diff options
author | sternenseemann <git@lukasepple.de> | 2017-03-07 16:04:38 +0100 |
---|---|---|
committer | sternenseemann <git@lukasepple.de> | 2017-03-07 16:04:38 +0100 |
commit | f34f60216a94f41e684b2b2a29be9ca5f8f72940 (patch) | |
tree | eca3f7dd47f476ab756ccfb1be94ff5cd71914bc /machines/aszlig/managed | |
parent | 0ec2cd45ff4d6278344071e81ab742d2d157cb81 (diff) |
machines/aszlig: temporarily whitelist webkitgtk
webkitgtk-2.4.11 is insecure, I am whitelisting it for now to fix the evaluation errors on the hydra. Consider, what you want to do on the issue long term, or just revert this commit as soon as the CVEs are fixed upstream, @aszlig!
Diffstat (limited to 'machines/aszlig/managed')
-rw-r--r-- | machines/aszlig/managed/brawndo.nix | 5 | ||||
-rw-r--r-- | machines/aszlig/managed/tyree.nix | 5 |
2 files changed, 10 insertions, 0 deletions
diff --git a/machines/aszlig/managed/brawndo.nix b/machines/aszlig/managed/brawndo.nix index 5154d1ce..40d2c8ec 100644 --- a/machines/aszlig/managed/brawndo.nix +++ b/machines/aszlig/managed/brawndo.nix @@ -5,6 +5,11 @@ let rootUUID = "dbbd5a35-3ac0-4d5a-837d-914457de14a4"; in { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + boot = { initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" diff --git a/machines/aszlig/managed/tyree.nix b/machines/aszlig/managed/tyree.nix index ecc93217..873ed83c 100644 --- a/machines/aszlig/managed/tyree.nix +++ b/machines/aszlig/managed/tyree.nix @@ -1,6 +1,11 @@ { config, pkgs, unfreeAndNonDistributablePkgs, lib, ... }: { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + boot.initrd.availableKernelModules = [ "usbhid" ]; boot.kernelModules = [ "kvm-intel" ]; |