[Nix-dev] Call For Testers: Multi-User Nix Installer for Darwin

2017-07-08 Thread Graham Christensen via nix-dev

Hello everyone,

tl;dr: If you have a macOS computer with Nix, please test my new
installer! Remember, if you don't like the daemon, it is easy to
uninstall again, and go back to without a daemon! Please test! Link at
the end.

I wrote an extensive, thorough, and almost always correct installer for
Darwin (macOS.)

There is no middle point of having a single-user Nix installation. It
doesn't use the default single-user nix install.sh, instead I read the
source to the single-user installer, nixos-install, and the various
NixOS modules that handle installing and configuring Nix on NixOS. 

While the script works flawlessly for me every time I use it, I'd very
much like to have other experienced Nix users test it, before inflicting
it upon newbies. Note: You have to uninstall any nix already installed,
prior to testing the installer. The installer guides you on how to do
this. Remember, at the end it is easy to uninstall again, and go back to
without a daemon! Please test! 

Thus far no user has run in to a problem they couldn't easily fix, and
every time the installer was updated to account for it. I'm tracking
successfull installations here:
https://gitlab.com/grahamc/mac-nix-multi-user/issues/2 

Here is an issue discussing replacing the Darwin installer with this
script: https://github.com/NixOS/nix/issues/1061#issuecomment-313850400

TLDR Here is the installer, please test:
https://gitlab.com/grahamc/mac-nix-multi-user/blob/master/install.sh

Thank you,
Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] ed59b2: Revert "i3: add `configFile` to enable cutom confi...

2017-07-02 Thread Graham Christensen
  Branch: refs/heads/revert-26983-i3/allow-custom-configuration
  Home:   https://github.com/NixOS/nixpkgs
  Commit: ed59b2c892f462fa3fb94e4a51dc6831f9ec06af
  
https://github.com/NixOS/nixpkgs/commit/ed59b2c892f462fa3fb94e4a51dc6831f9ec06af
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-07-02 (Sun, 02 Jul 2017)

  Changed paths:
M pkgs/applications/window-managers/i3/default.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Revert "i3: add `configFile` to enable cutom configuration locations"


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 5fd4ae: nixos release-combined: only build zfsroot tests o...

2017-06-30 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 5fd4ae36e2b19d4c1c97284817a8767017b82cb1
  
https://github.com/NixOS/nixpkgs/commit/5fd4ae36e2b19d4c1c97284817a8767017b82cb1
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-30 (Fri, 30 Jun 2017)

  Changed paths:
M nixos/release-combined.nix

  Log Message:
  ---
  nixos release-combined: only build zfsroot tests on x86_64-linux


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 4f3f92: nixos manual: Remove trailing newline in version X...

2017-06-29 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 4f3f9269061c3a724d142451f38775f9c0c1556a
  
https://github.com/NixOS/nixpkgs/commit/4f3f9269061c3a724d142451f38775f9c0c1556a
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-28 (Wed, 28 Jun 2017)

  Changed paths:
M nixos/doc/manual/default.nix

  Log Message:
  ---
  nixos manual: Remove trailing newline in version XML


  Commit: 1eb979db0e472557897405474288e9dae502a4f7
  
https://github.com/NixOS/nixpkgs/commit/1eb979db0e472557897405474288e9dae502a4f7
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-29 (Thu, 29 Jun 2017)

  Changed paths:
M nixos/doc/manual/default.nix

  Log Message:
  ---
  nixos manual: combine XML and validate separately


  Commit: 8ca805d02f4390f6d1bf52744a6c30b3d114ebb6
  
https://github.com/NixOS/nixpkgs/commit/8ca805d02f4390f6d1bf52744a6c30b3d114ebb6
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-29 (Thu, 29 Jun 2017)

  Changed paths:
M nixos/doc/manual/default.nix

  Log Message:
  ---
  Merge pull request #26940 from grahamc/nixos-manual

NixOS Manual: Make it easier to debug


Compare: https://github.com/NixOS/nixpkgs/compare/dc9f69c26013...8ca805d02f43___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] b0a4c2: nixos: installer.nix test: test ZFS install use ca...

2017-06-28 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: b0a4c2c33f7004be50284186b314255b47554edd
  
https://github.com/NixOS/nixpkgs/commit/b0a4c2c33f7004be50284186b314255b47554edd
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-28 (Wed, 28 Jun 2017)

  Changed paths:
M nixos/release-combined.nix
M nixos/tests/installer.nix

  Log Message:
  ---
  nixos: installer.nix test: test ZFS install use case


  Commit: 425e9ce493218acc5dd001cf7656e45f73b82596
  
https://github.com/NixOS/nixpkgs/commit/425e9ce493218acc5dd001cf7656e45f73b82596
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-28 (Wed, 28 Jun 2017)

  Changed paths:
M nixos/release-combined.nix
M nixos/tests/installer.nix

  Log Message:
  ---
  Merge pull request #26917 from grahamc/zfs-installer-test

nixos: installer.nix test: test ZFS install use case


Compare: https://github.com/NixOS/nixpkgs/compare/7642a76c1add...425e9ce49321___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] nixos-unstable-small channel is not updating anymore

2017-06-26 Thread Graham Christensen
Vladimír Čunát  writes:

> Hi.
> That channel hasn't updated for over a week now and it's unclear why, as
> all the jobs succeeded on most evaluations during the past week.
>
> --Vladimir

Interesting, according to
https://channels.nix.gsc.io/nixos-unstable-small/history and
https://channels.nix.gsc.io/graph.html it has been updating quite
regularly.

I'm monitoring the github repository at
https://github.com/nixos/nixpkgs-channels/tree/nixos-unstable-small
which has been updating.

I wonder why nixos.org/channels hasn't been keeping up?

Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 56435c: nixos tests: retry: Count down to 0, and pass rema...

2017-06-21 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 56435c140413ae43530d03ae1db3c8cdd43d3838
  
https://github.com/NixOS/nixpkgs/commit/56435c140413ae43530d03ae1db3c8cdd43d3838
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-20 (Tue, 20 Jun 2017)

  Changed paths:
M nixos/lib/test-driver/Machine.pm

  Log Message:
  ---
  nixos tests: retry: Count down to 0, and pass remaining attempts to the sub

Allows test functions to output diagnostic information on failure.


  Commit: 348785eec0c499dc4f79943cedcd78be279ca41d
  
https://github.com/NixOS/nixpkgs/commit/348785eec0c499dc4f79943cedcd78be279ca41d
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-20 (Tue, 20 Jun 2017)

  Changed paths:
M nixos/lib/test-driver/Machine.pm

  Log Message:
  ---
  nixos tests: waitUntilTTYMatches: Log TTY contents on last try

If the test has not passed yet, on the last attempt it now outputs:

machine: Last chance to match /logine: / on TTY2, which currently contains:
machine: running command: fold -w$(stty -F /dev/tty2 size | awk '{print 
$2}') /dev/vcs2
machine: exit status 0
machine:

<<< Welcome to NixOS 17.09.git.a804ef4 (x86_64) - tty2 >>>

machine login:

to help debug the problem. Notice the "logine" typo in my check.


