Re: [Nix-dev] Hardening flags enabled by default
Thank you very much. Can't wait to deploy this to our LumiGuide workstations and production servers. Great work! 16.09 is looking to be an exciting release, just like 16.03 was! Cheers, Bas On 22 August 2016 at 13:31, Franz Pletz wrote: > Hi, > > yesterday the hardening-stdenv branch was merged to staging and is > slated to hit master soon. Here is the pull requests with lots of > comments: https://github.com/NixOS/nixpkgs/pull/12895 > > This is a work globin and myself did for the last 6 months. We have > been running that branch on our laptops and on production servers for > months now and fixed many compilation and runtime errors in the > process. We think it is ready now and should be included in he upcoming > 16.09 release. > > For background information and how to fix your packages if they fail > now (i.e. runtime errors we didn't catch), we have written documentation > that is available in the nixpkgs manual: > > https://hydra.nixos.org/build/38504599/download/1/nixpkgs/ > manual.html#sec-hardening-in-nixpkgs > > If you package new software and encounter unexpected compiler errors, > chances are you hit some problem with a hardening flag. In the manual > you will find the compiler errors we have encountered most of the time > for every hardening flag. > > Should you encounter problems or have any other issues with the > hardening flags, please open an issue in the nixpkgs repo and ping > @globin and @fpletz. We have to fix those before 16.09. ;) > > Cheers, > Franz > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Hardening flags enabled by default
Huge kudos for this work guys! Excellent job and much appreciated! kr/sjm ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Hardening flags enabled by default
Thank you so much! I've been running a staging server on this branch for a few weeks and all of the issues I had were addressed in your branch before I had time to flag them. This is really fantastic work not just for my servers but also for my ability to argue that NixOS has a story for security. Lastly I also think that it's an amazing testament to the leverage Nix provides that a small group of dedicated people can harden so many packages with a few months of work (not downplaying the work involved!). ~ On 22 August 2016 at 12:31, Franz Pletz wrote: > Hi, > > yesterday the hardening-stdenv branch was merged to staging and is > slated to hit master soon. Here is the pull requests with lots of > comments: https://github.com/NixOS/nixpkgs/pull/12895 > > This is a work globin and myself did for the last 6 months. We have > been running that branch on our laptops and on production servers for > months now and fixed many compilation and runtime errors in the > process. We think it is ready now and should be included in he upcoming > 16.09 release. > > For background information and how to fix your packages if they fail > now (i.e. runtime errors we didn't catch), we have written documentation > that is available in the nixpkgs manual: > > https://hydra.nixos.org/build/38504599/download/1/nixpkgs/ > manual.html#sec-hardening-in-nixpkgs > > If you package new software and encounter unexpected compiler errors, > chances are you hit some problem with a hardening flag. In the manual > you will find the compiler errors we have encountered most of the time > for every hardening flag. > > Should you encounter problems or have any other issues with the > hardening flags, please open an issue in the nixpkgs repo and ping > @globin and @fpletz. We have to fix those before 16.09. ;) > > Cheers, > Franz > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] Hardening flags enabled by default
Hi, yesterday the hardening-stdenv branch was merged to staging and is slated to hit master soon. Here is the pull requests with lots of comments: https://github.com/NixOS/nixpkgs/pull/12895 This is a work globin and myself did for the last 6 months. We have been running that branch on our laptops and on production servers for months now and fixed many compilation and runtime errors in the process. We think it is ready now and should be included in he upcoming 16.09 release. For background information and how to fix your packages if they fail now (i.e. runtime errors we didn't catch), we have written documentation that is available in the nixpkgs manual: https://hydra.nixos.org/build/38504599/download/1/nixpkgs/manual.html#sec-hardening-in-nixpkgs If you package new software and encounter unexpected compiler errors, chances are you hit some problem with a hardening flag. In the manual you will find the compiler errors we have encountered most of the time for every hardening flag. Should you encounter problems or have any other issues with the hardening flags, please open an issue in the nixpkgs repo and ping @globin and @fpletz. We have to fix those before 16.09. ;) Cheers, Franz pgpl7CiMeQsG7.pgp Description: OpenPGP digital signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev