Commit graph

81387 commits

Author SHA1 Message Date
aszlig
cfb6ce2abe
nixos/tests/taskserver: Make tests less noisy
We were putting the whole output of "nixos-taskserver export-user" from
the server to the respective client and on every such operation the
whole output was shown again in the test log.

Now we're *only* showing these details whenever a user import fails on
the client.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:49:47 +02:00
aszlig
7889fcfa41
nixos/taskserver/helper: Implement deletion
Now we finally can delete organisations, groups and users along with
certificate revocation. The new subtests now make sure that the client
certificate is also revoked (both when removing the whole organisation
and just a single user).

If we use the imperative way to add and delete users, we have to restart
the Taskserver in order for the CRL to be effective.

However, by using the declarative configuration we now get this for
free, because removing a user will also restart the service and thus its
client certificate will end up in the CRL.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:41:41 +02:00
Tobias Geerinckx-Rice
f019db633f
borgbackup: 1.0.0 -> 1.0.1
Changes: https://github.com/borgbackup/borg/blob/1.0.1/docs/changes.rst
2016-04-12 01:35:24 +02:00
Joachim Fasting
27035365ec build-support/grsecurity: simplify the grsecurityOverrider
Adding inputs required by gcc plugins to the ambient environment is sufficient.
2016-04-12 01:23:32 +02:00
Joachim Fasting
cee752b8e2 torbrowser: remove unnecessary stdenv override
Now that gcc = gcc5
2016-04-12 01:23:23 +02:00
joachifm
892dbdbabb Merge pull request #14608 from markus1189/sysdig
sysdig: 0.8.0 -> 0.9.0
2016-04-12 01:14:49 +02:00
aszlig
3008836fee
nixos/taskserver: Add a command to reload service
Unfortunately we don't have a better way to check whether the reload has
been done successfully, but at least we now *can* reload it without
figuring out the exact signal to send to the process.

Note that on reload, Taskserver will not reload the CRL file. For that
to work, a full restart needs to be done.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-12 01:04:34 +02:00
Tobias Geerinckx-Rice
ad794fed9c
{lib,pcman}fm: 1.2.3 -> 1.2.4 2016-04-11 23:39:47 +02:00
Tobias Geerinckx-Rice
06dceaa5b2
geoclue2: 2.4.2 -> 2.4.3 2016-04-11 23:39:47 +02:00
Tobias Geerinckx-Rice
d6c50706be
zpaq: 709 -> 710
Adds multi-part archives, -index. Some UI changes.
2016-04-11 23:39:47 +02:00
joachifm
2e2a87e57a Merge pull request #14376 from acowley/qhull
qhull: darwin compatibility
2016-04-11 23:17:20 +02:00
joachifm
b70f9dc172 Merge pull request #14353 from acowley/tbb
tbb: darwin compatibility
2016-04-11 23:15:31 +02:00
aszlig
b6643102d6
nixos/taskserver: Generate a cert revocation list
If we want to revoke client certificates and want the server to actually
notice the revocation, we need to have a valid certificate revocation
list.

Right now the expiration_days is set to 10 years, but that's merely to
actually get certtool to actually generate the CRL without trying to
prompt for user input.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 23:07:58 +02:00
aszlig
d0ab617974
nixos/taskserver: Constrain server cert perms
It doesn't do much harm to make the server certificate world readable,
because even though it's not accessible anymore via the file system,
someone can still get it by simply doing a TLS handshake with the
server.

So this is solely for consistency.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 22:59:30 +02:00
aszlig
6e10705754
nixos/taskserver: Handle declarative conf via JSON
We now no longer have the stupid --service-helper option, which silences
messages about already existing organisations, users or groups.

Instead of that option, we now have a new subcommand called
"process-json", which accepts a JSON file directly from the specified
NixOS module options and creates/deletes the users accordingly.

Note that this still has a two issues left to solve in this area:

 * Deletion is not supported yet.
 * If a user is created imperatively, the next run of process-json will
   delete it once deletion is supported.

So we need to implement deletion and a way to mark organisations, users
and groups as "imperatively managed".

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 22:24:58 +02:00
aszlig
cf0501600a
nixos/taskserver/helper: Factor out program logic
The Click functions really are for the command line and should be solely
used for that.

What I have in mind is that instead of that crappy --service-helper
argument, we should really have a new subcommand that is expecting JSON
which is directly coming from the services.taskserver.organisations
module option.

That way we can decrease even more boilerplate and we can also ensure
that organisations, users and groups get properly deleted if they're
removed from the NixOS configuration.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 22:19:50 +02:00
Markus Hauck
f51f993be2 sysdig: 0.8.0 -> 0.9.0 2016-04-11 21:51:09 +02:00
Graham Christensen
43bf20def9 imagemagick: 8.9.2-0 -> 8.9.3-8 2016-04-11 14:47:16 -05:00
aszlig
7875885fb2
nixos/taskserver: Link to manual within .enable
With <olink/> support in place, we can now reference the Taskserver
section within the NixOS manual, so that users reading the manpage of
configuration.nix(5) won't miss this information.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 18:45:09 +02:00
aszlig
1d77dcaed3
nixos/doc: Allow refs from options to the manual
My first attempt to do this was to just use a conditional <refsection/>
in order to not create exact references in the manpage but create the
reference in the HTML manual, as suggested by @edolstra on IRC.

Later I went on to use <olink/> to reference sections of the manual, but
in order to do that, we need to overhaul how we generate the manual and
manpages.

So, that's where we are now:

There is a new derivation called "manual-olinkdb", which is the olinkdb
for the HTML manual, which in turn creates the olinkdb.xml file and the
manual.db. The former contains the targetdoc references and the latter
the specific targetptr elements.

The reason why I included the olinkdb.xml verbatim is that first of all
the DTD is dependent on the Docbook XSL sources and the references
within the olinkdb.xml entities are relative to the current directory.

So using a store path for that would end up searching for the manual.db
directly in /nix/store/manual.db.

Unfortunately, the <olinks/> that end up in the output file are
relative, so for example if you're clicking on one of these within the
PDF, the URL is searched in the current directory.

However, the sections from the olink's text are still valid, so we could
use an alternative URL for that in the future.

The manual doesn't contain any links, so even referencing the relative
URL shouldn't do any harm.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @edolstra
2016-04-11 18:38:04 +02:00
Pascal Wittmann
a2aec04abc Merge pull request #14601 from NeQuissimus/slack203
slack: 2.0.1 -> 2.0.3
2016-04-11 18:25:29 +02:00
obadz
c3860bf008 haskellPackages.haste-compiler: fix build issue in #14581 2016-04-11 17:21:18 +01:00
Nikolay Amiantov
b3d3a1c7ea openscenegraph: enable parallel building 2016-04-11 18:34:15 +03:00
Tim Steinbach
0dfcc687be slack: 2.0.1 -> 2.0.3 2016-04-11 11:12:50 -04:00
Peter Simons
62baa5df29 Merge pull request #14581 from obadz/haste-compiler
haskellPackages.haste-compiler: fix so that it now builds and runs
2016-04-11 16:43:16 +02:00
Tobias Geerinckx-Rice
57ef1712e3
Substite new GitHub username ‘timbertson’ for ‘gfxmonk’ 2016-04-11 16:35:18 +02:00
obadz
7f2163fc97 haskellPackages.haste-compiler: fix so that it now builds and runs
Required adding:
haskellPackages.haste-Cabal, and
haskellPackages.haste-cabal-install
2016-04-11 15:24:56 +01:00
Tobias Geerinckx-Rice
613cef6240
gup: 0.5.4 -> 0.5.5; use fetchFromGitHub 2016-04-11 16:21:12 +02:00
joachifm
75d385f9fc Merge pull request #14597 from valeriangalliat/hotfix/shout
Shout: fix infinite loop in service configuration
2016-04-11 16:07:11 +02:00
Valérian Galliat
26dc7e503d Shout: fix infinite loop in service configuration
Fixes #14594.
2016-04-11 09:58:52 -04:00
obadz
e8b3532d26 xqilla: init at 2.3.3 2016-04-11 13:57:19 +01:00
Tim Steinbach
5e5ef22d73 linux_testing: 4.6-rc2 -> 4.6-rc3 (#14592) 2016-04-11 13:44:34 +01:00
Nicolas Petton
a65c6f4932 skype: Use a larger icon for the .desktop file (#14591) 2016-04-11 13:35:55 +01:00
Ricardo Ardissone
6312610911 mygui: add withOgre argument 2016-04-11 08:38:54 -03:00
aszlig
b19fdc9ec9
nixos/taskserver: Set server.crl for automatic CA
Currently, we don't handle this yet, but let's set it so that we cover
all the options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 13:38:33 +02:00
aszlig
05a7cd17fc
nixos/taskserver: Rename .pki options
We're now using .pki.server.* and .pki.ca.* so that it's entirely clear
what these keys/certificates are for. For example we had just .pki.key
before, which doesn't really tell very much about what it's for except
if you look at the option description.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 13:33:48 +02:00
aszlig
6395c87d07
nixos/taskserver: Improve doc for PKI options
The improvement here is just that we're adding a big <note/> here so
that users of these options are aware that whenever they're setting one
of these the certificates and keys are _not_ created automatically.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:58:29 +02:00
aszlig
6df374910f
nixos/taskserver: Move .trust out of .pki
This is clearly a server configuration option and has nothing to do with
certificate creation and signing, so let's move it away from the .pki
namespace.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:47:39 +02:00
aszlig
3affead91b
nixos/taskserver: Move .pki.fqdn to .fqdn
It's not necessarily related to the PKI options, because this is also
used for setting the server address on the Taskwarrior client.

So if someone doesn't have his/her own certificates from another CA, all
options that need to be adjusted are in .pki. And if someone doesn't
want to bother with getting certificates from another CA, (s)he just
doesn't set anything in .pki.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:42:20 +02:00
aszlig
6de94e7d24
nixos/taskserver: Rename .server options to .pki
After moving out the PKI-unrelated options, let's name this a bit more
appropriate, so we can finally get rid of the taskserver.server thing.

This also moves taskserver.caCert to taskserver.pki.caCert, because that
clearly belongs to the PKI options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:38:16 +02:00
aszlig
d6bd457d1f
nixos/taskserver: Rename server.{host,port}
Having an option called services.taskserver.server.host is quite
confusing because we already have "server" in the service name, so let's
first get rid of the listening options before we rename the rest of the
options in that .server attribute.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:26:34 +02:00
aszlig
636e0e552d
nixos/tests/taskserver: Test imperative users
As the nixos-taskserver command can also be used to imperatively manage
users, we need to test this as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:03:16 +02:00
aszlig
2acf8677fa
nixos/taskserver: Rewrite helper-tool in Python
In the comments of the pull request @nbp wrote:

"Why is it implemented in 3 different languages: Nix, Bash and C?"

And he's right, it doesn't make sense, because we were using C as a
runuser replacement and used Nix to generate the shellscript
boilerplates.

Writing this in Python gets rid of all of this and we also don't need
the boilerplate as well, because we're using Click to handle all the
command line stuff.

Note that this currently is a 1:1 implementation of what we had before.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:02:52 +02:00
Nicolas B. Pierron
48972763c8 Remove pkgs aliases (#14398)
* Security: Remove pkgs aliases of amdappssdk.

* Security: Remove pkgs aliases of amule.

* Security: Remove pkgs aliases of androidnenv.

* Security: Remove pkgs aliases of apacheAnt.

* Security: Remove pkgs aliases of apacheHttp.

* Security: Remove pkgs aliases of apparmor.

* Security: Remove pkgs aliases of ardour.

* Security: Remove pkgs aliases of arduino.

* Security: Remove pkgs aliases of aria.

* Security: Remove pkgs aliases of asciidoc.

* Security: Remove pkgs aliases of aterm.

* Security: Remove pkgs aliases of atlas.

* Security: Remove pkgs aliases of automake.

* Security: Remove pkgs aliases of awesome.

* Security: Remove pkgs aliases of backintime.

* Security: Remove pkgs aliases of binutils.

* Security: Remove pkgs aliases of bison.

* Security: Remove pkgs aliases of bitcoin.

* Security: Remove pkgs aliases of bittorrentSync.

* Security: Remove pkgs aliases of bleuz.

* Security: Remove pkgs aliases of boolector.

* Security: Remove pkgs aliases of boost.

* Security: Remove pkgs aliases of cabal, ghc and stack.

* Security: Remove pkgs aliases of cabal2nix.

* Security: Remove pkgs aliases of cassandra.

* Security: Remove pkgs aliases of cdparanioa.

* Security: Remove pkgs aliases of ceph-dev.

* Security: Remove pkgs aliases of chromium.

* Security: Remove pkgs aliases of clangSelf.

* Security: Remove pkgs aliases of clementine.

* Security: Remove pkgs aliases of clucene_core.

* Security: Remove pkgs aliases of cmake.

* Security: Remove pkgs aliases of conkeror.

* Security: Remove pkgs aliases of construo.

* Security: Remove pkgs aliases of crafty.

* Security: Remove pkgs aliases of crawl.

* Security: Remove pkgs aliases of cryptol.

* Security: Remove pkgs aliases of cudatoolkit.

* Security: Remove pkgs aliases of curl.

* Security: Remove pkgs aliases of darcs.

* Security: Remove pkgs aliases of db.

* Security: Remove pkgs aliases of dblatex.

* Security: Remove pkgs aliases of dbus.

* Security: Remove pkgs aliases of devicemapper.

* Security: Remove pkgs aliases of dfilemanager.

* Security: Remove pkgs aliases of djview.

* Security: Remove pkgs aliases of dmtx.

* Remove useless callPackage above dmtx-utils.

* Security: Remove pkgs aliases of docbook.

* Security: Remove pkgs aliases of doxygen.

* Security: Remove pkgs aliases of drive.

* Security: Remove pkgs aliases of dwarf-fortress.

* Remove useless override function call on dwarf-fortress.

* Use inherit to copy attributes of dwarf-fortress-packages.

* Security: Remove pkgs aliases of eject.

* Security: Remove pkgs aliases of emacs.

* Security: Remove pkgs aliases of erlang.

* Security: Remove pkgs aliases of fam.

* Security: Remove pkgs aliases of faust.

* Security: Remove pkgs aliases of ffmpeg.

* Security: Remove pkgs aliases of fftw.

* Security: Remove pkgs aliases of firefox.

* Security: Remove pkgs aliases of flashplayer-standalone.

* Security: Remove pkgs aliases of fuseki.

* Replace callPackage by callPackages for apparmor's derivations.

* Security: Remove pkgs aliases of gcc-arm-embedded.

* Security: Remove pkgs aliases of gdbGuile.

* Security: Remove pkgs aliases of gecode.

* Remove useless makeOverridable from geoipWithDatabase.

* Remove useless makeOverridable from geoipWithDatabase.

* Security: Remove pkgs aliases of ghostscriptX.

* Security: Remove pkgs aliases of giflib.

* Security: Remove pkgs aliases of gimp.

* Security: Remove pkgs aliases of gitAndTools.

* Security: Remove pkgs aliases of glfw.

* Security: Remove pkgs aliases of glib.

* Security: Remove pkgs aliases of gmp.

* Security: Remove pkgs aliases of gnome.

* Security: Remove pkgs aliases of gnumake.

* Security: Remove pkgs aliases of gnupg.

* Security: Remove pkgs aliases of gnuplot.

* Security: Remove pkgs aliases of gnutls.

* Security: Remove pkgs aliases of go.

* Security: Remove pkgs aliases of google-chrome.

* Security: Remove pkgs aliases of gpm.

* Security: Remove pkgs aliases of qt5.

* Security: Remove pkgs aliases of grub2.

* Security: Remove pkgs aliases of gtk.

* Security: Remove pkgs aliases of gtk-sharp.

* Security: Remove pkgs aliases of guile.

* Security: Remove pkgs aliases of hdf5.

* Security: Remove pkgs aliases of heyefi.

* Security: Remove pkgs aliases of hiphopvm.

* Security: Remove pkgs aliases of hplip.

* Security: Remove pkgs aliases of icedtea_web.

* Security: Remove pkgs aliases of imagemagick.

* Security: Remove pkgs aliases of iperf.

* Security: Remove pkgs aliases of ipfs.

* Security: Remove pkgs aliases of isl.

* Security: Remove pkgs aliases of jackmix.

* Security: Remove pkgs aliases of jdk & jre.

* Security: Remove pkgs aliases of kde4.

* Security: Remove pkgs aliases of kodi.

* Security: Remove pkgs aliases of lcms.

* Security: Remove pkgs aliases of ledger.

* Security: Remove pkgs aliases of libaudit.

* Security: Remove pkgs aliases of libav.

* Security: Remove pkgs aliases of libcanberra.

* Security: Remove pkgs aliases of libceph.

* Security: Remove pkgs aliases of libdbiDrivers.

* Security: Remove pkgs aliases of libdevil.

* Security: Remove pkgs aliases of liberation_ttf.

* Security: Remove pkgs aliases of libffado.

* Security: Remove pkgs aliases of libheimdal.

* Security: Remove pkgs aliases of libjack2.

* Security: Remove pkgs aliases of libjpeg.

* Security: Remove pkgs aliases of libkrb5.

* Security: Remove pkgs aliases of liblapack.

* Security: Remove pkgs aliases of liblrdf.

* Security: Remove pkgs aliases of libmusicbrainz.

* Security: Remove pkgs aliases of libnghttp2.

* Security: Remove pkgs aliases of libpng.

* Security: Remove pkgs aliases of librecad.

* Security: Remove pkgs aliases of libressl.

* Security: Remove pkgs aliases of libsysfs.

* Security: Remove pkgs aliases of libtool.

* Security: Remove pkgs aliases of libuv.

* Security: Remove pkgs aliases of libv4l.

* Security: Remove pkgs aliases of libwnck.

* Security: Remove pkgs aliases of libxfs.

* Security: Remove pkgs aliases of libxml2.

* Security: Remove pkgs aliases of lightdm.

* Security: Remove pkgs aliases of linuxHeaders.

* Security: Remove pkgs aliases of linux and linuxPackages.

* Security: Remove pkgs aliases of llvmPackages.

* Security: Remove pkgs aliases of llvm.

* Security: Remove pkgs aliases of love.

* Security: Remove pkgs aliases of lua.

* Security: Remove pkgs aliases of luaPackages.
2016-04-11 10:17:42 +01:00
joachifm
0ac9f3915a Merge pull request #14574 from Beauhurst/php_updates
PHP security updates
2016-04-11 11:03:00 +02:00
joachifm
e1e6b87569 Merge pull request #14582 from AndersonTorres/rxvt
rxvt: 2.6.4 -> 2.7.10
2016-04-11 10:58:26 +02:00
Dan Connolly
a4ce0e233b tortoisehg: 3.6 -> 3.7.1, fixes package
fixes #13507

On June 8 (e8655ee) tortoisehg changed the way
it computes the `/usr/share` directory in a way that
invalidated the assumptions behind the use
of substituteInPlace in postUnpack.
2016-04-11 10:35:31 +02:00
joachifm
9c484f29ce Merge pull request #14564 from valeriangalliat/shout/config
Shout: configure with attrs
2016-04-11 09:56:10 +02:00
joachifm
245f200dd8 Merge pull request #11987 from angus-g/caddy
Add Caddy and its NixOS module
2016-04-11 09:20:21 +02:00
Brian McKenna
d150fe8915 dockerTools: use pigz for final image tar
Saves a few seconds on large images.
2016-04-11 16:32:47 +10:00