc: Fix some typos 2017-06-11 22:13:42 +02:00
Pascal Bach de52d2450e Cleanup PostgreSQL for state version 17.09 (#25753)
* postgresql service: make 9.6 the default version for 17.09

* postgresql service: change default superuser for 17.09

Change the default superuser from `root` to `postgres` for state
version 17.09

* postgresql service: change default data directory for 17.09

The new directory includes the schema version of the database.
This makes upgrades easier and is more consistent with other distros.

* updated nixos release notes
2017-05-30 21:05:39 +01:00
Silvan Mosberger df8a7d956d ipfs service: dataDir backwards compatibility (#25782)
Fixes dataDir existance detection. Fixes #25759, #26069.
2017-05-24 20:51:02 +02:00
aszlig 9dca737d62
Merge pull request #15353 (improve xrandrHeads)
When you have a setup consisting of multiple monitors, the default is
that the first monitor detected by xrandr is set to the primary monitor.

However this may not be the monitor you need to be set as primary. In
fact this monitor set to primary may in fact be disconnected.

This has happened for the original submitter of the pull request and it
affected these programs:

 * XMonad: Gets confused with Super + {w,e,r}
 * SDDM: Puts the login screen on the wrong monitor, and does not
         currently duplicate the login screen on all monitors
 * XMobar: Puts the XMobar on the wrong monitor, as it only puts the
           taskbar on the primary monitor

These changes should fix that not only by setting a primary monitor in
xrandrHeads but also make it possible to make a different monitor the
primary one.

The changes are also backwards-compatible.
2017-05-02 23:14:26 +02:00
Peter Marheine fd1f1aca9e release notes: incompatible flexget upgrade 2017-05-01 10:10:34 +02:00
aszlig d7a8876c13
nixos/doc: Improve release notes for xrandrHeads
The xrandrHeads option has been there since a long time, so there is no
need to advertise it as a new feature.

Instead, let's focus on just what has changed, which is that we now
assign one head to be primary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-24 11:54:38 +02:00
Roger Qiu bb6a5b079f nixos/xserver: Changed xrandrHeads to support corresponding monitor section configuration in Xorg 2017-04-21 22:01:29 +10:00
Jörg Thalheim c84dd4f09e Merge pull request #24526 from miltador/jetbrains
idea: numerous fixes and improvements
2017-04-11 13:56:20 +02:00
Carles Pagès d5a623cb39 Update 17.03 release notes 2017-04-03 22:54:34 +02:00
Vasiliy Solovey 4fc2a86795 rl-notes 17.09: add note about idea -> jetbrains renaming 2017-04-01 12:46:27 +03:00
Robin Gloster cbd6fb1b3a
Release Notes: tracking UIDs/GIDs is in 17.09 2017-03-31 15:51:37 +02:00
Eelco Dolstra e241fb87a1
Update 17.03 release notes 2017-03-31 15:00:30 +02:00
Robin Gloster 163668f6c4
Release Notes 17.03: update on master 2017-03-30 22:52:08 +02:00
Joachim Fasting c504e14c87
rl-notes 17.03: add notes about changes to the dnscrypt-proxy interface
(cherry picked from commit 9613677176)
2017-03-30 13:36:08 +02:00
Joachim Fasting 8427222eca
rl-notes 17.03: add note about pre-NSS dnscrypt-proxy
(cherry picked from commit de5d4dc147)
2017-03-29 00:05:48 +02:00
Vladimír Čunát c1a9dc3d37
Merge branch 'master' into staging 2017-03-23 13:31:28 +01:00
Eelco Dolstra 86721a5f78
Allow attaching to non-child processes by default
The inability to run strace or gdb is the kind of
developer-unfriendliness that we're used to from OS X, let's not do it
on NixOS.

This restriction can be re-enabled by setting

  boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1;

It might be nice to have a NixOS module for enabling hardened defaults.

Xref #14392.

