Re: [Nix-dev] Hydra and security updates
Op 3-6-2017 om 0:59 schreef Leo Gaspard: On 06/02/2017 06:54 PM, Frank wrote: Op 1-6-2017 om 23:32 schreef Leo Gaspard: Hi all, I just wanted to point out an issue with hydra: it doesn't make any distinction between security updates and normal changes. Why is this an issue? Security-updates are just as likely to introduce bugs as every other update. If I have to choose between having a security vulnerability and having some installer tests that don't build (as these seem to be the source of most test failures)... I know what I'd rather have (especially given install images aren't generated from every commit of nixpkgs), don't you think? You mean al the tests that didn't catch the bug in the first place? Or the tests that assure the fix will be installed without problems? If the testing is a problem for distributing the software, the tests are probably wrong. You can't fix things by testing, so don't try to repeat and improve the upstream testing (not during distribution at least). The focus of the distribution is, distributing software, that installs well on all target systems. And if your fix breaks some systems it doesn't matter how important it is for security. I really agree, it's important to roll out security fixes fast. But I don't see why other updates should be very time consuming. Greetings, Frank ___ nix-dev mailing list nix-dev@lists.science.uu.nl https://mailman.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Hydra and security updates
Op 1-6-2017 om 23:32 schreef Leo Gaspard: Hi all, I just wanted to point out an issue with hydra: it doesn't make any distinction between security updates and normal changes. Why is this an issue? Security-updates are just as likely to introduce bugs as every other update. Greetings, Frank ___ nix-dev mailing list nix-dev@lists.science.uu.nl https://mailman.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Evaluation time vs build time
Op 31-5-2017 om 21:07 schreef Linus Heckemann: On 31/05/17 18:01, Judson Lester wrote: nix expressions cannot 'makedepend' In other words, values in a nix expression can't be computed from the sources used to build an application. My question is, basically, is that true? Do I understand this correctly? Even if I do, I'm sure there's details an nuances that could be expanded on. As far as I understand it, it's mostly true — I believe it *is* actually possible, just strongly discouraged and absolutely not accepted in nixpkgs because (iiuc) of the mess of dependencies it can create. However, I don't fully understand all the ins and outs of this and may be wrong. It is nice to do all package management (except building) without downloading sources. Using the sources in nix-expressions would compromise that. Greetings, Frank (BTW, makedepend changes the makefile: autogenerating nix-files is possible) ___ nix-dev mailing list nix-dev@lists.science.uu.nl https://mailman.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] updated Naev-package
Hi, My first attempt on packaging. Updated to new version, added some dependencies. Greetings, Frank naev.nix Description: Binary data ___ nix-dev mailing list nix-dev@lists.science.uu.nl https://mailman.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Need any mirror in Asia?
Why don't we host the system on IPFS?
( https//ipfs.io )
It would be nice to use URL's like: ipfs://jhgwybmjhgsd/my_file but is
would fit nicely in nixos
Greetings,
Frank
Op 8-5-2017 om 18:44 schreef zimbatm:
How I see the setup, it would be a HTTP reverse proxy with caching
enabled. That way only the accessed files are transferred over,
avoiding unnecessary traffic. One downside is that it requires a bit
of tuning and monitoring to make sure it's running efficiently. First
accesses to files are also doing the full round trip.
https://www.nginx.com/blog/nginx-caching-guide/ is a pretty good
example setup for nging, where upstream would be cache.nixos.org
<http://cache.nixos.org> . A few things need to be turned, for example
the cache TTL should be much bigger than the 10min that they set.
Ideally all content-addressable files would never invalidate unless
the disk is full, in that case they should LRU.
Let me know if you need more details or if this enough to get going.
On Mon, 8 May 2017, 16:53 Karibu, <mailto:kar...@freedif.org>> wrote:
Thanks for sharing Daniel, I see another thread around my same topic
("still waiting for https://cache.nixos.org after 5 seconds..."). So
I'm happy to see such open discussion.
It seems they have some projects in the pipe to improve the delivery.
But I will be happy to support in a short or long term (secondary
cache
layer,...)
I'm currently having a 100M, but I'm thinking of upgrading to 1G.
(Just
a new offer, more expansive of course but for a reasonable price
still.
IMO)
Kari
On Mon, 2017-05-08 at 08:15 -0400, Daniel Peebles wrote:
> Copying this from another related thread:
https://mailman.science.uu.
> nl/pipermail/nix-dev/2016-October/022029.html
>
>
> On Sun, May 7, 2017 at 9:33 PM, Karibu mailto:kar...@freedif.org>> wrote:
> > Hi Zimbatm,
> >
> > This would be the first time for me.
> >
> > Can yoy brief me on the details and tools needed?
> >
> > Thanks
> >
> > On May 7, 2017 22:48, zimbatm mailto:zimb...@zimbatm.com>> wrote:
> > @Karibu: is it possible to setup the mirror as a secondary layer
> > cache instead?
> >
> > On Thu, 4 May 2017 at 14:18 Volth mailto:vo...@volth.com>> wrote:
> > Actually, there are regions with bad connectity to Amazon's
> > Cloudfront.
> > For example Russia, and, yes, Vietnam.
> >
> > There are few obstacles:
> > 1. the distribution model is not rsync-friendly and not well
suited
> > for 3rd-party mirrors.
> > 2. there is a team promising to solve the geo-distribution issue
> > using IPFS. There is no results yet but the expectation from their
> > works lower priority of alternative solutions.
> > 3. the majority of developers (and users?) are located in Cenral
> > Europe (NL,DE,CZ,SI,...) so the geodistrubution issue get very
> > little
> > traction.
> >
> > On 5/4/17, Karibu mailto:kar...@freedif.org>> wrote:
> > > Thanks for the prompt reply.
> > > So you don't need any mirror in Asia and no issue from the speed
> > there
> > > I suppose.
> > >
> > > If one day, you will need one, you can count on me.
> > >
> > > Thanks
> > >
> > > Kari
> > >
> > > On Thu, 2017-05-04 at 14:43 +0200, Domen Kožar wrote:
> > >> This is not Gentoo. Our infrastructure is hosted by Amazon S3
> > and
> > >> globally distributed over cloudflare CDN.
> > >>
> > >> On Thu, May 4, 2017 at 2:41 PM, Karibu mailto:kar...@freedif.org>>
> > wrote:
> > >> > Hi guys,
> > >> >
> > >> > Any idea about the RSYNC url I should use to do a mirror?
> > >> >
> > >> > Thanks
> > >> >
> > >> > On Tue, 2017-05-02 at 21:09 +0700, Karibu wrote:
> > >> > > Hehe no problem.
> > >> > >
> > >> > > Any mirror admin or dev to let me know the RSYNC url.
> > >> > > Thanks
> > >> > >
> > >> > > Kari
> > >> > >
> > >> > > On Tue, 2017-05-02 at 00:47 +0800, Wei Tang wrote:
> > >> > > >
> > >> > > > Hi Karibu,
> > >> > > >
> > >> > > > I live
[Nix-commits] [NixOS/nixpkgs] f3f38e: kicad: update to 4.0.6
Branch: refs/heads/master Home: https://github.com/NixOS/nixpkgs Commit: f3f38eccbb066521eb0f6fa022314ec08ad189be https://github.com/NixOS/nixpkgs/commit/f3f38eccbb066521eb0f6fa022314ec08ad189be Author: Daniel Frank Date: 2017-05-04 (Thu, 04 May 2017) Changed paths: M pkgs/applications/science/electronics/kicad/default.nix Log Message: --- kicad: update to 4.0.6 ___ nix-commits mailing list nix-comm...@lists.science.uu.nl https://mailman.science.uu.nl/mailman/listinfo/nix-commits
Re: [Nix-dev] Suggestion: programs are *always* in the path
It would be nice if the database had the description of the package: It would be easy to build a QT-package-manager based on the info (or some other frontend). Greetings, Frank Op Mon, 1 May 2017 12:37:07 +0200 "regiv...@gmail.com" schreef: > I think it's really a very interesting feature! A user no longer > needs to install their programs: nix installs them in his place when > he needs them. This option could be highlighted in the NixOS > presentation. ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > https://mailman.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl https://mailman.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] monitor.nixos.org
On Sat, Nov 12, 2016 at 12:11:57PM +0100, Vladimír Čunát wrote: > On 11/12/2016 11:16 AM, Roger Qiu wrote: > > I think what we need is a bot that will autosubmit PRs to bump new > > versions by tracking some commonly updated widely used applications like > > chromium. This shouldn't be too difficult. > > We have quite some such solutions already, e.g. > http://monitor.nixos.org/ was able to generate updating patches for many > packages (and even test the build). > > But I think some human should still pre-test updates briefly (at least) > before pushing them to master. I didn't know about that website before. It looks vers useful, but monitor.nixos.org seems to be outdated for about 5 months. It suggests [1] that I update mbuffer from version 20151002 to version 20160228. On June 26th I already updated mbuffer to version 20160613. monitor.nixos.org has not picked that up yet. [1] http://monitor.nixos.org/outdated?m=Daniel+Frank ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] 16.09 beta released
What I've found so far is that NixOS cannot be used with a Gnome
desktop and a non-us keyboard layout. Or to be more specific: If you
cannot enter your password on a us keyboard.
