---
Using the configure option relieves us of the patch and passing the path
via the env var in many places. Also the env var may not be inherited
when components like gdm spawn new sessions.
The following changes are included:
1) install user unit files from upstream dbus
2) use absolute paths to config for --system and --session instances
3) make socket activation of user units configurable
There has been a number of PRs to address this, so this one does the
bare minimum, which is to make the functionality available and
configurable but defaults to off.
Related PRs:
- #18382
- #18222
(cherry picked from commit f7215c9b5b47dfb0a6dbe87ff33d7730729a32e5)
Signed-off-by: Domen Kožar <domen@dev.si>
4.1.12
======
Bugfixes
--------
Fix malformed edns query assertion failure, reported by Michal Kepien (NASK).
4.1.11
======
Features
--------
* When tcp is more than half full, use short timeout for tcp session.
* Patch for {max,min}-{refresh,retry}-time from YAMAGUCHI Takanori.
* Fix#790: size-limit-xfr can stop NSD from downloading infinite zone transfer data size, from Toshifumi Sakaguchi. Fixes CVE-2016-6173 JVN#63359718 JPCERT#91251865.
Bugfixes
--------
* Fix build without IPv6, patch from Zdenek Kaspar.
* Fix#783: Trying to run a root server without having configured it silently gives wrong answers.
* Fix#782: Serve DS record but parent zone has no NS record.
* Fix nsec3 missing for nsec3 signed parent and child for DS at zonecut.
4.1.10
======
Features
--------
* ip-freebind: yesno option in nsd.conf sets IP_FREEBIND socket option for Linux, binds to interfaces and addresses that are down.
* NSD includes AAAA before A for queries over IPV6 (in delegations). And TC is set if no glue can be provided with a delegation because of packet size.
* print notice that nsd is starting before taking off.
Bugfixes
--------
* Fix for openssl 1.1.0, HMAC_CTX size not exported from openssl.
* Fix#751: NSD fails to occlude names below a DNAME.
* If set without nsd.db print "" as the default in the man pages.
* Fix#755: NSD spins after a zone update and a lot of TCP queries.
* Fix for NSEC3 with zone signed without exact match for empty nonterminals, the answer for that domain gets closest encloser.
* #772 Document that recvmmsg has IPv6 problems on some linux kernels.
4.1.9
=====
Bugfixes
--------
* Change the nsd.db file version because of nanosecond precision fix.
The services/networking directory is already quite polluted and the
first point where I was looking for the offlineimap module was in
services/mail and didn't find it there.
Offlineimap already has IMAP in its name and clearly belongs to the
"mail" category so let's move it there.
Tested by evaluating a configuration with services.offlineimap enabled.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
Coercing the derivation to string causes the package to be built during
evaluation rather than during actual realization which is completely
unnecessary because we don't need additional Nix expression information
for the package (nor do we need it for the service).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @DamienCassou
Cc: @Profpatsch (stumbled on this because of him)
This commit removes all references to emacs24 with the exception of
emacs24-macports. The two folders in `pkgs/applications/editors` named
`emacs-24` and `emacs-24` are consolidated to a new `emacs` folder.
Various parts in nixpkgs also referenced `emacs24Packages` (pinned to
`emacs24`) explicitly where `emacsPackages` (non-pinned) is more
appropriate. These references get fixed by this commit too.
* influxdb module: add postStart
* cadvisor module: increase TimeoutStartSec
Under high load, the cadvisor module can take longer than the default 90
seconds to start. This change should hopefully fix the test on Hydra.
Regression introduced by bccd75094f.
The mentioned commit removed the pkgs.gtk attribute, but forgot to
change this within the xfce module.
Tested using the xfce NixOS test and it has passed on my machine.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
While entering the chroot should provide the same amount of isolation,
the preStart script will run with full root privileges and so would
benefit from some isolation as well (in particular due to
unbound-anchor, which can perform network I/O).
1. The preStart script ensures consistent ownership, even if the unbound
user's uid has changed
2. The unbound daemon does not generate data that needs to be private to
it, so it would not matter that a different service would end up
owning its data (as long as unbound remains enabled, it should reclaim
ownership soon enough anyway).
Thus, there's no clear benefit to allocate a dedicated uid for the
unbound service. This releases uid/gid 48.
Also, because the preStart script creates the data directory, there's no
need to specify a homedir or ask for its creation.
/dev/random is an exhaustible resource. Presumably, unbound will not be
used to generate long-term encryption keys and so allowing it to use
/dev/random only increases the risk of entropy exhaustion for no
benefit.