Thanks @abbradar.
2017-03-21 18:48:35 +01:00
Robin Gloster c93eb74e6a Merge pull request #23838 from mayflower/remove-md5
fetch-*: remove md5 support
2017-03-21 13:27:51 +01:00
Frederik Rietdijk 94eb74eaad Merge remote-tracking branch 'upstream/master' into HEAD 2017-03-21 13:04:37 +01:00
Frederik Rietdijk 4263c53f66 Python changelog 2017-03-21 11:05:03 +01:00
Robin Gloster 5e0f932de0
rl-notes 17.03: info on python module location
closes #11567
2017-03-20 23:28:51 +01:00
Robin Gloster c066dc8416
fetch-*: add md5 support removal to rl-notes 2017-03-20 22:26:02 +01:00
Thomas Tuegel d458b5401a
nixos/fontconfig: add Changelog message about FreeType update 2017-03-20 10:39:48 -05:00
Franz Pletz 8ab2d2ee27
rmilter service: support only one socket 2017-03-17 23:00:34 +01:00
Daiderd Jordan 35a65a6704
release-nodes: move disabledModules to 17.09 2017-03-05 14:17:00 +01:00
Daiderd Jordan d88721e440
modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.

A new version with a workaround for problems of the reverted original.
Discussion: https://github.com/NixOS/nixpkgs/commit/3f2566689
2017-03-03 13:45:22 +01:00
Vladimír Čunát fcec3e1c72
Revert "modules: add support for module replacement with disabledModules"
This reverts commit 3f2566689d for now.
Evaluation of the tested job got broken, blocking nixos-unstable.
2017-03-01 21:56:01 +01:00
Vladimír Čunát b43614a6bb
Merge branch 'staging'
(Truly, this time :-)
2017-03-01 11:34:44 +01:00
Daiderd Jordan 3f2566689d modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.
2017-02-28 00:14:48 +01:00
Vladimír Čunát 81b43ccd57
17.09 release notes: fix typos 2017-02-27 23:03:16 +01:00
Robin Gloster 755902b543
release-notes: add 17.09 2017-02-27 20:46:34 +01:00
Vladimír Čunát a1919db7cd
Merge branch 'master' into staging 2017-02-27 20:15:27 +01:00
Frederik Rietdijk f69292ddc0 Python: explain deterministic builds in release notes 2017-02-26 14:51:26 +01:00
Graham Christensen a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Franz Pletz 9b81dcfda2
nixos/release-notes: fix typos 2017-02-22 08:45:30 +01:00
Jörg Thalheim 45719174c3
nixos/release-notes: mention iputils changes 2017-02-22 00:32:52 +01:00
Graham Christensen 7483ba0932
Revert "nix-daemon: default useSandbox to true"
This reverts commit d0a086770a.
2017-02-14 14:13:39 -05:00
Graham Christensen 3be1388963 Merge pull request #22767 from grahamc/sandbox-by-default
nix-daemon: default useSandbox to true
2017-02-14 13:57:44 -05:00
Parnell Springmeyer fb6d13c01a
Addressing feedback and fixing a bug 2017-02-14 07:38:45 -06:00
Parnell Springmeyer 9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Graham Christensen d0a086770a
nix-daemon: default useSandbox to true 2017-02-13 18:06:01 -05:00
Robin Gloster 7e5424ac09
php: default to php71 2017-02-13 22:48:45 +01:00
Vladimír Čunát 3348905cde
xorg-server: major bump 1.18.4 -> 1.19.1
I encountered no problems with it.  Nvidia binary drivers are tested,
and AMD ones now both set `abiCompat` to use older server versions.
2017-02-12 13:24:44 +01:00
Edward Tjörnhammar 2f5fdaefec
nixos, doc: dictd dbs move 2017-02-09 22:23:11 +01:00
Edward Tjörnhammar 3c9d73f100
nixos, doc: named nylons 2017-02-09 21:18:57 +01:00
Nikolay Amiantov 504774e223 release notes: mention JRE changes and jre_headless 2017-02-08 21:36:22 +03:00
Nikolay Amiantov 52c7e647ab postfix service: don't empty local_recipient_maps
From Postfix documentation:

With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
2017-02-06 01:41:27 +03:00
Parnell Springmeyer 6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Parnell Springmeyer e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Frederik Rietdijk 46b1ea260a pythonPackages.ansible2: move 2.2 to separate file, make default
`pythonPackages.ansible_2_2` is now the default `ansible`.
2017-01-27 10:15:31 +01:00
Parnell Springmeyer a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Parnell Springmeyer 025555d7f1
More fixes and improvements 2017-01-26 00:05:40 -08:00
Franz Pletz 8d5a4c53b8
nixos/release-notes: document conntrack helper changes 2017-01-25 01:14:05 +01:00
John Ericson 7dc4e43837 nixos doc: Mention cross overhaul in 17.03 release notes 2017-01-24 11:37:56 -05:00
Nicolas B. Pierron 0214d94b24 Remove extra "in" keyword from the release notes about overlays.
Thanks to @teh for reporting this issue on the pull request.
2017-01-17 21:24:44 +00:00
Nicolas B. Pierron 8366525cbf Fix release-notes compilation. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron 2d6532b330 Update overlay documentation by following nits from aneeshusa. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron ae7e893de1 Improve the realse notes with the upcoming documentation links, and a better example of how to convert overridePackages usage. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron 6a83c315ec Add missing line break in the release notes. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron f5dfe78a1e Add overlays mechanism to Nixpkgs.
This patch add a new argument to Nixpkgs default expression named "overlays".

By default, the value of the argument is either taken from the environment variable `NIXPKGS_OVERLAYS`,
or from the directory `~/.nixpkgs/overlays/`.  If the environment variable does not name a valid directory
then this mechanism would fallback on the home directory.  If the home directory does not exists it will
fallback on an empty list of overlays.

The overlays directory should contain the list of extra Nixpkgs stages which would be used to extend the
content of Nixpkgs, with additional set of packages.  The overlays, i-e directory, files, symbolic links
are used in alphabetical order.

The simplest overlay which extends Nixpkgs with nothing looks like:

```nix
self: super: {
}
```

More refined overlays can use `super` as the basis for building new packages, and `self` as a way to query
the final result of the fix-point.

An example of overlay which extends Nixpkgs with a small set of packages can be found at:
  https://github.com/nbp/nixpkgs-mozilla/blob/nixpkgs-overlay/moz-overlay.nix

To use this file, checkout the repository and add a symbolic link to
the `moz-overlay.nix` file in `~/.nixpkgs/overlays` directory.
2017-01-16 01:17:33 +01:00
John Ericson 0ef8b69d12 top-level: Modernize stdenv.overrides giving it self and super
Document breaking change in 17.03 release notes
2017-01-13 10:36:11 -05:00
Vladimír Čunát 2b8566f556
release notes: grammar nitpicks in an entry
/cc #21257.
2016-12-18 13:31:56 +01:00
Jörg Thalheim feb6dbc916 ntp: document new default ntp service in release notes 2016-12-18 12:25:46 +01:00
Nikolay Amiantov 6bb292d42b parsoid service: update, use declarative configuration
Old configuration format is disabled now (it can still be used, but with
additional steps). This is a backwards incompatible change.
2016-11-20 19:12:14 +03:00
Eric Sagnes e14de56613 module system: extensible option types 2016-11-06 00:05:58 +01:00
Bjørn Forsman 8cbdd9d0c2 nixos/release-notes: move "PHP config-file-scan-dir" from 16.09 to 17.03
Commits

  351d12437 ("nixos/release-notes: PHP config-file-scan-dir /etc -> /etc/php.d")
  41c8aa8d6 ("php: change config-file-scan-dir from /etc to /etc/php.d")

were merged to master _after_ NixOS 16.09. Commit 351d12437 then wrongly
updated the NixSO 16.09 release notes. Fix by moving the entry to NixOS
17.03.
2016-10-16 17:21:24 +02:00
Vladimír Čunát 54a76b3f5d release-notes: fixup bad conflict resolution in bef6bef
/cc #19324.
2016-10-13 09:49:47 +02:00
Profpatsch bef6bef0d2
stdenv/stripHash: print to stdout, not to variable
`stripHash` documentation states that it prints out the stripped name to
the stdout, but the function stored the value in `strippedName`
instead.

