Commit graph

9645 commits

Author SHA1 Message Date
Matthew Bauer
3cfdf8eb23
Merge pull request #53539 from matthewbauer/darwin-fixes4
Fixes for recent darwin changes
2019-01-07 15:44:21 -06:00
Joachim Fasting
865f7a14b4
Revert "Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT""
This reverts commit c68e8b05f0.

RANDSTRUCT currently fails to work with out-of-tree modules, as
evinced by
c68e8b05f0 (commitcomment-31850284)
and https://github.com/NixOS/nixpkgs/issues/53522.

Specifically, loading out-of-tree modules results in modsym version
mismatches, as in
   spl: version magic '4.20.0 SMP mod_unload modversions RANDSTRUCT_PLUGIN
from the issue above.

A working hypothesis is that the randstruct seed is not carried over when
building out-of-tree modules but more investigation is needed here.

Closes https://github.com/NixOS/nixpkgs/issues/53522
2019-01-07 19:50:12 +01:00
Tim Steinbach
97aba92bcd
linux: 4.20-rc7 -> 5.0-rc1 2019-01-07 07:57:38 -05:00
Matthew Bauer
ed6148726b darwin: fix more *_cmds derivation
Doh
2019-01-06 22:34:19 -06:00
Matthew Bauer
2bbec30c2e darwin.diskdev_cmds: fix build with dsymutil
xcbuild doesn’t handle dsymutil correctly. fuser.pl does not contain
debug symbols, but xcbuild doesn’t handle this like xcodebuild does.
So, just disable the debug information. We probably should do this in
more places using xcbuild, but it requires some arbitrary patching.
2019-01-06 22:13:11 -06:00
Vladimír Čunát
9ee8cf5177
linuxPackages.nvidia_x11*: unmaintain
I now no longer use an nvidia card commonly, so it would be harder for
me to test at least a bit.  And I'm overcommited anyway.
Hopefully someone else can be found.
2019-01-06 14:59:03 +01:00
Vladimír Čunát
10a12194e3
Merge #53490: fix treewide linking errors after #51770
Issue #53001.  This might not be all of them, but let's not wait.
2019-01-06 12:14:52 +01:00
Vladimír Čunát
68c3097b96
rtkit: link with librt explicitly 2019-01-06 12:12:49 +01:00
Frederik Rietdijk
e5381cdece Merge master into staging-next 2019-01-06 09:36:23 +01:00
Will Dietz
2d79465173
Merge pull request #51700 from dtzWill/update/i2c-tools-4.1
i2c-tools: 4.0 -> 4.1
2019-01-05 13:46:26 -06:00
Vladimír Čunát
d84a33d85b
Merge branch 'master' into staging-next
A few more rebuilds (~1k on x86_64-linux).
2019-01-05 15:02:04 +01:00
R. RyanTM
df834ee56d sysstat: 12.1.1 -> 12.1.2 (#52675)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/sysstat/versions
2019-01-05 14:47:25 +01:00
Joachim Fasting
d62086e6fc
hardened-config: allow slub/slab free poisoning 2019-01-05 14:07:36 +01:00
Joachim Fasting
11840f5c70
hardened-config: explain HARDENED_USERCOPY_FALLBACK n 2019-01-05 14:07:36 +01:00
Joachim Fasting
dfd77a046d
hardened-config: ensure STRICT_KERNEL_RWX
This is y in the default config, but enable it explicitly here to catch
situations where it has been disabled (explicitly or implicitly).
2019-01-05 14:07:35 +01:00
Joachim Fasting
1801aad7b8
hardened-config: clarify MODIFY_LDT_SYSCALL
This likely never worked; MODIFY_LDT_SYSCALL depends on EXPERT; enabling
EXPERT however seems to introduce quite a few changes that would need to be
properly vetted.

The version guard is unnecessary, however, as this config has been supported
since 4.3.
2019-01-05 14:07:34 +01:00
Joachim Fasting
abc8ed3fca
hardened-config: clarify readonly LSM hooks config
SECURITY_WRITABLE_HOOKS is implicitly controlled by SECURITY_SELINUX_DISABLE;
explicitly unsetting results in an error because the configfile builder fails
to detect that it has in fact been unset (reporting it as an unused option).
For now, leave WRITABLE_HOOKS as an "optional" config for documentation
purposes.
2019-01-05 14:07:33 +01:00
Joachim Fasting
c68e8b05f0
Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT"
This reverts commit 5dda1324be.

