Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nixos/zoneminder: Fix package and service build #63824

Merged
merged 2 commits into from Jul 7, 2019
Merged

nixos/zoneminder: Fix package and service build #63824

merged 2 commits into from Jul 7, 2019

Conversation

JohnAZoidberg
Copy link
Member

@JohnAZoidberg JohnAZoidberg commented Jun 26, 2019
edited

Motivation for this change

NixOS wouldn't build because the nginx config checker fails.

Location without a trailing slash "could allow an attacker to read file
stored outside the target folder.", source:
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

Shouldn't change the behaviour according to
https://serverfault.com/questions/607615/using-trailing-slashes-in-nginx-configuration/607731#607731

cc @peterhoeg @aanderse

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Can be tested with this minimal config:

  services.zoneminder = {
    enable = true;
    database = {
      createLocally = true;
      username = "zoneminder";
    };
  };

@JohnAZoidberg
nixos/zoneminder: Fix nginx config check
19851ec 
NixOS wouldn't build because the nginx config checker fails.

Location without a trailing slash "could allow an attacker to read file
stored outside the target folder.", source:
https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

Shouldn't change the behaviour according to
https://serverfault.com/questions/607615/using-trailing-slashes-in-nginx-configuration/607731#607731
@JohnAZoidberg JohnAZoidberg changed the title nixos/zoneminder: Fix nginx config check nixos/zoneminder: Fix package and service build Jun 26, 2019
@ofborg ofborg bot requested a review from peterhoeg June 26, 2019 20:16
@ofborg ofborg bot requested a review from peterhoeg June 27, 2019 07:56
@peterhoeg
Copy link
Member

Nice work tracking this down!

@nixos-discourse
Copy link

This pull request has been mentioned on Nix community. There might be relevant details there:

https://discourse.nixos.org/t/prs-ready-for-review-may-2019/3032/22

@worldofpeace worldofpeace merged commit ab34f8b into NixOS:master Jul 7, 2019
@JohnAZoidberg JohnAZoidberg deleted the zoneminder-alias branch July 7, 2019 10:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@peterhoeg peterhoeg peterhoeg left review comments

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@JohnAZoidberg @peterhoeg @nixos-discourse @worldofpeace