The combination of two bugs - one a "wontfix" - prevents that:
https://github.com/NixOS/nixpkgs/issues/9006 Lock screen only works in
gdm ("wontfix")
https://github.com/NixOS/nixpkgs/issues/14318 gdm always uses a us
keyboard layout
So if gdm cannot be used due to the layout issue, it's impossible to
lock the screen, which can be a security issue.
Second problem I've noticed when I just switched my laptop to the
nixos-16.09 channel is that there is now a conflict between Synaptics
and libinput, because gnome3 now automatically enables libpinput by
default.
A note in the release notes would be helpful that you may need to
explicitely disable libinput in case you use gnome3, even if libinput
claims that it's not enabled by default.
Am Montag, den 12.09.2016, 10:28 +0200 schrieb Domen Kožar:
> This release is pretty quiet so far.
>
> I wonder if that means most of things work or do we need a more
> broader call of more testing?
>
> Please report back your findings - thanks!
>
> On Tue, Sep 6, 2016 at 10:51 PM, zimbatm wrote:
> > Thanks for coordinating the release Domen!
> >
> > On Tue, 6 Sep 2016, 21:17 Tomasz Czyż,
> > wrote:
> > > Cheers!
> > >
> > > 2016-09-06 21:02 GMT+01:00 Domen Kožar :
> > > > Hi all,
> > > >
> > > > I'd like to announce NixOS 16.09 beta in the name of community.
> > > >
> > > > This release will bring two major changes:
> > > >
> > > > - multiple outputs, reducing runtime closure size (sometimes
> > > > even by half)
> > > > - security hardening flags
> > > >
> > > > Please upgrade channels as usual and test:
> > > >
> > > > $ nix-channel --add https://nixos.org/channels/nixos-16.09
> > > > nixos
> > > > $ nixos-rebuild switch --upgrade
> > > >
> > > > I'd like to point out two serious bugs that you might hit:
> > > >
> > > > - dbus will fail to reload, see https://github.com/NixOS/nixpkg
> > > > s/issues/18358
> > > > - make sure /var/empty doesn't have write permissions set
> > > > otherwise sshd won't start, see https://github.com/NixOS/nixpkg
> > > > s/pull/18365
> > > >
> > > > If you'd like to help out, test and check the github bug
> > > > tracker under 16.09 milestone.
> > > >
> > > > As usual, we're working on getting build failures down: https:/
> > > > /github.com/NixOS/nixpkgs/issues/18209
> > > >
> > > > Final is set to be release on 29th September.
> > > >
> > > > I've also finally put together a PR that documents the release
> > > > process, any feeback is welcome (it's still far from perfect):
> > > > https://github.com/NixOS/nixpkgs/pull/18062
> > > >
> > > > PS: 16.09-small channel will be also created once container
> > > > tests are fixed
> > > >
> > > > Domen
> > > >
> > > > ___
> > > > nix-dev mailing list
> > > > nix-dev@lists.science.uu.nl
> > > > http://lists.science.uu.nl/mailman/listinfo/nix-dev
> > > >
> > >
> > >
> > > --
> > > Tomasz Czyż
> > > ___
> > > nix-dev mailing list
> > > nix-dev@lists.science.uu.nl
> > > http://lists.science.uu.nl/mailman/listinfo/nix-dev
> > >
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] RapsberryPi image outdated Nix
Hello, Am Dienstag, den 09.08.2016, 09:16 -0700 schrieb Colin Z: > Hi all, I'm trying to get NixOS running on a Raspberry Pi 3 but ran > into an issue with an outdated Nix > > I used the first image linked at https://nixos.org/wiki/Raspberry_Pi > and after putting the latest firmware from > https://github.com/Hexxeh/rpi-firmware (including kernel7.img) on the > boot partition, I was able to boot into NixOS. > > I did a nix-channel --update, but when I tried to install some > packages I got an error about Nixpkgs needing Nix >= 1.10 and the > image appears to only have Nix 1.5.1 > > > The links given were broken when I tried, and it says to contact the > email list if you're on ARM: > > https://nixos.org/wiki/How_to_update_when_Nix_is_too_old_to_evaluate_ > Nixpkgs > > What's the best way to get a more current version of Nix installed? > Certainly not the fastest, but a working way is to move through all the channels (not sure if you have to start with 15.03 or 15.09) and recompile the whole system everytime. Basically: # nix-channel --remove nixos # nix-channel --add https://nixos.org/channels/nixos-15.09-small nixos # nix-rebuild boot --upgrade # reboot [back to start with the next version] My pi2 took a couple of days to munch through that. ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
