date:20151116

[Nix-dev] NixCon thanks

2015-11-16 Thread Arseniy Seroka

Thank you all for NixCon 2015! That was super amazing and super awesome.

-- 
Sincerely,
Arseniy Seroka
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixCon thanks

2015-11-16 Thread Karsten Gebbert

Arseniy Seroka  writes:

> Thank you all for NixCon 2015! That was super amazing and super awesome.
>
> -- 
> Sincerely,
> Arseniy Seroka

I agree completely! For me it was also really amazing. I learned *a lot* and am
looking forward to get deeper into everything. :)

Have a good sprint!

Karsten
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixCon thanks

2015-11-16 Thread Matthew O'Gorman

Arseniy Seroka  writes:

> Thank you all for NixCon 2015! That was super amazing and super awesome.

Where any of the talks recorded?  I would love to watch some of the
presentations.

-- 
Matthew O'Gorman
BM-NBUmia4p88Jny5bZbRGcMt64SWWp5WVv
TorChat: 5w3dtk7nhkkijcpc
Site: https://b.rldn.net
Xim/Email: m...@rldn.net
mog@rldn:~$ fortune wisdom -s|cowsay -f /dev/null
 ___ 
/ Instead of loving your enemies, treat \
| your friends a little better. |
|   |
\ -- Edgar W. Howe  /
 --- 


signature.asc
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixCon thanks

2015-11-16 Thread Domen Kožar

https://www.youtube.com/watch?v=PjAmr22FZts=PL_IxoDz1Nq2Y7mIxMZ28mVtjRbbnlVdmy

On Mon, Nov 16, 2015 at 6:30 PM, Matthew O'Gorman  wrote:

> Arseniy Seroka  writes:
>
> > Thank you all for NixCon 2015! That was super amazing and super awesome.
>
> Where any of the talks recorded?  I would love to watch some of the
> presentations.
>
> --
> Matthew O'Gorman
> BM-NBUmia4p88Jny5bZbRGcMt64SWWp5WVv
> TorChat: 5w3dtk7nhkkijcpc
> Site: https://b.rldn.net
> Xim/Email: m...@rldn.net
> mog@rldn:~$ fortune wisdom -s|cowsay -f /dev/null
>  ___
> / Instead of loving your enemies, treat \
> | your friends a little better. |
> |   |
> \ -- Edgar W. Howe  /
>  ---
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixCon thanks

2015-11-16 Thread Jookia

On Mon, Nov 16, 2015 at 06:32:20PM +0100, Domen Kožar wrote:
> https://www.youtube.com/watch?v=PjAmr22FZts=PL_IxoDz1Nq2Y7mIxMZ28mVtjRbbnlVdmy

Here's a non-youtube mirror, useful for those that find youtube slow:
https://media.ccc.de/b/conferences/nixcon/2015
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] Security updates for libpng (CVE-2015-7981 and CVE-2015-8126)

2015-11-16 Thread roconnor

libpng has recently patched a few buffer-overflows in it, so I thought I 
would try exercising the system.replaceRuntimeDependencies functionality 
of nixos.


For nixos managed programs, you can tell if you are affected by running

nix-store -qR /run/current-system | grep libpng

If it lists libpng 1.6.18 or older and/or libpng 1.2.53 or older then you 
could be subject to this buffer-overflow.


I've attached a security_updates.nix nixos module that I have installed to 
update dynamically linked libpng libraries on my system.  I thought I 
would share it with the rest of you.


Unfortunately, you currently need to comment out any clauses for versions 
of libpng that are not on your system.  For example if you don't depend on 
libpng 1.2.*, then you must comment out the libpng12 line.


Fortunately, I have a pull request 11041 under review to fix this which 
should allow entities to more easily share this sort of security update.


Please be aware that this will not patch any program that statically links 
to libpng, nor will it patch software installed by nix-env, or software 
not managed by Nix.


After running nixos-rebuild switch or nixos-rebuild test, you can run

nix-store -qR /run/current-system | grep libpng

again to check if all the (dynamic) references to libpng have been 
updated.


I welcome any comments.  Clearly there is room to make 
security_updates.nix a little more sophisticated.


