| Commit message (Collapse) | Author | Age |
|\ |
|
| |\ |
|
| |\ \ |
|
| | | |
| | | |
| | | |
| | | | |
And name the file, too.
|
| |\ \ \
| | | | |
| | | | | |
util-linux: workaround CVE-2016-2779
|
| | | | |
| | | | |
| | | | |
| | | | | |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2779
|
| |\ \ \ \
| | | | | |
| | | | | | |
help2man: fix hash
|
| |\ \ \ \ \ |
|
| |\ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
/cc #18909.
|
| |\ \ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ \ |
|
| |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
Darwin systems need to be able to find CoreFoundation headers as well as
libc headers. Somehow, gcc doesn't accept any "framework" parameters
that would normally be used to include CoreFoundation in this
situation.
HACK: Instead, this adds a derivation that combines the two. The result
works but probably not a good long term solution.
ALTERNATIVES: Maybe sending patches in to GCC to allow
"native-system-framework" configure flag to get this found.
|
| |\ \ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | | | |
|
| | | | | | | | | | | | | |
|
| | | | | | | | | | | | | |
|
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
It's a long build and generally painful to split into smaller commits,
so I apologize for lumping many changes into one commit but this is far
easier.
There are still several outdated parts of the darwin stdenv but these
changes should bring us closer to the goal.
Fixes #18461
|
|\ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
perf: add dependency on libaudit
|
| | |_|_|_|/ / / / / / / /
| |/| | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
the `trace` subcommand of perf is only enabled when libaudit is
available at compile time
|
|\ \ \ \ \ \ \ \ \ \ \ \ \
| | | | | | | | | | | | | |
| | | | | | | | | | | | | | |
rtkit: apply security relevant patch
|
| | |_|_|_|_|_|_|_|_|_|_|/
| |/| | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Otherwise, we force polkit to look up the uid itself in /proc, which is racy if
they execve() a setuid binary.
|
|\ \ \ \ \ \ \ \ \ \ \ \ \
| |/ / / / / / / / / / / /
|/| | | | | | | | | | | | |
kernel: Disable RT_GROUP_SCHED
|
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | |
| | | | | | | | | | | | | |
Follow systemd recommendation
https://github.com/systemd/systemd/blob/fd74fa791f95433ac52520764b67e6fb4bda2c0e/README#L96-L103
|
|/ / / / / / / / / / / /
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | |
| | | | | | | | | | | | |
fixes log clutter:
systemd[1]: [/nix/store/....-rtkit-0.11/etc/systemd/system/rtkit-daemon.service:32] Unknown lvalue 'ControlGroup' in section 'Service'
|
| |_|_|_|_|_|_|_|_|_|/
|/| | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
Now featuring @aszlig's modinst_arg_list_too_long patch.
This reverts commit 43bedb970d7518794f8e82ffffce23952c06083f.
Fixes #19213
|
| |_|_|_|_|_|_|_|/ /
|/| | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
This reverts commit e4958d54b13909281ee01ef241abab5d955f6f75.
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | | |
|
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Cleanup:
- Restructure & add some commentary
- Remove redundant option specs given the auto config
constraints (some are left in for documentation purposes)
Changes:
- GRKERNSEC_CONFIG_VIRT_HOST -> GUEST
The former deselects paravirtualization and friends
- PAX_LATENT_ENTROPY n -> y (implied by auto)
- GRKERNSEC_ACL_HIDEKERN y -> n
Possibly useless with redistribution
|
| |_|_|_|_|_|_|/ /
|/| | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
|
| | | | | | | | | |
|
| |_|_|_|_|_|_|/
|/| | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Since commit 183d05a0 in 2012, this is the default.
fixes #18000
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | | |
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This includes the fix for the assertion failure in
https://github.com/systemd/systemd/issues/4234.
|
| | | | | | | | |
|
| |_|_|_|_|_|/
|/| | | | | | |
|
| | | | | | | |
|
| | | | | | | |
|
| |_|_|_|_|/
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
apparently bash expects only files in its completion folder and not
subfolders.
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
busybox: 1.23.2 -> 1.24.2
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | | |
fixes https://lwn.net/Vulnerabilities/696815/
|
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
but instead use the one in pythonPackages.
|