Regression introduced by 1010271c63f503113c0e8337977610ea783880ec.
This caused the line after using the loginuid module to be concatenated
with the next line without a newline.
In turn this has caused a lot of the NixOS VM tests to either run very
slowly (because of constantly hitting PAM errors) or simply fail.
I have tested this only with one of the failing NixOS tests.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Darwin systems need to be able to find CoreFoundation headers as well as
libc headers. Somehow, gcc doesn't accept any "framework" parameters
that would normally be used to include CoreFoundation in this
situation.
HACK: Instead, this adds a derivation that combines the two. The result
works but probably not a good long term solution.
ALTERNATIVES: Maybe sending patches in to GCC to allow
"native-system-framework" configure flag to get this found.
gcc needs to be able find system headers. Without this, gcc fails to build because
/usr/include is not available.
Note: stdenv.libc should be available for all stdenv's, I think.
This should get gcc48, gcc5, and gcc6 working again.
Also: use makeLibraryPath, and makeSearchPathOutput for LIBRARY_PATH and
CPATH. This is a refactor but it also fixes an issue with zlib.
Also change to https src.url.
Changelog at https://www.opensmtpd.org/announces/release-6.0.0.txt
In particular, note that
- logging format has been reworked so scripts that consume opensmtpd
logs may need updating
- dhparams option has been removed
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
1. The preStart script ensures consistent ownership, even if the unbound
user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
it, so it would not matter that a different service would end up
owning its data (as long as unbound remains enabled, it should reclaim
ownership soon enough anyway).
Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service. This releases uid/gid 48.
Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
