My proposal is to have an hydra security channel independent of nixpkgs.
SAMPLE USAGE
nix-channel --add
http://hydra.nixos.org/jobset/nixos/security/channel/latest
The channel will provide a nixos-sec/module.nix to be imported by the
users in their configuration.nix.
The nixos-sec/module.nix
Starting from the installation image on the Wiki, I managed to get my
Raspberry Pi Model B up-to-date WRT nixos-13.10 . I then changed the channel
to nixos-14.04, updated the channel, and ran nixos-rebuild build, resulting
in the following output:
building Nix...
error: user-thrown exception: the
I've stared at it wistfully but didn't get around to it yet :)
Can you please add --show-trace so we can see how the failure happens?
Basically, you're in this bit of code:
It sounds like a necessary evil.
Another option would be to make Hydra super fast... What has been explored
to optimize compile speeds? Using distcc, ccache, SSD, elastic scaling?
What if we had a security build fund that we could use to briefly run 500
machines to complete security builds?
It sounds like a necessary evil.
Another option would be to make Hydra super fast... What has been explored
to optimize compile speeds? Using distcc, ccache, SSD, elastic scaling?
What if we had a security build fund that we could use to briefly run 500
machines to complete security builds?
On Thu, Sep 25, 2014 at 2:41 PM, Michael Raskin 7c6f4...@mail.ru wrote:
It sounds like a necessary evil.
Another option would be to make Hydra super fast... What has been explored
to optimize compile speeds? Using distcc, ccache, SSD, elastic scaling?
What if we had a security build fund
On Wed, Sep 24, 2014 at 11:34 PM, Peter Simons sim...@cryp.to wrote:
If you are worried about Bash CVE-2014-6271 (you should) and don't want
to wait for Hydra to re-build the world, then check out
https://github.com/NixOS/nixpkgs/pull/4257#issuecomment-56727114
to see how to replace the
On 25/09/2014 15:41, Ricardo M. Correia wrote:
Namely, when I run nixos-rebuild dry-run on my laptop, instead of
taking 3 seconds to finish, now it takes more than 65 minutes (!). It
seems to be CPU-bound during the whole time. Also, take into account
my laptop a relatively fast CPU - a
Am I correct when thinking there are currently still 104+4 jobs failing?
http://hydra.nixos.org/eval/1153186#tabs-still-fail
Here's a strange one: kde-telepathy is failing since January, and
apparently the problem is part of this patch range:
On Thu, Sep 25, 2014 at 4:21 PM, Wout Mertens wout.mert...@gmail.com
wrote:
Am I correct when thinking there are currently still 104+4 jobs failing?
http://hydra.nixos.org/eval/1153186#tabs-still-fail
Yes.
Here's a strange one: kde-telepathy is failing since January, and
apparently the
Domen Kožar do...@dev.si writes:
- ledger: wrong hash
Which ledger? I just updated yesterday.
John
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
On Thu, Sep 25, 2014 at 5:11 PM, John Wiegley jo...@newartisans.com wrote:
Domen Kožar do...@dev.si writes:
- ledger: wrong hash
Which ledger? I just updated yesterday.
http://hydra.nixos.org/build/14709824
___
nix-dev mailing list
- bossa: no idea
- saga: no idea
The only build was cancelled.
- guitone: no idea
First failure in ages is a cancelled build
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Domen Kožar do...@dev.si writes:
http://hydra.nixos.org/build/14709824
Ok, then nix-prefetch-git is simply broken.
John
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
I bet against our package set being buildable in 2 hours — because of
time-critical path likely hitting some non-parallelizable package.
I think most large projects can be compiled via distcc, which means that
all you need is parallel make.
WebKitGTK… (there is a comment about failure to make
On Thu, Sep 25, 2014 at 6:33 PM, Michael Raskin 7c6f4...@mail.ru wrote:
I bet against our package set being buildable in 2 hours — because of
time-critical path likely hitting some non-parallelizable package.
I think most large projects can be compiled via distcc, which means that
all
Note that from business perspective server admin usually wants to do
following two things:
1) to be notified if any of software packages has a security vuln
2) to take automated/manual actions to upgrade ONLY those packages and not
bump and versions
Having faster hydra doesn't solve 2)
Domen
Hi Wout,
Another option would be to make Hydra super fast... What has been
explored to optimize compile speeds? Using distcc, ccache, SSD,
elastic scaling?
Hydra is appears slow because hydra-evaluator is single-threaded. A
round-trip evaluating all jobsets on hydra.nixos.org takes almost
On Sep 25, 2014 8:19 PM, Peter Simons sim...@cryp.to wrote:
Hi Wout,
Another option would be to make Hydra super fast... What has been
explored to optimize compile speeds? Using distcc, ccache, SSD,
elastic scaling?
Hydra is appears slow because hydra-evaluator is single-threaded. A
It works well with this revision
b37af08 2014-09-03 21:54 Michael Raskin * [master] Update
mdbtools-git to latest
On 09/23/2014 09:48 PM, Dmitry Malikov wrote:
I've tried it with updated nixpkgs channel downloaded from
Hi Peter,
On Thu, Sep 25, 2014 at 9:19 PM, Peter Simons sim...@cryp.to wrote:
Hydra is appears slow because hydra-evaluator is single-threaded. A
round-trip evaluating all jobsets on hydra.nixos.org takes almost a day. If
a commit comes in 10 minutes after 'master' was evaluated, then it takes
Hi!
I'm thinking of working on the integration of Haste packages into NixOS
on the weekend. I want to hook onto the package management of Haskell,
and adapt it for Haste.
Now, I wanted to ask if someone already started to work on that or had
any ideas or thoughts about it. If so, it would be
Hi Thomas,
I recently got ghcjs integrated, so it may be helpful to take a look at my
patches. They're available at https://github.com/ryantrinkle/nixpkgs and
are making their way upstream thanks to the efforts of Charles Strahan (
https://github.com/cstrahan).
Ryan
On Thu, Sep 25, 2014 at
Very true, but isn't the stable branch supposed to do exactly that? Only
upgrade things for security reasons or harmless bugfixes? If we're not
doing that, I think we should have clearer guidelines for updating stable.
Wout.
On Thu, Sep 25, 2014 at 8:00 PM, Domen Kožar do...@dev.si wrote:
24 matches
Mail list logo
