Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

monit: cross-compile, and make openssl optional #35248

Merged
merged 1 commit into from Apr 21, 2018
Merged

monit: cross-compile, and make openssl optional #35248

merged 1 commit into from Apr 21, 2018

Conversation

telent
Copy link
Contributor

@telent telent commented Feb 20, 2018

Motivation for this change

Upstream Monit optionally uses OpenSSL to provide HTTPS support in its builtin admin web server. Being able to turn off SSL in Nixpkgs' monit derivation makes it much easier to build Monit on embedded systems - and the resulting package is smaller.

Security implication: if you choose not to build in openssl then you should probably configure Monit to allow HTTP access only from localhost (or over trusted networks only)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@telent
monit: cross-compile, and make openssl optional
9cdb7fe 
Upstream Monit optionally uses OpenSSL to provide TLS support in its
builtin admin web server.  Being able to turn off SSL in Nixpkgs'
monit derivation makes it much easier to build Monit on embedded
systems.

Security implication: if you choose not to build in openssl
then you should probably configure Monit to allow access only from
localhost.
@Mic92
Copy link
Member

Mic92 commented Feb 20, 2018
edited

maybe you are also interested in NixOS/rfcs#23

@telent
Copy link
Contributor Author

telent commented Feb 21, 2018

maybe you are also interested in NixOS/rfcs#23

Very much so, although I haven't had time to respond to the RFC yet. Just been bringing NixWRT up to date with master so that I can play with the musl support myself.

@bjornfor bjornfor added the 6.topic: cross-compilation Building packages on a different sort platform than than they will be run on label Mar 19, 2018
@matthewbauer
Copy link
Member

Looks good! @Mic92 any objections?

@Mic92 Mic92 merged commit 9d7959d into NixOS:master Apr 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
6.topic: cross-compilation Building packages on a different sort platform than than they will be run on 10.rebuild-darwin: 0 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@telent @Mic92 @matthewbauer @bjornfor @GrahamcOfBorg