Presumably this was done to work around build errors or something but it
works fine now.
2019-01-05 14:07:21 +01:00
Michael Weiss
e7e18206dd
fuse: 2.9.8 -> 2.9.9 2019-01-05 02:26:02 +01:00
Joachim F
893c51bda8
Merge pull request #53369 from delroth/kernel-hardening
Re-add security features based on GCC plugins in 4.18+ hardened kernels
2019-01-04 21:49:53 +00:00
Pierre Bourdon
0f7ca26a48
kernel/hardened-config.nix: add STACKLEAK plugin on 4.20+ 2019-01-04 22:24:50 +01:00
Pierre Bourdon
9dc0d94896
kernel/hardened-config.nix: re-enable GCC plugins 2019-01-04 22:24:50 +01:00
Pierre Bourdon
c789f642f0
kernel/generic.nix: provide required dependencies for GCC plugins builds 2019-01-04 22:24:50 +01:00
Frederik Rietdijk
9618abe87c Merge master into staging-next 2019-01-04 21:13:19 +01:00
Matthew Bauer
030f66400d darwin.adv_cmds: fix build 2019-01-04 10:28:22 -06:00
Dominik Xaver Hörl
b7967e9dc4 dbus-broker: 13 -> 17 2019-01-04 14:36:30 +01:00
Benno Fünfstück
7817aa3641
linux-rpi: set correct hydraPlatforms (#53325) 2019-01-03 22:42:14 +01:00
Matthew Bauer
8cb2d35760 darwin: fix typos in install scripts
fixes some issues in my commits in:

- basic_cmds
- network_cmds

(cherry picked from commit f283145308aec6aa9a8c3c6cbd4864718ccb7c53)
2019-01-03 15:20:26 -06:00
Matthew Bauer
8505e710e7 Revert "darwin 10.12 commits"
Reverts commits bumping to macOS stuff to 10.12:

commit ec1f78d1cb.
commit d0dc91d24f.
commit a1d297374d.
commit 425112151d.
commit e6f7f2928f.
2019-01-03 15:20:26 -06:00
Jörg Thalheim
31682848cb
android-udev-rules: 20180112 -> 20181031 2019-01-03 20:56:39 +01:00
Frederik Rietdijk
092e3b50a8 Merge master into staging-next 2019-01-02 21:08:27 +01:00
Joachim F
88c516dd55
Merge pull request #52606 from lopsided98/linux-hardkernel-update
linux_hardkernel_4_14: 4.14.85-152 -> 4.14.87-153
2019-01-02 18:16:47 +00:00
David Guibert
d8e907ba18 conky: 1.11.0 -> 1.11.1 (#53157)
This fixes #52797.
2019-01-02 09:54:22 +01:00
Jan Tojnar
b2b921bdca
Merge pull request #53149 from jtojnar/qrencode-cleanup
qrencode: merge with libqrencode
2019-01-02 02:18:22 +01:00
R. RyanTM
46e7ce0526 lxc: 3.0.2 -> 3.0.3 (#52239)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/lxc/versions
2019-01-01 20:35:37 +01:00
Jan Tojnar
c5c2ac4f45
qrencode: merge with libqrencode 2019-01-01 17:19:07 +01:00
Will Dietz
d60806b90b i2c-toools: touchups, NFCI. (reviewer suggestions, thanks!) 2018-12-31 11:26:07 -06:00
Frederik Rietdijk
070290bda7 Merge master into staging-next 2018-12-31 12:00:36 +01:00
Tim Steinbach
d6805baded
linux: 4.19.12 -> 4.19.13 2018-12-30 09:57:54 -05:00
Tim Steinbach
226eb52715
linux: 4.14.90 -> 4.14.91 2018-12-30 09:57:54 -05:00
Tim Steinbach
a7bd7a38ea
linux: 4.9.147 -> 4.9.148 2018-12-30 09:57:53 -05:00
Matthew Bauer
ec1f78d1cb darwin.libunwind: fix hash 2018-12-30 00:00:30 -06:00
Matthew Bauer
4f522648cb darwin: fix *_cmds installation
These just copy commands from Products/Release/. But with #52256 we
now build .dsym directories that somehow wind up in Products/Release/.
This makes things more exact by just copying the files in Products/Release/.
2018-12-29 23:58:10 -06:00
Matthew Bauer
d0dc91d24f darwin: bump apple_sdks to 10.12
(cherry picked from commit 0b468bf0335eaa606fccfe98d4a36c3efbe83f2a)
2018-12-29 20:17:05 -06:00
Ivan Kozik
1c8fea18e2 kernel/patches.nix: remove hard tabs 2018-12-28 09:06:56 +01:00
Matthew Bauer
a1d297374d darwin.hfs: put headers in hfs/ directory
This is where they are supposed to go. My mistake in the original
commit.
2018-12-27 11:18:28 -06:00
Frederik Rietdijk
10afccf145 Merge staging-next into staging 2018-12-27 18:11:34 +01:00
Dmitry Kalinkin
3edd5cb227
Merge pull request #51294 from eadwu/nvidia_x11/legacy_390
nvidia: expose nvidia_x11_legacy390
2018-12-27 09:08:53 -05:00
markuskowa
98561c789c
Merge pull request #52597 from lopsided98/lvm2-no-parallel
lvm2: disable parallel building
2018-12-27 14:21:25 +01:00
Samuel Dionne-Riel
889ef35303 linuxPackages_4_{19,20}: works around bug with overlayfs.
See: https://github.com/NixOS/nixpkgs/issues/48828#issuecomment-445208626
2018-12-26 22:51:31 +00:00