[Nix-commits] [NixOS/nixpkgs] adf044: nixos/dnscrypt-proxy: refactoring

Wed, 08 Mar 2017 10:09:19 -0800 

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: adf044e1fbb723e65942da887486a873c022e3ac
      
https://github.com/NixOS/nixpkgs/commit/adf044e1fbb723e65942da887486a873c022e3ac
  Author: Joachim Fasting <joach...@fastmail.fm>
  Date:   2017-03-08 (Wed, 08 Mar 2017)

  Changed paths:
    M nixos/modules/services/networking/dnscrypt-proxy.nix

  Log Message:
  -----------
  nixos/dnscrypt-proxy: refactoring

Use mkMerge to make the code a little more ergonomic and easier
to follow (to my eyes, anyway ...).  Also take the opportunity
to do some minor cleanups & tweaks, but no functional changes.


  Commit: e72aaa73eacb15b82270fe702517be97d1beba37
      
https://github.com/NixOS/nixpkgs/commit/e72aaa73eacb15b82270fe702517be97d1beba37
  Author: Joachim Fasting <joach...@fastmail.fm>
  Date:   2017-03-08 (Wed, 08 Mar 2017)

  Changed paths:
    M nixos/modules/services/networking/dnscrypt-proxy.nix

  Log Message:
  -----------
  nixos/dnscrypt-proxy: support updating before nss is up

Resolve download.dnscrypt.org using hostip with a bootstrap
resolver (hard-coded to Google Public DNS for now), to ensure
that we can get an up-to-date resolver list without working name
service lookups. This makes us more robust to the upstream
resolver list getting out of date and other DNS configuration
problems.

We use the curl --resolver switch to allow https cert validation
(we'd need to do --insecure if using just the ip addr). Note
that we don't rely on https for security but it's nice to have
it ...


  Commit: 5f27abec233604ebe543e4fc833f282a7c835b3f
      
https://github.com/NixOS/nixpkgs/commit/5f27abec233604ebe543e4fc833f282a7c835b3f
  Author: Joachim Fasting <joach...@fastmail.fm>
  Date:   2017-03-08 (Wed, 08 Mar 2017)

  Changed paths:
    M nixos/modules/services/networking/dnscrypt-proxy.nix

  Log Message:
  -----------
  nixos/dnscrypt-proxy: more fs isolation for the updater

It'd be better to do the update as an unprivileged user; for
now, we do our best to minimize the surface available.  We
filter mount syscalls to prevent the process from undoing the fs
isolation.


  Commit: 06520c7fb785b872e17112bf8be0b6ae1d7d0ec0
      
https://github.com/NixOS/nixpkgs/commit/06520c7fb785b872e17112bf8be0b6ae1d7d0ec0
  Author: Joachim Fasting <joach...@fastmail.fm>
  Date:   2017-03-08 (Wed, 08 Mar 2017)

  Changed paths:
    M nixos/modules/services/networking/dnscrypt-proxy.nix

  Log Message:
  -----------
  nixos/dnscrypt-proxy: indicate update status

Make it easier for the user to tell when the list is updated
and, at their option, see what changed.


Compare: https://github.com/NixOS/nixpkgs/compare/32bcda741a9f...06520c7fb785
_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

Reply via email to