Commit graph

88624 commits

Author SHA1 Message Date
Matthew Bauer
f541715057 gnustep: fix gdomap service
This gets rid of the rest of the pidfile stuff and makes gdomap just act
like a normal systemd process. Also reword "enable" option.
2016-08-16 21:11:06 +00:00
Matthew Bauer
08ce2d9d40 gnustep: remove gdnc service
gdnc is a user process and can't be made into a NixOS module very
easily. It can still be put in the user's login script. According to the
GNUstep documentation it will be started as soon as it is needed.
2016-08-16 21:11:05 +00:00
Matthew Bauer
5ea9bd0920 gnustep: fix naming of gnustep stuff
This should fix the NixOS issues.
2016-08-16 21:11:05 +00:00
Matthew Bauer
387d5e07fd gnustep: remove unneeded lines in patches
There were alot of unnecessary "Only In" lines that were left in the
patch files. This should remove all of them.
2016-08-16 21:11:05 +00:00
Matthew Bauer
4ebfc31388 gnustep: add alias for old gnustep-make 2016-08-16 21:11:05 +00:00
Matthew Bauer
0e58029488 gnustep: update to latest upstream versions
back, base, gorm, gui, gworkspace, and make were updated. xcode was
removed because it's not building correctly.
2016-08-16 21:11:05 +00:00
Matthew Bauer
1e663df66c gnustep: provide default meta
Meta data like maintainers, license, and homepage is shared throughout the
"gnustep" project. Everything going through "gsmakeDerivation" now
shares overridable metadata.
2016-08-16 21:11:05 +00:00
Matthew Bauer
c3974455eb gnustep: rescope everything into one folder
This should make merge conflicts easier to
handle. "gnustep" prefix has been removed to
make thing simpler. So "gnustep_make" is now
"make" within the gnustep scope.
2016-08-16 21:10:54 +00:00
Artyom Shalkhakov
697982b91b gnustep: fix gdnc, gdomap
Both gdnc and gdomap seem to work.
2016-08-16 21:00:31 +00:00
Artyom Shalkhakov
d3d580ebbe gnustep: cleanup
Major clean-up. Everything builds fine.
2016-08-16 21:00:27 +00:00
Artyom Shalkhakov
9b17cd8fab gnustep: add nixos deamons
Adding basic daemons: gdomap and gdnc. It seems that GWorkspace
does is unable to work properly without the daemons.
2016-08-16 21:00:21 +00:00
Artyom Shalkhakov
cf79db3549 gnustep: fix gworkspace
Minor fix: just to make GWorkspace buildable as it is.
2016-08-16 21:00:13 +00:00
Artyom Shalkhakov
15c5a533b5 gnustep: add gworkspace and systempreferences
Packaging some basic GNUstep apps: GWorkspace and SystemPreferences.

Unfortunately, GWorkspace doesn't work well, because gdomap, gdnc, gpbs
are not started. Also, there is some issue with fonts not being found.
2016-08-16 20:59:58 +00:00
Artyom Shalkhakov
ea3dcb3264 gnustep: add setup hook for make
Adding a setup-hook for gnustep-make.
2016-08-16 20:59:50 +00:00
Artyom Shalkhakov
4cbeef463c gnustep: use gnustep_builder
Built ProjectCenter and Gorm with the new gnustep_builder. Had to go
back and fix a few things.
2016-08-16 20:59:36 +00:00
Artyom Shalkhakov
d39e5372dc gnustep: cleanup
Cleaning up. Adding GNUstep package builder for abstracting out GNUstep
compilation specifics (with thanks to GitHub user lethalman).

The rules for using build_gnustep_package are as simple: any
GNUstep-based package that the package being compiled depends upon are
to be put in [deps] (this is used for setting up a buildEnv), while
other dependencies are put into [buildInputs] as usual.
2016-08-16 20:59:30 +00:00
Artyom Shalkhakov
5db3f3ee61 gnustep: remove gnustep-startup
Removing gnustep-startup (not needed anymore). Adding Gorm and
ProjectCenter applications (these mostly work, provided the environment
is set up manually).
2016-08-16 20:59:23 +00:00
Artyom Shalkhakov
52d17a5f41 gnustep: packageg libs separately
Packing gnustep libs separately, with no use of gnustep-startup. Also,
fixed a bug in WindowMaker package (some imaging dependencies were not supplied).
2016-08-16 20:59:08 +00:00
Artyom Shalkhakov
a28c729766 gnustep: init
Adding new library: gnustep-startup, which packages the core
libraries necessary for GNUstep: gnustep-make, gnustep-base,
gnustep-gui, gnustep-backend.
2016-08-16 20:58:57 +00:00
Franz Pletz
2709079569 postgresql: security updates for all versions
Fixes CVE-2016-5423 and CVE-2016-5424.

See https://www.postgresql.org/about/news/1688/.
2016-08-16 18:35:22 +02:00
Joachim Fasting
d82ddd6dc0
grsecurity: 4.7-201608131240 -> 4.7-201608151842 2016-08-16 17:50:37 +02:00
Joachim Fasting
b1cceeda84
grsecurity: enable pax size overflow plugin 2016-08-16 17:50:36 +02:00
Joachim Fasting
3fcb9e6f57
grsecurity: support non-enforcing mode
Until we've made sure that most things actually work out of the box, we
need to give people a way of continuing to use the system without
completely disabling grsecurity.

Set sysctl kernel.pax.softmode=1 or boot with pax.softmode=1
2016-08-16 17:50:36 +02:00
Domen Kožar
bab8a2ebe3 netboot: prepare for https://github.com/NixOS/nixos-channel-scripts/issues/6 2016-08-16 17:27:11 +02:00
Eelco Dolstra
859157c36b Merge pull request #17779 from obadz/make-disk-image
nixos/lib/make-disk-image: refactor to use nixos-install
2016-08-16 16:44:12 +02:00
obadz
24f8cf08cc nixos/lib/make-disk-image: refactor to use nixos-install
- Replace hand-rolled version of nixos-install in make-disk-image by an
  actual call to nixos-install
- Required a few cleanups of nixos-install
- nixos-install invokes an activation script which the hand-rolled version
  in make-disk-image did not do. We remove /etc/machine-id as that's
  a host-specific, impure, output of the activation script

Testing:

nix-build '<nixpkgs/nixos/release.nix>' -A tests.installer.simple passes

Also tried generating an image with:

nix-build -E 'let
    pkgs = import <nixpkgs> {};
    lib = pkgs.lib;
    nixos = import <nixpkgs/nixos> {
      configuration = {
        fileSystems."/".device = "/dev/disk/by-label/nixos";
        boot.loader.grub.devices = [ "/dev/sda" ];
        boot.loader.grub.extraEntries = '"''"'
          menuentry "Ubuntu" {
             insmod ext2
             search --set=root --label ubuntu
             configfile /boot/grub/grub.cfg
          }
        '"''"';
      };
    };
  in import <nixpkgs/nixos/lib/make-disk-image.nix> {
    inherit pkgs lib;
    config = nixos.config;
    diskSize = 2000;
    partitioned = false;
    installBootLoader = false;
  }'

Then installed the image:
$ sudo df if=./result/nixos.img of=/dev/sdaX bs=1M
$ sudo resize2fs /dev/disk/by-label/nixos
$ sudo mount /dev/disk/by-label/nixos /mnt
$ sudo mount --rbind /proc /mnt/proc
$ sudo mount --rbind /dev /mnt/dev
$ sudo chroot /mnt /nix/var/nix/profiles/system/bin/switch-to-configuration boot

[ … optionally do something about passwords … ]

and successfully rebooted to that image.

Was doing all this from inside a Ubuntu VM with a single user nix install.
2016-08-16 15:31:16 +01:00
Joachim F
4d1d37014a Merge pull request #17718 from matthewbauer/patch-7
travis: build stdenv also
2016-08-16 15:06:35 +02:00
Franz Pletz
35654b7fc1 Merge pull request #17743 from mayflower/service/mattermost 2016-08-16 14:54:25 +02:00
Eelco Dolstra
38f306f492 Merge pull request #17768 from obadz/nixos-install
nixos-install: cleanups & improvements to run on non-NixOS systems
2016-08-16 13:31:50 +02:00
Eelco Dolstra
16b0724efe Merge pull request #17772 from nathan7/protobuf-3.0.0
protobuf: 3.0.0-beta-3.1 -> 3.0.0
2016-08-16 12:47:41 +02:00
Nathan Zadoks
874e90fd66 protobuf: 3.0.0-beta-3.1 -> 3.0.0 2016-08-16 12:09:36 +02:00
Frederik Rietdijk
6d75bf842b mercurial: pass in pythonPackages 2016-08-16 11:48:09 +02:00
Frederik Rietdijk
888efed972 Doc: fix python examples 2016-08-16 09:47:13 +02:00
Josef Kemetmüller
24ab0460a9 armadillo: Fix failing build (#17764)
The upgrade of cmake to v3.6.0 broke this build. HDF5 now can
only be found if hdf5-cpp is used as buildInput.
However the upgrade made it possible to remove a patch:
CMake can now find openblas on its own.
2016-08-16 06:29:15 +00:00
obadz
806e88c137 nixos-install: cleanups & improvements to run on non-NixOS systems
- Fix --no-bootloader which didn't do what it advertised
- Hardcode nixbld GID so that systems which do not have a nixbld user
  can still run nixos-install (only with --closure since they can't
  build anything)
- Cleanup: get rid of NIX_CONF_DIR(=/tmp)/nix.conf and pass arguments instead
- Cleanup: don't assume that the target system has '<nixpkgs/nixos>' or
  '<nixos-config>' to see if config.users.mutableUsers. Instead check if
  /var/setuid-wrappers/passwd is there

Installing NixOS now works from a Ubuntu host (using --closure).

nix-build -A tests.installer.simple '<nixpkgs/nixos/release.nix>' succeeds ✓
2016-08-16 02:47:49 +01:00
obadz
1759825b34 nixos/tests/ecryptfs: placate some commands causing many builds failure
These commands shouldn't have to be here in the first place as ecryptfs
homes should be automatically unmounted during logoff.
2016-08-16 02:47:08 +01:00
Shea Levy
9adad8612b Revert "Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs"
Was meant to go into staging, sorry

This reverts commit 57b2d1e9b0, reversing
changes made to 760b2b9048.
2016-08-15 19:05:52 -04:00
Shea Levy
57b2d1e9b0 Merge branch 'modprobe-fix' of git://github.com/abbradar/nixpkgs 2016-08-15 19:01:44 -04:00
Nikolay Amiantov
b067b53011 networkmanager098: fix binary paths 2016-08-16 00:19:26 +03:00
Nikolay Amiantov
cd05a8ed00 networkmanager: point to kmod's modprobe 2016-08-16 00:19:26 +03:00
Nikolay Amiantov
1f63958772 nixos treewide: don't set MODULE_DIR 2016-08-16 00:19:25 +03:00
Nikolay Amiantov
b2ebecd9e5 modprobe service: drop kmod wrapper 2016-08-16 00:19:25 +03:00
Nikolay Amiantov
1afd250676 treewide: replace several /sbin paths by /bin 2016-08-16 00:19:25 +03:00
Nikolay Amiantov
131fca0a85 kmod: add patch to allow searching for modules in several directories 2016-08-16 00:19:25 +03:00
obadz
760b2b9048 nixos/make-disk-image: add ability to defer bootloader install until image has been flashed 2016-08-15 20:01:55 +01:00
Joachim Fasting
f9c3076e58
grsecurity docs: mention chromium setuid sandbox 2016-08-15 20:36:47 +02:00
Joachim Fasting
050b7eec16
grsecurity module: systemd-nspawn requires cap_sys_admin
As with 9ca3504a798291fbd7c49fcfeec8b64daa2022ad

Closes https://github.com/NixOS/nixpkgs/issues/17714
2016-08-15 20:36:47 +02:00
Joachim Fasting
7fd99066c4
grsecurity module: permit chmod +s in sandboxed builds
While useless, some builds may dabble with setuid bits (e.g.,
util-linux), which breaks under grsec.  In the interest of user
friendliness, we once again compromise by disabling an otherwise useful
feature ...

Closes https://github.com/NixOS/nixpkgs/issues/17501
2016-08-15 20:36:47 +02:00
Joachim Fasting
9062c67914
grsecurity: 4.6.5-201607312210 -> 4.7-201608131240 2016-08-15 20:36:46 +02:00
Joachim Fasting
567640d80c
grsecurity docs: add note about user namespaces 2016-08-15 20:36:46 +02:00