Excerpts from Yury G. Kudryashov's message of Sat Aug 20 16:18:27 +0200 2011: > We have quite a few *.packages variables in NixOS: udev.packages, > hal.packages, dbus.packages etc. > I see only one reason for separating these packages from system.packages:
system.packages? Am I outdated or are you talking about environment.systemPackages? > programs/config files/... supplied by these packages are likely to be > executed/readed by a daemon running under root priveledges. > I propose to merge these variables into one variable (say, > security.packages). If nobody objects, I'll start working on this. What exactly are you trying to do? Eg in the "dbus" case I had the understanding that services.dbus.packages is a list of packages providing dbus services. Because the relation between services and packages providing service configurations is n:m I don't see that your solution is going to improve anything? I mean if a package provides two services having security.packages will not allow you to use one only (Not sure if you need this feature at all). > Also I'd like to change the way /var/setuid-wrappers list is generated. > I propose the following way: packages in nixpkgs advertise that they need > given binary to be wrapped as setuid. For each package in security.packages, > we create all wrappers requested by these packages. Which will change "opt-in" to "opt-in automatically if condition" where condition means something like "package has been added to environment.systemPackages" ? I'm not objecting here. Just trying to understand the difference. Marc Weber _______________________________________________ nix-dev mailing list [email protected] https://mail.cs.uu.nl/mailman/listinfo/nix-dev
