Commit graph

553 commits

Author SHA1 Message Date
Eelco Dolstra
86721a5f78
Allow attaching to non-child processes by default
The inability to run strace or gdb is the kind of
developer-unfriendliness that we're used to from OS X, let's not do it
on NixOS.

This restriction can be re-enabled by setting

  boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1;

It might be nice to have a NixOS module for enabling hardened defaults.

Xref #14392.

Thanks @abbradar.
2017-03-21 18:48:35 +01:00
Carlos D
e6a02918ce Expand on creating USB bootable for OS X 2017-03-21 17:31:10 +01:00
Robin Gloster
c93eb74e6a Merge pull request #23838 from mayflower/remove-md5
fetch-*: remove md5 support
2017-03-21 13:27:51 +01:00
Frederik Rietdijk
94eb74eaad Merge remote-tracking branch 'upstream/master' into HEAD 2017-03-21 13:04:37 +01:00
Frederik Rietdijk
4263c53f66 Python changelog 2017-03-21 11:05:03 +01:00
Robin Gloster
5e0f932de0
rl-notes 17.03: info on python module location
closes #11567
2017-03-20 23:28:51 +01:00
Robin Gloster
c066dc8416
fetch-*: add md5 support removal to rl-notes 2017-03-20 22:26:02 +01:00
Thomas Tuegel
d458b5401a
nixos/fontconfig: add Changelog message about FreeType update 2017-03-20 10:39:48 -05:00
Franz Pletz
8ab2d2ee27
rmilter service: support only one socket 2017-03-17 23:00:34 +01:00
Graham Christensen
0705346de4 Merge pull request #23512 from matthiasbeyer/doc-fix-xfce
doc: Remove indention from program listings
2017-03-06 17:33:13 -05:00
Matthias Beyer
87f57de8e5 Wrap command in <command> 2017-03-05 14:21:45 +01:00
Matthias Beyer
0a18a56375 nixos doc xfce: Tabs -> spaces 2017-03-05 14:20:49 +01:00
Matthias Beyer
1e3dec3baa nixos doc xfce: Fix missing space 2017-03-05 14:20:48 +01:00
Matthias Beyer
c56587eb30 doc: Remove indention from program listings 2017-03-05 14:20:47 +01:00
Daiderd Jordan
35a65a6704
release-nodes: move disabledModules to 17.09 2017-03-05 14:17:00 +01:00
Thomas Tuegel
044c7d091b Merge pull request #23388 from ttuegel/nixos-plasma5
NixOS: Plasma 5 tests and warnings
2017-03-03 09:50:08 -06:00
Thomas Tuegel
ecb65eceaa
nixos/doc/manual: rename plasma5 desktop 2017-03-03 07:29:16 -06:00
Daiderd Jordan
d88721e440
modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.

A new version with a workaround for problems of the reverted original.
Discussion: https://github.com/NixOS/nixpkgs/commit/3f2566689
2017-03-03 13:45:22 +01:00
Vladimír Čunát
fcec3e1c72
Revert "modules: add support for module replacement with disabledModules"
This reverts commit 3f2566689d for now.
Evaluation of the tested job got broken, blocking nixos-unstable.
2017-03-01 21:56:01 +01:00
Vladimír Čunát
b43614a6bb
Merge branch 'staging'
(Truly, this time :-)
2017-03-01 11:34:44 +01:00
Daiderd Jordan
3f2566689d modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.
2017-02-28 00:14:48 +01:00
Vladimír Čunát
81b43ccd57
17.09 release notes: fix typos 2017-02-27 23:03:16 +01:00
Robin Gloster
755902b543
release-notes: add 17.09 2017-02-27 20:46:34 +01:00
Vladimír Čunát
a1919db7cd
Merge branch 'master' into staging 2017-02-27 20:15:27 +01:00
Frederik Rietdijk
f69292ddc0 Python: explain deterministic builds in release notes 2017-02-26 14:51:26 +01:00
Graham Christensen
a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Franz Pletz
9b81dcfda2
nixos/release-notes: fix typos 2017-02-22 08:45:30 +01:00
Jörg Thalheim
27d4f8c717 Merge pull request #23046 from Zimmi48/patch-2
nixos/manual/networkmanager: add info on nm-applet
2017-02-22 01:40:50 +01:00
Jörg Thalheim
6a044f1841 Merge pull request #23045 from Zimmi48/patch-1
nixos/manual/xserver: propose more alternatives
2017-02-22 01:38:25 +01:00
Jörg Thalheim
5b14e91717 Merge pull request #22822 from Mic92/iputils
iputils: 20151218 -> 20161105
2017-02-22 00:37:13 +01:00
Jörg Thalheim
45719174c3
nixos/release-notes: mention iputils changes 2017-02-22 00:32:52 +01:00
Théo Zimmermann
0994d6af9d nixos/manual/networkmanager: add info on nm-applet 2017-02-21 15:20:10 +01:00
Théo Zimmermann
361d730f35 nixos/manual/xserver: propose more alternatives 2017-02-21 14:56:26 +01:00
Lorenzo Manacorda
2c4d9c9228
manual: Add link to config section (#22994)
Add link to "Configuration" chapter from "Changing the Configuration" section.

Also, fix grammar error.
(cherry picked from commit a585f987fa32f2e81b3f273291971151c25f98b7)
2017-02-20 14:32:49 +01:00
Graham Christensen
7483ba0932
Revert "nix-daemon: default useSandbox to true"
This reverts commit d0a086770a.
2017-02-14 14:13:39 -05:00
Graham Christensen
3be1388963 Merge pull request #22767 from grahamc/sandbox-by-default
nix-daemon: default useSandbox to true
2017-02-14 13:57:44 -05:00
Parnell Springmeyer
fb6d13c01a
Addressing feedback and fixing a bug 2017-02-14 07:38:45 -06:00
Parnell Springmeyer
9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Graham Christensen
d0a086770a
nix-daemon: default useSandbox to true 2017-02-13 18:06:01 -05:00
Robin Gloster
7e5424ac09
php: default to php71 2017-02-13 22:48:45 +01:00
Linus Heckemann
b4cd251c54 Manual: document users.users.<name>.hashedPassword 2017-02-13 13:54:40 +01:00
Vladimír Čunát
3348905cde
xorg-server: major bump 1.18.4 -> 1.19.1
I encountered no problems with it.  Nvidia binary drivers are tested,
and AMD ones now both set `abiCompat` to use older server versions.
2017-02-12 13:24:44 +01:00
Vladimír Čunát
d4bf624f96
nixos manual: add grub option to avoid #21830
Close #22659.  vcunat edited this slightly.
2017-02-11 12:47:15 +01:00
Graham Christensen
d9ab783f58
nixos manual: correct reference to sddm 2017-02-10 22:52:08 -05:00
Graham Christensen
b12564cc1b
nixos: update default cases from KDM/KDE4 to SDDM/KDE5 2017-02-09 21:52:00 -05:00
Edward Tjörnhammar
2f5fdaefec
nixos, doc: dictd dbs move 2017-02-09 22:23:11 +01:00
Edward Tjörnhammar
3c9d73f100
nixos, doc: named nylons 2017-02-09 21:18:57 +01:00
Vladimír Čunát
378662bbba
Merge #22491: Add documentation for Xfce 2017-02-09 18:39:36 +01:00
Vladimír Čunát
a0505989c9
Xfce docs nitpicks
- fix validity
- XFCE -> Xfce, as that seems to be upstream preference
2017-02-09 18:38:01 +01:00
Nikolay Amiantov
504774e223 release notes: mention JRE changes and jre_headless 2017-02-08 21:36:22 +03:00
Matthias Beyer
de592483d1 Add xfce documentation 2017-02-07 17:55:40 +01:00
Matthias Beyer
bf56d17b2c fixup! Add documentation for XFCE 2017-02-06 09:17:52 +01:00
Matthias Beyer
4b5a230d1d Add documentation for XFCE 2017-02-06 09:10:05 +01:00
Nikolay Amiantov
52c7e647ab postfix service: don't empty local_recipient_maps
From Postfix documentation:

