Manually remove trailing white spaces
in `pkgs/**.nix` with the help of an editor
Auto-generated nix expressions containing trailing whitespaces:
* pkgs/development/haskell-modules/hackage-packages.nix
* See issue https://github.com/NixOS/cabal2nix/issues/208
* pkgs/**/eggs.nix
* I don't know how they are generated,
but they seems to be Python-related.
Maintainers Notes below.
~~~
Hello,
New versions of all the skarnet.org packages are available.
skalibs has undergone a major update, with a few APIs having disappeared,
and others having changed. Compatibility with previous versions is *not*
assured.
Consequently, all the rest of the skarnet.org software has undergone
at least a release bump, in order to build with the new skalibs. But
some packages also have new functionality added (hence, a minor bump),
and others also have their own incompatible changes (hence, a major bump).
The new versions are the following:
skalibs-2.11.0.0 (major)
nsss-0.2.0.0 (major)
utmps-0.1.0.3 (release)
execline-2.8.1.0 (minor)
s6-2.11.0.0 (major)
s6-rc-0.5.2.3 (release)
s6-portable-utils-2.2.3.3 (release)
s6-linux-utils-2.5.1.6 (release)
s6-linux-init-1.0.6.4 (release)
s6-dns-2.3.5.2 (release)
s6-networking-2.5.0.0 (major)
mdevd-0.1.5.0 (minor)
bcnm-0.0.1.4 (release)
dnsfunnel-0.0.1.2 (release)
Additionally, a new package has been released:
smtpd-starttls-proxy-0.0.1.0
Dependencies have all been updated to the latest versions. They are,
this time, partially strict: libraries and binaries may build with older
releases of their dependencies, but not across major version bumps. The
safest approach is to upgrade everything at the same time.
You do not need to recompile your s6-rc service databases or recreate
your s6-linux-init run-images.
You should restart your supervision tree after upgrading skalibs and s6,
as soon as is convenient for you.
Details of major and minor package changes follow.
* skalibs-2.11.0.0
----------------
- A lot of obsolete or useless functionality has been removed:
libbiguint, rc4, md5, iobuffer, skasigaction, environ.h and
getpeereid.h headers, various functions that have not proven their
value in a while.
- Some functions changed signatures or changed names, or both.
- All custom types ending in _t have been renamed, to avoid treading on
POSIX namespace. (The same change has not been done yet in other
packages, but skalibs was the biggest offender by far.)
- Signal functions have been deeply reworked.
- cdb has been reworked, the API is now more user-friendly.
- New functions have been added.
The deletion of significant portions of code has made skalibs leaner.
libskarnet.so has dropped under 190 kB on x86_64.
The cdb rewrite on its own has helped reduce an important amount of
boilerplate in cdb-using code.
All in all, code linked against the new skalibs should be slightly
smaller and use a tiny bit less RAM.
https://skarnet.org/software/skalibs/
git://git.skarnet.org/skalibs
* nsss-0.2.0.0
------------
- Bugfixes.
- nsss-switch wire protocol slightly modified, which is enough to
warrant a major version bump.
- _r functions are now entirely thread-safe.
- Spawned nsssd programs are now persistent and only expire after a
timeout on non-enumeration queries. This saves a lot of forking with
applications that can call primitives such as getpwnam() repeatedly, as
e.g. mdevd does when initially parsing its configuration file.
- New nsssd-switch program, implementing real nsswitch functionality
by dispatching queries to various backends according to a script.
It does not dlopen a single library or read a single config file.
https://skarnet.org/software/nsss/
git://git.skarnet.org/nsss
* execline-2.8.1.0
----------------
- Bugfixes.
- New binary: case. It compares a value against a series of regular
expressions, executing into another command line on the first match.
https://skarnet.org/software/execline/
git://git.skarnet.org/execline
* s6-2.11.0.0
-----------
- Bugfixes.
- Some libs6 header names have been simplified.
- s6-svwait now accepts -r and -R options.
- s6-supervise now reads an optional lock-fd file in the service
directory; if it finds one, the first action of the service is to take
a blocking lock. This prevents confusion when a controller process dies
while still leaving workers holding resources; it also prevents log
spamming on user mistakes (autobackgrounding services, notably).
