Commit graph

82778 commits

Author SHA1 Message Date
aszlig
4f796c28d5
nixos/tests: Add a test for boot stage 1
We already have a small regression test for #15226 within the swraid
installer test. Unfortunately, we only check there whether the md
kthread got signalled but not whether other rampaging processes are
still alive that *should* have been killed.

So in order to do this we provide multiple canary processes which are
checked after the system has booted up:

 * canary1: It's a simple forking daemon which just sleeps until it's
            going to be killed. Of course we expect this process to not
            be alive anymore after boot up.
 * canary2: Similar to canary1, but tries to mimick a kthread to make
            sure that it's going to be properly killed at the end of
            stage 1.
 * canary3: Like canary2, but this time using a @ in front of its
            command name to actually prevent it from being killed.
 * kcanary: This one is a real kthread and it runs until killed, which
            shouldn't be the case.

Tested with and without 67223ee and everything works as expected, at
least on my machine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:56:43 +02:00
aszlig
dc6d003011
nixos/tests/installer/swraid: Check for safemode
This is a regression test for #15226, so that the test will fail once we
accidentally kill one or more of the md kthreads (aka: if safe mode is
enabled).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:51:38 +02:00
aszlig
67223ee205
nixos/stage-1: Don't kill kernel threads
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.

Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():

  drivers/isdn/mISDN/l1oip_core.c
  drivers/md/md.c
  drivers/misc/mic/cosm/cosm_scif_server.c
  drivers/misc/mic/cosm_client/cosm_scif_client.c
  drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
  drivers/staging/rtl8188eu/core/rtw_cmd.c
  drivers/staging/rtl8712/rtl8712_cmd.c
  drivers/target/iscsi/iscsi_target.c
  drivers/target/iscsi/iscsi_target_login.c
  drivers/target/iscsi/iscsi_target_nego.c
  drivers/usb/atm/usbatm.c
  drivers/usb/gadget/function/f_mass_storage.c
  fs/jffs2/background.c
  fs/lockd/clntlock.c
  fs/lockd/svc.c
  fs/nfs/nfs4state.c
  fs/nfsd/nfssvc.c

While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).

During discussion at #15226, @dezgeg suggested the following
implementation:

for pid in $(pgrep -v -f '@'); do
    if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
        kill -9 "$pid"
    fi
done

This has a few downsides:

 * User space processes which use an empty string in their command line
   won't be killed.
 * It results in errors during bootup because some shell-related
   processes are already terminated (maybe it's pgrep itself, haven't
   checked).
 * The @ is searched within the full command line, not just at the
   beginning of the string. Of course, we already had this until now, so
   it's not a problem of his implementation.

I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:

for pid in $(pgrep -v -f '^@'); do
    readlink "/proc/$pid/exe" &> /dev/null || continue
    echo "$pid"
done | xargs kill -9

This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.

So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.

Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:

http://stackoverflow.com/a/12231039

We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.

The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
2016-05-06 16:24:42 +02:00
Tobias Geerinckx-Rice
ab6e0861d4
nginx: restore .upstream files
07d9de713a
2016-05-06 15:37:22 +02:00
Lluís Batlle i Rossell
2f35e223b1 Adding libuuid (libblkid) to lvm2.
It wants it to detect if there are filesystems present in block devices, in
case of pvcreate. Otherwise it complaints "lvm built without blkid support" and
lacks the feature of detecting/wiping.
2016-05-06 15:09:49 +02:00
Lluís Batlle i Rossell
9f6afb7d78 Fixing nfsd service, wait on local-fs.
Otherwise, mountd was started exporting directories before local-fs was ready,
and it failed to start nfsd on missing fs.
2016-05-06 15:03:30 +02:00
Robert Helgesson
1a5b5593d6 eclipse-plugin-scala: 4.4.0 -> 4.4.1 2016-05-06 13:59:01 +02:00
Tobias Geerinckx-Rice
273e160a12
jfbview: split out jfbpdf (jfbview w/o imlib2) 2016-05-06 13:47:50 +02:00
Tobias Geerinckx-Rice
e7cfdd6c14
jfbview: 0.5.1 -> 0.5.2 2016-05-06 13:47:49 +02:00
Tobias Geerinckx-Rice
982f83d310
zpaq: 7.12 -> 7.13 2016-05-06 13:47:48 +02:00
Tobias Geerinckx-Rice
b0f8349d95
nginxUnstable: alias to nginx until next unstable release 2016-05-06 13:47:36 +02:00
Tobias Geerinckx-Rice
07d9de713a
nginx: remove .upstream files 2016-05-06 13:47:12 +02:00
Frederik Rietdijk
8729bd8bb9 pythonPackages.boto3: enable tests, fixes #14985
I've modified #14985 by @adnelson to take into account the update in
b68f09a520
2016-05-06 12:49:10 +02:00
zimbatm
e8803166ef elixir: 1.2.4 -> 1.2.5 2016-05-06 11:23:10 +02:00
zimbatm
9e04279006 Merge branch 'pr/14743'
Closes #14743
2016-05-06 10:07:11 +01:00
ft
8ddddbfe43 added berkeley upc 2016-05-06 10:06:08 +01:00
Vladimír Čunát
25960a52c3 tested job: fix evaluation of chromium tests
It's a bit inconsistent now, but I want mainly unblock the channel.
/cc maintainer @aszlig.
2016-05-06 10:56:17 +02:00
Joachim Fasting
5812642025 Merge pull request #15260 from couchemar/hub-2.2.3
hub: 2.2.2 -> 2.2.3
2016-05-06 10:19:05 +02:00
Peter Simons
71c736e34d Merge pull request #14898 from peti/remove-dovecot-package-option
nixos: remove redundant services.dovecot2.package option
2016-05-06 10:11:45 +02:00
Peter Simons
d270604117 nixos: remove redundant services.dovecot2.package option
Instead of using this option, please modify the dovecot package by means of an
override. For example:

  nixpkgs.config.packageOverrides = super: {
    dovecot = super.dovecot.override { withPgSQL = true; };
  };

Closes https://github.com/NixOS/nixpkgs/issues/14097.
2016-05-06 10:10:06 +02:00
Damien Cassou
4e7e1a8fb6 Merge pull request #15261 from DamienCassou/pharo-vm5-2016.05.04
pharo-vm5: 2016.04.04 -> 2016.05.04
2016-05-06 10:04:36 +02:00
Damien Cassou
7e3f222e7d pharo-vm5: 2016.04.04 -> 2016.05.04 2016-05-06 10:03:02 +02:00
Andrey Pavlov
f5668437ab hub: 2.2.2 -> 2.2.3 2016-05-06 10:39:29 +03:00
Damien Cassou
a06e3b96f8 Merge pull request #15258 from DamienCassou/pharo-vm-PharoV50.sources
pharo-vm: add PharoV50.sources
2016-05-06 09:31:22 +02:00
Damien Cassou
8f1fb8de5b pharo-vm: add PharoV50.sources 2016-05-06 09:29:29 +02:00
Joachim Fasting
cb7f378e9c Merge pull request #15246 from joachifm/bittorrentSync-generic
Bittorrent sync: refactor & update
2016-05-06 08:31:27 +02:00
Franz Pletz
5c49790be5 Merge pull request #15198 from groxxda/bump/iptables
iptables: 1.4.21 -> 1.6.0
2016-05-06 03:18:32 +02:00
Franz Pletz
e478b63b27 Merge pull request #14835 from groxxda/libcap
libcap: 2.24 -> 2.25, replace old split with multi-output
2016-05-06 03:15:16 +02:00
Alexander Ried
aae11b1781 iproute2: 4.3.0 -> 4.5.0 (#15193) 2016-05-06 03:09:47 +02:00
Joachim Fasting
715e42dc76
dnscrypt-proxy: minor refactor 2016-05-06 01:57:08 +02:00
Joachim Fasting
aa478b5021
bittorrentSync: factor out common parts 2016-05-06 01:03:04 +02:00
Joachim Fasting
e4bd66c8f0
bittorrentSync20: 2.3.6 -> 2.3.7 2016-05-06 00:42:31 +02:00
zimbatm
249dcabb33 Merge pull request #14679 from aneeshusa/add-gnome-shell-extensions
Add gnome shell extensions
2016-05-05 23:07:37 +01:00
Joachim Fasting
29ddb150c8 Merge pull request #15247 from uralbash/flamerobin
flamerobin: init at 0.9.3.1
2016-05-05 23:56:54 +02:00
Svintsov Dmitry
8658f9fe5c flamerobin: init at 0.9.3.1 2016-05-06 01:45:43 +05:00
zimbatm
3ade1e7d3e Merge branch 'pr/14911' 2016-05-05 21:28:27 +01:00
Joaquim Pedro França Simão
133dc10e5a open-vm-tools: fixes host VMware errors 2016-05-05 21:27:54 +01:00
Joaquim Pedro França Simão
0ecef73966 open-vm-tools: updates to 10.0.7 and fixes compilation erros 2016-05-05 21:27:54 +01:00
zimbatm
f076f36f8f Merge pull request #14957 from dezgeg/gummiboot-test
NixOS installer tests: Add a test using Gummiboot
2016-05-05 21:14:30 +01:00
zimbatm
982ad14515 Merge pull request #15104 from magnetophon/faust2lv2gui-master
faust2lv2gui: newest faust can create gui for lv2
2016-05-05 21:08:17 +01:00
Joachim Fasting
2d158dc388 Merge pull request #15245 from bobvanderlinden/popcorntime-removed
popcorntime: removed package as discussed in #15120
2016-05-05 21:18:26 +02:00
Joachim Fasting
50b7a542fe Merge pull request #14983 from adnelson/httpretty_python3
httpretty: working build for python3
2016-05-05 21:07:24 +02:00
Bob van der Linden
1b2fb84d75 popcorntime: removed package as discussed in #15120 2016-05-05 21:02:31 +02:00
Joachim Fasting
debc317066 Merge pull request #15242 from kragniz/weechat-1.5
weechat: 1.4 -> 1.5
2016-05-05 20:59:04 +02:00
zimbatm
8b554ccf8f Merge pull request #15187 from psprint/master
zsh-navigation-tools: 1.4 -> 2.0.7, install all files
2016-05-05 19:51:21 +01:00
zimbatm
53d651d0f8 Merge pull request #15195 from nckx/update-nginx
Update nginx to 1.10.0
2016-05-05 19:50:16 +01:00
Joachim Fasting
fbb6d27c58 Merge pull request #15037 from matthiasbeyer/fix-#15030
betamax: Disable tests
2016-05-05 20:50:07 +02:00
zimbatm
fb23979833 Merge pull request #15213 from zimbatm/autojump-share
autojump: include a way to find the share dir
2016-05-05 19:49:17 +01:00
Joachim Fasting
85b3613751 Merge pull request #15139 from aneeshusa/allow-sha512-for-various-fetch-derivations
Allow any hash function for some git-based fetch* derivations
2016-05-05 20:48:56 +02:00
Karn Kallio
deb1c67411
racket: 6.4 -> 6.5 2016-05-05 20:25:25 +02:00