--
Russell O'Connor  
``All talk about `theft,''' the general counsel of the American Graphophone
Company wrote, ``is the merest claptrap, for there exists no property in
ideas musical, literary or artistic, except as defined by statute.''{ pkgs, ... }:
let libpng-1_8_19 =
  { stdenv, fetchurl, zlib, apngSupport ? true }:
  
  assert zlib != null;
  
  let
version = "1.6.19";
sha256 = "1s1mmkl79ghiczi2x2rbnp6y70v4c5pr8g3icxn9h5imymbmc71i";
patch_src = fetchurl {
  url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz";
  sha256 = "0bgqkac16yhl0zwjzq2zwkixg2l2x3a6blbk3k0wqz0lza2a6jrh";
};
whenPatched = stdenv.lib.optionalString apngSupport;
  
  in stdenv.mkDerivation rec {
name = "libpng" + whenPatched "-apng" + "-${version}";
  
src = fetchurl {
  url = "mirror://sourceforge/libpng/libpng-${version}.tar.xz";
  inherit sha256;
};
  
postPatch = whenPatched "gunzip < ${patch_src} | patch -Np1";
  
propagatedBuildInputs = [ zlib ];
  
doCheck = true;
  
passthru = { inherit zlib; };
  
meta = with stdenv.lib; {
  description = "The official reference implementation for the PNG file 
format" + whenPatched " with animation patch";
  homepage = http://www.libpng.org/pub/png/libpng.html;
  license = licenses.libpng;
  platforms = platforms.all;
  maintainers = [ maintainers.vcunat maintainers.fuuzetsu ];
};
  };

  libpng-1_2_54 =
  { stdenv, fetchurl, zlib }:
  
  assert !(stdenv ? cross) -> zlib != null;
  
  stdenv.mkDerivation rec {
name = "libpng-1.2.54";
  
src = fetchurl {
  url = "mirror://sourceforge/libpng/${name}.tar.xz";
  sha256 = "0wnjy7gqn0f24qrlggs7kl0ij59by413j1xmqp12n3vqh9j531fg";
};
  
propagatedBuildInputs = [ zlib ];
  
passthru = { inherit zlib; };
  
crossAttrs = stdenv.lib.optionalAttrs (stdenv.cross.libc == "libSystem") {
  propagatedBuildInputs = [];
  passthru = {};
};
  
configureFlags = "--enable-static";
  
meta = {
  description = "The official reference implementation for the PNG file 
format";
  homepage = http://www.libpng.org/pub/png/libpng.html;
  license = stdenv.lib.licenses.libpng;
  maintainers = with stdenv.lib.maintainers; [ fuuzetsu ];
  branch = "1.2";
};
  };
in {
  system.replaceRuntimeDependencies = with pkgs.lib;
filter ({original, replacement} : versionOlder (getVersion original) 
(getVersion replacement))
[ ({original = pkgs.libpng; replacement = pkgs.callPackage libpng-1_8_19 
{};})
  ({original = pkgs.libpng12; replacement = pkgs.callPackage libpng-1_2_54 
{};})
  # below is needed if you have a 32-bit skype running on an x86_64 machine
  ({original = pkgs.pkgsi686Linux.libpng; replacement = 
pkgs.pkgsi686Linux.callPackage libpng-1_8_19 {};})
];
}
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixCon thanks

2015-11-16 Thread aszlig

On Mon, Nov 16, 2015 at 06:42:16PM +0300, Arseniy Seroka wrote:
> Thank you all for NixCon 2015! That was super amazing and super
> awesome.

i can second that, thanks a lot! especially to the people organizing
the event.

also an apology to rob and nicolas for falling asleep during their
talks, which was not because these talks were boring.

a!
-- 
aszlig
Universal dilettante

signature.asc
Description: Digital signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Build dependent haskell packages

2015-11-16 Thread lewo

hi Peter,

> what version of NixOS do you use? The "ghc7.8.3-0.12-shared" bit of the
> package name suggests it's something rather old.

Exactly, it's something rather old since I'm using 14.12.

>  >   {
>  > packageOverrides = pkgs: rec {
>  >   haskellPackages = with pkgs.haskellPackages; pkgs.haskellPackages // 
> rec {
>  >   xmonad = callPackage /home/lewo/repos/xmonad {};
>  >   xmonadContrib = callPackage /home/lewo/repos/XMonadContrib {};
>  >   };
>  > };
>  >   }
>
> That override won't work (evidently). It replaces the value of xmonad
> that you see during "nix-env", but it won't replace the value of xmonad
> that xmonadContrib sees while binding its dependencies. The Nixpkgs
> manual covers these details in [1], but it refers to release-15.09 or
> later of Nixpkgs, I'm afraid.

I finally overrided the xmonad dependency in the xmonadContrib
callPackage function as following:
xmonadContrib = callPackage /home/lewo/repos/XMonadContrib { xmonad = xmonad };

Thanks for mentionning the dependencies binding problem at build time
since this has allowed me to solve my difficulty.

lewo.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] NixCon thanks

Re: [Nix-dev] NixCon thanks

Re: [Nix-dev] NixCon thanks

Re: [Nix-dev] NixCon thanks

Re: [Nix-dev] NixCon thanks

[Nix-dev] Security updates for libpng (CVE-2015-7981 and CVE-2015-8126)

Re: [Nix-dev] NixCon thanks

Re: [Nix-dev] Build dependent haskell packages

8 matches

Site Navigation

Mail list logo

Footer information