| Commit message (Collapse) | Author | Age |
|---|
| |
|
| |
Simple version bump.
|
| |\
| |
| | |
neo4j: update and fix JVM parameters in NixOS module
|
| | |
| |
| |
| | |
The options previously listed here were the defaults back in 2.1.x.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
gs was called at runtime, fix the execvp call.
The url changed to its own domain.
A little face-lift for the package code.
|
| | |
| |
| |
| | |
fixes #23098
|
| |\ \
| | |
| | | |
graylog: update + module plugin support
|
| | | | |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
dhparams module: initialize
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
Just tiny fixes for some rare circumstances.
https://lists.nic.cz/pipermail/knot-dns-users/2017-February/001066.html
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
When dhcpcd instead of networkd is used, the network-online.target behaved
the same as network.target, resulting in broken services that need a working
network connectivity when being started.
This commit makes dhcpcd wait for a lease and makes it wanted by
network-online.target. In turn, network-online.target is now wanted by
multi-user.target, so it will be activated at every boot.
|
| |\ \ \ \
| | | | |
| | | | | |
Revert "nixpkgs: allow packages to be marked insecure"
|
| |/ / / / |
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
nixpkgs: allow packages to be marked insecure
|
| | | | | |
| | | | |
| | | | |
| | | | | |
Patches currently available don't seem to apply.
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If a package's meta has `knownVulnerabilities`, like so:
stdenv.mkDerivation {
name = "foobar-1.2.3";
...
meta.knownVulnerabilities = [
"CVE-0000-00000: remote code execution"
"CVE-0000-00001: local privilege escalation"
];
}
and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:
error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.
Known issues:
- CVE-0000-00000: remote code execution
- CVE-0000-00001: local privilege escalation
You can install it anyway by whitelisting this package, using the
following methods:
a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
`nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
like so:
{
nixpkgs.config.permittedInsecurePackages = [
"foobar-1.2.3"
];
}
b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
‘foobar-1.2.3’ to `permittedInsecurePackages` in
~/.config/nixpkgs/config.nix, like so:
{
permittedInsecurePackages = [
"foobar-1.2.3"
];
}
Adding either of these configurations will permit this specific
version to be installed. A third option also exists:
NIXPKGS_ALLOW_INSECURE=1 nix-build ...
though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| | | | | | |
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
unifi: 5.2.9 -> 5.4.11
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Keeps the legacy version under attribute `ipaddr_p4`;
it is needed for OCaml < 4.02 and some libraries (eg `conduit`).
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Opus support was enabled since it didn't work in the past; I found it to be
working when I gave it a try now.
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This makes make-disk-image.nix slightly more consistent with other image
builders we have. Unfortunately I duplicated some code in doing so, but
this is temporary duplication on the path to consolidating everything.
See https://github.com/NixOS/nixpkgs/issues/23052 for more details on that.
I'm also exposing the option in the amazon-image.nix maintainer module.
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
from 1.5GB to 20mb
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
lynx: 2.8.8rel.2 -> 2.8.9dev.11
|
| | | |_|_|_|/
| |/| | | | |
|
| | | | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Broken in 628e6a8. Fixes #23083.
|
| |\ \ \ \ \ \
| | | | | | |
| | | | | | | |
gnome-shell, gnome-tweak-tool: Don't propagate python
|
| | | | | | | | |
|
| | | | | | | | |
|
| |\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
afio: init at 2.5.1
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Philipp Gesang <phg@phi-gamma.net>
|