[Nix-commits] [NixOS/nixpkgs] fa6fd3: github/pr-template: Add note about NixOS tests

Thu, 22 Jun 2017 20:57:02 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: fa6fd34fcca07c0762ef3bc44962e2dc49937454
      
https://github.com/NixOS/nixpkgs/commit/fa6fd34fcca07c0762ef3bc44962e2dc49937454
  Author: aszlig <asz...@redmoonstudios.org>
  Date:   2017-06-23 (Fri, 23 Jun 2017)

  Changed paths:
    M .github/PULL_REQUEST_TEMPLATE.md

  Log Message:
  -----------
  github/pr-template: Add note about NixOS tests

On several occasions I've seen people bumping packages which have NixOS
tests but without actually running them.

While this probably won't prevent such occasions entirely, at least it
serves as an additional checklist item so contributors don't forget
about these tests.

Signed-off-by: aszlig <asz...@redmoonstudios.org>


  Commit: 63fb845fcf6ea02db7933f503948a01fb2f6c2a4
      
https://github.com/NixOS/nixpkgs/commit/63fb845fcf6ea02db7933f503948a01fb2f6c2a4
  Author: aszlig <asz...@redmoonstudios.org>
  Date:   2017-06-23 (Fri, 23 Jun 2017)

  Changed paths:
    M pkgs/applications/virtualization/virtualbox/hardened.patch

  Log Message:
  -----------
  virtualbox: Rebase hardened.patch on top of 5.1.22

The merge of the version bump in
6fb9f892382b4b091fc9edcae00e2eb4c0729bda didn't take care of our patch
for the hardening mode and thus enabling VirtualBox without also
force-disabling hardening mode will result in a build error.

While the patch is largely identical with the old version, I've removed
one particular change around the following code:

    if (pFsObjState->Stat.st_mode & S_IWOTH)
  return supR3HardenedSetError3(VERR_SUPLIB_WORLD_WRITABLE, pErrInfo,
                                "World writable: '", pszPath, "'");

In the old version of the patch we have checked whether the path is
within the Nix store and suppressed the error return if that's the case.

The reason why I did that in the first place was because we had a bunch
of symlinks which were writable.

In VirtualBox 5.1.22 the code specifically checks whether the file is a
symlink, so we can safely drop our change.

Tested via all of the "virtualbox" NixOS VM subtests and they now all
succeed.

Signed-off-by: aszlig <asz...@redmoonstudios.org>


Compare: https://github.com/NixOS/nixpkgs/compare/6fb9f892382b...63fb845fcf6e
_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits

Reply via email to