  Commit: 1b833015b72fa6ccf379c46706d1d645cd216f07
  
https://github.com/NixOS/nixpkgs/commit/1b833015b72fa6ccf379c46706d1d645cd216f07
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-20 (Tue, 20 Jun 2017)

  Changed paths:
M nixos/lib/test-driver/Machine.pm

  Log Message:
  ---
  nixos tests: waitForText: output the detected screen content prior to the 
last attempt

machine: Last chance to match /(?^:BALICE)/ on the screen, which currently 
contains:
machine: performing optical character recognition
machine: sending monitor command: screendump 
/tmp/nix-build-vm-test-run-sddm.drv-0/ocrin.ppm
machine: Session Layout

O O

0 1 : 0 9

Wednesday, June 21, 2017

|_ I

Select your user and enter password


  Commit: 3f40fcabbf692ac08cee390ac9b56650ca075630
  
https://github.com/NixOS/nixpkgs/commit/3f40fcabbf692ac08cee390ac9b56650ca075630
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-20 (Tue, 20 Jun 2017)

  Changed paths:
M nixos/lib/test-driver/Machine.pm

  Log Message:
  ---
  nixos tests: waitForWindow: output a list of windows we see prior to the 
final check

machine: must succeed: xwininfo -root -tree | sed 's/.*0x[0-9a-f]* 
\"\([^\"]*\)\".*/\1/; t; d'
machine: exit status 0
machine: Last chance to match /(?^:dfiirst configuration)/ on the the 
window list, which currently contains:
machine: [i3 con] container around 0xf8a5f0, i3: first configuration, [i3 
con] floatingcon around 0xf8c260, [i3 con] container around 0xf8a380, i3bar for 
output Virtual-1, [i3 con] bottom dockarea Virtual-1, [i3 con] workspace 1, [i3 
con] content Virtual-1, [i3 con] top dockarea Virtual-1, [i3 con] output 
Virtual-1, [i3 con] workspace __i3_scratch, [i3 con] content __i3, [i3 con] 
pseudo-output __i3, i3


  Commit: dd265313e7b178b42ba29ed99e3ae009f413414d
  
https://github.com/NixOS/nixpkgs/commit/dd265313e7b178b42ba29ed99e3ae009f413414d
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-21 (Wed, 21 Jun 2017)

  Changed paths:
M nixos/lib/test-driver/Machine.pm

  Log Message:
  ---
  Merge pull request #26736 from grahamc/improve-nixos-test-debug

Improve nixos test debug


Compare: https://github.com/NixOS/nixpkgs/compare/bc47794ab580...dd265313e7b1___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 5fc485: expat: 2.2.0 -> 2.2.1

2017-06-18 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 5fc48529bc8dcdd578b71c9fdb919fefba0f8c74
  
https://github.com/NixOS/nixpkgs/commit/5fc48529bc8dcdd578b71c9fdb919fefba0f8c74
  Author: Robert Helgesson <rob...@rycee.net>
  Date:   2017-06-19 (Mon, 19 Jun 2017)

  Changed paths:
M pkgs/development/libraries/expat/default.nix

  Log Message:
  ---
  expat: 2.2.0 -> 2.2.1

Includes fixes for CVE-2017-9233 and CVE-2016-9063.


  Commit: 9f16b5bb05729a3e47970bce2f10e45f2299c3d8
  
https://github.com/NixOS/nixpkgs/commit/9f16b5bb05729a3e47970bce2f10e45f2299c3d8
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-18 (Sun, 18 Jun 2017)

  Changed paths:
M pkgs/development/libraries/expat/default.nix

  Log Message:
  ---
  Merge pull request #26703 from rycee/bump/expat

expat: 2.2.0 -> 2.2.1


Compare: https://github.com/NixOS/nixpkgs/compare/9f14594cbc73...9f16b5bb0572___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 72ff32: rustc: re-enable static_in_const

2017-06-16 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 72ff321f9ca92c9ad54d006ee78751e2a3739535
  
https://github.com/NixOS/nixpkgs/commit/72ff321f9ca92c9ad54d006ee78751e2a3739535
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-16 (Fri, 16 Jun 2017)

  Changed paths:
M pkgs/development/compilers/rust/rustc.nix

  Log Message:
  ---
  rustc: re-enable static_in_const

We saw this error when building main.rs:error: this needs a 'static lifetime or 
the static_in_const feature, see #35897


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] ba9c71: rustc.bootstrap: 1.17.0 -> 1.16.0

2017-06-15 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: ba9c71b999b1aa28dd2af6d23359d2db7b5da8ac
  
https://github.com/NixOS/nixpkgs/commit/ba9c71b999b1aa28dd2af6d23359d2db7b5da8ac
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-15 (Thu, 15 Jun 2017)

  Changed paths:
M pkgs/development/compilers/rust/bootstrap.nix

  Log Message:
  ---
  rustc.bootstrap: 1.17.0 -> 1.16.0

bootstrapping rust requires the prior version of rust according to 
#rust-internals

they theorize this could be causing the build problems on i686


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] NIX-2017-0002: users can modify builds by other users

2017-06-15 Thread Graham Christensen

Please take my apologies, I incorrectly spelled *Linus Heckemann*'s name
wrong by accidentally sending a different version to nix-dev than I sent
to nix-security announce. Below is the correct advisory.

Thank you again, Linus.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


 Nix Security Advisory
 NIX-2017-0002
  2017-06-15
 -
users can modify / interfere with builds by other users


Description
===

In multi-user Nix installations, to ensure that builds by unprivileged
users cannot interfere with each other, Nix performs builds under
so-called "build users" (nixbld1, nixbld2, ...) on behalf of the user.
Only one build can run under a given build user at a time, and all
processes running under that build user are killed before and after the
build. However, the invariant that no other processes run under a given
build user can be violated through the creation of setuid executables.

The Nix store does not permit setuid executables, and Nix removes
setuid/setgid bits after builds complete. This protection, however, does
not prevent setuid binaries from being created or existing during a
build.

These setuid binaries are owned by a Nix build user (nixbld1, nixbld2,
...).

Nix build directories are world readable during a build, and it is
possible for a malicious user to execute the setuid binary before the
build completes.

Additionally, if --keep-failed is used the setuid binary is allowed to
remain in the directory of the retained failed build.


Impact
==

A malicious user can create setuid binaries owned by a Nix build user,
allowing the attacker to to interfere with subsequent builds by the same
UID.

Interference may include causing failures, or injecting impurities, or
completely replace a build with malicious output.


Vulnerable Systems
==

All Nix 1.11 versions before 1.11.10 are vulnerable.
All Nix 1.12 versions before 1.12pre5413_b4b1f452 are vulnerable.

  Channel First Non-Vulnerable Version
  --- 
  nixos-17.03 nixos-17.03.1316.412b0a17aa
  nixos-17.03-small   nixos-17.03.1303.74a1ea1f89
  nixos-unstable-smallnixos-17.09pre108957.0bffe03828
  nixos-unstable  not yet released
  nixpkgs-unstablenot yet released


Mitigation
==

Upgrade Nix Stable to 1.11.10 or Nix Unstable to 1.12pre5413_b4b1f452 or
later.


Resolution
==

Nix now prevents builders from creating setuid and setgid binaries.

On Linux, this is done using a seccomp BPF filter. Using seccomp, we now
also prevent the creation of extended attributes and POSIX ACLs since
these cannot be represented in the NAR format and (in the case of POSIX
ACLs) allow bypassing regular Nix store permissions.

On macOS, the restriction is implemented using the existing sandbox
mechanism, which now uses a  minimal "allow all except the creation of
setuid/setgid binaries" profile when regular sandboxing is disabled.

On other platforms, the "build user" mechanism is now disabled.


Thank You
=

This issue was discovered and appropriately reported by Linus
Heckemann on 2017-05-27 through the NixOS Security Team -
https://nixos.org/nixos/security.html.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEP+htk0GpxXspt+y6BhIdNm/pQ1wFAllC8EMACgkQBhIdNm/p
Q1yV0BAAkBrRar1sHVkpJ/ybJLXUUEt2SPDXrGKxiVGhm0EpGS8ZDXPZ13GFFmOf
dDMFBlLx/KUCKidmaiti9mJnMkS8KmmTSMTKDe9/tKEXdHH7BcPaKXhfkNNVlqxj
2jpLsROOz4A6WMzGYBQaY1PsnTOYmG53qZyFRK8PF752dmGc9UpNFPWnyBjTrCdl
9h6vgluAA5e/9EtWYfE3FKnKzLFuT2kI8xeIUf/fJR4hGtl+rPXItdK97WkU8FEl
YKTWNfkdeeNlZTAYj4ylbhPjl2RgNLa10fa9MuzRIqeHtJA699xq7rVa9RBhaS9S
KQ0vj2Y0GzLC+vU0Xn/SAW5BPLMay9ZU46f4CGdc13FzGs5DXOZ2EGrAbP4XXWa9
CqayMINdAJX0kOpRtt7oehtykdIq29dRjrYU5PrsuhonzYctFkTRZizMZ510CuP3
RghjpFbw1rrtb2ZxlQCiy7b5Xm5CC8cRAywQ8SCklYZjJzs+pNsPD8nPXMtFWYN9
Y2MY5PlxuECAhQX6tr0WuSJa5FbdvSefdI59UljsuAHbG0tu8FoMDxjRdUsTLgql
wj+F9ljcK9BQ+nw7ilCk0G8kTrnaykRH8GjgKaNupkmZ3GEEKGoY+jlzhonVo2Bh
gRg3f4oUyqW0yRk++jbzCLpPGzX1/YQwyNfzJ6gSchrxDhuXD+E=
=/ddK
-END PGP SIGNATURE-
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-dev] NIX-2017-0002: users can modify builds by other users

2017-06-15 Thread Graham Christensen

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


 Nix Security Advisory
 NIX-2017-0002
 -
users can modify / interfere with builds by other users


Description
===

In multi-user Nix installations, to ensure that builds by unprivileged
users cannot interfere with each other, Nix performs builds under
so-called "build users" (nixbld1, nixbld2, ...) on behalf of the user.
Only one build can run under a given build user at a time, and all
processes running under that build user are killed before and after the
build. However, the invariant that no other processes run under a given
build user can be violated through the creation of setuid executables.

The Nix store does not permit setuid executables, and Nix removes
setuid/setgid bits after builds complete. This protection, however, does
not prevent setuid binaries from being created or existing during a
build.

These setuid binaries are owned by a Nix build user (nixbld1, nixbld2,
...).

Nix build directories are world readable during a build, and it is
possible for a malicious user to execute the setuid binary before the
build completes.

Additionally, if --keep-failed is used the setuid binary is allowed to
remain in the directory of the retained failed build.


Impact
==

A malicious user can create setuid binaries owned by a Nix build user,
allowing the attacker to to interfere with subsequent builds by the same
UID.

Interference may include causing failures, or injecting impurities, or
completely replace a build with malicious output.


Vulnerable Systems
==

All Nix 1.11 versions before 1.11.10 are vulnerable.
All Nix 1.12 versions before 1.12pre5413_b4b1f452 are vulnerable.

  Channel First Non-Vulnerable Version
  --- 
  nixos-17.03 nixos-17.03.1316.412b0a17aa
  nixos-17.03-small   nixos-17.03.1303.74a1ea1f89
  nixos-unstable-smallnixos-17.09pre108957.0bffe03828
  nixos-unstable  not yet released
  nixpkgs-unstablenot yet released


Mitigation
==

Upgrade Nix Stable to 1.11.10 or Nix Unstable to 1.12pre5413_b4b1f452 or
later.


Resolution
==

Nix now prevents builders from creating setuid and setgid binaries.

On Linux, this is done using a seccomp BPF filter. Using seccomp, we now
also prevent the creation of extended attributes and POSIX ACLs since
these cannot be represented in the NAR format and (in the case of POSIX
ACLs) allow bypassing regular Nix store permissions.

On macOS, the restriction is implemented using the existing sandbox
mechanism, which now uses a  minimal "allow all except the creation of
setuid/setgid binaries" profile when regular sandboxing is disabled.

On other platforms, the "build user" mechanism is now disabled.


Thank You
=

This issue was discovered and appropriately reported by Linus Heckman on
2017-05-27 through the NixOS Security Team -
https://nixos.org/nixos/security.html.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEP+htk0GpxXspt+y6BhIdNm/pQ1wFAllC71AACgkQBhIdNm/p
Q1xD/g//cvtlT2RkBFCiLs88Yarsox2pH013Z1r4yTtyzUkRprWG94ZsrZmyjrmK
k6QptZHpQjy2wSYMx769LKxiLSROjFz0Dh1QAMu23oDrKoVlLVB95EDsZM/N82UJ
Nbeyros87k1BXbESJcHd0fs38eMhNnKn+Ga6YSBNUchmqQeYm5Wql6cOHhYO8VT7
WMlR2jT069Iakj2Ei+JhPoiApT6Kx0hLrW/QE6N//XcvH/nyOeD5SoRSdhdBRDF/
96l6RY4b5b2KLss0eSiqUBylXXeY8qnbCKNr27pkb4G/Xd4svCUIjb7LCZqknElP
0U2bwH5r+vvW0IXGyXPNnBaRH/FV9wMhx7aAs1TP/cavoSQaRmUGWfIIgwhbRM74
5BsEt8/0A7OTzBAXfKfZ+5btgTeCUST7sBlpNSnaw/1CL2/P9CHM5++HsyizLk5H
5bVnv6ngbP6/2g1NIDgI3HTQ8zdIBn/GQ9/z3iO3jWXRc5pg3kOrB2igF5qq4iLV
l7SoXuqPk/q4hBN47Usp+rpTzKo+UgVUsndiNIOgt/ySRJCnV711ZpLexxWhv3Cg
0v9I/BlmLC0DLyhhnWUMy4809H7setKz8Nl2ZzcWa9+XKnUE+D+r+ocSdGkM56DA
ggBqOFvL0G48zHiTbZRat+WY9pwwyRnB4IPtItm5NbUNnu9t2Eo=
=og63
-END PGP SIGNATURE-
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 74fd4d: chromium: 58.0.3029.110 -> 59.0.3071.86

2017-06-11 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 74fd4de95679bddaae7c1c6c58432c5bc207fc41
  
https://github.com/NixOS/nixpkgs/commit/74fd4de95679bddaae7c1c6c58432c5bc207fc41
  Author: Nicolas Truessel <ntrues...@njsm.de>
  Date:   2017-06-11 (Sun, 11 Jun 2017)

  Changed paths:
M pkgs/applications/networking/browsers/chromium/common.nix
R 
pkgs/applications/networking/browsers/chromium/patches/fix-bootstrap-gn.patch
M pkgs/applications/networking/browsers/chromium/upstream-info.nix

  Log Message:
  ---
  chromium: 58.0.3029.110 -> 59.0.3071.86


  Commit: 4a90156912e9541cef15c556a4b4b366f02dea69
  
https://github.com/NixOS/nixpkgs/commit/4a90156912e9541cef15c556a4b4b366f02dea69
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-11 (Sun, 11 Jun 2017)

  Changed paths:
M pkgs/applications/networking/browsers/chromium/common.nix
R 
pkgs/applications/networking/browsers/chromium/patches/fix-bootstrap-gn.patch
M pkgs/applications/networking/browsers/chromium/upstream-info.nix

  Log Message:
  ---
  Merge pull request #26512 from ntruessel/update-chromium

chromium: 58.0.3029.110 -> 59.0.3071.86


Compare: https://github.com/NixOS/nixpkgs/compare/29049d07f9fc...4a90156912e9___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] b06473: xen: patch for XSAs: 206, 211, 212, 213, 214 and 2...

2017-06-09 Thread Graham Christensen
visor space.  The range spanned
> by that check was mistakenly not covering these extra 4 slots.

More: https://xenbits.xen.org/xsa/advisory-215.html
(cherry picked from commit dd3dcceb239915f6929e09fcaf27e0b119f021c7)


  Commit: d039b5b24ef1d83c367ace7dff2e1f872c38f2a7
  
https://github.com/NixOS/nixpkgs/commit/d039b5b24ef1d83c367ace7dff2e1f872c38f2a7
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-09 (Fri, 09 Jun 2017)

  Changed paths:
M pkgs/applications/virtualization/xen/4.5.nix

  Log Message:
  ---
  Merge pull request #26491 from michalpalka/release-17.03-xen-security

xen: patch for XSAs: 206, 211, 212, 213, 214 and 215


Compare: https://github.com/NixOS/nixpkgs/compare/8d7c1a4b9165...d039b5b24ef1___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] dd3dcc: xen: patch for XSAs: 206, 211, 212, 213, 214 and 2...

2017-06-09 Thread Graham Christensen
ervisor space.  The range spanned
> by that check was mistakenly not covering these extra 4 slots.

