Commit Graph

2065 Commits

Author SHA1 Message Date
Tom Boettcher
30b09b8620 dockerTools: Fix loop typo.
This typo was causing only a single layer to be de-duplicated,
rather than all parent layers.
2016-10-24 14:30:00 -05:00
Joachim Fasting
6d1bf921fa
grsecurity: work around #19698
This is a temporary work-around to fix using grsecurity on NixOS with
the new kernelPackages/kernelPatches machinery.

For whatever reason, when `security.grsecurity.enable = true`, the grsec
patch ends up being applied twice, causing the kernel build to fail.

Until the root cause of this is identified, we hack around it by simply
pruning duplicate patches in the grsec kernel builder.

Closes #19698
2016-10-23 18:25:29 +02:00
Tuomas Tynkkynen
5076c0a5d3 modules-closure: Use stdenvNoCC 2016-10-20 02:39:29 +03:00
Vladimír Čunát
027efec879 Merge staging without python splitting for now
The split needs more time to finish rebuilding,
but the rest seems OK and there are security fixes.
2016-10-14 09:24:21 +02:00
Jörg Thalheim
d5316884e4 Merge pull request #19024 from adnelson/docker_refactor
dockerTools: add docs to docker build functions
2016-10-13 11:50:21 +02:00
Profpatsch
bef6bef0d2
stdenv/stripHash: print to stdout, not to variable
`stripHash` documentation states that it prints out the stripped name to
the stdout, but the function stored the value in `strippedName`
instead.

Basically all usages did something like
`$(stripHash $foo | echo $strippedName)` which is just braindamaged.
Fixed the implementation and all invocations.
2016-10-11 18:34:36 +02:00
Nikolay Amiantov
7a73ecc18e buildFHSEnv: link /etc/zoneinfo
This is needed because now /etc/localtime symlink points there.
2016-10-11 16:56:11 +03:00
Michael Raskin
f603dc11a6 fetch*: print a trace warning about md5 deprecation 2016-10-09 16:19:04 +02:00
Vincent Laporte
4168706d4f OCaml modules: make explicit some dependencies to ocamlbuild 2016-10-09 11:55:19 +02:00
Damien Cassou
0e69fb2f19 Merge pull request #18985 from dudebout/emacs-with-c-src
emacs: add an option to install the C source
2016-10-07 17:23:19 +02:00
Shea Levy
eca0f17ad2 nix-buffer support improvements.
Use inherit-local, add per-package elisp hooks.
2016-10-07 10:31:37 -04:00
Vladimír Čunát
30f551d8b2 Merge branch 'master' into staging 2016-10-05 19:02:48 +02:00
Jörg Thalheim
1bd8d7710e Merge pull request #19125 from markus1189/bin-bash-cleanup
Bin bash cleanup
2016-10-05 17:16:00 +02:00
Kirill Boltaev
3e646865f4 treewide: use ocaml.version (#19192) 2016-10-05 09:32:30 +02:00
Markus Hauck
aafbd40577 Replace hard coded /bin/bash occurrences 2016-10-04 20:15:37 +02:00
Allen Nelson
940aafcbcc use rsync, comment out pulls 2016-10-03 15:12:29 -05:00
Jörg Thalheim
888f6a1280 Merge pull request #19199 from wizeman/u/fix-help2man-hash
help2man: fix hash
2016-10-03 19:26:44 +02:00
Allen Nelson
b9007c8d83 add examples file 2016-10-03 12:07:33 -05:00
Joachim Fasting
1bb7b44cd7
grsecurity: make GRKERNSEC y and PAX y implicit
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
2016-10-02 19:25:58 +02:00
Allen Nelson
4abe579250 add docs to docker build functions
bring back ls_tar

replace goPackages with go

don't hardcode /nix/store in vmTools

more docs
2016-09-29 12:52:57 -05:00
Eelco Dolstra
97bfc2fac9 runCommand: Use stdenvNoCC
This ensures that most "trivial" derivations used to build NixOS
configurations no longer depend on GCC. For commands that do invoke
gcc, there is runCommandCC.
2016-09-29 13:06:43 +02:00
Eelco Dolstra
0cb16a6955 Add stdenvNoCC
This is a standard environment that doesn't contain a C/C++
compiler. This is mostly to prevent trivial builders like runCommand
and substituteAll from pulling in gcc for simple configuration changes
on NixOS.
2016-09-29 13:06:41 +02:00
Eelco Dolstra
518340624d Merge remote-tracking branch 'origin/master' into staging 2016-09-29 13:06:14 +02:00
Eelco Dolstra
c5ddb7dd56 Move useSetUID to pam_usb, the only place where it's used 2016-09-29 13:05:28 +02:00
Eelco Dolstra
030e20f759 Add a warning about using requireFile 2016-09-29 13:05:28 +02:00
Vladimír Čunát
77604964b6 Merge branch 'master' into staging 2016-09-28 17:13:59 +02:00
Nicolas Dudebout
9c3852538c emacsWrapper: remove site-start.elc 2016-09-27 16:13:22 -04:00
Luca Bruno
c049fd4a31 Merge pull request #18896 from tboettch/dockerToolsFix
dockerTools: Fix layer redundancy.
2016-09-25 15:35:05 +01:00
Vladimír Čunát
fffc7638cd Merge branch 'master' into staging 2016-09-24 18:54:31 +02:00
Tom Boettcher
1e8b69c35e dockerTools: Fix layer redundancy.
When building an image with multiple layers, files
already included in an underlying layer are supposed to
be excluded from the current layer. However, some subtleties
in the way filepaths are compared seem to be blocking this.

