nixpkgs/nixos/modules/security
Franz Pletz 0d59fc1169
cacerts: refactor, add blacklist option
Previously, the list of CA certificates was generated with a perl script
which is included in curl. As this script is not very flexible, this commit
refactors the expression to use the python script that Debian uses to
generate their CA certificates from Mozilla's trust store in NSS.

Additionally, an option was added to the cacerts derivation and the
`security.pki` module to blacklist specific CAs.
2016-10-09 02:00:18 +02:00
..
acme.nix nixos.acme: make timer persistent 2016-10-03 19:31:42 +02:00
acme.xml acme: added option security.acme.preliminarySelfsigned (#15562) 2016-06-01 11:39:46 +01:00
apparmor-suid.nix apparmor-suid module: fix libcap lib output reference 2016-05-07 21:48:29 +02:00
apparmor.nix nixos: add AppArmor PAM support 2015-07-15 12:40:06 +02:00
audit.nix audit: Disable by default 2016-08-31 23:15:41 +03:00
ca.nix cacerts: refactor, add blacklist option 2016-10-09 02:00:18 +02:00
chromium-suid-sandbox.nix chromium-suid-sandbox module: fix description 2016-08-08 10:17:31 +03:00
duosec.nix Fix user-facing typos (mainly in descriptions) 2014-12-30 03:31:03 +01:00
grsecurity.nix grsecurity module: set nixpkgs.config.grsecurity = true 2016-09-05 00:56:17 +02:00
grsecurity.xml grsecurity doc: note that module autoload hardening is disabled 2016-10-02 19:25:58 +02:00
hidepid.nix hidepid module: detailed description to external doc 2016-09-15 15:36:03 +02:00
hidepid.xml hidepid module: detailed description to external doc 2016-09-15 15:36:03 +02:00
oath.nix config.security.oath: new module 2016-02-25 13:52:45 +00:00
pam_mount.nix pam_mount module: integrate pam_mount into PAM of NixOS 2015-07-04 23:42:31 +02:00
pam_usb.nix Rewrite ‘with pkgs.lib’ -> ‘with lib’ 2014-04-14 16:26:48 +02:00
pam.nix Revert "nixos/pam: clean up generated files (no functional change) (#18580)" 2016-09-17 16:39:49 -05:00
polkit.nix nixos systemPackages: rework default outputs 2016-01-28 11:24:18 +01:00
prey.nix nixos: fix some types 2015-09-18 18:48:50 +00:00
rngd.nix rngd: update modalias to match cpu type 2016-09-17 18:36:57 -07:00
rtkit.nix rtkit: Update from 0.10 to 0.11 2014-04-21 23:22:10 +02:00
setuid-wrapper.c setuid-wrapper: Fix broken string comparison 2014-04-19 10:58:30 +02:00
setuid-wrappers.nix setuid-wrappers: correctly umount the tmpfs 2016-09-04 17:56:00 +02:00
sudo.nix sudo: Allow root to use sudo to switch groups 2016-09-13 23:15:56 +10:00