Re: [Nix-dev] firefox package questions

[joachifm]

On Mon, Jun 19, 2017, at 13:00, Roland Koebler wrote:
> Hi,
> 
> > > - Up to date versions:
> > >   Currently, NixOS only contains outdated Firefox-versions (53.0.3,
> > >   52.1.2esr);
> > >   there are newer official versions since about 1 week.
> > >   How long does it usually take until the newest version gets packaged?
> > 
> > Both the release branch and master carry firefox 54. Which channel are
> > following?
> 
> The default branch after installing NixOS:
> # nix-channel --list
> nixos https://nixos.org/channels/nixos-17.03

Unfortunately, the release channel has been blocked for a while; I
failed to realize how much it is lagging behind the release branch.
Unless you wish to pull nix expressions directly from the release
branch, there's
not much else to do than wait for the channel to catch up. That is, the
updates are there, they are just not being disseminated, for reasons
unrelated to firefox specifically.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] firefox package questions

[joachifm]

On Mon, Jun 19, 2017, at 12:25, Roland Koebler wrote:
> Hi,
> 
> [ ...]
> - Up to date versions:
>   Currently, NixOS only contains outdated Firefox-versions (53.0.3,
>   52.1.2esr);
>   there are newer official versions since about 1 week.
>   How long does it usually take until the newest version gets packaged?

Both the release branch and master carry firefox 54. Which channel are
following?
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Hydra and security updates

[joachifm]

On Thu, Jun 1, 2017, at 23:32, Leo Gaspard wrote:
> Hi all,
> 
> [ ... ]

I think this is relevant to your interests:
https://github.com/NixOS/nixpkgs/pull/10851

On a side note, I don't know why anybody would actually run
nixos-unstable; it gets stuck for long periods of time quite often ... I
think sticking to the latest release channel or using the -small variant
is better, depending on whether you want/need the latest bugs.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] setuid wrappers permissions

[joachifm]

On Sat, Sep 3, 2016, at 10:45 PM, Karn Kallio wrote:
> 
> The new setuid-wrappers in /run cannot be executed by users due to:
> 
> 1) the temporary directory does not allow access
> 2) the /run is mounted nosuid
> 
> The attached patch prepares the permissions and mount options so users
> can execute the suid wrappers.

I've tested this on a running system and against the misc test, it fixes
both. Thank you!
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-commits] [NixOS/nixpkgs]

[joachifm]

  Branch: refs/heads/revert-16980-sf-use-mirrors
  Home:   https://github.com/NixOS/nixpkgs
___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 8745e4: mutt: 1.6.0 -> 1.6.2

[joachifm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 8745e479091f21975d5777df9a8013d8e7d02cfd
  
https://github.com/NixOS/nixpkgs/commit/8745e479091f21975d5777df9a8013d8e7d02cfd
  Author: rnhmjoj <michelegueriniro...@me.com>
  Date:   2016-07-09 (Sat, 09 Jul 2016)

  Changed paths:
M pkgs/applications/networking/mailreaders/mutt/default.nix
R pkgs/applications/networking/mailreaders/mutt/sidebar-compose.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-delimnullwide.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-dotpathsep.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-new.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-newonly.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-utf8.patch
M pkgs/applications/networking/mailreaders/mutt/sidebar.patch
R pkgs/applications/networking/mailreaders/mutt/trash-folder.patch
A pkgs/applications/networking/mailreaders/mutt/trash.patch

  Log Message:
  ---
  mutt: 1.6.0 -> 1.6.2


  Commit: 99039235728c673291510c77bca9077abb16a1fb
  
https://github.com/NixOS/nixpkgs/commit/99039235728c673291510c77bca9077abb16a1fb
  Author: joachifm <joach...@users.noreply.github.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M pkgs/applications/networking/mailreaders/mutt/default.nix
R pkgs/applications/networking/mailreaders/mutt/sidebar-compose.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-delimnullwide.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-dotpathsep.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-new.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-newonly.patch
R pkgs/applications/networking/mailreaders/mutt/sidebar-utf8.patch
M pkgs/applications/networking/mailreaders/mutt/sidebar.patch
R pkgs/applications/networking/mailreaders/mutt/trash-folder.patch
A pkgs/applications/networking/mailreaders/mutt/trash.patch

  Log Message:
  ---
  Merge pull request #16805 from rnhmjoj/mutt

mutt: 1.6.0 -> 1.6.2


Compare: https://github.com/NixOS/nixpkgs/compare/9aa3e78ab206...99039235728c___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 129c17: youtube-dl: 2016.07.03.1 -> 2016.07.09.2

