Commit graph

81507 commits

Author SHA1 Message Date
Tim Steinbach
5e5ef22d73 linux_testing: 4.6-rc2 -> 4.6-rc3 (#14592) 2016-04-11 13:44:34 +01:00
Nicolas Petton
a65c6f4932 skype: Use a larger icon for the .desktop file (#14591) 2016-04-11 13:35:55 +01:00
Ricardo Ardissone
6312610911 mygui: add withOgre argument 2016-04-11 08:38:54 -03:00
aszlig
b19fdc9ec9
nixos/taskserver: Set server.crl for automatic CA
Currently, we don't handle this yet, but let's set it so that we cover
all the options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 13:38:33 +02:00
aszlig
05a7cd17fc
nixos/taskserver: Rename .pki options
We're now using .pki.server.* and .pki.ca.* so that it's entirely clear
what these keys/certificates are for. For example we had just .pki.key
before, which doesn't really tell very much about what it's for except
if you look at the option description.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 13:33:48 +02:00
aszlig
6395c87d07
nixos/taskserver: Improve doc for PKI options
The improvement here is just that we're adding a big <note/> here so
that users of these options are aware that whenever they're setting one
of these the certificates and keys are _not_ created automatically.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:58:29 +02:00
aszlig
6df374910f
nixos/taskserver: Move .trust out of .pki
This is clearly a server configuration option and has nothing to do with
certificate creation and signing, so let's move it away from the .pki
namespace.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:47:39 +02:00
aszlig
3affead91b
nixos/taskserver: Move .pki.fqdn to .fqdn
It's not necessarily related to the PKI options, because this is also
used for setting the server address on the Taskwarrior client.

So if someone doesn't have his/her own certificates from another CA, all
options that need to be adjusted are in .pki. And if someone doesn't
want to bother with getting certificates from another CA, (s)he just
doesn't set anything in .pki.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:42:20 +02:00
aszlig
6de94e7d24
nixos/taskserver: Rename .server options to .pki
After moving out the PKI-unrelated options, let's name this a bit more
appropriate, so we can finally get rid of the taskserver.server thing.

This also moves taskserver.caCert to taskserver.pki.caCert, because that
clearly belongs to the PKI options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:38:16 +02:00
aszlig
d6bd457d1f
nixos/taskserver: Rename server.{host,port}
Having an option called services.taskserver.server.host is quite
confusing because we already have "server" in the service name, so let's
first get rid of the listening options before we rename the rest of the
options in that .server attribute.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:26:34 +02:00
aszlig
636e0e552d
nixos/tests/taskserver: Test imperative users
As the nixos-taskserver command can also be used to imperatively manage
users, we need to test this as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:03:16 +02:00
aszlig
2acf8677fa
nixos/taskserver: Rewrite helper-tool in Python
In the comments of the pull request @nbp wrote:

"Why is it implemented in 3 different languages: Nix, Bash and C?"

And he's right, it doesn't make sense, because we were using C as a
runuser replacement and used Nix to generate the shellscript
boilerplates.

Writing this in Python gets rid of all of this and we also don't need
the boilerplate as well, because we're using Click to handle all the
command line stuff.

Note that this currently is a 1:1 implementation of what we had before.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:02:52 +02:00
Nicolas B. Pierron
48972763c8 Remove pkgs aliases (#14398)
* Security: Remove pkgs aliases of amdappssdk.

* Security: Remove pkgs aliases of amule.

* Security: Remove pkgs aliases of androidnenv.

* Security: Remove pkgs aliases of apacheAnt.

* Security: Remove pkgs aliases of apacheHttp.

* Security: Remove pkgs aliases of apparmor.

* Security: Remove pkgs aliases of ardour.

* Security: Remove pkgs aliases of arduino.

* Security: Remove pkgs aliases of aria.

* Security: Remove pkgs aliases of asciidoc.

* Security: Remove pkgs aliases of aterm.

* Security: Remove pkgs aliases of atlas.

* Security: Remove pkgs aliases of automake.

* Security: Remove pkgs aliases of awesome.

* Security: Remove pkgs aliases of backintime.

* Security: Remove pkgs aliases of binutils.

* Security: Remove pkgs aliases of bison.

* Security: Remove pkgs aliases of bitcoin.

* Security: Remove pkgs aliases of bittorrentSync.

* Security: Remove pkgs aliases of bleuz.

* Security: Remove pkgs aliases of boolector.

* Security: Remove pkgs aliases of boost.

* Security: Remove pkgs aliases of cabal, ghc and stack.

* Security: Remove pkgs aliases of cabal2nix.

* Security: Remove pkgs aliases of cassandra.

* Security: Remove pkgs aliases of cdparanioa.

* Security: Remove pkgs aliases of ceph-dev.

* Security: Remove pkgs aliases of chromium.

* Security: Remove pkgs aliases of clangSelf.

* Security: Remove pkgs aliases of clementine.

* Security: Remove pkgs aliases of clucene_core.

* Security: Remove pkgs aliases of cmake.

* Security: Remove pkgs aliases of conkeror.

* Security: Remove pkgs aliases of construo.

* Security: Remove pkgs aliases of crafty.

* Security: Remove pkgs aliases of crawl.

* Security: Remove pkgs aliases of cryptol.

* Security: Remove pkgs aliases of cudatoolkit.

* Security: Remove pkgs aliases of curl.

* Security: Remove pkgs aliases of darcs.

* Security: Remove pkgs aliases of db.

* Security: Remove pkgs aliases of dblatex.

* Security: Remove pkgs aliases of dbus.

* Security: Remove pkgs aliases of devicemapper.

* Security: Remove pkgs aliases of dfilemanager.

* Security: Remove pkgs aliases of djview.

* Security: Remove pkgs aliases of dmtx.

* Remove useless callPackage above dmtx-utils.

* Security: Remove pkgs aliases of docbook.

* Security: Remove pkgs aliases of doxygen.

* Security: Remove pkgs aliases of drive.

* Security: Remove pkgs aliases of dwarf-fortress.

* Remove useless override function call on dwarf-fortress.

* Use inherit to copy attributes of dwarf-fortress-packages.

* Security: Remove pkgs aliases of eject.

* Security: Remove pkgs aliases of emacs.

* Security: Remove pkgs aliases of erlang.

* Security: Remove pkgs aliases of fam.

* Security: Remove pkgs aliases of faust.

* Security: Remove pkgs aliases of ffmpeg.

* Security: Remove pkgs aliases of fftw.

* Security: Remove pkgs aliases of firefox.

* Security: Remove pkgs aliases of flashplayer-standalone.

* Security: Remove pkgs aliases of fuseki.

* Replace callPackage by callPackages for apparmor's derivations.

* Security: Remove pkgs aliases of gcc-arm-embedded.

* Security: Remove pkgs aliases of gdbGuile.

* Security: Remove pkgs aliases of gecode.

* Remove useless makeOverridable from geoipWithDatabase.

* Remove useless makeOverridable from geoipWithDatabase.

* Security: Remove pkgs aliases of ghostscriptX.

* Security: Remove pkgs aliases of giflib.

* Security: Remove pkgs aliases of gimp.

* Security: Remove pkgs aliases of gitAndTools.

* Security: Remove pkgs aliases of glfw.

* Security: Remove pkgs aliases of glib.

* Security: Remove pkgs aliases of gmp.

* Security: Remove pkgs aliases of gnome.

* Security: Remove pkgs aliases of gnumake.

* Security: Remove pkgs aliases of gnupg.

* Security: Remove pkgs aliases of gnuplot.

* Security: Remove pkgs aliases of gnutls.

* Security: Remove pkgs aliases of go.

* Security: Remove pkgs aliases of google-chrome.

* Security: Remove pkgs aliases of gpm.

* Security: Remove pkgs aliases of qt5.

* Security: Remove pkgs aliases of grub2.

* Security: Remove pkgs aliases of gtk.

* Security: Remove pkgs aliases of gtk-sharp.

* Security: Remove pkgs aliases of guile.

* Security: Remove pkgs aliases of hdf5.

* Security: Remove pkgs aliases of heyefi.

* Security: Remove pkgs aliases of hiphopvm.

* Security: Remove pkgs aliases of hplip.

* Security: Remove pkgs aliases of icedtea_web.

* Security: Remove pkgs aliases of imagemagick.

* Security: Remove pkgs aliases of iperf.

* Security: Remove pkgs aliases of ipfs.

* Security: Remove pkgs aliases of isl.

* Security: Remove pkgs aliases of jackmix.

* Security: Remove pkgs aliases of jdk & jre.

* Security: Remove pkgs aliases of kde4.

* Security: Remove pkgs aliases of kodi.

* Security: Remove pkgs aliases of lcms.

* Security: Remove pkgs aliases of ledger.

* Security: Remove pkgs aliases of libaudit.

* Security: Remove pkgs aliases of libav.

* Security: Remove pkgs aliases of libcanberra.

* Security: Remove pkgs aliases of libceph.

* Security: Remove pkgs aliases of libdbiDrivers.

* Security: Remove pkgs aliases of libdevil.

* Security: Remove pkgs aliases of liberation_ttf.

* Security: Remove pkgs aliases of libffado.

* Security: Remove pkgs aliases of libheimdal.

* Security: Remove pkgs aliases of libjack2.

* Security: Remove pkgs aliases of libjpeg.

* Security: Remove pkgs aliases of libkrb5.

* Security: Remove pkgs aliases of liblapack.

* Security: Remove pkgs aliases of liblrdf.

* Security: Remove pkgs aliases of libmusicbrainz.

* Security: Remove pkgs aliases of libnghttp2.

* Security: Remove pkgs aliases of libpng.

* Security: Remove pkgs aliases of librecad.

* Security: Remove pkgs aliases of libressl.

* Security: Remove pkgs aliases of libsysfs.

* Security: Remove pkgs aliases of libtool.

* Security: Remove pkgs aliases of libuv.

* Security: Remove pkgs aliases of libv4l.

* Security: Remove pkgs aliases of libwnck.

* Security: Remove pkgs aliases of libxfs.

* Security: Remove pkgs aliases of libxml2.

* Security: Remove pkgs aliases of lightdm.

* Security: Remove pkgs aliases of linuxHeaders.

* Security: Remove pkgs aliases of linux and linuxPackages.

* Security: Remove pkgs aliases of llvmPackages.

* Security: Remove pkgs aliases of llvm.

* Security: Remove pkgs aliases of love.

* Security: Remove pkgs aliases of lua.

* Security: Remove pkgs aliases of luaPackages.
2016-04-11 10:17:42 +01:00
joachifm
0ac9f3915a Merge pull request #14574 from Beauhurst/php_updates
PHP security updates
2016-04-11 11:03:00 +02:00
joachifm
e1e6b87569 Merge pull request #14582 from AndersonTorres/rxvt
rxvt: 2.6.4 -> 2.7.10
2016-04-11 10:58:26 +02:00
Dan Connolly
a4ce0e233b tortoisehg: 3.6 -> 3.7.1, fixes package
fixes #13507

On June 8 (e8655ee) tortoisehg changed the way
it computes the `/usr/share` directory in a way that
invalidated the assumptions behind the use
of substituteInPlace in postUnpack.
2016-04-11 10:35:31 +02:00
joachifm
9c484f29ce Merge pull request #14564 from valeriangalliat/shout/config
Shout: configure with attrs
2016-04-11 09:56:10 +02:00
joachifm
245f200dd8 Merge pull request #11987 from angus-g/caddy
Add Caddy and its NixOS module
2016-04-11 09:20:21 +02:00
Brian McKenna
d150fe8915 dockerTools: use pigz for final image tar
Saves a few seconds on large images.
2016-04-11 16:32:47 +10:00
Brian McKenna
ebb911cc0b dockerTools: remove tarballs functionality
I think the intention of this functionality was to provide a simple
alternative to the "runAsRoot" and "contents" attributes.

The implementation caused very slow builds of Docker images. Almost all
of the build time was spent in IO for tar, due to tarballs being
created, immediately extracted, then recreated. I had 30 minute builds
on some of my images which are now down to less than 2 minutes. A couple
of other users on #nix IRC have observed similar improvements.

The implementation also mutated the produced Docker layers without
changing their hashes. Using non-empty tarballs would produce images
which got cached incorrectly in Docker.

I have a commit which just fixes the performance problem but I opted to
completely remove the tarball feature after I found out that it didn't
correctly implement the Docker Image Specification due to the broken
hashing.
2016-04-11 16:32:43 +10:00
Nikolay Amiantov
052b9ec3b5 Merge commit 'refs/pull/14571/head' of git://github.com/NixOS/nixpkgs 2016-04-11 02:33:16 +03:00
Ricardo Ardissone
4e39ce7b79 liberal-crime-squad: init at 2016-03-03 2016-04-10 20:24:45 -03:00
AndersonTorres
f493fd06b5 rxvt: 2.6.4 -> 2.7.10 2016-04-10 20:00:36 -03:00
Tuomas Tynkkynen
3ef785eaa6 Merge pull request #14576 from ktosiek/partimage-patch-sha256
partimage: correct the patch SHA256
2016-04-10 23:40:17 +03:00
Charles Strahan
1659a4ead5 Merge pull request #14566 from cstrahan/ubuntu-fan-update
fan-networking: updated patches from Ubuntu
2016-04-10 16:26:03 -04:00
Charles Strahan
ad7b1e24c2 fan-networking: updated patches from Ubuntu
This pulls in updated Fan Networking patches from Ubuntu.
(https://wiki.ubuntu.com/FanNetworking)

closes #14328
2016-04-10 16:07:03 -04:00
aszlig
85832de2e8
nixos/taskserver: Remove client.cert option
The option is solely for debugging purposes (particularly the unit tests
of the project itself) and doesn't make sense to include it in the NixOS
module options.

