[email protected] writes: > I am using the following expression which I believe will build a patched > version of glibc locally, and then build a patched NixOS derivation. > > system.replaceRuntimeDependencies = with pkgs.lib; > [{original = pkgs.glibc; replacement = > pkgs.stdenv.lib.overrideDerivation pkgs.glibc (oldAttr: { patches = > oldAttr.patches ++ > [(pkgs.fetchurl { url = > "https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/development/libraries/glibc/cve-2015-7547.patch";; > sha256 = > "0awpc4rp2x27rjpj83ps0rclmn73hsgfv2xxk18k82w4hdxqpp5r";})]; > });} > ]; > > I didin't time it, but I think it took around 25 minutes to update my > desktop machine this way. Good luck everyone.
For those of us who aren't that fluent in Nix idioms -- could you provide a quick summary of how you manage to achieve the seemingly impossible? Normally, one would expect that updating glibc would cause a full system rebuild, but in your case it's obviously not the case. And lastly -- is this somehow related to the techniques proposed for providing NixOS with security updates? -- с уважениeм / respectfully, Косырев Сергей _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
