Commit graph

627 commits

Author SHA1 Message Date
obadz
0e8d2725dc Merge branch 'master' into staging 2016-08-23 18:50:06 +01:00
Franz Pletz
a12b2bfb8b xen: Fix build on Glibc 2.24 2016-08-23 19:17:36 +02:00
Tuomas Tynkkynen
0f3c0e6801 open-vm-tools: use makeBinPath 2016-08-23 04:32:21 +03:00
Tuomas Tynkkynen
282277dbc8 treewide: Use more makeBinPath 2016-08-23 01:18:10 +03:00
Tuomas Tynkkynen
74a3a2cd7e treewide: Use makeBinPath 2016-08-23 01:18:10 +03:00
Tuomas Tynkkynen
51ad423716 treewide: Use makeLibraryPath in 'patchelf --set-rpath' calls 2016-08-23 00:04:39 +03:00
obadz
24a9183f90 Merge branch 'hardened-stdenv' into staging
Closes #12895

Amazing work by @globin & @fpletz getting hardened compiler flags by
enabled default on the whole package set
2016-08-22 01:19:35 +01:00
Frederik Rietdijk
5a501bd828 Remove top-level dbus_python and pythonDBus.
See #11567.

Furthermore, it renames pythonPackages.dbus to pythonPackages.dbus-
python as that's the name upstream uses.

There is a small rebuild but I couldn't figure out the actual cause.
2016-08-16 22:52:37 +02:00
Domen Kožar
584c19b4a5 Merge pull request #17720 from oxij/fix-xen
Fix xen build
2016-08-16 22:06:52 +02:00
Robin Gloster
33e1c78ae3 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-16 07:54:01 +00:00
Jan Malakhovski
fdca71776a xen: cleanup 4.5.0 expression a bit 2016-08-13 21:53:25 +00:00
Jan Malakhovski
16ce708555 xen: fix urls and hashes (fallout from #15469) 2016-08-13 21:53:24 +00:00
Kranium Gikos Mendoza
9a0dfe23d8 tini: fix build 2016-08-13 14:23:20 +08:00
Robin Gloster
b7787d932e Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-12 09:46:53 +00:00
Stefan Junker
918b11e64c rkt: 1.11.0 -> 1.12.0 (#17620) 2016-08-09 22:23:05 +02:00
Robin Gloster
1b979d8384 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-08-03 13:34:44 +00:00
Franz Pletz
cb0ddbadd9 seabios: 1.9.2 -> 1.9.3 2016-08-02 21:21:02 +02:00
Tuomas Tynkkynen
21f17d69f6 treewide: Add lots of meta.platforms
Build-tested on x86_64 Linux & Mac.
2016-08-02 21:42:43 +03:00
Franz Pletz
15b8491af3 seabios: disable fortify hardening 2016-08-02 17:38:25 +02:00
Robin Gloster
f222d98746 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-25 12:47:13 +00:00
Stefan Junker
04b30b2397 rkt: fix default stage1 location 2016-07-22 18:18:29 -07:00
Stefan Junker
abc3faa294 rkt: 1.10.1 -> 1.11.0 2016-07-22 17:49:38 -07:00
Robin Gloster
203846b9de Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-19 10:37:02 +00:00
Stefan Junker
a9728c2796 rkt: install stage1 ACIs to expected path (#17079)
Makes rkt's `--stage1-from-dir` CLI argument work.
2016-07-19 09:31:52 +02:00
Robin Gloster
5185bc1773 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-07-15 14:41:01 +00:00
Stefan Junker
efe4d48e8e rkt: 1.9.1 -> 1.10.1 (#16895) 2016-07-14 12:18:07 +02:00
Vladimír Čunát
3afa246038 Merge branch 'staging'
This includes a security update of expat.
2016-06-29 07:47:04 +02:00
Joachim Fasting
b148be7ff9
seabios: 1.7.5.2 -> 1.9.2
Also fixes the build
2016-06-28 01:56:33 +02:00
Franz Pletz
bac698b868 virtmanager: 1.3.1 -> 1.4.0 2016-06-27 00:11:41 +02:00
Stefan Junker
c357a6a7ac rkt: remove incompatible stage1-host 2016-06-24 12:55:03 -07:00
Stefan Junker
5f2d746846 rkt: 1.9.0 -> 1.9.1 2016-06-24 12:54:53 -07:00
Stefan Junker
445f60c1e3 rkt: 1.8.0 -> 1.9.0 2016-06-23 14:15:47 -07:00
Leon Isenberg
ccbb3fa541 docker: Expose completions for fish 2016-06-20 23:41:32 +02:00
Vladimír Čunát
e757404555 Merge branch 'master' into staging
Hydra nixpkgs: ?compare=1279790
2016-06-19 12:33:04 +02:00
Vladimír Čunát
a02e5ad926 virtualbox: fix build with gcc-5.4 by Debian patch 2016-06-19 10:40:07 +02:00
Joachim Fasting
886c03ad2e Merge pull request #16107 from joachifm/grsec-ng
Rework grsecurity support
2016-06-14 03:52:50 +02:00
Joachim Fasting
dae5f53d25
qemu: apply PaX markings 2016-06-14 03:38:18 +02:00
Robin Gloster
8031cba2ab Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-06-10 09:27:04 +00:00
Stefan Junker
42b3156b4e rkt: 1.7.0 -> 1.8.0 2016-06-09 16:28:30 -07:00
Stefan Junker
2e6b257edf rkt: 1.5.1 -> 1.7.0 (#15958) 2016-06-08 16:43:42 +01:00
Tuomas Tynkkynen
bac26e08db Fix lots of fetchgit hashes (fallout from #15469) 2016-06-03 17:17:08 +03:00
zimbatm
a6593a16f7 virtualbox: give full url for downloading the ext (#15869)
The user only has to agree on the terms and conditions before
downloading the file. We might as well give him access to the full URL
by default.
2016-06-01 10:01:04 +01:00
Robin Gloster
2d382f3d98 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-30 19:39:34 +00:00
obadz
f0de1c75b5 docker: fix build with systemd 230 2016-05-27 15:42:15 +01:00
Vladimír Čunát
81039713fa Merge branch 'master' into staging
... to get the systemd update (rebuilding ~7k jobs).
2016-05-26 16:50:22 +02:00
Rickard Nilsson
13b8606241 qemu: 2.5.1 -> 2.6.0 2016-05-25 10:42:45 +02:00
Nathan Zadoks
99177c7377 docker: remove enableLxc parameter
LXC support was removed in Docker 1.4 (November 2015), and isn't coming
back.
2016-05-24 11:08:20 -04:00
Tuomas Tynkkynen
f81af4e6f0 treewide: Make explicit that 'dev' output of glib is used 2016-05-19 10:00:35 +02:00
Franz Pletz
f8d481754c
Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-05-18 17:10:02 +02:00
Michael Raskin
fde921578a virtualboxGuestAdditions: update hash for virtualbox 5.0.20 2016-05-17 08:44:32 +02:00
Michael Raskin
4f5e4ad69c virtualbox: 5.0.14 -> 5.0.20 2016-05-16 22:42:27 +02:00
zimbatm
3ade1e7d3e Merge branch 'pr/14911' 2016-05-05 21:28:27 +01:00
Joaquim Pedro França Simão
133dc10e5a open-vm-tools: fixes host VMware errors 2016-05-05 21:27:54 +01:00
Joaquim Pedro França Simão
0ecef73966 open-vm-tools: updates to 10.0.7 and fixes compilation erros 2016-05-05 21:27:54 +01:00
Stefan Junker
213f0f23a8 rkt: 1.4.0 -> 1.5.1 2016-05-05 12:01:58 +02:00
Robin Gloster
c92bca56f8 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-05-02 22:58:02 +00:00
Stefan Junker
07d305af32 rkt: 1.2.0 -> 1.4.0 2016-04-23 20:57:19 +02:00
Sheena Artrip
50d6c3ba38
virtualbox: obey NIX_BUILD_CORES for make invocation 2016-04-22 02:41:23 -04:00
Robin Gloster
d020caa5b2 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-18 13:49:22 +00:00
Nathan Zadoks
ebdd600732 docker: allow disabling btrfs and devicemapper 2016-04-17 00:41:17 +02:00
obadz
bf5e339d24 virtualbox: dontPatchELF = true
Workaround patchelf#93 and help move forward on #14595
2016-04-14 17:05:31 +01:00
Vladimír Čunát
30f14243c3 Merge branch 'master' into closure-size
Comparison to master evaluations on Hydra:
  - 1255515 for nixos
  - 1255502 for nixpkgs
2016-04-10 11:17:52 +02:00
Franz Pletz
2463e09173 virtinst: Fix cherry-pick merge 2016-04-10 01:26:45 +02:00
Robin Gloster
fe974894e2 virt-manager: remove sqlalchemy from (transitive) dependencies
Is not used according to source code
2016-04-10 01:21:46 +02:00
Vladimír Čunát
d1df28f8e5 Merge 'staging' into closure-size
This is mainly to get the update of bootstrap tools.
Otherwise there were mysterious segfaults:
https://github.com/NixOS/nixpkgs/pull/7701#issuecomment-203389817
2016-04-07 14:40:51 +02:00
Robin Gloster
3437b52e6b qboot: turn off stackprotector and pic hardening 2016-04-03 11:41:30 +00:00
Robin Gloster
696d85a62d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-04-03 11:01:57 +00:00
Vladimír Čunát
ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Frederik Rietdijk
97a29ff817 Merge pull request #14110 from lancelotsix/clean_sqlalchemy_legacy
Clean sqlalchemy legacy
2016-03-31 10:52:53 +02:00
Franz Pletz
2e08d8234e Merge remote-tracking branch 'origin/master' 2016-03-31 10:06:30 +02:00
Domen Kožar
8a34a3b37a qemu: 2.5.0 -> 2.5.1
Hopefully this also fixes installer tests on i686
2016-03-30 15:12:41 +01:00
Robin Gloster
f60c9df0ba Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-28 15:16:29 +00:00
Derek Gonyeo
587fbb5b15 rkt: v1.1.0 -> v1.2.0 2016-03-22 14:59:55 -07:00
Lancelot SIX
8dd955cc10 virtinst: remove sqlalchemy7 dependency
sqlalchemy is never used:

```
$ nix-shell default.nix -A virtinst
$ unpackPhase && cd virtinst-*
$ grep -r sqlalchemy .
$
```
2016-03-21 21:09:20 +01:00
Pierre Dal-Pra
d97805ccd0 docker: 1.10.0 -> 1.10.3 2016-03-18 22:12:42 +01:00
Robin Gloster
3f45f0948d Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-15 01:44:24 +00:00
Domen Kožar
9ad60eae48 xen: remove unneeded depds now that stubdom is disabled 2016-03-09 18:56:25 +00:00
Domen Kožar
086a7d138d xen: disable stubdom due to #13590 2016-03-09 13:51:45 +00:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Franz Pletz
40d90ef8ac Merge pull request #13561 from matthewbauer/qemu-mac
qemu: compile with cocoa for darwin support
2016-03-08 02:15:09 +01:00
Robin Gloster
1b4ec4b495 linuxPackages.virtualbox: disable fortify/pic/stackprotector 2016-03-06 15:48:16 +00:00
Franz Pletz
cb3d27df93 Merge remote-tracking branch 'origin/master' into hardened-stdenv 2016-03-05 18:55:30 +01:00
Franz Pletz
aff1f4ab94 Use general hardening flag toggle lists
The following parameters are now available:

  * hardeningDisable
    To disable specific hardening flags
  * hardeningEnable
    To enable specific hardening flags

Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.

cc-wrapper supports the following flags:

  * fortify
  * stackprotector
  * pie (disabled by default)
  * pic
  * strictoverflow
  * format
  * relro
  * bindnow
2016-03-05 18:55:26 +01:00
Frederik Rietdijk
36506df7fe Merge pull request #13448 from lancelotsix/use_recent_sqlalchemy_as_default
pythonPackages.sqlalchemy: follows upstream, use "sqlalchemy7" for lecagy
2016-03-05 11:07:50 -05:00
Matthew Bauer
864ec69c84 qemu: compile with cocoa for darwin support
This uses the --enable-cocoa flag in qemu to build in Darwin.
2016-03-04 17:45:34 -06:00
Adam Boseley
5b83791207 spice-vdagentd service : initial at 0.16.0 2016-03-05 07:56:47 +10:00
Stefan Junker
13bd76b525 pkgs/rkt: 1.0.0 -> 1.1.0 2016-03-03 19:57:15 +01:00
Robin Gloster
d47857c3d9 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-03-01 21:09:17 +00:00
aszlig
605cc4fdeb
Merge pull request #13052 from @bendlas
Updates VirtualBox from version 5.0.12 to 5.0.14.

Upstream changes are (without bug IDs):

 * GUI: properly limit the number of VCPUs to the number of physical cores
        on Mac OS X
 * Audio: fixed a bug which prevented loading a saved state of a saved
          guests with HDA emulation (5.0.12 regression)
 * Audio: don't crash if the backend is unable to initialize
 * Audio: fixed audio capture on Mac OS X
 * Storage: fixed a possible crash when attaching the same ISO image
            multiple times to the same VM
 * BIOS: properly report if two floppy drives are attached
 * USB: fixed a problem with filters which would not capture the device
        under certain circumstances (5.0.10 regression)
 * ExtPack: black-list Extension Packs older than 4.3.30 due to
            incompatible changes not being properly handled in the past
 * Windows hosts: fixed a regression which caused robocopy to fail
 * Linux hosts: properly create the /sbin/rcvboxdrv symbolic link (5.0.12
                regression)
 * Mac OS X hosts: several fixes for USB on El Capitan
 * Linux Additions: fixes for Linux 4.5

Full upstream changelog with bug IDs can be found at:

  https://www.virtualbox.org/wiki/Changelog

The reason I was reluctant to merge this before were these symbol lookup
errors:

  vboxsf: Unknown symbol VBoxGuest_RTMemTmpFree (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCCall (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexRequest (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexRelease (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTLogRelGetDefaultInstanceEx (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTErrConvertToErrno (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexCreate (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemFastMutexDestroy (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemContFree (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexRelease (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCOpen (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertShouldPanic (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemContAlloc (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexRequest (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexCreate (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTMemTmpAllocTag (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTSemMutexDestroy (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertMsg1Weak (err 0)
  vboxsf: Unknown symbol VBoxGuestIDCClose (err 0)
  vboxsf: Unknown symbol VBoxGuest_RTAssertMsg2Weak (err 0)

However, after testing it against 5.0.12, the same errors occur there as
well, so it is likely related to our VM tests.
2016-03-01 03:36:44 +01:00
Robin Gloster
3b4765c9e5 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-28 16:32:57 +00:00
zimbatm
69ce5cb656 use the sourceforge mirrors everywhere
find pkgs -name "*.nix" -exec sed -r \
    "s|https?://downloads.sourceforge.net/|mirror://sourceforge/|g" -i {} \;
2016-02-28 12:07:42 +00:00
Franz Pletz
6b20b7c4d7 qemu: 2.4.1 -> 2.5.0 (multiple CVEs)
https://lwn.net/Vulnerabilities/666755/
2016-02-27 17:53:22 +01:00
Lancelot SIX
0467a17858 pythonPackages.sqlalchemy: follows upstream, sqlalchemy7 for lecagy
This makes pythonPackages.sqlalchemy the most up to date revision (it
was called sqlalchemy_1_0 before), and maintains the various “legacy”
versions available as pythonPackages.sqlalchemyX for X in {7,8,9}.

All derivations that required `sqlalchemy_1_0` now require `sqlalchemy`
while those that required `sqlalchemy` now require `sqlalchemy7`.

The derivations are not changed, only the attribute names they are
bound to.
2016-02-27 12:11:12 +01:00
Robin Gloster
3477e662e6 Merge remote-tracking branch 'upstream/master' into hardened-stdenv 2016-02-27 00:08:08 +00:00
Frederik Rietdijk
4d06bf70f4 buildPythonApplication: use new function for Python applications 2016-02-19 13:16:41 +01:00
Herwig Hochleitner
bd3ca11e0d virtualbox: 5.0.12 -> 5.0.14 2016-02-16 21:59:11 +01:00
Vladimír Čunát
d039c87984 Merge branch 'master' into closure-size 2016-02-14 08:33:51 +01:00
Robin Gloster
a53bd9daa8 xen: turn off pic hardening 2016-02-11 01:44:23 +00:00
Robin Gloster
63d4e59add seabios: turn off pic and stackprotector hardening 2016-02-10 23:27:37 +00:00
Robin Gloster
e264f1077b bochs: turn off format hardening 2016-02-09 10:29:34 +00:00