Switch off HAVE_SAVED_UIDS since it activates a code path for temporary
privilege dropping which does not work on NixOS.
Vixie-cron's sources ship with two implementations. Unfortunately, the
one activated by HAVE_SAVED_UIDS (using setuid()) does not work on
NixOS. Saved UIDs work only if the program which is using them has the
setuid bit set on its own executable, not if called from a setuid
wrapper (as we do it in NixOS). The other implementation (using
setreuid()) works without problems.
Quote from
<http://stackoverflow.com/questions/8499296/realuid-saved-uid-effective-uid-whats-going-on>:
If you're euid is root and you change the uid, the privileges gets
dropped permanently.If effective user id is not root then saved user
id is never touched and you can regain the root privilege back
anytime you want in your program.
Also extend the default PATH with NixOS-specific bin directories as
vixie-cron's default is not really usable on NixOS.
Re #16518Closes#16522
* Add missing modules (fixes warnings and errors).
* Step 1 to unbreak starting Xvfb by making xpra invoke it with
valid log dir ($HOME/.xpra). Without this fix, it is invoked with
~/.xpra, which Xvfb doesn't know how to interpret and uses it
literally (fail). Step 2 will be fixing an Xvfb permission issue:
"xf86OpenConsole: Cannot open virtual console 1 (Permission denied)".
* Use XPRA_INSTALL_PREFIX to make it find its icons.
Commit 03353ce6ff ("system-config-printer: 1.3.12 -> 1 5.7")
forgot to update the hash. So since that commit we actually continued to
use the old version (1.3.12) because of the NixOS tarball cache...
The new version prints some warnings on startup:
/nix/store/HASH-system-config-printer-1.5.7/share/system-config-printer/system-config-printer.py:32: \
PyGIWarning: Polkit was imported without specifying a version first. \
Use gi.require_version('Polkit', '1.0') before import to ensure that the right version gets loaded.
from gi.repository import Polkit
...and similar errors for GdkPixbuf, Gdk, Gtk and Notify. These warnings
are already fixed upstream and will be part of the next release.
Implementation details:
* The new version needs python3.
* Remove unneeded, and python3 incompatible, 'notify' dependency.
system-config-printer > 1.3.12 replaced it with GOBject introspection
bindings to libnotify (from gi.repository import Notify).
* Add gtk3, gdk_pixbuf, pango, atk, libnotify as needed (for gobject
introspection).
* A new --with-udevdir configure option is used to prevent the
installer from trying to install stuff to "/rules.d" (yes, the root).
* Get pycups from the passed pythonPackages set (fixes loading of
python cups module).
* Use pygobject3 instead of pygobject, as needed.
* Use dbus from the passed pythonPackages attrset instead of
pythonDBus, so we get a python3 compatible module that loads
successfully.
* Python requests2 modules is required.
Our coreutils now uses single-binary-build mode where, by default,
simple shebang scripts are used for all the binaries. That doesn't work
e.g. with the Linux unpacker which only handles standard binaries and
symlinks. Let's use the symlinked mode instead for boostrapping.
This does NOT change any stdenv hashes.
I only tested the case most important to me:
$ nix-build pkgs/top-level/release.nix -A stdenvBootstrapTools.x86_64-linux.test
stripHash uses a global variable to communicate it's computation
results, but it's not necessary. You can just pipe to stdout in a
subshell. A function mostly behaves like just another command.
baseHash() also introduces a suffix-stripping capability since it's
something the users of the function tend to use.
llfuse >= 0.42 has breaking changes, causing "attic mount" to fail:
TypeError: main() got an unexpected keyword argument 'single'
Side note: borgbackup, a fork of attic, has been updated to work with
newer llfuse.
Fixes:
- ZBUFF_compressEnd() called multiple times with too small dst buffer
- dictBuilder fails if first sample is too small
- corruption issue
- cli breaks during destination file overwrite confirmation
Changes:
- frame checksum enabled by default in command line mode
Removed the patches which were specific to 4.3, and redundant configure flags
The darwin specific utmp patch seems to have been accepted too, with
`u->ut_time = now` the default.
In line with the Nixpkgs manual.
A mechanical change, done with this command:
find pkgs -name "*.nix" | \
while read f; do \
sed -e 's/description\s*=\s*"\([a-z]\)/description = "\u\1/' -i "$f"; \
done
I manually skipped some:
* Descriptions starting with an abbreviation, a user name or package name
* Frequently generated expressions (haskell-packages.nix)