Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set DynamicUser=true for hoogle #102076

Merged
merged 1 commit into from Dec 2, 2020
Merged

Conversation

@Taneb
Copy link
Contributor

@Taneb Taneb commented Oct 29, 2020

I've also removed PrivateTmp = true because this is implied by dynamic user.

I've left ProtectHome = true because I believe this is stronger than
ProtectHome = "read-only" which DynamicUser implies.

Motivation for this change

#55370

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
@aanderse
Copy link
Member

@aanderse aanderse commented Oct 29, 2020

Once merged we can check hoogle off this list. ignore me...

@aanderse
Copy link
Member

@aanderse aanderse commented Nov 28, 2020

So... we're good to merge, right?

I've also removed PrivateTmp = true because this is implied by dynamic user.

I've left ProtectHome = true because I believe this is stronger than
ProtectHome = "read-only" which DynamicUser implies.
@Taneb Taneb force-pushed the Taneb:hoogle-dynamic-user branch from 24c2d26 to 12c3e0a Nov 30, 2020
@Taneb
Copy link
Contributor Author

@Taneb Taneb commented Nov 30, 2020

I've rebased and force-pushed try and kickstart the ofborg build

@Infinisil Infinisil merged commit 2526f22 into NixOS:master Dec 2, 2020
16 checks passed
16 checks passed
@github-actions
tests
Details
@github-actions
action
Details
@ofborg
Evaluation Performance Report Evaluator Performance Report
Details
@github-actions
Wait for ofborg
Details
@ofborg
grahamcofborg-eval ^.^!
Details
@ofborg
grahamcofborg-eval-check-meta config.nix: checkMeta = true
Details
@ofborg
grahamcofborg-eval-darwin nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="12c3e0a"; rev="12c3e0a4655418cf0cbd53fd0e00b9f9a664fd40"; } ./pkgs/t
Details
@ofborg
grahamcofborg-eval-lib-tests nix-build --arg pkgs import ./. {} ./lib/tests/release.nix
Details
@ofborg
grahamcofborg-eval-nixos nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="12c3e0a"; rev="12c3e0a4655418cf0cbd53fd0e00b9f9a664fd40"; } ./nixos/
Details
@ofborg
grahamcofborg-eval-nixos-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="12c3e0a"; rev="12c3e0a4655418cf0cbd53fd0e00b9f9a664fd40"; } ./nixos/
Details
@ofborg
grahamcofborg-eval-nixos-options nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="12c3e0a"; rev="12c3e0a4655418cf0cbd53fd0e00b9f9a664fd40"; } ./nixos/
Details
@ofborg
grahamcofborg-eval-nixpkgs-manual nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="12c3e0a"; rev="12c3e0a4655418cf0cbd53fd0e00b9f9a664fd40"; } ./pkgs/t
Details
@ofborg
grahamcofborg-eval-nixpkgs-tarball nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="12c3e0a"; rev="12c3e0a4655418cf0cbd53fd0e00b9f9a664fd40"; } ./pkgs/t
Details
@ofborg
grahamcofborg-eval-nixpkgs-unstable-jobset nix-instantiate --arg nixpkgs { outPath=./.; revCount=999999; shortRev="12c3e0a"; rev="12c3e0a4655418cf0cbd53fd0e00b9f9a664fd40"; } ./pkgs/t
Details
@ofborg
grahamcofborg-eval-package-list nix-env -qa --json --file .
Details
@ofborg
grahamcofborg-eval-package-list-no-aliases nix-env -qa --json --file . --arg config { allowAliases = false; }
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants