Commit Graph

26438 Commits

Author SHA1 Message Date
aszlig
c06c636604
chromium: Add patch for user namespace sandboxing.
This patch adds support for unprivileged user namespaces found in kernel
versions 3.8.0 and later. In case of Nix, this is especially useful to prevent
having to set up setuid wrappers.

The implementation details about this patch can be found at the top of the file
"sandbox_userns.patch". My first attempt of creating this patch was by modifying
the SUID sandbox. Unfortunately this didn't work out well, because in the event
of a sandbox failure, the host zygote process waits for an answer of the inner
zygote with no timeout. Even if I'd have set a timeout, this would have been
very ugly, giving users which don't have unprivileged user namespaces a delay on
startup.

An alternative approach to the mentioned problem would be to use select() on the
host zygote, watching for changes stdout or stderr and the synchronization
socket. But even that approach isn't feasible because it requires a whole bunch
of even more patching.

Patch was tested with older kernels (3.2.x, 3.7.x) and kernels without user
namespace support enabled, where in case the feature is unavailable it reverts
back to the previous behaviour (no zygote sandbox, only seccomp BPF).

In order to support all Chromium channels, I manually changed the first hunk of
the patch to not include the starting context of the diff, because there is a
whitespace change in more recent versions of the Chromium source tree.

See SVN revision 199882 for the change (revert in this case) in detail:

http://src.chromium.org/viewvc/chrome?view=revision&revision=199882

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-05-16 21:03:07 +02:00
aszlig
1aa68dd29f
uqm: Include optional support for 3DO videos.
This is optional because you have to have an image of a Star Control II 3DO CD
image. I decided to hack together a small OperaFS (that's the proprietary
filesystem used with 3DO CD-ROMs) file extractor, which should possibly make
it as painless as possible to include those videos.

It may be a good idea to split off the haskell package into another attribute
set (possibly haskellPackages?), but I really don't think there is a need for
that, because it's really just UQM and 3DO specific.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-05-16 21:03:07 +02:00
aszlig
0353c8225a
chromium: Don't repeat full paths in installPhase.
This is no feature change and only makes the installPhase look nicer and it now
doesn't exceed 80 characters in width anymore.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-05-16 21:03:07 +02:00
aszlig
3fec0fed02
chromium: Update beta and dev channels.
This updates the following channels to the latest upstream versions:

beta: 27.0.1453.65 -> 27.0.1453.81 (builds fine, tested)
dev:  28.0.1485.0  -> 28.0.1500.5  (builds fine, tested)