More: https://xenbits.xen.org/xsa/advisory-215.html


  Commit: 7d8218a35190a8aece2f92b325197124279b969c
  
https://github.com/NixOS/nixpkgs/commit/7d8218a35190a8aece2f92b325197124279b969c
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-09 (Fri, 09 Jun 2017)

  Changed paths:
M pkgs/applications/virtualization/xen/4.5.nix

  Log Message:
  ---
  Merge pull request #26489 from michalpalka/xen-security

xen: patch for XSAs: 206, 211, 212, 213, 214 and 215


Compare: https://github.com/NixOS/nixpkgs/compare/97f3009bf86c...7d8218a35190___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] abc4f5: git-series: install man page

2017-06-05 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: abc4f5acf590ec83ecdf64cb36eb8e665cb6e12a
  
https://github.com/NixOS/nixpkgs/commit/abc4f5acf590ec83ecdf64cb36eb8e665cb6e12a
  Author: Venkateswara Rao Mandela <venkat.mand...@gmail.com>
  Date:   2017-06-05 (Mon, 05 Jun 2017)

  Changed paths:
M pkgs/development/tools/git-series/default.nix

  Log Message:
  ---
  git-series: install man page


  Commit: d1d9186b6bdca641592b8eb4594ce90cd8d1e0f4
  
https://github.com/NixOS/nixpkgs/commit/d1d9186b6bdca641592b8eb4594ce90cd8d1e0f4
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-05 (Mon, 05 Jun 2017)

  Changed paths:
M pkgs/development/tools/git-series/default.nix

  Log Message:
  ---
  Merge pull request #26406 from vmandela/git-series-man

git-series: install man page


Compare: https://github.com/NixOS/nixpkgs/compare/225a23071661...d1d9186b6bdc___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 7b80f4: nixos/cloudinit: add cloudinit test

2017-06-05 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 7b80f4c3442fbb0520c8596bd06f911bdfe09465
  
https://github.com/NixOS/nixpkgs/commit/7b80f4c3442fbb0520c8596bd06f911bdfe09465
  Author: Antoine Eiche <l...@abesis.fr>
  Date:   2017-05-23 (Tue, 23 May 2017)

  Changed paths:
M nixos/release.nix
A nixos/tests/cloud-init.nix

  Log Message:
  ---
  nixos/cloudinit: add cloudinit test

An iso containing metadatas is created and attached as a cdrom to the
qemu VM used for this test.

The cloudinit service is enabled. The test case ensures the root
authorized_keys file is populated and the cloudinit write_file module is
working well.


  Commit: 225a2307166145e0d24f0e130d7c109dc9c7de7b
  
https://github.com/NixOS/nixpkgs/commit/225a2307166145e0d24f0e130d7c109dc9c7de7b
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-05 (Mon, 05 Jun 2017)

  Changed paths:
M nixos/release.nix
A nixos/tests/cloud-init.nix

  Log Message:
  ---
  Merge pull request #23173 from nlewo/test/cloudinit

Cloudinit test


Compare: https://github.com/NixOS/nixpkgs/compare/9e09e3d5da13...225a23071661___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] Hydra and security updates

2017-06-03 Thread Graham Christensen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Leo Gaspard  writes:

> I just wanted to point out an issue with hydra: it doesn't make any
> distinction between security updates and normal changes.
>
> For example, [1] was released two days ago. Despite the fix landing two
> days ago too [2], nixos-unstable still doesn't have the vulnerability
> fixed.

nixos-unstable frequently lags behind for quite some time, and has no
guarantees about how quickly it'll receive security patches. You may be
interested in  nixos-unstable-small, which received the security update
much faster.

While it is fun and nice to think through various solutions to making
our unstable channel get security updates faster, I believe three
things that make it somewhat less critical:

1. The stable and ecommended version of NixOS to run is NixOS 17.03,
which also received the patch quite quickly.

2. There are strategies in place that can side-step the long rebuild
process if required, however they're typically not necessary. On a "the
world is burning" scale problem, nixos has seen a full rebuild from
nothing to channel published in 24 hours.

This is part of my inclination of not really loving PR#10851, it is
complicated and goes around the normal proceses, even when we can easily
deploy fairly quickly.

Most distributions have much more than 24 hours to be notified of an
issue and prepare a release, via the embargoed announcements on the
- -distro mailing list. Unfortunately that list is not accepting new
distro members at this time:
https://github.com/NixOS/nixpkgs/issues/14819

3. The much larger, more difficult problem is organizing _around_ the
security updates and getting them done regularly. These big scary bugs
are important yes, but so are the dozens of little bugs that get patched
weekly in various projects. Many of these are currently going unpatched.
For several months, I organized a weekly bug roundup that handled most
of these. When my bug source dried up, I decided to step away for a
time. I think I'm ready to start again, but need to do some research.

Regarding Hydra building PRs, that was an experiment to see how much
hardware and resources it would take. The integration with GitHub was
not as secure as we'd like, and wasn't suitable for merging with the
official hydra. There have been a few attempts at fixing it. If you'd
like to talk about it and take a crack, I'd be happy to talk with you!

Best,
Graham
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEP+htk0GpxXspt+y6BhIdNm/pQ1wFAlkynPoACgkQBhIdNm/p
Q1yIlw/8DkAEebiHjA+WCLDI6EIkqU0DW/xJDgklQOhILb6tyI/v9E5ip4yhHMrK
K9mjNexHTZSMLZJnFZExuznOAKFOro8YaflWu0RQl/gI3ZMXN+deTstM6S/ETFw6
5k4IYQVk/QBud3JpCUKgEPT1xi9q/CakNtdKMG7Mqxbvp1TljUwre8zk9qfHf1d1
mAWJC7Xhte3cuVzD5yMxnRJJVNhzxS1c7E2XSiSBlpJE3NZbBlr41CDTP63ASPIG
N/aslCw7Jj1RK6mxEHpWRXBQ8C88V17eUFrdB/pYggxmawhlQjSsEJSQ3DN4oib/
7bdvje0EGQGlusEycYQmDlVrMYrWSmKwKGqjF5oQgWxiYq9oTU5SU1dGfsFk8Xqc
DBOW1d2wc+9rdfuZbTbSaooJZOU5ACRyDEjxJYAqTdl4kbDXtGcQGUC14PFbGZWm
71Bl3bJE626Q2ioGPTBfhnmnqRcLkHX9kcYIFVV7G15zD23Ekf6VNHBdqnAf7szg
S0qriB+gh4fE8o63IhhCaTP0rwONZd7HoEVXCRa8FmkEypA+Vr9lCowBeik3DPHi
xSKTmOYg8Wr/RnemcwH1Jp1IFsGMy/ZgNKG9SqEv2PS8ocqPpK3j3QjBe0cw+Kyv
Jc9poZJOJdM8a6RxEn/Nq3Pd7bGod9AbP/O5OsE+60tnYLo30+4=
=XNPZ
-END PGP SIGNATURE-
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 3775a9: gimp: 2.8.20 -> 2.8.22

2017-06-02 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 3775a9070193de40c36e65ef065dfeb9efb90b19
  
https://github.com/NixOS/nixpkgs/commit/3775a9070193de40c36e65ef065dfeb9efb90b19
  Author: Armijn Hemel <arm...@tjaldur.nl>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M pkgs/applications/graphics/gimp/2.8.nix

  Log Message:
  ---
  gimp: 2.8.20 -> 2.8.22


  Commit: b520c30d9ece95b8c64caf6691db99d486e08717
  
https://github.com/NixOS/nixpkgs/commit/b520c30d9ece95b8c64caf6691db99d486e08717
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-02 (Fri, 02 Jun 2017)

  Changed paths:
M pkgs/applications/graphics/gimp/2.8.nix

  Log Message:
  ---
  Merge pull request #25767 from armijnhemel/gimp

gimp: 2.8.20 -> 2.8.22


Compare: https://github.com/NixOS/nixpkgs/compare/cca234d345dc...b520c30d9ece___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 9e56cd: emacsWithPackages: support installing larger packa...