[joachifm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 129c17b222725c1ab37c0c21fda57ddf8a4d186a
  
https://github.com/NixOS/nixpkgs/commit/129c17b222725c1ab37c0c21fda57ddf8a4d186a
  Author: Márton Boros <martonbo...@gmail.com>
  Date:   2016-07-10 (Sun, 10 Jul 2016)

  Changed paths:
M pkgs/tools/misc/youtube-dl/default.nix

  Log Message:
  ---
  youtube-dl: 2016.07.03.1 -> 2016.07.09.2


  Commit: 7135dfd541f1651bd08cd59278c2f2241723d3af
  
https://github.com/NixOS/nixpkgs/commit/7135dfd541f1651bd08cd59278c2f2241723d3af
  Author: joachifm <joach...@users.noreply.github.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M pkgs/tools/misc/youtube-dl/default.nix

  Log Message:
  ---
  Merge pull request #16836 from brainrape/update-youtube-dl

youtube-dl: 2016.07.03.1 -> 2016.07.09.2


Compare: https://github.com/NixOS/nixpkgs/compare/4620221a5187...7135dfd541f1___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] f854c7: gtk-gnutella: 1.1.5 -> 1.1.9

[joachifm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: f854c7d4f4bdbae7ba182955e453070f5343678e
  
https://github.com/NixOS/nixpkgs/commit/f854c7d4f4bdbae7ba182955e453070f5343678e
  Author: Kranium Gikos Mendoza <kran...@gikos.net>
  Date:   2016-07-10 (Sun, 10 Jul 2016)

  Changed paths:
M pkgs/tools/networking/p2p/gtk-gnutella/default.nix

  Log Message:
  ---
  gtk-gnutella: 1.1.5 -> 1.1.9


  Commit: 3df7f3cbc303a6c867245d5faa37a4989f0982eb
  
https://github.com/NixOS/nixpkgs/commit/3df7f3cbc303a6c867245d5faa37a4989f0982eb
  Author: joachifm <joach...@users.noreply.github.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M pkgs/tools/networking/p2p/gtk-gnutella/default.nix

  Log Message:
  ---
  Merge pull request #16831 from womfoo/fix-bump/gtkgnutella-1.1.9

gtk-gnutella: fix build and 1.1.5 -> 1.1.9


Compare: https://github.com/NixOS/nixpkgs/compare/7135dfd541f1...3df7f3cbc303___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] defdbd: geany: 1.27 -> 1.28

[joachifm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: defdbdb08b22c9eb8f770d86533f615e17efc530
  
https://github.com/NixOS/nixpkgs/commit/defdbdb08b22c9eb8f770d86533f615e17efc530
  Author: Frank Lanitz <fr...@frank.uvena.de>
  Date:   2016-07-10 (Sun, 10 Jul 2016)

  Changed paths:
M pkgs/applications/editors/geany/default.nix

  Log Message:
  ---
  geany: 1.27 -> 1.28


  Commit: 4620221a5187d2a467a62a1ef684fb7e37a13f76
  
https://github.com/NixOS/nixpkgs/commit/4620221a5187d2a467a62a1ef684fb7e37a13f76
  Author: joachifm <joach...@users.noreply.github.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M pkgs/applications/editors/geany/default.nix

  Log Message:
  ---
  Merge pull request #16839 from frlan/Update/Geany/1.28

geany: 1.27 -> 1.28


Compare: https://github.com/NixOS/nixpkgs/compare/03a7fa910465...4620221a5187___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 00f35e: leatherman: 0.7.0 -> 0.7.5

[joachifm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 00f35e6653a30fc2c90db96d1f50ac3e04160575
  
https://github.com/NixOS/nixpkgs/commit/00f35e6653a30fc2c90db96d1f50ac3e04160575
  Author: Kranium Gikos Mendoza <kran...@gikos.net>
  Date:   2016-07-10 (Sun, 10 Jul 2016)

  Changed paths:
M pkgs/development/libraries/leatherman/default.nix

  Log Message:
  ---
  leatherman: 0.7.0 -> 0.7.5


  Commit: 356b3ae546fa426435bc9d139cb3dc76c61b936d
  
https://github.com/NixOS/nixpkgs/commit/356b3ae546fa426435bc9d139cb3dc76c61b936d
  Author: Kranium Gikos Mendoza <kran...@gikos.net>
  Date:   2016-07-10 (Sun, 10 Jul 2016)

  Changed paths:
M pkgs/tools/system/facter/default.nix

  Log Message:
  ---
  facter: 3.1.6 -> 3.1.8


  Commit: 03a7fa910465943268d24089e88cfb8db9baf1e3
  
https://github.com/NixOS/nixpkgs/commit/03a7fa910465943268d24089e88cfb8db9baf1e3
  Author: joachifm <joach...@users.noreply.github.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M pkgs/development/libraries/leatherman/default.nix
M pkgs/tools/system/facter/default.nix

  Log Message:
  ---
  Merge pull request #16840 from womfoo/bump/leatherman-0.7.5-facter-3.1.8

Bump leatherman: 0.7.0 -> 0.7.5 and sole dependency facter 3.1.6 -> 3.1.8


Compare: https://github.com/NixOS/nixpkgs/compare/ecb5a56b4ef4...03a7fa910465___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 4c17be: minify: init at v2.0.0

[joachifm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 4c17bed84c53f018cd3ca97f2a4ea7e4eaa1634d
  
https://github.com/NixOS/nixpkgs/commit/4c17bed84c53f018cd3ca97f2a4ea7e4eaa1634d
  Author: schneefux <schneefux+com...@schneefux.xyz>
  Date:   2016-07-10 (Sun, 10 Jul 2016)

  Changed paths:
M pkgs/development/go-modules/libs.json
A pkgs/development/web/minify/default.nix
A pkgs/development/web/minify/deps.json
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  minify: init at v2.0.0


  Commit: ecb5a56b4ef405c244be080e61cda84ecd918864
  
https://github.com/NixOS/nixpkgs/commit/ecb5a56b4ef405c244be080e61cda84ecd918864
  Author: joachifm <joach...@users.noreply.github.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M pkgs/development/go-modules/libs.json
A pkgs/development/web/minify/default.nix
A pkgs/development/web/minify/deps.json
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Merge pull request #16300 from schneefux/gopkg-minify

minify: init at v2.0.0


Compare: https://github.com/NixOS/nixpkgs/compare/7a54a71c9e57...ecb5a56b4ef4___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 93b246: urlwatch: 2.1 -> 2.2

[joachifm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 93b246287bb0ca4a86b9f00140939784c81f3b49
  
https://github.com/NixOS/nixpkgs/commit/93b246287bb0ca4a86b9f00140939784c81f3b49
  Author: tv <t...@krebsco.de>
  Date:   2016-07-09 (Sat, 09 Jul 2016)

  Changed paths:
M pkgs/tools/networking/urlwatch/default.nix
A pkgs/tools/networking/urlwatch/setup.patch

  Log Message:
  ---
  urlwatch: 2.1 -> 2.2


  Commit: 7a54a71c9e573d5cb77839f16184bc9b343c7b61
  
https://github.com/NixOS/nixpkgs/commit/7a54a71c9e573d5cb77839f16184bc9b343c7b61
  Author: joachifm <joach...@users.noreply.github.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M pkgs/tools/networking/urlwatch/default.nix
A pkgs/tools/networking/urlwatch/setup.patch

  Log Message:
  ---
  Merge pull request #16808 from 4z3/urlwatch

urlwatch: 2.1 -> 2.2


Compare: https://github.com/NixOS/nixpkgs/compare/356e9c04da54...7a54a71c9e57___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 2b47d2: factorio: 0.12.35 -> 0.13.8

[joachifm]

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 2b47d24007c649414e59c884fe6d999a2b3990d1
  
https://github.com/NixOS/nixpkgs/commit/2b47d24007c649414e59c884fe6d999a2b3990d1
  Author: Eric Litak <eli...@gmail.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M nixos/modules/services/games/factorio.nix
M pkgs/games/factorio/default.nix

  Log Message:
  ---
  factorio: 0.12.35 -> 0.13.8


  Commit: c07866a641d10a6dc527e0d8a59f4f531145a51f
  
https://github.com/NixOS/nixpkgs/commit/c07866a641d10a6dc527e0d8a59f4f531145a51f
  Author: joachifm <joach...@users.noreply.github.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
M nixos/modules/services/games/factorio.nix
M pkgs/games/factorio/default.nix

  Log Message:
  ---
  Merge pull request #16882 from elitak/factorio013

factorio: 0.12.35 -> 0.13.8


Compare: https://github.com/NixOS/nixpkgs/compare/416120e0c743...c07866a641d1___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

Re: [Nix-dev] Packaging free software that costs money

[joachifm]

On Wed, Jul 6, 2016, at 06:48 PM, Profpatsch wrote:
> On 16-07-06 09:50am, Kevin Cox wrote:
> > IIUC you can't "really require" money for a GPL program. You can charge
> > for the distribution or for binaries or whatever you like, but nothing
> > is stopping others from building and distributing the program for no
> > charge (or even taking the money themselves) this is part of the freedom
> > offered by the license.
> 
> I’m not sure how that fares legally (compared to proprietary licenses),
> but in a day-to-day environment, this holds true for *every* digital
> file.
> 
> It is a basic property.
> 
> If you don’t think so, I point you to $FILE_SHARING_WEBSITE of your
> choice.

