Commit Graph

90550 Commits

Author SHA1 Message Date
Parnell Springmeyer
79f1a1e07a security: need to specify the ping binary paths for setcap wrappers. 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
2efb60c8e9 security: tweaking the setcap-wrapper example to be more relevant 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
4e98aa639f module-list: adding setcap-wrappers to the import list 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
1c0f672f7a security: update setcap-wrappers dir to match the system-level dir we're creating on init 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
12a23b3d91 boot: create setcap-wrappers dir as a tmpfs 2016-09-01 19:15:56 -05:00
Parnell Springmeyer
6fe93ae42a installer: adding perl 'next if' skip command for setcap-wrappers dir 2016-09-01 19:15:09 -05:00
Parnell Springmeyer
00dc2c559c installer: adding mkdir command for the setcap-wrappers dir 2016-09-01 19:15:09 -05:00
Parnell Springmeyer
b3d63f8191 security: whitespace wibble 2016-09-01 19:13:54 -05:00
Parnell Springmeyer
bfc3956376 security: adding setcap-wrapper functionality 2016-09-01 19:13:54 -05:00
Parnell Springmeyer
5deed1cb86 network-interfaces: use setcap-wrappers for ping and ping6 iff linux kernel is at-least 4.3 2016-09-01 19:13:54 -05:00
Karn Kallio
49d59ce0ad glu dev in mesa attribute
After making multiple outputs in the mesa_glu package the headers are
not included in the mesa attribute.  The attached patch puts them in it.

From ced24208a300bea8234e7898ae6fec34fbd67289 Mon Sep 17 00:00:00 2001
From: Karn Kallio <kkallio@skami.org>
Date: Thu, 1 Sep 2016 16:18:23 -0400
Subject: [PATCH] mesa: Add the mesa glu headers to the mesa attribute.
2016-09-01 20:03:13 -04:00
Sander van der Burg
8bedff0e92 wring: use node2nix generated package 2016-09-01 20:50:08 +00:00
Domen Kožar
7c71a897dd php: 5.6 -> 7.0
I'll probably regret this in testing period, but let's bump php
since 5.6 support expires in December.
2016-09-01 21:11:04 +02:00
Sander van der Burg
20cebe22c4 azure-cli: remove, because it has been supersed by a version generated by node2nix 2016-09-01 19:07:13 +00:00
Frederik Rietdijk
150341bfd1 pythonPackages.jinja2: no tests 2016-09-01 21:04:16 +02:00
Frederik Rietdijk
81191b707d pythonPackages.hypothesis1: remove it
and let dependents use the latest version
2016-09-01 21:02:32 +02:00
Frederik Rietdijk
f3e76de800 Merge pull request #18197 from nand0p/sphinx-1-3-6-test-fix
sphinx: sphinx-1.3.6 test fixup
2016-09-01 21:00:54 +02:00
reltuk
3e695874e2 openjdk: Keep {include,man} in $out/lib/opendjk. (#18140)
* openjdk: Keep {include,man} in $out/lib/opendjk.

This is a standard layout that some JDK consumers expect.

* openjdk/8: Improve clarity of some symlink commands with terminating slash.
2016-09-01 21:00:41 +02:00
Domen Kožar
a6670c1a0b Fixes #18124: atomically replace /var/setuid-wrappers/ (#18186)
Before this commit updating /var/setuid-wrappers/ folder introduced
a small window where NixOS activation scripts could be terminated
and resulted into empty /var/setuid-wrappers/ folder.

That's very unfortunate because one might lose sudo binary.

Instead we use two atomic operations mv and ln (as described in
https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/)
to achieve atomicity.

Since /var/setuid-wrappers is not a directory anymore, tmpfs mountpoints
were removed in installation scripts and in boot process.

Tested:

