Re: [Nix-dev] nix-daemon and private git repos

2017-07-04 Thread Alexander V. Nikolaev
On Mon, Jul 03, 2017 at 03:19:31PM +0200, Harmen wrote:

I have `fetchgitCustom` expression, which can use pre-seeded "deploy"
keys (but with some security implications -- because key is
world-readable). It works with sandbox builds, and should work with
hydra as well.

If anyone interesting in this solution, I'll prepare PR soon.

> I'm struggling to get fetchgitPrivate to work on nix-daemon installation (no
> NixOS, these are Ubuntu machines with nix).
> I can make it work on my dev machine, with is a non-daemon install, by setting
> 
> NIX_PATH=ssh-config-file=/my/ssh/config:$NIX_PATH
> 
> But that doesn't work in sandboxed daemon mode, because the nixbld* users 
> can't
> read that file (both because of access rights, and because of the sandbox).
> 
> Nix has this warning in fetchgitPrivate:
> > Note that the config file and any keys it points to must be readable
> > by the build user, which depending on your nix configuration means making it
> > readable by the build-users-group, the user of the running nix-daemon, or 
> > the
> > user calling the nix command which started the build. Similarly, if using an
> > ssh agent ssh-auth-sock must point to a socket the build user can access.
> > You may need StrictHostKeyChecking=no in the config file. Since ssh
> > will refuse to use a group-readable private key, if using build-users you 
> > will
> > likely want to use something like IdentityFile /some/directory/%u/key and 
> > have
> > a directory for each build user accessible to that user.
> from
> https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/fetchgit/private.nix
> 
> which sounds reasonable, but it I don't see how to do that since I don't know
> exactly which user will run the build. Also because of the sandbox the build
> can't read the ssh config file at all.
> 
> 
> So next option is to generate the configfile in my expression, a-la
> https://www.mpscholten.de/nixos/2016/07/07/private-github-repositories-and-nixos.html
> but I don't know how to set nix.path from inside an expression. It would also
> require bundling the key with the expression, but if that works...
> 
> 
> I can't be the first to want to use fetchgitPrivate with a sandboxed
> nix-daemon. Any experiences or tips?
> Thanks!
> Harmen
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


Re: [Nix-dev] packaging windows applications through wine

2017-04-26 Thread Alexander V. Nikolaev
On Tue, Apr 25, 2017 at 02:01:11AM +0200, aszlig wrote:

> I guess the simplest method would be the latter, because if you extract
> the installer archive there might be some missing files or registry keys
> that you need to apply as well.
> 
> Here is an example for automating this via xdotool:
> 
> https://github.com/openlab-aux/vuizvui/blob/97e440e996e9c418e46af3dbcdba58595b5c11ea/pkgs/aszlig/santander/default.nix#L63-L74
> 

Looks interesting. Thank you for link.

> > The other challenge I see is where do you put the wineprefix? Because
> > on the one hand you want the installation to happen at system build
> > time, so that would suggest the nix store. But you also want the
> > application to be able to write files (like saves ) so that would
> > have to be in your home folder.
> 
> You could set the user data directory to some other unix path via
> dosdevices/ and change %APPDATA% accordingly, like:
> 
> https://support.microsoft.com/en-us/help/190234/prb-how-to-modify-the-personal-directory-for-all-new-users
> 
> Another way would be to use a wrapper that uses overlayfs to write all
> the differences of the immutable store path to some location within the
> home directory (like eg. ${XDG_DATA_HOME:-$HOME/.local/share}/your_app).
> 

Combination of bindfs+unionfs works well.
(bindfs for mangle permissions from 0444 to 0644, otherwise unionfs show
files from store as read-only. I picked unionfs as more bullet-proof,
don't know how kernel' overlayfs behave here)
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


Re: [Nix-dev] The Church of Suckless NixOS is looking for followers

2017-03-19 Thread Alexander V. Nikolaev
On Sat, Mar 18, 2017 at 06:42:37PM +0100, Lukas Epple wrote:

> > - Don't PR our changes to nixos subtree (a waste of time)
> 
> I think this is childish, or even dangerous.
> 

+1

> Instead of wasting your time on a NixOS fork, just build an abstraction
> over *any* init/daemon management system (so atm systemd, openrc, runit,
> sinit, …) and get it into NixOS upstream for great good. Just looking at
> the wonderful abstraction NixOS has already given us, I am sure, that it
> is indeed possible to incorporate two very different approaches to Linx
> distribution architecture into NixOS.

I am ok with systemd myself, but I upvote init abstraction layer here,
and would like to contribute to, if it will be part of main
nixpkgs/nixos.

I think we can re-use pre-serialised `systemd.services` attrset, using
it for emitting plain sysvinit scripts, or runit scripts. And may be
later introduce new intermediate layer here.


