Commit Graph

7926 Commits

Author SHA1 Message Date
Jascha Geerds
268ea28b78 pycharm: Update to 4.0.1 2014-12-01 18:27:51 +01:00
Charles Strahan
b90b899b0c rescuetime: add version 2014-12-01 12:19:44 +00:00
Charles Strahan
f9dbd4e1ba rescuetime: fix typo 2014-12-01 12:11:01 +00:00
Charles Strahan
fcb173f70f rescuetime: a time tracking service 2014-12-01 05:16:57 +00:00
aszlig
2b58a6ab0d
virtualbox: Fix extension pack installation.
With hardening, we need to go a bit further rather than just allowing
/nix/store being world-writable. We now use fakeroot to make sure the
VBoxExtPackHelperApp won't moan that the files are not owned by root.

They are, but only outside of the chrooted build process.

Another issue with using fakeroot is that it doesn't seem to cope well
with arguments that contain spaces. That's why I've piped the call into
${stdenv.shell}.

Now, the really gory and confusing part is the introduction of
VBOX_PATH_APP_PRIVATE_ARCH_TOP and the change of VBOX_PATH_APP_PRIVATE.

The VBOX_PATH_APP_PRIVATE_ARCH is *only* for modules and is checked by
the hardened implementation against whether things like VMMR0.r0 or
VBoxVMM.so reside in that directory. As a side note: I admit that the
whole libexec directory is quite polluted with stuff that shouldn't be
there, but for now we've broken enough things and will tear apart the
whole structure at some day in the future[TM].

For the confusing part we have VBOX_PATH_APP_PRIVATE_ARCH_TOP, which
_should_ be the same as VBOX_PATH_APP_PRIVATE_ARCH but unfortunately,
the hardened implementation is checking against this directory (in
IsValidBaseDir) for the extension pack(why!?).

Of course, we could put even that into the libexec directory, somewhat
similar as the official package, but after all, let's at least *try* to
separate things.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-01 03:32:55 +01:00
Jaka Hudoklin
6b2e5c3262 i3: make i3-save-workspace work 2014-11-30 18:40:03 +01:00
aszlig
318fbb34e7
virtualbox: Allow /nix/store being world-writable.
We are already checking whether /nix/store has the sticky bit set, so if
it is world-writable as well it doesn't mean that the actual store path
is writable. Let alone the fact that it is only writable during the
build process.

This should fix installing the extension pack when enableExtensionPack
is used.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-30 18:23:19 +01:00
Cillian de Róiste
e0f0e2c731 Update sonic-visualiser 2.3 -> 2.4.1 and fix attribute name 2014-11-30 10:57:40 +01:00
aszlig
017e6b72c1
virtualbox: Update to upstream version 4.3.20.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-30 06:25:50 +01:00
Jaka Hudoklin
eb2f9f029a kubernetes: build only on x86_64-linux 2014-11-30 01:24:59 +01:00
Arseniy Seroka
3477bc9a47 fix some hashes 2014-11-30 02:25:41 +03:00
aszlig
3e49487c1a
virtualbox: Enable hardening by default.
VirtualBox with hardening support requires the main binaries to be
setuid root. Using VBOX_WITH_RUNPATH, we ensure that the RPATHs are
pointing to the libexec directory and we also need to unset
VBOX_WITH_ORIGIN to make sure that the build system is actually setting
those RPATHs.

The hardened.patch implements two things:

 * Set the binary directory to the setuid-wrappers dir so that
   VboxSVC calls them instead of the binaries from the store path. The
   reason behind this is because nothing in the Nix store can have the
   setuid flag.
 * Excempt /nix/store from the group permission check, because while it
   is group-writeable indeed it also has the sticky bit set (and also
   the whole store is mounted read-only on most NixOS systems), so we're
   checking on that as well.

Right now, the hardened.patch uses /nix/store and /var/setuid-wrappers
directly, so someone would ever want to change those on a NixOS system,
please provide a patch to set those paths on build time. However, for
simplicity, it's best to do it when we _really_ need it.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
aszlig
deec767efa
virtualbox: Disable depmod only where necessary.
Traversing the full source tree is unneccessary, because the calls are
only done within make files. Hence we only substitute make files now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-29 19:21:46 +01:00
Jaka Hudoklin
bd32da69bc Merge pull request #5088 from offlinehacker/nixos/kubernetes
nixos: add kubernetes module
2014-11-29 16:44:42 +01:00
Pascal Wittmann
5dd9d2d342 llpp: update to latest revision, uses now the ninja build system 2014-11-29 14:21:16 +01:00
Jaka Hudoklin
82e40a2820 kubernetes: update to 0.5.4 2014-11-29 02:27:25 +01:00
Jaka Hudoklin
2b261c1edf nixos: add kubernetes module 2014-11-29 02:27:17 +01:00
Ricardo M. Correia
d4b4bae307 Update my maintainership 2014-11-29 02:15:39 +01:00
Bart Brouns
9bcf0178d6 xrandr-invert-colors, a tool to invert the colors of your screen 2014-11-28 13:39:01 +01:00
Arseniy Seroka
c1985405cc Merge pull request #5152 from manveru/neovim
add neovim
2014-11-28 14:36:53 +03:00
Pascal Wittmann
457d56fcec calibre: update from 2.11.0 to 2.12.0 2014-11-28 11:08:12 +01:00
cillianderoiste
98f3e185f2 Merge pull request #5137 from magnetophon/faustPlusCompiler
Faust plus compiler
2014-11-28 09:42:04 +00:00
Cillian de Róiste
e9ec3ea1f2 Add drumgizmo, an LV2 sample based drum plugin 2014-11-28 00:35:23 +01:00
Cillian de Róiste
dae0611770 pidginotr: update from 4.0.0 to 4.0.1 2014-11-27 22:59:34 +01:00
Michael Fellinger
917bf6865a add neovim 2014-11-27 22:16:43 +01:00
aszlig
78a73ab041
chromium: Remove .py[co] files prior to building.
Thanks to @iElectric for the notification, although I'm not really sure
whether this will fix the following failed Hydra build:

