Commit graph

236610 commits

Author SHA1 Message Date
Maximilian Bosch
37e3cadb8b
nixos/systemd-networkd-vrf: implement working TCP test on a 5.x kernel
By design, VRFs allow route-leaking for forwarded packages, but not for
local processes using a socket. While it was possible to leak such TCP
traffic through a VRF on a 4.x kernel, this behavior was considered
wrong and got fixed in Linux 5.x[1].

From now on, local unix sockets must run in the VRF itself using
`ip vrf exec`[2] which basically injects a BPF program into the VRF and
drops elevated networking capabilities by default for the specified
command.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c82a21f4320c8d54cf6456b27c8d49e5ffb722e
[2] https://man7.org/linux/man-pages/man8/ip-vrf.8.html
2020-07-31 21:06:00 +02:00
Maximilian Bosch
8738de2346
Merge pull request #94237 from Ma27/bump-matrix-synapse
matrix-synapse: 1.17.0 -> 1.18.0
2020-07-31 14:23:06 +02:00
Mario Rodas
fa4c4d5fe4
Merge pull request #94276 from marsam/update-prometheus
prometheus: 2.19.2 -> 2.19.3
2020-07-31 07:22:05 -05:00
Mario Rodas
f5397ebc0d
Merge pull request #94266 from wjlroe/hikari-2.1.1
hikari: 2.0.4 -> 2.1.1
2020-07-31 07:21:53 -05:00
Mario Rodas
faa5c2d47a
Merge pull request #94307 from Elyhaka/wofi-upd
wofi: 1.1.2 -> 1.2.1
2020-07-31 07:20:40 -05:00
Mario Rodas
e89c29aecd
Merge pull request #94326 from r-ryantm/auto-update/thanos
thanos: 0.13.0 -> 0.14.0
2020-07-31 07:19:46 -05:00
Mario Rodas
6284dd2871
Merge pull request #94319 from r-ryantm/auto-update/taskell
taskell: 1.9.3 -> 1.9.4
2020-07-31 07:18:19 -05:00
Mario Rodas
00436f01f8
Merge pull request #94316 from r-ryantm/auto-update/skaffold
skaffold: 1.12.0 -> 1.12.1
2020-07-31 07:15:16 -05:00
Mario Rodas
5e669eec80
Merge pull request #94213 from r-burns/cmake-language-server
cmake-language-server: fix test error on macOS
2020-07-31 07:11:00 -05:00
Mario Rodas
3bc202d4f3
Merge pull request #94325 from r-ryantm/auto-update/tfsec
tfsec: 0.23.2 -> 0.24.1
2020-07-31 07:09:08 -05:00
Mario Rodas
bb75c646ef
Merge pull request #94322 from r-ryantm/auto-update/terracognita
terracognita: 0.5.0 -> 0.5.1
2020-07-31 07:08:40 -05:00
Mario Rodas
e33b74add0
Merge pull request #94324 from r-ryantm/auto-update/terraform-ls
terraform-ls: 0.4.0 -> 0.5.4
2020-07-31 07:07:03 -05:00
Mario Rodas
da686139d7
Merge pull request #94299 from r-ryantm/auto-update/pueue
pueue: 0.6.1 -> 0.7.1
2020-07-31 06:50:58 -05:00
Emery Hemingway
f153d9f855 mimetic: patch for aarch64 2020-07-31 13:30:18 +02:00
R. RyanTM
7e0017bae2 thanos: 0.13.0 -> 0.14.0 2020-07-31 11:26:47 +00:00
R. RyanTM
8684be2f54 tfsec: 0.23.2 -> 0.24.1 2020-07-31 11:20:56 +00:00
R. RyanTM
b8d60df8dd terraform-ls: 0.4.0 -> 0.5.4 2020-07-31 11:16:03 +00:00
R. RyanTM
229ac0080f terracognita: 0.5.0 -> 0.5.1 2020-07-31 11:09:07 +00:00
R. RyanTM
98c1bcf392 taskell: 1.9.3 -> 1.9.4 2020-07-31 10:49:50 +00:00
R. RyanTM
e5b3655ae0 skaffold: 1.12.0 -> 1.12.1 2020-07-31 09:42:34 +00:00
Doron Behar
b0edcfd09b gnomeExtensions.gsconnect: 38 -> 39 2020-07-31 10:46:50 +02:00
Elyhaka
c29cae2973
wofi: 1.1.2 -> 1.2.1 2020-07-31 10:40:03 +02:00
Jonathan Ringer
a6be13831a python2Packages.statsmodels: disable py27, abandoned
```
  Processing ./statsmodels-0.11.1-cp27-cp27mu-linux_x86_64.whl
  ERROR: Package 'statsmodels' requires a different Python: 2.7.18 not in '>=3.5'
```
2020-07-31 10:38:48 +02:00
Sarah Brofeldt
c5a1eafc1b
Merge pull request #94243 from johanot/dockertools-fix-nixstore-perms
dockertools: fix buildLayeredImage nix-store permissions
2020-07-31 10:38:37 +02:00
Johan Thomsen
f5db415e2f nixos/tests/dockerTools: add test for running non-root containers with buildLayeredImage
Co-authored-by: Robert Hensing <roberth@users.noreply.github.com>
2020-07-31 10:14:07 +02:00
Dennis Gosnell
471f3672b6
Merge pull request #94215 from mikefaille/dhall-lsp-server
dhall-lsp-server: init at 1.0.8 on all packages
2020-07-31 17:08:39 +09:00
Lancelot SIX
7bec3a3cca nano: 4.9.3 -> 5.0 2020-07-31 01:07:48 -07:00
Ryan Mulligan
9f67493bc4 discord-canary: 0.0.104 -> 0.0.105 2020-07-31 01:06:24 -07:00
dependabot[bot]
497705fed7
Merge pull request #94289 from NixOS/dependabot/github_actions/technote-space/get-diff-action-v2.0.2 2020-07-31 08:03:19 +00:00
Michael Faille
fa06748f24 lmms: 1.2.1 -> 1.2.2 2020-07-31 01:03:06 -07:00
R. RyanTM
2920f93260 python27Packages.colorlog: 4.1.0 -> 4.2.1 2020-07-31 01:02:26 -07:00
R. RyanTM
7be461544a muse: 3.1.0 -> 3.1.1 2020-07-31 01:00:13 -07:00
R. RyanTM
fb4535c4c1 python27Packages.chart-studio: 1.0.0 -> 1.1.0 2020-07-31 00:58:03 -07:00
R. RyanTM
bac4f8ae18 python27Packages.argcomplete: 1.11.1 -> 1.12.0 2020-07-31 00:54:35 -07:00
R. RyanTM
440fb942e0 dgraph: 20.03.3 -> 20.03.4 2020-07-31 00:52:36 -07:00
R. RyanTM
7b629e24a4 randoop: 4.2.3 -> 4.2.4 2020-07-31 00:52:13 -07:00
R. RyanTM
cec5aa3be9 python27Packages.Theano: 1.0.4 -> 1.0.5 2020-07-31 00:49:13 -07:00
R. RyanTM
4ceed2d0d4 rgbds: 0.4.0 -> 0.4.1 2020-07-31 00:49:01 -07:00
Evan Stoll
54e20c2361 pythonPackages.gdbgui: 0.13.2.0 -> 0.13.2.1
- add eventlet to propagatedBuildInputs
- add homepage
- add gevent-websocket to propagatedBuildInputs

  Without gevent-websocket, this message is printed on start:
  "WARNING - WebSocket transport not available.
  Install gevent-websocket for improved performance."

  - Add gevent-websocket to propagatedBuildInputs to suppress the error
    message and supposedly improve performance
2020-07-31 00:46:59 -07:00
R. RyanTM
a993bd8eb7 oprofile: 1.3.0 -> 1.4.0 2020-07-31 00:45:10 -07:00
R. RyanTM
31a9392d73 ytcc: 1.8.3 -> 1.8.4 2020-07-31 00:44:14 -07:00
R. RyanTM
2e30f68141 python27Packages.openapi-spec-validator: 0.2.8 -> 0.2.9 2020-07-31 00:39:57 -07:00
R. RyanTM
afaf5d5d43 conky: 1.11.5 -> 1.11.6 2020-07-31 00:37:27 -07:00
R. RyanTM
b80231a43a i3-gaps: 4.18.1 -> 4.18.2 2020-07-31 00:36:06 -07:00
Scott Worley
2f2954ccb1 pythonPackages.backoff: init at 1.10.0 2020-07-31 00:35:12 -07:00
zowoq
661949ba62 .editorconfig: add c, h, key, ovpn 2020-07-31 17:31:15 +10:00
R. RyanTM
1673bc9c18 pueue: 0.6.1 -> 0.7.1 2020-07-31 07:25:13 +00:00
Daniël de Kok
898eddeffd python3Packages.mecab-python3: 0.996.5 -> 1.0.1 2020-07-31 00:14:58 -07:00
Roman Volosatovs
b0b724f873 vimPlugins: update 2020-07-31 00:12:30 -07:00
Roman Volosatovs
1e2703cd9c vimPlugins.diagnostic-nvim: init at 2020-07-25 2020-07-31 00:12:30 -07:00