With best regards,
Alex.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] d35e2d: lxc: 2.0.4 -> 2.0.6 (security)

2016-11-28 Thread Alexander V. Nikolaev
  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: d35e2de76099a993e0eb606535834bb8ffe441c2
  
https://github.com/NixOS/nixpkgs/commit/d35e2de76099a993e0eb606535834bb8ffe441c2
  Author: Alexander V. Nikolaev <a...@avnik.info>
  Date:   2016-11-28 (Mon, 28 Nov 2016)

  Changed paths:
M pkgs/os-specific/linux/lxc/default.nix

  Log Message:
  ---
  lxc: 2.0.4 -> 2.0.6 (security)

https://security-tracker.debian.org/tracker/CVE-2016-8649
(cherry picked from commit 514b3763f74330729ce62c39599ecd81db710d57)


  Commit: 3e8dc13478fc0f436a7022f9625b2cf4748bcef6
  
https://github.com/NixOS/nixpkgs/commit/3e8dc13478fc0f436a7022f9625b2cf4748bcef6
  Author: Alexander V. Nikolaev <a...@avnik.info>
  Date:   2016-11-28 (Mon, 28 Nov 2016)

  Changed paths:
M pkgs/os-specific/linux/lxc/default.nix

  Log Message:
  ---
  lxc: fix sandbox builds

Package attempt to write /etc/bash_completion.d, I directed it to
"${out}/etc/bash_completion.d" as it was suggested.

(cherry picked from commit 36053e4907ccee9cd1845da87ae2846384571c0a)


Compare: https://github.com/NixOS/nixpkgs/compare/721f2b9fb2fe...3e8dc13478fc___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 1b5ab6: go-bindata-assetfs: init at 20160814

2016-11-11 Thread Alexander V. Nikolaev
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 1b5ab63bd2f67f86d0798cc4d0c5ae84a4c55070
  
https://github.com/NixOS/nixpkgs/commit/1b5ab63bd2f67f86d0798cc4d0c5ae84a4c55070
  Author: Alexander V. Nikolaev <a...@avnik.info>
  Date:   2016-11-11 (Fri, 11 Nov 2016)

  Changed paths:
A pkgs/development/tools/go-bindata-assetfs/default.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  go-bindata-assetfs: init at 20160814


  Commit: 9bd197fc975e78a21183f7616ab90d449329ecf7
  
https://github.com/NixOS/nixpkgs/commit/9bd197fc975e78a21183f7616ab90d449329ecf7
  Author: Alexander V. Nikolaev <a...@avnik.info>
  Date:   2016-11-11 (Fri, 11 Nov 2016)

  Changed paths:
A pkgs/development/tools/continuous-integration/drone/default.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  drone: init at 0.5-20160813


  Commit: 9743c0e623ec0b62230241a4fa69b3cdc7ccaca1
  
https://github.com/NixOS/nixpkgs/commit/9743c0e623ec0b62230241a4fa69b3cdc7ccaca1
  Author: Alexander V. Nikolaev <a...@avnik.info>
  Date:   2016-11-11 (Fri, 11 Nov 2016)

  Changed paths:
M pkgs/development/tools/continuous-integration/drone/default.nix

  Log Message:
  ---
  drone: fix build issue on OSX

also update all hashes to recent snapshots


Compare: https://github.com/NixOS/nixpkgs/compare/0838c10e22c3...9743c0e623ec___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 80a9ec: irssi: 1.8.19 -> 1.8.20 (security)

2016-09-21 Thread Alexander V. Nikolaev
  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 80a9ec383e0fc5e3bccee2250712d38d87712a7d
  
https://github.com/NixOS/nixpkgs/commit/80a9ec383e0fc5e3bccee2250712d38d87712a7d
  Author: Alexander V. Nikolaev <a...@avnik.info>
  Date:   2016-09-22 (Thu, 22 Sep 2016)

  Changed paths:
M pkgs/applications/networking/irc/irssi/default.nix

  Log Message:
  ---
  irssi: 1.8.19 -> 1.8.20 (security)

https://irssi.org/security/irssi_sa_2016.txt
  CVE-2016-7044
  CVE-2016-7045

(cherry picked from commit b3ada0bce942a8b6c186245ceee7d9b806110e2d)


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] b3ada0: irssi: 1.8.19 -> 1.8.20 (security)

2016-09-21 Thread Alexander V. Nikolaev
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: b3ada0bce942a8b6c186245ceee7d9b806110e2d
  
https://github.com/NixOS/nixpkgs/commit/b3ada0bce942a8b6c186245ceee7d9b806110e2d
  Author: Alexander V. Nikolaev <a...@avnik.info>
  Date:   2016-09-22 (Thu, 22 Sep 2016)

  Changed paths:
M pkgs/applications/networking/irc/irssi/default.nix

  Log Message:
  ---
  irssi: 1.8.19 -> 1.8.20 (security)

https://irssi.org/security/irssi_sa_2016.txt
  CVE-2016-7044
  CVE-2016-7045


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] dc5293: wine: 1.9.13 -> 1.9.14 (#16862)

2016-07-11 Thread Alexander V. Nikolaev
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: dc5293d80b9c690dcb0c95d7174c16140f0fd089
  
https://github.com/NixOS/nixpkgs/commit/dc5293d80b9c690dcb0c95d7174c16140f0fd089
  Author: Alexander V. Nikolaev <a...@daemon.hole.ru>
  Date:   2016-07-11 (Mon, 11 Jul 2016)

  Changed paths:
M pkgs/misc/emulators/wine/base.nix
M pkgs/misc/emulators/wine/sources.nix

  Log Message:
  ---
  wine: 1.9.13 -> 1.9.14 (#16862)

* Update wineUnstable: 1.9.13 -> 1.9.14
* Update staging: 1.9.13 -> 1.9.14
* Add myself as co-maintainer, because I am do regular updates.


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits