To mitigate Spectre Variant 2, GCC needs to have retpoline
support (-mindirect-branch and -mfunction-return arguments on amd64
and i386).
Patches were pulled from H.J. Lu's backport branch to
4.9 (hjl/indirect/gcc-4_9-branch), available at
https://github.com/hjl-tools/gcc/tree/hjl/indirect/gcc-4_9-branch/master. Upstream
GCC does not apply patches to anything older than the
gcc-6-branch. H.J. Lu is the author of the upstream retpoline commits
as well.
Several Linux distributions already backported these patches to GCC 4
branches and some old kernels (3.13 for instance) have been recompiled
with these GCC patches. These kernels only allow to load kernel
modules that are compiled with the retpoline support.
References:
- Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gcc-4.8/+bug/1749261
- Ubuntu package: https://launchpad.net/ubuntu/+source/gcc-4.8/4.8.4-2ubuntu1~14.04.4Fixes#38394
blank-canvas-0.6.3 depends on base-compat-batteries-0.10, which
depends on base-compat-0.10. This conflicts with the rest of the LTS
set, which uses base-compat-0.9. No base-compat-batteries-0.9 exists.
blank-canvas-0.6.2 only depends on base-compat >= 0.8 && < 0.10.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/imagemagick/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/sjpf6fsvmv7aj4x1ngl8ri423cym07cj-imagemagick-7.0.7-29/bin/magick-script -h’ got 0 exit code
- ran ‘/nix/store/sjpf6fsvmv7aj4x1ngl8ri423cym07cj-imagemagick-7.0.7-29/bin/magick-script --help’ got 0 exit code
- ran ‘/nix/store/sjpf6fsvmv7aj4x1ngl8ri423cym07cj-imagemagick-7.0.7-29/bin/magick -h’ got 0 exit code
- ran ‘/nix/store/sjpf6fsvmv7aj4x1ngl8ri423cym07cj-imagemagick-7.0.7-29/bin/magick --help’ got 0 exit code
- ran ‘/nix/store/sjpf6fsvmv7aj4x1ngl8ri423cym07cj-imagemagick-7.0.7-29/bin/magick help’ got 0 exit code
- found 7.0.7-29 with grep in /nix/store/sjpf6fsvmv7aj4x1ngl8ri423cym07cj-imagemagick-7.0.7-29
- directory tree listing: https://gist.github.com/12ed56d2de915ea05dcb89d5486181f8
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/zookeeper/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/g0fmbsp2n6sgh4fa9k6w2m3ndq9vhcxl-zookeeper-3.4.12/bin/zkServer.sh -h’ got 0 exit code
- ran ‘/nix/store/g0fmbsp2n6sgh4fa9k6w2m3ndq9vhcxl-zookeeper-3.4.12/bin/zkServer.sh --help’ got 0 exit code
- ran ‘/nix/store/g0fmbsp2n6sgh4fa9k6w2m3ndq9vhcxl-zookeeper-3.4.12/bin/zkServer.sh help’ got 0 exit code
- ran ‘/nix/store/g0fmbsp2n6sgh4fa9k6w2m3ndq9vhcxl-zookeeper-3.4.12/bin/zkCli.sh help’ got 0 exit code
- found 3.4.12 with grep in /nix/store/g0fmbsp2n6sgh4fa9k6w2m3ndq9vhcxl-zookeeper-3.4.12
- directory tree listing: https://gist.github.com/9a91124b15dbb7aa6469746b3edb67a9
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/umockdev/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/lzgyyshqfl8ma25ixvldaz40pscq30h4-umockdev-0.11.3/bin/umockdev-run -h’ got 0 exit code
- ran ‘/nix/store/lzgyyshqfl8ma25ixvldaz40pscq30h4-umockdev-0.11.3/bin/umockdev-run --help’ got 0 exit code
- ran ‘/nix/store/lzgyyshqfl8ma25ixvldaz40pscq30h4-umockdev-0.11.3/bin/umockdev-run --version’ and found version 0.11.3
- ran ‘/nix/store/lzgyyshqfl8ma25ixvldaz40pscq30h4-umockdev-0.11.3/bin/umockdev-record -h’ got 0 exit code
- ran ‘/nix/store/lzgyyshqfl8ma25ixvldaz40pscq30h4-umockdev-0.11.3/bin/umockdev-record --help’ got 0 exit code
- ran ‘/nix/store/lzgyyshqfl8ma25ixvldaz40pscq30h4-umockdev-0.11.3/bin/umockdev-record --version’ and found version 0.11.3
- found 0.11.3 with grep in /nix/store/lzgyyshqfl8ma25ixvldaz40pscq30h4-umockdev-0.11.3
- directory tree listing: https://gist.github.com/3dcf7f53d51ca4a9c739e567456cb16f
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/sudo/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/cvtsudoers -h’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/cvtsudoers --help’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/sudoreplay -h’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/sudoreplay --help’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/sudoreplay -V’ and found version 1.8.23
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/sudoreplay --version’ and found version 1.8.23
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/visudo -h’ got 0 exit code
- ran ‘/nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23/bin/visudo --help’ got 0 exit code
- found 1.8.23 with grep in /nix/store/d2g0ybmppcar8k38jjiqqdz8s3knwrrm-sudo-1.8.23
- directory tree listing: https://gist.github.com/4d6cfc75cde31a340e8a41bf3d969564
Skopeo is used to pull images from a Docker registry (instead of a
Docker deamon in a VM).
An image reference is specified with its name and its digest which is
an immutable image identifier (unlike image name and tag).
Skopeo can be used to get the digest of an image, for instance:
$ skopeo inspect docker://docker.io/nixos/nix:1.11 | jq -r '.Digest'
