| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\
| |
| | |
Update dwb. This fixes some bugs in dwb.
|
| | | |
|
| |\ \
| | |
| | | |
transmission: Update from 2.82 -> 2.83 + fixes
|
| | | | |
|
| | | | |
|
| | | | |
|
| |/ / |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Signed-off-by: Austin Seipp <aseipp@pobox.com>
|
| | |
| |
| |
| | |
Signed-off-by: Austin Seipp <aseipp@pobox.com>
|
| |\ \
| | |
| | | |
notbit: Bump version and add more configuration options
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
mumble: Update 1.2.5 -> 1.2.6
|
| | | | | |
|
| |/ / / |
|
| |\ \ \
| |/ /
|/| | |
fix GNUnet missing dependencies
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
libgnurl is essential for bootstrapping (needed to download a hostlist).
GnuTLS is needed by gnunet-gns-proxy.
Also sort dependencies alphabetically.
|
| |\ \ \
| | | |
| | | | |
uzbl: Add gsettings_desktop_schemas as build input. Closes #2332
|
| | | |/
| |/| |
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Updated to mutt-1.5.23
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
Also add platforms (linux).
|
| | | | |
| | | |
| | | |
| | | | |
vcunat fixed eval and tested it runs.
|
| | |/ /
|/| | |
|
| | | |
| | |
| | |
| | | |
Thanks to @darklajid for reporting and testing on IRC.
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes build for version 36, which i accidentally broke in commit
f6e31fadd80486cdd68e3ad3d7ae888aa81400b9.
The reason this happened, was that my Hydra didn't pick up the latest
commit and I actually tested and built the parent commit instead of the
update commit.
So, this commit is the real "builds fine, tested" for all channels.
Also, the sandbox client initalization has moved into
setuid_sandbox_client.cc, so we need to move the lookup of the
CHROMIUM_SANDBOX_BINARY_PATH environment variable there.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The system attribute was already there in the function head of the
shared update helper but it actually wasn't used and thus later the
import of <nixpkgs> was done using builtins.currentSystem instead of the
system attribute inherited from the source derivation.
Now we correctly propagate the attribute, so that even when running a
64bit kernel you can run a 32bit Chromium with binary plugins.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With this commit, the following new upstream versions are introduced:
stable: 34.0.1847.116 -> 34.0.1847.132 (builds fine, tested)
beta: 35.0.1916.47 -> 35.0.1916.86 (builds fine, tested)
dev: 36.0.1941.0 -> 36.0.1964.2 (builds fine, tested)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes the issue of Chromium not being able to load the pulseaudio
librarp
We could also propagate the build inputs, but it would end up being the
same as just directoly linking against the library.
Thanks to @aristidb for noticing this in #2421:
https://github.com/NixOS/nixpkgs/pull/2421#issuecomment-42113656
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
Tested this in two containers running 0.7.1 before. Upgraded fine and
kept working without configuration changes.
|
| | |
| |
| |
| | |
Also, make it work with recent Firefoxes.
|
| | |
| |
| |
| | |
CVE-2014-0515
|
| | | |
|
| |/
|
|
| |
Signed-off-by: Austin Seipp <aseipp@pobox.com>
|
| |
|
|
|
|
|
|
|
| |
This should fix the desktop icon location for both desktop entries (the
one from the Chromium derivation itself and the wrapper) and renames the
name of the file so that it gets overridden by the wrappers desktop item
so we don't end up having two of them.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
| |
Signed-off-by: Austin Seipp <aseipp@pobox.com>
|
| |\
| |
| | |
gedit, libmediaart, fix xdg-user-dirs, enable GI in grilo, prioritize nautilus mimetype, seahorse, gnome-music, glade, gnome-documents
|
| | | |
|
| |/ |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
What this allows us to do is define a "dumpcap" setuid wrapper in NixOS
and have wireshark use that instead of the non-setuid dumpcap binary
that it normally uses.
As far as I can tell, the code that is changed to do lookup in PATH is
only used by wireshark/tshark to find dumpcap. dumpcap, the thing that's
typically setuid, is not affected by this patch. wireshark and tshark
should *not* be installed setuid, so the fact that they now do lookup in
PATH is not a security concern.
With this commit, and the following config, only "root" and users in the
"wireshark" group will have access to capturing network traffic with
wireshark/dumpcap:
environment.systemPackages = [ pkgs.wireshark ];
security.setuidOwners = [
{ program = "dumpcap";
owner = "root";
group = "wireshark";
setuid = true;
setgid = false;
permissions = "u+rx,g+x";
}
];
users.extraGroups.wireshark.gid = 500;
(This wouldn't have worked before, because then wireshark would not use
our setuid dumpcap binary.)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
This makes running wireshark (or more specifically, dumpcap) as root a
bit more secure. From <wireshark-1.11.2>/doc/README.packaging:
The "--with-libcap" option is only useful when dumpcap is installed
setuid. If it is enabled dumpcap will try to drop any setuid privileges
it may have while retaining the CAP_NET_ADMIN and CAP_NET_RAW
capabilities. It is enabled by default, if the Linux capabilities
library (on which it depends) is found.
|