Commit graph

287051 commits

Author SHA1 Message Date
Luke Granger-Brown
4775798b80
Merge pull request #119510 from expipiplus1/joe-mx-puppet-discord
mx-puppet-discord: init at 2021-01-22
2021-05-03 10:12:45 +01:00
Luke Granger-Brown
4b42da3d85
Merge pull request #120791 from mweinelt/babeld
babeld: 1.9.2 -> 1.10
2021-05-03 10:00:12 +01:00
Luke Granger-Brown
10a0ec1180
Merge pull request #120742 from fabaff/karton-autoit-ripper
python3Packages.karton-autoit-ripper: init at 1.0.0
2021-05-03 09:59:21 +01:00
Fabian Affolter
952257c35d
Merge pull request #121478 from dotlambda/metadata-cleaner-1.0.5
metadata-cleaner: 1.0.4 -> 1.0.5
2021-05-03 10:58:46 +02:00
Michele Guerini Rocco
e5bbb1cf33
Merge pull request #121539 from lukegb/custom-ca-debug
nixos/tests/custom-ca: fix by setting Content-Type
2021-05-03 10:49:57 +02:00
Luke Granger-Brown
d922cad4d6
Merge pull request #119172 from midchildan/package/trafficserver
nixos/trafficserver: init
2021-05-03 09:48:07 +01:00
R. RyanTM
7bc3bddeb8 bluej: 5.0.0 -> 5.0.1 2021-05-03 08:48:00 +00:00
Luke Granger-Brown
d688023a47
Merge pull request #120244 from Flakebi/rgp
rgp: 1.9 -> 1.10
2021-05-03 09:45:08 +01:00
Domen Kožar
4079fe7473
Merge pull request #121515 from siraben/coq-hydra
top-level/coq-packages: remove dontDistribute
2021-05-03 10:38:41 +02:00
Luke Granger-Brown
5fddb1b015
Merge pull request #121561 from JesusMtnez/slack
slack: 4.14.0 -> 4.15.0
2021-05-03 09:35:55 +01:00
rnhmjoj
9ea6c1979c
nixos/searx: set settings.yml permissions using umask
This should solve a leakage of secrets as suggested in #121293
2021-05-03 09:53:50 +02:00
Samuel Gräfenstein
c98e84c00d
nodejs*: add meta.mainProgram 2021-05-03 09:42:48 +02:00
oxalica
935db0c11b
osu-lazer: 2021.410.0 -> 2021.502.0 2021-05-03 15:18:12 +08:00
Johannes Schleifenbaum
3976626f1b
dbeaver: 21.0.3 -> 21.0.4 2021-05-03 09:03:56 +02:00
Fabian Affolter
5f59141ba8
Merge pull request #121537 from Mindavi/graphene/fix-compilation
graphene: fix build by allowing newer versions of aniso8601
2021-05-03 08:41:05 +02:00
Fabian Affolter
740310521a
Merge pull request #121325 from r-ryantm/auto-update/librespeed-cli
librespeed-cli: 1.0.7 -> 1.0.8
2021-05-03 08:37:33 +02:00
stigtsp
d422f9a23d
Merge pull request #121566 from midchildan/update/exiftool
perlPackages.ImageExifTool: apply fix for CVE-2021-22204
2021-05-03 08:28:31 +02:00
Joe Hermaszewski
9fb7b6dc1d mautrix-signal: Fix incorrect escaping in wrapper 2021-05-03 13:51:47 +08:00
Austin Seipp
b3676834ca
Merge pull request #121544 from petabyteboy/feature/bpftools
bpftools: build bpf_asm, bpf_dbg
2021-05-03 00:46:37 -05:00
midchildan
dea7f56b5d
perlPackages.ImageExifTool: apply fix for CVE-2021-22204 2021-05-03 14:46:13 +09:00
Daniël de Kok
639730bd11
Merge pull request #121475 from danieldk/makemkv-ffmpeg
makemkv: switch from ffmpeg_3 to ffmpeg
2021-05-03 07:43:25 +02:00
Otavio Salvador
37bdc088ef cargo-msrv: init at 0.4.0
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2021-05-02 22:02:44 -07:00
Mario Rodas
ed22da947c
Merge pull request #121554 from r-ryantm/auto-update/go-tools
go-tools: 2020.2.3 -> 2020.2.4
2021-05-02 23:52:13 -05:00
Mario Rodas
6570482b44
Merge pull request #121358 from r-ryantm/auto-update/grpcurl
grpcurl: 1.8.0 -> 1.8.1
2021-05-02 23:48:55 -05:00
JesusMtnez
4eb7c561e3
slack: 4.14.0 -> 4.15.0 2021-05-03 06:44:16 +02:00
R. RyanTM
df23c96828 hugo: 0.82.1 -> 0.83.1 2021-05-03 04:22:20 +00:00
R. RyanTM
25fd0dde19 go-tools: 2020.2.3 -> 2020.2.4 2021-05-03 03:34:08 +00:00
Ben Siraphob
4ec2272826 top-level/coq-packages: remove dontDistribute
In the GitHub discussion of 527bad18d0,
it was decided to allow Hydra to build coqPackages.
2021-05-03 09:10:37 +07:00
Luke Granger-Brown
b942e0f650 nixos/tests/installer: don't break under i686
Currently, the installer tests just hang after the initial install phase
on i686 because qemu just quits because of the gic parameter.

Fix this by doing x86 things for both x86-64 and i686.
2021-05-03 01:44:54 +00:00
Martin Weinelt
d0dc38c19f
Merge pull request #121525 from primeos/glances
glances: 3.1.6.2 -> 3.1.7
2021-05-03 03:23:21 +02:00
nixinator
d5a0b50f26 methane: init at 2.0.1 2021-05-02 18:12:31 -07:00
nixinator
11bb46fdc6 clanlib: init at 4.1.0
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-05-02 18:12:31 -07:00
Robert Schütz
280c8cf540
py3c: fix build with darwin (#121447) 2021-05-03 02:04:29 +02:00
Dmitry Kalinkin
f674f06ac5
tests.texlive.dvipng: apply recurseIntoAttrs 2021-05-02 19:35:47 -04:00
Milan Pässler
c4bd0719e3
bpftools: build bpf_asm, bpf_dbg
I needed some other bpf-related tools located in the kernel source tree,
so I hijacked the bpftool package, renamed it to bpftools and added
those programs.
2021-05-03 00:59:50 +02:00
Robert Schütz
27d0a91fd4 authenticator: init at 4.0.3 2021-05-03 00:46:50 +02:00
Martin Weinelt
d67fc76603
Merge pull request #120536 from mweinelt/mosquitto 2021-05-03 00:41:21 +02:00
Martin Weinelt
fb5b00d2eb
Merge pull request #120526 from mweinelt/home-assistant 2021-05-03 00:35:50 +02:00
Martin Weinelt
f41349d30d
nixos/home-assistant: Restart systemd unit on restart service
Home-assistant through its `--runner` commandline flag supports sending
exit code 100 when the `homeassistant.restart` service is called.

With `RestartForceExitStatus` we can listen for that specific exit code
and restart the whole systemd unit, providing an actual clean restart
with fresh processes. Additional treat exit code 100 as a successful
termination.
2021-05-03 00:21:25 +02:00
Martin Weinelt
1dbb60f562
nixos/tests/home-assistant: update maintainership to home-assistant team 2021-05-03 00:21:25 +02:00
Martin Weinelt
8ab7fc1107
nixos/tests/home-assistant: test capability passing
Configures the emulated_hue component and expects CAP_NET_BIND_SERVICE
to be passed in order to be able to bind to 80/tcp.

Also print the systemd security analysis, so we can spot changes more
quickly.
2021-05-03 00:21:25 +02:00
Martin Weinelt
7d09d7f571
nixos/home-assistant: harden systemd service
This is what is still exposed, and it should still allow things to work
as usual.

✗ PrivateNetwork=                    Service has access to the host's …      0.5
✗ RestrictAddressFamilies=~AF_(INET… Service may allocate Internet soc…      0.3
✗ DeviceAllow=                       Service has a device ACL with som…      0.1
✗ IPAddressDeny=                     Service does not define an IP add…      0.2
✗ PrivateDevices=                    Service potentially has access to…      0.2
✗ PrivateUsers=                      Service has access to other users       0.2
✗ SystemCallFilter=~@resources       System call allow list defined fo…      0.2
✗ RootDirectory=/RootImage=          Service runs within the host's ro…      0.1
✗ SupplementaryGroups=               Service runs with supplementary g…      0.1
✗ RestrictAddressFamilies=~AF_UNIX   Service may allocate local sockets      0.1

→ Overall exposure level for home-assistant.service: 1.6 OK :-)

This can grow to as much as ~1.9 if you use one of the bluetooth or nmap
trackers or the emulated_hue component, all of which required elevated
permisssions.
2021-05-03 00:21:24 +02:00
Mario Rodas
8b0515eb9a
pngquant: 2.12.5 -> 2.14.1 (#121470) 2021-05-02 23:59:08 +02:00
Luke Granger-Brown
f2a91ec2b7 nixos/tests/gitdaemon: deflake by using systemd-tmpfiles
git-daemon won't start up if its project directory (here /git) doesn't
exist. If we try to create it using the test harness, then we're racing
whether we manage to connect to the backdoor vs. the startup speed of
git-daemon.

Instead, use systemd-tmpfiles, which is guaranteed(?) to run before
network.target and thus before git-daemon.service starts.
2021-05-02 21:58:43 +00:00
Luke Granger-Brown
a6fb22a689 nixos/tests/rspamd: increase memory
rspamd seems to be consuming more memory now sometimes, causing OOMs in
the test.

Increase the memory given to these VMs to make the tests pass more
reliably.
2021-05-02 21:50:17 +00:00
Luke Granger-Brown
649672e76e nixos/postfix: fix compatibility level
Postfix has started outputting an error on startup that it can't parse
the compatibility level 9999.

Instead, just set the compatibility level to be identical to the current
version, which seems to be the (new) intent for the compatibility level.
2021-05-02 21:49:33 +00:00
Luke Granger-Brown
da000ae239 nixos/tests/custom-ca: fix by setting Content-Type
This test was failing because Firefox was displaying a download prompt
rather than the page content, presumably because mumble mumble
content-type sniffing.

By explicitly setting a content-type, the test now passes.
2021-05-02 21:38:56 +00:00
Rick van Schijndel
742adf762b graphene: fix build by allowing newer versions of aniso8601
All tests seem to pass, which gives some confidence that this is ok.
2021-05-02 22:56:53 +02:00
Martin Weinelt
d942d4473d neovim, neovimUtils, neovim-qt: drop python2 support
In 2a00e53bd pynvim support for python2 was disabled, this broke the
neovim build. I really think it is time to let go of python2 support in
neovim.
2021-05-02 22:43:53 +02:00
R. RyanTM
f5e695bf3a
kubelogin-oidc: 1.23.0 -> 1.23.1 (#121440) 2021-05-02 16:39:45 -04:00