Specifically:
* tar generates relative filepaths with directories ending in '/'
* find generates absolute filepaths with no trailing slashes on directories

That is, paths extracted from the underlying tarball look like:
    nix/store/.../foobar/
whereas the layer being generated uses paths like:
    /nix/store/.../foobar

This patch modifies the output of "tar -t" to match the latter format.
2016-09-23 16:40:59 -05:00
Eelco Dolstra
f081a1aaf4 debian: 8.5 -> 8.6 2016-09-22 15:53:29 +02:00
Eelco Dolstra
ac03df96ba openssl: 1.0.1t -> 1.0.1u, 1.0.2h -> 1.0.2i, 1.1.0 -> 1.1.0a
https://www.openssl.org/news/secadv/20160922.txt
2016-09-22 15:05:09 +02:00
Eelco Dolstra
7a4209c356 Merge remote-tracking branch 'origin/master' into staging 2016-09-20 17:46:09 +02:00
Eelco Dolstra
5f8a330d40 outputDocdev -> outputDevdoc
For consistency with the devdoc output.
2016-09-20 17:44:48 +02:00
Eelco Dolstra
594c47e5eb Don't nuke section 3 manpages by default
They now go to devman, devdoc, or $outputMan, in that order. This is
to prevent cases such as the man-pages package quietly losing its
section 3 pages.
2016-09-20 17:42:43 +02:00
Profpatsch
61462c94e6 lib/fetchers.nix: factor out impure proxy vars (#18702)
Apparently everyone just copied those variables, instead of creating a
library constant for them. Some even removed the comment. -.-
2016-09-17 21:50:01 +02:00
Shea Levy
b04cdae902 nixBufferBuilders.withPackages: Make more legible, special-case proof-general.
There's some bigger changes coming, but thought I'd push this first...
2016-09-05 17:55:49 -04:00
Shea Levy
05c132486d Initial version of nixBufferBuilders.withPackages.
This builds elisp to setup an emacs buffer with the packages given
available. See shlevy/nix-buffer for more information.

Currently only modifies $PATH.
2016-09-05 12:01:26 -04:00
Nikolay Amiantov
698cadd714 runVM: mount devpts 2016-09-04 17:11:01 +03:00
Nikolay Amiantov
8b38b6aae2 runVM: check exit code before postVM eval 2016-09-04 17:11:01 +03:00
Tuomas Tynkkynen
e2c6740c37 Merge commit 'adaee73' from staging into master
This one was already merged into release-16.09, so let's not have the
stable branch is ahead of master and confuse things. In addition to
that, currently we have an odd situation that master has less things
actually finished building than in staging.

Conflicts:
	pkgs/data/documentation/man-pages/default.nix
2016-09-03 01:02:51 +03:00
Tuomas Tynkkynen
8c4aeb1780 Merge staging into master
Brings in:
    - changed output order for multiple outputs:
      https://github.com/NixOS/nixpkgs/pull/14766
    - audit disabled by default
      https://github.com/NixOS/nixpkgs/pull/17916

 Conflicts:
	pkgs/development/libraries/openldap/default.nix
2016-09-01 13:27:27 +03:00
Eelco Dolstra
8172cd734c docdev -> devdoc
It's "developer documentation", not "documentation developer" after
all.
2016-09-01 11:07:23 +02:00
Domen Kožar
da421bc75f Fix #4210: Remove builderDefs
This was one of the ways to build packages, we are trying
hard to minimize different ways so it's easier for newcomers
to learn only one way.

This also:

- removes texLive (old), fixes #14807
- removed upstream-updater, if that code is still used it should be in
  separate repo
- changes a few packages like gitit/mit-scheme to use new texlive
2016-08-31 11:34:46 +02:00
Tuomas Tynkkynen
8576332fdf grsec: Fix build after multiple output shuffling
Same problem with overrideDerivation as in
https://github.com/NixOS/nixpkgs/issues/10721. Would be nice to have
that fixed...
2016-08-30 15:55:49 +03:00
Tuomas Tynkkynen
d3dc3d4130 Merge remote-tracking branch 'dezgeg/shuffle-outputs' into staging
https://github.com/NixOS/nixpkgs/pull/14766
2016-08-30 12:43:37 +03:00
Tuomas Tynkkynen
5d55ae5d50 stdenv/multiple-outputs.sh: Change output propagation logic
Because 'dev' will most often not be the default output after my changes.
2016-08-29 14:49:51 +03:00
obadz
b74793bd1c Merge branch 'master' into staging
Conflicts:
	pkgs/tools/system/facter/default.nix
2016-08-29 12:44:17 +01:00
Joachim Fasting
e5c3a52afc
grsecurity: fix features.grsecurity
Previously, features.grsecurity wasn't actually set due to a bug in the
grsec builder. We now rely on the generic kernel builder to set features
from kernelPatches.
2016-08-29 04:09:40 +02:00
Franz Pletz
c0fa26ef3b Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-08-24 11:01:53 +02:00