With this setting, the Postfix SMTP server will not reject mail with "User
unknown in local recipient table". Don't do this on systems that receive mail
directly from the Internet. With today's worms and viruses, Postfix will become
a backscatter source: it accepts mail for non-existent recipients and then
tries to return that mail as "undeliverable" to the often forged sender
address.
2017-02-06 01:41:27 +03:00
Nikolay Amiantov
5247140e57 Merge pull request #21875 from abbradar/gateway-interface
Allow specifying interface for default gateway
2017-02-03 02:26:31 +03:00
Nikolay Amiantov
4feb0a998a manual: mention needed options for IPv6 2017-02-02 01:53:00 +03:00
Parnell Springmeyer
6777e6f812
Merging with upstream 2017-01-29 05:54:01 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00
Frederik Rietdijk
46b1ea260a pythonPackages.ansible2: move 2.2 to separate file, make default
`pythonPackages.ansible_2_2` is now the default `ansible`.
2017-01-27 10:15:31 +01:00
Parnell Springmeyer
a26a796d5c
Merging against master - updating smokingpig, rebase was going to be messy 2017-01-26 02:00:04 -08:00
Parnell Springmeyer
025555d7f1
More fixes and improvements 2017-01-26 00:05:40 -08:00
aszlig
d01b9493c9
nixos/doc/installing: Fix typo in <literal/>
The tag wasn't properly closed which caused the manual build to fail.

Tested with: nix-build nixos/release.nix -A manual.x86_64-linux

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-01-25 21:40:07 +01:00
Pascal Bach
a6968ad43c installing: document how to activate SSH during installation 2017-01-25 21:09:31 +01:00
Franz Pletz
8d5a4c53b8
nixos/release-notes: document conntrack helper changes 2017-01-25 01:14:05 +01:00
John Ericson
7dc4e43837 nixos doc: Mention cross overhaul in 17.03 release notes 2017-01-24 11:37:56 -05:00
Nicolas B. Pierron
0214d94b24 Remove extra "in" keyword from the release notes about overlays.
Thanks to @teh for reporting this issue on the pull request.
2017-01-17 21:24:44 +00:00
Nicolas B. Pierron
8366525cbf Fix release-notes compilation. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
2d6532b330 Update overlay documentation by following nits from aneeshusa. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
ae7e893de1 Improve the realse notes with the upcoming documentation links, and a better example of how to convert overridePackages usage. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
6a83c315ec Add missing line break in the release notes. 2017-01-16 01:17:33 +01:00
Nicolas B. Pierron
f5dfe78a1e Add overlays mechanism to Nixpkgs.
This patch add a new argument to Nixpkgs default expression named "overlays".

By default, the value of the argument is either taken from the environment variable `NIXPKGS_OVERLAYS`,
or from the directory `~/.nixpkgs/overlays/`.  If the environment variable does not name a valid directory
then this mechanism would fallback on the home directory.  If the home directory does not exists it will
fallback on an empty list of overlays.

The overlays directory should contain the list of extra Nixpkgs stages which would be used to extend the
content of Nixpkgs, with additional set of packages.  The overlays, i-e directory, files, symbolic links
are used in alphabetical order.

The simplest overlay which extends Nixpkgs with nothing looks like:

```nix
self: super: {
}
```

More refined overlays can use `super` as the basis for building new packages, and `self` as a way to query
the final result of the fix-point.

An example of overlay which extends Nixpkgs with a small set of packages can be found at:
  https://github.com/nbp/nixpkgs-mozilla/blob/nixpkgs-overlay/moz-overlay.nix

