Skip to content

monit: cross-compile, and make openssl optional #35248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Mic92 merged 1 commit into from
Apr 21, 2018
Merged

monit: cross-compile, and make openssl optional #35248

Mic92 merged 1 commit into from
Apr 21, 2018

Conversation

@telent
Copy link
Contributor

@telent telent commented Feb 20, 2018

Motivation for this change

Upstream Monit optionally uses OpenSSL to provide HTTPS support in its builtin admin web server. Being able to turn off SSL in Nixpkgs' monit derivation makes it much easier to build Monit on embedded systems - and the resulting package is smaller.

Security implication: if you choose not to build in openssl then you should probably configure Monit to allow HTTP access only from localhost (or over trusted networks only)

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@telent
monit: cross-compile, and make openssl optional
9cdb7fe 
Upstream Monit optionally uses OpenSSL to provide TLS support in its
builtin admin web server.  Being able to turn off SSL in Nixpkgs'
monit derivation makes it much easier to build Monit on embedded
systems.

Security implication: if you choose not to build in openssl
then you should probably configure Monit to allow access only from
localhost.
@GrahamcOfBorg GrahamcOfBorg added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux. labels Feb 20, 2018
@Mic92
Copy link
Member

Mic92 commented Feb 20, 2018
edited
Loading

maybe you are also interested in NixOS/rfcs#23

@telent
Copy link
Contributor Author

telent commented Feb 21, 2018

maybe you are also interested in NixOS/rfcs#23

Very much so, although I haven't had time to respond to the RFC yet. Just been bringing NixWRT up to date with master so that I can play with the musl support myself.

@bjornfor bjornfor added the 6.topic: cross-compilation Building packages on a different platform than they will be used on label Mar 19, 2018
@matthewbauer
Copy link
Member

matthewbauer commented Apr 20, 2018

Looks good! @Mic92 any objections?

@Mic92 Mic92 merged commit 9d7959d into NixOS:master Apr 21, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

6.topic: cross-compilation Building packages on a different platform than they will be used on 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 1-10 This PR causes between 1 and 10 packages to rebuild on Linux.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@telent @Mic92 @matthewbauer @bjornfor @GrahamcOfBorg