diff options
author | sternenseemann <git@lukasepple.de> | 2017-03-07 16:04:38 +0100 |
---|---|---|
committer | sternenseemann <git@lukasepple.de> | 2017-03-07 16:04:38 +0100 |
commit | f34f60216a94f41e684b2b2a29be9ca5f8f72940 (patch) | |
tree | eca3f7dd47f476ab756ccfb1be94ff5cd71914bc /machines/aszlig/managed/tyree.nix | |
parent | 0ec2cd45ff4d6278344071e81ab742d2d157cb81 (diff) |
machines/aszlig: temporarily whitelist webkitgtk
webkitgtk-2.4.11 is insecure, I am whitelisting it for now to fix the evaluation errors on the hydra. Consider, what you want to do on the issue long term, or just revert this commit as soon as the CVEs are fixed upstream, @aszlig!
Diffstat (limited to 'machines/aszlig/managed/tyree.nix')
-rw-r--r-- | machines/aszlig/managed/tyree.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/machines/aszlig/managed/tyree.nix b/machines/aszlig/managed/tyree.nix index ecc93217..873ed83c 100644 --- a/machines/aszlig/managed/tyree.nix +++ b/machines/aszlig/managed/tyree.nix @@ -1,6 +1,11 @@ { config, pkgs, unfreeAndNonDistributablePkgs, lib, ... }: { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + boot.initrd.availableKernelModules = [ "usbhid" ]; boot.kernelModules = [ "kvm-intel" ]; |