Oliver Charles
200e3535dc
Merge pull request #3141 from cstrahan/iomelt
...
iomelt: new package
2014-07-01 08:46:12 +01:00
Charles Strahan
25b53cddb4
iomelt: new package
...
This adds the IOMelt pacakge, "a simple yet effective way to benchmark disk IO
in Linux systems."
2014-06-30 23:50:38 -04:00
Eelco Dolstra
40f7b0f9df
Another attempt to eradicate ensureDir
...
See c556a6ea46
.
2014-06-30 14:56:10 +02:00
Michael Raskin
efb0c56db4
Update linux_testing and enable parallel build of Linux kernel
2014-06-30 10:52:33 +04:00
Michael Raskin
5a8a92c01a
Merge pull request #3007 from wkennington/master.syslinux
...
syslinux: Update 4.07 -> 6.02
2014-06-30 10:29:28 +04:00
Michael Raskin
dcf5e85c2f
Merge pull request #2595 from wkennington/master.ecryptfs
...
ecryptfs: Update from 82 -> 104
2014-06-30 09:26:24 +04:00
Michael Raskin
0ecfc6cb49
Merge pull request #2213 from thoughtpolice/kernel-config
...
nixos: make several kernel common-config options optional
2014-06-30 09:01:08 +04:00
Austin Seipp
dd56bfbd00
kernel/grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-27 00:52:12 -05:00
Vladimír Čunát
dfd80a1b7e
Merge recent master into x-updates
...
Hydra eval: 1131611
2014-06-26 22:05:15 +02:00
Vladimír Čunát
7998a598b6
linux-3.13: remove, as it's vulnerable
...
CC #3090 .
2014-06-26 11:50:15 +02:00
Vladimír Čunát
7f97fafe4f
linux-3.12: security update .22 ->.23, CVE-2014-0206
...
CC #3090 .
2014-06-26 11:33:00 +02:00
William A. Kennington III
aac54c6699
syslinux: Update 4.07 -> 6.02
2014-06-24 16:10:13 -05:00
Shea Levy
ee8ea41d58
Fix broadcom-sta on linux >= 3.15
...
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-wireless/broadcom-sta/files/broadcom-sta-6.30.223.141-linux-3.15.patch?view=markup
2014-06-24 09:25:25 -04:00
Eelco Dolstra
69deced59b
util-linux: Update to 2.24.2
2014-06-24 14:01:54 +02:00
Ricardo M. Correia
9e1ec18624
zfs, zfs.git: Update to 0.6.3
2014-06-23 15:52:21 +02:00
Ricardo M. Correia
b5b8b5247a
spl, spl.git: Update to 0.6.3
2014-06-23 15:52:20 +02:00
Austin Seipp
0399c5ee24
grsecurity: update stable/testing kernels, refactoring
...
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.
This also removes the vserver kernel, since it's probably not nearly as
used.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 22:29:10 -05:00
Austin Seipp
125c2b9468
gradm: 3.0-201401291757 -> 3.0-201405281853
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 20:26:24 -05:00
Michael Raskin
c68e3418fb
Update 3.16-rc to -rc2: -rc1 has problems with mounting BtrFS, will test -rc2
2014-06-22 19:45:07 +04:00
Austin Seipp
b8ede68b25
kernel/grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-21 22:13:49 -05:00
Vladimír Čunát
a4042c373b
alsa{Oss,Utils}: update to 1.0.28
...
I somehow forgot to update these other parts.
2014-06-20 10:12:43 +02:00
Vladimír Čunát
3ec2cea214
Merge master into x-updates
...
Conflicts (auto-solved):
pkgs/os-specific/linux/alsa-plugins/default.nix
2014-06-20 00:24:38 +02:00
Vladimír Čunát
36e79e3b90
upower: pull patches used in Ubuntu/trusty ( fix #2884 )
2014-06-19 20:51:30 +02:00
Vladimír Čunát
1a1c83fa77
alsa{Lib,Plugins}: update to 1.28.0
...
Dropped unrecognized option, patch no longer applying, fixed licenses.
2014-06-19 20:24:23 +02:00
Rok Garbas
870a8a0833
alsa-plugins: upgrade to 1.0.28
...
adding libogg as dependency should fix the build
2014-06-19 16:06:03 +01:00
Michael Raskin
8297a26746
Create an option to build 3.16-rc1 which carries a new Wireless driver; make USB_DEBUG optional as it seems to be planned to disappear in 3.16.
2014-06-18 00:23:48 +02:00
Mathijs Kwik
5bc69209b1
linux-3.15: upgrade to 3.15.1
2014-06-17 08:17:38 +02:00
Vladimír Čunát
9757785295
Merge recent master
2014-06-15 17:55:35 +02:00
Eelco Dolstra
27c72f337b
linux: Update to 3.12.22
...
Fixes CVE-2014-3153 (local privilege escalation via futex()).
2014-06-13 17:44:02 +02:00
Vladimír Čunát
de12094b0e
Merge recent master
2014-06-12 09:15:11 +02:00
Joel Taylor
58971f7b14
add htop fork for darwin ( close #2690 )
...
@vcunat made it a single conditional attribute.
Conflicts (trivial):
lib/maintainers.nix
2014-06-11 20:36:10 +02:00
Vladimír Čunát
f2352f7ecf
Merge recent master
2014-06-10 20:14:08 +02:00
Domen Kožar
7334e38af5
Merge pull request #2678 from offlinehacker/pkgs/systemd/fix_python
...
systemd: fix python support
2014-06-09 23:09:32 +02:00
Vladimír Čunát
5a98b9f514
Merge recent master into p/stdenv
...
Merged just before the pypi update, as it seems to cause problems on Hydra.
2014-06-09 19:07:31 +02:00
William A. Kennington III
8bb2313915
kernel: Add 3.15
2014-06-08 16:39:47 -05:00
William A. Kennington III
d91eacd720
kernel: 3.14.5 -> 3.14.6 ( close #2868 )
2014-06-08 09:12:05 +02:00
Vladimir Kirillov
1859dbc4a2
sysdig: update to 0.1.83
2014-06-06 17:21:00 +03:00
Austin Seipp
b43421221f
kernel/grsec: updates; add mainline package for brave souls
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-05 06:06:19 -05:00
Eelco Dolstra
246edc3df2
linux: Update to 3.12.21
2014-06-05 12:54:37 +02:00
William A. Kennington III
3a0b265af9
kernel: 3.14.4 -> 3.14.5 ( close #2831 )
2014-06-05 10:34:40 +02:00
Ricardo M. Correia
2030328fea
disk-indicator: Add package
...
A program that will turn a LED into a hard disk indicator.
2014-05-30 21:24:46 +02:00
Vladimír Čunát
872860e6de
Merge #1187 into p/stdenv
...
Tested building firefox, kdelibs, evince on x86_64-linux.
2014-05-29 22:16:07 +02:00
Cillian de Róiste
a1d350287b
Plymouth: update to 0.9.0, fix build, sanitize, enable systemd-integration
...
NOTE: I can start the daemon and ping it, but I haven't been able to
get it to do more than that.
2014-05-29 14:39:37 +02:00
Moritz Ulrich
29da3bce27
usermount: New Package.
...
A simple tool to automatically mount removable drives using UDisks2 and
D-Bus.
https://github.com/tom5760/usermount
2014-05-29 13:39:16 +02:00
Rob Vermaas
ce87d3e307
Merge pull request #2465 from robberer/nvidia/driver
...
nvidia-x11: add nvidia-uvm module which is necessary for blender GPU support
2014-05-28 08:30:22 +02:00
Michael Raskin
515a7e78fa
Updating conspy
2014-05-28 01:33:29 +04:00
Michael Raskin
f9c05a3bad
Merge pull request #2378 from wizeman/u/kernel-zram
...
linux: Add support for zram
2014-05-27 01:40:18 -07:00
Eelco Dolstra
fc70d6f712
nvidia-x11: Don't install nvidia-xconfig
...
Rewriting the X11 config doesn't work on NixOS.
2014-05-22 13:00:52 +02:00
Eelco Dolstra
5ec3a63fcb
nvidia-x11: Update to 331.79
2014-05-22 13:00:51 +02:00
Luca Bruno
df95a8cc2f
upower: add 0.99 version for gnome 3.12
2014-05-20 13:41:39 +02:00
Eelco Dolstra
2ee6c0c63e
linux: Update to 3.12.20
2014-05-19 16:03:37 +02:00
Austin Seipp
0781563b46
lockdep: 3.14.2 -> 3.14.4
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 15:28:50 -05:00
Austin Seipp
ac38b32974
kernel/grsec: another optional option
...
This should fix the testing kernels.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:57:10 -05:00
Austin Seipp
e64e3ad88a
kernel: only use DEBUG_STACKOVERFLOW if !grsecurity
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:56:52 -05:00
Austin Seipp
80d0e31a94
kernel: allow features to be used in common-config
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:49:32 -05:00
Austin Seipp
657998dbcb
kernel/common-config: Another optional option
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 19:44:03 -05:00
Austin Seipp
b5b434c98a
kernel: make some common-config options optional for grsec
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 16:37:22 -05:00
Austin Seipp
4f27ad14a1
grsec: refactor grsecurity packages
...
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:43 -05:00
Austin Seipp
cb894d4fc3
grsec: updates
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
92abc4c610
kernel: enable AppArmor by default
...
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
3efdeef6a3
linux-3.{4,10}: update
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
f7123982c2
apparmor: 2.8.2 -> 2.8.3
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Jaka Hudoklin
71b923fa74
systemd: fix python support
2014-05-17 12:13:29 +02:00
Ricardo M. Correia
1c2aacb5d8
spl: Fix compilation with grsecurity's constify plugin and kernels < 3.8
2014-05-15 13:25:47 +02:00
Eelco Dolstra
3d1d9bb7dd
linux-3.12: Apply patch for CVE-2014-0196
2014-05-14 14:11:48 +02:00
Vladimír Čunát
9c8ee7a7e5
linux: minor updates, probably often fixing CVE-2014-0196
2014-05-13 20:00:21 +02:00
Eelco Dolstra
abbf643ae2
linux: Update to 3.12.19
...
Backport: 14.04
2014-05-13 13:28:14 +02:00
Luca Bruno
9e7e3978f9
shadow: Fix lastlog and faillog to find logs in /var/log
...
Fixes #2575 and closes #2586 .
2014-05-13 11:32:10 +02:00
Michael Raskin
f8a62ff002
Allow no-kernel-module build of SysDig
2014-05-13 00:08:45 +04:00
Shea Levy
89238a251c
Merge branch 'sysdig-0.1.82-now-with-osx' of git://github.com/proger/nixpkgs
...
sysdig: updated to 0.1.82, starting to support Darwin builds (includes
luajit Darwin support)
2014-05-12 09:34:23 -04:00
Ricky Elrod
c0a30a4b51
htop: Bump to 1.0.3 ( close #2611 )
...
Signed-off-by: Ricky Elrod <ricky@elrod.me>
2014-05-11 13:45:25 +02:00
Vladimir Kirillov
96903d5e48
sysdig: support builds without the kernel module, add pkgs.sysdig attr
2014-05-10 13:50:49 +03:00
Vladimir Kirillov
96373a4041
sysdig: update to 0.1.82
2014-05-10 13:50:49 +03:00
William A. Kennington III
e2672e892a
keyutils: Update from 1.5.8 -> 1.5.9
2014-05-10 02:29:36 -05:00
Rickard Nilsson
5a0c8ff040
Merge pull request #2548 from proger/sysdig-0.1.81
...
sysdig: update to 0.1.81
2014-05-08 10:45:18 +02:00
Austin Seipp
130cb5d005
criu: upgrade, hopefully fix Hydra build
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-07 16:43:48 -05:00
Vladimir Kirillov
bf9612e797
sysdig: update to 0.1.81
2014-05-07 11:46:02 +03:00
Ricardo M. Correia
5b4006cddb
paxctl: Update from 0.7 -> 0.8
2014-05-06 20:29:06 +02:00
Vladimír Čunát
1796a939d4
b43-fwcutter: update 015 -> 018
2014-05-06 18:43:01 +02:00
Eelco Dolstra
24cbe874d6
systemd-journal-flush: Require /var/log/journal rather than all filesystems
...
Backport: 14.04
2014-05-05 16:47:43 +02:00
Eelco Dolstra
014fe1a3c3
sysinit.target: Don't depend on systemd-tmpfiles-setup.service
...
systemd-tmpfiles-setup.service pulls in local-fs.target, which
interferes with NixOps' send-keys feature (since sshd.service depends
indirectly on sysinit.target). Since in NixOS we don't use
systemd-tmpfiles for creating files (that's done by activation scripts
and preStart scripts), it's not a problem to start it a bit later.
Backport: 14.04
2014-05-05 16:47:02 +02:00
Vladimír Čunát
07aaea85d4
pam: upstream patch to fix CVE-2014-2583
2014-05-03 21:30:48 +02:00
robberer
9683c6e806
add nvidia-uvm module which is necessary for blender GPU support
2014-05-01 16:37:14 +02:00
Eelco Dolstra
cb45ecad34
systemd: Look for fsck.* in the right place
...
Fixes #2464 .
2014-05-01 14:32:58 +02:00
Austin Seipp
7faaa9e6da
lockdep: 3.14 -> 3.14.2
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-28 17:34:35 -05:00
Bjørn Forsman
6859853045
psmisc: (from upstream) Typo in fuser makes -M on all the time
2014-04-27 20:19:31 +02:00
Austin Seipp
92f7781f00
kernel/grsecurity: stable/longterm/testing updates
...
kernels:
- longterm: 3.4.87 -> 3.4.88
- longterm: 3.10.37 -> 3.10.38
- stable: 3.13.10 -> 3.13.11
- stable: 3.14.1 -> 3.14.2
grsecurity:
- test: 3.0-3.14.1-201404241722 -> 3.0-3.14.2-201404270907
NOTE: technically the 3.13 stable kernel is now EOL. However, it will
become the long-term grsecurity stable kernel, and will have ongoing
support from Canonical.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-27 08:41:42 -05:00
Ricardo M. Correia
efae8ce543
grsecurity: Update all patches
...
stable: 3.0-3.2.57-201404182109 -> 3.0-3.2.57-201404241714
test: 3.0-3.14.1-201404201132 -> 3.0-3.14.1-201404241722
vserver: 3.0-3.2.57-vs2.3.2.16-201404182110 -> 3.0-3.2.57-vs2.3.2.16-201404241715
2014-04-25 04:41:58 +02:00
Ricardo M. Correia
f0e3775f2e
linux: Add support for zram
2014-04-24 23:47:08 +02:00
Vladimír Čunát
116d52c6df
linux-3.12: bump .17 -> .18
2014-04-24 20:02:34 +02:00
Lluís Batlle i Rossell
8ef1d4ecdb
Making nvidia build with linux 3.14. Patch not needed anymore.
2014-04-23 16:06:15 +02:00
Ricardo M. Correia
419a71e1e5
spl, zfs: Add git versions, based on recent commits
...
Upstream has not been tagging new versions for a long time, but we need
compatibility with newer kernels. The 0.6.2 versions already have a bunch of
backported compatibility patches, but 3.14 kernels need even more.
Also, the git versions have fixed a bunch of crashes and other bugs, so perhaps
we should just bite the bullet and just use recent git versions (as sometimes
upstream recommends, when people run into bugs).
This adds a new "boot.zfs.useGit" boolean option, so that a user can
easily opt into using the git versions.
2014-04-23 01:42:52 +02:00
Eelco Dolstra
fb3629df49
systemd: Re-allow Restart=yes with Type=oneshot
2014-04-22 23:53:21 +02:00
Rickard Nilsson
5db9287b7c
rtkit: Update from 0.10 to 0.11
2014-04-21 23:22:10 +02:00
Ricardo M. Correia
5d5ca7b260
grsecurity: Update all patches
...
stable: 3.0-3.2.57-201404131252 -> 3.0-3.2.57-201404182109
test: 3.0-3.13.10-201404141717 -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
2014-04-21 18:46:41 +02:00
aszlig
625d7b9043
Merge pull request #1928 from 'cross-win-osx'.
...
This includes a lot of fixes for cross-building to Windows and Mac OS X
and could possibly fix things even for non-cross-builds, like for
example OpenSSL on Windows.
The main reason for merging this in 14.04 already is that we already
have runInWindowsVM in master and it doesn't work until we actually
cross-build Cygwin's setup binary as the upstream version is a fast
moving target which gets _overwritten_ on every new release.
Conflicts:
pkgs/top-level/all-packages.nix
2014-04-21 10:00:35 +02:00
Eelco Dolstra
4e8c2f0ff9
Merge branch 'systemd-update'
2014-04-20 19:31:01 +02:00
Eelco Dolstra
660d38e838
nvidia-x11: Update to 331.67
2014-04-18 21:50:00 +02:00
Eelco Dolstra
5da309fcaa
linux: Enable SND_DYNAMIC_MINORS
...
This is necessary if you get:
kernel: Too many HDMI devices
kernel: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
2014-04-18 21:50:00 +02:00
Eelco Dolstra
890d0cc3a5
firmware-linux-nonfree: Update to 0.41
2014-04-18 15:34:10 +02:00
Eelco Dolstra
7ea51b1c6c
Enable kmod-static-nodes.service
...
This creates static device nodes such as /dev/fuse or
/dev/snd/seq. The kernel modules for these devices will be loaded on
demand when the device node is opened.
2014-04-17 14:35:05 +02:00
Eelco Dolstra
9594421617
kmod: Respect $MODULE_DIR in ‘kmod static-nodes’
2014-04-17 13:52:30 +02:00
Eelco Dolstra
51a1e0a4a9
kmod: Update to 17
2014-04-17 13:46:48 +02:00
Eelco Dolstra
3f01caa89f
linux: Enable transparent hugepages
2014-04-16 22:40:07 +02:00
Eelco Dolstra
2503e7e0c8
systemd: Apply patch to make container logins work again
2014-04-16 18:15:48 +02:00
Eelco Dolstra
c21ef84810
linux-pam: Update to 1.1.8
2014-04-16 16:44:05 +02:00
Eelco Dolstra
7438b95437
util-linux: Update to 2.24.1
2014-04-16 16:31:58 +02:00
Eelco Dolstra
c81565f6cf
Remove hack for using upstream getty units
...
Also, enable the container-getty@ unit so that "machinectl login"
works.
2014-04-16 16:11:17 +02:00
Eelco Dolstra
19d4e40dfc
systemd: Build on i686-linux
2014-04-16 15:25:37 +02:00
Eelco Dolstra
0ac322c7a0
systemd-nspawn: Fix starting NixOS containers
2014-04-16 11:34:34 +02:00
William A. Kennington III
171a58bcd6
cpupower: Add package to replace cpufrequtils
2014-04-16 01:09:57 +02:00
Eelco Dolstra
ee9c068b0c
systemd: Update to 212
...
Note that systemd no longer depends on dbus, so we're rid of the
cyclic dependency problem between systemd and dbus.
This commit incorporates from wkennington's systemd branch
(203dcff45002a63f6be75c65f1017021318cc839,
1f842558a95947261ece66f707bfa24faf5a9d88).
2014-04-16 00:59:26 +02:00
Eelco Dolstra
07cb7451d9
lvm2: Update to 2.02.106
2014-04-15 18:02:07 +02:00
Eelco Dolstra
a37edbbb63
linux-headers: Add 3.14
2014-04-15 16:59:19 +02:00
Eelco Dolstra
0fc9f65ff2
linux-headers-2.6.28: Remove, no longer used
2014-04-15 16:50:29 +02:00
Peter Simons
e572b5c104
Merge pull request #2253 from jwiegley/watch
...
Add a recipe for installing "watch" from procps (#2227 )
2014-04-15 16:12:27 +02:00
Austin Seipp
ba2f861f05
kernel: stable/longterm updates
...
- stable: 3.14 -> 3.14.1
- longterm: 3.10.36 -> 3.10.37
- longterm: 3.4.86 -> 3.4.86
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-14 19:46:39 -05:00
Ricardo M. Correia
1b113178ee
grsecurity: Update test patch from 3.0-3.13.9-201404131254 -> 3.0-3.13.10-201404141717
2014-04-15 00:16:29 +02:00
Ricardo M. Correia
3a1c9a2945
linux: Update to 3.13.10
2014-04-15 00:16:29 +02:00
Eelco Dolstra
73b4b287bb
linux: Don't use underscores in the timestamp
2014-04-14 21:06:04 +02:00
John Wiegley
7a59054dce
Add a recipe for installing "watch" from procps ( #2227 )
2014-04-14 09:10:10 -05:00
Bjørn Forsman
1296372681
cifs-utils: update 6.2 -> 6.3
...
January 9, 2014: Release 6.3:
* fixes for various bugs turned up by Coverity
* clean unused cruft out of upcall binary
* add new pam_cifscreds PAM module for establishing NTLM creds on login
* https://lists.samba.org/archive/samba-technical/2014-January/097124.html
2014-04-13 22:56:21 +02:00
Bjørn Forsman
5e50b35a26
bluez5: remove unneeded libusb dependency
...
bluez >= 5.9 does not depend on libusb[1].
[1] http://www.bluez.org/release-of-bluez-5-9/
2014-04-13 22:46:47 +02:00
Austin Seipp
788d9a13fb
grsecurity: stable/vserver/testing updates
...
- stable: 201404111812 -> 201404131252
- vserver: vs2.3.2.16-201404111814 -> vs2.3.2.16-201404131253
- testing: 201404111815 -> 201404131254
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 13:11:17 -05:00
Michael Raskin
e86e76e560
Adding sysdig system call tracer for Linux
2014-04-13 20:49:37 +04:00
Bjørn Forsman
d1f875c6af
lttng project: update from 2.3.0 to 2.4.1
...
(And update liburcu to 0.8.4 according to release notes for lttng 2.4.x.)
In addition to new features and bug fixes, version 2.4.x is needed to build
against Linux 3.12 (our new stable kernel).
2014-04-13 10:47:16 +02:00
Austin Seipp
172dc1336f
nixos: add grsecurity module ( #1875 )
...
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.
- New security.grsecurity NixOS attributes.
- All grsec kernels supported
- Allows default 'auto' grsec configuration, or custom config
- Supports custom kernel options through kernelExtraConfig
- Defaults to high-security - user must choose kernel, server/desktop
mode, and any virtualisation software. That's all.
- kptr_restrict is fixed under grsecurity (it's unwriteable)
- grsecurity patch creation is now significantly abstracted
- only need revision, version, and SHA1
- kernel version requirements are asserted for sanity
- built kernels can have the uname specify the exact grsec version
for development or bug reports. Off by default (requires
`security.grsecurity.config.verboseVersion = true;`)
- grsecurity sysctl support
- By default, disabled.
- For people who enable it, NixOS deploys a 'grsec-lock' systemd
service which runs at startup. You are expected to configure sysctl
through NixOS like you regularly would, which will occur before the
service is started. As a result, changing sysctl settings requires
a reboot.
- New default group: 'grsecurity'
- Root is a member by default
- GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
making it possible to easily add users to this group for /proc
access
- AppArmor is now automatically enabled where it wasn't before, despite
implying features.apparmor = true
The most trivial example of enabling grsecurity in your kernel is by
specifying:
security.grsecurity.enable = true;
security.grsecurity.testing = true; # testing 3.13 kernel
security.grsecurity.config.system = "desktop"; # or "server"
This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:
security.grsecurity.enable = true;
security.grsecurity.stable = true; # enable stable 3.2 kernel
security.grsecurity.config = {
system = "server";
priority = "security";
virtualisationConfig = "host";
virtualisationSoftware = "kvm";
hardwareVirtualisation = true;
}
This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Austin Seipp
acbf28145c
nixos: make several kernel common-config options optional
...
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.
The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.
This is really just an arbitrary picking at the moment, but it should be
OK.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:39:29 -05:00
Mathijs Kwik
5a3fa7f88f
nvidia-x11: patch for kernel 3.14 support
2014-04-11 23:40:16 +02:00
Peter Simons
3c7f5870e3
Merge pull request #2197 from offlinehacker/pkgs/lxc/rootfs_fix
...
lxc: set rootfs path somewhere outside /nix/store
2014-04-10 12:34:08 +02:00
Mathijs Kwik
4219eb430d
intel-microcode: upgrade to 20140122
2014-04-10 11:57:20 +02:00
Jaka Hudoklin
c7e94de91f
lxc: set rootfs path somewhere outside /nix/store
...
This commit fixes lxc to eventually work
2014-04-10 11:46:06 +02:00
Ricardo M. Correia
5dfc6584a5
grsecurity: Update stable patch from 3.0-3.2.56-201404062126 -> 3.0-3.2.57-201404091758
2014-04-10 00:37:33 +02:00
Ricardo M. Correia
c50abd0e13
linux: Update to 3.2.57
2014-04-10 00:37:33 +02:00
Peter Simons
2cc462eb11
lxc: update from 1.0.1 to 1.0.3
2014-04-09 12:41:10 +02:00
Peter Simons
30aa995a42
busybox: update from 1.21.1 to 1.22.1
2014-04-09 12:41:10 +02:00
Austin Seipp
3ff158289a
lockdep: refactor into non-kernel package
...
Lockdep doesn't *really* require the kernel package - just the kernel
sources. It's really a user-space tool just compiled from some portable
code within the kernel, nothing more.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-08 19:21:55 -05:00
Eelco Dolstra
2ba552fb2e
Revert "Fix services.udisks.enable."
...
This reverts commit 02a30bea44
,
necessary after reverting to udisks 1.0.4.
http://hydra.nixos.org/build/10194840
2014-04-08 13:28:24 +02:00
Austin Seipp
05ec851050
kernel: longterm updates
...
- longterm: 3.4.85 -> 3.4.86
- longterm: 3.10.35 -> 3.10.36
- longterm: 3.12.15 -> 3.12.17
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-07 13:56:50 -05:00
Austin Seipp
4dc15c087a
musl: version 1.0.0
...
NB: This currently doesn't add a working musl-wrapper around musl-gcc to
allow it to work properly (musl has its own dynamic linker as well as
libc too which must be accounted for). But at the moment it builds fine,
and I plan on working more on it in the future. So lets get it
integrated and building on Hydra.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-07 10:31:31 -05:00
Ricardo M. Correia
807fad571a
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.56-201404012135 -> 3.0-3.2.56-201404062126
test: 3.0-3.13.8-201404011912 -> 3.0-3.13.9-201404062127
2014-04-07 15:31:12 +02:00
Ricardo M. Correia
c494289c12
linux: Update to 3.13.9
2014-04-07 15:31:12 +02:00
Eelco Dolstra
59ea2d7ba5
Apply patch for CVE-2014-0004 to udisks-1.0.4
...
(cherry picked from commit 3b1f9899618f81794ce8b88fe4eaa867e549eb06)
2014-04-07 13:22:12 +02:00
Eelco Dolstra
fa6b9baea9
Revert "udisks1: bump to fix CVE-2014-0004"
...
This reverts commit 0194a44d63c613065bb5c55d50470881c00563c2 because
it breaks udisks on 13.10 (e.g. running "udisks --enumerate" will
print "Unit udisks.service failed to load").
(cherry picked from commit d7daf1a47f0d3d759555a3f0a0f09398c69c6b28)
2014-04-07 13:22:12 +02:00
Shea Levy
9949d0255e
Merge branch 'make-the-kernel-build-repeatable' of git://github.com/alexanderkjeldaas/nixpkgs
...
Make the kernel build and initrd generation binary repeatable (#2128 )
2014-04-06 17:02:16 -04:00
Austin Seipp
ef903555fd
gradm: learn of all accesses for /nix/store
...
This is necessary for gradm's learning mode to work, as otherwise the
/nix/store directory is marked hidden, which causes the kernel to reject
the linker loading ld-linux.so
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-06 21:51:35 +02:00
Austin Seipp
784062214c
gradm: fix gradm_pam path
...
We alredy rewrote /sbin/gradm, which technically matches
/sbin/gradm_pam, so this ends up working exactly as we want. Otherwise
we rewrite twice and gradm can't execute the PAM module with '-p'
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-06 21:51:26 +02:00
Shea Levy
d35619429a
Merge branch 'cache.su' of git://github.com/wkennington/nixpkgs
...
su: Make the su package a provider of only the su binary
Fixes #1877
2014-04-05 18:49:30 -04:00
William A. Kennington III
28ab3acb58
su: Make the su package a provider of only the su binary
...
Additionally, provide su with the base system and remove su from the
util-linux package as it is now provided by shadow.
2014-04-05 16:01:52 -05:00
Alexander Kjeldaas
4aeb10b09a
Make cpufrequtils compilation pure.
2014-04-05 09:08:05 +02:00
Alexander Kjeldaas
c69eb7c2c1
Remove timestamp from the kernel.
2014-04-05 08:40:55 +02:00
Evgeny Egorochkin
9f957d054f
hostapd: update from 2.0 to 2.1
2014-04-03 07:05:07 +03:00
Shea Levy
0c66dbaee6
Enable CC_STACKPROTECTOR_REGULAR on linux 3.14+
2014-04-02 17:58:54 -04:00
Vladimír Čunát
8146737127
Merge #2090 : add new lockdep tool from Linux 3.14
2014-04-02 20:55:30 +02:00
Ricardo M. Correia
52d233af22
grsecurity: Update stable patch from 3.0-3.2.55-201403300851 -> 3.0-3.2.56-201404012135
2014-04-02 15:11:33 +02:00
Ricardo M. Correia
e8c6c60b93
linux: Update to 3.2.56
2014-04-02 15:11:32 +02:00
Domen Kožar
f7b19ea8b3
typo
2014-04-02 12:40:59 +02:00
Ricardo M. Correia
407a6857c6
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403252026 -> 3.0-3.2.55-201403300851
test: 3.0-3.13.7-201403252047 -> 3.0-3.13.8-201404011912
2014-04-02 02:16:59 +02:00
Austin Seipp
19bc051ca1
kernel: stable/longterm updates
...
- longterm: 3.4.83 -> 3.4.85
- longterm: 3.10.33 -> 3.10.35
- longterm: 3.12.14 -> 3.12.15
- stable: 3.13.7 -> 3.13.8
NOTE: This will break the testing grsec kernel at the moment (there's
not a 3.13.8 patch yet), but it's destined to be upgraded to 3.14 soon
anyway.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 11:11:10 +02:00
Austin Seipp
7288f25bd1
kernel: stable/longterm updates
...
- longterm: 3.4.83 -> 3.4.85
- longterm: 3.10.33 -> 3.10.35
- longterm: 3.12.14 -> 3.12.15
- stable: 3.13.7 -> 3.13.8
NOTE: This will break the testing grsec kernel at the moment (there's
not a 3.18.8 patch yet), but it's destined to be upgraded to 3.14 soon
anyway.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 03:03:00 -05:00
Austin Seipp
1459896be1
kernel: add myself to maintainer list
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 02:59:20 -05:00
Austin Seipp
bdff718c5b
kernel: add lockdep expression
...
Lockdep is the kernel's locking validation/debugging tool and has seen
heavy pro-active usage and development. In Linux 3.14, it's now
available directly to userspace for the same purpose. It comes with a
convenient utility to LD_PRELOAD a shared library for validation, or a
user-space API to link to directly.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 01:20:46 -05:00
Austin Seipp
9493159017
kernel: remove 3.11 series (EOL)
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 00:56:23 -05:00
Shea Levy
2d4ce25b5b
Add linux 3.14
2014-03-31 20:54:47 -04:00
Jaka Hudoklin
4eefc983a2
xcode: fix hash
2014-04-01 01:34:07 +02:00
Domen Kožar
c6ebbd29e5
add v4l2loopback: a kernel module to create V4L2 loopback devices
2014-03-31 20:02:53 +02:00
ambrop7@gmail.com
bc2984d77d
nvidia-x11: Fix build with kernel 3.13.
2014-03-29 23:35:14 +01:00
Shea Levy
701cb6b099
Merge branch 'nixos/containers/fix1' of git://github.com/offlinehacker/nixpkgs
...
nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt)
2014-03-28 23:39:01 -04:00
Eelco Dolstra
98c3caed93
nvidia-x11: Update to 331.49
2014-03-28 16:43:56 +01:00
Ricardo M. Correia
911f332279
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403202347 -> 3.0-3.2.55-201403252026
test: 3.0-3.13.6-201403202349 -> 3.0-3.13.7-201403252047
2014-03-26 23:07:57 +00:00
Ricardo M. Correia
1c73e6f9d8
linux: Update to 3.13.7
2014-03-26 23:07:57 +00:00
Moritz Ulrich
02a30bea44
Fix services.udisks.enable.
...
Latest update to udisks in 344f2e65
broke it for me. Fix it by doing the
following:
- Add udisks.service to /etc/systemd/system (via systemd.packages)
- Fix path to udisks-daemon in udisks.service (libexec/ instead of lib/)
2014-03-25 16:52:45 +01:00
Jaka Hudoklin
70a4c7b1df
nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt)
...
- Make dhcp work, use dhcpcd without udev in container
- Make login shell work, patch getty to not wait for /dev/tty0
- Make ssh work, sshd/pam do not start session
2014-03-24 23:59:50 +01:00
Mathijs Kwik
231f6c5460
psmisc: the tarball got updated upstream
...
looking at our git history, I think it is very peculiar that we
managed to have this version (22.21) 2 months before release :)
So I think we were using some beta/rc that accidentally got called
22.21
2014-03-24 10:35:52 +01:00
Ricardo M. Correia
f63d2dba0a
pax-utils: Update from 0.7 -> 0.8.1
2014-03-21 16:14:17 +01:00
Ricardo M. Correia
9db587bf7d
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403172027 -> 3.0-3.2.55-201403202347
test: 3.0-3.13.6-201403172032 -> 3.0-3.13.6-201403202349
2014-03-21 15:41:32 +01:00
Vladimír Čunát
00cfc70b10
linux: update to 3.12.14 and 3.10.33
2014-03-21 15:38:52 +01:00
Evgeny Egorochkin
5115636037
bluez5: update from 5.12 to 5.16
2014-03-21 16:04:15 +02:00
Shea Levy
e4961c63f7
Remove sec_perm patch that was needed by AUFS
...
Now the kernel is unpatched by default on non-MIPS!
2014-03-21 04:37:23 -04:00
Shea Levy
f4c989ede4
Merge branch 'master' of git://github.com/hrdinka/nixpkgs
...
conky: add config options
2014-03-20 20:14:14 -04:00
Austin Seipp
9bcc48a4b2
criu: attempt to fix doc building on Hydra
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-20 14:01:57 -05:00
Austin Seipp
7dcf9f6907
criu: only supported on 64-bit
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-20 13:41:05 -05:00
Vladimír Čunát
8a8ae81e40
acpid: update from 2.0.21 to 2.0.22
2014-03-19 21:56:48 +01:00
Vladimír Čunát
3cf4029981
Merge pull request #1972 from vcunat/p/procps
...
procps-ng: make it the default procps (name and attr)
2014-03-19 17:54:30 +01:00
Ricardo M. Correia
cc69228119
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403142107 -> 3.0-3.2.55-201403172027
test: 3.0-3.13.6-201403142112 -> 3.0-3.13.6-201403172032
2014-03-18 16:51:25 +01:00
Eelco Dolstra
c0f3f6e396
linux: Update to 3.4.83
2014-03-17 11:25:48 +01:00
mornfall
ec353692ad
Merge pull request #1849 from thoughtpolice/criu
...
criu: version 1.2
2014-03-16 22:58:54 +01:00
Vladimír Čunát
ca09a878d0
procps-ng: make it the default procps (name and attr)
2014-03-16 19:07:38 +01:00
Austin Seipp
47b35d5e80
criu: version 1.2
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-16 07:16:34 -05:00
Christoph Hrdinka
26d5d506c9
conky: add config options
2014-03-16 12:30:15 +01:00
Cillian de Róiste
b57ee8c331
nixpkgs-lint: add the platforms meta attr for most of my packages
2014-03-16 12:08:26 +01:00
Ricardo M. Correia
e76c059b23
grsecurity: Fix grsec-path.patch to apply with newest patches
2014-03-15 18:01:47 +01:00
Peter Simons
f1a30454f6
Merge pull request #1942 from thoughtpolice/fixups
...
Trivial fixes for my packages
2014-03-15 09:35:35 +01:00
Ricardo M. Correia
ceec014020
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403122114 -> 3.0-3.2.55-201403142107
test: 3.0-3.13.6-201403122116 -> 3.0-3.13.6-201403142112
2014-03-15 04:15:28 +01:00
Ricardo M. Correia
3c97fdc7a8
spl, zfs: Add myself as a maintainer
2014-03-15 02:01:57 +01:00
Shea Levy
602cf8d78c
Merge branch 'u/zfs-import' of git://github.com/wizeman/nixpkgs
...
zfs: Misc fixes
2014-03-14 19:40:34 -04:00
Shea Levy
0c12dd3ded
Merge branch 'pkgs/systemd/journald_http_gateway' of git://github.com/offlinehacker/nixpkgs
...
systemd: python support & journal http gateway
Conflicts:
nixos/modules/misc/ids.nix
2014-03-14 19:16:59 -04:00
Shea Levy
3f6603a80e
Fix alsa-utils
2014-03-14 09:08:04 -04:00
Nixpkgs Monitor
69fff447aa
alsaUtils: update from 1.0.27 to 1.0.27.2
2014-03-14 11:16:56 +01:00
Vladimír Čunát
d6349df0dd
put systemd unit dirs on the right place
...
Also see #1936 .
2014-03-13 21:44:51 +01:00
Vladimír Čunát
344f2e6518
udisks1: bump to fix CVE-2014-0004
...
Also systemd unit is now installed.
Thanks to nixpkgs monitor again, as for all my CVE commits.
2014-03-13 21:16:50 +01:00
Shea Levy
0f72effdd9
The derivation primop doesn't play well with null outputs attribute
2014-03-13 15:05:15 -04:00
Evgeny Egorochkin
0ffbfd38bf
udisks2: update from 2.1.1 to 2.1.3, potentially fixes CVE-2014-0004
2014-03-13 08:59:25 +02:00
Ricardo M. Correia
86b8cf954a
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403072107 -> 3.0-3.2.55-201403122114
test: 3.0-3.13.6-201403072241 -> 3.0-3.13.6-201403122116
2014-03-13 02:28:58 +01:00
Domen Kozar
059e8e179b
set all licenses to be attributes (and wait for Nix 1.7)
2014-03-12 21:20:43 +01:00
aszlig
c7bac81c66
Merge 'mingw-w64' and 'darwin' into cross-win-osx.
...
Both branches have quite a lot in common, so it's time for a merge and
do the cleanups with respect to both implementations and also generalize
both implementations as much as possible.
This also closes #1876 .
Conflicts:
pkgs/development/interpreters/lua-5/5.2.nix
pkgs/development/libraries/SDL/default.nix
pkgs/development/libraries/glew/default.nix
pkgs/top-level/all-packages.nix
2014-03-12 10:16:51 +01:00
aszlig
a445199db4
xcode: Update to new version 5.1.
...
This version just got released two days ago, while we were working for
cross-builds on 5.0.2. From the release notes it shouldn't introduce any
incompatibilities.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:49 +01:00
aszlig
a6621202af
xcode: Drop use of weak_import on enumerators.
...
GCC doesn't support attributes on enumerators, which could pose a
problem but fortunately not in this case. Here a
__attribute__((weak_import)) is used, which doesn't make much sense for
enumerators anyway (noone will die because the corresponding enumerator
won't be referenced either in older OS X versions).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:49 +01:00
aszlig
3940b21988
cctools-port: Pass through wrapped XCToolchain.
...
At the moment, this includes only dyldinfo, dwarfdump and dsymutil, but
we'll see whether we need more of these utilities later.
Tho reason those are wrapped in cctools-port is because it is the
binutils used to cross-compile for Mac OS X.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:46 +01:00
aszlig
45cd9994bc
darwin: Add new package maloader.
...
This is the mentioned Mach-O loader that we're yoing to use to execute
Apple's proprietary binaries.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:45 +01:00
aszlig
53a267e535
darwin: Add new package opencflite.
...
This provides a port of Mac OS X's CoreFoundation and is needed if we
want to be able to run dsymutil using maloader.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:45 +01:00
aszlig
c0d55fcc6a
xcode: Provide the commandline toolchain as well.
...
This toolchain contains Mach-O binaries and might not be useful in the
first place, but there are programs like dsymutil, where Apple didn't
release the source code, so we need a Mach-O loader...
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:45 +01:00
aszlig
dd10bb3181
Add a cross-platform port of cctools.
...
This basically is binutils for Mac OS X, but ported to work on
(GNU/)Linux and FreeBSD.