That patterns of bytes are easily disseminated seems impertinent to me.
An unlicensed distributor of proprietary software can be *forced* to
stop their activity and also be made to pay for any damages that the
copyright holder is able to prove. A libre software
vendor can ask for payment but they have no recourse against
re-distributors. I believe this is what Kevin Cox is referring to.

I agree with Jookia that the policy proposed in this thread is
inappropriate for Nixpkgs. I think a case could be made for adding
standard meta attributes containing information about where to go to
pay/donate, but only if absent built-in policies.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Has someone a working setup for Kernel development with NixOS?

[joachifm]

On Mon, Jun 27, 2016, at 08:52 PM, Matthias Beyer wrote:
> basically what I do with `nixos-rebuild build-vm` but from another 
> configuration.nix than my system-configuration.nix.

You probably want something like
```
$ nix-build -I nixpkgs=/my/nixpkgs -I nixos-config=/my/configuration.nix
'' -A vm
$ ./result/bin/run-nixos-vm
```
or some variation thereof.

HTH,
Joachim
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Best way to install nix packages from github repo

[joachifm]

On Sat, Jun 25, 2016, at 02:09 PM, Kelong Cong wrote:
> I'm not too familiar with nix expression yet so using nix-env -f appears
> to be the easiest approach at the moment.

Note that `nix-env -f` can be used with http(s) urls as well, so you can
point to an autogenerated
github archive, e.g.,
https://github.com/NixOS/nixpkgs/archive/master.tar.gz, if you want all 
the latest
bugs.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Link to nix.useSandbox in pull request template

[joachifm]

On Sat, Jun 18, 2016, at 12:03 AM, Maarten Hoogendoorn wrote:
> I've encountered a missing dependency in a package, and created a pull
> request [1] to add the dependency.
> 
> However, I'm not completely sure how to build/test this using sandboxing
> as
> is suggested in the pull request template. Could the link to the
> documentation be broken?
> 
> Thanks,
> Maarten
> 
> [1] https://github.com/NixOS/nixpkgs/pull/16304

The option used to be named `useChroot`, which is now an alias of
`useSandbox`.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Malicious installation methods

[joachifm]

On Fri, Jun 17, 2016, at 11:36 PM, Yui Hirasawa wrote:
> > True, of course. But, there is a class of software projects which will
> > likely never be "packaged" by package managers - namely, other package
> > managers. Nix falls into this class, along with, for example, NPM,
> > Brew, Oh-My-Zsh, and others.
> 
>  What reason would there to not package other package managers?
> >>>
> >>> IIRC, Debian won't package Nix because it violates the FHS (by requiring
> >>a /nix
> >>> directory).
> >>
> >> Is the nix root dir configurable? Would it be that horrible to have
> >> /opt/nix or /var/lib/nix or something else be the nix root on Debian?
> >
> > It's not strictly required, but it would mean losing out on all the binary
> > packages provided by the CI.
> 
> Aren't they built in a chroot like Guix does? Why would anything break
> just because you change where they are installed?

Because it invalidates all the store references.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] racket advance version

[joachifm]

On Thu, May 5, 2016, at 08:18 PM, Karn Kallio wrote:
> 
> The attached patch advances the racket version from 6.4 to the latest
> release 6.5

Applied, thank you
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Contributing to nixpkgs and maintainers burden

[joachifm]

On Sun, Apr 10, 2016, at 07:00 AM, Ruben Astudillo wrote:
> Hi nixers.
> 
> I have a couple of packages (hakuneko, haskell-related) on my local copy
> of the repo. Time to time I've thought of contributing back. But I think
> on the maintainers of nixpkgs and don't know if I am really making them
> favor.
Hi,

In my opinion you should just create pull requests and trust that all
contributors are capable of ignoring things they don't care about (if
not, that's their problem, not yours, IMO). What you can do to speed
things up is explicitly mentioning people you think needs to see the PR,
if the mention bot fails to do so (again, trust that people are able to
manage what they pay attention to). Also, following the guidelines helps
reduce overhead.

As an aside, I find that the discussions about the "github mess" end up
with overly complex solutions that don't really address the core issues
(in my opinion). It'd be a shame if we're actually dissuading would-be
contributors. (Please don't take this as an invitation to start yet
another discussion about this).

Just my 2 NOK.

Regards,
Joachim
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] 16.03 in gcc5.3, master in gcc 4.9?

[joachifm]

On Tue, Mar 22, 2016, at 01:59 PM, Lluís Batlle i Rossell wrote:
> On Tue, Mar 22, 2016 at 01:23:39PM +0100, Vladimír Čunát wrote:
> > On 03/22/2016 10:22 AM, Lluís Batlle i Rossell wrote:
> > > I think that someone merged into 16.03 instead of into master unwillingly.
> > > An error. But did this pass unnoticed by the maintainers for more than 15
> > > days?
> > 
> > No, according to some chats the inclusion in 16.03 is intentional. The
> > changes for master are in staging, but there's also mass darwin breakage
> > which noone addresses, so that's why it isn't merged to master yet.
> > https://github.com/NixOS/nixpkgs/commit/dd53c65dccb6#commitcomment-16668634
> > 
> > It's possible the darwin breakage is on 16.03 as well, as Hydra has no
> > darwin jobs for releases AFAIK.
> 
> How weird. Why that was merged into 16.03 and not into master? Why isn't
> master the first step to 16.03?

Because releases are linux only and so are unaffected by the darwin
breakage. This way we get the feature into the release while minimising
disruption for nixpkgs users. Makes sense to me.

> So, should we push fixes for gcc5 into 16.03? Will that be merged into
> master? Should these go to staging?

I'd expect that staging ends up being merged into master at some point,
so putting fixes into staging makes sense to me.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Non-root access to nixos-container

[joachifm]

On Wed, Dec 16, 2015, at 08:46 PM, rohit yadav wrote:
> Hi,

Hi,

> After trying docker, rkt etc, I have found nixos-container to be best
> suited for my application. However, I find ​a warning that root access to
> the container should not be provided to any untrusted user. I am
> wondering
> if I can create a normal user in a declarative container, would that be
> safe? This may be a trivial question, I just want to be clear on this.

Depending on your setup, having root in the container may be equivalent
to having root on the host. Compared to that situation, executing as an
unprivileged user within the container appears to improve security. That
said, if a container solution CAN adversely affect the host system, it
is prudent to assume that a malicious user will find a way to make that
happen (whether anyone will care to try is another matter). This caveat
very much applies to NixOS containers, which are implemented by
executing `systemd-nspawn` as root on the host system. 

Systemd-nspawn upstream explicitly states that lightweight containers
are insecure and not to be relied on to do much beyond preventing
accidental damage to the host system. If security is your only reason
for using containers, consider whether you're meaningfully improving
security compared to running the service as an unprivileged user on the
host and not actually making things worse by introducing additional
complexity.

HTH,
Joachim
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Secure NixOS

[joachifm]

On Mon, Dec 7, 2015, at 12:14 PM, zimbatm wrote:
> [...]
> (3) is already supported by adding `security.grsecurity.enable` to your
> configuration.nix file.
To be frank, grsecurity support in NixOS is user-unfriendly. My biggest
gripe is that the implementation is biased towards compile-time tuning
of run-time behavior. I proposed a few patches towards a sysctl oriented
implementation, but they failed to gain traction (granted, the patches
are imperfect and incomplete). What is more, the lack of a satisfying
method of applying appropriate PaX flags to binaries, ala paxd, greatly
impedes use of Grsecurity/PaX on the desktop. Finally, I failed to get
RBAC to actually work, in its current form.

I have found it easier to simply switch to a distro with proper
Grsecurity/PaX support. If I continue to tinker with NixOS, it will be
in a virtual machine.

Just my 2 NOK ...
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Design Patterns for Achieving what Nix is Advertized for

[joachifm]

On Fri, Nov 27, 2015, at 03:09 AM, Martin Vahi wrote:
> 
> In the light of the instability of the Nix
> 
> https://github.com/NixOS/nix/issues/718
A single bug report is hardly evidence of the "instability of Nix". For
many (most?) of us, Nix works as advertised and has done so for a long
time. The fact that a build fails in an arbitrary build environment is
an argument in *favour* of the Nix approach, where environments are
precisely defined. The state space of a modern OS boggles the mind and
it really is mad to expect anything to work consistently. That things
actually work and work so well is amazing.

