1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-26 15:41:40 +00:00
Commit graph

42520 commits

Author SHA1 Message Date
Peter Simons fb74f950c0 haskell-gtk: update to version 0.12.5.7 2014-04-23 11:17:08 +02:00
Peter Simons 3244e10c1b haskell-glib: update to version 0.12.5.4 2014-04-23 11:17:08 +02:00
Peter Simons cf71fce3a2 haskell-fay: update to version 0.19.2.1 2014-04-23 11:17:08 +02:00
Peter Simons d0967c1324 haskell-explicit-exception: update to version 0.1.7.2 2014-04-23 11:17:08 +02:00
Peter Simons f6c8a17fb5 haskell-esqueleto: update to version 1.3.12 2014-04-23 11:17:08 +02:00
Peter Simons 50780aabe3 haskell-dns: update to version 1.2.2 2014-04-23 11:17:08 +02:00
Peter Simons 7cc98529c7 haskell-derive: update to version 2.5.15 2014-04-23 11:17:08 +02:00
Peter Simons b16fcdcddf haskell-dataenc: update to version 0.14.0.6 2014-04-23 11:17:08 +02:00
Peter Simons 1983e40f10 haskell-cookie: update to version 0.4.1.1 2014-04-23 11:17:08 +02:00
Peter Simons 7f72b38f3c haskell-connection: update to version 0.2.1 2014-04-23 11:17:08 +02:00
Peter Simons fef13a99f9 haskell-conduit: update to version 1.1.0.2 2014-04-23 11:17:08 +02:00
Peter Simons 7acbb2938a haskell-conduit-extra: update to version 1.1.0.1 2014-04-23 11:17:08 +02:00
Peter Simons 2a3cb33350 haskell-conduit-combinators: update to version 0.2.4.1 2014-04-23 11:17:08 +02:00
Peter Simons 00bc025d05 haskell-chell-quickcheck: update to version 0.2.3 2014-04-23 11:17:08 +02:00
Peter Simons 6fa686c078 haskell-atomic-primops: update to version 0.6.0.5 2014-04-23 11:17:08 +02:00
Peter Simons 0ab1f4305b haskell-alsa-pcm: update to version 0.6.0.2 2014-04-23 11:17:08 +02:00
Peter Simons e138265a5b haskell-alsa-mixer: update to version 0.2.0.2 2014-04-23 11:17:08 +02:00
Peter Simons d8e36fac62 haskell-aeson: update to version 0.7.0.3 2014-04-23 11:17:08 +02:00
Peter Simons 9eaa3ef5a2 haskell-RepLib: update to version 0.5.3.2 2014-04-23 11:17:07 +02:00
Peter Simons c2516c30e3 haskell-git-annex: update to version 5.20140412 2014-04-23 11:17:07 +02:00
Peter Simons aeafc12d89 haskell-gtk2hs-buildtools: update to version 0.12.5.2 2014-04-23 11:17:07 +02:00
Peter Simons 4d765a4565 haskell-cabal-meta: re-generate with cabal2nix 2014-04-23 11:17:07 +02:00
Karn Kallio 4587bbbca2 pakcs: update hash for latest version. 2014-04-23 10:54:58 +02:00
Ricardo M. Correia 419a71e1e5 spl, zfs: Add git versions, based on recent commits
Upstream has not been tagging new versions for a long time, but we need
compatibility with newer kernels. The 0.6.2 versions already have a bunch of
backported compatibility patches, but 3.14 kernels need even more.

Also, the git versions have fixed a bunch of crashes and other bugs, so perhaps
we should just bite the bullet and just use recent git versions (as sometimes
upstream recommends, when people run into bugs).

This adds a new "boot.zfs.useGit" boolean option, so that a user can
easily opt into using the git versions.
2014-04-23 01:42:52 +02:00
Ricardo M. Correia b2250ad851 icedtea7: Update from 2.4.6 -> 2.4.7
Fixes a bunch of CVEs.

Removed 2.4.6 build patch, as it's no longer necessary.
2014-04-23 01:39:07 +02:00
Eelco Dolstra fb3629df49 systemd: Re-allow Restart=yes with Type=oneshot 2014-04-22 23:53:21 +02:00
Eelco Dolstra da444ff26f Turn assertion about oneshot services into a warning 2014-04-22 23:53:21 +02:00
Shea Levy 1c84988594 Merge branch 'gdk-pixbuf' of git://github.com/lethalman/nixpkgs 2014-04-22 16:01:19 -04:00
Rickard Nilsson e87343f5d4 haveged: Update from 1.7c to 1.9.1 2014-04-22 21:55:41 +02:00
Bjørn Forsman a70197a653 wireshark: add patch to lookup "dumpcap" in PATH
What this allows us to do is define a "dumpcap" setuid wrapper in NixOS
and have wireshark use that instead of the non-setuid dumpcap binary
that it normally uses.

As far as I can tell, the code that is changed to do lookup in PATH is
only used by wireshark/tshark to find dumpcap. dumpcap, the thing that's
typically setuid, is not affected by this patch. wireshark and tshark
should *not* be installed setuid, so the fact that they now do lookup in
PATH is not a security concern.

