| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using systemctl restart or systemctl stop on any of the GnuPG
services, the sockets were closed and removed.
However we are using socket activation, so a simple restart of for
example the agent would cause the socket to be closed and removed and
afterwards the gpg-agent service is unable to pick up the socket again,
thus failing to start.
This in turn has led to GnuPG starting the agent by its own, entirely
bypassing socket activation and our shiny service module.
In order to cope with this, we need to provide LD_PRELOAD wrappers also
for remove() and close(), so that we can prevent GnuPG from closing the
systemd file descriptors.
I've also added a small subtest to ensure this won't happen again in the
future.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
| |
The shell script embedded into the expect script had "set -x" enabled.
While this doesn't really hurt it doesn't really aid in debugging
either (expect -d works much better), so let's remove it.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since GnuPG version 2.1.13 (NixOS/nixpkgs@b586b00), there is support for
XDG_RUNTIME_DIR so the sockets are in /run/user/gnupg instead of
~/.gnupg.
The full announcement can be found here:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html
Unfortunately the fix is a bit more complicated, because if GNUPGHOME is
set to a non-default location, the sockets are to be found within the
directory specified in $GNUPGHOME instead.
So we also need to check the version of GnuPG so that we can properly
split up the socket directory from the GNUPGHOME.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
| |
Damn it, it seems to be too early in the morning X-D
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
| |
The default (light) package doesn't contain all the modules I need from
time to time, so having te replace the running pulseaudio daemon with
the full one is more of a hassle than worth keeping the light package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This one explicitly includes a MIT license, so let's actually prefer
this branch instead of the master brach.
I've also included commons and streamflyer to the list of bundled JARs
that are needed from the upstream repository. Of course, in the long
term it would be a good idea to actually package those in <nixpkgs> so
it's just temporary.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 65435d827c846ab2eef966601cd0490591b8dbe9.
Commit d730df7 fixed the meta.hydraPlatforms attribute, so the generic
channel now should build the patched gitit version as part of its
constituents and we don't need a dummy machine just for that anymore.
Other than that, the package now also gets built as a separate job to
allow for one-click installs.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @Profpatsch
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Within mapTestOn, meta.hydraPlatforms attribute has precedence over
meta.platforms. The original gitit derivation has hydraPlatforms set to
an empty list and it's aliased to meta.platforms.
Unfortunately that alias doesn't work with overrideCabal, because we'd
need to override the attributes passed to the callPackage'd function
(the mentioned alias is done during function attrset unpacking).
This fixes building gitit within the generic channel as well as
including it in the pkgs.* Hydra jobs.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @Profpatsch
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to 302fb4f4bc0213b231b9bf5b98093c60d3917313 the package should
be included in the hydra build, but it is not usable, because there is
no channel that waits for the gitit build to succeed.
This stub exists until someone finds out how to create such a
channel (aka the channel building mechanism is documented in a way that
it can be used by people not deeply familiar with both nixpkgs and
hydra).
cc @aszlig
|
| |
|
|
| |
pls crosscompile for me :heart:
|
| | |
|
| | |
|
| |
|
|
| |
By disabling.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
After disabling allowUnfree a while ago, I also decided that I want my
machines to stay clear of proprietary stuff as much as possible.
And as I particularly don't use any of the Microsoft corefonts, I don't
shed a tear if they're gone :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
| |
Clipboards finally synchronize.
|
| |
|
|
| |
Specify absolute nix store paths where possible.
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I didn't get the starcoscard to run with aqbanking so far and the bank
itself is very uncooperative if it comes to giving specific details
about their implementation of FinTS 3.00, so in the end I'm going to
move away from the bank.
But during transition this will work much better than running a Windows
VM (which I didn't have access to in the meantime, so I *had* to get
this running somehow), especially because we can wrap this plugin in
*any* browser that supports NPAPI.
Also, there seems to be some work implementing PPAPI support for
pipelight, but the branch is stale since quite a while:
https://bitbucket.org/mmueller2012/pipelight/branch/ppapi
Going back to the pesky Santander plugin:
In order to support PC/SC-Lite, we need to patch Wine to get support for
the winscard API. We also patch out unixfs, so while there definitely
are better sandboxing options this should suffice so that the plugin
doesn't write garbage on any location of the system (basically it works
entirely read-only).