Anyway, your best bet is to read
https://nixos.org/~eelco/pubs/phd-thesis.pdf and similar material on
nixos.org.That should give you an idea of what you need to achieve
feature parity and beyond.

A few remarks:

> Nix sales argument:
> Multiple versions of the package can
> be used simultaniously and each of the
> packages can use its own set of dependencies.
> []
> Proposed workaround design pattern:
> [...]
With Nix, you get cryptographic hash signatures which exactly denote
arbitrary build configurations and their combinations, no DSL required
(unless you consider Nix itself a DSL). Also, Nix solves the general
case, not only traditional software packages.

> Nix sales argument:
> It is possible to select, what packages
> are available in the environment(PATH, libs), the
> environment is versioned(allowing rollbacks, branches, etc.)
> and the environments are reproducible on
> different computers by having the clone computer
> go from state 0 (the "hello" has been installed)
> to the destination environment state by
> going through all those state tree vertices
> that are on the path from the root (the "hello")
> to the leaf or some vertex in between.
The design of Nix allows precisely computing a component's runtime
dependencies (the closure), which in turn enables replication by dumb
byte transfer. A NixOS system configuration is just a component, like
any other, and can be replicated in the same fashion. I find it
unhelpful to think about this in terms of the recipient going through a
sequence of state transitions to reach an end state.

Regards,
Joachim
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] How do I change vim compile options from my configuration.nix?

[joachifm]

On Tue, Nov 24, 2015, at 10:48 PM, Anders Lundstedt wrote:
> I want to run a vim compiled with the options
> 
> +python3
> -python
> 
> How do I accomplish this?
One way to achieve this is via ~/.nixpkgs/config.nix. Vim happens to
have a configurable variant. Something like (untested)
```nix
{
  vim.python3 = true;
}
```
should give you what you want (I think, based on my brief reading of the
source). See ``
for details.

Not all packages support this idiom. In the general case, you'd
customize the package via the `packageOverrides` mechanism (see the
manual for details).

HTH,
Joachim
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] How do I change vim compile options from my configuration.nix?

[joachifm]

On Wed, Nov 25, 2015, at 06:36 PM, Anders Lundstedt wrote:
> On Wed, Nov 25, 2015 at 6:22 PM,   wrote:
> > One way to achieve this is via ~/.nixpkgs/config.nix. Vim happens to
> > have a configurable variant. Something like (untested)
> > ```nix
> > {
> >   vim.python3 = true;
> > }
> > ```
> 
> I do not have a ~/.nixpkgs/config.nix. I created one with those three
> lines but that did not help. I then tried to put the line "vim.python3
> = true;" in my configuration.nix, which gave the following error when
> doing "nix-rebuild --switch":
> 
> error: The option `vim' defined in `/path/to/configuration.nix' does not
> exist.

That is not what I suggested you do. If you want to use
`configuration.nix`, you must use the option `nixpkgs.config`.

What I had in mind was the following sequence (assuming you start
without ~/.nixpkgs):

```sh
mkdir ~/.nixpkgs
echo '{ vim.python3 = true; }' > ~/.nixpkgs/config.nix
nix-env -iA nixos.vim_configurable
vim --version | grep python3
```
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Increase the size of /run/user/1000

[joachifm]

On Tue, Jul 14, 2015, at 07:44 PM, Nikita Karetnikov wrote:
 I'm aware of boot.runSize, but it doesn't seem to affect /run/user/1000. 
 What's
 the proper way to do it?

The standard way of controlling the size of /run/user is the
RuntimeDirectorySize directive
in logind.conf [1]. The NixOS interface is services.logind.extraConfig.

HTH.

[1]: http://www.freedesktop.org/software/systemd/man/logind.conf.html

(I originally sent this directly to the OP by accident, sorry about
that!)
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Permission error when installing mpd

[joachifm]

On Thu, Feb 19, 2015, at 09:28 PM, James Cook wrote:
 Hm, this sounds like a bug actually. Maybe the mkdir is running as mpd
 but the author of that .nix file expected it to run as root? (Can
 anyone contradict this?)

This is correct [1]. Until the fix hits unstable, you can set

 systemd.services.mpd.serviceConfig = { PermissionsStartOnly =
 true; };

in your configuration.nix to allow the preStart script to run as root
(or just run it manually, as has been suggested).

[1]: https://github.com/NixOS/nixpkgs/issues/6277
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev