Commit graph

286915 commits

Author SHA1 Message Date
Austin Seipp
b3676834ca
Merge pull request #121544 from petabyteboy/feature/bpftools
bpftools: build bpf_asm, bpf_dbg
2021-05-03 00:46:37 -05:00
midchildan
dea7f56b5d
perlPackages.ImageExifTool: apply fix for CVE-2021-22204 2021-05-03 14:46:13 +09:00
Daniël de Kok
639730bd11
Merge pull request #121475 from danieldk/makemkv-ffmpeg
makemkv: switch from ffmpeg_3 to ffmpeg
2021-05-03 07:43:25 +02:00
Otavio Salvador
37bdc088ef cargo-msrv: init at 0.4.0
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
2021-05-02 22:02:44 -07:00
Mario Rodas
ed22da947c
Merge pull request #121554 from r-ryantm/auto-update/go-tools
go-tools: 2020.2.3 -> 2020.2.4
2021-05-02 23:52:13 -05:00
Mario Rodas
6570482b44
Merge pull request #121358 from r-ryantm/auto-update/grpcurl
grpcurl: 1.8.0 -> 1.8.1
2021-05-02 23:48:55 -05:00
JesusMtnez
4eb7c561e3
slack: 4.14.0 -> 4.15.0 2021-05-03 06:44:16 +02:00
R. RyanTM
25fd0dde19 go-tools: 2020.2.3 -> 2020.2.4 2021-05-03 03:34:08 +00:00
Ben Siraphob
4ec2272826 top-level/coq-packages: remove dontDistribute
In the GitHub discussion of 527bad18d0,
it was decided to allow Hydra to build coqPackages.
2021-05-03 09:10:37 +07:00
Luke Granger-Brown
b942e0f650 nixos/tests/installer: don't break under i686
Currently, the installer tests just hang after the initial install phase
on i686 because qemu just quits because of the gic parameter.

Fix this by doing x86 things for both x86-64 and i686.
2021-05-03 01:44:54 +00:00
Martin Weinelt
d0dc38c19f
Merge pull request #121525 from primeos/glances
glances: 3.1.6.2 -> 3.1.7
2021-05-03 03:23:21 +02:00
nixinator
d5a0b50f26 methane: init at 2.0.1 2021-05-02 18:12:31 -07:00
nixinator
11bb46fdc6 clanlib: init at 4.1.0
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2021-05-02 18:12:31 -07:00
Robert Schütz
280c8cf540
py3c: fix build with darwin (#121447) 2021-05-03 02:04:29 +02:00
Milan Pässler
c4bd0719e3
bpftools: build bpf_asm, bpf_dbg
I needed some other bpf-related tools located in the kernel source tree,
so I hijacked the bpftool package, renamed it to bpftools and added
those programs.
2021-05-03 00:59:50 +02:00
Robert Schütz
27d0a91fd4 authenticator: init at 4.0.3 2021-05-03 00:46:50 +02:00
Martin Weinelt
d67fc76603
Merge pull request #120536 from mweinelt/mosquitto 2021-05-03 00:41:21 +02:00
Martin Weinelt
fb5b00d2eb
Merge pull request #120526 from mweinelt/home-assistant 2021-05-03 00:35:50 +02:00
Martin Weinelt
f41349d30d
nixos/home-assistant: Restart systemd unit on restart service
Home-assistant through its `--runner` commandline flag supports sending
exit code 100 when the `homeassistant.restart` service is called.

With `RestartForceExitStatus` we can listen for that specific exit code
and restart the whole systemd unit, providing an actual clean restart
with fresh processes. Additional treat exit code 100 as a successful
termination.
2021-05-03 00:21:25 +02:00
Martin Weinelt
1dbb60f562
nixos/tests/home-assistant: update maintainership to home-assistant team 2021-05-03 00:21:25 +02:00
Martin Weinelt
8ab7fc1107
nixos/tests/home-assistant: test capability passing
Configures the emulated_hue component and expects CAP_NET_BIND_SERVICE
to be passed in order to be able to bind to 80/tcp.