2017-06-02 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 9e56cddf136837d30820783228299b600d98e8b6
  
https://github.com/NixOS/nixpkgs/commit/9e56cddf136837d30820783228299b600d98e8b6
  Author: Rodney Lorrimar <d...@rodney.id.au>
  Date:   2017-05-29 (Mon, 29 May 2017)

  Changed paths:
M pkgs/build-support/emacs/elpa2nix.el

  Log Message:
  ---
  emacsWithPackages: support installing larger packages

I was getting the following error building tide from Melpa:

nix-build  -E '(import  {}).emacs25WithPackages (p: 
[p.melpaPackages.tide])'

File tide-20170509.1134.tar is large (10.2M), really open? (y or n) Error 
reading from stdin
builder for 
‘/nix/store/gs9ik7yf8iilsikkfing74i70m0diax3-emacs-tide-20170509.1134.drv’ 
failed with exit code 255
cannot build derivation 
‘/nix/store/m3p080aani4rw82llp8nqk93cw2nvirk-emacs-with-packages-25.2.drv’: 1 
dependencies couldn't be built

Solution was to disable the large file warning threshold when
installing packages.


  Commit: cca234d345dc3c864bb503e904c1d5720370a0e4
  
https://github.com/NixOS/nixpkgs/commit/cca234d345dc3c864bb503e904c1d5720370a0e4
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-02 (Fri, 02 Jun 2017)

  Changed paths:
M pkgs/build-support/emacs/elpa2nix.el

  Log Message:
  ---
  Merge pull request #26207 from rvl/fix-tide-melpa

emacsWithPackages: support installing larger packages


Compare: https://github.com/NixOS/nixpkgs/compare/3badf79b48d2...cca234d345dc___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] b67d01: nodejs: init at 8.0.0

2017-06-02 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: b67d01a0e9d89757561bd9e4181fba8e861fed38
  
https://github.com/NixOS/nixpkgs/commit/b67d01a0e9d89757561bd9e4181fba8e861fed38
  Author: Mathias Schreck <schreck.math...@googlemail.com>
  Date:   2017-05-30 (Tue, 30 May 2017)

  Changed paths:
A pkgs/development/web/nodejs/v8.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  nodejs: init at 8.0.0


  Commit: 49bc01682e85cfa87954b78b570a5f89c2fab7f3
  
https://github.com/NixOS/nixpkgs/commit/49bc01682e85cfa87954b78b570a5f89c2fab7f3
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-02 (Fri, 02 Jun 2017)

  Changed paths:
A pkgs/development/web/nodejs/v8.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Merge pull request #26262 from holidaycheck/nodejs-8.0.0

nodejs: init at 8.0.0


Compare: https://github.com/NixOS/nixpkgs/compare/ed93e8e16b57...49bc01682e85___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] e7ad58: strongswan: 5.5.2 -> 5.5.3

2017-06-02 Thread Graham Christensen
  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: e7ad5830e13e3c33457d7d6ea4844e89684d08f8
  
https://github.com/NixOS/nixpkgs/commit/e7ad5830e13e3c33457d7d6ea4844e89684d08f8
  Author: Bas van Dijk <v.dijk@gmail.com>
  Date:   2017-06-02 (Fri, 02 Jun 2017)

  Changed paths:
M pkgs/tools/networking/strongswan/default.nix

  Log Message:
  ---
  strongswan: 5.5.2 -> 5.5.3


  Commit: 0e00bc51eaa3f86c7b435f6f04219dafe51ac52f
  
https://github.com/NixOS/nixpkgs/commit/0e00bc51eaa3f86c7b435f6f04219dafe51ac52f
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-02 (Fri, 02 Jun 2017)

  Changed paths:
M pkgs/tools/networking/strongswan/default.nix

  Log Message:
  ---
  Merge pull request #26326 from LumiGuide/release-17.03_strongswan-5.5.3

strongswan: 5.5.2 -> 5.5.3


Compare: https://github.com/NixOS/nixpkgs/compare/6f5edd3bc2ff...0e00bc51eaa3___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] e367d6: strongswan: 5.5.2 -> 5.5.3

2017-06-02 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: e367d69fccef4a732715baab059e748872ceae74
  
https://github.com/NixOS/nixpkgs/commit/e367d69fccef4a732715baab059e748872ceae74
  Author: Bas van Dijk <v.dijk@gmail.com>
  Date:   2017-06-02 (Fri, 02 Jun 2017)

  Changed paths:
M pkgs/tools/networking/strongswan/default.nix

  Log Message:
  ---
  strongswan: 5.5.2 -> 5.5.3


  Commit: 5b1de5b5b85556ef6f338fea3c601660e19ee852
  
https://github.com/NixOS/nixpkgs/commit/5b1de5b5b85556ef6f338fea3c601660e19ee852
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-06-02 (Fri, 02 Jun 2017)

  Changed paths:
M pkgs/tools/networking/strongswan/default.nix

  Log Message:
  ---
  Merge pull request #26324 from LumiGuide/strongswan-5.5.3

strongswan: 5.5.2 -> 5.5.3


Compare: https://github.com/NixOS/nixpkgs/compare/a087081ebb1f...5b1de5b5b855___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] f469bd: mysql service: change default data directory for 1...

2017-05-29 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: f469bd83bb9390807f1cdbe2de8d56bb8a710eb5
  
https://github.com/NixOS/nixpkgs/commit/f469bd83bb9390807f1cdbe2de8d56bb8a710eb5
  Author: Pascal Bach <pascal.b...@nextrem.ch>
  Date:   2017-05-20 (Sat, 20 May 2017)

  Changed paths:
M nixos/modules/services/databases/mysql.nix

  Log Message:
  ---
  mysql service: change default data directory for 17.09

The new directory is now moved to /var/lib/mysql. This makes it consistent with
with upstream.


  Commit: fde29b2b06be144d696e1355b24c8128897993e2
  
https://github.com/NixOS/nixpkgs/commit/fde29b2b06be144d696e1355b24c8128897993e2
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-29 (Mon, 29 May 2017)

  Changed paths:
M nixos/modules/services/databases/mysql.nix

  Log Message:
  ---
  Merge pull request #25931 from bachp/mysql-17.09

mysql service: change default data directory for 17.09


Compare: https://github.com/NixOS/nixpkgs/compare/5276ce981a0e...fde29b2b06be___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] Hydra: no space on aarch64

2017-05-26 Thread Graham Christensen
Hi,

Thank you for letting me know.

I've corrected the configuration on the aarch64 box to run garbage
collection. It seems a typo prevented it from running.

Best,
Graham
On Fri, May 26, 2017 at 4:49 AM Vladimír Čunát  wrote:

> Another problem: the "mac2" slave is killing all builds, with
> download-from-binary-cache.pl getting "curl error 60" and consequently a
> segfault. (if I interpret it right)
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 11dcb4: vlc: 2.2.4 -> 2.2.5.1

2017-05-24 Thread Graham Christensen
  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 11dcb46d31d73d7902bafbca5465078a91d48028
  
https://github.com/NixOS/nixpkgs/commit/11dcb46d31d73d7902bafbca5465078a91d48028
  Author: Peter Hoeg <pe...@hoeg.com>
  Date:   2017-05-24 (Wed, 24 May 2017)

  Changed paths:
M pkgs/applications/video/vlc/default.nix

  Log Message:
  ---
  vlc: 2.2.4 -> 2.2.5.1

Fixes a nasty vulnerability caused by broken subtitle handling:

http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
(cherry picked from commit 4e2b190d52830ee2e11c51bba8c4e1c187b83978)


  Commit: ea6d620a7b58b363a8aa43c1abf95b3576e26a74
  
https://github.com/NixOS/nixpkgs/commit/ea6d620a7b58b363a8aa43c1abf95b3576e26a74
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-24 (Wed, 24 May 2017)

  Changed paths:
M pkgs/applications/video/vlc/default.nix

  Log Message:
  ---
  Merge pull request #26047 from peterhoeg/f/vlc

vlc: 2.2.4 -> 2.2.5.1 with fix for subtitle vulnerability


Compare: https://github.com/NixOS/nixpkgs/compare/b1f8bd12d38f...ea6d620a7b58___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 418584: kodi: 17.1 -> 17.2

2017-05-24 Thread Graham Christensen
  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 4185841f17999262ba45fe49b472936fca9ca37e
  
https://github.com/NixOS/nixpkgs/commit/4185841f17999262ba45fe49b472936fca9ca37e
  Author: Peter Hoeg <pe...@hoeg.com>
  Date:   2017-05-24 (Wed, 24 May 2017)

  Changed paths:
M pkgs/applications/video/kodi/default.nix

  Log Message:
  ---
  kodi: 17.1 -> 17.2

(cherry picked from commit 8fd2f022f043eca6df0d7961f7edd52ddb61b782)


  Commit: 984c2593f5a6b1644548dc91ac25b18b79f572b7
  
https://github.com/NixOS/nixpkgs/commit/984c2593f5a6b1644548dc91ac25b18b79f572b7
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-24 (Wed, 24 May 2017)

  Changed paths:
M pkgs/applications/video/kodi/default.nix

  Log Message:
  ---
  Merge pull request #26048 from peterhoeg/u/kodi_stable

kodi: 17.1 -> 17.2


Compare: https://github.com/NixOS/nixpkgs/compare/ea6d620a7b58...984c2593f5a6___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] wrapProgram: also pass name as NIX_PROGRAM_NAME

2017-05-22 Thread Graham Christensen
I think it is worth investigating using C or something for wrappers, as
wrappers on macOS can't be used in shebangs. Wrapped ruby executables have
to be unwrapped to use.

Would using C solve your problems as well?
On Mon, May 22, 2017 at 11:00 AM Freddy Rietdijk 
wrote:

> The problem with such an environment variable is that it's inherited by
>> child
>> processes, who might get confused. (E.g. some code might run both in a
>> wrapped
>> and unwrapped context, so it wouldn't be able to rely on $NIX_PROGRAM_NAME
>> unambiguously.)
>
>
> In the case of Python we might be able to inject some code where we unset
> the variable. Currently we inject the path to the script, but this is wrong
> in case a wrapper is used.
>
> I think in general a) wrappers should be avoided; and b) nested wrappers
>> should
>> *definitely* be avoided. Wrappers cannot really be avoided for the
>> "delayed
>> composition" use case (like firefox-wrapper), but in such a case perhaps
>> the
>> inner wrapper can be eliminated. For example, if the inner wrapper is
>> used to
>> set $PYTHONPATH, this can be moved into the underlying Python script by
>> setting
>> sys.path at the start.
>
>
> When possible I would prefer to avoid wrappers as well. Unfortunately,
> there's not really a way around it with Python (2.x).
> Sometimes we need to add a program to PATH and for that we need a wrapper.
> When we add the wrapper, the name is wrong. if the wrapper is added in the
> same derivation, then we can insert sys.path like we do now.
>
> However, often we also need composition: creating an environment
> consisting of the interpreter and multiple packages. In that case, they
> need to be able to find each other, and that means again wrappers (although
> with 3.x we might get away with pyvenv.cfg).
>
> On Mon, May 22, 2017 at 2:36 PM, Eelco Dolstra <
> eelco.dols...@logicblox.com> wrote:
>
>> Hi,
>>
>> On 05/19/2017 01:35 PM, Freddy Rietdijk wrote:
>>
>> > Therefore, I propose we set an environment variable `NIX_PROGRAM_NAME`
>> that the
>> > scripts check for. To prevent creating yet another `wrapProgram`
>> variant I
>> > propose we extend `wrapProgram` to always set this variable.
>>
>> The problem with such an environment variable is that it's inherited by
>> child
>> processes, who might get confused. (E.g. some code might run both in a
>> wrapped
>> and unwrapped context, so it wouldn't be able to rely on $NIX_PROGRAM_NAME
>> unambiguously.)
>>
>> But maybe $NIX_PROGRAM_NAME can be used only in the case where one wrapper
>> script calls another, so the final wrapper can unset it. However, if we
>> have
>> wrapper scripts detecting that the wrapped program is also a wrapper
>> script, we
>> might as well eliminate the execve into the next wrapper (thus preserving
>> the
>> original argv[0]).
>>
>> > This, however, doesn't solve the issue with nested wrappers yet
>>
>> I think in general a) wrappers should be avoided; and b) nested wrappers
>> should
>> *definitely* be avoided. Wrappers cannot really be avoided for the
>> "delayed
>> composition" use case (like firefox-wrapper), but in such a case perhaps
>> the
>> inner wrapper can be eliminated. For example, if the inner wrapper is
>> used to
>> set $PYTHONPATH, this can be moved into the underlying Python script by
>> setting
>> sys.path at the start.
>>
>> --
>> Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>>
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] c163b7: openafs: 1.6.20 -> 1.6.20.2

2017-05-15 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: c163b782bc839d58dbd6e9b25c1c8ff11b62e016
  
https://github.com/NixOS/nixpkgs/commit/c163b782bc839d58dbd6e9b25c1c8ff11b62e016
  Author: Dmitry Kalinkin <dmitry.kalin...@gmail.com>
  Date:   2017-05-14 (Sun, 14 May 2017)

  Changed paths:
M pkgs/servers/openafs-client/default.nix

  Log Message:
  ---
  openafs: 1.6.20 -> 1.6.20.2


  Commit: 450f0c93e018c021950b9ffcf2ea4e03735765a4
  
https://github.com/NixOS/nixpkgs/commit/450f0c93e018c021950b9ffcf2ea4e03735765a4
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-15 (Mon, 15 May 2017)

  Changed paths:
M pkgs/servers/openafs-client/default.nix

  Log Message:
  ---
  Merge pull request #25781 from veprbl/openafs_1.6.20.2

openafs: 1.6.20 -> 1.6.20.2


Compare: https://github.com/NixOS/nixpkgs/compare/d83f1bfed580...450f0c93e018___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] b6e44a: qemu: support qemu-system-aarch64 in the system wr...

2017-05-13 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: b6e44a14f91718b0d0ca5f297507fe6e47b575ed
  
https://github.com/NixOS/nixpkgs/commit/b6e44a14f91718b0d0ca5f297507fe6e47b575ed
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  ---
  qemu: support qemu-system-aarch64 in the system wrapper


  Commit: 08d6fa13eeb11acd73e28da118ae783fd42184f7
  
https://github.com/NixOS/nixpkgs/commit/08d6fa13eeb11acd73e28da118ae783fd42184f7
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M pkgs/os-specific/linux/kernel/manual-config.nix

  Log Message:
  ---
  kernel: delete fewer files, which are necessary on aarch64


  Commit: 7ed536909bebfdc98f491ebfdc234b6bca6d52d6
  
https://github.com/NixOS/nixpkgs/commit/7ed536909bebfdc98f491ebfdc234b6bca6d52d6
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M nixos/modules/installer/netboot/netboot.nix

  Log Message:
  ---
  netboot: don't appear to neeed syslinux / grub


  Commit: 90b6ea802ecce6226b34982193b18dd75c05280d
  
https://github.com/NixOS/nixpkgs/commit/90b6ea802ecce6226b34982193b18dd75c05280d
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M nixos/modules/installer/netboot/netboot.nix
M nixos/release.nix

  Log Message:
  ---
  netboot: aarch64 compatability


  Commit: e2dc4d4022fe6cd4e109e234882d218ba81ee8c0
  
https://github.com/NixOS/nixpkgs/commit/e2dc4d4022fe6cd4e109e234882d218ba81ee8c0
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  qemu_test: enable architectures other than x86


  Commit: c59335424e8c308c68fee210efdcb5b26f08fb69
  
https://github.com/NixOS/nixpkgs/commit/c59335424e8c308c68fee210efdcb5b26f08fb69
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  ---
  qemu: fixup systemWrapper


  Commit: 4d2c6e881a3975001c150cc6add0209859e0c09f
  
https://github.com/NixOS/nixpkgs/commit/4d2c6e881a3975001c150cc6add0209859e0c09f
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M nixos/modules/virtualisation/qemu-vm.nix

  Log Message:
  ---
  pass in aarchh64 args


  Commit: e8195907f0692f5e5a0763857eb2e88a38a4c1b7
  
https://github.com/NixOS/nixpkgs/commit/e8195907f0692f5e5a0763857eb2e88a38a4c1b7
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M nixos/modules/virtualisation/qemu-vm.nix

  Log Message:
  ---
  host -> virt


  Commit: 64c4b122d1515f1af932a118310c3306f0930c8f
  
https://github.com/NixOS/nixpkgs/commit/64c4b122d1515f1af932a118310c3306f0930c8f
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  ---
  whitespace


  Commit: 8898f15a7b655a3517ba0b6c55c947b53dac9bd2
  
https://github.com/NixOS/nixpkgs/commit/8898f15a7b655a3517ba0b6c55c947b53dac9bd2
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-13 (Sat, 13 May 2017)

  Changed paths:
M nixos/modules/virtualisation/qemu-vm.nix

  Log Message:
  ---
  virtio-gpu


Compare: https://github.com/NixOS/nixpkgs/compare/f239bde49861...8898f15a7b65___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] still waiting for https://cache.nixos.org after 5 seconds...

