cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
223408 commits 1 branch 0 tags 3.7 GiB
Commit graph

12170 commits

Author SHA1 Message Date
Linus Heckemann
6673a4988e
gnupg: use libusb1 (#85374) 
* gnupg: use libusb1

This fixes scdaemon's direct ccid support.

* systemd: fix gnupg-minimal
 2020-04-21 08:35:40 +02:00
Frederik Rietdijk
803b3d296c Merge staging-next into staging 2020-04-21 08:29:51 +02:00
oxalica
7760cff5d7 util-linux: 2.33.2 -> 2.35.1 2020-04-21 08:12:29 +02:00
kraem
523fe98821 linux/hardened-patches/4.19.116: 4.19.116.NixOS-a -> 4.19.116.a 2020-04-20 10:05:36 -04:00
kraem
45343beffe linux/hardened-patches/5.4.33: 5.4.33.NixOS-a -> 5.4.33.a 2020-04-20 10:05:36 -04:00
kraem
48d908b731 linux/hardened-patches/5.5.18: init at 5.5.18.a 2020-04-20 10:05:36 -04:00
kraem
0fd9293703 linux/hardened-patches/5.6.5: init at 5.6.5.a 2020-04-20 10:05:36 -04:00
kraem
e7a65e6c41 linux/hardened-patches/5.5.17: remove 2020-04-20 10:05:36 -04:00
kraem
eb41f8122e linux/hardened-patches/5.6.4: remove 2020-04-20 10:05:36 -04:00
kraem
8879086cfc linux: 5.5.17 -> 5.5.18 2020-04-20 10:05:36 -04:00
kraem
4307923b86 linux: 5.6.4 -> 5.6.5 2020-04-20 10:05:36 -04:00
Yegor Timoshenko
6f1165a0cb
Merge pull request #84522 from emilazy/add-linux-hardened-patches 
linux_*_hardened: use linux-hardened patch set
 2020-04-19 20:01:35 +03:00
Peter Simons
00222dbb0e bbswitch: fix build with Linux kernel version >= 5.6.0 
Fixes https://github.com/NixOS/nixpkgs/issues/85564.
 2020-04-19 16:25:48 +02:00
Maximilian Bosch
19de59a9be
Merge pull request #85334 from flokli/systemd-mainline2 
systemd: 243.7 -> 245
 2020-04-19 16:02:52 +02:00
Vladimír Čunát
e233a9d4dd
Merge #84442: staging-next branch 2020-04-18 23:11:00 +02:00
John Ericson
1ea80c2cc3 Merge remote-tracking branch 'upstream/master' into staging 2020-04-18 15:40:49 -04:00
Jan Tojnar
09c4736405
Merge pull request #83755 from jtojnar/jcat-0.1 2020-04-18 20:38:24 +02:00
Mario Rodas
e5dd52b99d
Merge pull request #85422 from marsam/update-lxc 
lxc: 4.0.1 -> 4.0.2
 2020-04-18 13:24:22 -05:00
Jan Tojnar
06e5800a73
fwupd: 1.3.9 → 1.4.0 
https://github.com/fwupd/fwupd/releases/tag/1.4.0
 2020-04-18 19:51:08 +02:00
Pavol Rusnak
fadcfc3ea4
treewide: per RFC45, remove more unquoted URLs 2020-04-18 14:04:37 +02:00
Vladimír Čunát
d96487b9ca
Merge branch 'master' into staging-next 
Hydra nixpkgs: ?compare=1582510
 2020-04-18 07:42:26 +02:00
John Ericson
cc880cd91f Merge remote-tracking branch 'upstream/master' into staging 2020-04-17 18:50:55 -04:00
John Ericson
e99a409065
Merge pull request #85190 from Ericson2314/fwupdate 
fwupdate: Clean up -I flags
 2020-04-17 18:50:22 -04:00
John Ericson
33c2a76c5e Merge remote-tracking branch 'upstream/master' into staging 2020-04-17 18:40:51 -04:00
Emily
7fdfe5381d linux_*_hardened: don't set FORTIFY_SOURCE 
Upstreamed in anthraxx/linux-hardened@d12c0d5f0c.
 2020-04-17 16:13:39 +01:00
Emily
ed89b5b3f1 linux_*_hardened: don't set PANIC_ON_OOPS 
Upstreamed in anthraxx/linux-hardened@366e0216f1.
 2020-04-17 16:13:39 +01:00
Emily
0d5f1697b7 linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED} 
Upstreamed in anthraxx/linux-hardened@786126f177,
anthraxx/linux-hardened@44822ebeb7.
 2020-04-17 16:13:39 +01:00
Emily
4fb796e341 linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK 
Upstreamed in anthraxx/linux-hardened@c1fe7a68e3,
anthraxx/linux-hardened@2c553a2bb1.
 2020-04-17 16:13:39 +01:00
Emily
3eeb5240ac linux_*_hardened: don't set DEBUG_LIST 
Upstreamed in anthraxx/linux-hardened@6b20124185.
 2020-04-17 16:13:39 +01:00
Emily
0611462e33 linux_*_hardened: don't set {,IO_}STRICT_DEVMEM 
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66.

Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
 2020-04-17 16:13:39 +01:00
Emily
303bb60fb1 linux_*_hardened: don't set DEBUG_WX 
Upstreamed in anthraxx/linux-hardened@55ee7417f3.
 2020-04-17 16:13:39 +01:00
Emily
33b94e5a44 linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION 
Upstreamed in anthraxx/linux-hardened@3fcd15014c.
 2020-04-17 16:13:39 +01:00
Emily
db6b327508 linux_*_hardened: don't set LEGACY_VSYSCALL_NONE 
Upstreamed in anthraxx/linux-hardened@d300b0fdad.
 2020-04-17 16:13:39 +01:00
Emily
130f6812be linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY} 
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3.
 2020-04-17 16:13:39 +01:00
Emily
8c68055432 linux_*_hardened: don't set MODIFY_LDT_SYSCALL 
Upstreamed in anthraxx/linux-hardened@05644876fa.
 2020-04-17 16:13:39 +01:00
Emily
8efe83c22e linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR 
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd.
 2020-04-17 16:13:39 +01:00
Emily
3d4c8ae901 linux_*_hardened: don't set VMAP_STACK 
This has been on by default upstream for as long as it's been an option.
 2020-04-17 16:13:39 +01:00
Emily
7d5352df31 linux_*_hardened: don't set X86_X32 
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
 2020-04-17 16:13:39 +01:00
Emily
0d4f35efd4 linux_*_hardened: use linux-hardened patch set 
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.

The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
 2020-04-17 16:13:39 +01:00
Emily
3d01e802bd linux: explicitly enable SYSVIPC 
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
 2020-04-17 16:12:29 +01:00
Tim Steinbach
e341107367
linux: 5.4.32 -> 5.4.33 2020-04-17 08:34:01 -04:00
Tim Steinbach
d9258d33be
linux: 4.19.115 -> 4.19.116 2020-04-17 08:34:01 -04:00
Vladimír Čunát
acb4710214
alsaTools: 1.1.7 -> 1.2.2 
Fixes build regression (after alsa update, I assume).
Despite the version number change, the diff is trivial:
https://git.alsa-project.org/?p=alsa-tools.git;a=log;h=refs/tags/v1.2.2
 2020-04-17 13:49:20 +02:00
Florian Klink
b3f14109a8 systemd: explicitly disable portabled for now 
This hasn't worked with 243, let's disable it for now, until we have
tests and can ensure it works and keeps working.
 2020-04-17 00:31:03 +02:00
Florian Klink
ce7c1230ea systemd: explicitly disable homed for now 
We don't currently have tests to ensure it works and keeps working.

So instead of having it accidentially working, and possibly breaking it
in the future, disable it for now.
 2020-04-17 00:30:52 +02:00
Jörg Thalheim
c18ceab106 systemd: remove myself as maintainer 2020-04-17 00:30:52 +02:00
Florian Klink
b0b7f673dc systemd: 245 -> 245.3 2020-04-17 00:30:52 +02:00
Florian Klink
d2871a723a systemd: 244.3 -> 245 2020-04-17 00:30:51 +02:00
Florian Klink
9de0ac3770 systemd: 243.7 -> 244.3 
This required some changes in how we treat DEFAULT_PATH_NORMAL.
 2020-04-17 00:30:51 +02:00
Florian Klink
b4cbcba5b1 systemd: update paths kmod-static-nodes.service 
The previous patch just removed a `ConditionFileNotEmpty=…` line from
`kmod-static-nodes.service` referring to a location not existing on
NixOS. We know better, and can actually replace this Condition to point
to `run/booted-system/kernel-modules/lib/modules/%v/`, instead of just
patching it out.
 2020-04-17 00:28:58 +02:00
Florian Klink
a6710adab2 systemd: join 000{3,8}-Don-t-try-to-unmount-nix-or-nix-store.patch 2020-04-17 00:27:30 +02:00
Florian Klink
4f346cd849 systemd: drop 0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch 
This was simply undoing a hunk from
0008-Don-t-try-to-unmount-nix-or-nix-store.patch, so drop that one from
there and omit
0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch entirely.
 2020-04-17 00:27:29 +02:00
Florian Klink
a16ebf8561 systemd: drop 001{4,5}-{catalog,hwdb}-don-t-update-on-install.patch 
These patches removed logic in the meson install phase invoking
`journalctl --update-catalog` and `systemd-hwdb update`, which would
mutate the running system, and obviously fails in the sandbox.

Upstream also knows this is a bad thing if you're not on the machine you
want to deploy to, so there's logic in there to not execute it when
DESTDIR isn't empty. In our case, it is - as we set --prefix instead for
other reasons, but by just setting DESTIDIR to "/", we can still trigger
these things to be skipped.

The patches removed some context from
0018-Install-default-configuration-into-out-share-factory.patch, which
we need to introduce there to make that patch still apply.
 2020-04-17 00:27:29 +02:00
Florian Klink
1ad4accdaf systemd: drop 0027-Start-getty-on-lxc.patch 
Since quite some time, systemd starts getty on these consoles
automatically.
 2020-04-17 00:27:29 +02:00
Florian Klink
22bb3a6771 systemd: remove local-fs patch and revert of it 2020-04-17 00:27:29 +02:00
Florian Klink
ba770e599c systemd: switch from our own fork to upstream repo + local patches 
After patching, this produces exactly the same source code as in our
custom fork, but having the actual patches inlined inside nixpkgs makes
it easier to get rid of them.

In case more complicated rebasing is necessary, maintainers can

 - Clone the upstream systemd/systemd[-stable] repo
 - Checkout the current rev mentioned in src
 - Apply the patches from this folder via `git am 00*.patch`
 - Rebase the repo on top of a new version
 - Export the patch series via `git format-patch $newVersion`
 - Update the patches = [ … ] attribute (if necessary)
 2020-04-17 00:27:19 +02:00
Mario Rodas
fc7efb2d49
lxc: 4.0.1 -> 4.0.2 2020-04-16 04:20:00 -05:00
Jan Tojnar
4b706490da
Merge branch 'staging-next' into staging 2020-04-16 10:10:38 +02:00
Jan Tojnar
3d8e436917
Merge branch 'master' into staging-next 2020-04-16 10:09:43 +02:00
markuskowa
4289160b17
Merge pull request #85281 from r-ryantm/auto-update/rdma-core 
rdma-core: 28.0 -> 29.0
 2020-04-15 13:27:20 +02:00
R. RyanTM
d6d2b1ee6d rdma-core: 28.0 -> 29.0 2020-04-15 07:31:00 +00:00
Niklas Hambüchen
f16ae2da3e linux: Enable CONFIG_NET_DROP_MONITOR by default. 
Needed for subscribing to dropped packets (e.g. via `dropwatch`).
 2020-04-14 20:07:51 +02:00
Maximilian Bosch
401e07d419
Merge pull request #84551 from gnprice/pr-stripDebugList 
treewide: Fix types of stripDebugList attrs (and fix doc)
 2020-04-14 15:54:52 +02:00
John Ericson
17f2cf93dc fwupdate: Clean up -I flags 2020-04-13 19:21:23 -04:00
Matthew Bauer
e520d6af29
Merge pull request #84415 from matthewbauer/mb-cross-fixes-april2020 
Cross compilation fixes [april 2020]
 2020-04-13 16:48:38 -04:00
Jan Tojnar
b4a6714571
Merge branch 'staging-next' into staging 2020-04-13 18:54:59 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Matthew Bauer
156c67858f
Merge pull request #85017 from r-ryantm/auto-update/android-udev-rules 
android-udev-rules: 20191103 -> 20200410
 2020-04-13 11:11:25 -04:00
Tim Steinbach
f6e64feb14
linux: 5.6.3 -> 5.6.4 2020-04-13 08:36:35 -04:00
Tim Steinbach
bba4a30f8c
linux: 5.5.16 -> 5.5.17 2020-04-13 08:36:27 -04:00
Tim Steinbach
2b6e16abe0
linux: 5.4.31 -> 5.4.32 2020-04-13 08:36:19 -04:00
Tim Steinbach
f47969645b
linux: 4.9.218 -> 4.9.219 2020-04-13 08:36:11 -04:00
Tim Steinbach
e06d2a4682
linux: 4.19.114 -> 4.19.115 2020-04-13 08:36:04 -04:00
Tim Steinbach
f717bfeedb
linux: 4.14.175 -> 4.14.176 2020-04-13 08:35:56 -04:00
Tim Steinbach
3a8f6159cb
linux: 4.4.218 -> 4.4.219 2020-04-13 08:35:32 -04:00
Maximilian Bosch
89d2967c9e
linuxPackages.bpftrace: 0.9.3 -> 0.9.4 
https://github.com/iovisor/bpftrace/releases/tag/v0.9.4
 2020-04-13 12:03:37 +02:00
R. RyanTM
b1d4fdad19 pam_krb5: 4.8 -> 4.9 2020-04-12 17:43:53 -07:00
R. RyanTM
1c0b645d7b
earlyoom: 1.5 -> 1.6 2020-04-12 09:09:57 +00:00
Edmund Wu
f9ac494891
rtkit: 0.11 -> 0.13 2020-04-11 21:36:43 -04:00
Edmund Wu
363004c7eb
rtkit: cleanup 2020-04-11 17:09:44 -04:00
R. RyanTM
64f80e3397 android-udev-rules: 20191103 -> 20200410 2020-04-11 18:24:40 +00:00
Andreas Stührk
9ddfde8977 v4l2loopback: 0.12.3 -> 0.12.4 2020-04-10 14:22:11 -07:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Jan Tojnar
55a5c128d4
Merge branch 'staging-next' into staging 2020-04-10 12:13:27 +02:00
Jan Tojnar
1ab03c3a76
Merge branch 'master' into staging-next 2020-04-10 12:12:56 +02:00
Dmitry Kalinkin
98790dab3b
Merge pull request #84680 from lovesegfault/nvidia-x11-440.82 
linuxPackages.nvidia_x11: 440.64 -> 440.82
 2020-04-09 00:16:46 -04:00
Bernardo Meurer
73ff54e7b9
linuxPackages.nvidia_x11: 440.64 -> 440.82 2020-04-08 20:01:41 -07:00
Peter Hoeg
f14b43a54c
Merge pull request #84716 from peterhoeg/p/g15daemon 
g15daemon: init at 1.9.5.3
 2020-04-09 09:56:26 +08:00
Michael Weiss
b7bf29993b
Merge pull request #82298 from Ralith/netem 
iproute: include netem tools
 2020-04-08 19:05:59 +02:00
Michael Bishop
70308c5c56
device-tree_rpi: fix platforms 2020-04-08 12:54:58 -03:00
Jörg Thalheim
fe8875a363
Merge pull request #84597 from NixOS/acpi-call 
linuxPackages.acpi-call: switch to nix-community fork
 2020-04-08 15:34:01 +01:00
Jörg Thalheim
1ae03c9db1
linuxPackages.acpi-call: switch to nix-community fork 
This fixes also build against linux 5.6
We also took the opportunity to cleanup the build.
 2020-04-08 15:03:53 +01:00
Tim Steinbach
7bd91fe7af
linux: 5.6.2 -> 5.6.3 2020-04-08 08:51:08 -04:00
Tim Steinbach
1c637d2326
linux: 5.5.15 -> 5.5.16 2020-04-08 08:51:07 -04:00
Tim Steinbach
5653337922
linux: 5.4.30 -> 5.4.31 2020-04-08 08:51:07 -04:00
Peter Hoeg
0669cd72ae g15daemon: init at 1.9.5.3 2020-04-08 20:49:49 +08:00
Silvan Mosberger
b293421a69
Merge pull request #84129 from Infinisil/removing-python-from-grub 
Support removing python from zfs/grub closure
 2020-04-08 12:53:28 +02:00
Jörg Thalheim
b3a9a65955
Merge pull request #84595 from NixOS/zfs 
zfs: fix build against 5.6
 2020-04-08 10:14:11 +01:00
worldofpeace
d9a056953c
Merge pull request #81693 from lovesegfault/uvcdynctrl-udev 
uvcdynctrl: fix udev files
 2020-04-07 23:38:50 -04:00
worldofpeace
9fa5658672
Merge pull request #84161 from lovesegfault/ddcci-0.3.3 
ddcci: 0.3.2 -> 0.3.3
 2020-04-07 23:36:12 -04:00