- New binaries: s6-socklog, s6-svlink, s6-svunlink. The former is a
rewrite of smarden.org's socklog program, in order to implement a fully
functional syslogd with only s6 programs. The latter are tools that start
and stop services by symlinking/unlinking service directories from a
scan directory, in order to make it easier to integrate s6-style services
in boot scripts for sequential service managers such as OpenRC.
https://skarnet.org/software/s6/
git://git.skarnet.org/s6
* s6-networking-2.5.0.0
---------------------
- Bugfixes.
- minidentd has been removed. It was an old and somehow still buggy
piece of code that was only hanging around for nostalgia reasons.
- Full support for client certificates. Details of the client
certificate are transmitted to the application via environment
variables (or via an environment string in the case of opportunistic
TLS).
- Full SNI support, including server-side. (That involved a deep dive
into the bearssl internals, which is why it took so long.) The filenames
containing secret keys and certificates for <domain> are read in the
environment variables KEYFILE:<domain> and CERTFILE:<domain>.
Complete client certificate and SNI support now make the TLS part of
s6-networking a fully viable replacement of stunnel and other similar
TLS tunneling tools. This is most interesting when s6-networking is
built against bearssl, which uses about 1/9 of the resources that OpenSSL
needs.
https://skarnet.org/software/s6-networking/
git://git.skarnet.org/s6-networking
* mdevd-0.1.5.0
-------------
- A new option to mdevd is available: -O <nlgroups>.
This option makes mdevd rebroadcast uevents to a netlink group (or set
of netlink groups) once they have been handled. This allows applications
to read uevents from a netlink group *after* the device manager is done
with them. This is useful, for instance, when pairing mdevd with
libudev-zero for full udev emulation.
- The * and & directives, which previously were only triggered by
"add" and "remove" actions, are now triggered by *all* action types.
This gives users full scripting access to any event, which can be
used to implement complex rules similar to udev ones.
These two changes make it possible to now build a full-featured desktop
system based on mdevd + libudev-zero, without running systemd-udevd or
eudev.
https://skarnet.org/software/mdevd/
git://git.skarnet.org/mdevd
* smtpd-starttls-proxy-0.0.1.0
----------------------------
This new package, in conjunction with the latest s6-networking,
implements the STARTTLS functionality for inetd-like mail servers that
do not already support it. (Currently only tested with qmail-smtpd.)
If you have noticed that sending mail to skarnet.org supports STARTTLS
now, it is thanks to this little piece of software.
https://skarnet.org/software/smtpd-starttls-proxy/
git://git.skarnet.org/smtpd-starttls-proxy
Enjoy,
Bug-reports welcome.
Laurent
fixes e.g.:
pkgsMusl.libfsm
pkgsMusl.libiscsi
pkgsMusl.nsjail
pkgsMusl.pv
match strings have whitespace on either side, which wasn't
matching leading/trailing arguments previously
fixes:
pkgsMusl.bulletml
pkgsMusl.proot
pkgsMusl.python3
Debian explains this issue well in the dpkg-buildflags manpage:
-fPIE
Can be linked into any program, but not a shared library (recommended).
-fPIC
Can be linked into any program and shared library.
On projects that build both programs and shared libraries you might need to
make sure that when building the shared libraries -fPIC is always passed last
(so that it overrides any previous -PIE) to compilation flags such as CFLAGS.
(from https://manpages.debian.org/bullseye/dpkg-dev/dpkg-buildflags.1.en.html#hardening)
In restricted mode (and therefore with flakes) `builtins.readFile` may not be the result of `builtins.toFile`,
making it impossible to use a generated lockFile (with or without IFD),
and thereby causing evaluation to fail if `system != builtins.currentSystem` on Hydra
so the jobs are not delegated to eligible build machines that support that system.
This is done in a way that avoids rebuilds.
autoPatchelfHook actually doesn't depend on stdenv and only needs
bintools (with its wrapper). This change uses $NIX_BINTOOLS instead of
$NIX_CC and makes the dependency on bintools explicit.
Fully enabling crossSystem support for autoPatchelfHook came with some
perhaps unintended consequences of being a bit more aggressive about
patching ELF files from architectures/ABIs that differ from the target
(previously, those files would be ignored because ldd usually couldn't
handle them).
This change adds architecture and rough OS ABI detection to the script
so that it doesn't try to blindly replace the interpreter of files that
can't possibly use that interpreter, and also makes sure it doesn't
accidentally use libraries of other architectures/ABIs.
The current name is misleading: it doesn't contain cli arguments,
but several constants and utility functions related to qemu.
This commit also removes the use of `with import ...` for clarity.