* google-cloud-sdk: 150.0.0 -> 151.0.0
- gce/create-gce.sh: rewrite using nix-shell shebang and bash
- allows to run the script without being the same directory
- nix-shell install google-cloud-sdk
- some shellcheck cleanups and scripting best practice
- gce/create-gce.sh: do not clobber NIX_PATH: this allows NIX_PATH to be overwritten to build a different release
- gce/create-gce.sh: remove legacy hydra option
sadly, xib2nib hasn't been working like i though. I've just
precompiled into our modified pinentry_mac. Eventually we can get this
fixed but it's not as easy as first thought.
This reverts commit c0cef0425e.
The output of the command-line tool has changed somewhat and at least
nixos-generate-config.pl needs modifications to match. I'm leaving that
to someone who knows a bit more about btrfs.
Issue #24810.
Release notes are available at https://www.openssh.com/txt/release-7.5.
Mostly a bugfix release, no major backwards-incompatible changes.
Remove deprecated `UsePrivilegeSeparation` option,
which is now mandatory.
Add the patch that was removed that allows pass's clip() function to
work with single binary coreutils. This version of the patch is also
applied to darwin.sh, so this should fix the clipboard functionality in
darwin as well.
There are a few dozen new failures on Darwin, probably related to
updates of stdenv's llvm and/or pkgconfig.
Still the total number of successes increases.
[1.1] - 2017-01-11
Added
- Autodetect the number of CPUs available <esmil@mailme.dk>
- Option for source string added to torrent info (`-s`), included in infohash.
Often used by private trackers to create a unique infohash to prevent
peer-leak and the possibility to track the trackers that do use leaked
torrents. Having this option in mktorrent make it possible to create a
infohash accurate torrent to the tracker you want to upload it to
Changed
- Make`-a` (announce list) optional
- Optional announce URL even for private torrents. No need to require announce
for private torrents, they are added by most private trackers anyway and they
modify the infohash so you'd have to redownload their modified torrent with
injected unique announce URL anyway. (@mathieui, fix from @jrwren)
Fixed
- DHT makes trackers optional, so remove the warning
Fixes issue #21136.
The problem is that the seccomp system call filter configured by ntpd did not
include some system calls that were apparently needed. For example the
program hanged in getpid just after the filter was installed:
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=41, filter=0x5620d7f0bd90}) = 0
getpid() = ?
I do not know exactly why this is a problem on NixOS only, perhaps we have getpid
caching disabled.
The fcntl and setsockopt system calls also had to be added.
The old forms presumably predates, or were made in ignorance of,
`let inherit`. This way is better style as the scoping as more lexical,
something which Nix can (or might already!) take advantage of.
The manual pages for the following 4 tools where still missing:
- gpgsigs
- keyanalyze
- pgpring
- process_keys
The gpgdir script needs the gpg binary.
The 19 tools are licensed under various licenses.
`preConfigure` line became too long to edit comfortably. Split up
flags into ones necessary during both build and install phase and
install phase only. Makefile defines a target for OS X/Darwin which
automatically sets the `KQUEUE` flag.
The configure scripts have been changed so that `--build` is now the
way to specify (non-cross compiling) build target, which is necessary
on darwin for binary compatibility across darwin versions.
execline: 2.1.4.5 -> 2.2.0.0
s6-dns: 2.0.0.7 -> 2.1.0.0
s6-linux-utils: 2.0.2.3 -> 2.2.0.0
s6-networking: 2.1.0.4 -> 2.2.1.0
s6-portable-utils: 2.1.0.0 -> 2.1.0.0 (no version change)
s6-rc: 0.0.2.1 -> 0.1.0.0
s6: 2.2.4.3 -> 2.4.0.0
skalibs: 2.3.9.0 -> 2.4.0.1
Also use new --enable-absolute-paths configure arg to correctly set
paths to runtime executables to point within the nix store rather than
relying on PATH resolution.
Additional tools:
- gpg-key2latex
- gpgdir
- gpgwrap
This module is really hacky and the dependencies are very messy... :o
However I tried my best at testing all 19 individual tools and they
should (hopefully) all work now (apart from sendmail which can be
provided by multiple packages) :)
The code is very redundant (sorry) but imho it's easier to read and
maintain it that way.
TODO: There are some additional manual pages that could be included (I'm
too exhausted for that atm...). And there might be a lot of stuff that
could be improved in the future.
This patch restructures the expression and wrapper to minimize Nix store
references captured by the user's state directory.
The previous version would write lots of references to the Nix store into
the user's state directory, resulting in synchronization issues between
the Store and the local state directory. At best, this would cause TBB to
stop working when the version used to instantiate the local state was
garbage collected; at worst, a user would continue to use the old version
even after an upgrade.
To solve the issue, hard-code as much as possible at the Store side and
minimize the amount of stuff being copied into the local state dir.
Currently, only a few files generated at firefox startup and fontconfig
cache files end up capturing store paths; these files are simply removed
upon every startup. Otherwise, no capture should occur and the user
should always be using the TBB associated with the tor-browser wrapper
script.
To check for stale Store paths, do
`grep -Ero '/nix/store/[^/]+' ~/.local/share/tor-browser`
This command should *never* return any other store path than the one
associated with the current tor-browser wrapper script, even after an
update (assuming you've run tor-browser at least once after updating).
Deviations from this general rule are considered bugs from now on.
Note that no attempt has been made to support pluggable transports; they
are still broken with this patch (to be fixed in a follow-up patch).
User visible changes:
- Wrapper retains only environment variables required for TBB to work
- pulseaudioSupport can be toggled independently of mediaSupport (the
latter weakly implies the former).
- Store local state under $TBB_HOME. Defaults to $XDG_DATA_HOME/tor-browser
- Stop obnoxious first-run stuff (NoScript redirect, in particular)
- Set desktop item GenericName to Web Browser
Some minor enhancements:
- Disable Hydra builds
- Specify system -> source mapping to make it easier to
extend supported platforms.
This patch updates the `heatseeker` package from version 1.4.0 to
version 1.5.1.
I have tested this change per nixpkgs manual section 11.1 ("Making
patches").
Having curl fall back to openssl's CA means that we need not patch curl
to respect NIX_SSL_CERT_FILE. It will work in all the cases.
This reverts commit fb4c43dd8a "curl: Use CA bundle in nix default profile by default"
If we want to reintroduce that feature, this needs to go inside openssl
Improve patching of curl to use NIX_SSL_CERT_FILE as default CA
Remove patches from git, as git uses curl and passes its environment
variables to curl.
This reverts commit 872770286d.
This will fix fwknop as well (should have done it like this in the first
place, where was my mind...).
Conclusion: Did something stupid... :o - I am *so incredibly sorry*,
will be way more careful (was already careful, but apparently not
enought...) next time and use nox.
Sorry @everyone and thanks @calvertvl for noticing this.
