Commit graph

42030 commits

Author SHA1 Message Date
Kirill Elagin
ca7978a09d ohci_pci is required in initrd since kernel 3.11 2014-04-21 15:42:05 +04:00
Austin Seipp
2661400d2a cgit: bump git version to 1.9.2
This also updates the download URL to use kernel.org

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 00:47:16 -05:00
Domen Kožar
399d7839ef Merge pull request #2233 from ertes/ertes-keepassx-split
keepassx: Renamed KeePassX 2.0 to keepassx2.
2014-04-13 05:15:56 +02:00
James Cook
21cb9c24f0 Patch python32 for CVE-2014-1912. 2014-04-13 05:15:19 +02:00
James Cook
324ade4658 Patch python27 for CVE-2014-1912. 2014-04-13 05:15:19 +02:00
Austin Seipp
a3155a0e2a nixos: add a UID for Hydra
Otherwise the Hydra module can't be used when mutableUsers = false;

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 21:20:18 -05:00
Ertugrul Söylemez
a0886ae024 keepassx: Renamed KeePassX 2.0 to keepassx2. 2014-04-13 03:28:20 +02:00
Domen Kožar
7e37e4b5ee Merge pull request #2184 from offlinehacker/pkgs/pythonPacakges/sqlalchemy-imageattach_darwin_fix
pythonPackages: sqlalchemy-imageattach, fix tests on darwin
2014-04-13 00:25:25 +02:00
Domen Kožar
1988bbd990 Merge pull request #2231 from jwiegley/master
Change several package constraints from linux to unix
2014-04-13 00:24:28 +02:00
John Wiegley
010132e302 Change several package constraints from linux to unix
They all build on Darwin.
2014-04-12 16:01:16 -05:00
Oliver Charles
d64fdccaa7 Merge pull request #2230 from bennofs/update-yi
haskell: update yi to 0.8.1
2014-04-12 21:56:25 +01:00
Benno Fünfstück
2fd160f027 haskell: update yi to 0.8.1 2014-04-12 20:33:15 +02:00
Vladimír Čunát
1ae918b0d2 gtk3: bugfix update 3.12.0 -> .1 2014-04-12 20:25:15 +02:00
Austin Seipp
64efd184ed grsecurity: Fix GRKERNSEC_PROC restrictions
Previously we were setting GRKERNSEC_PROC_USER y, which was a little bit
too strict. It doesn't allow a special group (e.g. the grsecurity group
users) to access /proc information - this requires
GRKERNSEC_PROC_USERGROUP y, and the two are mutually exclusive.

This was also not in line with the default automatic grsecurity
configuration - it actually defaults to USERGROUP (although it has a
default GID of 1001 instead of ours), not USER.

This introduces a new option restrictProcWithGroup - enabled by default
- which turns on GRKERNSEC_PROC_USERGROUP instead. It also turns off
restrictProc by default and makes sure both cannot be enabled.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 11:16:05 -05:00
John Wiegley
b296895abe Allow lsof to build on darwin (fixes #2219)
Closes #2219, closes #2223

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 11:14:18 -05:00
John Wiegley
c3efd1a3f7 Update httrack recipe
Closes #2222

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 10:55:01 -05:00
Michael Raskin
97982c4085 Update MDBTools Git version 2014-04-12 19:29:40 +04:00
John Wiegley
0ef3c47778 Add recipes for a few Haskell libraries 2014-04-12 10:22:37 -05:00
Oliver Charles
1b7a8e6f5b Merge pull request #2217 from bennofs/haskell-uri
Add uri haskell package
2014-04-12 16:09:46 +01:00
Oliver Charles
3f1af5f709 haskellPackages.bert: Update to 1.2.2.2 2014-04-12 16:06:35 +01:00
Oliver Charles
99d8ef0673 haskellPackages.snapCORS: New expression 2014-04-12 16:04:40 +01:00
Benno Fünfstück
796ea8ee11 haskell: add uri package 2014-04-12 16:59:29 +02:00
William A. Kennington III
4fea09ca4c google_api_python_client: Add package
Closes #2178

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 08:11:46 -05:00
Oliver Charles
9bf24c207f Merge pull request #2216 from aristidb/master
perl: Finance::Quote 1.29
2014-04-12 14:09:40 +01:00
Aristid Breitkreuz
c62b9e56f8 perl: Finance::Quote 1.29 2014-04-12 14:40:03 +02:00
Cillian de Róiste
6c1ac8159b oxygen_gtk: update from 1.4.4 to 1.4.5 2014-04-12 11:59:03 +02:00
Cillian de Róiste
02e693c400 synthv1: update from 0.4.0 to 0.4.1 2014-04-12 11:58:29 +02:00
Cillian de Róiste
440a174e2d samplv1: update from 0.4.0 to 0.4.1 2014-04-12 11:58:13 +02:00
Cillian de Róiste
aee930586f drumkv1: update from 0.4.0 to 0.4.1 2014-04-12 11:57:43 +02:00
Vladimír Čunát
83cb0354e9 clang_34: make it evaluate to 3.4 even on Darwin 2014-04-12 09:46:37 +02:00
Austin Seipp
172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Austin Seipp
cf24cf1184 capstone: attempt to fix Linux build, remove Darwin build
The Darwin build seems fixable but I can't test right now.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:41:14 -05:00
Austin Seipp
036a7708a2 libseccomp: attempt to fix Hydra build
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:37:19 -05:00
Austin Seipp
acd5a9d8b4 spiped: attempt to fix linux Hydra build
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:35:08 -05:00
Austin Seipp
71d7bec227 p0f: build fix attempt for Hydra
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 21:32:30 -05:00
Shea Levy
c47d3bb600 Merge branch 'revert-postgres-superuser'
The recent postgres superuser changes have caused a lot of breakages to
existing systems, and we are very close to branching for the 14.04
stable release. We can bring this back after.
2014-04-11 19:24:22 -04:00
Shea Levy
0122697550 Revert "Merge branch 'postgresql-user' of git://github.com/ocharles/nixpkgs"
Reverting postgres superuser changes until after stable.

This reverts commit 6cc0cc7ff6, reversing
changes made to 3c4be425db.
2014-04-11 19:23:03 -04:00
Shea Levy
9b077bac58 Revert "postgresql: properly fix permissions issue by in postStart"
Reverting postgres superuser changes until after stable.

This reverts commit c66be6378d.
2014-04-11 19:22:43 -04:00
Shea Levy
e9e60103de Revert "Create the 'postgres' superuser"
Reverting postgres superuser changes until after stable.

This reverts commit 7de29bd26f.
2014-04-11 19:22:39 -04:00
Shea Levy
c23050e231 Revert "Use PostgreSQL 9.3's pg_isready to wait for connectivity"
Reverting postgres superuser changes until after stable.

This reverts commit e206684110.
2014-04-11 19:21:50 -04:00
Mathijs Kwik
b21853f255 Fix initrd breaking by recent repeatable-builds changes
See the comments at f67015cae4
for more information.

Please note: this makes initrd unrepeatable again, but most people will prefer that above an unbootable system.
2014-04-12 00:06:30 +02:00
Mathijs Kwik
5a3fa7f88f nvidia-x11: patch for kernel 3.14 support 2014-04-11 23:40:16 +02:00
Peter Simons
50b1a8ea0b haskell-diagrams-postscript: update to version 1.0.2.4 2014-04-11 22:33:12 +02:00
Peter Simons
d2e61750df haskell-diagrams-lib: update to version 1.1.0.6 2014-04-11 22:33:11 +02:00
Peter Simons
ce15e84af3 haskell-diagrams-contrib: update to version 1.1.1.4 2014-04-11 22:33:11 +02:00
Peter Simons
716cffc1bb haskell-language-c-inline: re-generate with cabal2nix 2014-04-11 22:33:11 +02:00
Peter Simons
f32be2da85 haddock: update to version 2.14.2 2014-04-11 22:33:11 +02:00
Peter Simons
86177f06e9 haskell-haskell-src: add version 1.0.1.6 2014-04-11 22:33:11 +02:00
Peter Simons
f5dd4d383b haskell-HTTP: update to version 4000.2.12 2014-04-11 22:33:11 +02:00
Peter Simons
fd376138b2 haskell-yesod-core: update to version 1.2.12 2014-04-11 22:33:11 +02:00