Zotero breaks every time firefox is updated (about every six weeks). It
is always fixed with the next zotero update, but that can take weeks.
Sometimes, upstream even skips firefox releases. This will stop zotero
breaking every time.
This update is necessary due to API changes in libtoxcore. Sad to say that
the recent stable version doesn't work with our libtoxcore. We need to
update to the recent dev version.
As from now qtox depends on openalSoft instead of openal. This is due to
incompatibilities between those to two implementations. Anyway, this
should be okay because their official debian package depends on
openalSoft as well.
goffice is also updated. goffice is maintained by the gnumeric people
and released in sync with gnumeric. gnumeric 1.12.x corresponds to
goffice 0.10.x.
With hardening, we need to go a bit further rather than just allowing
/nix/store being world-writable. We now use fakeroot to make sure the
VBoxExtPackHelperApp won't moan that the files are not owned by root.
They are, but only outside of the chrooted build process.
Another issue with using fakeroot is that it doesn't seem to cope well
with arguments that contain spaces. That's why I've piped the call into
${stdenv.shell}.
Now, the really gory and confusing part is the introduction of
VBOX_PATH_APP_PRIVATE_ARCH_TOP and the change of VBOX_PATH_APP_PRIVATE.
The VBOX_PATH_APP_PRIVATE_ARCH is *only* for modules and is checked by
the hardened implementation against whether things like VMMR0.r0 or
VBoxVMM.so reside in that directory. As a side note: I admit that the
whole libexec directory is quite polluted with stuff that shouldn't be
there, but for now we've broken enough things and will tear apart the
whole structure at some day in the future[TM].
For the confusing part we have VBOX_PATH_APP_PRIVATE_ARCH_TOP, which
_should_ be the same as VBOX_PATH_APP_PRIVATE_ARCH but unfortunately,
the hardened implementation is checking against this directory (in
IsValidBaseDir) for the extension pack(why!?).
Of course, we could put even that into the libexec directory, somewhat
similar as the official package, but after all, let's at least *try* to
separate things.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We are already checking whether /nix/store has the sticky bit set, so if
it is world-writable as well it doesn't mean that the actual store path
is writable. Let alone the fact that it is only writable during the
build process.
This should fix installing the extension pack when enableExtensionPack
is used.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>