And it's up-to-date as well! I'm mentioning this, because it was quite
hard to find a recent port of it and I just accidentally stumbled on it
while trying to do the port by myself.
So thanks to @tpoechtrager for doing this.
Also, I've added two more patches, which essentially are:
* ld-rpath-nonfinal:
This allows -rpath to be used for linking non-final builds, which
was allowed for earlier versions of cctools and got a check for
that in more recent versions.
* ld-ignore-rpath-link:
Ignores the -rpath-link option, because the cross-wrapper uses it
in different places. Unfortunately, the cctools linker doesn't
support it, so we might need to implement this later if it's
possible (I'm not a Mach-O man^H^H^Hexpert).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:44 +01:00
aszlig
83dd414ca2
Add new package for Apple's XCode.
...
This package provides the SDK and standard library needed for
cross-compiling to Mac US X. We're using xpwn here to extract the DMG.
Also, this version (XCode 5.0.2) only contains the SDKs for version 10.9
and 10.8, so we might need to add requireFile directives for older
versions as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:43 +01:00
Peter Simons
24d0e07a47
wpa_supplicant: cosmetic to un-break syntax highlighting
2014-03-11 12:34:48 +01:00
Peter Simons
813533f49a
wpa_supplicant: cherry-pick future patch that disable strict SSL certificate checks
...
Close #1913 .
2014-03-11 12:34:33 +01:00
Ricardo M. Correia
d999872b8d
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201403022154 -> 3.0-3.2.55-201403072107
test: 3.0-3.13.5-201403031445 -> 3.0-3.13.6-201403072241
2014-03-10 17:23:17 +01:00
Ricardo M. Correia
9b650b074b
linux: Update to 3.13.6
2014-03-10 17:23:17 +01:00
Bjørn Forsman
8d18d58f91
can-utils: new package
...
CAN userspace utilities and tools (for use with Linux SocketCAN).
There is no real "homepage" for this project (the only thing I could
find was the gitorious page) and they haven't produced any proper
releases (source archives and/or git tags), even though git history goes
back to 2006 and things seem stable.
2014-03-09 14:19:39 +01:00
Peter Simons
c9f64fb8ba
lxc: update from 1.0.0 to 1.0.1
2014-03-08 12:47:18 +01:00
Austin Seipp
fb055c10f6
Make my packages slightly more consistent.
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-07 20:27:02 -06:00
Rob Vermaas
7047235acb
Now properly add nvidiabl.
2014-03-07 16:08:38 +01:00
Domen Kožar
339651b855
Merge pull request #1817 from wkennington/cache.wpasupplicant
...
wpa_supplicant: Update 2.0 -> 2.1
2014-03-07 13:20:39 +01:00
Ricardo M. Correia
a7e65a8a95
zfs: Fix compilation on 3.13 and later kernels
2014-03-04 12:58:59 +01:00
Ricardo M. Correia
c5b3257388
spl: Fix compilation on 3.13 and later kernels
2014-03-04 12:58:55 +01:00
Ricardo M. Correia
17073197e9
spl: Fix compilation on 3.12 and later kernels
2014-03-04 12:58:39 +01:00
Ricardo M. Correia
d01242edb8
zfs: Fix minor filesystem corruption with gcc 4.8
...
It turns out that some of gcc 4.8's aggressive optimizations may
cause minor filesystem corruption in ZFS. To fix it, a patch was
cherry-picked from the upstream's git tree.
See: https://github.com/zfsonlinux/zfs/pull/2051
2014-03-04 12:58:11 +01:00
Ricardo M. Correia
e0fe5e7c38
zfs: Fix libblkid detection (backport from upstream)
...
This fixes issues with importing ZFS pools, such as when the ZFS device is a
partition that covers the end of the disk.
See: https://github.com/zfsonlinux/zfs/issues/1684
2014-03-04 12:58:11 +01:00
Moritz Ulrich
5d05dde655
ldm: Use meta.repositories.git.
...
Improves reliability of nixpkgs-monitor.
2014-03-04 12:44:15 +01:00
Austin Seipp
c4d5757e29
grsecurity updates
...
- stable: 3.0-3.2.55-201402241936 -> 3.0-3.2.55-201403022154
- testing: 3.0-3.13.5-201402241943 -> 3.0-3.13.5-201403031445
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-04 01:13:22 +01:00
Corey O'Connor
19c59ab984
upgrade bbswitch to 0.8
2014-03-04 01:05:12 +01:00
aszlig
c6cb3276dd
windows/cygwin-setup: Drop meta.platforms attr.
...
This prevents cross-builds, so let's drop it for now.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-04 00:52:39 +01:00
aszlig
1771e07e20
os-specific/windows: Add new package cygwinSetup.
...
This is primarily going to be used for vmTools.runInWindowsVM, but in
theory, it could also work with Nix on CygWin which I haven't tested.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-03 23:18:33 +01:00
aszlig
e64b342fa8
Use mingw-w64 for 32bit Windows builds as well.
...
Mingw(32) is rather poorly maintaned and has quite a lot of bugs. And
because our Windows cross builds were also poorly maintained and most of
the cross-tests were broken as well, I'm just taking this step and try
to switch to mingw-w64 for everything "cross Windows".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-03 22:38:48 +01:00
mornfall
528b600ec6
Merge pull request #1867 from thoughtpolice/fixes
...
Some minor fixes for my packages - ktap, cb0cat, etc
2014-03-03 20:36:08 +01:00
William A. Kennington III
a19cf91652
wpa_supplicant: Update 2.0 -> 2.1
2014-03-03 10:26:04 -06:00
Peter Simons
f9af98f1fd
ipsecTools: update from 0.8.1 to 0.8.2
2014-03-03 11:10:24 +01:00
Ricardo M. Correia
69a83ba99f
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.55-201402221305 -> 3.0-3.2.55-201402241936
test: 3.0-3.13.4-201402221308 -> 3.0-3.13.5-201402241943
2014-03-03 02:16:58 +01:00
Ricardo M. Correia
8109de905a
linux: Update to 3.13.5
2014-03-03 02:16:50 +01:00
Austin Seipp
812d17f177
ktap: don't use FFI by default
...
It's not yet supported on i386 - instead, make it optional and
controlled by a `useFFI` attribute.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-02 06:16:56 -06:00
Austin Seipp
73bcce319b
ktap: Update to 0.5-e7a38ef0
...
This adds a new, useful net library as well.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-02 05:52:36 -06:00
Austin Seipp
6a88b95ac7
checksec: add homepage
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-02 05:51:49 -06:00
Ricardo M. Correia
84011efb74
paxctl: Use http instead of https
...
This is needed since paxctl is going to be added to stdenv but
early stdenv curl does not support https.
2014-02-28 00:15:55 +01:00
mornfall
5fe6abc099
Merge pull request #1824 from thoughtpolice/ktap
...
ktap: add v0.5-dev from git
2014-02-27 19:48:29 +01:00
mornfall
2d9492b14d
Merge pull request #1793 from thoughtpolice/reptyr
...
reptyr: version 0.5
2014-02-27 19:47:19 +01:00
Evgeny Egorochkin
05c19ced9b
linuxPackages_3_12.perf: update from 3.12.12 to 3.12.13
2014-02-26 20:49:27 +02:00
Peter Simons
2dc6bcbc40
libselinux: update from 2.2.1 to 2.2.2
2014-02-24 22:04:40 +01:00
Peter Simons
9f714fbafa
iw: update from 3.11 to 3.14
2014-02-24 22:04:40 +01:00
Peter Simons
01aaf816c9
acpid: update from 2.0.20 to 2.0.21
2014-02-24 22:04:40 +01:00
Peter Simons
abca8f64f2
lxc: update from 1.0.0.beta4 to 1.0.0
2014-02-24 21:17:55 +01:00
aszlig
44cfba7950
mingw-w64-pthreads: Create based on mingw-w64.
...
The winpthreads library is part of the same source package, so let's
just override the name and the source directory.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-24 07:26:24 +01:00
aszlig
4fde72c7d6
mingw-w64: Fix typo in preConfigure hook.
...
D'oh, no wonder the headers are of almost the same size as the main
package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-24 07:26:23 +01:00
aszlig
a78c6490d7
mingw-w64: Update to new upstream version 3.1.0.
...
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-24 07:26:22 +01:00
Austin Seipp
60728bc46c
ktap: add v0.5-dev from git
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-23 22:29:56 -06:00
Austin Seipp
7f4b97d495
grsecurity: stable/testing updates
...
- stable: 3.0-3.2.55-201402201903 -> 3.0-3.2.55-201402221305
- testing: 3.0-3.13.4-201402201908 -> 3.0-3.13.4-201402221308
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-22 20:29:25 +01:00
Ricardo M. Correia
6554a490f6
gradm, pax-utils, paxctl: Add myself as a maintainer
2014-02-22 20:17:00 +01:00
Ricardo M. Correia
4ee12df331
pax-utils: Fix URL
2014-02-22 19:25:33 +01:00
Ricardo M. Correia
bf02ae28d6
gradm: Fix URL
2014-02-22 19:25:33 +01:00
Ricardo M. Correia
1b60ee5f67
paxctl: Fix URL
2014-02-22 19:17:53 +01:00
Ricardo Correia
39fbd8f4fb
Merge pull request #1771 from thoughtpolice/grsec-tools
...
grsecurity: add gradm, paxctl, and pax-utils (take #2 )
2014-02-22 18:14:57 +01:00
Vladimír Čunát
351f704091
Merge x-updates into master
...
There's a major dbus bump (1.6 -> 1.8), and various minor fixes and updates.
2014-02-22 11:28:51 +01:00
Austin Seipp
4631a65c43
grsecurity: add pax-utils-0.7
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-21 13:17:56 -06:00
Austin Seipp
c2e4ccd4ad
grsecurity: add paxctl-0.7
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-21 13:17:53 -06:00
Austin Seipp
f1459cd4b0
grsecurity: add gradm-3.0-201401291757
...
This also ensures the appropriate udev rules are installed.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-21 13:14:11 -06:00
Ricardo Correia
308015e213
Merge pull request #1801 from thoughtpolice/kernel-grsec
...
kernel: stable updates, grsecurity patch updates
2014-02-21 19:23:49 +01:00
Domen Kožar
368839c703
Merge pull request #1467 from iElectric/buildPythonPackage-refactor
...
buildPythonPackage refactoring
2014-02-21 18:33:48 +01:00
Domen Kožar
f1db57f1fe
buildPythonPackage: fix more borken packages
2014-02-21 18:29:57 +01:00
Austin Seipp
18f65f3640
grsecurity: stable/testing updates
...
- stable: 3.0-3.2.55-201402192249 -> 3.0-3.2.55-201402201903
- testing: 3.0-3.13.3-201402192252 -> 3.0-3.13.4-201402201908
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 20:21:16 -06:00
Austin Seipp
a1dc5ea707
kernel: stable updates
...
- 3.13 stable: 3.13.3 -> 3.13.4
- 3.12 stable: 3.12.11 -> 3.12.12
- 3.10 longterm: 3.10.30 -> 3.10.31
- 3.4 longterm: 3.4.80 -> 3.4.81
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 20:21:11 -06:00
Vladimír Čunát
ae5d8f6768
Merge master into x-updates
2014-02-20 20:55:31 +01:00
Ricardo Correia
1c645521bd
Merge pull request #1796 from thoughtpolice/grsec
...
grsecurity: stable/testing updates
2014-02-20 14:18:29 +01:00
Rob Vermaas
cf00cd5e36
Add support for printing qr code for google-authenticator.
2014-02-20 12:30:49 +01:00
Austin Seipp
58e08a1a4f
grsecurity: stable/testing updates
...
- stable: 3.0-3.2.55-201402152203 -> 3.0-3.2.55-201402192249
- testing: 3.0-3.13.3-201402152204 -> 3.0-3.13.3-201402192252
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 04:53:19 -06:00
Austin Seipp
7411fabd3e
checksec: version 1.5
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 04:26:17 -06:00
Austin Seipp
e43130d379
reptyr: version 0.5
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-19 15:05:36 -06:00
Austin Seipp
c137015328
grsecurity updates.
...
- stable: 3.0-3.2.54-201402062221 -> 3.0-3.2.55-201402152203
- testing: 3.0-3.13.3-201402132113 -> 3.0-3.13.3-201402152204
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-17 07:27:51 -06:00
Austin Seipp
8e349e721c
linux: 3.2.54 -> 3.2.55
...
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-17 07:27:51 -06:00
William A. Kennington III
52248aa7a2
kernel: 3.12.10 -> 3.12.11 ( close #1743 )
2014-02-16 14:20:09 +01:00
Vladimír Čunát
96f07fa74e
Merge master into x-updates
2014-02-16 11:45:02 +01:00
Vladimír Čunát
57240400cb
nvidia driver: allow building on Hydra, maintain
...
The stuff is unfree, but distribution in any form *is* encouraged, c.f.
http://metadata.ftp-master.debian.org/changelogs//non-free/n/nvidia-graphics-drivers/nvidia-graphics-drivers_319.82-1_copyright
2014-02-16 10:07:31 +01:00
Vladimír Čunát
180e5ca0db
nvidia driver: fix eval with older kernels (e.g. 3.10)
2014-02-16 09:53:15 +01:00
Cillian de Róiste
93f7b77067
xf86_input_wacom: update from 0.20.0 to 0.23.0
2014-02-15 20:45:10 +01:00
William A. Kennington III
bdb842d5eb
Move all db4 packages to the default db5
2014-02-15 12:03:02 +01:00
Evgeny Egorochkin
daa2827b99
grsecurity: update patch
2014-02-14 18:13:05 +02:00
Evgeny Egorochkin
fc213ccfa8
linux_3_13: update from 3.13.2 to 3.13.3
2014-02-14 16:56:38 +02:00
Evgeny Egorochkin
699509db14
linux_3_10: update from 3.10.29 to 3.10.30
2014-02-14 16:55:44 +02:00
Evgeny Egorochkin
ad4e2bd499
linux_3_4: update from 3.4.79 to 3.4.80
2014-02-14 16:55:44 +02:00
Evgeny Egorochkin
69f4bdac6e
linux: add git repository and branch meta
2014-02-14 10:45:36 +02:00
Peter Simons
869402ef22
lxc: update from 1.0.0.beta2 to 1.0.0.beta4
2014-02-13 23:22:16 +01:00
Karn Kallio
b2f9e1d4f7
nvidia-x11: bump version and add patch for kernel 3.13
2014-02-12 11:08:28 +01:00
Vladimír Čunát
dfdf164f87
Merge master into x-updates
...
Conflicts (trivial):
pkgs/games/spring/default.nix
2014-02-10 19:15:58 +01:00
Cillian de Róiste
00b1461e4f
ATI-driver: the hash has changed, reported by: @ikervagyok
2014-02-10 16:42:02 +01:00
Ricardo M. Correia
b31547654d
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.54-201401191012 -> 3.0-3.2.54-201402062221
test: 3.0-3.12.8-201401191015 -> 3.0-3.13.2-201402062224
2014-02-08 16:16:58 +01:00
Ricardo M. Correia
31fa2cd52b
grsecurity: Fix building grsec-3.x.0 kernels
2014-02-08 15:16:40 +00:00
Vladimír Čunát
24029ec478
linux: minor updates 3.12.10, 3.10.29, 3.4.79
2014-02-08 11:54:16 +01:00
Vladimír Čunát
9b69117fec
Merge master into x-updates
2014-02-08 09:12:51 +01:00
Vladimir Still
d3979b659c
perf: Make build fix for 3.13 cleaner.
2014-02-07 22:53:55 +01:00
Vladimir Still
70e4f8f928
perf: Allow proceeding in build even if patch fails.
...
Patching fails for linux 3.13 but it builds OK.
2014-02-07 18:16:24 +01:00
Mathijs Kwik
896ae598d1
Merge pull request #1698 from wkennington/master.kernel
...
kernel: Upgrade from 3.13.1 -> 3.13.2
2014-02-07 06:42:53 +01:00
Corey O'Connor
7a653e5156
add guvcview package
2014-02-07 00:01:40 +00:00
William A. Kennington III
346bfc28ea
kernel: Upgrade from 3.13.1 -> 3.13.2
2014-02-06 16:30:40 -06:00
Jaka Hudoklin
ae9c22df3f
systemd: enable journal http gateway by adding libmicrohttp
2014-02-06 16:18:25 +01:00
Jaka Hudoklin
09dd6a64fc
systemd: add optional python support
2014-02-06 16:18:24 +01:00
Vladimír Čunát
be70104a3a
Merge master into x-updates
...
Conflicts (taken master):
pkgs/development/compilers/llvm/3.4/llvm.nix
2014-02-04 22:00:09 +01:00
Evgeny Egorochkin
832324d5eb
lm_sensors: update from 3.3.4 to 3.3.5
2014-02-04 21:58:25 +02:00
Vladimír Čunát
cbba3f90da
re-merge #1618 : use ubuntu module blacklists by default
...
I'm sorry, previously I merged an outdated reference,
so only the old version of the PR got into master up to now.
2014-02-04 18:02:19 +01:00
Shea Levy
608cee44cc
kmod: bump
...
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-02-03 18:42:04 -05:00
Michael Raskin
ba4461f96f
Fix wvdial build by inserting missing unistd.h includes
2014-02-02 19:21:08 +04:00
Vladimír Čunát
b5a32b3944
Merge #1618 : use ubuntu module blacklists by default
2014-02-02 15:51:07 +01:00
Vladimír Čunát
6e2d3b9847
Merge master into x-updates
2014-02-02 10:05:25 +01:00
Vladimír Čunát
80f8b2cfbd
kmod-blacklist-ubuntu: fix references to binaries
2014-02-02 09:45:59 +01:00
Vladimír Čunát
22690a8cd5
kmod-blacklist-ubuntu: fetch from tar.gz, not bazaar
...
Now the source is just a miniature archive.
2014-02-02 09:41:11 +01:00
William A. Kennington III
f9f065a178
kernel: Upgrade from 3.13.0 -> 3.13.1
2014-01-31 15:28:50 -06:00
Eelco Dolstra
b913a2eb81
linux: Update to 3.4.78
2014-01-31 18:00:13 +01:00
Domen Kožar
aa595f3cf1
Merge pull request #1628 from tomberek/alienfx_libusb
...
Add #include <unisted.h> for sleep and usleep
2014-01-29 08:57:20 -08:00
Petr Rockai
4124bb9ff5
Adopt more packages.
2014-01-28 18:11:00 +01:00
Vladimír Čunát
908ce109f9
Merge master into x-updates (the binutils change)
2014-01-28 18:00:29 +01:00
Petr Rockai
6f5be260b4
Adopt packages.
2014-01-28 17:31:17 +01:00
Vladimír Čunát
5acaa980a5
pull module blacklist from Ubuntu and use it by default
...
People often have serious problems due to bogus modules like *fb.
2014-01-28 12:52:36 +01:00
Vladimír Čunát
9739171cd4
Merge pull request #1567 from wizeman/u/grsec-upd-and-fix
...
grsecurity: Fix build and update patches
2014-01-28 03:41:05 -08:00
Vladimír Čunát
69b4bef3f3
Merge master into x-updates
2014-01-28 02:32:27 +01:00
Eelco Dolstra
1348aa5c42
rfkill: Update to 0.5
2014-01-27 17:58:25 +01:00
Vladimír Čunát
a9caafa0ea
linux kernel updates to 3.4.77, 3.10.28 and 3.12.9
...
I tested they still build on x86_64.
2014-01-26 17:07:31 +01:00
William A. Kennington III
8bc7c9f66d
linux: Update from 3.12.7 -> 3.12.8
2014-01-26 15:48:18 +01:00
William A. Kennington III
c47dc47083
linux: Update from 3.10.25 -> 3.10.27
2014-01-26 15:48:05 +01:00
Domen Kožar
a7d0a53d9e
merge
2014-01-26 09:58:47 +01:00
Vladimír Čunát
5fb366d1e5
xorg: move nouveau driver here, some updates of modules
...
It seems that most of the modules is rarely used, but still.
Some of the updated modules don't build, just as they didn't before.
2014-01-26 09:03:01 +01:00
Domen Kožar
e505c8927d
upower: add gobject introspection
2014-01-26 00:15:05 +01:00
Peter Simons
58f1520726
lxc: update from 1.0.0.beta1 to 1.0.0.beta2
2014-01-25 20:58:49 +01:00
Thomas Bereknyei
c17e6d6968
Add #include <unisted.h> for sleep and usleep
2014-01-25 13:46:48 -05:00
Petr Rockai
28f0ec6540
linux-perf: Fix build (unportable shell hack broke).
2014-01-25 16:30:14 +01:00
Vladimír Čunát
83b354e4f9
linuxHeaders: add meta, incl. platforms = linux;
...
Noted by @mornfall. The built package has ~5 MB uncompressed,
but just the Linux tarball has ~40 MB compressed...
2014-01-25 15:35:52 +01:00
Jaka Hudoklin
e0000f8ad1
ati-drivers: update to 13.12 ( close #1569 )
...
This update is mostly effort from @MarcWeber and @vcunat, now tested on real
hardware making sure it works with multiple GPUs and opencl.
2014-01-23 12:11:28 +01:00
Shea Levy
ca116f76f9
Unmaintain a bunch of packages
...
Trying to take maintainership more seriously...
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-21 22:34:41 -05:00
Shea Levy
cb9cc87a39
kernel.passthru: Don't include meta to be consistent with stdenv.mkDerivation
...
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-21 21:12:58 -05:00
Shea Levy
fd999ed570
Linux: Set passthru attr to contain full passthru
...
This fixes #1566 , thanks @wizeman
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-21 21:06:27 -05:00
Ricardo M. Correia
aeda8d63b9
grsecurity: Update stable and test patches
...
stable: 3.0-3.2.53-201312021727 -> 3.0-3.2.54-201401191012
test: 3.0-3.12.2-201312021733 -> 3.0-3.12.8-201401191015
2014-01-22 02:14:35 +01:00
Shea Levy
d18bc25b95
Rename linuxManualConfig to buildLinux
...
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-21 20:05:55 -05:00
Vladimír Čunát
ac6761c908
Merge master into stdenv-updates
...
Conflicts:
pkgs/applications/version-management/gource/default.nix
pkgs/top-level/all-packages.nix
2014-01-20 19:39:28 +01:00
Shea Levy
3ae5e801a5
Linux 3.13
...
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-19 22:35:24 -05:00
Ricardo M. Correia
84f35a7cc1
libaio: Fix download URL
2014-01-18 15:24:42 +00:00
Vladimír Čunát
0a58b512cb
Merge master into stdenv-updates
...
Conflicts (simple):
pkgs/development/compilers/gcc/4.8/default.nix
pkgs/development/compilers/llvm/default.nix
pkgs/development/libraries/gmp/5.1.1.nix
pkgs/development/libraries/gmp/5.1.3.nix
pkgs/development/libraries/gmp/5.1.x.nix
pkgs/top-level/all-packages.nix
2014-01-18 14:46:20 +01:00
Ricardo M. Correia
acaadd9d2a
linux: Update to 3.2.54 and 3.12.7 ( close #1527 )
2014-01-15 20:05:53 +01:00
Shea Levy
e5c34ddb55
Add platforms for kmscon
...
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-15 08:17:19 -05:00
Eelco Dolstra
03ad7a081c
linux: Update to 3.4.76
2014-01-15 10:55:53 +01:00
Shea Levy
b6a1673308
kmscon: Build man pages
...
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-15 01:13:45 -05:00
Shea Levy
446c144b1a
Add kmscon, a kms-based replacement for kernel VTs
...
Note that currently this depends on the default nixpkgs mesa and pango.
It may be possible to build more limited versions that don't e.g. depend
on the full X stack without limiting kmscon (which of course doesn't use
X).
Depends on libtsm, added in the same commit.
Signed-off-by: Shea Levy <shea@shealevy.com>
2014-01-15 00:58:46 -05:00
Vladimír Čunát
a2c316288c
Merge master into stdenv-updates
...
Conflicts:
pkgs/development/lisp-modules/stumpwm/default.nix (auto-solved)
pkgs/top-level/all-packages.nix (trivial)
2014-01-12 12:29:24 +01:00
Domen Kožar
bc6e2e9c36
remove pointless passthru meta
2014-01-10 01:45:35 +01:00
Nixpkgs Monitor
a5882db800
cryptsetup: update from 1.6.2 to 1.6.3
2014-01-08 18:49:49 +01:00