Commit graph

82933 commits

Author SHA1 Message Date
Tuomas Tynkkynen
24b046ce05 rpm: Fix python3 detection hack
Commit 5dff3c4b68 made rpm use autoreconfHook, so the patch that we
are making to `configure` gets lost when the file is regenerated.
To fix this, just patch the equivalent string in the `configure.ac` file
instead.

Fixes #15287
2016-05-07 17:55:32 +03:00
Christoph Hrdinka
72306b762d hugin: 2015.0.0 -> 2016.0.0
This updates hugin to its latest version and cleanes the derivation.

Release notes:

http://hugin.sourceforge.net/releases/2016.0.0/en.shtml
2016-05-07 16:50:06 +02:00
Joachim Fasting
5b90702cd6 Merge pull request #15243 from sindikat/patch-1
update docs for services.dictd.* config options
2016-05-07 16:44:41 +02:00
Joachim Fasting
16510869eb Merge pull request #15278 from Baughn/ckan
ckan: Add curl to runtime libraries
2016-05-07 16:42:39 +02:00
Vladimír Čunát
72acb24c1f Merge #15084: gcc: add 6.1.0 2016-05-07 15:20:19 +02:00
Nikolay Amiantov
17e4803de7 initrd-ssh service: fix build 2016-05-07 15:38:46 +03:00
Nikolay Amiantov
f396fa8cb2 deadbeef: fix tray icon 2016-05-07 15:29:28 +03:00
Nikolay Amiantov
62c41cc539 dropbox: meta.licenses -> meta.license 2016-05-07 15:13:28 +03:00
Nikolay Amiantov
41ced9f100 dropbox: mark as unfree 2016-05-07 15:12:07 +03:00
Nikolay Amiantov
f7c02f8670 ejabberd service: add image thumbnailing support 2016-05-07 14:31:16 +03:00
Nikolay Amiantov
bbde5400cf Merge pull request #15286 from Profpatsch/substituteAll-docs-underscore
manual/substituteAll: document filtered variables
2016-05-07 15:13:32 +04:00
Profpatsch
c6cfa7a412 manual/substituteAll: document filtered variables
Some variables are filtered out as of #14907.
2016-05-07 13:10:09 +02:00
Thomas Tuegel
f2ec142847 quassel: 0.12.3 -> 0.12.4
Security update for CVE-2016-4414 (denial of service).
2016-05-07 06:00:09 -05:00
Christoph Hrdinka
f2ac136ec1 darktable: 2.0.2 -> 2.0.4
Release notes for 2.0.3 and 2.0.4 bugfix releases:

https://www.darktable.org/2016/03/darktable-2-0-3-released
https://www.darktable.org/2016/05/darktable-2-0-4-released
2016-05-07 12:59:24 +02:00
Nikolay Amiantov
2d57767974 openspades-git: drop yet another hack, fix accidential python merge 2016-05-07 12:03:24 +03:00
Nikolay Amiantov
628c8e8995 openspades-git: init at 2016-04-17 2016-05-07 11:59:53 +03:00
Nikolay Amiantov
c7193c1506 openspades: less hacks 2016-05-07 11:59:53 +03:00
Nikolay Amiantov
a7fe84e38a openspades: link to openal instead of using LD_LIBRARY_PATH 2016-05-07 11:59:53 +03:00
Peter Simons
a211eef81a heimdall: cosmetic 2016-05-07 10:46:52 +02:00
Vladimír Čunát
372d367b37 mediastreamer: 2.11.2 -> 2.12.1
This fixes the build broken by ortp update d4d6d9d3d.
http://hydra.nixos.org/build/35224682
2016-05-07 09:32:18 +02:00
Rok Garbas
9cd896367a pypi2nix: new release 2016-05-07 05:04:25 +02:00
Ricardo Ardissone
f3843aed47 pythonPackages.sympy: 0.7.6.1 -> 1.0 2016-05-07 00:03:30 -03:00
Charles Strahan
e965e42dc5 go: fix build on Darwin
The go tests get tripped up due to error messages along the lines of:

    ld: warning: /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation, ignoring unexpected dylib file

Which is due to us passing that along via $NIX_LDFLAGS in the `clang` wrapper.
To keep `go` from getting confused, I create a small `clang` wrapper that
filters out that warning.

Also, the strip.patch is no longer necessary, and only causes problems when
testing DWARF support:

    --- FAIL: TestDwarfAranges (0.59s)
        runtime-lldb_test.go:218: Missing aranges section
    FAIL
    FAIL    runtime 17.123s

Also, I disable the misc/cgo/errors test, as I suspect it is also due to similar
problems regarding `ld`:

    ##### ../misc/cgo/errors
    misc/cgo/errors/test.bash: BUG: expected error output to contain "err1.go:11:" but saw:
    # command-line-arguments
    cannot parse gcc output $WORK/command-line-arguments/_obj//_cgo_.o as ELF, Mach-O, PE object
    2016/05/07 02:07:58 Failed: exit status 1

Closes #14208
2016-05-06 22:34:16 -04:00
Charles Strahan
ec1c8071b1 macvim: fix build 2016-05-06 22:32:23 -04:00
Nathaniel Baxter
24ffbfde1d teamspeak_client: 3.0.18.2 -> 3.0.19.1 2016-05-07 09:52:49 +10:00
kklas
491b7c2f15 nodejs: add nodePackages_6_x to all-packages.nix 2016-05-07 01:47:09 +02:00
Peter Simons
c083ef0c6d heimdall: update to version 1.4.1-34-g7ebee1e (current Git 'master') 2016-05-07 01:39:48 +02:00
Peter Simons
91896f4ac5 syncthing: update to version 0.12.23 2016-05-07 01:12:35 +02:00
Tobias Geerinckx-Rice
cd76b71431
cegui: 0.8.4 -> 0.8.7 2016-05-07 00:32:56 +02:00
aszlig
e936f7dff6
Merge branch 'stage1-dont-kill-kthreads'
Merges pull request #15275:

    This addresses #15226 and fixes killing of processes before
    switching from the initrd to the real root.

    Right now, the pkill that is issued not only kills user space
    processes but also sends a SIGKILL to kernel threads as well.
    Usually these threads ignore signals, but some of these processes do
    handle signals, like for example the md module, which happened in
    #15226.

    It also adds a small check for the swraid installer test and a
    standalone test which checks on just that problem, so in the future
    this shouldn't happen again.

This has been acked by @edolstra on IRC.
2016-05-06 22:00:01 +02:00
aszlig
64ca91cac9
nixos/tests/boot-stage1: Add myself to maintainers
As @edolstra pointed out that the kernel module might be painful to
maintain. I strongly disagree because it's only a small module and it's
good to have such a canary in the tests no matter how the bootup process
looks like, so I'm going the masochistic route and try to maintain it.

If it *really* becomes too much maintenance burden, we can still drop or
disable kcanary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 21:32:21 +02:00
Tim Steinbach
f53850bf21 kernel: 4.4.8 -> 4.4.9 (#15276) 2016-05-06 20:25:29 +02:00
Tobias Geerinckx-Rice
5ac997b875
appstream: 0.8.0 -> 0.9.5 2016-05-06 19:17:07 +02:00
Tobias Geerinckx-Rice
237168d452
neovim: unmaintain
*reinstalls emacs*
2016-05-06 19:17:07 +02:00
Tobias Geerinckx-Rice
39421df56a
stress-ng: 0.05.25 -> 0.06.00
Changes: https://launchpad.net/ubuntu/+source/stress-ng/0.06.00-1.
2016-05-06 19:17:07 +02:00
Svein Ove Aas
3d8f9a6937 ckan: Add curl to runtime libraries 2016-05-06 18:04:01 +01:00
zimbatm
4ba7767d91 Merge pull request #14722 from puffnfresh/bug/dockertools-postmount
dockerTools: only add "/nix" if it exists
2016-05-06 17:40:23 +01:00
Lluís Batlle i Rossell
53a4582552 Adding vmlinux to linux kernel 'dev' derivation.
It takes some extra 13MB (and in dev, not out), but allows perf to show kernel
symbols when profiling. I think it is worth it.

In my NixOS, I refer to it in the system derivation, for easy telling to perf
through /run/booted-system/vmlinux:

  system.extraSystemBuilderCmds = ''
    ln -s ${config.boot.kernelPackages.kernel.dev}/vmlinux $out/vmlinux
  '';
2016-05-06 18:11:03 +02:00
Joachim Fasting
5a0cde6c19 Merge pull request #15277 from NeQuissimus/kernel453
kernel: 4.5.2 -> 4.5.3
2016-05-06 17:20:27 +02:00
Tim Steinbach
02d94d335a
kernel: 4.5.2 -> 4.5.3 2016-05-06 11:12:04 -04:00
Joachim Fasting
e341771fc8 Merge pull request #15273 from NeQuissimus/gradle213
gradle: 2.12 -> 2.13
2016-05-06 17:04:39 +02:00
aszlig
eb6e366446
nixos/release-combined: Add boot-stage1 test
We don't want to push out a channel update whenever this test fails,
because that might have unexpected and confused side effects and it
*really* means that stage 1 of our boot up is broken.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:56:54 +02:00
aszlig
4f796c28d5
nixos/tests: Add a test for boot stage 1
We already have a small regression test for #15226 within the swraid
installer test. Unfortunately, we only check there whether the md
kthread got signalled but not whether other rampaging processes are
still alive that *should* have been killed.

So in order to do this we provide multiple canary processes which are
checked after the system has booted up:

 * canary1: It's a simple forking daemon which just sleeps until it's
            going to be killed. Of course we expect this process to not
            be alive anymore after boot up.
 * canary2: Similar to canary1, but tries to mimick a kthread to make
            sure that it's going to be properly killed at the end of
            stage 1.
 * canary3: Like canary2, but this time using a @ in front of its
            command name to actually prevent it from being killed.
 * kcanary: This one is a real kthread and it runs until killed, which
            shouldn't be the case.

Tested with and without 67223ee and everything works as expected, at
least on my machine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:56:43 +02:00
Tim Steinbach
a17c90dcd1
gradle: 2.12 -> 2.13 2016-05-06 10:52:25 -04:00
aszlig
dc6d003011
nixos/tests/installer/swraid: Check for safemode
This is a regression test for #15226, so that the test will fail once we
accidentally kill one or more of the md kthreads (aka: if safe mode is
enabled).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:51:38 +02:00
Joachim Fasting
50d915c758
grsecurity: optionally disable features for redistributed kernels 2016-05-06 16:37:25 +02:00
Joachim Fasting
27061905bd
linuxPackages_grsec_4_5: 3.1-4.5.2-201604290633 -> 3.1-4.5.3-201605060852 2016-05-06 16:37:25 +02:00
aszlig
67223ee205
nixos/stage-1: Don't kill kernel threads
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.

Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():

  drivers/isdn/mISDN/l1oip_core.c
  drivers/md/md.c
  drivers/misc/mic/cosm/cosm_scif_server.c
  drivers/misc/mic/cosm_client/cosm_scif_client.c
  drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
  drivers/staging/rtl8188eu/core/rtw_cmd.c
  drivers/staging/rtl8712/rtl8712_cmd.c
  drivers/target/iscsi/iscsi_target.c
  drivers/target/iscsi/iscsi_target_login.c
  drivers/target/iscsi/iscsi_target_nego.c
  drivers/usb/atm/usbatm.c
  drivers/usb/gadget/function/f_mass_storage.c
  fs/jffs2/background.c
  fs/lockd/clntlock.c
  fs/lockd/svc.c
  fs/nfs/nfs4state.c
  fs/nfsd/nfssvc.c

While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).

During discussion at #15226, @dezgeg suggested the following
implementation:

for pid in $(pgrep -v -f '@'); do
    if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
        kill -9 "$pid"
    fi
done

This has a few downsides:

 * User space processes which use an empty string in their command line
   won't be killed.
 * It results in errors during bootup because some shell-related
   processes are already terminated (maybe it's pgrep itself, haven't
   checked).
 * The @ is searched within the full command line, not just at the
   beginning of the string. Of course, we already had this until now, so
   it's not a problem of his implementation.

I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:

for pid in $(pgrep -v -f '^@'); do
    readlink "/proc/$pid/exe" &> /dev/null || continue
    echo "$pid"
done | xargs kill -9

This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.

So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.

Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:

http://stackoverflow.com/a/12231039

We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.

The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
2016-05-06 16:24:42 +02:00
Tobias Geerinckx-Rice
ab6e0861d4
nginx: restore .upstream files
07d9de713a
2016-05-06 15:37:22 +02:00
Lluís Batlle i Rossell
2f35e223b1 Adding libuuid (libblkid) to lvm2.
It wants it to detect if there are filesystems present in block devices, in
case of pvcreate. Otherwise it complaints "lvm built without blkid support" and
lacks the feature of detecting/wiping.
2016-05-06 15:09:49 +02:00