From f34f60216a94f41e684b2b2a29be9ca5f8f72940 Mon Sep 17 00:00:00 2001 From: sternenseemann Date: Tue, 7 Mar 2017 16:04:38 +0100 Subject: machines/aszlig: temporarily whitelist webkitgtk webkitgtk-2.4.11 is insecure, I am whitelisting it for now to fix the evaluation errors on the hydra. Consider, what you want to do on the issue long term, or just revert this commit as soon as the CVEs are fixed upstream, @aszlig! --- machines/aszlig/arilou.nix | 5 +++++ machines/aszlig/dnyarri.nix | 5 +++++ machines/aszlig/managed/brawndo.nix | 5 +++++ machines/aszlig/managed/tyree.nix | 5 +++++ machines/aszlig/mmrnmhrm.nix | 5 +++++ machines/aszlig/tishtushi.nix | 5 +++++ 6 files changed, 30 insertions(+) (limited to 'machines/aszlig') diff --git a/machines/aszlig/arilou.nix b/machines/aszlig/arilou.nix index 8fbc4353..a0cfc195 100644 --- a/machines/aszlig/arilou.nix +++ b/machines/aszlig/arilou.nix @@ -7,6 +7,11 @@ let modulesPath = "${import ../../nixpkgs-path.nix}/nixos/modules"; in { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + vuizvui.user.aszlig.profiles.workstation.enable = true; imports = [ "${modulesPath}/profiles/all-hardware.nix" ]; diff --git a/machines/aszlig/dnyarri.nix b/machines/aszlig/dnyarri.nix index 513d53cb..6789f729 100644 --- a/machines/aszlig/dnyarri.nix +++ b/machines/aszlig/dnyarri.nix @@ -1,6 +1,11 @@ { pkgs, lib, ... }: { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + vuizvui.user.aszlig.profiles.workstation.enable = true; nix.maxJobs = 8; diff --git a/machines/aszlig/managed/brawndo.nix b/machines/aszlig/managed/brawndo.nix index 5154d1ce..40d2c8ec 100644 --- a/machines/aszlig/managed/brawndo.nix +++ b/machines/aszlig/managed/brawndo.nix @@ -5,6 +5,11 @@ let rootUUID = "dbbd5a35-3ac0-4d5a-837d-914457de14a4"; in { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + boot = { initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" diff --git a/machines/aszlig/managed/tyree.nix b/machines/aszlig/managed/tyree.nix index ecc93217..873ed83c 100644 --- a/machines/aszlig/managed/tyree.nix +++ b/machines/aszlig/managed/tyree.nix @@ -1,6 +1,11 @@ { config, pkgs, unfreeAndNonDistributablePkgs, lib, ... }: { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + boot.initrd.availableKernelModules = [ "usbhid" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/machines/aszlig/mmrnmhrm.nix b/machines/aszlig/mmrnmhrm.nix index 4f9691ca..4fa3fa24 100644 --- a/machines/aszlig/mmrnmhrm.nix +++ b/machines/aszlig/mmrnmhrm.nix @@ -1,6 +1,11 @@ { pkgs, lib, ... }: { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + vuizvui.user.aszlig.profiles.workstation.enable = true; nix.maxJobs = 2; diff --git a/machines/aszlig/tishtushi.nix b/machines/aszlig/tishtushi.nix index 21ba9b3a..9fcc4e82 100644 --- a/machines/aszlig/tishtushi.nix +++ b/machines/aszlig/tishtushi.nix @@ -6,6 +6,11 @@ let storeUUID = "ce1db87b-d717-450d-a212-3685a224f626"; diskID = "ata-Hitachi_HTS543232A7A384_E2P31243FGB6PJ"; in { + # whitelist insecure webkitgtk + nixpkgs.config.permittedInsecurePackages = [ + "webkitgtk-2.4.11" + ]; + vuizvui.user.aszlig.profiles.workstation.enable = true; vuizvui.user.aszlig.system.kernel.enable = true; -- cgit 1.4.1