Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

earlyoom: Apply security recommendations from package maintainer (First attempt) #363597

Closed
wants to merge 10 commits into from
Closed

earlyoom: Apply security recommendations from package maintainer (First attempt) #363597

wants to merge 10 commits into from

Conversation

kaindlnetwork
Copy link

@kaindlnetwork kaindlnetwork commented Dec 9, 2024
edited
Loading

My pull request might not be the most elegant solution, but it implements the security restrictions recommended by the package maintainer. I would appreciate any help with verifying and testing the changes. Thank you very much! :D

Source for my changes: https://github.com/rfjakob/earlyoom/blob/master/earlyoom.service.in

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@kaindlnetwork
Update earlyoom.nix
9b9562a 
My pull request may not be the most elegant, but it implements the security restrictions recommended by the package maintainer.
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Dec 9, 2024
@NixOSInfra NixOSInfra added the 12. first-time contribution This PR is the author's first one; please be gentle! label Dec 9, 2024
@kaindlnetwork
Update earlyoom.nix
4393c2b 
Merged both systemd blocks to one single
@github-actions github-actions bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Dec 9, 2024
@kaindlnetwork
Update earlyoom.nix
3d0f3bd 
Removed Trailing whitespace
@06kellyjac
Copy link
Member

Hello. Firstly, welcome to nixpkgs.

Your changes aren't indented correctly, if you could address that it'd be great.
Please also view CONTRIBUTING.md to see how commits should be titled.

If you can link the documentation from easyoom which recommends these options that would be helpful for review.

@kaindlnetwork kaindlnetwork changed the title Update earlyoom.nix earlyoom: Apply security recommendations from package maintainer Dec 9, 2024
@kaindlnetwork
Copy link
Author

Hi @06kellyjac,

Thank you so much for your suggestions!
I've updated my Pull Request to include the documentation I referenced for my change. Additionally, I’ve edited the title of the Pull Request to better reflect the changes.

Could you please let me know what is incorrect or missing to make my commit approvable? Specifically, regarding the comment "Your changes aren't indented correctly."

06kellyjac
06kellyjac suggested changes Dec 9, 2024
View reviewed changes
Copy link
Member

@06kellyjac 06kellyjac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By indentation I mean this

image

It was originally indented twice (2 spaces each indentation) by a total of 4 spaces. Now it's not indented.

Also your commits will need squashing together which I don't think you can do via the github interface

nixos/modules/services/system/earlyoom.nix Outdated Show resolved Hide resolved
nixos/modules/services/system/earlyoom.nix Outdated Show resolved Hide resolved
nixos/modules/services/system/earlyoom.nix Outdated Show resolved Hide resolved
kaindlnetwork and others added 7 commits December 9, 2024 17:53
@kaindlnetwork
Copy link
Author

Hi @06kellyjac,

I've implemented all your suggestions except for the SystemCallFilter so far. I must say, NixOS has impressively high standards for PRs!

To be honest, I'm not sure how to squash the commits. If you could assist with that, I’d really appreciate it (I rarely use Git commands). It looks like all the checks have passed successfully so far. :D

Thanks!

@kaindlnetwork kaindlnetwork deleted the patch-1 branch December 10, 2024 13:26
@kaindlnetwork kaindlnetwork changed the title earlyoom: Apply security recommendations from package maintainer earlyoom: Apply security recommendations from package maintainer (First attempt) Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@06kellyjac 06kellyjac 06kellyjac requested changes

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 12. first-time contribution This PR is the author's first one; please be gentle!
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kaindlnetwork @06kellyjac @NixOSInfra