This is the master branch of nixpkgs, initially pulled from commit 8debf2f9a63d54ae4f28994290437ba54c681c7b The intent of this repo is to be merged onto nixpkgs master. This will also be of help for https://git.suyu.dev/BoomMicrophone/suyu-nix-test which I will need in order for development (it will also be helpful to know what to do for setting up the environment for the master server. Currently I am focusing on this so I can actually see what is still missing) This repo will be removed once the PR to the nixpkgs github goes through
Find a file
Graham Christensen a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
.github CONTRIBUTING.md: improve commit message guidelines 2017-02-06 22:26:32 +02:00
doc nixpkgs: allow packages to be marked insecure 2017-02-24 07:41:05 -05:00
lib ndpi: init at 1.8 2017-02-22 00:20:10 -08:00
maintainers Add a script to get failures for hydra eval /cc @globin 2017-01-28 22:29:15 +01:00
nixos nixpkgs: allow packages to be marked insecure 2017-02-24 07:41:05 -05:00
pkgs nixpkgs: allow packages to be marked insecure 2017-02-24 07:41:05 -05:00
.editorconfig Do not trim trailing whitespace in patch files 2017-01-12 23:44:26 +01:00
.gitignore
.mention-bot
.travis.yml travis: also evaluate nixpkgs-unstable 2016-12-15 22:43:14 +01:00
.version
COPYING Time passing by 2017-01-01 21:35:52 +01:00
default.nix
README.md

logo

Build Status Code Triagers Badge

Nixpkgs is a collection of packages for the Nix package manager. It is periodically built and tested by the hydra build daemon as so-called channels. To get channel information via git, add nixpkgs-channels as a remote:

% git remote add channels git://github.com/NixOS/nixpkgs-channels.git

For stability and maximum binary package support, it is recommended to maintain custom changes on top of one of the channels, e.g. nixos-16.09 for the latest release and nixos-unstable for the latest successful build of master:

% git remote update channels
% git rebase channels/nixos-16.09

For pull-requests, please rebase onto nixpkgs master.

NixOS linux distribution source code is located inside nixos/ folder.

Communication: