about summary refs log tree commit diff
path: root/nixos/doc
AgeCommit message (Collapse)AuthorFilesLines
2017-02-24nixpkgs: allow packages to be marked insecureGraham Christensen1-0/+8
If a package's meta has `knownVulnerabilities`, like so: stdenv.mkDerivation { name = "foobar-1.2.3"; ... meta.knownVulnerabilities = [ "CVE-0000-00000: remote code execution" "CVE-0000-00001: local privilege escalation" ]; } and a user attempts to install the package, they will be greeted with a warning indicating that maybe they don't want to install it: error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate. Known issues: - CVE-0000-00000: remote code execution - CVE-0000-00001: local privilege escalation You can install it anyway by whitelisting this package, using the following methods: a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to `nixpkgs.config.permittedInsecurePackages` in the configuration.nix, like so: { nixpkgs.config.permittedInsecurePackages = [ "foobar-1.2.3" ]; } b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add ‘foobar-1.2.3’ to `permittedInsecurePackages` in ~/.config/nixpkgs/config.nix, like so: { permittedInsecurePackages = [ "foobar-1.2.3" ]; } Adding either of these configurations will permit this specific version to be installed. A third option also exists: NIXPKGS_ALLOW_INSECURE=1 nix-build ... though I specifically avoided having a global file-based toggle to disable this check. This way, users don't disable it once in order to get a single package, and then don't realize future packages are insecure.
2017-02-22nixos/release-notes: fix typosFranz Pletz1-2/+2
2017-02-22Merge pull request #23046 from Zimmi48/patch-2Jörg Thalheim1-1/+5
nixos/manual/networkmanager: add info on nm-applet
2017-02-22Merge pull request #23045 from Zimmi48/patch-1Jörg Thalheim1-1/+5
nixos/manual/xserver: propose more alternatives
2017-02-22Merge pull request #22822 from Mic92/iputilsJörg Thalheim1-0/+12
iputils: 20151218 -> 20161105
2017-02-22nixos/release-notes: mention iputils changesJörg Thalheim1-0/+12
2017-02-21nixos/manual/networkmanager: add info on nm-appletThéo Zimmermann1-1/+5
2017-02-21nixos/manual/xserver: propose more alternativesThéo Zimmermann1-1/+5
2017-02-20manual: Add link to config section (#22994)Lorenzo Manacorda1-1/+1
Add link to "Configuration" chapter from "Changing the Configuration" section. Also, fix grammar error. (cherry picked from commit a585f987fa32f2e81b3f273291971151c25f98b7)
2017-02-14Revert "nix-daemon: default useSandbox to true"Graham Christensen1-4/+0
This reverts commit d0a086770a1be8c1f3175c195587052c5a5bfe1c.
2017-02-14Merge pull request #22767 from grahamc/sandbox-by-defaultGraham Christensen1-0/+4
nix-daemon: default useSandbox to true
2017-02-14Addressing feedback and fixing a bugParnell Springmeyer1-4/+2
2017-02-13Merging against upstream masterParnell Springmeyer9-32/+234
2017-02-13nix-daemon: default useSandbox to trueGraham Christensen1-0/+4
2017-02-13php: default to php71Robin Gloster1-0/+4
2017-02-13Manual: document users.users.<name>.hashedPasswordLinus Heckemann1-1/+4
2017-02-12xorg-server: major bump 1.18.4 -> 1.19.1Vladimír Čunát1-0/+6
I encountered no problems with it. Nvidia binary drivers are tested, and AMD ones now both set `abiCompat` to use older server versions.
2017-02-11nixos manual: add grub option to avoid #21830Vladimír Čunát1-0/+4
Close #22659. vcunat edited this slightly.
2017-02-10nixos manual: correct reference to sddmGraham Christensen1-2/+2
2017-02-09nixos: update default cases from KDM/KDE4 to SDDM/KDE5Graham Christensen4-32/+31
2017-02-09nixos, doc: dictd dbs moveEdward Tjörnhammar1-0/+9
2017-02-09nixos, doc: named nylonsEdward Tjörnhammar1-0/+30
2017-02-09Merge #22491: Add documentation for XfceVladimír Čunát2-0/+106
2017-02-09Xfce docs nitpicksVladimír Čunát1-9/+10
- fix validity - XFCE -> Xfce, as that seems to be upstream preference
2017-02-08release notes: mention JRE changes and jre_headlessNikolay Amiantov1-0/+12
2017-02-07Add xfce documentationMatthias Beyer1-0/+1
2017-02-06fixup! Add documentation for XFCEMatthias Beyer1-1/+56
2017-02-06Add documentation for XFCEMatthias Beyer1-0/+49
2017-02-06postfix service: don't empty local_recipient_mapsNikolay Amiantov1-1/+11
From Postfix documentation: With this setting, the Postfix SMTP server will not reject mail with "User unknown in local recipient table". Don't do this on systems that receive mail directly from the Internet. With today's worms and viruses, Postfix will become a backscatter source: it accepts mail for non-existent recipients and then tries to return that mail as "undeliverable" to the often forged sender address.
2017-02-03Merge pull request #21875 from abbradar/gateway-interfaceNikolay Amiantov1-0/+20
Allow specifying interface for default gateway
2017-02-02manual: mention needed options for IPv6Nikolay Amiantov1-0/+20
2017-01-29Merging with upstreamParnell Springmeyer1-1/+8
2017-01-28Addressing PR feedbackParnell Springmeyer2-1/+9
2017-01-27pythonPackages.ansible2: move 2.2 to separate file, make defaultFrederik Rietdijk1-1/+8
`pythonPackages.ansible_2_2` is now the default `ansible`.
2017-01-26Merging against master - updating smokingpig, rebase was going to be messyParnell Springmeyer2-1/+64
2017-01-26More fixes and improvementsParnell Springmeyer1-1/+1
2017-01-25nixos/doc/installing: Fix typo in <literal/>aszlig1-1/+1
The tag wasn't properly closed which caused the manual build to fail. Tested with: nix-build nixos/release.nix -A manual.x86_64-linux Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-01-25installing: document how to activate SSH during installationPascal Bach1-0/+5
2017-01-25nixos/release-notes: document conntrack helper changesFranz Pletz1-0/+13
2017-01-24nixos doc: Mention cross overhaul in 17.03 release notesJohn Ericson1-0/+9
2017-01-17Remove extra "in" keyword from the release notes about overlays.Nicolas B. Pierron1-1/+1
Thanks to @teh for reporting this issue on the pull request.
2017-01-16Fix release-notes compilation.Nicolas B. Pierron1-2/+2
2017-01-16Update overlay documentation by following nits from aneeshusa.Nicolas B. Pierron1-1/+1
2017-01-16Improve the realse notes with the upcoming documentation links, and a better ↵Nicolas B. Pierron1-6/+26
example of how to convert overridePackages usage.
2017-01-16Add missing line break in the release notes.Nicolas B. Pierron1-1/+2
2017-01-16Add overlays mechanism to Nixpkgs.Nicolas B. Pierron1-1/+8
This patch add a new argument to Nixpkgs default expression named "overlays". By default, the value of the argument is either taken from the environment variable `NIXPKGS_OVERLAYS`, or from the directory `~/.nixpkgs/overlays/`. If the environment variable does not name a valid directory then this mechanism would fallback on the home directory. If the home directory does not exists it will fallback on an empty list of overlays. The overlays directory should contain the list of extra Nixpkgs stages which would be used to extend the content of Nixpkgs, with additional set of packages. The overlays, i-e directory, files, symbolic links are used in alphabetical order. The simplest overlay which extends Nixpkgs with nothing looks like: ```nix self: super: { } ``` More refined overlays can use `super` as the basis for building new packages, and `self` as a way to query the final result of the fix-point. An example of overlay which extends Nixpkgs with a small set of packages can be found at: https://github.com/nbp/nixpkgs-mozilla/blob/nixpkgs-overlay/moz-overlay.nix To use this file, checkout the repository and add a symbolic link to the `moz-overlay.nix` file in `~/.nixpkgs/overlays` directory.
2017-01-13top-level: Modernize stdenv.overrides giving it self and superJohn Ericson1-0/+8
Document breaking change in 17.03 release notes
2016-12-18release notes: grammar nitpicks in an entryVladimír Čunát1-3/+3
/cc #21257.
2016-12-18ntp: document new default ntp service in release notesJörg Thalheim1-0/+11
2016-12-15doc: correct typo (#21176)Théo Zimmermann1-1/+1
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-05 17:48:19 +0000