Commit Graph

11 Commits

Author SHA1 Message Date
Franz Pletz
e32352fd97
nixpkgs manual: unfree packages are untested
Resolves confusion mentioned in #31045.
2017-11-01 22:34:56 +01:00
Graham Christensen
6504df6732 Merge pull request #25955 from matthewbauer/nixpkgs-manual-declarative-package-management
manual: add "declarative package management" section
2017-07-16 16:50:14 -04:00
Jan Tojnar
e35f3c0679
doc: Fix some typos 2017-06-11 22:13:42 +02:00
Matthew Bauer
0bbbdfbc52
manual: add "declarative package management" section
This section gives some details on how to setup an "environment"
without having to go through NixOS (although it could be used there
too). I’ve tried to make it straightforward and have a kind of
"tutorial" feel. Not sure if that’s appropriate for the manual, so any
recommended changes would be helpful.
2017-05-20 22:25:05 -05:00
Vladimír Čunát
a50222b1a3
doc/configuration: tidy up text around #23130 changes 2017-02-26 10:32:59 +01:00
Graham Christensen
a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Eelco Dolstra
9d6a55aefd
~/.nixpkgs -> ~/.config/nixpkgs
The former is still respected as a fallback for config.nix for
backwards compatibility (but not for overlays because they're a new
feature).
2017-02-01 16:07:55 +01:00
Théo Zimmermann
24b715d16d nixpkgs manual: more extensible example (#15557)
By checking if the package name appears in a list, this new example allows for easy user-customization.
2016-05-23 11:02:46 +01:00
Vladimír Čunát
4ca2332bac nixpkgs manual: fix typo in filename 2016-02-17 10:52:42 +01:00
Eelco Dolstra
6bd0519918 Manual: Fix indent of config section 2015-12-10 16:06:12 +01:00
Eelco Dolstra
e115e3fd76 Manual: Rename file 2015-12-10 16:06:12 +01:00