gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
191,950 Commits 9 Branches 0 Tags
ed54a5b51dc9542df94f70b25a13d86d1f494e64
Commit Graph

41 Commits

Author SHA1 Message Date
Linus Heckemann
45981145ad nixos/wrappers: remove outdated upgrade code 
As mentioned in the code comments themselves, this was only necessary
for 16.09 -> 17.03 and as such is obsolete.
 2018-10-21 15:12:36 +02:00
Ben Gamari
b2cbffae64 nixos/security-wrapper: Fix cross-compilation 2018-01-09 11:25:19 -05:00
Michael Weiss
351f5fc585 fuse3: init at 3.1.1 
This includes fuse-common (fusePackages.fuse_3.common) as recommended by
upstream. But while fuse(2) and fuse3 would normally depend on
fuse-common we can't do that in nixpkgs while fuse-common is just
another output from the fuse3 multiple-output derivation (i.e. this
would result in a circular dependency). To avoid building fuse3 twice I
decided it would be best to copy the shared files (i.e. the ones
provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and
avoid collision warnings by defining priorities. Now it should be
possible to install an arbitrary combination of "fuse", "fuse3", and
"fuse-common" without getting any collision warnings. The end result
should be the same and all changes should be backwards compatible
(assuming that mount.fuse from fuse3 is backwards compatible as stated
by upstream [0] - if not this might break some /etc/fstab definitions
but that should be very unlikely).

My tests with sshfs (version 2 and 3) didn't show any problems.

See #28409 for some additional information.

[0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
 2017-09-21 23:59:46 +02:00
tv
ea44ca47f3 security-wrapper: run activation script after specialfs 
Ensures that parentWrapperDir exists before it is used.

Closes #26851
 2017-06-26 09:26:16 +02:00
Parnell Springmeyer
5ca644c228 Fixing attribute name mistake: setguid => setgid 2017-06-15 19:25:43 -07:00
Robin Gloster
e82baf043e security-wrapper: link old wrapper dir to new one 
This makes setuid wrappers not fail after upgrading.

references #23641, #22914, #19862, #16654
 2017-03-23 15:57:30 +01:00
Robin Gloster
45f486f096 Revert "security-wrapper: Don't remove the old paths yet as that can create migration pain" 
This reverts commit 4c751ced37.

This does not fix the issue as /run is now mounted with nosuid.
 2017-03-23 15:57:23 +01:00
Parnell Springmeyer
4c751ced37 security-wrapper: Don't remove the old paths yet as that can create migration pain 2017-03-08 08:57:52 -06:00
Nikolay Amiantov
2cc4703a2d wrappers service: make /run/wrappers a mountpoint 
Also remove some compatibility code because the directory in question would be
shadowed by a mountpoint anyway.
 2017-02-21 12:13:35 +03:00
Robin Gloster
070825d443 setcapWrapper: add support for setting permissions 2017-02-17 15:42:54 +01:00
Bjørn Forsman
ce0a52f9bf nixos/security.wrappers: improve documentation 
* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
  IMHO)
 2017-02-15 20:05:27 +01:00
Bjørn Forsman
f9cb2b5640 nixos/security.wrappers: use literalExample in documentation 
It's much more readable when the example attrset is pretty printed
instead of written as one line.
 2017-02-15 09:08:41 +01:00
Bjørn Forsman
448acd8e5e nixos: remove remaining reference to setuidPrograms 
The option doesn't exist anymore.
 2017-02-15 07:25:33 +01:00
Parnell Springmeyer
1f83f1c878 security-wrapper: Wrap <para> tags in a <note> tag 2017-02-14 21:30:04 -06:00
Parnell Springmeyer
69794e333a Using para tags for manual formatting 2017-02-14 08:53:30 -06:00
Parnell Springmeyer
794b3721bc Syntax wibble 2017-02-14 08:42:08 -06:00
Parnell Springmeyer
e856d6efe8 Default should be to set owner and group to root on setcap wrappers too 2017-02-14 08:40:12 -06:00
Parnell Springmeyer
c01689f8da Fixing ref to old-wrappersDir 2017-02-14 08:33:07 -06:00
Parnell Springmeyer
f8b8c353ff Simplifying the wrapper program derivation 2017-02-14 08:27:40 -06:00
Parnell Springmeyer
ba499e3aa0 Removing unused module option old-wrapperDir 2017-02-14 07:30:21 -06:00
Parnell Springmeyer
a27f35993d Derp, correctly write the source program's path 2017-02-13 18:28:13 -06:00
Parnell Springmeyer
cca2e11556 Resurrecting the single-wrapper read from sibling .real file behavior 2017-02-13 18:03:06 -06:00
Parnell Springmeyer
d8ecd5eb0d Switching to individually generated derivations 2017-01-30 12:26:56 -06:00
Parnell Springmeyer
264db4e309 Set merge + mkIf always surprises me 2017-01-29 17:10:32 -06:00
Parnell Springmeyer
f2f3f1479e Derp, wrong path name 2017-01-29 16:54:27 -06:00
Parnell Springmeyer
0f728de67e More migration cleanup + todos for cleanup 2017-01-29 16:52:23 -06:00
Parnell Springmeyer
4856b42ab6 Gotta provide sane defaults! This is what I get for 5AM coding 2017-01-29 16:47:14 -06:00
Parnell Springmeyer
628e6a83d0 More derp 2017-01-29 05:33:56 -06:00
Parnell Springmeyer
70b8167d4a A few more tweaks 2017-01-29 05:05:30 -06:00
Parnell Springmeyer
4aa0923009 Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
af3b9a3d46 More wibbles? 2017-01-29 01:41:39 -06:00
Parnell Springmeyer
48564d1ae5 Another wibble 2017-01-29 01:31:33 -06:00
Parnell Springmeyer
5077699605 Derp derp 2017-01-29 01:27:11 -06:00
Parnell Springmeyer
0707a3eaa2 Qualify with lib 2017-01-29 01:23:10 -06:00
Parnell Springmeyer
8e159b9d1e Qualify mkOption with lib 2017-01-29 01:22:47 -06:00
Parnell Springmeyer
70ec24093c Removing dead code 2017-01-29 01:22:19 -06:00
Parnell Springmeyer
82de4c0fad setcap-wrapper: Syntax wibble 2017-01-29 01:20:02 -06:00
Parnell Springmeyer
7680a40a37 setcap-wrapper: Syntax wibble 2017-01-29 01:16:04 -06:00
Parnell Springmeyer
2f113ee90a setcap-wrapper: Minor refactor 2017-01-29 01:08:36 -06:00
Parnell Springmeyer
3fe7b1a4c9 setcap-wrapper: Addressing more PR feedback, unifying drvs, and cleaning up a bit 2017-01-29 01:07:12 -06:00
Parnell Springmeyer
e92b8402b0 Addressing PR feedback 2017-01-28 20:48:03 -08:00