Commit graph

174228 commits

Author SHA1 Message Date
Averell Dalton
a2f6e40cc4 jetbrains.ruby-mine: 2018.3.3 -> 2018.3.5 2019-03-28 15:44:19 +01:00
Averell Dalton
68a33fce4c jetbrains.rider: 2018.3.2 -> 2018.3.4 2019-03-28 15:44:19 +01:00
Averell Dalton
2a328c840f jetbrains.phpstorm: 2018.3.3 -> 2019.1 2019-03-28 15:44:11 +01:00
Averell Dalton
4933eae0d5 jetbrains.idea-ultimate: 2018.3.4 -> 2019.1 2019-03-28 15:44:03 +01:00
Averell Dalton
7cb759636f jetbrains.idea-community: 2018.3.4 -> 2019.1 2019-03-28 15:43:55 +01:00
Averell Dalton
862b211788 jetbrains.goland: 2018.3.3 -> 2019.1 2019-03-28 15:43:37 +01:00
Averell Dalton
43d0137dc8 jetbrains.datagrip: 2018.3.2 -> 2018.3.4 2019-03-28 15:43:37 +01:00
Averell Dalton
ead0e93553 jetbrains.clion: 2018.3.4 -> 2019.1 2019-03-28 15:43:37 +01:00
Sarah Brofeldt
88b32b2004
Merge pull request #58477 from johanot/kubernetes-1.13.5
kubernetes: 1.13.4 -> 1.13.5
2019-03-28 15:31:17 +01:00
Peter Simons
60f680f212
Merge pull request #58483 from dotlambda/dovecot-2.3.5.1
dovecot: 2.3.5 -> 2.3.5.1
2019-03-28 15:07:20 +01:00
Florian Klink
6670b4c37d
Merge pull request #58419 from flokli/ldap-nslcd-startup
nixos/ldap: set proper User= and Group= for nslcd service
2019-03-28 14:30:14 +01:00
Robert Schütz
d3ca36bd64 dovecot: 2.3.5 -> 2.3.5.1
https://dovecot.org/list/dovecot-news/2019-March/000401.html
fixes CVE-2019-7524
2019-03-28 14:00:15 +01:00
Robert Schütz
ef6a1b7f46
Merge pull request #58429 from xeji/p/nevow
python2Packages.nevow, tahoe-lafs: fix build
2019-03-28 13:50:17 +01:00
Florian Klink
8817bbefdb nixos/ldap: set proper User= and Group= for nslcd service
eb90d97009 broke nslcd, as /run/nslcd was
created/chowned as root user, while nslcd wants to do parts as nslcd
user.

This commit changes the nslcd to run with the proper uid/gid from the
start (through User= and Group=), so the RuntimeDirectory has proper
permissions, too.

In some cases, secrets are baked into nslcd's config file during startup
(so we don't want to provide it from the store).

This config file is normally hard-wired to /etc/nslcd.conf, but we don't
want to use PermissionsStartOnly anymore (#56265), and activation
scripts are ugly, so redirect /etc/nslcd.conf to /run/nslcd/nslcd.conf,
which now gets provisioned inside ExecStartPre=.

This change requires the files referenced to in
users.ldap.bind.passwordFile and users.ldap.daemon.rootpwmodpwFile to be
readable by the nslcd user (in the non-nslcd case, this was already the
case for users.ldap.bind.passwordFile)

fixes #57783
2019-03-28 13:08:47 +01:00
Peter Simons
3c9ff308e7
Merge pull request #58467 from mnacamura/r-sys
r-sys: remove obsolete dependency
2019-03-28 12:42:19 +01:00
Michael Weiss
f261841e54
Merge pull request #58428 from primeos/scons
scons: 3.0.4 -> 3.0.5
2019-03-28 12:27:31 +01:00
Johan Thomsen
e76f30e5a2 kubernetes: 1.13.4 -> 1.13.5 2019-03-28 11:28:13 +01:00
Peter Simons
1e41576638 hackage-packages.nix: automatic Haskell package set update
This update was generated by hackage2nix v2.14.2-4-gd25a3c5 from Hackage revision
f007a3166a.
2019-03-28 10:27:46 +01:00
Peter Simons
c406a7287d hackage2nix: update list of broken Haskell packages 2019-03-28 10:27:45 +01:00
Vincent Demeester
3000de433e
skaffold: 0.25.0 -> 0.26.0
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2019-03-28 09:29:48 +01:00
Peter Simons
255a06b1fe
Merge pull request #58470 from mnacamura/r-fix-deps
rPackages: fix missing dependency to libiconv
2019-03-28 09:15:17 +01:00
Andrew Childs
26e82e684c emacs: only use patchelf on linux
This prevents building Emacs with X on Darwin.

Broken by 5af6e9f75e (#54916)
2019-03-28 16:03:46 +09:00
Mitsuhiro Nakamura
157921f2e7 rPackages: fix missing dependency to libiconv 2019-03-28 12:11:47 +09:00
Mitsuhiro Nakamura
d07c3139ed r-sys: remove obsolete dependency 2019-03-28 11:20:04 +09:00
nyanloutre
b16b1b377b kde-applications: 18.12.1 -> 18.12.3 2019-03-27 22:17:12 -04:00
nyanloutre
4b7d9dc868 fetch-kde-qt.sh: get hashes from metadata 2019-03-27 22:16:18 -04:00
DzmitrySudnik
e10329a455 terraform-providers: bump versions 2019-03-27 19:34:40 -04:00
R. RyanTM
7e8d125e19 pmd: 6.11.0 -> 6.12.0 (#57369)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/pmd/versions
2019-03-27 23:26:52 +01:00
R. RyanTM
2ce544a8b1 minimap2: 2.15 -> 2.16 (#57319)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/minimap2/versions
2019-03-27 23:25:52 +01:00
R. RyanTM
c62742719b librealsense: 2.18.0 -> 2.19.0 (#57293)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/librealsense/versions
2019-03-27 23:20:42 +01:00
R. RyanTM
cc1cc4970b live555: 2019.02.03 -> 2019.03.06 (#57305)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/live555/versions
2019-03-27 23:19:27 +01:00
R. RyanTM
7d8ed1c921 libdap: 3.20.2 -> 3.20.3 (#57273)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libdap/versions
2019-03-27 23:18:30 +01:00
Timo Kaufmann
197bc2afc0
python.pkgs.pybullet: init at 2.4.8 (#58448) 2019-03-27 22:17:37 +00:00
R. RyanTM
6c0a30321e libsoundio: 1.1.0 -> 2.0.0 (#57298)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libsoundio/versions
2019-03-27 23:16:14 +01:00
R. RyanTM
3c9f5ae7e1 google-drive-ocamlfuse: 0.7.1 -> 0.7.2 (#56687)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/google-drive-ocamlfuse/versions
2019-03-27 23:15:58 +01:00
R. RyanTM
257076158d libdsk: 1.5.9 -> 1.5.10 (#57274)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libdsk/versions
2019-03-27 23:12:20 +01:00
R. RyanTM
ca691e8f42 libratbag: 0.9.904 -> 0.9.905 (#57292)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libratbag/versions
2019-03-27 23:10:10 +01:00
R. RyanTM
baa5d17a06 logcheck: 1.3.19 -> 1.3.20 (#57307)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/logcheck/versions
2019-03-27 23:08:02 +01:00
R. RyanTM
485bde18dc mdk: 1.2.9 -> 1.2.10 (#58335)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/gnu-mdk/versions
2019-03-27 23:02:52 +01:00
Uli Baum
0b8d40a754 qtikz: fix build
qcollectiongenerator was merged into qhelpgenerator in qt 5.12,
see https://blog.qt.io/blog/2018/11/02/whats-new-qt-help/
2019-03-27 22:35:21 +01:00
Timo Kaufmann
f2569b9116
python.pkgs.baselines: init at 0.1.5 (#58452) 2019-03-27 21:27:22 +00:00
Timo Kaufmann
e7a084bdba
python.pkgs.roboschool: init at 1.0.39 (#58451)
Needs a forked version of bullet.
2019-03-27 21:26:54 +00:00
Silvan Mosberger
a921f8a1d1
Merge pull request #57921 from rnhmjoj/monero
monero-gui: fix missing qml imports
2019-03-27 21:23:06 +01:00
Uli Baum
ea5f0983e7 tahoe-lafs: fix build 2019-03-27 21:13:14 +01:00
aszlig
ada3239253
nixos/release-notes: Add entry about confinement
First of all, the reason I added this to the "highlights" section is
that we want users to be aware of these options, because in the end we
really want to decrease the attack surface of NixOS services and this is
a step towards improving that situation.

The reason why I'm adding this to the changelog of the NixOS 19.03
release instead of 19.09 is that it makes backporting services that use
these options easier. Doing the backport of the confinement module after
the official release would mean that it's not part of the release
announcement and potentially could fall under the radar of most users.

These options and the whole module also do not change anything in
existing services or affect other modules, so they're purely optional.

Adding this "last minute" to the 19.03 release doesn't hurt and is
probably a good preparation for the next months where we hopefully
confine as much services as we can :-)

I also have asked @samueldr and @lheckemann, whether they're okay with
the inclusion in 19.03. While so far only @samueldr has accepted the
change, we can still move the changelog entry to the NixOS 19.09 release
notes in case @lheckemann rejects it.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 21:07:07 +01:00
Graham Christensen
6af317616e
Merge pull request #58431 from alexbiehl/alex/nix-layers
dockerTools: align generated layer archives with docker's output
2019-03-27 15:54:22 -04:00
aszlig
52299bccf5
nixos/confinement: Use PrivateMounts option
So far we had MountFlags = "private", but as @Infinisil has correctly
noticed, there is a dedicated PrivateMounts option, which does exactly
that and is better integrated than providing raw mount flags.

When checking for the reason why I used MountFlags instead of
PrivateMounts, I found that at the time I wrote the initial version of
this module (Mar 12 06:15:58 2018 +0100) the PrivateMounts option didn't
exist yet and has been added to systemd in Jun 13 08:20:18 2018 +0200.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 20:34:32 +01:00
aszlig
861a1cec60
nixos/confinement: Remove handling for StartOnly
Noted by @Infinisil on IRC:

   infinisil: Question regarding the confinement PR
   infinisil: On line 136 you do different things depending on
              RootDirectoryStartOnly
   infinisil: But on line 157 you have an assertion that disallows that
              option being true
   infinisil: Is there a reason behind this or am I missing something

I originally left this in so that once systemd supports that, we can
just flip a switch and remove the assertion and thus support
RootDirectoryStartOnly for our confinement module.

However, this doesn't seem to be on the roadmap for systemd in the
foreseeable future, so I'll just remove this, especially because it's
very easy to add it again, once it is supported.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 20:22:37 +01:00
Sarah Brofeldt
431d8e3038
Merge pull request #58454 from srhb/brig-fix-metrics
brig: Fix build of metrics jobs, cleanup
2019-03-27 20:17:50 +01:00
Väinö Järvelä
d984875aff websocat: Fix on macOS 2019-03-27 14:00:09 -05:00