nixpkgs/nixos
Alois Wohlschlager bd0cbb43ec
nixos/plasma5: remove pointless setuid wrappers
The module for Plasma 5 contained two pointless setuid wrappers:
* kscreenlocker_greet was introduced when the kscreenlocker package
  dropped kcheckpass. However, this was actually replaced by making
  proper use of PAM (which finally calls its unix_chkpwd setuid binary).
  kscreenlocker_greet itself was never intended to be setuid.
  Fortunately, this is not exploitable, because QCoreApplication
  immediately aborts if it detects setuid. The wrapper is still
  incorrect and pointless, so remove it.
* start_kdeinit can optionally use setuid root or setcap
  CAP_SYS_RESOURCE to reduce its OOM killer score. However, with systemd
  startup, start_kdeinit does not get used at all. So in this case, the
  setuid wrapper is pointless, and so is removed as well. Ideally, the
  case where systemd startup is not enabled would use a capability
  wrapper instead, but since systemd startup is the default in NixOS and
  kinit is deprecated upstream for KF6, I don't bother any more.
2023-09-08 19:21:22 +02:00
..
doc/manual Merge pull request #253299 from pennae/jack-tools 2023-09-08 15:23:25 +02:00
lib Merge pull request #250318 from Artturin/copycrossfix 2023-09-06 00:37:15 +03:00
maintainers nixos/lxd: add virtual-machine support, image and module 2023-09-03 20:06:44 -04:00
modules nixos/plasma5: remove pointless setuid wrappers 2023-09-08 19:21:22 +02:00
tests mobilizon: init at 3.1.3 2023-09-07 08:59:40 +00:00
COPYING
default.nix
README.md CONTRIBUTING.md: Move boot loader-specific sentence to pkgs/README.md 2023-08-14 19:50:02 +02:00
release-combined.nix nixos/release-combined.nix: Build pkgs/by-name tester 2023-08-29 16:35:07 +02:00
release-small.nix Merge pull request #209870 from amjoseph-nixpkgs/pr/stdenv/external-gcc-bootstrap 2023-04-03 08:19:03 -07:00
release.nix Merge pull request #244093 from adamcstephens/lxd/vm 2023-09-03 22:02:54 -05:00

NixOS

NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at https://nixos.org/nixos and in the manual in doc/manual.

Testing changes

You can add new module to your NixOS configuration file (usually its /etc/nixos/configuration.nix). And do sudo nixos-rebuild test -I nixpkgs=<path to your local nixpkgs folder> --fast.

Reviewing contributions

When changing the bootloader installation process, extra care must be taken. Grub installations cannot be rolled back, hence changes may break peoples installations forever. For any non-trivial change to the bootloader please file a PR asking for review, especially from @edolstra.

Module updates

Module updates are submissions changing modules in some ways. These often contains changes to the options or introduce new options.

Reviewing process:

  • Ensure that the module maintainers are notified.
    • CODEOWNERS will make GitHub notify users based on the submitted changes, but it can happen that it misses some of the package maintainers.
  • Ensure that the module tests, if any, are succeeding.
  • Ensure that the introduced options are correct.
    • Type should be appropriate (string related types differs in their merging capabilities, loaOf and string types are deprecated).
    • Description, default and example should be provided.
  • Ensure that option changes are backward compatible.
    • mkRenamedOptionModuleWith provides a way to make option changes backward compatible.
  • Ensure that removed options are declared with mkRemovedOptionModule
  • Ensure that changes that are not backward compatible are mentioned in release notes.
  • Ensure that documentations affected by the change is updated.

Sample template for a module update review is provided below.

##### Reviewed points

- [ ] changes are backward compatible
- [ ] removed options are declared with `mkRemovedOptionModule`
- [ ] changes that are not backward compatible are documented in release notes
- [ ] module tests succeed on ARCHITECTURE
- [ ] options types are appropriate
- [ ] options description is set
- [ ] options example is provided
- [ ] documentation affected by the changes is updated

##### Possible improvements

##### Comments

New modules

New modules submissions introduce a new module to NixOS.

Reviewing process:

  • Ensure that the module tests, if any, are succeeding.
  • Ensure that the introduced options are correct.
    • Type should be appropriate (string related types differs in their merging capabilities, loaOf and string types are deprecated).
    • Description, default and example should be provided.
  • Ensure that module meta field is present
    • Maintainers should be declared in meta.maintainers.
    • Module documentation should be declared with meta.doc.
  • Ensure that the module respect other modules functionality.
    • For example, enabling a module should not open firewall ports by default.

Sample template for a new module review is provided below.

##### Reviewed points

- [ ] module path fits the guidelines
- [ ] module tests succeed on ARCHITECTURE
- [ ] options have appropriate types
- [ ] options have default
- [ ] options have example
- [ ] options have descriptions
- [ ] No unneeded package is added to environment.systemPackages
- [ ] meta.maintainers is set
- [ ] module documentation is declared in meta.doc

##### Possible improvements

##### Comments