Commit Graph

42188 Commits

Author SHA1 Message Date
Michael Raskin
e86e76e560 Adding sysdig system call tracer for Linux 2014-04-13 20:49:37 +04:00
宋文武
e9a8c8417f wildmidi: update to 0.3.6 2014-04-13 18:30:24 +02:00
Cillian de Róiste
83044b788c pytest: fix for py2.6 by adding argparse as an input 2014-04-13 17:21:33 +02:00
Oliver Charles
7f4afcda7e Merge pull request #2235 from bennofs/haskell-monad-extras
haskell: add monad-extras
2014-04-13 12:11:27 +01:00
Bjørn Forsman
6fa1ad04da nixos: extend documentation example for security.setuidOwners
Show that it is possible to set custom permission bits.
2014-04-13 12:31:08 +02:00
Roelof Wobben
0096bb677a new package: cinnamon-settings-daemon (close #2205)
With tiny changes from @vcunat.
2014-04-13 11:57:12 +02:00
Bjørn Forsman
6989b9a3f9 babeltrace: update from 1.1.1 to 1.2.1 2014-04-13 10:47:17 +02:00
Bjørn Forsman
d1f875c6af lttng project: update from 2.3.0 to 2.4.1
(And update liburcu to 0.8.4 according to release notes for lttng 2.4.x.)

In addition to new features and bug fixes, version 2.4.x is needed to build
against Linux 3.12 (our new stable kernel).
2014-04-13 10:47:16 +02:00
Benno Fünfstück
7fed418b24 haskell: add monad-extras 2014-04-13 10:19:30 +02:00
Austin Seipp
2661400d2a cgit: bump git version to 1.9.2
This also updates the download URL to use kernel.org

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 00:47:16 -05:00
Domen Kožar
399d7839ef Merge pull request #2233 from ertes/ertes-keepassx-split
keepassx: Renamed KeePassX 2.0 to keepassx2.
2014-04-13 05:15:56 +02:00
James Cook
21cb9c24f0 Patch python32 for CVE-2014-1912. 2014-04-13 05:15:19 +02:00
James Cook
324ade4658 Patch python27 for CVE-2014-1912. 2014-04-13 05:15:19 +02:00
Austin Seipp
a3155a0e2a nixos: add a UID for Hydra
Otherwise the Hydra module can't be used when mutableUsers = false;

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 21:20:18 -05:00
Ertugrul Söylemez
a0886ae024 keepassx: Renamed KeePassX 2.0 to keepassx2. 2014-04-13 03:28:20 +02:00
Domen Kožar
7e37e4b5ee Merge pull request #2184 from offlinehacker/pkgs/pythonPacakges/sqlalchemy-imageattach_darwin_fix
pythonPackages: sqlalchemy-imageattach, fix tests on darwin
2014-04-13 00:25:25 +02:00
Domen Kožar
1988bbd990 Merge pull request #2231 from jwiegley/master
Change several package constraints from linux to unix
2014-04-13 00:24:28 +02:00
John Wiegley
010132e302 Change several package constraints from linux to unix
They all build on Darwin.
2014-04-12 16:01:16 -05:00
Oliver Charles
d64fdccaa7 Merge pull request #2230 from bennofs/update-yi
haskell: update yi to 0.8.1
2014-04-12 21:56:25 +01:00
Benno Fünfstück
2fd160f027 haskell: update yi to 0.8.1 2014-04-12 20:33:15 +02:00
Vladimír Čunát
1ae918b0d2 gtk3: bugfix update 3.12.0 -> .1 2014-04-12 20:25:15 +02:00
Austin Seipp
64efd184ed grsecurity: Fix GRKERNSEC_PROC restrictions
Previously we were setting GRKERNSEC_PROC_USER y, which was a little bit
too strict. It doesn't allow a special group (e.g. the grsecurity group
users) to access /proc information - this requires
GRKERNSEC_PROC_USERGROUP y, and the two are mutually exclusive.

This was also not in line with the default automatic grsecurity
configuration - it actually defaults to USERGROUP (although it has a
default GID of 1001 instead of ours), not USER.

This introduces a new option restrictProcWithGroup - enabled by default
- which turns on GRKERNSEC_PROC_USERGROUP instead. It also turns off
restrictProc by default and makes sure both cannot be enabled.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 11:16:05 -05:00
John Wiegley
b296895abe Allow lsof to build on darwin (fixes #2219)
Closes #2219, closes #2223

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 11:14:18 -05:00
John Wiegley
c3efd1a3f7 Update httrack recipe
Closes #2222

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 10:55:01 -05:00
Michael Raskin
97982c4085 Update MDBTools Git version 2014-04-12 19:29:40 +04:00
John Wiegley
0ef3c47778 Add recipes for a few Haskell libraries 2014-04-12 10:22:37 -05:00
Oliver Charles
1b7a8e6f5b Merge pull request #2217 from bennofs/haskell-uri
Add uri haskell package
2014-04-12 16:09:46 +01:00
Oliver Charles
3f1af5f709 haskellPackages.bert: Update to 1.2.2.2 2014-04-12 16:06:35 +01:00
Oliver Charles
99d8ef0673 haskellPackages.snapCORS: New expression 2014-04-12 16:04:40 +01:00
Benno Fünfstück
796ea8ee11 haskell: add uri package 2014-04-12 16:59:29 +02:00
William A. Kennington III
4fea09ca4c google_api_python_client: Add package
Closes #2178

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 08:11:46 -05:00
Oliver Charles
9bf24c207f Merge pull request #2216 from aristidb/master
perl: Finance::Quote 1.29
2014-04-12 14:09:40 +01:00
Aristid Breitkreuz
c62b9e56f8 perl: Finance::Quote 1.29 2014-04-12 14:40:03 +02:00
Cillian de Róiste
6c1ac8159b oxygen_gtk: update from 1.4.4 to 1.4.5 2014-04-12 11:59:03 +02:00
Cillian de Róiste
02e693c400 synthv1: update from 0.4.0 to 0.4.1 2014-04-12 11:58:29 +02:00
Cillian de Róiste
440a174e2d samplv1: update from 0.4.0 to 0.4.1 2014-04-12 11:58:13 +02:00
Cillian de Róiste
aee930586f drumkv1: update from 0.4.0 to 0.4.1 2014-04-12 11:57:43 +02:00
Vladimír Čunát
83cb0354e9 clang_34: make it evaluate to 3.4 even on Darwin 2014-04-12 09:46:37 +02:00
Austin Seipp
172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Austin Seipp
cf24cf1184 capstone: attempt to fix Linux build, remove Darwin build
The Darwin build seems fixable but I can't test right now.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:41:14 -05:00
Austin Seipp
036a7708a2 libseccomp: attempt to fix Hydra build
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:37:19 -05:00
Austin Seipp
acd5a9d8b4 spiped: attempt to fix linux Hydra build
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:35:08 -05:00
Austin Seipp
71d7bec227 p0f: build fix attempt for Hydra
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:32:30 -05:00
Shea Levy
c47d3bb600 Merge branch 'revert-postgres-superuser'
The recent postgres superuser changes have caused a lot of breakages to
existing systems, and we are very close to branching for the 14.04
stable release. We can bring this back after.
2014-04-11 19:24:22 -04:00
Shea Levy
0122697550 Revert "Merge branch 'postgresql-user' of git://github.com/ocharles/nixpkgs"
Reverting postgres superuser changes until after stable.

This reverts commit 6cc0cc7ff6, reversing
changes made to 3c4be425db.
2014-04-11 19:23:03 -04:00
Shea Levy
9b077bac58 Revert "postgresql: properly fix permissions issue by in postStart"
Reverting postgres superuser changes until after stable.

This reverts commit c66be6378d.
2014-04-11 19:22:43 -04:00
Shea Levy
e9e60103de Revert "Create the 'postgres' superuser"
Reverting postgres superuser changes until after stable.

This reverts commit 7de29bd26f.
2014-04-11 19:22:39 -04:00
Shea Levy
c23050e231 Revert "Use PostgreSQL 9.3's pg_isready to wait for connectivity"
Reverting postgres superuser changes until after stable.

This reverts commit e206684110.
2014-04-11 19:21:50 -04:00
Mathijs Kwik
b21853f255 Fix initrd breaking by recent repeatable-builds changes
See the comments at f67015cae4
for more information.

Please note: this makes initrd unrepeatable again, but most people will prefer that above an unbootable system.
2014-04-12 00:06:30 +02:00
Mathijs Kwik
5a3fa7f88f nvidia-x11: patch for kernel 3.14 support 2014-04-11 23:40:16 +02:00