Otherwise knot tries to write to non-writable directories.
This for example breaks dnssec signing.
While it's possible to overwrite these path in the configuration,
having a sane defaults is nicer.
In 87a19e9048 I merged staging-next into master using the GitHub gui as intended.
In ac241fb7a5 I merged master into staging-next for the next staging cycle, however, I accidentally pushed it to master.
Thinking this may cause trouble, I reverted it in 0be87c7979. This was however wrong, as it "removed" master.
This reverts commit 0be87c7979.
I merged master into staging-next but accidentally pushed it to master.
This should get us back to 87a19e9048.
This reverts commit ac241fb7a5, reversing
changes made to 76a439239e.
Minor incompatibilities due to moving to upstream defaults:
- capabilities are used instead of systemd.socket units
- the control socket moved:
/run/kresd/control -> /run/knot-resolver/control/1
- cacheDir moved and isn't configurable anymore
- different user+group names, without static IDs
Thanks Mic92 for multiple ideas.
There ver very many conflicts, basically all due to
name -> pname+version. Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job. There might be some fallback to these
conflicts, but I believe it should be minimal.
Hydra nixpkgs: ?compare=1538299
https://lists.nic.cz/pipermail/knot-resolver-users/2019/000189.html
Fixes DNS spoofing problems: CVE-2019-10190 CVE-2019-10191
but also minor things, adds new features, etc.
In particular aarch64 should work now, at least as long as not using
some lua library that suffers from the same problem with lightuserdata,
e.g. cqueues does suffer from this.
luaPackages replaced by generated ones:
- bit32
- compat53
- cqueues
- luacyrussasl -> cyrussasl (luarocks name)
- luaexpat
- luadbi -> luadbi front-end module + separate backend modules
luadbi-{mysql,postgresql,sqlite3}
- luafilesystem
- luaossl
- luasec
- luasocket
- luastdlib -> stdlib (luarocks name)
- lrexlib -> lrexlib-pcre (we already have lrexlib-gnu and
lrexlib-posix, lrexlib-pcre however appears to be the variant used in
mudlet, which is the only current dep in nixpkgs)
- luasqlite -> luasql-sqlite3 (luarocks name)
- lfs -> luafilesytem (we literally had two manually written
luafilesystem expressions, under different names)
Changes and additions to overrides to generated luarocks packgaes,
including:
- busted: Install bash completions along with the zsh ones
- cqueues:
- Perform minor surgery on the rockspec to allow using a single
rockspec to build for all supported Lua versions
- Add a patch by @vcunat to work around a build issue
- luuid: Wrote a tiny patch to allow for Lua 5.1/Luajit compatibility
- General changes:
- Sorted the packages
- Attempted to make the formatting consistent
- Preferenced `.override` instead of `.overrideAttrs` wherever
possible
Minor changes to other packages to adjust for the Lua package changes:
- luakit expression simplified
- prosody expression simplified; but users will now need to specify the
luadbi backend module they intend to use in withExtraLibs
- knot-resolver inputs correctd
- mudlet inputs corrected (although this package was and should still be
broken)
The patch didn't apply since 9.12 -> 9.14 (26026c3e1a).
I'll hope it's not needed anymore (and let Borg verify that).
It was reportedly just a configure-time error: e4602677.
One bugfix patch is included - merged upstream but not released yet.
knot-resolver wrapper would need to add binaryheap explicitly,
so it's migrated to the automatic LUA path discovery instead.
add libressl, drop patch
neither openssl 1.0 (headers not found) nor openssl 1.1 (configuration
failed when trying to test constants) work, but libressl does
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.
* libffi: simplify using `checkInputs`
* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix
* utillinux: 2.32 -> 2.32.1
https://lkml.org/lkml/2018/7/16/532
* busybox: 1.29.0 -> 1.29.1
* bind: 9.12.1-P2 -> 9.12.2
https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html
* curl: 7.60.0 -> 7.61.0
* gvfs: make tests run, but disable
* ilmbase: disable tests on i686. Spooky!
* mdds: fix tests
* git: disable checks as tests are run in installcheck
* ruby: disable tests
* libcommuni: disable checks as tests are run in installcheck
* librdf: make tests run, but disable
* neon, neon_0_29: make tests run, but disable
* pciutils: 3.6.0 -> 3.6.1
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.
* mesa: more include fixes
mostly from void-linux (thanks!)
* npth: 1.5 -> 1.6
minor bump
* boost167: Add lockfree next_prior patch
* stdenv: cleanup darwin bootstrapping
Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.
* Revert "pciutils: use standardized equivalent for canonicalize_file_name"
This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.
* binutils-wrapper: Try to avoid adding unnecessary -L flags
(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>
* libffi: don't check on darwin
libffi usages in stdenv broken darwin. We need to disable doCheck for that case.
* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook
* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes#40273
When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.
* parity-ui: fix after merge
* python.pkgs.pytest-flake8: disable test, fix build
* Revert "meson: 0.46.1 -> 0.47.0"
With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.
When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.
Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.
I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)
This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.
--
Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).
Fixes#43650.
This reverts commit 305ac4dade.
(cherry picked from commit 273d68eff8f7b6cd4ebed3718e5078a0f43cb55d)
Signed-off-by: Domen Kožar <domen@dev.si>
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/nsd/versions.
These checks were done:
- built on NixOS
- /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd passed the binary check.
- Warning: no invocation of /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd-checkconf had a zero exit code or showed the expected version
- /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd-checkzone passed the binary check.
- Warning: no invocation of /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd-control had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22/bin/nsd-control-setup had a zero exit code or showed the expected version
- 2 of 5 passed binary check by having a zero exit code.
- 0 of 5 passed binary check by having the new version present in output.
- found 4.1.22 with grep in /nix/store/cv3f36znw2zrckq1082wjf6j7vr5yzyg-nsd-4.1.22
- directory tree listing: https://gist.github.com/ec1aa618f9ae7b813590da95020758aa
- du listing: https://gist.github.com/8277d4bf5e8944c2b6396fb624e08250