machines/aszlig: temporarily whitelist webkitgtk

webkitgtk-2.4.11 is insecure, I am whitelisting it for now to fix the evaluation errors on the hydra. Consider, what you want to do on the issue long term, or just revert this commit as soon as the CVEs are fixed upstream, @aszlig!
author: sternenseemann <git@lukasepple.de> 2017-03-07 16:04:38 +0100
committer: sternenseemann <git@lukasepple.de> 2017-03-07 16:04:38 +0100
commit: f34f60216a94f41e684b2b2a29be9ca5f8f72940 (patch)
tree: eca3f7dd47f476ab756ccfb1be94ff5cd71914bc /machines/aszlig/managed
parent: 0ec2cd45ff4d6278344071e81ab742d2d157cb81 (diff)
2 files changed, 10 insertions, 0 deletions
diff --git a/machines/aszlig/managed/brawndo.nix b/machines/aszlig/managed/brawndo.nix
index 5154d1ce..40d2c8ec 100644
--- a/machines/aszlig/managed/brawndo.nix
+++ b/machines/aszlig/managed/brawndo.nix
@@ -5,6 +5,11 @@ let
   rootUUID = "dbbd5a35-3ac0-4d5a-837d-914457de14a4";
 
 in {
+  # whitelist insecure webkitgtk
+  nixpkgs.config.permittedInsecurePackages = [
+    "webkitgtk-2.4.11"
+  ];
+
   boot = {
     initrd.availableKernelModules = [
       "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"
diff --git a/machines/aszlig/managed/tyree.nix b/machines/aszlig/managed/tyree.nix
index ecc93217..873ed83c 100644
--- a/machines/aszlig/managed/tyree.nix
+++ b/machines/aszlig/managed/tyree.nix
@@ -1,6 +1,11 @@
 { config, pkgs, unfreeAndNonDistributablePkgs, lib, ... }:
 
 {
+  # whitelist insecure webkitgtk
+  nixpkgs.config.permittedInsecurePackages = [
+    "webkitgtk-2.4.11"
+  ];
+
   boot.initrd.availableKernelModules = [ "usbhid" ];
   boot.kernelModules = [ "kvm-intel" ];
author	sternenseemann <git@lukasepple.de>	2017-03-07 16:04:38 +0100
committer	sternenseemann <git@lukasepple.de>	2017-03-07 16:04:38 +0100
commit	f34f60216a94f41e684b2b2a29be9ca5f8f72940 (patch)
tree	eca3f7dd47f476ab756ccfb1be94ff5cd71914bc /machines/aszlig/managed
parent	0ec2cd45ff4d6278344071e81ab742d2d157cb81 (diff)