Commit Graph

42001 Commits

Author SHA1 Message Date
Cillian de Róiste
aee930586f drumkv1: update from 0.4.0 to 0.4.1 2014-04-12 11:57:43 +02:00
Vladimír Čunát
83cb0354e9 clang_34: make it evaluate to 3.4 even on Darwin 2014-04-12 09:46:37 +02:00
Austin Seipp
172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Austin Seipp
cf24cf1184 capstone: attempt to fix Linux build, remove Darwin build
The Darwin build seems fixable but I can't test right now.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:41:14 -05:00
Austin Seipp
036a7708a2 libseccomp: attempt to fix Hydra build
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:37:19 -05:00
Austin Seipp
acd5a9d8b4 spiped: attempt to fix linux Hydra build
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:35:08 -05:00
Austin Seipp
71d7bec227 p0f: build fix attempt for Hydra
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:32:30 -05:00
Shea Levy
c47d3bb600 Merge branch 'revert-postgres-superuser'
The recent postgres superuser changes have caused a lot of breakages to
existing systems, and we are very close to branching for the 14.04
stable release. We can bring this back after.
2014-04-11 19:24:22 -04:00
Shea Levy
0122697550 Revert "Merge branch 'postgresql-user' of git://github.com/ocharles/nixpkgs"
Reverting postgres superuser changes until after stable.

This reverts commit 6cc0cc7ff6, reversing
changes made to 3c4be425db.
2014-04-11 19:23:03 -04:00
Shea Levy
9b077bac58 Revert "postgresql: properly fix permissions issue by in postStart"
Reverting postgres superuser changes until after stable.

This reverts commit c66be6378d.
2014-04-11 19:22:43 -04:00
Shea Levy
e9e60103de Revert "Create the 'postgres' superuser"
Reverting postgres superuser changes until after stable.

This reverts commit 7de29bd26f.
2014-04-11 19:22:39 -04:00
Shea Levy
c23050e231 Revert "Use PostgreSQL 9.3's pg_isready to wait for connectivity"
Reverting postgres superuser changes until after stable.

This reverts commit e206684110.
2014-04-11 19:21:50 -04:00
Mathijs Kwik
b21853f255 Fix initrd breaking by recent repeatable-builds changes
See the comments at f67015cae4
for more information.

Please note: this makes initrd unrepeatable again, but most people will prefer that above an unbootable system.
2014-04-12 00:06:30 +02:00
Mathijs Kwik
5a3fa7f88f nvidia-x11: patch for kernel 3.14 support 2014-04-11 23:40:16 +02:00
Peter Simons
50b1a8ea0b haskell-diagrams-postscript: update to version 1.0.2.4 2014-04-11 22:33:12 +02:00
Peter Simons
d2e61750df haskell-diagrams-lib: update to version 1.1.0.6 2014-04-11 22:33:11 +02:00
Peter Simons
ce15e84af3 haskell-diagrams-contrib: update to version 1.1.1.4 2014-04-11 22:33:11 +02:00
Peter Simons
716cffc1bb haskell-language-c-inline: re-generate with cabal2nix 2014-04-11 22:33:11 +02:00
Peter Simons
f32be2da85 haddock: update to version 2.14.2 2014-04-11 22:33:11 +02:00
Peter Simons
86177f06e9 haskell-haskell-src: add version 1.0.1.6 2014-04-11 22:33:11 +02:00
Peter Simons
f5dd4d383b haskell-HTTP: update to version 4000.2.12 2014-04-11 22:33:11 +02:00
Peter Simons
fd376138b2 haskell-yesod-core: update to version 1.2.12 2014-04-11 22:33:11 +02:00
Peter Simons
e77f2cd689 haskell-texmath: update to version 0.6.6.1 2014-04-11 22:33:11 +02:00
Peter Simons
43a77ee1ab haskell-monoid-extras: update to version 0.3.3.2 2014-04-11 22:33:11 +02:00
Peter Simons
2379850cad haskell-monad-logger: update to version 0.3.6 2014-04-11 22:33:11 +02:00
Peter Simons
ecbb36caf1 haskell-hxt: update to version 9.3.1.4 2014-04-11 22:33:11 +02:00
Peter Simons
35e8034716 haskell-hxt-unicode: update to version 9.0.2.2 2014-04-11 22:33:11 +02:00
Peter Simons
7cc83c8c74 haskell-dual-tree: update to version 0.2.0.2 2014-04-11 22:33:11 +02:00
Peter Simons
c203d9c5fa haskell-cereal-conduit: update to version 0.7.2.1 2014-04-11 22:33:11 +02:00
Peter Simons
a0264d3db8 haskell-active: update to version 0.1.0.12 2014-04-11 22:33:11 +02:00
Peter Simons
e1bdc5c164 haskell-statistics: add version 0.11.0.0 2014-04-11 22:33:11 +02:00
Peter Simons
ea95516bf8 haskell-parsers: add version 0.11 2014-04-11 22:33:11 +02:00
Peter Simons
4604d52df4 GHC version 7.8.1 has been deprecated because of a serious bug.
We'll have version 7.8.2 out soon.