To use this file, checkout the repository and add a symbolic link to
the `moz-overlay.nix` file in `~/.nixpkgs/overlays` directory.
2017-01-16 01:17:33 +01:00
John Ericson
0ef8b69d12 top-level: Modernize stdenv.overrides giving it self and super
Document breaking change in 17.03 release notes
2017-01-13 10:36:11 -05:00
Vladimír Čunát
2b8566f556
release notes: grammar nitpicks in an entry
/cc #21257.
2016-12-18 13:31:56 +01:00
Jörg Thalheim
feb6dbc916 ntp: document new default ntp service in release notes 2016-12-18 12:25:46 +01:00
Théo Zimmermann
fba6537341 doc: correct typo (#21176) 2016-12-15 17:13:44 +01:00
Domen Kožar
073cb330ca doc: remove last mention of <nixos> 2016-12-11 19:51:35 +01:00
David Terry
f067bca841 nixos: docs: note that channels are per user 2016-12-07 09:06:25 +01:00
Eric Sagnes
2b1d67a275 manual: reviewing contributions nixos -> nixpkgs (#20626) 2016-11-22 15:15:02 +01:00
Cillian de Roiste
c9b0e88c0b NixOS Manual: Container Networking with NM
Network Manager calls dhclient on container interfaces and fails
which locks you out of the container after a few seconds, unless
you tell it not to manage these interfaces.
2016-11-20 17:25:33 +01:00
Nikolay Amiantov
6bb292d42b parsoid service: update, use declarative configuration
Old configuration format is disabled now (it can still be used, but with
additional steps). This is a backwards incompatible change.
2016-11-20 19:12:14 +03:00
Andres Nötzli
95b5e4c46a NixOS manual: Update link to list of AMIs 2016-11-07 11:24:15 -08:00
Eric Sagnes
e14de56613 module system: extensible option types 2016-11-06 00:05:58 +01:00
Eric Sagnes
1fe1cdecb2 types: loeOf -> listOf 2016-11-05 21:46:42 +01:00
Vladimír Čunát
559ddae410
nixos manual: clarify "attributes of function" 2016-11-05 11:02:04 +01:00
Aneesh Agrawal
3d99eea852 docs: use overrideAttrs instead of overrideDerivation 2016-10-30 14:34:40 -04:00
Bjørn Forsman
8cbdd9d0c2 nixos/release-notes: move "PHP config-file-scan-dir" from 16.09 to 17.03
Commits

  351d12437 ("nixos/release-notes: PHP config-file-scan-dir /etc -> /etc/php.d")
  41c8aa8d6 ("php: change config-file-scan-dir from /etc to /etc/php.d")

were merged to master _after_ NixOS 16.09. Commit 351d12437 then wrongly
updated the NixSO 16.09 release notes. Fix by moving the entry to NixOS
17.03.
2016-10-16 17:21:24 +02:00
Vladimír Čunát
54a76b3f5d release-notes: fixup bad conflict resolution in bef6bef
/cc #19324.
2016-10-13 09:49:47 +02:00
Profpatsch
bef6bef0d2
stdenv/stripHash: print to stdout, not to variable
`stripHash` documentation states that it prints out the stripped name to
the stdout, but the function stored the value in `strippedName`
instead.

Basically all usages did something like
`$(stripHash $foo | echo $strippedName)` which is just braindamaged.
Fixed the implementation and all invocations.
2016-10-11 18:34:36 +02:00
Jörg Thalheim
8a690b2a9f Merge pull request #17922 from bjornfor/php-config-file-scan-dir
php: change config-file-scan-dir from /etc to /etc/php.d
2016-10-09 21:45:48 +02:00
Jörg Thalheim
da5c0220aa Merge pull request #17622 from rvl/nixos-manual-writing-documentation
Add documentation about writing NixOS documentation
2016-10-09 13:39:08 +02:00
Aneesh Agrawal
dfb7ea6fd1 kernel: Document Yama implications in release notes 2016-10-08 17:46:33 +02:00
Pascal Bach
8c053633df Fix xml validation error in NixOS releases documentation 2016-10-07 22:49:05 +02:00
Domen Kožar
ed6ea7416a Document NixOS release process #4442 2016-10-07 09:49:47 +02:00
Alexander Ried
0a0347c589 reviewing-contributions.xml: fix typo 2016-10-05 10:40:32 +02:00
Eric Sagnes
caef192c81 nixos-manual: reviewing chapter cleanup 2016-10-02 00:50:16 +09:00
zimbatm
0e3e7a6bcd Merge pull request #18972 from ericsagnes/doc/reviewing-contributions
[WIP] nixos-doc: add reviewing contributions chapter
2016-10-01 15:09:12 +01:00
Eric Sagnes
bf86f9f016 improvements from feedback 2 2016-10-01 19:02:09 +09:00
Peter Simons
6e785be571 Document removal of LTS Haskell package sets in 16.09 release notes.
This patch closes https://github.com/NixOS/nixpkgs/issues/14897.
2016-09-30 14:53:31 +02:00
Domen Kožar
73dd89205c changelog for #18011
(cherry picked from commit 51cf16f4b4281edb788c1097d18201a86656be4d)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Domen Kožar
3781095b5d changelog for #18365
(cherry picked from commit 14c16f2fdb41794e7b9eeb9ab52137c1edbe3471)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00