Commit Graph

91445 Commits

Author SHA1 Message Date
Joachim Fasting
bf538515b7
nixos/ids: remove static unbound uid 2016-09-15 15:37:20 +02:00
Joachim Fasting
5dc60051fa
unbound service: some pre-chroot isolation
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
2016-09-15 15:37:20 +02:00
Joachim Fasting
39f5182a30
unbound service: use auto-generated uid
1. The preStart script ensures consistent ownership, even if the unbound
   user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
   it, so it would not matter that a different service would end up
   owning its data (as long as unbound remains enabled, it should reclaim
   ownership soon enough anyway).

Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service.  This releases uid/gid 48.

Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
2016-09-15 15:37:19 +02:00
Joachim Fasting
0759e77dfd
unbound service: add reference to man:unbound.conf(8) 2016-09-15 15:37:19 +02:00
Joachim Fasting
52432ee63d
unbound service: non-blocking random in chroot
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
2016-09-15 15:37:19 +02:00
Joachim Fasting
7980523e00
unbound service: convenient handling of local forward addresses
do-not-query-localhost defaults to yes; with this patch, unbound is
configured to query localhost if any of the forward addresses are local.
2016-09-15 15:37:19 +02:00
Joachim F
fa787da36f Merge pull request #18606 from romildo/upd.greybird
Greybird: 2016-08-16 -> 2016-09-13
2016-09-15 14:53:12 +02:00
Shea Levy
bca7b782ae Merge branch 'bower2nix-3.1.1' of git://github.com/rvl/nixpkgs 2016-09-15 08:16:07 -04:00
Franz Pletz
a32281639e
php70: 7.0.10 -> 7.0.11 (security)
See https://secure.php.net/ChangeLog-7.php#7.0.11.
2016-09-15 13:57:32 +02:00
Joachim F
fbcb93852c Merge pull request #18047 from Nadrieril/ttrss
tt-rss service: Use nginx virtualhosts; improve config options
2016-09-15 13:37:20 +02:00
Joachim F
c571a7f221 Merge pull request #18500 from tvon/fix/gocd-server-options
gocd-server: add startupOptions, empty extraOptions
2016-09-15 13:24:48 +02:00
Joachim F
09646cc8a5 Merge pull request #18501 from tvon/update/gocd-server-16.9.0-4001
gocd-server: 16.7.0-3819 -> 16.9.0-4001
2016-09-15 13:17:17 +02:00
Joachim F
cbdad9b5e9 Merge pull request #18502 from tvon/update/gocd-agent-16.9.0-4001
gocd-agent: 16.7.0-3819 -> 16.9.0-4001
2016-09-15 13:17:06 +02:00
Sander van der Burg
4cbf2b88c2 Merge pull request #18591 from bendlas/update-androidenv
androidenv: update packages
2016-09-15 11:01:37 +02:00
Daiderd Jordan
fa507771ac Merge pull request #18577 from matthewbauer/mplayer-darwin
mplayer: fix on darwin
2016-09-15 09:32:03 +02:00
Sander van der Burg
36aad71e3c Merge pull request #18610 from siddharthist/emoj/init
emoj: init at 0.3.0
2016-09-15 09:26:21 +02:00
Peter Simons
fabd60a397 hackage-packages.nix: update Haskell package set
This update was generated by hackage2nix v2.0.1-10-gca03454 using the following inputs:

  - Hackage: 0aa5f8d505
  - LTS Haskell: b5ee848475
2016-09-15 09:12:08 +02:00
Peter Simons
9123a0452d haskell: drop obsolete LTS package set
The default 'haskellPackages' set now corresponds to the latest
available version of LTS 7.x.
2016-09-15 09:12:04 +02:00
Peter Simons
055a3e52c5 Switch the 'haskellPackages' attribute set to the latest version of LTS-7.x. 2016-09-15 09:12:04 +02:00
Peter Simons
f7133e4de6 haskell: define top-level attributes for LTS 6.x and 7.x
These attributes exist only for backwards compatibility with old
versions of Stack and will be removed altogether soon.
2016-09-15 09:12:04 +02:00
Peter Simons
6607b99168 haskell: port existing hardening overrides to use the new combinator 2016-09-15 09:12:03 +02:00
Peter Simons
97fd905823 haskell: add support for 'hardeningDisable' to the generic builder
We also have a new helper function 'disableHardening' to use in
overrides. Fixes https://github.com/NixOS/nixpkgs/issues/14820.
2016-09-15 09:12:03 +02:00
Peter Simons
aa1d424421 hackage-packages.nix: update Haskell package set
This update was generated by hackage2nix v2.0.1-9-g9d0fb31 using the following inputs:

  - Hackage: d68983aeb2
  - LTS Haskell: 36c0f4fa5e
  - Stackage Nightly: 8b258a761d
2016-09-15 09:12:02 +02:00
Peter Simons
af1d6e503e configuration-hackage2nix.yaml: make sure some old (but required) packages remain available
The switch to LTS 7.x has made many older versions obsolete and so they
are no longer included in our package set by default:

 - aeson-pretty 0.7.x
 - hoogle 4.x
 - persistent 2.2
 - persistent-sqlite 2.2
 - persistent-template 2.1
2016-09-15 09:11:04 +02:00
Benjamin Staffin
7bcbdb7885 Merge pull request #18620 from benley/openssh-gssapi-patch-once-again
openssh: update gssapi patch, fix the build
2016-09-15 01:03:54 -04:00
Benjamin Staffin
43dcb662e7 openssh: update gssapi patch, fix the build 2016-09-14 23:35:26 -04:00
Rodney Lorrimar
131b8d4edb nodePackages.bower2nix: 3.0.1 -> 3.1.1 2016-09-15 01:28:37 +01:00
Rodney Lorrimar
952c477f90 nodePackages.bower2nix: Add back PATH wrapping
bower2nix and fetch-bower need git in the PATH to operate. This wrapping
got lost with the nodePackages updates.

(Fixes #18454)
2016-09-15 01:28:36 +01:00
Chris Martin
56904d7c42 Update libtiff URLs (#18611)
* libtiff: remove dead source url

* libgeotiff: update url
2016-09-15 00:31:32 +01:00
Langston Barrett
a1b7d21318 emoj: init at 0.3.0 2016-09-14 23:19:17 +00:00
José Romildo Malaquias
cb948d5b5c Greybird: 2016-08-16 -> 2016-09-13 2016-09-14 18:31:56 -03:00
Thomas Tuegel
7b65daaab4 Merge pull request #18602 from bendlas/update-emacs-packages
emacs-modes: add upstream tramp
2016-09-14 16:10:59 -05:00
Herwig Hochleitner
a4cbd69ef0 emacs-modes: add upstream tramp
this fixes http://emacs.stackexchange.com/questions/21026/tramp-recreates-dev-null-as-a-regular-file
2016-09-14 21:39:02 +02:00
Daiderd Jordan
5ea6d5fa72 Merge pull request #18546 from LnL7/darwin-go-1.7
go: fix darwin build
2016-09-14 21:07:58 +02:00
Daiderd Jordan
db7adbf69c
go: fix darwin build 2016-09-14 21:00:13 +02:00
Daiderd Jordan
4d25b23d26 Merge pull request #18516 from offlinehacker/pkgs/go/1.7.1
go_1_7: 1.7 -> 1.7.1
2016-09-14 20:54:40 +02:00
Matthew Bauer
85f2c3ebc9
mplayer: fix on darwin 2016-09-14 12:51:47 -05:00
Rushmore Mushambi
3ed019123e Merge pull request #18595 from rushmorem/lizardfs-update
lizardfs: 3.10.0 -> 3.10.2
2016-09-14 19:48:08 +02:00
Matthew O'Gorman
6a01fc2b7c mosquitto: add websockets support. 2016-09-14 19:34:14 +02:00
Vladimír Čunát
92f0d709e9 libmaxminddb: init at 1.2.0 2016-09-14 19:25:29 +02:00
rushmorem
c34d83eb36 lizardfs: 3.10.0 -> 3.10.2 2016-09-14 19:24:33 +02:00
Thomas Tuegel
314cc36d47 Merge pull request #18588 from bendlas/update-dropbox-master
dropbox: 9.4.49 -> 10.4.25 [master]
2016-09-14 12:20:58 -05:00
Vincent Laporte
38c143abe2 ocaml-qtest: 2.0.1 -> 2.2 2016-09-14 19:04:58 +02:00
Frederik Rietdijk
8f2629aab6 Merge pull request #18587 from bendlas/update-pypy
pypy: 5.4.0 -> 5.4.1
2016-09-14 19:01:48 +02:00
Herwig Hochleitner
685786b7d7 androidenv: update packages
build-tools      25.1.7 -> 25.2.2
sdk-tools        23.0.1 -> 24.0.2
platform-tools   24 -> 24.0.2
2016-09-14 18:31:22 +02:00
Herwig Hochleitner
85fdf8665f dropbox: 9.4.49 -> 10.4.25 2016-09-14 18:18:45 +02:00
Herwig Hochleitner
1172c6be9b pypy: 5.4.0 -> 5.4.1 2016-09-14 18:11:17 +02:00
Joachim F
068106cf6a Merge pull request #18571 from peterhoeg/wp-cli
wp-cli: 0.23.1 -> 0.24.1
2016-09-14 17:56:03 +02:00
Lancelot SIX
28d286ac4b Merge pull request #18562 from taku0/flashplayer-11.2.202.635
flashplayer: 11.2.202.632 -> 11.2.202.635
2016-09-14 17:19:08 +02:00
Eelco Dolstra
32d00f50ec Merge pull request #18573 from peterhoeg/systemd_user_cfg
systemd: support setting defaults for user instances
2016-09-14 13:39:57 +02:00