Parnell Springmeyer
79f1a1e07a
security: need to specify the ping binary paths for setcap wrappers.
2016-09-01 19:15:56 -05:00
Parnell Springmeyer
2efb60c8e9
security: tweaking the setcap-wrapper example to be more relevant
2016-09-01 19:15:56 -05:00
Parnell Springmeyer
4e98aa639f
module-list: adding setcap-wrappers to the import list
2016-09-01 19:15:56 -05:00
Parnell Springmeyer
1c0f672f7a
security: update setcap-wrappers dir to match the system-level dir we're creating on init
2016-09-01 19:15:56 -05:00
Parnell Springmeyer
12a23b3d91
boot: create setcap-wrappers dir as a tmpfs
2016-09-01 19:15:56 -05:00
Parnell Springmeyer
6fe93ae42a
installer: adding perl 'next if' skip command for setcap-wrappers dir
2016-09-01 19:15:09 -05:00
Parnell Springmeyer
00dc2c559c
installer: adding mkdir command for the setcap-wrappers dir
2016-09-01 19:15:09 -05:00
Parnell Springmeyer
b3d63f8191
security: whitespace wibble
2016-09-01 19:13:54 -05:00
Parnell Springmeyer
bfc3956376
security: adding setcap-wrapper functionality
2016-09-01 19:13:54 -05:00
Parnell Springmeyer
5deed1cb86
network-interfaces: use setcap-wrappers for ping and ping6 iff linux kernel is at-least 4.3
2016-09-01 19:13:54 -05:00
Karn Kallio
49d59ce0ad
glu dev in mesa attribute
...
After making multiple outputs in the mesa_glu package the headers are
not included in the mesa attribute. The attached patch puts them in it.
From ced24208a300bea8234e7898ae6fec34fbd67289 Mon Sep 17 00:00:00 2001
From: Karn Kallio <kkallio@skami.org>
Date: Thu, 1 Sep 2016 16:18:23 -0400
Subject: [PATCH] mesa: Add the mesa glu headers to the mesa attribute.
2016-09-01 20:03:13 -04:00
Sander van der Burg
8bedff0e92
wring: use node2nix generated package
2016-09-01 20:50:08 +00:00
Domen Kožar
7c71a897dd
php: 5.6 -> 7.0
...
I'll probably regret this in testing period, but let's bump php
since 5.6 support expires in December.
2016-09-01 21:11:04 +02:00
Sander van der Burg
20cebe22c4
azure-cli: remove, because it has been supersed by a version generated by node2nix
2016-09-01 19:07:13 +00:00
Frederik Rietdijk
150341bfd1
pythonPackages.jinja2: no tests
2016-09-01 21:04:16 +02:00
Frederik Rietdijk
81191b707d
pythonPackages.hypothesis1: remove it
...
and let dependents use the latest version
2016-09-01 21:02:32 +02:00
Frederik Rietdijk
f3e76de800
Merge pull request #18197 from nand0p/sphinx-1-3-6-test-fix
...
sphinx: sphinx-1.3.6 test fixup
2016-09-01 21:00:54 +02:00
reltuk
3e695874e2
openjdk: Keep {include,man} in $out/lib/opendjk. ( #18140 )
...
* openjdk: Keep {include,man} in $out/lib/opendjk.
This is a standard layout that some JDK consumers expect.
* openjdk/8: Improve clarity of some symlink commands with terminating slash.
2016-09-01 21:00:41 +02:00
Domen Kožar
a6670c1a0b
Fixes #18124 : atomically replace /var/setuid-wrappers/ ( #18186 )
...
Before this commit updating /var/setuid-wrappers/ folder introduced
a small window where NixOS activation scripts could be terminated
and resulted into empty /var/setuid-wrappers/ folder.
That's very unfortunate because one might lose sudo binary.
Instead we use two atomic operations mv and ln (as described in
https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/ )
to achieve atomicity.
Since /var/setuid-wrappers is not a directory anymore, tmpfs mountpoints
were removed in installation scripts and in boot process.
Tested:
- upgrade /var/setuid-wrappers/ from folder to a symlink
- make sure /run/setuid-wrappers-dirs/ legacy symlink is really deleted
2016-09-01 20:57:51 +02:00
Данило Глинський (Danylo Hlynskyi)
78cd9f8ebc
virtualbox: add headless build (without Qt dependency) ( #18026 )
2016-09-01 20:54:58 +02:00
Tim Steinbach
8a7afae58b
openjdk: Fix #17603
2016-09-01 20:47:19 +02:00
Domen Kožar
d163882770
Merge pull request #18172 from Profpatsch/startAt-type
...
systemd-unit-options: startAt can be a list
2016-09-01 20:44:32 +02:00
Peter Simons
b9b5fcccc5
Merge pull request #18196 from ttuegel/ghc-madv-free
...
ghc801: disable MADV_FREE
2016-09-01 20:37:10 +02:00
Frederik Rietdijk
014b6e0627
pythonPackages.natsort: broken
2016-09-01 20:26:04 +02:00
Frederik Rietdijk
4d2420e3f8
pythonPackages.pathlib: fix tests
2016-09-01 20:25:12 +02:00
Frederik Rietdijk
7b534d4794
pythonPackages.attrs: fix tests
2016-09-01 20:13:16 +02:00
Frederik Rietdijk
c319c842b7
pythonPackages.hypothesis: remove optional dependencies
2016-09-01 20:10:29 +02:00
Tuomas Tynkkynen
bb18d73323
xfstests: 2016-08-06 -> 2016-08-26
...