Also print the systemd security analysis, so we can spot changes more
quickly.
2021-05-03 00:21:25 +02:00
Martin Weinelt
7d09d7f571
nixos/home-assistant: harden systemd service
This is what is still exposed, and it should still allow things to work
as usual.

✗ PrivateNetwork=                    Service has access to the host's …      0.5
✗ RestrictAddressFamilies=~AF_(INET… Service may allocate Internet soc…      0.3
✗ DeviceAllow=                       Service has a device ACL with som…      0.1
✗ IPAddressDeny=                     Service does not define an IP add…      0.2
✗ PrivateDevices=                    Service potentially has access to…      0.2
✗ PrivateUsers=                      Service has access to other users       0.2
✗ SystemCallFilter=~@resources       System call allow list defined fo…      0.2
✗ RootDirectory=/RootImage=          Service runs within the host's ro…      0.1
✗ SupplementaryGroups=               Service runs with supplementary g…      0.1
✗ RestrictAddressFamilies=~AF_UNIX   Service may allocate local sockets      0.1

→ Overall exposure level for home-assistant.service: 1.6 OK :-)

This can grow to as much as ~1.9 if you use one of the bluetooth or nmap
trackers or the emulated_hue component, all of which required elevated
permisssions.
2021-05-03 00:21:24 +02:00
Mario Rodas
8b0515eb9a
pngquant: 2.12.5 -> 2.14.1 (#121470) 2021-05-02 23:59:08 +02:00
Luke Granger-Brown
f2a91ec2b7 nixos/tests/gitdaemon: deflake by using systemd-tmpfiles
git-daemon won't start up if its project directory (here /git) doesn't
exist. If we try to create it using the test harness, then we're racing
whether we manage to connect to the backdoor vs. the startup speed of
git-daemon.

Instead, use systemd-tmpfiles, which is guaranteed(?) to run before
network.target and thus before git-daemon.service starts.
2021-05-02 21:58:43 +00:00
Luke Granger-Brown
a6fb22a689 nixos/tests/rspamd: increase memory
rspamd seems to be consuming more memory now sometimes, causing OOMs in
the test.

Increase the memory given to these VMs to make the tests pass more
reliably.
2021-05-02 21:50:17 +00:00
Luke Granger-Brown
649672e76e nixos/postfix: fix compatibility level
Postfix has started outputting an error on startup that it can't parse
the compatibility level 9999.

Instead, just set the compatibility level to be identical to the current
version, which seems to be the (new) intent for the compatibility level.
2021-05-02 21:49:33 +00:00
Luke Granger-Brown
da000ae239 nixos/tests/custom-ca: fix by setting Content-Type
This test was failing because Firefox was displaying a download prompt
rather than the page content, presumably because mumble mumble
content-type sniffing.

By explicitly setting a content-type, the test now passes.
2021-05-02 21:38:56 +00:00
Rick van Schijndel
742adf762b graphene: fix build by allowing newer versions of aniso8601
All tests seem to pass, which gives some confidence that this is ok.
2021-05-02 22:56:53 +02:00
Martin Weinelt
d942d4473d neovim, neovimUtils, neovim-qt: drop python2 support
In 2a00e53bd pynvim support for python2 was disabled, this broke the
neovim build. I really think it is time to let go of python2 support in
neovim.
2021-05-02 22:43:53 +02:00
R. RyanTM
f5e695bf3a
kubelogin-oidc: 1.23.0 -> 1.23.1 (#121440) 2021-05-02 16:39:45 -04:00
Jonathan Ringer
a060b84b32 vscod{e,ium}-fhs: add top-level aliases, add description 2021-05-02 13:38:52 -07:00
Jonathan Ringer
9bd292c929 vscod{e,ium}: Add fhs passthru 2021-05-02 13:38:52 -07:00
Jonathan Ringer
73a0b6c826 buildFHSUserEnvBubblewrap: add dieWithParent option, and /etc/nix
Allows for processes which fork to not be immediately
killed when the parent process dies.
2021-05-02 13:38:52 -07:00
Luke Granger-Brown
4518794ee5
Merge pull request #121534 from lukegb/bogus-mk2
tela-icon-theme: more changes to change the hash
2021-05-02 21:25:34 +01:00
Martin Weinelt
6c022654f6 python3Packages.csvw: 1.10.1 -> 1.10.2 2021-05-02 13:24:22 -07:00
Luke Granger-Brown
134c68a411 tela-icon-theme: use stdenvNoCC
This doesn't use any of the compilers tools, so it may as well use the
compilerless version of the stdenv.
2021-05-02 20:18:48 +00:00
Luke Granger-Brown
a494e0ce56 tela-icon-theme: switch to gpl3Only
Since the license isn't documented anywhere other than COPYING, it must
be assumed that the intent was to license only under the included
license, without any extra clauses such as the "(at your option) any
later version" clause.
2021-05-02 20:18:01 +00:00
Luke Granger-Brown
6f55db13eb tela-icon-theme: skip patchelf and symlink rewrite steps
* We don't have any ELFs to patch.
* Scanning all the symlinks is slow, and jdupes already makes them
  relative anyway.
2021-05-02 20:17:16 +00:00
Leo Gaskin
f4ec650cde texlive.bin.dvisvgm: Use version provided by TeXLive
The dvisvgm version provided by TeXLive now includes the fixes
mentioned in the attached issue and thus can be used again instead of
relying on upstream sources.
2021-05-02 22:05:29 +02:00
Leo Gaskin
dbc6e67bb3 texlive.bin: Use xpdf provided by TeXLive
This is done because the xpdf provided by Nixpkgs is marked as
insecure.  Granted, the version provided by TeXLive also has these
vulnerabilities, but it might be okay to treat them as irrelevant in
the context of TeX.
2021-05-02 22:05:29 +02:00
Leo Gaskin
7bf9a3b250 texlive.bin: fix for replacement of poppler with pplib
TeXLive no longer depends on or supports poppler, instead using the
homegrown pplib library.
2021-05-02 22:05:29 +02:00
Leo Gaskin
2ffe681e66 texlive: 2020 -> 2021 2021-05-02 21:50:09 +02:00
Robert Schütz
7b3df91236 libadwaita: init at unstable-2021-05-01 2021-05-02 21:27:21 +02:00
Michael Weiss
501956b985
glances: 3.1.6.2 -> 3.1.7 2021-05-02 21:22:56 +02:00
Andreas Rammhold
e3ad419b87
Merge pull request #121461 from marsam/update-gopass
gopass: 1.12.5 -> 1.12.6
2021-05-02 20:11:54 +02:00
Anderson Torres
4e78613c05
Merge pull request #121424 from dotlambda/ophis-fix
ophis: fix build
2021-05-02 14:58:43 -03:00
Anderson Torres
bebfaab5ba
Merge pull request #121405 from branwright1/revert-121357-new-river
Revert "river: refactor"
2021-05-02 14:57:41 -03:00
Mario Rodas
fb5a9e4095
Merge pull request #121466 from marsam/update-lxc
lxc: 4.0.7 -> 4.0.8
2021-05-02 12:55:16 -05:00
José Romildo Malaquias
a611906544 xfce: add release note about dropping lighter gvfs package 2021-05-02 14:26:52 -03:00
R. RyanTM
7985d9e4ac
lego: 4.2.0 -> 4.3.1
https://github.com/go-acme/lego/releases/tag/v4.3.0
https://github.com/go-acme/lego/releases/tag/v4.3.1
2021-05-02 19:12:48 +02:00