* removed firefox-developer-bin
* extend firefox-bin expression to accept sources as input so
firefox-developer-bin can be packaged outside nixpkgs
* generate_sources.rb now includes full urls in the output
(This is a rewritten version of the reverted commit
a927709a35cee56f878f0f57a932e1a6e2ebe23b, that disables the creation of
/var/empty during build so that sandboxed builds also works. For more
context, see https://github.com/NixOS/nixpkgs/pull/16966)
If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:
fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group or world-writable.
The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.
Currently pencil won't start, due to incompatible firefox version:
$ pencil
Error: Platform version '47.0.1' is not compatible with
minVersion >= 36.0
See https://github.com/prikhi/pencil/issues/840.
This follows on from PR #16965 for qrupdate and PR #16968 for fltk.
WIth these, the added explicit dependencies on arpack (to support
the octave `eigs` function) and `libwebp`, and not pulling X11 things,
octave works properly on darwin.
As pointed out by @danbst, the tomcat NixOS module expects packages
listed in services.tomcat.webapps to either be direct .war file paths or
have .war files inside a "webapps" directory.
Commit 4075c10a59af455db2012beb313453662f09dad0
("jenkins: move .war file from $out to $out/lib/jenkins.war") broke
jenkins + tomcat. Fix it by moving jenkins.war to $out/webapps/.
The grsec patch fails to apply cleanly when combined with the hiddev CVE patch
(added in dde259dfb5a0787b28e260da7575079bbabad6c3). To fix this and future
problems, we set all our patches explicitly rather than inherit from the base
kernel.
Fixes#14137, also known as:
$ nix-shell -p jenkins
bash: source: /nix/store/ln1yw6c2v8bb2cjqfr1z5aqcssw054wa-jenkins-2.3:
cannot execute binary file
[nix-shell exited with error]
The problem is that jenkins.war is not installed inside the directory
$out, but rather _as the file_ $out. Fix it by moving the file to
$out/lib/jenkins.war.
While at it, move buildCommand so that the "meta" section is at the end
of the expression (standard style), and quote shell variables.
