public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
142,962 Commits 1 Branch 0 Tags
Commit Graph

8741 Commits

Author SHA1 Message Date
Jaka Hudoklin
c083ab99b2 Merge pull request #17969 from offlinehacker/pkgs/etcd/update-3.0.6 
Update etcd, improve nixos module, fix nixos tests
 2016-09-04 16:31:50 +02:00
Rok Garbas
095c7aefe1
nixos/manual: mentioning other zsh options at program.zsh.enable 
fixes #13224
 2016-09-04 16:31:29 +02:00
Karn Kallio
8d977ead38
setuid-wrappers : Prepare permissions for running wrappers 
The new setuid-wrappers in /run cannot be executed by users due to:

1) the temporary directory does not allow access
2) the /run is mounted nosuid
 2016-09-04 03:19:32 +02:00
Alexander Ried
1542bddcc8 nixos-install.sh: Create /var (#18266) 
Got lost in a6670c1a0b8cda8235296900cff950f39f60cf4f
 2016-09-03 19:17:44 +02:00
Joachim F
3db5311be9 Merge pull request #18207 from tavyc/quagga-module 
quagga service: init
 2016-09-03 16:23:23 +02:00
Damien Cassou
f96cd1ea64 emacs module: Fix to get properly themed GTK apps 2016-09-03 08:25:25 +02:00
Tuomas Tynkkynen
e2c6740c37 Merge commit 'adaee73' from staging into master 
This one was already merged into release-16.09, so let's not have the
stable branch is ahead of master and confuse things. In addition to
that, currently we have an odd situation that master has less things
actually finished building than in staging.

Conflicts:
	pkgs/data/documentation/man-pages/default.nix
 2016-09-03 01:02:51 +03:00
Vladimír Čunát
02217bf697 Merge #17838: postgresql: Fix use with extensions 2016-09-02 20:09:40 +02:00
Octavian Cerna
a30d4654f2 quagga service: New NixOS module. 2016-09-02 13:59:51 +03:00
Rob Vermaas
d6dbe43af2 bightbox-image.nix: use lib in stead of stdenv.lib. Fixes #18208 2016-09-02 10:04:09 +00:00
Lancelot SIX
5b8072fff6
postgresql: Fix use with extensions 
Fixes #15512 and #16032

With the multi output, postgresql cannot find at runtime what is its
basedir when looking for libdir and pkglibdir. This commit fixes that.
 2016-09-02 11:51:21 +02:00
Nikolay Amiantov
608ee1c7b3 mjpg-streamer service: restart on failure 2016-09-02 11:44:16 +03:00
Luca Bruno
15bb6bb9d6 Merge pull request #15893 from groxxda/fix/accountsservice 
accountsservice: refactor package and service
 2016-09-02 08:16:10 +00:00
Parnell Springmeyer
1f9494b752 Need to create a new build to see why it's failing 2016-09-01 19:47:41 -05:00
Parnell Springmeyer
d60581d4d6 Resolving that silly bad argument error. 2016-09-01 19:26:54 -05:00
Parnell Springmeyer
c686da8655 Updatig the chromium-suid-sandbox module 2016-09-01 19:26:30 -05:00
Parnell Springmeyer
849dcde2a5 Wonder why this wasn't removed in the rebase? 2016-09-01 19:22:37 -05:00
Parnell Springmeyer
98c058a1ee Adapting everything for the merged permissions wrappers work. 2016-09-01 19:21:06 -05:00
Parnell Springmeyer
390ab0b3ef everything?: Updating every package that depended on the old setuidPrograms configuration. 2016-09-01 19:17:43 -05:00
Parnell Springmeyer
81b33eb466 security: Updating the machinery for creating the wrapper programs dir in var and updating ping and ping6 for changed config interface. 2016-09-01 19:16:36 -05:00
Parnell Springmeyer
79e81aa31b security: Removing the old wrappers and replacing with 'permissions-wrappers' 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
c16647ec29 security: switching to linuxHeaders so we always stay current with the selected kernel. 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
79f1a1e07a security: need to specify the ping binary paths for setcap wrappers. 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
2efb60c8e9 security: tweaking the setcap-wrapper example to be more relevant 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
4e98aa639f module-list: adding setcap-wrappers to the import list 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
1c0f672f7a security: update setcap-wrappers dir to match the system-level dir we're creating on init 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
12a23b3d91 boot: create setcap-wrappers dir as a tmpfs 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
6fe93ae42a installer: adding perl 'next if' skip command for setcap-wrappers dir 2016-09-01 19:15:09 -05:00
Parnell Springmeyer
00dc2c559c installer: adding mkdir command for the setcap-wrappers dir 2016-09-01 19:15:09 -05:00
Parnell Springmeyer
b3d63f8191 security: whitespace wibble 2016-09-01 19:13:54 -05:00
Parnell Springmeyer
bfc3956376 security: adding setcap-wrapper functionality 2016-09-01 19:13:54 -05:00
Parnell Springmeyer
5deed1cb86 network-interfaces: use setcap-wrappers for ping and ping6 iff linux kernel is at-least 4.3 2016-09-01 19:13:54 -05:00
Domen Kožar
a6670c1a0b Fixes #18124: atomically replace /var/setuid-wrappers/ (#18186) 
Before this commit updating /var/setuid-wrappers/ folder introduced
a small window where NixOS activation scripts could be terminated
and resulted into empty /var/setuid-wrappers/ folder.