2017-05-08 Thread Graham Christensen

I'm a member of the community. I have no special powers. What I've
written here is generally applicable to many open source projects. I'm
not a gate keeper.

Denis  writes:

> As for the debugging of the connectivity issues, it was done few
> months ago and it was found out that the same CDN hosted some websites
> forbidden by goverments and traffic to its IP went through some
> government router.

Yes, Russia blocked Cloudfront for a bit.

>> I really do not understand the reasons of the strong opposition to
>> another mirror on Cloudflare (free of cost, although it may not solve
>> the problem completely - it has no endpoint in Vietnam, for example -
>> it may increase availability and reduce Amazon bills) and to allowing
>> the people in regions to host mirrors (it should not be a security
>> breach as the packages are cryptographic signed).

You're welcome to set up out-of-band, third party infrastructure for
yourself and anyone you convince to use it. There is no reason you
can't.

 - For a read-through cache, the system must just send the Host
 header.
 - For an automatic cache, there are instructions on this ML about
 fetching all the paths from a channel version. I believe you'll find
 them when Russia blocked Cloudfront.

IMO these aren't very high bars.

However, my preference is to solve the problem for all users by default.

If we go with either of these solutions (or any other), offering it to
all our users officially requires real work around configuration,
long-term support and maintenance, debugging, and tooling. To convince
the project as a whole to go that route, we need...

> How this information could help us to fix the issue? How can we be
> sure that it will not happen again? Or that IPs or domain be blocked
> completely on some territory?
>
> I do not think it is one of those problems which can be debugged and
> fixed, the only option for reliable content distribution is
> diversification.

Without specific data on why things are performing poorly, you're
correct: it is not a problem that can be debugged and fixed.

I've put this script together to simplify the more complicated process
provided by upstream.

By collecting information about what is going wrong, it helps build a
case. Right now we see a small handful of people periodically
complaining vaguely about Cloudfront performance.

I don't want people to have a bad experience. The only way I know how to
help is to convert vague complaints to specific complaints via
diagnostic data that can be used to solve the problem. Only by building
a strong case of documented problems with our current mechanism are we
likely to get enough people interested to collectively move to a
different solution.  

Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


Re: [Nix-dev] still waiting for https://cache.nixos.org after 5 seconds...

2017-05-08 Thread Graham Christensen
Denis  writes:

> There are many issues with cache.nixos.org (slowness in some regoins,
> downtimes) so setting up a second CDN would be useful. It is for free.

Hi,

Unfortunately, these problems are very hard to diagnose. More often than
not, the issue is between the user and AWS.

I have a tool that provides information to help Amazon debug the
problem:

https://gist.github.com/grahamc/df1bb806eb3552650d03eef7036a72ba

If you run this when when you are having issues, please send the results
to me and I'll collect them.

Cloudfront is an extremely stable platform (along the axis of
"availability") to build off of. They promise a minimum of 99.9%[0] of
all requests will be correctly serviced, while simultaneously providing
edge-caching to improve performance in certain regions.

Our Cloudfront distribution is backed by S3, a similar promise of 99.9%
availability[1]. S3 provides additional guarantees, like its durability
(99.9% [2].)

Our cloudfront distribution sees almost almost 100,000 unique users each
month, each downloading hundreds or thousands of NARs and narinfo files.
At the size of the cache (many TBs) and traffic it sees, these numbers
aren't an easy feat.

0: https://aws.amazon.com/cloudfront/sla/
1: https://aws.amazon.com/s3/sla/
2: https://aws.amazon.com/s3/faqs/

Best,
Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] cdebfa: mediawiki: 1.27.1 -> 1.27.3

2017-05-07 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: cdebfa80abec0f734538f2a2df571f682e7808ee
  
https://github.com/NixOS/nixpkgs/commit/cdebfa80abec0f734538f2a2df571f682e7808ee
  Author: Armijn Hemel <arm...@tjaldur.nl>
  Date:   2017-04-30 (Sun, 30 Apr 2017)

  Changed paths:
M nixos/modules/services/web-servers/apache-httpd/mediawiki.nix

  Log Message:
  ---
  mediawiki: 1.27.1 -> 1.27.3


  Commit: 4d44810fe7a2bafd096b9099d042f45e6a7bdea0
  
https://github.com/NixOS/nixpkgs/commit/4d44810fe7a2bafd096b9099d042f45e6a7bdea0
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-05-07 (Sun, 07 May 2017)

  Changed paths:
M nixos/modules/services/web-servers/apache-httpd/mediawiki.nix

  Log Message:
  ---
  Merge pull request #25365 from armijnhemel/mediawiki

mediawiki: 1.27.1 -> 1.27.3


Compare: https://github.com/NixOS/nixpkgs/compare/ef4442e827af...4d44810fe7a2___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] Build a derivation using sbt

2017-05-05 Thread Graham Christensen
There is a project called sbtix you might look at:

https://github.com/teozkr/sbtix

I found the author very helpful when I got stuck.

Grahan
On Fri, May 5, 2017 at 6:14 PM Volth  wrote:

> Hello
>
> Anyone tried to build a derivation using sbt ?
> I found no one such project in nixpkgs.
>
> sbt feels very bad running under "nixbld1", it needs to create ~/.sbt
> ~/.ivy and to download tons of jars there...
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> https://mailman.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] a3b9db: sysbench: 2015-04-22 -> 1.0.6

2017-04-27 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: a3b9dbd0bed5a81af46b4c48a8ee9f93a0b14cf7
  
https://github.com/NixOS/nixpkgs/commit/a3b9dbd0bed5a81af46b4c48a8ee9f93a0b14cf7
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-27 (Thu, 27 Apr 2017)

  Changed paths:
M pkgs/development/tools/misc/sysbench/default.nix

  Log Message:
  ---
  sysbench: 2015-04-22 -> 1.0.6


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] bdd89f: Revert "openvpn service: source up/down scripts"

2017-04-26 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: bdd89faebb2c3d7c291776643de65efbc5172b44
  
https://github.com/NixOS/nixpkgs/commit/bdd89faebb2c3d7c291776643de65efbc5172b44
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-26 (Wed, 26 Apr 2017)

  Changed paths:
M nixos/modules/services/networking/openvpn.nix

  Log Message:
  ---
  Revert "openvpn service: source up/down scripts"

This reverts commit 50ad243f7802c09788441fb0099626387fddb2db.