- upgrade /var/setuid-wrappers/ from folder to a symlink
- make sure /run/setuid-wrappers-dirs/ legacy symlink is really deleted
2016-09-01 20:57:51 +02:00
Данило Глинський (Danylo Hlynskyi)
78cd9f8ebc virtualbox: add headless build (without Qt dependency) (#18026) 2016-09-01 20:54:58 +02:00
Tim Steinbach
8a7afae58b openjdk: Fix #17603 2016-09-01 20:47:19 +02:00
Domen Kožar
d163882770 Merge pull request #18172 from Profpatsch/startAt-type
systemd-unit-options: startAt can be a list
2016-09-01 20:44:32 +02:00
Peter Simons
b9b5fcccc5 Merge pull request #18196 from ttuegel/ghc-madv-free
ghc801: disable MADV_FREE
2016-09-01 20:37:10 +02:00
Frederik Rietdijk
014b6e0627 pythonPackages.natsort: broken 2016-09-01 20:26:04 +02:00
Frederik Rietdijk
4d2420e3f8 pythonPackages.pathlib: fix tests 2016-09-01 20:25:12 +02:00
Frederik Rietdijk
7b534d4794 pythonPackages.attrs: fix tests 2016-09-01 20:13:16 +02:00
Frederik Rietdijk
c319c842b7 pythonPackages.hypothesis: remove optional dependencies 2016-09-01 20:10:29 +02:00
Tuomas Tynkkynen
bb18d73323 xfstests: 2016-08-06 -> 2016-08-26
Fixes build.
2016-09-01 21:03:27 +03:00
Tuomas Tynkkynen
85d7d9d254 xfstests: Autodetect what to link in the wrapper 2016-09-01 21:03:27 +03:00
Frederik Rietdijk
d2608c63fd pythonPackages.cryptography: add missing dependency 2016-09-01 19:56:16 +02:00
Kranium Gikos Mendoza
71021a825d gtk-gnutella: disable bindnow/fortify/pic/relro hardening (#18195)
based on debian's settings at https://lintian.debian.org/full/lucab@debian.org.html#gtk-gnutella_1.1.8-2
2016-09-01 19:53:17 +02:00
Tuomas Tynkkynen
6dc452313a vim_configurable: vimNoX broken on Darwin, but bring back vimHugeX works
D'oh, I was careless.
2016-09-01 20:49:32 +03:00
Tuomas Tynkkynen
3364230d56 Disable bunch of non-compiling packages on Darwin
These ones have a "Last successful build" timestamp in the 2014s or
2015s. Presumably no one will notice if we now stop building them.

softether_4_18              2015-09-20  http://hydra.nixos.org/build/39418483
lensfun                     2014-09-30  http://hydra.nixos.org/build/39394104
net_snmp                    2015-09-20  http://hydra.nixos.org/build/39410553
djview                      2015-08-11  http://hydra.nixos.org/build/39413233
libmusicbrainz2             2015-09-20  http://hydra.nixos.org/build/39410106
fox_1_6                     2014-05-07  http://hydra.nixos.org/build/39410858
libofx                      2015-09-24  http://hydra.nixos.org/build/39423507
yacas                       2014-09-30  http://hydra.nixos.org/build/39393150
iomelt                      2014-09-30  http://hydra.nixos.org/build/39408486
softether                   2015-09-20  http://hydra.nixos.org/build/39425800
mp4v2                       2014-09-30  http://hydra.nixos.org/build/39421899
virtuoso7                   2014-09-21  http://hydra.nixos.org/build/39415206
man_db                      2015-04-23  http://hydra.nixos.org/build/39404236
libdiscid                   2014-09-30  http://hydra.nixos.org/build/39412202
zabbix22.agent              2014-09-21  http://hydra.nixos.org/build/39412149
vidalia                     2015-08-06  http://hydra.nixos.org/build/39411500
libmtp                      2015-09-20  http://hydra.nixos.org/build/39419199
wxGTK29                     2015-09-20  http://hydra.nixos.org/build/39415296
ncmpcpp                     2015-11-06  http://hydra.nixos.org/build/39404455
libtorrent                  2014-09-21  http://hydra.nixos.org/build/39394646
shishi                      2014-03-21  http://hydra.nixos.org/build/39418874
ocaml_3_12_1                2014-09-30  http://hydra.nixos.org/build/39392996
djview4                     2015-08-11  http://hydra.nixos.org/build/39427799
vimNox                      2014-05-23  http://hydra.nixos.org/build/39397012
ttfautohint                 2015-08-06  http://hydra.nixos.org/build/39398330
libraw                      2015-09-24  http://hydra.nixos.org/build/39402271
wxGTK30                     2015-09-20  http://hydra.nixos.org/build/39401871
sbcl_1_2_5                  2015-09-20  http://hydra.nixos.org/build/39426091
prover9                     2014-09-30  http://hydra.nixos.org/build/39406476
rcs                         2015-08-25  http://hydra.nixos.org/build/39392037
gpac                        2015-09-24  http://hydra.nixos.org/build/39399470
virtuoso6                   2014-09-30  http://hydra.nixos.org/build/39398651
xlslib                      2015-09-24  http://hydra.nixos.org/build/39410387
ucommon                     2015-03-27  http://hydra.nixos.org/build/39414040
commoncpp2                  2014-09-30  http://hydra.nixos.org/build/39420117
virtuoso                    2014-09-21  http://hydra.nixos.org/build/39399978
miniHttpd                   2014-09-30  http://hydra.nixos.org/build/39392925
mpack                       2014-09-26  http://hydra.nixos.org/build/39399535
nbd                         2014-09-26  http://hydra.nixos.org/build/39401367
newsbeuter-dev              2014-07-29  http://hydra.nixos.org/build/39406259
gimp_2_8                    2015-09-20  http://hydra.nixos.org/build/39436271
gimp                        2015-09-20  http://hydra.nixos.org/build/39435976
zabbix20.agent              2014-09-30  http://hydra.nixos.org/build/39393242
gst_all_1.gst-plugins-good  2015-09-20  http://hydra.nixos.org/build/39408506
ocaml_4_00_1                2014-09-30  http://hydra.nixos.org/build/39399526
inadyn                      2014-09-30  http://hydra.nixos.org/build/39426389
gst_all_1.gst-plugins-bad   2015-09-20  http://hydra.nixos.org/build/39392970
zabbix.agent                2014-09-30  http://hydra.nixos.org/build/39421412
cmake-2_8                   2015-09-24  http://hydra.nixos.org/build/39399443
liblastfm                   2015-08-06  http://hydra.nixos.org/build/39421812
newsbeuter                  2014-07-29  http://hydra.nixos.org/build/39396605
sdcv                        2014-09-26  http://hydra.nixos.org/build/39412928
2016-09-01 20:39:33 +03:00
Tuomas Tynkkynen
255c9de6ef pythonPackages.keystoneclient: Fix bogus 'doCheck' value 2016-09-01 20:21:26 +03:00
Fernando J Pando
e487772722 sphinx: sphinx-1.3.6 test fixup
Fixes this error:
```
FAIL: test_setup_command.test_build_sphinx_return_nonzero_status
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/nix/store/zfmk6mqmr1046bh0cnh06frd0bb0nr20-python2.7-nose-1.3.7/lib/python2.7/site-packages/nose/case.py", line 197, in runTest
    self.test(*self.arg)
  File "/tmp/nix-build-python2.7-Sphinx-1.3.6.drv-0/Sphinx-1.3.6/tests/test_setup_command.py", line 55, in deco
    func(pkgrootdir, proc)
  File "/tmp/nix-build-python2.7-Sphinx-1.3.6.drv-0/Sphinx-1.3.6/tests/test_setup_command.py", line 110, in test_build_sphinx_return_nonzero_status
    assert proc.returncode != 0, 'expect non-zero status for setup.py'
AssertionError: expect non-zero status for setup.py
```

