ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-21 04:28:40 +03:00
Code Issues Projects Releases Wiki Activity
518,566 Commits 96 Branches 102 Tags 4.3 GiB
1bdbc0b0fe
Commit Graph

518566 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Obryk
1bdbc0b0fe nixos/security/wrappers: stop using .real files 
Before this change it was crucial that nonprivileged users are unable to
create hardlinks to SUID wrappers, lest they be able to provide a
different `.real` file alongside. That was ensured by not providing a
location writable to them in the /run/wrappers tmpfs, (unless
disabled) by the fs.protected_hardlinks=1 sysctl, and by the explicit
own-path check in the wrapper. After this change, ensuring
that property is no longer important, and the check is most likely
redundant.

The simplification of expectations of the wrapper will make it
easier to remove some of the assertions in the wrapper (which currently
cause the wrapper to fail in no_new_privs environments, instead of
executing the target with non-elevated privileges).

Note that wrappers had to be copied (not symlinked) into /run/wrappers
due to the SUID/capability bits, and they couldn't be hard/softlinks of
each other due to those bits potentially differing. Thus, this change
doesn't increase the amount of memory used by /run/wrappers.

This change removes part of the test that is obsoleted by the removal of
`.real` files.
 2023-08-27 14:10:36 +02:00
Robert Obryk
44fde723be nixos/security/wrappers: generate a separate and more complete apparmor policy fragment for each wrapper 
This change includes some stuff (e.g. reading of the `.real` file,
execution of the wrapper's target) that belongs to the apparmor policy
of the wrapper. This necessitates making them distinct for each wrapper.
The main reason for this change is as a preparation for making each
wrapper be a distinct binary.
 2023-08-27 14:10:07 +02:00
Robert Obryk
c0e607da61 nixos/tests/wrappers: test apparmor configuration 
Wrappers generate pieces of apparmor policies for inclusion, which are
used only in a single place in nixpkgs, for `ping`. They are built only
if apparmor is enabled.

This change causes the test to test:
 - that the apparmor includes can be generated,
 - that `ping` works with apparmor enabled (as the only policy that
   references these includes).

Ideally there would be some other NixOS test that verifies that `ping`
specifically works. Sadly, there isn't one.
 2023-08-27 14:09:57 +02:00
Franz Pletz
94d494b2f6
Merge pull request #246851 from anund/noson-pulse 
noson: fix pulse audio streaming support
 2023-08-25 20:14:46 +02:00
Matthias Beyer
fa5a83c687
Merge pull request #251417 from fabaff/adax-bump 
python311Packages.adax: 0.2.0 -> 0.3.0
 2023-08-25 20:14:16 +02:00
Franz Pletz
fb6f1934a2
Merge pull request #248040 from felschr/tor-browser-malloc 
tor-browser-bundle-bin: deprecate useHardenedMalloc
 2023-08-25 20:12:38 +02:00
Franz Pletz
9bd52fd1bf
Merge pull request #250517 from aaronjheng/datadog-agent 
datadog-agent: unpin go1.18
 2023-08-25 20:04:45 +02:00
Franz Pletz
5fc4687280
Merge pull request #229452 from Leixb/headsetcontrol27 
headsetcontrol: 2.6.1 -> 2.7.0
 2023-08-25 20:04:19 +02:00
Franz Pletz
4df994d359
Merge pull request #248486 from S-NA/updates/deadd-notification-center 
deadd-notification-center: 2.0.4 -> 2.1.1
 2023-08-25 20:02:43 +02:00
Franz Pletz
c0967315ff
Merge pull request #249600 from anthonyroussel/nvtop_3_0_2 
nvtop: 3.0.1 -> 3.0.2
 2023-08-25 20:01:45 +02:00
Matthias Beyer
39e95f3c64
Merge pull request #251411 from SuperSandro2000/smenu 
smenu: 1.2.0 -> 1.3.0
 2023-08-25 20:01:07 +02:00
Pol Dellaiera
5cf3fa6186
Merge pull request #251266 from marsam/update-1password 
_1password: 2.19.0 -> 2.20.0
 2023-08-25 19:57:00 +02:00
Martin Weinelt
18c66967d6
Merge pull request #251256 from NixOS/home-assistant 
home-assistant: 2023.8.3 -> 2023.8.4
 2023-08-25 19:54:08 +02:00
Vladimír Čunát
68eb95705f
Merge #251367: revert "python3Packages.pillow & python3Packages.pillow-simd: Fix cross compilation" 2023-08-25 19:47:10 +02:00
Fabian Affolter
19a689af9e
python311Packages.adax: disable on unsupported Python releases 2023-08-25 19:46:49 +02:00
Fabian Affolter
2d4cda191f
python311Packages.adax: add changelog to meta 2023-08-25 19:46:18 +02:00
Matthias Beyer
347a238ef8
Merge pull request #251404 from r-ryantm/auto-update/clash-meta 
clash-meta: 1.15.0 -> 1.15.1
 2023-08-25 19:46:09 +02:00
Matthias Beyer
80ee147b6f
Merge pull request #251408 from matrss/disable-getoptions-tests-against-yash 
getoptions: disable tests against yash
 2023-08-25 19:45:22 +02:00
Fabian Affolter
75213da35d python311Packages.adax: 0.2.0 -> 0.3.0 
Diff: https://github.com/Danielhiversen/pyadax/compare/0.2.0...0.3.0
 2023-08-25 19:43:01 +02:00
Lin Jian
3e025f1393 emacsWithPackages: add a note for EMACSNATIVELOADPATH 2023-08-25 17:42:21 +00:00
Lin Jian
7f8cd3d8f9 emacsWithPackages: remove redundant colons 2023-08-25 17:42:21 +00:00
Lin Jian
d380784357 emacsWithPackages: fix logic of adding EMACSNATIVELOADPATH 
Without this change, EMACSNATIVELOADPATH will not be added if
EMACSLOADPATH is added.
 2023-08-25 17:42:21 +00:00
Matthias Beyer
a12258c461
Merge pull request #251393 from schuelermine/add/genemichaels 
genemichaels: init
 2023-08-25 19:38:34 +02:00
Angus Dippenaar
0093ac7102 stm32cubemx: 6.8.1 -> 6.9.1 
Release notes: https://www.st.com/resource/en/release_note/rn0094-stm32cubemx-release-691-stmicroelectronics.pdf

