Commit graph

12 commits

Author SHA1 Message Date
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Christian Kauhaus
0c0f068f35
cron: fix crontab(5) and cron job PATH
Switch off HAVE_SAVED_UIDS since it activates a code path for temporary
privilege dropping which does not work on NixOS.

Vixie-cron's sources ship with two implementations. Unfortunately, the
one activated by HAVE_SAVED_UIDS (using setuid()) does not work on
NixOS. Saved UIDs work only if the program which is using them has the
setuid bit set on its own executable, not if called from a setuid
wrapper (as we do it in NixOS). The other implementation (using
setreuid()) works without problems.

Quote from
<http://stackoverflow.com/questions/8499296/realuid-saved-uid-effective-uid-whats-going-on>:

    If you're euid is root and you change the uid, the privileges gets
    dropped permanently.If effective user id is not root then saved user
    id is never touched and you can regain the root privilege back
    anytime you want in your program.

Also extend the default PATH with NixOS-specific bin directories as
vixie-cron's default is not really usable on NixOS.

Re #16518

Closes #16522
2016-07-02 00:09:07 +02:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Robin Gloster
87e64f153b cron: enable pie hardening 2016-02-26 17:27:28 +00:00
Eelco Dolstra
2ed5c2bd6b Set some meta.platforms
Also fix meta.platform -> meta.platforms in a few places.
2015-03-20 20:04:42 +01:00
Longrin Wischnewski
6e7de2155b change md5sum to sha256sum for a few packages 2014-10-12 16:13:21 +02:00
Bjørn Forsman
c9baba9212 Fix many package descriptions
(My OCD kicked in today...)

Remove repeated package names, capitalize first word, remove trailing
periods and move overlong descriptions to longDescription.

I also simplified some descriptions as well, when they were particularly
long or technical, often based on Arch Linux' package descriptions.

I've tried to stay away from generated expressions (and I think I
succeeded).

Some specifics worth mentioning:
 * cron, has "Vixie Cron" in its description. The "Vixie" part is not
   mentioned anywhere else. I kept it in a parenthesis at the end of the
   description.

 * ctags description started with "Exuberant Ctags ...", and the
   "exuberant" part is not mentioned elsewhere. Kept it in a parenthesis
   at the end of description.

 * nix has the description "The Nix Deployment System". Since that
   doesn't really say much what it is/does (especially after removing
   the package name!), I changed that to "Powerful package manager that
   makes package management reliable and reproducible" (borrowed from
   nixos.org).

 * Tons of "GNU Foo, Foo is a [the important bits]" descriptions
   is changed to just [the important bits]. If the package name doesn't
   contain GNU I don't think it's needed to say it in the description
   either.
2014-08-24 22:31:37 +02:00
Eelco Dolstra
c556a6ea46 * "ensureDir" -> "mkdir -p". "ensureDir" is a rather pointless
function, so obsolete it.

svn path=/nixpkgs/branches/stdenv-updates/; revision=31644
2012-01-18 20:16:00 +00:00
Lluís Batlle i Rossell
710f6c165b Making the vixie cron have a configurable sendmail path (for nixos)
svn path=/nixpkgs/trunk/; revision=24196
2010-10-10 11:07:15 +00:00
Eelco Dolstra
cee9051b7c * Get rid of $findUnpacker, it's pointless anyway.
* Pass the source file to $unpackCmd via $curSrc.

svn path=/nixpkgs/trunk/; revision=12748
2008-08-27 15:22:33 +00:00
Michael Raskin
2a087141cb Ported replace renaming to replace-literal to avoid conflict with MySQL package supplying own tool with name replace.
svn path=/nixpkgs/branches/stdenv-updates/; revision=10704
2008-02-15 11:14:40 +00:00
Eelco Dolstra
2f7c9b8fe2 * Added cron.
svn path=/nixpkgs/trunk/; revision=7618
2007-01-10 15:44:58 +00:00