ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2025-01-01 16:34:15 +03:00
Code Issues Projects Releases Wiki Activity

nixos/gitea: fix commit signing (gpg) core dump

Browse Source 
Gitea spawns `gpg` processes for commit signing related actions.
Those `gpg` processes need `mlock` (probably to prevent secrets
in the memory to swap).
Blocking it (as part of the `@memlock` preset) causes any
commit signing related actions to error out as http/500
This commit is contained in:
IndeedNotJames 2023-03-01 23:44:21 +01:00
parent 249f6c4c1d
commit 93c1d370db
No known key found for this signature in database
GPG Key ID: 0AD773CE46FD0F87
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/services/misc/gitea.nix
View File

@ -597,7 +597,7 @@ in
PrivateMounts = true; PrivateMounts = true;
# System Call Filtering # System Call Filtering
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @memlock @module @mount @obsolete @raw-io @reboot @setuid @swap"; SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
}; };
environment = { environment = {