That's very unfortunate because one might lose sudo binary.

Instead we use two atomic operations mv and ln (as described in
https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/)
to achieve atomicity.

Since /var/setuid-wrappers is not a directory anymore, tmpfs mountpoints
were removed in installation scripts and in boot process.

Tested:

- upgrade /var/setuid-wrappers/ from folder to a symlink
- make sure /run/setuid-wrappers-dirs/ legacy symlink is really deleted
 2016-09-01 20:57:51 +02:00
Данило Глинський (Danylo Hlynskyi)
78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Domen Kožar
d163882770 Merge pull request #18172 from Profpatsch/startAt-type 
systemd-unit-options: startAt can be a list
 2016-09-01 20:44:32 +02:00
Alexander Ried
1529641b52 accountsservice: add support for mutableUsers = false 
Add code to accountsservice that returns an error if the environment
variable NIXOS_USERS_PURE is set. This variable is set from the nixos
accountsservice module if mutableUsers = false
 2016-09-01 15:25:28 +02:00
Joachim Fasting
6df8de50f3
unbound service: whitespace fixes 2016-09-01 14:51:33 +02:00
Joachim Fasting
03c2c87ed6
unbound service: use mkEnableOption 2016-09-01 14:51:32 +02:00
Tuomas Tynkkynen
8c4aeb1780 Merge staging into master 
Brings in:
    - changed output order for multiple outputs:
      https://github.com/NixOS/nixpkgs/pull/14766
    - audit disabled by default
      https://github.com/NixOS/nixpkgs/pull/17916

 Conflicts:
	pkgs/development/libraries/openldap/default.nix
 2016-09-01 13:27:27 +03:00
Tuomas Tynkkynen
d02e5a7d8f nixos/filesystems: Drop compat code for filesystems.*.options type 2016-09-01 12:18:33 +03:00
Eelco Dolstra
8172cd734c docdev -> devdoc 
It's "developer documentation", not "documentation developer" after
all.
 2016-09-01 11:07:23 +02:00
Domen Kožar
f5271680c4 Fixes #14831 by using full path for binaries used in install-grub.pl 
Both btrfs-progs and utillinux are ~5MB, we may discuss in future
to handle this better but I see no better way at the moment than
increaing purity in the install process.
 2016-09-01 10:36:38 +02:00
Domen Kožar
2a7293fd9d install-grub.pl: fix a double slash prefix bug 2016-09-01 10:14:44 +02:00
Domen Kožar
5e5b0d039c install-grub.pl: add comments 2016-09-01 10:14:44 +02:00
Profpatsch
488f0d9cb3 systemd-unit-options: startAt can be a list 
OnCalendar entrys can be specified multiple times in a systemd timer, to
make more complex scheduling possible.

Tested by manually checking the timer generated by the following:

    systemd = {
      services.huhu = {
        description = "meh";
        wantedBy = [ "default.target" ];
        serviceConfig.ExecStart = "/bin/sh -c 'printf HUHU!'";
        startAt = [ "*:*:0/30" "*:0/1:15" ];
      };
    };

It prints HUHU to the log at seconds 0, 15 and 30 of each minute.
 2016-09-01 00:39:36 +02:00
Tuomas Tynkkynen
16b3e26da4 audit: Disable by default 
Because in its default enabled state it it causes a global performance
hit on all system calls (https://fedorahosted.org/fesco/ticket/1311) and
unwanted spam in dmesg, in particular when using Chromium
(https://github.com/NixOS/nixpkgs/issues/13710).
 2016-08-31 23:15:41 +03:00
Tuomas Tynkkynen
5eff0b990c audit service: Explicitly call auditctl to disable everything 
Otherwise, journald might be starting auditing.
Some reading:
    - https://fedorahosted.org/fesco/ticket/1311
    - https://github.com/systemd/systemd/issues/959
    - 64f83d3087
 2016-08-31 23:15:32 +03:00
obadz
a3621b1047 nixos/…/swap.nix: add some safety assertions for randomEncryption 2016-08-31 15:29:11 +01:00
Domen Kožar
d8d75ddec6 Revert "setuid-wrappers: Update wrapper dir atomically." 
This reverts commit ee535056ce01514854cdd1c2d56faad84ae347af.

It doesn't work yet.
 2016-08-31 16:25:18 +02:00
Nikolay Amiantov
4499a505ed hidepid service: use new boot.specialFileSystems 2016-08-31 17:16:41 +03:00