Commit Graph

78670 Commits

Author SHA1 Message Date
Carles Pagès
995ddb04a3 makeImageFromDebDist: accept additional parameters for vm, as in rpm version.
(cherry picked from commit e7ab828da1)
2016-05-11 16:24:41 +02:00
Shea Levy
1906eb9cd5 Add kerberos mappings for MIT exchange server
(cherry picked from commit 67d430096f)
2016-05-11 09:09:34 -04:00
Rob Vermaas
2c5ad36cff Add scikitlearn to binary cache. 2016-05-11 10:35:51 +00:00
Shea Levy
b10f61bc1b Backport offlineimap-6.7 2016-05-10 18:10:39 -04:00
Shea Levy
e2cd6d6931 Fix license attr
(cherry picked from commit 6f12b7aec4)
2016-05-10 17:43:16 -04:00
Shea Levy
042b69374d Add kerberos pythonPackage
(cherry picked from commit f298ebb957)
2016-05-10 17:32:32 -04:00
Rob Vermaas
713c240563 Adding pythonPackags.pandas to binary cache. Python packages are
not part of nixpkgs/nixos jobsets in 16.03+ since ccd1029f58. Until
it gets added again, adding some python packages that take really
long to build.
2016-05-10 15:15:12 +00:00
Tuomas Tynkkynen
4cdf5b4279 otter: Mark broken
Build hangs an hits the hydra time limit:
http://hydra.nixos.org/build/34897110

(cherry picked from commit ca0e724266)
2016-05-10 15:50:23 +02:00
Eelco Dolstra
091ca4e97c firefox: Revert to SHA-256 hashes
Using SHA-512 causes problems for users upgrading from NixOS 15.09.

Fixes #15349.
2016-05-10 15:31:52 +02:00
Tobias Geerinckx-Rice
659212aea7 thunderbird: 38.7.1 -> 45.0
Changes: https://www.mozilla.org/en-US/thunderbird/45.0/releasenotes/
(cherry picked from commit 2dc8975bc4)
2016-05-10 11:10:53 +02:00
Bjørn Forsman
1c1efaad6e moreutils: add meta.platforms (= all)
(cherry picked from commit 977cd5de36)
2016-05-09 20:35:40 +02:00
Eelco Dolstra
53d34e016f thunderbird: 38.7.0 -> 38.7.1
(cherry picked from commit ca983ec20c)
2016-05-09 19:43:20 +02:00
Eelco Dolstra
d2fcb5afb7 Add mirror://mozilla scheme
(cherry picked from commit cb37ab146b)
2016-05-09 19:42:30 +02:00
Eelco Dolstra
2eb3eafedf Fix some URLs that lacked a URI scheme
(cherry picked from commit 7ce5d43c63)
2016-05-09 19:40:51 +02:00
Eelco Dolstra
efd03d53ca copy-tarballs.pl: Add --exclude flag
(cherry picked from commit 4f4ba0d3f4)
2016-05-09 19:40:47 +02:00
Eelco Dolstra
a5d71c175c firefox-esr: 45.0.2 -> 45.1.1
(cherry picked from commit de22402f85)
2016-05-09 19:40:42 +02:00
Eelco Dolstra
a8f1c55157 firefox: 46.0 -> 46.0.1
(cherry picked from commit 02d01dc7c5)
2016-05-09 19:40:38 +02:00
Eelco Dolstra
592dd23efc aws-sdk-cpp: 0.9.6 -> 0.10.6
(cherry picked from commit 11e252e5a0)
2016-05-09 19:40:17 +02:00
Eelco Dolstra
96e204b064 firefox: Don't use out-dated system sqlite 2016-05-09 19:39:46 +02:00
Eelco Dolstra
4d496ea6b0 firefox: 45.0.2 -> 46.0
Still using GTK+ 2 for now, since apparently building with GTK+ 3
still requires GTK+ 2, increasing the closure size. (#15008)

(cherry picked from commit 930d243ea4)
2016-05-09 19:39:21 +02:00
Eelco Dolstra
7efca53da4 Update EC2 AMIs to 16.03.659.011ea84
This includes the binutils mass rebuild.

(cherry picked from commit ecfc523d32)
2016-05-09 19:39:12 +02:00
Tobias Geerinckx-Rice
44eeb747ac borgbackup: 1.0.1 -> 1.0.2
Changes: https://github.com/borgbackup/borg/blob/1.0.2/docs/changes.rst
(cherry picked from commit 6e261865a4)
2016-05-09 14:55:40 +02:00
Tobias Geerinckx-Rice
984dc3ef6c borgbackup: 1.0.0 -> 1.0.1
Changes: https://github.com/borgbackup/borg/blob/1.0.1/docs/changes.rst
(cherry picked from commit f019db633f)
2016-05-09 14:55:34 +02:00
Tobias Geerinckx-Rice
7c406f347f borgbackup: 0.30.0 -> 1.0.0
Major upgrade, be sure to read the release notes:
https://github.com/borgbackup/borg/blob/1.0.0/docs/changes.rst

(cherry picked from commit b747253700)
2016-05-09 14:55:25 +02:00
Lluís Batlle i Rossell
1cfa84a52d Making vm's interactive shell handle the terminal well.
(cherry picked from commit e21dd19168)
2016-05-09 14:30:07 +02:00
Lluís Batlle i Rossell
6e4a8bea9e Making vm's qemu cache=unsafe. Faster.
I don't think it's unsafe, if it's meant for nix expressions.