Tested on Linux
- python 2.7
- python 3.5
2016-09-01 13:11:27 -04:00
Thomas Tuegel
54125b4af4
ghc801: disable MADV_FREE 2016-09-01 12:07:36 -05:00
Eelco Dolstra
f0206aba5e opencolorio: Use separate outputs
Also, make the package name match the attribute (and upstream) name.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
41ec7095a7 openimageio: Use separate outputs 2016-09-01 18:57:43 +02:00
Eelco Dolstra
452afd1ed6 ilmbase: Use separate outputs 2016-09-01 18:57:43 +02:00
Eelco Dolstra
68e216d604 opensubdiv: Use separate outputs 2016-09-01 18:57:43 +02:00
Eelco Dolstra
e05c4c6541 libapparmor: Move python stuff to a separate output
This prevents systemd and by extension a zillion other packages from
having Python 2.7 in their closure. For example, the closure of
systemd dropped from 133 MiB to 85 MiB.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
cf26f610aa glew: Use separate outputs and don't install static libraries 2016-09-01 18:57:43 +02:00
Eelco Dolstra
8a137b3455 mesa-glu: Use separate outputs 2016-09-01 18:57:43 +02:00
Eelco Dolstra
3934980ca4 opensubdiv: Don't install static libraries 2016-09-01 18:57:43 +02:00
Eelco Dolstra
b688074c51 opensubdiv: Prevent runtime dependency on mesa_noglu.dev 2016-09-01 18:57:43 +02:00
Eelco Dolstra
8b12eee201 x265: Don't install static library
Following our general policy to only install dynamic libraries. If the
static library turns out to be needed, it could be moved to a separate
output.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
0810decaa7 python-3.5: Drop dependency on Berkeley DB
The previous commit revealed that Python wasn't actually using
Berkeley DB; it only had it in its closure due to the build-time flag
dump in Makefile and _sysconfigdata.py. When Python detects both GNU
gdbm and Berkeley DB at build time, it will use the former.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
fdd7399a3c python-3.5: Also remove -L flags
This reduces the Python closure size by another 10 MiB.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
02bae39132 tcl: Don't install a copy of tzdata
This cuts about 3 MiB from the installed size. On Linux, the configure
script is supposed to detect that installing tzdata is unnecessary,
but it looks in locations like /usr/share/zoneinfo.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
168192f116 python-3.5: Eliminate -dev paths from the runtime closure
This reduces Python's closure size from 200 MiB to 129 MiB. Even
better would be to get move tkinter to a separate output or package
(since that would get rid of all X11 stuff), but that's a bit harder.
2016-09-01 18:57:43 +02:00