nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-01-18 19:03:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
ef553788d0
nixpkgs/pkgs/servers
History
aszlig ef553788d0
postgresql: Move socket dir to /run/postgresql 
The default, which is /tmp, has a few issues associated with it:

One being that it makes it easy for users on the system to spoof a
PostgreSQL server if it's not running, causing applications to connect
to their provided sockets instead of just failing to connect.

Another one is that it makes sandboxing of PostgreSQL and other services
unnecessarily difficult. This is already the case if only PrivateTmp is
used in a systemd service, so in order for such a service to be able to
connect to PostgreSQL, a bind mount needs to be done from /tmp to some
other path, so the service can access it. This pretty much defeats the
whole purpose of PrivateTmp.

We regularily run into issues with this in the past already (one example
would be https://github.com/NixOS/nixpkgs/pull/24317) and with the new
systemd-confinement mode upcoming in
https://github.com/NixOS/nixpkgs/pull/57519, it makes it even more
tedious to sandbox services.

I've tested this change against all the postgresql NixOS VM tests and
they still succeed and I also grepped through the source tree to replace
other occasions where we might have /tmp hardcoded. Luckily there were
very few occasions.

Signed-off-by: aszlig <aszlig@nix.build>
Cc: @ocharles, @thoughtpolice, @danbst
2019-03-15 04:52:35 +01:00
..
amqp rabbitmq-server: 3.7.11 -> 3.7.12 2019-03-03 20:47:08 +01:00
apache-kafka kafka: Add 2.1 2018-12-05 00:06:07 +00:00
apcupsd treewide: replace utillinux refs of {u,}mount 2018-03-27 18:17:46 -05:00
asterisk tree-wide: fix all revs of fetchsvn 2018-11-08 05:29:47 +00:00
atlassian Merge pull request #56454 from mayflower/crowd-update 2019-02-27 13:47:49 +00:00
beanstalkd
bird bird, bird6: 1.6.3 -> 1.6.6 2019-03-07 11:37:24 +01:00
brickd
caddy caddy: 0.11.1 -> 0.11.4 (#56214) 2019-02-24 01:40:00 +01:00
cayley
clickhouse clickhouse: link to libLLVM rather than to individual LLVM libs 2019-01-06 16:59:47 +00:00
cloud-print-connector Replace platforms.linux with platforms.darwin for expressions that compile on darwin too (too restrictive platforms) 2019-02-18 10:56:58 +01:00
computing slurm: 18.08.4.1 -> 18.08.5.2 2019-02-03 15:44:10 -08:00
confluent confluent: init at 4.1.1-2.11 (#43137) 2018-08-01 21:35:42 +02:00
consul consul: 1.4.1 -> 1.4.2 (#56854) 2019-03-05 13:35:22 +02:00
corosync treewide: remove wkennington as maintainer 2019-01-26 10:05:32 +00:00
coturn coturn: 4.5.1.0 -> 4.5.1.1 2019-03-10 13:17:16 +01:00
couchpotato
dante dante: add extra build inputs 2018-04-26 13:57:11 +03:00
dex
dgraph
dico Treewide: use HTTPS on GNU domains 2018-12-02 15:51:59 +01:00
dict dict: fix datadir path 2019-02-14 11:56:35 -07:00
diod diod: fix build 2019-02-17 12:07:22 +01:00
dns knot-dns: 2.7.6 -> 2.8.0 2019-03-06 19:19:13 +01:00
echoip echoip: init at unstable-2018-11-20 2018-11-27 11:25:34 -05:00
elasticmq
emby nixos/emby : delete programData hardcode in pkg 2018-10-08 14:51:49 +02:00
etcd pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
exhibitor pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
fcgiwrap fcgiwrap: don't error on implicit fallthrough 2018-03-11 15:58:26 +01:00
felix
fingerd/bsd-fingerd bsd_fingerd: add license 2018-08-30 22:29:17 +02:00
firebird pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
foswiki treewide: remove aliases evaluated to null 2018-12-14 16:27:53 +00:00
foundationdb foundationdb60: 6.0.17 -> 6.0.18 2019-02-12 23:03:25 -06:00
freeradius freeradius: add rest module and multiple outputs 2018-08-01 22:24:47 +02:00
ftp vsftpd: compile with OpenSSL for SSL support 2018-12-06 17:53:53 +08:00
gnatsd gnatsd: 1.2.0 -> 1.4.0 2019-01-16 17:02:21 -08:00
gopher/gofish
gotty pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
gpm treewide: remove wkennington as maintainer 2019-01-26 10:05:32 +00:00
gpsd treewide: use scons setup hook 2018-11-13 19:14:10 -06:00
h2 pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
hbase pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
headphones headphones: init at 0.5.19 2018-09-16 21:48:18 +02:00
hitch hitch: 1.4.8 -> 1.5.0 2018-12-25 17:18:02 -08:00
holochain-go Add: GoEndian dependancy 2018-07-06 14:00:22 +01:00
home-assistant home-assistant: 0.89.1 -> 0.89.2 2019-03-14 00:52:17 +01:00
http nginx: add http subs filter module (#56546) 2019-03-13 02:16:40 +02:00
hydron hydron: 2018-09-25 -> 2018-10-08 2018-12-06 11:41:59 -06:00
hylafaxplus hylafaxplus: 5.6.0 -> 5.6.1 (#47045) 2018-09-22 18:25:44 +02:00
icecast icecast: 2.4.3 -> 2.4.4 2018-11-01 21:48:22 +01:00
icingaweb2 icingaweb2Modules: Init all themes I could find 2019-02-17 20:42:42 +01:00
identd oidentd: 2.3.1 -> 2.3.2 2019-01-17 08:08:05 +00:00
interlock pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
irc charybdis: 4.1 -> 4.1.1 2018-08-24 12:54:44 -07:00
irker irker: cleanup manual setting of XML_CATALOG_FILES, no longer needed 2018-01-02 22:40:39 +01:00
isso isso: 0.11.1 -> 0.12.2 2019-01-28 06:10:07 -08:00
jackett jackett: 0.10.707 -> 0.10.846 (#56709) 2019-03-07 23:27:02 +01:00
jetbrains youtrack: 2018.1.41051 -> 2018.2.44329 2018-08-09 21:46:21 +03:00
kippo kippo: mark as broken 2018-09-13 00:58:57 +02:00
kwakd
ldap/389 treewide: remove wkennington as maintainer 2019-01-26 10:05:32 +00:00
lidarr lidarr: 0.4.0.524 -> 0.5.0.583 2018-12-15 05:30:43 -08:00
limesurvey
livepeer treewide: http -> https 2018-07-19 18:12:04 -07:00
mail exim: Fix build with LDAP (#56058) 2019-03-12 15:28:53 -04:00
matrix-synapse matrix-synapse: 0.99.1.1 -> 0.99.2 2019-03-01 20:34:57 +01:00
matterbridge matterbridge: 1.7.1 -> 1.11.0 2018-08-06 12:25:25 +02:00
mattermost mattermost: 5.4.0 -> 5.7.1 2019-02-08 14:26:37 -08:00
mautrix-telegram mautrix-telegram: init at 0.4.0.post1 2019-01-31 09:55:55 +01:00
mautrix-whatsapp mautrix-whatsapp: init at 2019-02-11 (#56054) 2019-02-20 01:05:08 +00:00
mediatomb
meguca meguca: 2018-08-13 -> 2018-12-06 2018-12-06 11:45:45 -06:00
memcached memcached: fix cross-compiling 2018-12-12 00:58:29 +00:00
mesos-dns pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
metabase metabase: 0.30.3 -> 0.30.4 2018-10-14 04:31:34 -07:00
meteor treewide: use runtimeShell instead of stdenv.shell whenever possible 2019-02-26 14:10:49 +00:00
miniflux miniflux: 2.0.13 -> 2.0.14 2019-01-23 01:52:12 +02:00
minio minio: 2019-01-31 -> 2019-02-26 (#56475) 2019-02-28 16:26:11 +01:00
mirrorbits pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
misc Revert "Remove maintainership" 2019-02-20 19:57:34 +01:00
monitoring cadvisor: export GOCACHE in the buildPhase 2019-03-11 09:59:19 -07:00
mpd mpd: 0.20.21 -> 0.20.23 2018-12-01 01:31:45 +00:00
mqtt/mosquitto mosquitto: 1.5.5 -> 1.5.8 and add systemd support 2019-03-01 18:53:45 +08:00
mxisd mxisd: init at 1.2.0 2018-11-16 16:43:29 +01:00
nas treewide/xorg: replace *proto with xorgproto 2019-01-04 14:38:57 +01:00
nats-streaming-server nats-streaming-server: 0.11.0 -> 0.11.2 2019-01-16 16:57:52 -08:00
neard neard: 0.15-post-git-20510929 -> 0.16 2017-12-05 22:05:59 +00:00
news/leafnode treewide: Make configureFlags lists 2018-08-03 17:06:03 -04:00
nextcloud nextcloud: 15.0.4 -> 15.0.5 2019-03-02 02:18:56 +01:00
nginx-sso nginx-sso: 0.15.1 -> 0.16.0 2019-02-24 23:17:16 +01:00
nosql apache-jena-fuseki: 3.9.0 -> 3.10.0 2019-03-02 08:14:48 -08:00
nsq pkgs/*: remove unreferenced function arguments 2018-07-21 02:48:04 +00:00
oauth2_proxy oauth2_proxy: 20160120 -> 20180325 2018-04-12 17:47:00 +02:00
openafs openafs: Add support for Linux 5.0 to openafs_1_8 (#56859) 2019-03-07 13:34:16 -05:00
openxpki treewide: remove aliases evaluated to null 2018-12-14 16:27:53 +00:00
osrm-backend osrm-backend: 5.21.0 -> 5.22.0 2019-02-04 13:27:02 -08:00
p910nd Treewide: use HTTPS on SourceForge 2018-12-02 15:33:08 +01:00
pies Treewide: use HTTPS on GNU domains 2018-12-02 15:51:59 +01:00
plex plex: move defaults to package file 2019-02-03 15:33:23 +00:00
polipo polipo: mark as vulnerable (close #33709) 2018-02-08 18:50:41 +01:00
prayer prayer: use correct include directory for c-client aka uwimap 2017-12-10 12:12:46 +01:00
ps3netsrv
pulseaudio treewide: remove wkennington as maintainer 2019-01-26 10:05:32 +00:00
quagga Treewide: use HTTPS on NonGNU domains 2018-12-02 15:21:04 +01:00
radarr radarr: 0.2.0.1217 -> 0.2.0.1293 2019-02-09 10:37:42 +01:00
radicale radicale: 2.1.10 -> 2.1.11 2018-11-06 11:11:10 +01:00
rainloop rainloop: Init at 1.12.1 2018-08-07 19:01:39 +02:00
rippled rippled: 0.30.0-rc1 -> 1.2.0 2019-02-15 09:44:55 +01:00
roundcube roundcube: add withPlugins function 2019-02-08 13:35:09 +00:00
rpcbind rpcbind: switch to upstream git repo, drop patch 2018-08-31 00:04:15 +02:00
rt rt: 4.4.2 -> 4.4.3 (#44685) 2018-08-08 15:33:41 +02:00
sabnzbd sabnzbd: 2.3.3 -> 2.3.7 2019-02-17 16:21:16 +01:00
samba samba: 4.7.10 -> 4.7.12 2019-02-24 02:36:41 -05:00
search groonga: 8.1.0 -> 8.1.1 2019-03-03 20:51:33 +01:00
serf
serviio Update license to unfree 2018-02-07 20:45:30 +01:00
shairplay shairplay: fix darwin build 2018-03-25 15:34:59 +02:00
shairport-sync shairport-sync: 3.2.1 -> 3.2.2 2018-10-24 15:23:05 +02:00
shellinabox
shishi treewide: remove wkennington as maintainer 2019-01-26 10:05:32 +00:00
sickbeard Merge pull request #55941 from rembo10/sickbeard 2019-02-17 09:01:18 -08:00
silc-server
simplehttp2server simplehttp2server: init at 3.1.3 2018-02-17 06:35:35 +07:00
sip freeswitch: remove helper script to reduce closure size 2019-02-12 13:53:27 -06:00
sks sks: Adapt the package to NixOS (pkgs.db provides only "db_stat") 2018-09-08 16:24:05 +02:00
skydns skydns: add license 2018-08-04 18:34:51 +02:00
slimserver Replace platforms.linux with platforms.darwin for expressions that compile on darwin too (too restrictive platforms) 2019-02-18 10:56:58 +01:00
smcroute smcroute: 2.4.3 -> 2.4.4 2019-03-02 23:14:16 +01:00
softether softether: blacklist aarch64-linux platform 2018-02-23 15:23:50 +03:00
sonarr sonarr: 2.0.0.5252 -> 2.0.0.5301 2019-01-24 11:15:13 +01:00
sql postgresql: Move socket dir to /run/postgresql 2019-03-15 04:52:35 +01:00
squid squid4: 4.0.24 -> 4.4 2018-11-22 14:41:08 +01:00
sslh sslh: 1.19c -> 1.20 2018-11-22 14:36:27 +01:00
syncserver pythonPackages.syncserver: move to all-packages.nix and fix dependencies 2019-01-30 15:59:00 +01:00
tautulli tautulli/plexpy: 1.4.25 -> 2.1.26 (renamed) 2019-02-28 19:07:00 +01:00
tegola Tegola v0.8.1 (#54087) 2019-01-21 23:42:21 +02:00
teleport Replace platforms.linux with platforms.darwin for expressions that compile on darwin too (too restrictive platforms) 2019-02-18 10:56:58 +01:00
traefik traefik: 1.7.8 -> 1.7.9 2019-03-05 18:33:09 +01:00
trezord Replace platforms.linux with platforms.darwin for expressions that compile on darwin too (too restrictive platforms) 2019-02-18 10:56:58 +01:00
tt-rss Merge pull request #53766 from dasJ/tt-rss-instagram 2019-02-17 21:19:15 -08:00
ttyd ttyd: init at 1.4.2_pre174_6df6ac3e 2019-03-06 02:22:49 -06:00
tvheadend tvheadend: 4.2.7 -> 4.2.8 (#54038) 2019-02-24 00:36:23 +01:00
u9fs
udpt
uftp uftp: 4.9.8 -> 4.9.9 2019-02-22 12:31:58 +01:00
uhub uhub: fix build for aarch64 2018-10-12 13:44:22 +02:00
ums
unfs3
unifi unifiStable: 5.10.17 -> 5.10.19 (#56992) 2019-03-07 23:11:43 +01:00
uwsgi uwsgi: 2.0.17.1 -> 2.0.18 2019-02-15 01:58:21 -08:00
varnish varnish6: 6.1.0 -> 6.1.1 2018-11-08 07:17:01 -08:00
web-apps shaarli: 0.10.2 -> 0.10.3 2019-03-03 09:16:43 +01:00
webmetro webmetro: init => unstable-20180426 (#39673) 2018-05-20 23:27:34 +02:00
x11 xorg.editres: fix build (#56979) 2019-03-07 23:01:46 +01:00
xinetd
xmpp treewide: use runtimeShell instead of stdenv.shell whenever possible 2019-02-26 14:10:49 +00:00
zoneminder zoneminder: init at 1.32.3 2019-01-15 21:27:45 +08:00
zookeeper treewide: use runtimeShell instead of stdenv.shell whenever possible 2019-02-26 14:10:49 +00:00