http://hydra.nixos.org/build/17609086/nixlog/1/raw

The reason is that this failure doesn't happen on every build, but let's
see whether it will happen again now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-27 17:55:19 +01:00
wmertens
45c1b9147f Merge pull request #5130 from wmertens/git-ssl-env
Let git use $SSL_CERT_FILE
2014-11-27 13:24:08 +01:00
Bart Brouns
cfe24446a4 Fully functional faust, faust2alsa and faust2alsaconsole 2014-11-27 13:23:13 +01:00
Arseniy Seroka
53d0b4c539 Merge pull request #5150 from AndersonTorres/mpv
MPV: update to 0.7.0
2014-11-27 14:02:04 +03:00
Domen Kožar
ea42838981 fix teamspeak_client build 2014-11-27 11:34:56 +01:00
Domen Kožar
81acb400b9 Merge pull request #5144 from matejc/rekonqwrapper
rekonq: update to rekonq-2.4.2 and add wrapper
2014-11-27 09:55:36 +01:00
Aycan iRiCAN
073c764f6c Bump snort to 2.9.7.0 and daq to 2.0.4 2014-11-27 09:57:59 +02:00
AndersonTorres
8d248638bb MPV: update to 0.7.0
Now quvi support was dropped by upstream, and MPV uses Youtube-dl directly.
Another minor change is the update of Waf internal builder.
2014-11-27 00:27:53 -02:00
Shea Levy
64453d01f4 src: bump 2014-11-26 18:25:13 -05:00
Vladimír Čunát
e86ebdc0e3 synfigstudio: fix a strange build error
Also enableParallelBuilding.
fonts.conf isn't supposed to be put into buildIputs, but it's still weird.
2014-11-26 23:17:43 +01:00
Edward Tjörnhammar
d177b477c1 Merge pull request #5138 from abbradar/yed
yed: add package
2014-11-26 22:17:48 +01:00
Nikolay Amiantov
88aa54a09f yed: add package 2014-11-27 00:15:30 +03:00
Domen Kožar
00146e3e08 shotwell: 0.18.0 -> 0.20.2, fix build 2014-11-26 22:13:07 +01:00
Matej Cotman
d6201245e5 rekonq: update to rekonq-2.4.2 and add wrapper 2014-11-26 22:11:50 +01:00
Vladimír Čunát
b1803465d9 imagemagick: use a stable URL, reshuffle mirrors
CC: #5133.
2014-11-26 21:42:42 +01:00
Domen Kožar
412a2e21fb chromium: set two additional mimetypes for desktop icon 2014-11-26 20:56:29 +01:00
Vincent Laporte
1bd68c4478 zim: update from 0.61 to 0.62 2014-11-26 13:08:01 +00:00
vbgl
ee31a41da5 Merge pull request #5033 from michelk/saga_2.1.4
saga: update from 2.1.2 to 2.1.4 and re-enable build on x86_64-linux
2014-11-26 08:47:49 +00:00
Spencer Whitt
fdbd5e1323 New package: git-extras 2014-11-25 20:24:43 -05:00
Wout Mertens
272f2c365c git: Support $SSL_CERT_FILE 2014-11-26 00:29:37 +01:00
Edward Tjörnhammar
4b287deccd ideas version bumps 2014-11-25 22:08:26 +01:00
Ricardo M. Correia
a4beb6a2b6 flashplayer: Update from 11.2.202.418 -> 11.2.202.424 2014-11-25 16:32:44 +01:00
Eelco Dolstra
1abc3e0155 firefox-bin: Fix meta.license 2014-11-25 16:30:50 +01:00
Cillian de Róiste
d250ca4e31 openimageio: update from 1.4.14 to 1.4.15 2014-11-25 15:33:22 +01:00
aszlig
28b29f173d
chromium: Switch to using bundled protobuf.
This is a response to 1fdefd5562.

We are already using bundled protobuf for the beta and dev channels and
it also breaks regularly with about every new Chromium release, so let's
use bundled protobuf for all channels now.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-11-25 14:14:58 +01:00