nix-community/nixos-anywhere
1
1
Fork 0
mirror of https://github.com/nix-community/nixos-anywhere.git synced 2024-07-14 19:40:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #234 from nix-community/update_flake_lock

Browse Source 
flake.lock: Update
This commit is contained in:
Jörg Thalheim 2023-11-06 13:44:08 +01:00 committed by GitHub
commit 7973a36f24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 75 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
flake.lock
View File

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1694710969,
"narHash": "sha256-5nMY+3JF/ktW8D8URataP6MCbbnID13P4CixARNoq6w=",
"lastModified": 1698422527,
"narHash": "sha256-SDu3Xg263t3oXIyTaH0buOvFnKIDeZsvKDBtOz+jRbs=",
"owner": "nix-community",
"repo": "disko",
"rev": "91af5b4a53ee8e57f4178ef58036dce49fbda91a",
"rev": "944d338d24a9d043a3f7461c30ee6cfe4f9cca30",
"type": "github"
},
"original": {
@ -28,11 +28,11 @@
]
},
"locked": {
"lastModified": 1693611461,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"type": "github"
},
"original": {
@ -43,11 +43,11 @@
},
"nixos-2305": {
"locked": {
"lastModified": 1694724971,
"narHash": "sha256-NazxO2WuzV1pVnVoFpo7vJbgTTDhywhDxEDwFw6tyWY=",
"lastModified": 1698911509,
"narHash": "sha256-FFwqTbF+1laraWTL/t7LI+gN+DYfoj+iFYLof5wCea8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "16a63df66bfefec64daab3da10d414055d782d66",
"rev": "ecd985f22e007e6ac3152d68590c06cbbaea8c0e",
"type": "github"
},
"original": {
@ -67,11 +67,11 @@
]
},
"locked": {
"lastModified": 1694429687,
"narHash": "sha256-fopTSMmOjk7/ro8+P2wZxAC8OPUKtuwHLNp2xSPXVjc=",
"lastModified": 1697515196,
"narHash": "sha256-EZivLoJHCqJdi23Mn/p+lPNHBBctGSWzEnAhYfC0VD0=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "c4c73bce65306a1e747684dd0d4bcf0ab2779585",
"rev": "87bccdbdfbeb07e0c4fb4c2ec3d71986e8fa24d9",
"type": "github"
},
"original": {
@ -82,11 +82,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1694669921,
"narHash": "sha256-6ESpJ6FsftHV96JO/zn6je07tyV2dlLR7SdLsmkegTY=",
"lastModified": 1698800439,
"narHash": "sha256-SrAwRi266j7U9XqCl0qPwsvcFiQ55iPXEK36ZX6QPjE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f2ea252d23ebc9a5336bf6a61e0644921f64e67c",
"rev": "0ac7840a74c53b62f124e86fcde8cdd45f2bc131",
"type": "github"
},
"original": {
@ -113,11 +113,11 @@
]
},
"locked": {
"lastModified": 1694528738,
"narHash": "sha256-aWMEjib5oTqEzF9f3WXffC1cwICo6v/4dYKjwNktV8k=",
"lastModified": 1698438538,
"narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "7a49c388d7a6b63bb551b1ddedfa4efab8f400d8",
"rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1",
"type": "github"
},
"original": {

10
src/default.nix
View File

@ -16,6 +16,11 @@
, mkShellNoCC
}:
let
# TODO: add this to nixpkgs
rsync' = rsync.overrideAttrs (old: {
# https://github.com/WayneD/rsync/issues/511#issuecomment-1774612577
patches = [ ./rsync-fortified-strlcpy-fix.patch ];
});
runtimeDeps = [
gitMinimal # for git flakes
# pinned because nix-copy-closure hangs if ControlPath provided for SSH: https://github.com/NixOS/nix/issues/8480
@ -26,6 +31,7 @@ let
gawk
findutils
gnused # needed by ssh-copy-id
rsync' # used to upload extra-files
];
in
stdenv.mkDerivation {
@ -41,12 +47,12 @@ stdenv.mkDerivation {
#
# We also prefer system rsync to prevent crashes between rsync and ssh.
wrapProgram $out/bin/nixos-anywhere \
--prefix PATH : ${lib.makeBinPath runtimeDeps} --suffix PATH : ${lib.makeBinPath [ openssh rsync ]}
--prefix PATH : ${lib.makeBinPath runtimeDeps} --suffix PATH : ${lib.makeBinPath [ openssh ]}
'';
# Dependencies for our devshell
passthru.devShell = mkShellNoCC {
packages = runtimeDeps ++ [ openssh rsync terraform-docs ];
packages = runtimeDeps ++ [ openssh terraform-docs ];
};
meta = with lib; {

49
src/rsync-fortified-strlcpy-fix.patch Normal file
View File

@ -0,0 +1,49 @@
From 1f83963f59960150e8c46112daa8411324c1f209 Mon Sep 17 00:00:00 2001
From: Jiri Slaby <jslaby@suse.cz>
Date: Fri, 18 Aug 2023 08:26:20 +0200
Subject: [PATCH] exclude: fix crashes with fortified strlcpy()
Fortified (-D_FORTIFY_SOURCE=2 for gcc) builds make strlcpy() crash when
its third parameter (size) is larger than the buffer:
$ rsync -FFXHav '--filter=merge global-rsync-filter' Align-37-43/ xxx
sending incremental file list
*** buffer overflow detected ***: terminated
It's in the exclude code in setup_merge_file():
strlcpy(y, save, MAXPATHLEN);
Note the 'y' pointer was incremented, so it no longer points to memory
with MAXPATHLEN "owned" bytes.
Fix it by remembering the number of copied bytes into the 'save' buffer
and use that instead of MAXPATHLEN which is clearly incorrect.
Fixes #511.
---
exclude.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/exclude.c b/exclude.c
index ffe55b167..1a5de3b9e 100644
--- a/exclude.c
+++ b/exclude.c
@@ -720,7 +720,8 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
parent_dirscan = True;
while (*y) {
char save[MAXPATHLEN];
- strlcpy(save, y, MAXPATHLEN);
+ /* copylen is strlen(y) which is < MAXPATHLEN. +1 for \0 */
+ size_t copylen = strlcpy(save, y, MAXPATHLEN) + 1;
*y = '\0';
dirbuf_len = y - dirbuf;
strlcpy(x, ex->pattern, MAXPATHLEN - (x - buf));
@@ -734,7 +735,7 @@ static BOOL setup_merge_file(int mergelist_num, filter_rule *ex,
lp->head = NULL;
}
lp->tail = NULL;
- strlcpy(y, save, MAXPATHLEN);
+ strlcpy(y, save, copylen);
while ((*x++ = *y++) != '/') {}
}
parent_dirscan = False;