Basically all usages did something like
`$(stripHash $foo | echo $strippedName)` which is just braindamaged.
Fixed the implementation and all invocations.
2016-10-11 18:34:36 +02:00
Jörg Thalheim 8a690b2a9f Merge pull request #17922 from bjornfor/php-config-file-scan-dir
php: change config-file-scan-dir from /etc to /etc/php.d
2016-10-09 21:45:48 +02:00
Aneesh Agrawal dfb7ea6fd1 kernel: Document Yama implications in release notes 2016-10-08 17:46:33 +02:00
Peter Simons 6e785be571 Document removal of LTS Haskell package sets in 16.09 release notes.
This patch closes https://github.com/NixOS/nixpkgs/issues/14897.
2016-09-30 14:53:31 +02:00
Domen Kožar 73dd89205c changelog for #18011
(cherry picked from commit 51cf16f4b4)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Domen Kožar 3781095b5d changelog for #18365
(cherry picked from commit 14c16f2fdb)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Domen Kožar 3d36eecf17 changelog for hydra package/module
(cherry picked from commit 1eaad0150c)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Domen Kožar 2b76a6f66a changelog for #9523
(cherry picked from commit b3a5bc5f57)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Domen Kožar d80c1612a6 changelog for #14148
(cherry picked from commit e293a85e24)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Domen Kožar 50be1a1765 changelog for gnupg bump, fixes #18293
(cherry picked from commit 1ff2b10f28)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Eelco Dolstra a9166d143d Some release notes updates 2016-09-29 13:48:38 +02:00
Robert Helgesson 9d2a831497
radicale: break into own package
Since this is an application it is not suitable for pythonPackages,
which is more appropriate for Python modules.
2016-09-25 22:15:19 +02:00
Domen Kožar 001d314e87 Merge pull request #18574 from ericsagnes/feat/mongodb
MongoDB service: switch configuration format to YAML
2016-09-21 14:19:17 +02:00
Guillaume Maudoux 2184df98f7 Add changelog for container config (#18756) 2016-09-19 11:05:10 +02:00
Eric Sagnes 5cd565e507 mongodb service: switch configuration format to YAML
Configuration format has changed from MongoDB 2.6 to
YAML and MongoDB 2.4 is EOL since March 2016.
2016-09-18 09:29:35 +09:00
Franz Pletz 0a4d60622c
16.09 changelog: add changes to reverse path filter
See #17325.
2016-09-17 14:20:33 +02:00
Nikolay Amiantov bf5d2bc215 16.09 changelog: add mention of special filesystems changes 2016-09-17 13:26:03 +03:00
Kamil Chmielewski 914e0e594c buildGoPackage: deps.json -> deps.nix in NIXON
https://github.com/NixOS/nixpkgs/pull/17254#issuecomment-245295541

* update docs to describe `deps.nix`
* include goDeps in nix-shell GOPATH
* NixOS 16.09 rel notes about replacing goPackages
2016-09-16 00:04:55 +01:00
aszlig 1781e95577
Merge pull request #18567 (VirtualBox 5.1.6)
This introduces VirtualBox version 5.1.6 along with a few refactored
stuff, notably:

  * Kernel modules and user space applications are now separate
    derivations.
  * If config.pulseaudio doesn't exist in nixpkgs config, the default is
    now to build with PulseAudio modules.
  * A new updater to keep VirtualBox up to date.

All subtests in nixos/tests/virtualbox.nix succeed on my machine and
VirtualBox was reported to be working by @DamienCassou (although with
unrelated audio problems for another fix/branch) and @calbrecht.
2016-09-14 02:20:16 +02:00
aszlig 4a44eca07d
nixos/release-notes: Add VirtualBox changes
The change is backwards-compatible for users of the NixOS module but not
if people were using the package directly, so let's warn users about
that.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-09-13 06:34:33 +02:00
Kirill Boltaev a769e0ffae nixos manual: mention gtk-related alias changes 2016-09-12 18:26:06 +03:00
Vladimír Čunát bd6e40c27d Merge #16391: texlive: 2015 -> 2016
Mirroring isn't finalized, but we'll have to fix that on the go.
2016-09-10 12:04:25 +02:00