diff options
author | sternenseemann <git@lukasepple.de> | 2017-03-07 16:04:38 +0100 |
---|---|---|
committer | sternenseemann <git@lukasepple.de> | 2017-03-07 16:04:38 +0100 |
commit | f34f60216a94f41e684b2b2a29be9ca5f8f72940 (patch) | |
tree | eca3f7dd47f476ab756ccfb1be94ff5cd71914bc | |
parent | 0ec2cd45ff4d6278344071e81ab742d2d157cb81 (diff) |
machines/aszlig: temporarily whitelist webkitgtk
webkitgtk-2.4.11 is insecure, I am whitelisting it for now to fix the evaluation errors on the hydra. Consider, what you want to do on the issue long term, or just revert this commit as soon as the CVEs are fixed upstream, @aszlig!
-rw-r--r-- | machines/aszlig/arilou.nix | 5 | ||||
-rw-r--r-- | machines/aszlig/dnyarri.nix | 5 | ||||
-rw-r--r-- | machines/aszlig/managed/brawndo.nix | 5 | ||||
-rw-r--r-- | machines/aszlig/managed/tyree.nix | 5 | ||||
-rw-r--r-- | machines/aszlig/mmrnmhrm.nix | 5 | ||||
-rw-r--r-- | machines/aszlig/tishtushi.nix | 5 |
6 files changed, 30 insertions, 0 deletions
diff --git a/machines/aszlig/arilou.nix b/machines/aszlig/arilou.nix index 8fbc4353..a0cfc195 100644 --- a/machines/aszlig/arilou.nix +++ b/machines/aszlig/arilou.nix @@ -7,6 +7,11 @@ let modulesPath = "${import ../../nixpkgs-path.nix}/nixos/modules"; in { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + vuizvui.user.aszlig.profiles.workstation.enable = true; imports = [ "${modulesPath}/profiles/all-hardware.nix" ]; diff --git a/machines/aszlig/dnyarri.nix b/machines/aszlig/dnyarri.nix index 513d53cb..6789f729 100644 --- a/machines/aszlig/dnyarri.nix +++ b/machines/aszlig/dnyarri.nix @@ -1,6 +1,11 @@ { pkgs, lib, ... }: { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + vuizvui.user.aszlig.profiles.workstation.enable = true; nix.maxJobs = 8; diff --git a/machines/aszlig/managed/brawndo.nix b/machines/aszlig/managed/brawndo.nix index 5154d1ce..40d2c8ec 100644 --- a/machines/aszlig/managed/brawndo.nix +++ b/machines/aszlig/managed/brawndo.nix @@ -5,6 +5,11 @@ let rootUUID = "dbbd5a35-3ac0-4d5a-837d-914457de14a4"; in { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + boot = { initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" diff --git a/machines/aszlig/managed/tyree.nix b/machines/aszlig/managed/tyree.nix index ecc93217..873ed83c 100644 --- a/machines/aszlig/managed/tyree.nix +++ b/machines/aszlig/managed/tyree.nix @@ -1,6 +1,11 @@ { config, pkgs, unfreeAndNonDistributablePkgs, lib, ... }: { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + boot.initrd.availableKernelModules = [ "usbhid" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/machines/aszlig/mmrnmhrm.nix b/machines/aszlig/mmrnmhrm.nix index 4f9691ca..4fa3fa24 100644 --- a/machines/aszlig/mmrnmhrm.nix +++ b/machines/aszlig/mmrnmhrm.nix @@ -1,6 +1,11 @@ { pkgs, lib, ... }: { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + vuizvui.user.aszlig.profiles.workstation.enable = true; nix.maxJobs = 2; diff --git a/machines/aszlig/tishtushi.nix b/machines/aszlig/tishtushi.nix index 21ba9b3a..9fcc4e82 100644 --- a/machines/aszlig/tishtushi.nix +++ b/machines/aszlig/tishtushi.nix @@ -6,6 +6,11 @@ let storeUUID = "ce1db87b-d717-450d-a212-3685a224f626"; diskID = "ata-Hitachi_HTS543232A7A384_E2P31243FGB6PJ"; in { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + vuizvui.user.aszlig.profiles.workstation.enable = true; vuizvui.user.aszlig.system.kernel.enable = true; |