In the release notes, it mentions that it's bundled with Java 17, so
this is the same version which is pinned in this package.
 2023-08-25 17:37:52 +00:00
Angus Dippenaar
437e88c919 maintainers: add angaz 2023-08-25 17:37:52 +00:00
Matthias Beyer
0bbd448bd5
Merge pull request #251392 from r-ryantm/auto-update/riffdiff 
riffdiff: 2.25.0 -> 2.25.2
 2023-08-25 19:27:24 +02:00
Matthias Beyer
fa08e19344
Merge pull request #251403 from fabaff/types-beautifulsoup4 
python311Packages.types-html5lib: init at 1.1.11.15, python311Packages.types-beautifulsoup4: init at 4.12.0.6
 2023-08-25 19:21:41 +02:00
Sandro Jäckel
77eb86d962
smenu: 1.2.0 -> 1.3.0 
Diff: https://github.com/p-gen/smenu/compare/v1.2.0...v1.3.0
 2023-08-25 19:16:48 +02:00
Matthias Riße
1974feb428 getoptions: disable tests against yash 2023-08-25 19:05:14 +02:00
Anselm Schüler
cc515a6e01 genemichaels: init at 0.1.21 2023-08-25 19:02:58 +02:00
Matthias Beyer
697d179231
Merge pull request #251399 from r-ryantm/auto-update/k3sup 
k3sup: 0.12.14 -> 0.12.15
 2023-08-25 19:02:32 +02:00
figsoda
6bc39510ae
Merge pull request #251317 from GaetanLepage/rainbow-delimiters 
vimPlugins.rainbow-delimiters-nvim: init at 2023-08-25
 2023-08-25 12:55:19 -04:00
figsoda
e2df13eb5a
Merge pull request #251309 from r-ryantm/auto-update/ast-grep 
ast-grep: 0.11.0 -> 0.11.1
 2023-08-25 12:54:54 -04:00
figsoda
0ca251a070
Merge pull request #251339 from marsam/update-scheme-manpages 
scheme-manpages: unstable-2023-06-04 -> unstable-2023-08-13
 2023-08-25 12:43:45 -04:00
Matthias Beyer
0c06e91e7b
Merge pull request #251390 from r-ryantm/auto-update/grpc_cli 
grpc_cli: 1.56.2 -> 1.57.0
 2023-08-25 18:41:27 +02:00
figsoda
60f3de2df5
Merge pull request #251332 from marsam/update-millet 
millet: 0.12.9 -> 0.13.0
 2023-08-25 12:38:43 -04:00
figsoda
f29ffd9e36
Merge pull request #251363 from khaneliman/fastfetch 
fastfetch: 2.0.3 -> 2.0.4
 2023-08-25 12:37:35 -04:00
Matthias Beyer
30b996303f
Merge pull request #251396 from r-ryantm/auto-update/netdata 
netdata: 1.42.0 -> 1.42.1
 2023-08-25 18:35:53 +02:00
Fabian Affolter
32b62b08e9 python311Packages.types-beautifulsoup4: init at 4.12.0.6 2023-08-25 18:33:52 +02:00
Fabian Affolter
019f208ada python311Packages.types-html5lib: init at 1.1.11.15 2023-08-25 18:33:46 +02:00
Franz Pletz
72631d762f
Merge pull request #251055 from lheckemann/virt-manager-osx 
virt-manager: produce a macos application
 2023-08-25 18:33:26 +02:00
Franz Pletz
31d331e7ce
Merge pull request #251186 from skorpy2009/zoom 
zoom-us: 5.15.5.5603 -> 5.15.10.6882
 2023-08-25 18:31:40 +02:00
R. Ryantm
eadaccffc7 clash-meta: 1.15.0 -> 1.15.1 2023-08-25 16:29:05 +00:00
figsoda
b07e62ccf1
Merge pull request #251381 from MoritzBoehme/gum-add-main-program 2023-08-25 12:28:25 -04:00
Ryan Mulligan
37587d2860
Merge pull request #251067 from cdmistman/cad/update-bun 
bun: 0.7.3 -> 0.8.0
 2023-08-25 09:20:18 -07:00
R. Ryantm
dafab32a63 k3sup: 0.12.14 -> 0.12.15 2023-08-25 16:06:02 +00:00
Bobby Rong
ea96bb8a5a
Merge pull request #251282 from bobby285271/upd/pantheon 
pantheon.elementary-files: 6.4.1 -> 6.5.0
 2023-08-25 23:56:24 +08:00
Matthias Beyer
103bbccbf6
Merge pull request #251359 from r-ryantm/auto-update/iqtree 
iqtree: 2.2.2.6 -> 2.2.2.7
 2023-08-25 17:53:42 +02:00
Matthias Beyer
7eb4df7985
Merge pull request #251386 from r-ryantm/auto-update/traefik 
traefik: 2.10.3 -> 2.10.4
 2023-08-25 17:53:32 +02:00
Matthias Beyer
b980fb511c
Merge pull request #251372 from 06kellyjac/diffoci 
diffoci: init at 0.1.1
 2023-08-25 17:53:20 +02:00