http://www.haskell.org/pipermail/ghc-devs/2014-April/004605.html
http://www.haskell.org/pipermail/ghc-devs/2014-April/004616.html
2014-04-11 22:33:11 +02:00
Peter Simons
5b211b9a9b Merge pull request #2207 from jwiegley/master
Add c2hsc to haskell-packages.nix
2014-04-11 22:30:49 +02:00
Domen Kožar
f673b45e2d Merge pull request #2211 from ertes/ertes-new-mail
maintainers: ertes: New (temporary) email address.
2014-04-11 21:31:20 +02:00
Domen Kožar
baf2a4d4b9 ugly tarball fix for llvmPackages support on Darwin 2014-04-11 21:28:43 +02:00
Ertugrul Söylemez
7be040cdcb maintainers: ertes: New temporary email address. 2014-04-11 21:17:22 +02:00
John Wiegley
8026caec43 Add c2hsc to haskell-packages.nix 2014-04-11 10:34:56 -05:00
Eelco Dolstra
e2bc9a3d14 Include Archive::Cpio in the installation CD
http://hydra.nixos.org/build/10268978
2014-04-11 17:16:44 +02:00
Eelco Dolstra
13185280fe Fix tests broken due to the firewall being enabled by default 2014-04-11 17:16:44 +02:00
Eelco Dolstra
017408e048 Use iptables' ‘-w’ flag
This prevents errors like "Another app is currently holding the
xtables lock" if the firewall and NAT services are starting in
parallel.  (Longer term, we should probably move to a single service
for managing the iptables rules.)
2014-04-11 17:16:44 +02:00
Eelco Dolstra
b9281e6a2d Fix NAT module 2014-04-11 17:16:44 +02:00
Ricardo M. Correia
b8a6eef6fa gradm: Attempt to fix build failure by using older flex
Thanks to @thoughtpolice for noticing and suggesting the fix!
2014-04-11 16:38:24 +02:00
Peter Simons
2396e9d036 perlPackages.PackageStash: Revert "update from 0.34 to 0.36"
This reverts commit 5adbf4d447. The update broke
the test suite of perl-Moose [1], which is required by Hydra.

[1] http://hydra.nixos.org/build/10268974
2014-04-11 15:23:34 +02:00
Mathijs Kwik
d87ae02fc1 synergy: upgrade to 1.4.17 2014-04-11 14:09:07 +02:00
Mathijs Kwik
62521d9ec6 openttd: upgrade to 1.4.0 2014-04-11 13:49:19 +02:00
Eelco Dolstra
ed82f188f9 nix-repl: Update 2014-04-11 12:54:54 +02:00
Oliver Charles
3befd72618 Merge pull request #2201 from offlinehacker/pkgs/postgresql93/darwin_fix
postgresql93: fix darwin builds
2014-04-11 11:38:49 +01:00
Eelco Dolstra
2da09363bf nix: Update to 1.7 2014-04-11 12:24:48 +02:00
Peter Simons
ad65a1e064 Revert "nixos: fix shell on conatiners"
This reverts commit c69577b7d6.
See https://github.com/NixOS/nixpkgs/pull/2198 for further details.
2014-04-11 12:07:00 +02:00