Fixes build.
2016-09-01 21:03:27 +03:00
Tuomas Tynkkynen
85d7d9d254
xfstests: Autodetect what to link in the wrapper
2016-09-01 21:03:27 +03:00
Frederik Rietdijk
d2608c63fd
pythonPackages.cryptography: add missing dependency
2016-09-01 19:56:16 +02:00
Kranium Gikos Mendoza
71021a825d
gtk-gnutella: disable bindnow/fortify/pic/relro hardening ( #18195 )
...
based on debian's settings at https://lintian.debian.org/full/lucab@debian.org.html#gtk-gnutella_1.1.8-2
2016-09-01 19:53:17 +02:00
Tuomas Tynkkynen
6dc452313a
vim_configurable: vimNoX broken on Darwin, but bring back vimHugeX works
...
D'oh, I was careless.
2016-09-01 20:49:32 +03:00
Tuomas Tynkkynen
3364230d56
Disable bunch of non-compiling packages on Darwin
...
These ones have a "Last successful build" timestamp in the 2014s or
2015s. Presumably no one will notice if we now stop building them.
softether_4_18 2015-09-20 http://hydra.nixos.org/build/39418483
lensfun 2014-09-30 http://hydra.nixos.org/build/39394104
net_snmp 2015-09-20 http://hydra.nixos.org/build/39410553
djview 2015-08-11 http://hydra.nixos.org/build/39413233
libmusicbrainz2 2015-09-20 http://hydra.nixos.org/build/39410106
fox_1_6 2014-05-07 http://hydra.nixos.org/build/39410858
libofx 2015-09-24 http://hydra.nixos.org/build/39423507
yacas 2014-09-30 http://hydra.nixos.org/build/39393150
iomelt 2014-09-30 http://hydra.nixos.org/build/39408486
softether 2015-09-20 http://hydra.nixos.org/build/39425800
mp4v2 2014-09-30 http://hydra.nixos.org/build/39421899
virtuoso7 2014-09-21 http://hydra.nixos.org/build/39415206
man_db 2015-04-23 http://hydra.nixos.org/build/39404236
libdiscid 2014-09-30 http://hydra.nixos.org/build/39412202
zabbix22.agent 2014-09-21 http://hydra.nixos.org/build/39412149
vidalia 2015-08-06 http://hydra.nixos.org/build/39411500
libmtp 2015-09-20 http://hydra.nixos.org/build/39419199
wxGTK29 2015-09-20 http://hydra.nixos.org/build/39415296
ncmpcpp 2015-11-06 http://hydra.nixos.org/build/39404455
libtorrent 2014-09-21 http://hydra.nixos.org/build/39394646
shishi 2014-03-21 http://hydra.nixos.org/build/39418874
ocaml_3_12_1 2014-09-30 http://hydra.nixos.org/build/39392996
djview4 2015-08-11 http://hydra.nixos.org/build/39427799
vimNox 2014-05-23 http://hydra.nixos.org/build/39397012
ttfautohint 2015-08-06 http://hydra.nixos.org/build/39398330
libraw 2015-09-24 http://hydra.nixos.org/build/39402271
wxGTK30 2015-09-20 http://hydra.nixos.org/build/39401871
sbcl_1_2_5 2015-09-20 http://hydra.nixos.org/build/39426091
prover9 2014-09-30 http://hydra.nixos.org/build/39406476
rcs 2015-08-25 http://hydra.nixos.org/build/39392037
gpac 2015-09-24 http://hydra.nixos.org/build/39399470
virtuoso6 2014-09-30 http://hydra.nixos.org/build/39398651
xlslib 2015-09-24 http://hydra.nixos.org/build/39410387
ucommon 2015-03-27 http://hydra.nixos.org/build/39414040
commoncpp2 2014-09-30 http://hydra.nixos.org/build/39420117
virtuoso 2014-09-21 http://hydra.nixos.org/build/39399978
miniHttpd 2014-09-30 http://hydra.nixos.org/build/39392925
mpack 2014-09-26 http://hydra.nixos.org/build/39399535
nbd 2014-09-26 http://hydra.nixos.org/build/39401367
newsbeuter-dev 2014-07-29 http://hydra.nixos.org/build/39406259
gimp_2_8 2015-09-20 http://hydra.nixos.org/build/39436271
gimp 2015-09-20 http://hydra.nixos.org/build/39435976
zabbix20.agent 2014-09-30 http://hydra.nixos.org/build/39393242
gst_all_1.gst-plugins-good 2015-09-20 http://hydra.nixos.org/build/39408506
ocaml_4_00_1 2014-09-30 http://hydra.nixos.org/build/39399526
inadyn 2014-09-30 http://hydra.nixos.org/build/39426389
gst_all_1.gst-plugins-bad 2015-09-20 http://hydra.nixos.org/build/39392970
zabbix.agent 2014-09-30 http://hydra.nixos.org/build/39421412
cmake-2_8 2015-09-24 http://hydra.nixos.org/build/39399443
liblastfm 2015-08-06 http://hydra.nixos.org/build/39421812
newsbeuter 2014-07-29 http://hydra.nixos.org/build/39396605
sdcv 2014-09-26 http://hydra.nixos.org/build/39412928
2016-09-01 20:39:33 +03:00
Tuomas Tynkkynen
255c9de6ef
pythonPackages.keystoneclient: Fix bogus 'doCheck' value
2016-09-01 20:21:26 +03:00
Fernando J Pando
e487772722
sphinx: sphinx-1.3.6 test fixup
...