With this commit, and the following config, only "root" and users in the
"wireshark" group will have access to capturing network traffic with
wireshark/dumpcap:

  environment.systemPackages = [ pkgs.wireshark ];
  security.setuidOwners = [
    { program = "dumpcap";
      owner = "root";
      group = "wireshark";
      setuid = true;
      setgid = false;
      permissions = "u+rx,g+x";
    }
  ];
  users.extraGroups.wireshark.gid = 500;

(This wouldn't have worked before, because then wireshark would not use
our setuid dumpcap binary.)
2014-04-22 21:33:11 +02:00
Bjørn Forsman cbd4650a1a wireshark: add myself (bjornfor) as maintainer 2014-04-22 21:33:11 +02:00
Bjørn Forsman 27477f1fac wireshark: build with libcap (POSIX capabilities)
This makes running wireshark (or more specifically, dumpcap) as root a
bit more secure. From <wireshark-1.11.2>/doc/README.packaging:

  The "--with-libcap" option is only useful when dumpcap is installed
  setuid. If it is enabled dumpcap will try to drop any setuid privileges
  it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
  capabilities. It is enabled by default, if the Linux capabilities
  library (on which it depends) is found.
2014-04-22 21:33:11 +02:00
Luca Bruno 4a3508ad1a gdk-pixbuf: check for writable $out/.., closes #2115 2014-04-22 21:10:16 +02:00
Shea Levy 7d1ddae58e nixos: evaluate assertions at toplevel, not at systemPackages
Fixes #2340
2014-04-22 14:09:02 -04:00
Eelco Dolstra 5ba24cc8ea Typo/comment 2014-04-22 18:42:44 +02:00
Eelco Dolstra 03d9e5cda0 sshd: Add support for socket activation
By enabling ‘services.openssh.startWhenNeeded’, sshd is started
on-demand by systemd using socket activation. This is particularly
useful if you have a zillion containers and don't want to have sshd
running permanently. Note that socket activation is not noticeable
slower, contrary to what the manpage for ‘sshd -i’ says, so we might
want to make this the default one day.
2014-04-22 17:38:54 +02:00
Eelco Dolstra 83b43cfe51 dbus: Merge tools and daemon
This resolves a cyclic dependency: the daemon depends on tools (for
dbus-send) while tools depends on the daemon.  Keeping them separate
doesn't seem very useful in any case.
2014-04-22 17:38:53 +02:00
Eelco Dolstra baffee02b8 sshd: Always start a session
Partially reverts 70a4c7b1df. Whether to
start a session is independent of whether we're running in a
container.
2014-04-22 17:38:53 +02:00
Eelco Dolstra b4afe5b7bc dbus: Use upstream units 2014-04-22 17:38:53 +02:00
Eelco Dolstra fa3826dcf4 Ignore *.wants in systemd.packages for now 2014-04-22 17:38:53 +02:00
aszlig 52769d5c17
perl-dbix-class: Fix tests with newer SQLite.
Our version of SQLite causes the tests to fail, so I'm hereby adding a
patch from dbsrgits/dbix-class@ed5550d36 with the hunk for the Changes
file dropped.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-04-22 16:27:28 +02:00
Rob Vermaas 1b2b9761b4 dd-agent: update from 4.2.0 to 4.2.1 2014-04-22 15:47:06 +02:00
Eelco Dolstra 6fe24bda2d nss: Update to 3.16 2014-04-22 14:55:51 +02:00
Eelco Dolstra 393c9f2e02 nspr: Update to 4.10.4 2014-04-22 14:55:00 +02:00
Eelco Dolstra a96b1eb745 firefox: Update to 28.0 2014-04-22 14:45:27 +02:00
Vladimír Čunát 662b92e608 liferea: bugfix update
Looks good after some basic testing.
2014-04-22 13:22:14 +02:00
Eelco Dolstra 27a8cada79 openvpn: Add systemd startup notification
This causes OpenVPN services to reach the "active" state when the VPN
connection is up (i.e., after OpenVPN prints "Initialization Sequence
Completed"). This allows units to be ordered correctly after openvpn-*
units, and makes systemctl present a password prompt:

  $ start openvpn-foo
  Enter Private Key Password: *************

(I first tried to implement this by calling "systemd-notify --ready"
from the "up" script, but systemd-notify is not reliable.)
2014-04-22 13:14:58 +02:00
Eelco Dolstra 33b4ab3ac1 openvpn: Update to 2.3.3 2014-04-22 13:14:58 +02:00
aszlig 396da20739
miro: Fix desktop schema GSettings path.
The real path of the schemas is:

$out/share/gsettings-schemas/gsettings-desktop-schemas-3.10.1/glib-2.0/schemas

While the previous approach was to load schemas from:

$out/share/glib-2.0/schemas

So, we're now relying on the setup hook of glib to find the right schema
path.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-04-22 10:32:54 +02:00
Eelco Dolstra 6fec10dda3 libmicrohttpd: Disable tests
http://hydra.nixos.org/build/10584971
2014-04-22 10:05:51 +02:00