| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
The previous patch didn't handle the KEY_CONSIDERED status at the
correct position, because the status will be returned during signing and
not during verification.
So this time, let's handle it during signing and actually test it (I did
and it worked).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
If the nix-instantiate step in taalo-build should fail, we want it to
fail altogether rather than just going on and bailing out very late
(with an exit status of 0) when the readlink call fails.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
GnuPG 2.1.13 has introduced a KEY_CONSIDERED status, which isn't really
picked up well by Gajim:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html
There is also a new NOTATION_FLAGS status, but that shouldn't have an
effect on Gajim.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using systemctl restart or systemctl stop on any of the GnuPG
services, the sockets were closed and removed.
However we are using socket activation, so a simple restart of for
example the agent would cause the socket to be closed and removed and
afterwards the gpg-agent service is unable to pick up the socket again,
thus failing to start.
This in turn has led to GnuPG starting the agent by its own, entirely
bypassing socket activation and our shiny service module.
In order to cope with this, we need to provide LD_PRELOAD wrappers also
for remove() and close(), so that we can prevent GnuPG from closing the
systemd file descriptors.
I've also added a small subtest to ensure this won't happen again in the
future.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since GnuPG version 2.1.13 (NixOS/nixpkgs@b586b00), there is support for
XDG_RUNTIME_DIR so the sockets are in /run/user/gnupg instead of
~/.gnupg.
The full announcement can be found here:
https://lists.gnupg.org/pipermail/gnupg-announce/2016q2/000390.html
Unfortunately the fix is a bit more complicated, because if GNUPGHOME is
set to a non-default location, the sockets are to be found within the
directory specified in $GNUPGHOME instead.
So we also need to check the version of GnuPG so that we can properly
split up the socket directory from the GNUPGHOME.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
The default (light) package doesn't contain all the modules I need from
time to time, so having te replace the running pulseaudio daemon with
the full one is more of a hassle than worth keeping the light package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After disabling allowUnfree a while ago, I also decided that I want my
machines to stay clear of proprietary stuff as much as possible.
And as I particularly don't use any of the Microsoft corefonts, I don't
shed a tear if they're gone :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
| |
The right name for it is "signingkey" instead of "signkey" and the
reason this has worked for so long was that if there is no signingkey
value set, Git falls back to using the users name and email address
instead, which is accepted by GnuPG as well.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Regression introduced by fba5c2469bd5e95857c4ffd9db3dd0529f2485f3.
The derivation paths returned by nix-instantiate are usually valid store
paths, except when used with --add-root. In case of the latter, we get
the root symlink back, so we need to do an additional readlink on it.
We also now pass -t to mktemp so that $TMPDIR or /tmp is used instead of
the current working directory.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Time for a new GnuPG key, this time CCID-only :-)
This is the last commit you'll get using my old key (which will soon be
revoked as soon as I moved everything over to use the new key), so if
you're paranoid be sure to check the fingerprint against the signature
of this very commit.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
This is needed to ensure that the .drv file doesn't get garbage
collected while we're transferring it to taalo.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
We need to split off the !output from the derivation name returned by
nix-instantiate, because we can't realize such a path.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
| |
This is needed to access things such as the YubiKey 4.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
| |
I'm doing online banking using FinTS/HBCI via a card reader, so
libchipcard is needed as well.
Another package I've added is gwenhywfar because it contains commands
such as gct-tool, which is useful for debugging.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
Needed for various stuff such as YubiKey and card readers I use for
online banking.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
| |
Contains a fix for lower/greater than operators (LnL7/vim-nix#9).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@7cf8daa every chroot*-option has been renamed to
refer to "sandbox", because the name fits better (it's not only chroot).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With just taalo-build we can't realize plain .drv files, so let's use
the Perl part to just realize the derivations given by the command line
and provide two shell script wrappers on top of it:
* taalo-build: Similar to nix-build
* taalo-realize: Similar to nix-store -r
Having a command like taalo-realize is very useful if evaluation is done
on a different machine and the closure is just copied over to the local
machine before being sent to taalo.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We already have an "i3wm" test in upstream <nixpkgs> which is much more
thorough than the unfinished test I've made here.
The intention of this test however was to specifically test the Vuizvui
service module. Nevertheless, it's still just a dummy test and the
"i3wm" test works much better, so let's remove it until we have a more
complete implementation.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@73f1f5e, we have to refer to imagemagick.out for the
binaries, because we otherwise end up with the .dev output.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The CPU microcode is already excempted from it and unrar is unfree but
redistributable, so let's use our new unfreePkgs module attribute for
that.