Fixes this error:
```
FAIL: test_setup_command.test_build_sphinx_return_nonzero_status
----------------------------------------------------------------------
Traceback (most recent call last):
File "/nix/store/zfmk6mqmr1046bh0cnh06frd0bb0nr20-python2.7-nose-1.3.7/lib/python2.7/site-packages/nose/case.py", line 197, in runTest
self.test(*self.arg)
File "/tmp/nix-build-python2.7-Sphinx-1.3.6.drv-0/Sphinx-1.3.6/tests/test_setup_command.py", line 55, in deco
func(pkgrootdir, proc)
File "/tmp/nix-build-python2.7-Sphinx-1.3.6.drv-0/Sphinx-1.3.6/tests/test_setup_command.py", line 110, in test_build_sphinx_return_nonzero_status
assert proc.returncode != 0, 'expect non-zero status for setup.py'
AssertionError: expect non-zero status for setup.py
```
Tested on Linux
- python 2.7
- python 3.5
2016-09-01 13:11:27 -04:00
Thomas Tuegel
54125b4af4
ghc801: disable MADV_FREE
2016-09-01 12:07:36 -05:00
Eelco Dolstra
f0206aba5e
opencolorio: Use separate outputs
...
Also, make the package name match the attribute (and upstream) name.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
41ec7095a7
openimageio: Use separate outputs
2016-09-01 18:57:43 +02:00
Eelco Dolstra
452afd1ed6
ilmbase: Use separate outputs
2016-09-01 18:57:43 +02:00
Eelco Dolstra
68e216d604
opensubdiv: Use separate outputs
2016-09-01 18:57:43 +02:00
Eelco Dolstra
e05c4c6541
libapparmor: Move python stuff to a separate output
...
This prevents systemd and by extension a zillion other packages from
having Python 2.7 in their closure. For example, the closure of
systemd dropped from 133 MiB to 85 MiB.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
cf26f610aa
glew: Use separate outputs and don't install static libraries
2016-09-01 18:57:43 +02:00
Eelco Dolstra
8a137b3455
mesa-glu: Use separate outputs
2016-09-01 18:57:43 +02:00
Eelco Dolstra
3934980ca4
opensubdiv: Don't install static libraries
2016-09-01 18:57:43 +02:00
Eelco Dolstra
b688074c51
opensubdiv: Prevent runtime dependency on mesa_noglu.dev
2016-09-01 18:57:43 +02:00
Eelco Dolstra
8b12eee201
x265: Don't install static library
...
Following our general policy to only install dynamic libraries. If the
static library turns out to be needed, it could be moved to a separate
output.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
0810decaa7
python-3.5: Drop dependency on Berkeley DB
...
The previous commit revealed that Python wasn't actually using
Berkeley DB; it only had it in its closure due to the build-time flag
dump in Makefile and _sysconfigdata.py. When Python detects both GNU
gdbm and Berkeley DB at build time, it will use the former.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
fdd7399a3c
python-3.5: Also remove -L flags
...
This reduces the Python closure size by another 10 MiB.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
02bae39132
tcl: Don't install a copy of tzdata
...
This cuts about 3 MiB from the installed size. On Linux, the configure
script is supposed to detect that installing tzdata is unnecessary,
but it looks in locations like /usr/share/zoneinfo.
2016-09-01 18:57:43 +02:00
Eelco Dolstra
168192f116
python-3.5: Eliminate -dev paths from the runtime closure
...
This reduces Python's closure size from 200 MiB to 129 MiB. Even
better would be to get move tkinter to a separate output or package
(since that would get rid of all X11 stuff), but that's a bit harder.
2016-09-01 18:57:43 +02:00