The grsec patch fails to apply cleanly when combined with the hiddev CVE patch
(added in dde259dfb5). To fix this and future
problems, we set all our patches explicitly rather than inherit from the base
kernel.
Fixes#14137, also known as:
$ nix-shell -p jenkins
bash: source: /nix/store/ln1yw6c2v8bb2cjqfr1z5aqcssw054wa-jenkins-2.3:
cannot execute binary file
[nix-shell exited with error]
The problem is that jenkins.war is not installed inside the directory
$out, but rather _as the file_ $out. Fix it by moving the file to
$out/lib/jenkins.war.
While at it, move buildCommand so that the "meta" section is at the end
of the expression (standard style), and quote shell variables.
Fixes issue with virt-manager failing to list 'USB Host Devices' and
'PCI Host Devices' with the error "Connection does not support host
device enumeration".
downloads.sourceforge.net is the official way to download tarballs from
SourceForge. However, it is reported as unreliable due to SF's weird
load balancing system.
This commit gives the official mirror utmost priority, and will use
other configured mirrors (which may be temporary) as a fallback only
when the official one can't be reached/download fails/hangs.
References: NixOs/nixpkgs#16900
This update was generated by hackage2nix v2.0-4-gb156b94 using the following inputs:
- Hackage: 5bb0a1b20f
- LTS Haskell: a5a99cf176
- Stackage Nightly: 3664752ea8
systemd[11376]: caddy.service: Failed at step EXEC spawning /nix/store/ghpcwj6paccc92l1gk7ykb6gf2i2w6fi-go1.6-caddy-0.8.3/bin/caddy: No such file or directory
If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:
fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group or world-writable.
The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.