jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
104,941 Commits 266 Branches 122 Tags 5.3 GiB
bd0163fc34
Commit Graph

318 Commits

Author SHA1 Message Date
Niklas Hambüchen
ee0f3e7ad9 acme: Use chown -R for challenges directory. Fixes #24529. 
Commit 75f131da02c00027b9a8240fb74d117cb0f9d9cf added
`chown 'nginx:nginx' '/var/lib/acme'` to the pre-start script,
but since it doesn't use `chown -R`, it is possible that there
are older existing subdirs (like `acme-challenge`)
that are owned to `root` from before that commit went it.
 2017-04-01 15:22:01 +02:00
Robin Gloster
e82baf043e
security-wrapper: link old wrapper dir to new one 
This makes setuid wrappers not fail after upgrading.

references #23641, #22914, #19862, #16654
 2017-03-23 15:57:30 +01:00
Robin Gloster
45f486f096
Revert "security-wrapper: Don't remove the old paths yet as that can create migration pain" 
This reverts commit 4c751ced376e0042ddd4f2aa8bd40754b9ea8926.

This does not fix the issue as /run is now mounted with nosuid.
 2017-03-23 15:57:23 +01:00
Robin Gloster
f2ff646e59 Merge pull request #23641 from awakenetworks/parnell/fix-wrapper-migration 
security-wrapper: Don't remove the old paths yet as that can create migration pain
 2017-03-21 13:40:15 +01:00
Franz Pletz
fb50cde71e
nixos/treewide: systemd.time is in manvolume 7 
cc #23396
 2017-03-21 08:28:53 +01:00
Franz Pletz
9536169074
nixos/treewide: remove boolean examples for options 
They contain no useful information and increase the length of the
autogenerated options documentation.

See discussion in #18816.
 2017-03-17 23:36:19 +01:00
Léo Gaspard
66e54f25a1 dhparams module: condition on enable option (#23661) 
Hence, the init/cleanup service only runs when the dhparams module is enabled.
 2017-03-17 01:56:13 +01:00
zetok
4ca17dd6c0 gresecurity docs: fix incorrect option (#23789) 2017-03-12 15:05:14 +01:00
Parnell Springmeyer
4c751ced37
security-wrapper: Don't remove the old paths yet as that can create migration pain 2017-03-08 08:57:52 -06:00
Jesper Geertsen Jonsson
056e57678d
grsecurity docs: fix syntax and indentation errors 
Closes https://github.com/NixOS/nixpkgs/pull/23515
 2017-03-05 16:05:43 +01:00
Thomas Tuegel
8eb4d2afbc
Remove top-level kde5 attribute 
- There is no such thing as KDE 5
 2017-02-27 11:49:10 -06:00
Robin Gloster
940492cef5 Merge pull request #22634 from Ekleog/dhparams 
dhparams module: initialize
 2017-02-23 17:16:04 +01:00
Vladimír Čunát
4509487e82
nixos polkit: fixup setuid wrapper of pkexec 
Broken in 628e6a8.  Fixes #23083.
 2017-02-22 23:04:21 +01:00
Nikolay Amiantov
2cc4703a2d wrappers service: make /run/wrappers a mountpoint 
Also remove some compatibility code because the directory in question would be
shadowed by a mountpoint anyway.
 2017-02-21 12:13:35 +03:00
Robin Gloster
12b4556642 Merge pull request #22882 from bjornfor/wireshark 
nixos: add programs.wireshark option
 2017-02-20 14:03:30 +01:00
Joachim F
6dbe55ca68 Merge pull request #20456 from ericsagnes/feat/loaf-dep-1 
Use attrsOf in place of loaOf when relevant
 2017-02-19 15:49:25 +01:00
Léo Gaspard
e2c78910d1
dhparams module: initialize 2017-02-18 00:07:03 +01:00
Robin Gloster
070825d443
setcapWrapper: add support for setting permissions 2017-02-17 15:42:54 +01:00
Benjamin Staffin
463e90273f pam: add optional pam_kwallet5 integration 2017-02-16 02:26:42 -05:00
Bjørn Forsman
ce0a52f9bf nixos/security.wrappers: improve documentation 
* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
  IMHO)
 2017-02-15 20:05:27 +01:00
Bjørn Forsman
f9cb2b5640 nixos/security.wrappers: use literalExample in documentation 
It's much more readable when the example attrset is pretty printed
instead of written as one line.
 2017-02-15 09:08:41 +01:00
Bjørn Forsman
448acd8e5e nixos: remove remaining reference to setuidPrograms 
The option doesn't exist anymore.
 2017-02-15 07:25:33 +01:00
Parnell Springmeyer
1f83f1c878
security-wrapper: Wrap <para> tags in a <note> tag 2017-02-14 21:30:04 -06:00
Parnell Springmeyer
69794e333a
Using para tags for manual formatting 2017-02-14 08:53:30 -06:00
Parnell Springmeyer
794b3721bc
Syntax wibble 2017-02-14 08:42:08 -06:00
Parnell Springmeyer
e856d6efe8
Default should be to set owner and group to root on setcap wrappers too 2017-02-14 08:40:12 -06:00
Parnell Springmeyer
c01689f8da
Fixing ref to old-wrappersDir 2017-02-14 08:33:07 -06:00
Parnell Springmeyer
f8b8c353ff
Simplifying the wrapper program derivation 2017-02-14 08:27:40 -06:00
Parnell Springmeyer
fb6d13c01a
Addressing feedback and fixing a bug 2017-02-14 07:38:45 -06:00
Parnell Springmeyer
ba499e3aa0
Removing unused module option old-wrapperDir 2017-02-14 07:30:21 -06:00
Parnell Springmeyer
a27f35993d
Derp, correctly write the source program's path 2017-02-13 18:28:13 -06:00
Parnell Springmeyer
cca2e11556
Resurrecting the single-wrapper read from sibling .real file behavior 2017-02-13 18:03:06 -06:00
Parnell Springmeyer
9e36a58649
Merging against upstream master 2017-02-13 17:16:28 -06:00
Graham Christensen
96d767de62
pam_oath: require OATH and pam_unix credentials to be valid 2017-02-12 18:27:11 -05:00
Joachim Fasting
0c31286f75
grsecurity docs: some polish 
Fix minor formatting issues, excessive punctuation, and also some
improved wording.
 2017-02-03 18:47:07 +01:00
Parnell Springmeyer
128bdac94f
Conditionally logging debug messages based on the WRAPPER_DEBUG env var being set (or not) 2017-01-30 12:59:29 -06:00
Parnell Springmeyer
d8ecd5eb0d
Switching to individually generated derivations 2017-01-30 12:26:56 -06:00
Parnell Springmeyer
264db4e309
Set merge + mkIf always surprises me 2017-01-29 17:10:32 -06:00
Parnell Springmeyer
f2f3f1479e
Derp, wrong path name 2017-01-29 16:54:27 -06:00
Parnell Springmeyer
0f728de67e
More migration cleanup + todos for cleanup 2017-01-29 16:52:23 -06:00
Parnell Springmeyer
4856b42ab6
Gotta provide sane defaults! This is what I get for 5AM coding 2017-01-29 16:47:14 -06:00
Parnell Springmeyer
cfe4351c33
I'm clearly very tired 2017-01-29 05:39:54 -06:00
Parnell Springmeyer
1cc500ea8e
Syntax wibble 2017-01-29 05:34:50 -06:00
Parnell Springmeyer
628e6a83d0
More derp 2017-01-29 05:33:56 -06:00
Parnell Springmeyer
70b8167d4a
A few more tweaks 2017-01-29 05:05:30 -06:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
af3b9a3d46
More wibbles? 2017-01-29 01:41:39 -06:00
Parnell Springmeyer
48564d1ae5
Another wibble 2017-01-29 01:31:33 -06:00
Parnell Springmeyer
5077699605
Derp derp 2017-01-29 01:27:11 -06:00
Parnell Springmeyer
0707a3eaa2
Qualify with lib 2017-01-29 01:23:10 -06:00