Since the bonds interface changed to a lot more possible values we create a
mapping of kernel bond attribute names and values to networkd attributes.
Those match for the most part, but have to transformed slightly.
There is also an assert that unknown options won’t slip through silently.
Until now the four attributes available very selectively provided a small
subset, while copying upstream documentation.
We make driver options an arbitrary key-value set and point to kernel
documentation, which is always up-to-date. This way every option can be set.
The four already existing options are deprecated with a warning.
This should solve CVE-2016-5131 and some other bugs, but not what Suse
calls CVE-2016-9597: https://bugzilla.suse.com/show_bug.cgi?id=1017497
The bugzilla discussion seems to indicate that the CVE is referenced
incorrectly and only shows reproducing when using command-line flags
that are considered "unsafe".
CVE-2016-9318 also remains unfixed, as I consider their reasoning OK:
https://lwn.net/Alerts/714411/
/cc #22826.
Using the upstream patch directly. It's copied in nixpkgs, because:
- fetchpatch isn't usable at this point in bootstrapping,
- the upstream patch creates collisions in NEWS.
This reverts commit 1daf2e26d2, reversing
changes made to c0c50dfcb7.
It seems this is what has been causing all the reliability problems
on Hydra. I'm currently unable to find why it happens, so I'm forced
to revert the update for now. Discussion: #22874.
Scrapy is usually installed via pip where copying all permissions
makes sense. In Nix the files copied are owned by root and
readonly. As a consequence scrapy can't edit the project templates so
scrapy startproject
fails.
The initialization code is now a systemd service that explicitly
waits for network-online, so the occasional failure I was seeing
because the `nixos-rebuild` couldn't get anything from the binary
cache should stop. I hope!
The extra dashes are removed from the version number because Nix treats only the
first component as the version, i.e. `2015-11-08` is version `2015` with two
tags `-11` and `-08`.
- Append emacs to the oz wrapper's command search path rather than the
rpath. Previously, emacs would end up in the closure but the oz
shell script would not be helped by it. Now a user without emacs in
their PATH can still get the complete Oz experience (which depends
crucially on emacs). To build a variant without emacs, do
mozart.override { emacs = null; }
- Patch full path to oz executable into the oz desktop item to make the
output less reliant on the runtime PATH
- Compress .elc files to save a little bit of space
- Make it easier to extend platform support
- Inline builder.sh
- Be more specific about patching. oz and ozc are capable of inferring
OZHOME themselves; thus we generate wrappers only for the binary
executable components.
Note that gmp and boost would be removed by patchelf --shrink-path; I've
no idea whether they are used somehow, so we leave them in and forego
rpath shrinking for now.
Use XSLT transform to modify stock dbus configuration file. This is needed
because some dbus components doesn't support <include> so we need to put our
core configuration in the main file.