(cherry picked from commit ab93f8c137)
2016-05-09 14:30:02 +02:00
Lluís Batlle i Rossell
8fd1ed7621 vm: allow overriding QEMU_OPTS / memSize for images.
It's nice to be able to create disk images with -smp 4
in qemu.

(cherry picked from commit 635c99ce87)
2016-05-09 14:29:56 +02:00
Lluís Batlle i Rossell
b1ffcd19d1 Adding libuuid (libblkid) to lvm2.
It wants it to detect if there are filesystems present in block devices, in
case of pvcreate. Otherwise it complaints "lvm built without blkid support" and
lacks the feature of detecting/wiping.

(cherry picked from commit 2f35e223b1)

I fixed an easy conflict.
2016-05-09 14:29:34 +02:00
Lluís Batlle i Rossell
165781b529 Fixing nfsd service, wait on local-fs.
Otherwise, mountd was started exporting directories before local-fs was ready,
and it failed to start nfsd on missing fs.

(cherry picked from commit 9f6afb7d78)
2016-05-09 14:26:49 +02:00
Lluís Batlle i Rossell
74139a6b58 Fixing stunt-rally 2.6 (adding newer bullet)
(cherry picked from commit f0c503593f)

There were some weird conflicts.
2016-05-08 16:25:49 +02:00
Lluís Batlle i Rossell
aa296f3913 Adding vmlinux to linux kernel 'dev' derivation.
It takes some extra 13MB (and in dev, not out), but allows perf to show kernel
symbols when profiling. I think it is worth it.

In my NixOS, I refer to it in the system derivation, for easy telling to perf
through /run/booted-system/vmlinux:

  system.extraSystemBuilderCmds = ''
    ln -s ${config.boot.kernelPackages.kernel.dev}/vmlinux $out/vmlinux
  '';

(cherry picked from commit 53a4582552)
2016-05-07 23:32:55 +02:00
Nikolay Amiantov
1527011d5f dropbox: meta.licenses -> meta.license
(cherry picked from commit 62c41cc539)
2016-05-07 15:17:43 +03:00
Nikolay Amiantov
f4d610867a dropbox: mark as unfree
(cherry picked from commit 41ced9f100)
2016-05-07 15:17:42 +03:00
Thomas Tuegel
fcd2a001ef quassel: 0.12.3 -> 0.12.4
Security update for CVE-2016-4414 (denial of service).

(cherry picked from commit f2ec142847)
2016-05-07 07:00:39 -05:00
zimbatm
bbd47710de quassel: fix sources
Fixes changes after #14080 where the updated hash was missing.

Put the source in a common file so there is only one place to update.

(cherry picked from commit 23b9d037de)

Backported from master to facilitate future updates.
2016-05-07 07:00:39 -05:00
Nikolay Amiantov
54b7bdac59 Merge pull request #15284 from sheenobu/bspwm/socket_patch/1603
bspwm: backport of socket unlink fix to 0.9
2016-05-07 15:50:50 +04:00
Sheena Artrip
15a51fcfdb
bspwm: backport of socket unlink fix to 0.9 2016-05-07 04:31:06 -04:00
aszlig
65f4e9d4c5
Merge branch 'stage1-dont-kill-kthreads'
Merges pull request #15275:

    This addresses #15226 and fixes killing of processes before
    switching from the initrd to the real root.

    Right now, the pkill that is issued not only kills user space
    processes but also sends a SIGKILL to kernel threads as well.
    Usually these threads ignore signals, but some of these processes do
    handle signals, like for example the md module, which happened in
    #15226.

    It also adds a small check for the swraid installer test and a
    standalone test which checks on just that problem, so in the future
    this shouldn't happen again.

This has been acked by @edolstra on IRC.

The reason I'm merging this to 16.03 is that this branch fixes #15226
and thus also fixes mdraid setups out there.

Tested using the boot-stage1.nix NixOS test against release-16.03.
2016-05-06 22:11:10 +02:00
aszlig
6228949157
nixos/tests/boot-stage1: Add myself to maintainers
As @edolstra pointed out that the kernel module might be painful to
maintain. I strongly disagree because it's only a small module and it's
good to have such a canary in the tests no matter how the bootup process
looks like, so I'm going the masochistic route and try to maintain it.

If it *really* becomes too much maintenance burden, we can still drop or
disable kcanary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 22:06:34 +02:00
aszlig
43da2f3209
nixos/release-combined: Add boot-stage1 test
We don't want to push out a channel update whenever this test fails,
because that might have unexpected and confused side effects and it
*really* means that stage 1 of our boot up is broken.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 22:06:34 +02:00
aszlig
45b7d41fa7
nixos/tests: Add a test for boot stage 1
We already have a small regression test for #15226 within the swraid
installer test. Unfortunately, we only check there whether the md
kthread got signalled but not whether other rampaging processes are
still alive that *should* have been killed.

So in order to do this we provide multiple canary processes which are
checked after the system has booted up:

 * canary1: It's a simple forking daemon which just sleeps until it's
            going to be killed. Of course we expect this process to not
            be alive anymore after boot up.
 * canary2: Similar to canary1, but tries to mimick a kthread to make
            sure that it's going to be properly killed at the end of
            stage 1.
 * canary3: Like canary2, but this time using a @ in front of its
            command name to actually prevent it from being killed.
 * kcanary: This one is a real kthread and it runs until killed, which
            shouldn't be the case.

Tested with and without 67223ee and everything works as expected, at
least on my machine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 22:06:34 +02:00
aszlig
74b41a7385
nixos/tests/installer/swraid: Check for safemode
This is a regression test for #15226, so that the test will fail once we
accidentally kill one or more of the md kthreads (aka: if safe mode is
enabled).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 22:06:34 +02:00
aszlig
cc98c4e105
nixos/stage-1: Don't kill kernel threads
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.

Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():

  drivers/isdn/mISDN/l1oip_core.c
  drivers/md/md.c
  drivers/misc/mic/cosm/cosm_scif_server.c
  drivers/misc/mic/cosm_client/cosm_scif_client.c
  drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
  drivers/staging/rtl8188eu/core/rtw_cmd.c
  drivers/staging/rtl8712/rtl8712_cmd.c
  drivers/target/iscsi/iscsi_target.c
  drivers/target/iscsi/iscsi_target_login.c
  drivers/target/iscsi/iscsi_target_nego.c
  drivers/usb/atm/usbatm.c
  drivers/usb/gadget/function/f_mass_storage.c
  fs/jffs2/background.c
  fs/lockd/clntlock.c
  fs/lockd/svc.c
  fs/nfs/nfs4state.c
  fs/nfsd/nfssvc.c

While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).

During discussion at #15226, @dezgeg suggested the following
implementation:

for pid in $(pgrep -v -f '@'); do
    if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
        kill -9 "$pid"
    fi
done

This has a few downsides:

 * User space processes which use an empty string in their command line
   won't be killed.
 * It results in errors during bootup because some shell-related
   processes are already terminated (maybe it's pgrep itself, haven't
   checked).
 * The @ is searched within the full command line, not just at the
   beginning of the string. Of course, we already had this until now, so
   it's not a problem of his implementation.

I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:

for pid in $(pgrep -v -f '^@'); do
    readlink "/proc/$pid/exe" &> /dev/null || continue
    echo "$pid"
done | xargs kill -9

This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.

So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.

Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:

http://stackoverflow.com/a/12231039

We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.

The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
2016-05-06 22:06:34 +02:00
Joachim Fasting
24e394d447
bittorrentSync20: 2.3.6 -> 2.3.7
(cherry picked from commit e4bd66c8f0)

For a list of changes post 2.x (mostly fixes & minor improvements), see
http://help.getsync.com/hc/en-us/articles/206216855-Sync-2-x-change-log
2016-05-06 08:33:53 +02:00
Joachim Fasting
f10759fb19
bittorrentSync14: 1.4.110 -> 1.4.111
(cherry picked from commit 6d2625a940)
2016-05-06 08:33:30 +02:00
Joachim Fasting
011de8e341
bittorrentSync20: 2.3.3 -> 2.3.6 (#15147)
Note that this changes the domain from getsyncapp.com (no longer valid)
to getsync.com.
(cherry picked from commit a7886c9189)
2016-05-06 08:33:25 +02:00
obadz
b82cef091a linux kernel 4.4: fix race during build
Patch drivers/crypto/qat/qat_common/Makefile so that qat_asym_algs.o
explicitly depends on headers qat_rsaprivkey-asn1.h and qat_rsapubkey-asn1.h

(cherry picked from commit 4788ec1372)
This should fix evaluation of 4.5 kernel. I forgot to pick this one.
2016-05-05 13:41:56 +02:00
Vladimír Čunát
1c161afba8 linux kernel 4.5: fix race during build
This is just 4788ec1372 but for 4.5 instead of 4.4.
Example failure: http://hydra.nixos.org/build/35194276

(cherry picked from commit 323825f967)
2016-05-05 12:18:08 +02:00
José Romildo Malaquias
69420c5242
imlib2: 1.4.8 -> 1.4.9
(cherry picked from commit 3e401a8d01)

Contains fixes for CVE-2011-5326, CVE-2016-3993, CVE-2016-3994, CVE-2016-4024
2016-05-04 06:48:45 +02:00
Franz Pletz
853fe4ceeb libressl: 2.2.6 -> 2.2.7, 2.3.3 -> 2.3.4
Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.7-relnotes.txt
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.4-relnotes.txt
(cherry picked from commit 6d55b2e9c0)
2016-05-04 01:28:01 +02:00