Commit graph

76503 commits

Author SHA1 Message Date
Charles Strahan
4c57b932ab cipherscan: init at rev 18b0d1b (Dec 17, 2015)
CipherScan is a simple way to find out which SSL ciphersuites are
supported by a target.

It can take advantage of the extra features in Peter Mosmans' openssl
fork (which is also included in this commit).
2016-02-03 12:01:24 -05:00
aszlig
9807acb3ee
Merge pull request #12804
Currently the check against FHS paths in the rule files is only checking
against the original paths from in services.udev.packages.

However we do fix up some of these paths in the udev rules generator and
the warning is against the unfixed rule files and therefore prints a lot
of false positives.

This pull request not only improves this warning but also makes the
rules generator fail if there are FHS still left in one of the rules
file.

Addresses #12722 as well so we can assure that this won't happen again
in the future.
2016-02-03 17:13:50 +01:00
aszlig
c10a17a3eb
nixos/udev: Always fail if rules contain FHS paths
Partially reverts the following commits:

  9f2a61c59c
  9c13fe6604

As @edolstra pointed out, it would make more sense to do this by default
instead of having that allowImpurePaths option. This of course might
break systems which add extra packages to udev, but on the upside it's
hard to miss one of these paths now because it won't get buried in the
ocean of build output lines.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 16:40:41 +01:00
Arseniy Seroka
77d94825d4 Merge pull request #12781 from tvon/plex
plex: 0.9.14.6.1620-e0b7243 -> 0.9.15.2.1663-7efd046
2016-02-03 18:31:34 +03:00
Tom von Schwerdtner
3701e7b74e plex: 0.9.14.6.1620-e0b7243 -> 0.9.15.2.1663-7efd046 2016-02-03 10:27:32 -05:00
Arseniy Seroka
f8dea71b24 Merge pull request #12802 from lukasepple/master
ocaml-x509: 0.4.0 -> 0.5.0
2016-02-03 18:25:04 +03:00
aszlig
9c13fe6604
nixos/tests/installer: Fail on impure udev rules
With 9f2a61c in place, let's actually use this in the installer tests to
make sure we won't shovel FHS paths down the throad of unstable channel
users.

I've tested this by running all of the installer tests for x86_64-linux
and they all succeeded.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 15:53:44 +01:00
aszlig
9f2a61c59c
nixos/udev: Add an option to fail on FHS paths
So far we were merely printing a warning if there are still references
to (/usr)/s?bin, but we actually want to make sure that we fix those
paths, especially on updates of packages that come with udev rules.

This adds a new option allowImpurePaths, which when set to false will
cause the "udev-rules" derivation to fail.

I've set this to true by default, to not break existing systems too much
and the intention is to set it to false for a few NixOS VM tests.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 15:48:52 +01:00
aszlig
80983bbe54
nixos/udev: Provide a better warning for FHS paths
We were trying to find FHS references in all of the rules found in
services.udev.packages. Unfortunately we're still fixing up paths in the
same derivation where we are checking those references, so for example
references to /sbin/modprobe were still printed to be needed to fixup
even though they were already fixed at the time.

So now we're printing a more helpful warning message which is also
conditional (before the warning message was printed regardless of
whether there are any rules that need fixup) and is based off the rules
that were already fixed up.

The new warning message not only contains the build-local rule files but
also the original files from other store paths and the FHS path
references that were still found.

With 8ecd3a5e1d reverted, we now get this:

/nix/store/...-udev-rules/63-md-raid-arrays.rules (originally from
 /nix/store/...-mdadm-3.3.4/lib/udev/rules.d/63-md-raid-arrays.rules)
 contains references to /usr/bin/readlink and /usr/bin/basename.

Which is now more accurate to what is not yet fixed and where it's
coming from.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 15:48:52 +01:00
aszlig
ee68bdc42e
nixos/udev: Fix up readlink and basename as well
In 8ecd3a5, we fixed up the FHS paths for stage 1, but unfortunately we
have a similar udev rules generator twice one for the initrd and one
without. So we might need to refactor this in the future.

For now, let's just fix the references to readlink and basename in the
udev module as well until we have properly addressed this.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #12722
2016-02-03 15:45:37 +01:00
lukasepple
43a726cd20 ocaml-x509: 0.4.0 -> 0.5.0 2016-02-03 15:45:21 +01:00
Eelco Dolstra
42709fb4e9 switch-to-configuration: Handle failure to read /proc/1/exe
It's not entirely clear why this happens, but sometimes /proc/1/exe
returns a bogus value, like
/ar3a3j6b9livhy5fcfv69izslhgk4gcz-systemd-217/lib/systemd/systemd. In
any case, we can just conservatively assume that we need to restart
systemd when this happens.

Fixes #10261.
2016-02-03 15:01:18 +01:00
Nikolay Amiantov
1dce7c0b82 initrd-ssh module: don't check if network is up
We already do this in initrd-network.
2016-02-03 16:37:10 +03:00
Nikolay Amiantov
b4528a696a initrd-network: call postCommands only if network is up 2016-02-03 16:35:21 +03:00
Eelco Dolstra
20b54bd989 Merge pull request #12724 from abbradar/udev-hwdb
udev service: generate hwdb database from all udev packages
2016-02-03 14:24:11 +01:00
aszlig
ac9cea30fb
Merge pull request #12769 from Profpatsch/beets
Updates beets to version 1.3.16, which comes with new plugins
"embyupdate", "edit" and "mbsubmit". See the following URL for a
detailed upstream changelog:

http://beets.readthedocs.org/en/v1.3.16/changelog.html

The "mbsubmit" plugin isn't listed there and made it more or less
silently into the release, see beetbox/beets#1779 for the final work on
the plugin.

Tested this locally with a few queries and using the new "edit" plugin.
2016-02-03 14:19:35 +01:00
aszlig
8ecd3a5e1d
nixos/stage-1: Fix references to readlink/basename
Fixes references coming from the mdadm udev rules.

This addresses #12722 (mdadm udev rules have references to /usr/bin) but
still won't fix the warning, though (if we want to fix the warnings, we
will have to patch the udev rules generater in services/hardware/udev).

For common mdraid functionality, this shouldn't fix anything, because
the wrong references seem to only apply to containers, see these
(wrapped) lines from ${mdadm}/lib/udev/rules.d/63-md-raid-arrays.rules:

  # Tell systemd to run mdmon for our container, if we need it.
  ENV{MD_LEVEL}=="raid[1-9]*",
    ENV{MD_CONTAINER}=="?*",
  PROGRAM="/usr/bin/readlink $env{MD_CONTAINER}",
    ENV{MD_MON_THIS}="%c"
    ENV{MD_MON_THIS}=="?*",
    PROGRAM="/usr/bin/basename $env{MD_MON_THIS}",
    ENV{SYSTEMD_WANTS}+="mdmon@%c.service"

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-02-03 14:19:24 +01:00
Sven Keidel
ca21ae0eda isabelle: 2014 -> 2015
Picked from #8510. /cc maintainer @jwiegley.
2016-02-03 13:51:35 +01:00
Nikolay Amiantov
1d70e2fb75 initrd modules: move passwd and nsswitch back to initrd-ssh
Partially reverts commit 901163c0c7.
This has broken remote SSH into initrd because ${cfg.shell} is not
expanded. Also, nsswitch is useless without libnss_files.so which
are installed by initrd-ssh.
2016-02-03 14:56:55 +03:00
Nikolay Amiantov
815ff00ee0 initrd-ssh module: enable only if initrd network is enabled 2016-02-03 14:55:52 +03:00
Nikolay Amiantov
cc70183cee initrd-network module: initialize network before other pre-LVM commands
This is needed to ensure that network will be initialized before LUKS
passphrase is asked.
2016-02-03 14:55:42 +03:00
Vladimír Čunát
889351af8b Revert "Merge #12357: nixos docs: show references to packages"
The PR wasn't good enough yet.
This reverts commit b2a37ceeea, reversing
changes made to 7fa9a1abce.
2016-02-03 12:16:33 +01:00
Eelco Dolstra
69ec09f38a Don't make chromium-beta/dev release blockers
Generally we shouldn't ship pre-release versions anyway, and we
certainly don't want them to be release blockers. Also, chromium
builds are just too slow to have them blocking the channel (see
https://github.com/NixOS/nixpkgs/issues/12794).
2016-02-03 11:49:50 +01:00
Jascha Geerds
ace76b5bdb keepassx2: 2.0 -> 2.0.2 2016-02-03 11:36:53 +01:00
Vladimír Čunát
b2a37ceeea Merge #12357: nixos docs: show references to packages 2016-02-03 10:07:27 +01:00
Vladimír Čunát
7fa9a1abce Merge #12783: add some meta.platforms attributes 2016-02-03 09:10:19 +01:00
Pascal Wittmann
16799ffda1 Merge pull request #12788 from kragniz/cmocka
cmocka: init at 1.0.1
2016-02-03 08:10:28 +01:00
Louis Taylor
55c4bf166a cmocka: init at 1.0.1 2016-02-03 04:34:50 +00:00
Tuomas Tynkkynen
0b971a8134 ckbcomp: Builds on Darwin 2016-02-03 04:46:09 +02:00
Tuomas Tynkkynen
37fbf0e24f dtc: Builds on Darwin 2016-02-03 04:46:09 +02:00
Tuomas Tynkkynen
3a98ff3c21 attr: Add platforms 2016-02-03 04:46:09 +02:00
Tuomas Tynkkynen
40879a95ee acl: Add platforms 2016-02-03 04:46:09 +02:00
Damien Cassou
22d9e4ef26 Merge pull request #12777 from matthiasbeyer/update-some-packages
Update some packages
2016-02-02 23:09:13 +01:00
Eelco Dolstra
cf5c8085b6 Merge pull request #12778 from dezgeg/pr-kernel-module-strip
kernel: Let the kernel build system strip modules
2016-02-02 22:36:47 +01:00
Franz Pletz
1a70f26d24 Merge pull request #12775 from mogorman/sopel
sopel: 6.2.1 -> 6.3.0
2016-02-02 21:58:03 +01:00
Franz Pletz
1831d74ec9 Merge pull request #12776 from mogorman/platformio
platformio: 2.8.1 -> 2.8.3
2016-02-02 21:57:09 +01:00
Tuomas Tynkkynen
7db1cba057 kernel: Let the kernel build system strip modules
Since commit 48f51f1185 we let the kernel build system compress the
modules, which makes the original strip expression not work. Let the
kernel build system strip them as well so they get stripped.
2016-02-02 22:47:32 +02:00
Matthias Beyer
11f95e1681 mdp: 1.0.1 -> 1.0.4 2016-02-02 21:33:09 +01:00
Matthew O'Gorman
593f8dba06
platformio: 2.8.1 -> 2.8.3 2016-02-02 15:31:43 -05:00
Matthias Beyer
61bef57edb ctodo: 1.1 -> 1.2 2016-02-02 21:23:07 +01:00
Tobias Geerinckx-Rice
133ad6d722 geolite-legacy 2016-02-01 -> 2016-02-02 2016-02-02 21:22:42 +01:00
Matthias Beyer
0c2ac149a3 hstr: 1.17 -> 1.19 2016-02-02 21:21:38 +01:00
Matthias Beyer
51e0077e79 khard: 0.6.3 -> 0.8.1 2016-02-02 21:19:35 +01:00
Matthew O'Gorman
f5c82a0c28
sopel: 6.2.1 -> 6.3.0 2016-02-02 15:13:07 -05:00
Franz Pletz
7e4f0b046e darling-dmg: cleanup
Version was wrong. Bumped to current version 1.0.4.

See #11561 for details.
2016-02-02 21:10:23 +01:00
Eelco Dolstra
e618492168 Revert "Do not relocate /nix and /tmp to small disks on AWS"
This reverts commit f10bead8fd because
it doesn't work - there is no lsblk in the initrd, and there is a
missing backslash.
2016-02-02 19:59:28 +01:00
Eelco Dolstra
cc925d0506 boot.initrd.network: Support DHCP
This allows us to use it for EC2 instances.
2016-02-02 19:59:27 +01:00
Eelco Dolstra
901163c0c7 Split the initrd sshd support into a separate module
Also, drop boot.initrd.postEarlyDeviceCommands since preLVMCommands
should work fine.
2016-02-02 19:59:27 +01:00
Eelco Dolstra
a5d5736692 Typo 2016-02-02 19:59:27 +01:00
Eelco Dolstra
06731dfcae ec2: Don't use ephemeral disks for /nix unionfs
This is a regression introduced by merging the EBS and S3 images. The
EBS images had a special marker /.ebs to prevent the initrd from using
ephemeral storage for the unionfs, but this marker was missing in the
consolidated image.

The fix is to check the file ami-manifest-path on the metadata server
to see if we're an S3-based instance. This does require networking in
the initrd.

Issue #12613.
2016-02-02 19:59:27 +01:00