So in the end we get a nice and small dwb browser, which directly opens
up the login page along with the plugin. The browser is wrapped so that
it only writes to a temporary location, so as soon as it is closed all
the cruft is cleaned up afterwards.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The right name for it is "signingkey" instead of "signkey" and the
reason this has worked for so long was that if there is no signingkey
value set, Git falls back to using the users name and email address
instead, which is accepted by GnuPG as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Regression introduced by fba5c2469bd5e95857c4ffd9db3dd0529f2485f3.
The derivation paths returned by nix-instantiate are usually valid store
paths, except when used with --add-root. In case of the latter, we get
the root symlink back, so we need to do an additional readlink on it.
We also now pass -t to mktemp so that $TMPDIR or /tmp is used instead of
the current working directory.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Time for a new GnuPG key, this time CCID-only :-)
This is the last commit you'll get using my old key (which will soon be
revoked as soon as I moved everything over to use the new key), so if
you're paranoid be sure to check the fingerprint against the signature
of this very commit.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
| |
one can easily tell I don't currently use the vuizvui channel.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This is needed to ensure that the .drv file doesn't get garbage
collected while we're transferring it to taalo.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
We need to split off the !output from the derivation name returned by
nix-instantiate, because we can't realize such a path.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
| |
This is needed to access things such as the YubiKey 4.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
| |
I'm doing online banking using FinTS/HBCI via a card reader, so
libchipcard is needed as well.
Another package I've added is gwenhywfar because it contains commands
such as gct-tool, which is useful for debugging.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Needed for various stuff such as YubiKey and card readers I use for
online banking.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Just tested it a bit but haven't really played it (and probably won't
have time to during the next weeks).
This is the version that got released on 2016-06-02 and it needs a small
preload wrapper because it tries to load assets and other stuff relative
to the current directory. The preloader makes sure that the correct
store path is read instead.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Since the merge of the closure-size branch, the curl binary now is in a
dedicated output ".bin".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
| |
Contains a fix for lower/greater than operators (LnL7/vim-nix#9).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
Since NixOS/nixpkgs@7cf8daa every chroot*-option has been renamed to
refer to "sandbox", because the name fits better (it's not only chroot).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
| |
As of NixOS/nixpkgs@32bed83 the boot loader specific timeout options are
gone and there is only a single option for all boot loaders now.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
| |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's a small helper tool which I specifically use for running NixOS
tests (especially the installer ones) that require <nixpkgs> to be
copied to the store.
What git-detach does is creating a temporary working directory which
only contains a trimmed-down (without untracked files and .git
directory) version of the current Git repository.
So in case of <nixpkgs> this is especially useful to keep down the
closure size whenever the working dir is going to be exported to the
store.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With just taalo-build we can't realize plain .drv files, so let's use
the Perl part to just realize the derivations given by the command line
and provide two shell script wrappers on top of it:
* taalo-build: Similar to nix-build
* taalo-realize: Similar to nix-store -r
Having a command like taalo-realize is very useful if evaluation is done
on a different machine and the closure is just copied over to the local
machine before being sent to taalo.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
| |
It makes sense to not only include Vuizvui specific packages to the
constituents of the generic channel, but also all of the Vuizvui
specific tests as well, because if we want to use modules from machines
outside of Vuizvui, we really want to make sure they get a well-tested
channel as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds all the packages that are marked to be built on Hydra to the
constituents of the generic channel so that we can ensure that the
channel always stays with succeeding builds.
It's especially useful for the patched gitlab that is used for the
OpenLab website VM, because it is not a NixOS system. We can simply use
the generic channel over there and stay up-to-date with it without
getting broken builds.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @Profpatsch
|
| |
|
|
|
|
| |
Forgot to do that in ea85dd3eaf0cbd19ddf22f41391d092a21147063.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
According to @Profpatsch the whole point of this dummy machine was that
the patched gitit version should be built on Hydra.
We don't need to have such workarounds, because we're already recursing
through all packages in the Vuizvui namespace whether meta.platforms
includes a system that we support on our Hydra.
This has been done with a4d6395 so "website-vm" is obsolete now.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