For version 28, the reference to /usr/bin/gcc is now located in
third_party/WebKit/Source/core/core.gypi instead of the previous
third_party/WebKit/Source/core/core.gyp/core.gyp.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2013-05-16 21:03:06 +02:00
Domen Kozar
0c4362445f almir: bump to 0.1.8 2013-05-16 20:18:02 +02:00
Sander van der Burg
9faa4f4b7b Added async-0.2.8 nodejs package 2013-05-16 18:18:36 +02:00
Peter Simons
187fdf7240 haskell-graphviz: jailbreak to support recent version of polyparse 2013-05-16 13:45:38 +02:00
Peter Simons
9796b43989 haskell-wai-app-static: update to version 1.3.1.3 2013-05-16 13:40:36 +02:00
Peter Simons
77724cdd5f haskell-uu-parsinglib: update to version 2.8.1 2013-05-16 13:40:36 +02:00
Peter Simons
8eb93a7dbf haskell-stm-chans: update to version 2.0.0 2013-05-16 13:40:36 +02:00
Peter Simons
adf10a6d28 haskell-snap: update to version 0.12.0 2013-05-16 13:40:36 +02:00
Peter Simons
89c80be53c haskell-polyparse: update to version 1.9 2013-05-16 13:40:36 +02:00
Peter Simons
09a86e216e haskell-io-choice: update to version 0.0.4 2013-05-16 13:40:35 +02:00
Peter Simons
b0b1b606dc haskell-hs-bibutils: update to version 4.17.1 2013-05-16 13:40:35 +02:00
Peter Simons
87d2cbeb19 haskell-heist: update to version 0.12.0 2013-05-16 13:40:35 +02:00
Peter Simons
59f4b266d8 haskell-haxr: update to version 3000.9.2.1 2013-05-16 13:40:35 +02:00
Peter Simons
5a9d8abf21 haskell-digestive-functors-heist: jailbrak to fix build with recent version of heist 2013-05-16 13:40:35 +02:00
Peter Simons
8cbc3906a3 haskell-HaXml: update to version 1.24 2013-05-16 13:40:35 +02:00
Peter Simons
0163789e02 haskell-ChasingBottoms: update to version 1.3.0.6 2013-05-16 13:40:35 +02:00
Peter Simons
5057310d07 haskell-lenses: add version 0.1.6 2013-05-16 13:40:34 +02:00
Peter Simons
d3963dbebf haskell-uu-options: add version 0.1.0.0 2013-05-16 13:40:34 +02:00
Peter Simons
f191a6eddf haskell-uu-interleaved: add version 0.1.0.0 2013-05-16 13:22:23 +02:00
Peter Simons
aa51bc57f8 haskell-aeson: disable test suite to avoid build error
See <https://github.com/bos/aeson/issues/122> for further detail.
2013-05-16 13:21:20 +02:00
Sander van der Burg
64e8c45576 Merge branch 'master' of github.com:NixOS/nixpkgs 2013-05-16 12:18:46 +02:00
Sander van der Burg
259b1f931f Added assert: Node.JS assert module and its dependencies 2013-05-16 12:18:23 +02:00
Domen Kožar
378d975b88 Merge pull request #505 from MarcWeber/submit/linux-3.8-dvb-support
without these two settings my USB dvb-t stick doesn't work
2013-05-16 03:16:23 -07:00
Sander van der Burg
098fb6d70d added mocha: simple, flexible, fun test framework for JavaScript and its dependencies 2013-05-16 11:49:21 +02:00
Domen Kozar
3745b458ab pg8000: fix url 2013-05-16 11:04:36 +02:00
Gergely Risko
51c69ea60e oracle jdk/jre: use requireFile instead of fetchurl (merge #537)
The user has to accept the EULA nowadays on the oracle website.
2013-05-16 10:58:08 +02:00
Gergely Risko
07b26ce493 fetchUrl: add curlOpts parameter (merge #535) 2013-05-16 10:45:16 +02:00
Domen Kozar
951f5be7d9 pg8000: upgrade to 1.09 to support postgresql 9.1/9.2 2013-05-16 10:05:39 +02:00
Domen Kozar
7bbe5823e8 let hydra mirror unfree firmware 2013-05-15 15:22:50 +02:00
Domen Kožar
d63523c769 Merge pull request #527 from qknight/firmware-linux-0.36-to-0.38
updated firmware-linux from 0.36-to-0.38
2013-05-15 06:17:45 -07:00
Domen Kožar
83747f519a Merge pull request #519 from offlinehacker/powerline2
Add powerline beta, libgit2 and pygit2
2013-05-15 06:17:23 -07:00
Eelco Dolstra
501833cf55 linux: Re-enable the memory resource controller
We accidentally lost this in Linux >= 3.5 because the kernel options
were renamed.  (Probably an argument for not using "?" in the kernel
config...)
2013-05-15 14:53:15 +02:00
Eelco Dolstra
d5c8f4cb60 cacert: Update to 20121229 2013-05-15 13:15:53 +02:00
Eelco Dolstra
e3c641b39a mercurial: Update to 2.6.1
Also, set a default for web.cacerts so that the system certificates on
NixOS are used.
2013-05-15 13:15:53 +02:00
Rob Vermaas
000fddd10e Fix hash for linux 3.2.45 2013-05-15 08:37:33 +00:00
Shea Levy
dd42dd480b runInLinuxImage: Fix derivation overriding.
This only ever worked because runInLinuxVM happened to call
overrideDerivation, which itself erroneously passed arbitrarily-added
attributes to the new call to derivation.

Hopefully this time Eelco won't have to revert my change ;)

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-15 01:15:16 -04:00
Shea Levy
03b6fe7422 Revert "Revert "overrideDerivation: Re-attatch passthru and meta to all outputs""
This reverts commit 18df66f466.

I will fix the breakage in upcoming commits.

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-15 00:39:17 -04:00
Shea Levy
05a02c639e Revert "Revert "Revert "Revert "overrideDerivation: Simplify""""
This reverts commit abf2d36773.

I will fix the breakage in upcoming commits.

Signed-off-by: Shea Levy <shea@shealevy.com>
2013-05-15 00:38:03 -04:00
David Guibert
880a386c57 update linux 3.2.45 2013-05-14 21:33:14 +02:00
Lluís Batlle i Rossell
44e99f41be Fixing 'my-env', when without cleanup. 2013-05-14 18:59:50 +02:00
Lluís Batlle i Rossell
48f97bdae0 Some kde wrapper improvements. 2013-05-14 18:51:24 +02:00
David Guibert
c887f9e932 update gnuplot to 4.6.0 2013-05-14 15:42:14 +02:00
Eelco Dolstra
ea919f29a9 hipchat: Fix desktop item 2013-05-14 14:30:15 +02:00
Eelco Dolstra
07d4f26be1 nvidia-x11: Update to 319.17 2013-05-14 13:47:30 +02:00
Eelco Dolstra
b9013993db git: Update to 1.8.2.3 2013-05-14 11:53:28 +02:00
Eelco Dolstra
2ce0e5ef4b mysql: Update to 5.1.69 2013-05-14 11:47:23 +02:00
Eelco Dolstra
602be839a4 mysql: Update to 5.5.31
CVE-2013-1502, CVE-2013-1511, CVE-2013-1532, CVE-2013-1544,
CVE-2013-2375, CVE-2013-2376, CVE-2013-2389, CVE-2013-2391,
CVE-2013-2392, maybe others.
2013-05-14 11:47:22 +02:00