Commit graph

10 commits

Author SHA1 Message Date
Eelco Dolstra
5a303093dc
Remove world-writability from per-user directories
'nix-daemon' now creates subdirectories for users when they first
connect.

Fixes #509 (CVE-2019-17365).
Should also fix #3127.
2019-10-09 23:34:48 +02:00
Matthew Bauer
92f461e4f4 Don’t set NIX_REMOTE=daemon in daemon profile
This is now autodetected. There is no need to put it in the profile.
2019-05-15 22:24:24 -04:00
Eelco Dolstra
32a0a223d5
Merge pull request #2432 from luke-clifton/fixssl
SSL certificate search failed to find user profile certificates.
2018-11-15 13:07:43 +01:00
Matthew Bauer
9cc876fb11
nix-profile-daemon: remove cruft
This removes part of the PATH that were being added automatically in multi-user installs:

- $HOME/.nix-profile/lib/kde4/libexec - shouldn't be needed anymore, we are now using kde5
- @localstatedir@/nix/profiles/default/lib/kde4/libexec - same as above
- @localstatedir@/nix/profiles/default - shouldn't ever contain binaries
2018-10-01 13:26:59 -05:00
Luke Clifton
fb72104b80 Search NIX_PROFILE for SSL CA 2018-09-20 07:33:35 +08:00
Luke Clifton
1241a58975 Look inside the user profile 2018-09-19 15:22:39 +08:00
Graham Christensen
d459d3307c
nix-daemon.sh profile script: operate under set -u
If the profile is sourced inside a script with `set -u`, the check for
__ETC_PROFILE_NIX_SOURCED and NIX_SSL_CERT_FILE would raise an error.
A simple guard around this check allows the script to operate under
standard environments (where it is fairly reasonable to assume USER
and HOME are set.)
2018-05-30 09:15:46 -04:00
Graham Christensen
cad903b634
multi-user profile: borrow single user profiles' NIX_SSL_CERT_FILE finding logic 2018-05-25 15:59:10 -04:00
Matthew Justin Bauer
d7a84d330c Setup nix_path correctly in nix-profile-daemon
We need nixpkgs to be set in NIX_PATH for Nix 1.12 to work correctly
2018-04-04 18:02:59 -05:00
Shea Levy
6a037a738a
Pull nix-profile-daemon from 1.11 2017-10-16 14:51:39 -04:00