If people want to use this, we might want to introduce another option so
that we can insert arbitrary configuration lines.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-10 21:37:12 +02:00
Christoph Hrdinka
cc1cef3abc pcsx2: disable advance SIMD instructions
By setting `-DDISABLE_ADVANCE_SIMD=TRUE` pcsx2 will be compiled with predefined
SIMD flags instead of `-march=native`. This makes the resulting binary more
portable. Further this seems to be needed to make pcsx2 compile with gcc5.
2016-04-10 20:54:32 +02:00
Robert Scott
d61b739f07 php: 5.6.19 -> 5.6.20 2016-04-10 18:41:57 +00:00
Tomasz Kontusz
789c281a62 partimage: correct the patch SHA256
It was using a hash for the file itself, instead of the one for a sanitized patch.
2016-04-10 20:41:42 +02:00
Luca Bruno
2b6eff6729 Merge pull request #14573 from NicolasPetton/totem-gst-libav
totem: build with gst-libav and gst-plugins-ugly
2016-04-10 20:23:21 +02:00
Joachim Fasting
52f0aa3f82 pure-ftpd: fix meta.license
There is no licenses.bsd. Consulting the source reveals that it
uses the language of the ISC license (which is supposed to be equivalent to
the simplified BSD license).
2016-04-10 19:48:01 +02:00
Nicolas Petton
f353f0de00 totem: build with gst-libav and gst-plugins-ugly 2016-04-10 19:06:37 +02:00
Luca Bruno
7e7a614aaa pure-ftpd: init at 1.0.42 2016-04-10 17:53:18 +02:00
aszlig
c1178f171c
nixos/xserver: Use null as default for dpi option
Commit 98d9bba introduced this option as a nullOr type and it actually
checks whether null has been set and only appends -dpi if that's the
case. So let's actually set the default to null instead of 0.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-10 17:46:17 +02:00
Valérian Galliat
b0d1eb4579 Shout: configure with attrs 2016-04-10 10:49:32 -04:00
Robert Scott
1773c53fcf php55: 5.5.33 -> 5.5.34 2016-04-10 14:45:35 +00:00
Joachim Fasting
9a55b76db1 mupen64plus: build with gcc49
Works around failure with gcc5, see
https://hydra.nixos.org/build/34273319/nixlog/1/raw
Not a real fix, but a working build is better than nothing ...

I have tested that the program at least runs: it fails to load a few
plugins, tho, have no idea to what extent that affects use
  Couldn't load plugin 'ricevideo.so':
  /nix/store/...-mupen64plus-1.5/share/mupen64plus/plugins/ricevideo.so:
  undefined symbol: glCombinerInputNV
  Couldn't load plugin 'glN64.so':
  /nix/store/...-mupen64plus-1.5/share/mupen64plus/plugins/glN64.so:
  undefined symbol: glCombinerInputNV
2016-04-10 15:50:23 +02:00
Aristid Breitkreuz
c34451ad88 Merge pull request #14557 from zimbatm/simpler-pr
Simplify contributing
2016-04-10 13:01:35 +02:00
joachifm
9bd758ab42 Merge pull request #14558 from joachifm/youtube-dl
youtube-dl: 2016.02.13 -> 2016.04.06
2016-04-10 12:48:15 +02:00
joachifm
1377335689 Merge pull request #14372 from joachifm/hidepid
nixos: add option to restrict process information to process owners
2016-04-10 12:44:17 +02:00
Joachim Fasting
cef2814a4f nixos: add optional process information hiding
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner.  The module adds a static group "proc"
whose members are exempt from process information hiding.

Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.

To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.

Thanks to @abbradar for feedback and suggestions.
2016-04-10 12:27:06 +02:00
joachifm
496a369805 Merge pull request #14561 from micxjo/update-botan
botanUnstable: 1.11.28 -> 1.11.29 (security)
2016-04-10 11:56:11 +02:00
joachifm
a310fd4662 Merge pull request #14563 from micxjo/update-sndfile
libsndfile: 1.0.25 -> 1.0.26 (security)
2016-04-10 11:51:47 +02:00
Vladimír Čunát
4fa9983ab2 Merge branch 'closure-size' (#7701) into staging 2016-04-10 11:37:43 +02:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Vladimír Čunát
50fccad582 Merge branch 'staging' into closure-size 2016-04-10 09:33:25 +02:00
Franz Pletz
2463e09173 virtinst: Fix cherry-pick merge 2016-04-10 01:26:45 +02:00
Robin Gloster
fe974894e2 virt-manager: remove sqlalchemy from (transitive) dependencies
Is not used according to source code
2016-04-10 01:21:46 +02:00
Franz Pletz
b667040c7c Merge pull request #14543 from groxxda/fix/minidlna
minidlna: logging via journalctl, use systemd runtimedirectory, install manpages
2016-04-10 01:14:48 +02:00