Apart from that I haven't found anything else on my machines, but let's
see what happens after Hydra evaluates the jobset.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
The name "profiles" really doesn't match what these modules are for.
Instead they define the very core of Vuizvui and its internal plumbing
and those options are available/enabled to all machines and modules.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This basically provides module arguments with different variations of
the pkgs arguments so that it's easier to allow specific unfree packages
selectively.
Note that I deliberately chose "unfreeAndNonDistributablePkgs", because
we really want to let those packages stand out. We want to avoid
building those packages on Hydra as much as possible.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
I found this quite annoying sometimes if the screen is so dark that you
can't see anything. Just switching to red is pretty much sufficient I'd
say, at least for me.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
It's a lot more controllable running as a user service rather than
having it started with the X session, especially because I occasionally
tend to turn it off.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This test has been introduced by NixOS/nixpkgs@e936f7d and was part of
NixOS/nixpkgs#15275.
The check attribute is always true for this test, because it has to be
run no matter which configuration you're using. It basically makes sure
that boot stage 1 is working correctly.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
| |
The output actually doesn't exist and I got it confused with commit
fdc46c027f3116c7f86fce445798b841bf850f99. The .docdev output for
stdmanpages actually doesn't even make sense because it's *only*
developer documentation.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
It's about time to add these, because using a browser to look up the
definitions from a standard library function is quite annoying.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
With the merge of the closure-size branch, developer manpages are no
longer in the default output of the "man-pages" package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I use FireFox occasionally for whenever I'm forced to run ugly Java
plugins (in particular Hetzner's Lara machines use it).
I hope IcedTea is capable of running the Lara plugin, but even when not,
it's not a big deal-breaker as I didn't have to use Lara consoles for a
whole while now. And if it's the case, I can still look for a "fix" :-)
So another step towards being free of proprietary software.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
| |
Apart from an evaluation error (because ["nixos" "keymap"] results in an
attrset rather than a plain derivation), checking for the active keymap
explicitly makes more sense here. For example a user of a Neo keyboard
layout won't care about a failure of the Dvorak keyboard layout and vice
versa.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds the following missing tests which were missing for our
machine-based checks:
* Taskserver
* bridging, IPv4 and IPv6 for containers
* dnscrypt-proxy
* imperative containers
* keymap (only runs if not on qwerty)
* netbooting
These are the tests which were missing in Vuizvui as of current nixpkgs
revision NixOS/nixpkgs@bf8130684878747be7b1cc393f8aa147c500f14f.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0182e0ca12760da2aecd65de98c85a76ecdcedc6.
With the latest testing kernel, the machine still gets random GPU
lockups which are already fixed in linux-next, so let's get back to
linux-next even though things break from time to time.
We can still pin a specific next version to base our patches on once we
have a base version that's stable enough.
I've also fixed the backlight patch to compile against the latest next
version.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since the latest upstream version, the directory $out/etc/mpv doesn't
seem to get created anymore, but a quick strace shows that mpv still
tries to open it upon startup, so let's just create the directories
leading to mpv.conf.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is -rc3 + 17 commits ahead.
Configuration is once again just to get it to compile, the only new
configuration option that I really want to consider using is
CONFIG_FS_ENCRYPTION, everything else is just "updating config to latest
kernel".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|/
|
|
|
| |
Draws out the general config for all Labtops in its own module and
creates a structure to specify the setting which are different.
|
|
|
|
|
|
| |
Add simple fasd integration for fish.
A command `z` directly jumps to the most “frecent” folder fitting its
argument.
|
|
|
|
|
|
|
|
| |
This fix is more or less because of GCC 5 rather than just against
kernel 4.x, because the number of arguments for rtw_select_queue() have
been changed since 4.0 already.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
| |
This is to not clutter up the hardware/ namespace with patches (we're
going to add one).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, linux-next-20160408 introduces a few unrelated bugs to the
hardware, so instead of updating to the latest -next version, we're
going for the latest -rc instead.
This should also help a lot in development to focus on the important
parts instead of dealing with completely unrelated bugs/issues.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
I've disabled Flash support via chrome://plugins since quite a while and
I have to say that I'm quite happy without Flash, so let's finally get
rid of that proprietary blob for good :-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
| |
It doesn't make sense to pollute the system with additional environment
variables if we're using the defaults anyway, so only set it if it's not
"~/.gnupg".
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
|
|
|
|
|
|
|
|
| |
We do things such as placing gnupg into environment.systemPackages, so
calling this just "programs.gpg-agent" doesn't fit that. Especially if
we really want to have a way to specify configuration values in case I'm
getting masochistic someday ;-)
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|