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] a4fc2e: python2Packages.packet-python: 1.31 -> 1.33

2017-04-26 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: a4fc2eed593b4186509de469b3a987da1157ef86
  
https://github.com/NixOS/nixpkgs/commit/a4fc2eed593b4186509de469b3a987da1157ef86
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-26 (Wed, 26 Apr 2017)

  Changed paths:
M pkgs/top-level/python-packages.nix

  Log Message:
  ---
  python2Packages.packet-python: 1.31 -> 1.33


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] da0ef8: mysql test: use OpenPort check over blind sleep

2017-04-25 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: da0ef84c0c5b5b5ffe739939895bc1992fac7d80
  
https://github.com/NixOS/nixpkgs/commit/da0ef84c0c5b5b5ffe739939895bc1992fac7d80
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-25 (Tue, 25 Apr 2017)

  Changed paths:
M nixos/tests/mysql-replication.nix

  Log Message:
  ---
  mysql test: use OpenPort check over blind sleep


  Commit: 5dd731b801ac6a0203204a7eed19afddee93fe85
  
https://github.com/NixOS/nixpkgs/commit/5dd731b801ac6a0203204a7eed19afddee93fe85
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-25 (Tue, 25 Apr 2017)

  Changed paths:
M nixos/tests/mysql-replication.nix

  Log Message:
  ---
  mysql test: test replication persists between slave stop / start cycle


Compare: https://github.com/NixOS/nixpkgs/compare/4c171319f56a...5dd731b801ac___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 4585fd: qemu module: add virtualisation.cores option

2017-04-24 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 4585fdb9d462d8f91ca819f7c0b398cfc47745db
  
https://github.com/NixOS/nixpkgs/commit/4585fdb9d462d8f91ca819f7c0b398cfc47745db
  Author: Graham Christensen <gra...@tumblr.com>
  Date:   2017-04-24 (Mon, 24 Apr 2017)

  Changed paths:
M nixos/modules/virtualisation/qemu-vm.nix

  Log Message:
  ---
  qemu module: add virtualisation.cores option

QEMU can allow guests to access more than one host core at a time.
Previously, this had to be done via ad-hoc arguments:

virtualisation.qemu.options = ["-smp 12"];

Now you can simply specify:

virtualisation.cores = 12;


  Commit: 3ab98d0971e68ec115c6ffaa259e0e72aedbc80a
  
https://github.com/NixOS/nixpkgs/commit/3ab98d0971e68ec115c6ffaa259e0e72aedbc80a
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-24 (Mon, 24 Apr 2017)

  Changed paths:
M nixos/modules/virtualisation/qemu-vm.nix

  Log Message:
  ---
  Merge pull request #24999 from grahamc/qemu

qemu module: add virtualisation.cores option


Compare: https://github.com/NixOS/nixpkgs/compare/75441dd64ac0...3ab98d0971e6___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 2165b4: percona-server56: init at 5.6.35-80.0

2017-04-24 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 2165b48e4afbce5f7f70195c50c78605c6dcb100
  
https://github.com/NixOS/nixpkgs/commit/2165b48e4afbce5f7f70195c50c78605c6dcb100
  Author: Graham Christensen <gra...@tumblr.com>
  Date:   2017-04-24 (Mon, 24 Apr 2017)

  Changed paths:
A pkgs/servers/sql/percona/5.6.x.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  percona-server56: init at 5.6.35-80.0


  Commit: 385844d5e981b12cbd216e54abf6d954fe6c48b7
  
https://github.com/NixOS/nixpkgs/commit/385844d5e981b12cbd216e54abf6d954fe6c48b7
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-24 (Mon, 24 Apr 2017)

  Changed paths:
A pkgs/servers/sql/percona/5.6.x.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Merge pull request #24998 from grahamc/percona

percona-server56: init at 5.6.35-80.0


Compare: https://github.com/NixOS/nixpkgs/compare/07cc3eb0d005...385844d5e981___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 0ceb82: perlPackages.SetIntSpan: init at 1.19

2017-04-23 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 0ceb82d3dd5ce024dd9f7780c20f27d1bb61eacc
  
https://github.com/NixOS/nixpkgs/commit/0ceb82d3dd5ce024dd9f7780c20f27d1bb61eacc
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  perlPackages.SetIntSpan: init at 1.19


  Commit: 76cea3de93c73865a0fb9d0e578c0e2a7c464654
  
https://github.com/NixOS/nixpkgs/commit/76cea3de93c73865a0fb9d0e578c0e2a7c464654
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  perlPackages.BusinessHours: init at 0.12


  Commit: a9f89128458895737dee9dc011fda214304088af
  
https://github.com/NixOS/nixpkgs/commit/a9f89128458895737dee9dc011fda214304088af
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  perlPackages.CSSMinifierXP: init at 1.02


  Commit: 2f1ef64492a65d0d6c3cfc974e50a00747fe463a
  
https://github.com/NixOS/nixpkgs/commit/2f1ef64492a65d0d6c3cfc974e50a00747fe463a
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  perlPackages.GDText: init at 0.86


  Commit: 2d65b7f251c3998653514278589c30d9285e8800
  
https://github.com/NixOS/nixpkgs/commit/2d65b7f251c3998653514278589c30d9285e8800
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  perlPackages.JavaScriptMinifierXS: init at 0.11


  Commit: 38574a5878bfd260e6e2135f5ebcf5ffca7c854d
  
https://github.com/NixOS/nixpkgs/commit/38574a5878bfd260e6e2135f5ebcf5ffca7c854d
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  perlPackages.GDGraph: init at 1.54


  Commit: b48ea664f596e153fbe6388d704142356a3f6166
  
https://github.com/NixOS/nixpkgs/commit/b48ea664f596e153fbe6388d704142356a3f6166
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  perlPackages.MIMETools: init at 5.509


  Commit: 46f952371ee587cb820095e2662ad0a4cb10d170
  
https://github.com/NixOS/nixpkgs/commit/46f952371ee587cb820095e2662ad0a4cb10d170
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  perlPackages.DataPagePageset: init at 1.02


  Commit: 55d4d50cd32afa2304327b379adc93f93663a31e
  
https://github.com/NixOS/nixpkgs/commit/55d4d50cd32afa2304327b379adc93f93663a31e
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-22 (Sat, 22 Apr 2017)

  Changed paths:
M pkgs/servers/rt/default.nix

  Log Message:
  ---
  rt: improve packaging, with a progress note


  Commit: 7ff2fde2159a945daffd67f7cfea0764069b3ea9
  
https://github.com/NixOS/nixpkgs/commit/7ff2fde2159a945daffd67f7cfea0764069b3ea9
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-23 (Sun, 23 Apr 2017)

  Changed paths:
M pkgs/servers/rt/default.nix
M pkgs/top-level/perl-packages.nix

  Log Message:
  ---
  Merge pull request #25126 from grahamc/rt

RT: Improve Packaging


Compare: https://github.com/NixOS/nixpkgs/compare/1931ad0e2cbb...7ff2fde2159a___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] f239bd: virtio-gpu

2017-04-21 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: f239bde49861acb278224acf8beb905ea7838b76
  
https://github.com/NixOS/nixpkgs/commit/f239bde49861acb278224acf8beb905ea7838b76
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-21 (Fri, 21 Apr 2017)

  Changed paths:
M nixos/modules/virtualisation/qemu-vm.nix

  Log Message:
  ---
  virtio-gpu


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 743982: host -> virt

2017-04-21 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 7439825ae67e0e685d11237f8a06d2ac1b61c96c
  
https://github.com/NixOS/nixpkgs/commit/7439825ae67e0e685d11237f8a06d2ac1b61c96c
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-21 (Fri, 21 Apr 2017)

  Changed paths:
M nixos/modules/virtualisation/qemu-vm.nix

  Log Message:
  ---
  host -> virt


  Commit: d4fc5ae889209b05f7fdfebcc22fcceaf17827b4
  
https://github.com/NixOS/nixpkgs/commit/d4fc5ae889209b05f7fdfebcc22fcceaf17827b4
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-21 (Fri, 21 Apr 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  ---
  whitespace


Compare: https://github.com/NixOS/nixpkgs/compare/c479fce03930...d4fc5ae88920___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] c479fc: pass in aarchh64 args

2017-04-21 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: c479fce0393001d6439394cb07f26c5b7ff220ef
  
https://github.com/NixOS/nixpkgs/commit/c479fce0393001d6439394cb07f26c5b7ff220ef
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-21 (Fri, 21 Apr 2017)

  Changed paths:
M nixos/modules/virtualisation/qemu-vm.nix

  Log Message:
  ---
  pass in aarchh64 args


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 80beb5: imager (r-modules): add pkgs.x11 to fix build, unm...

2017-04-20 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 80beb55cfcc6f7286f05a6edb7390ce3d5d40c84
  
https://github.com/NixOS/nixpkgs/commit/80beb55cfcc6f7286f05a6edb7390ce3d5d40c84
  Author: Chris Hodapp <hodap...@gmail.com>
  Date:   2017-04-20 (Thu, 20 Apr 2017)

  Changed paths:
M pkgs/development/r-modules/default.nix

  Log Message:
  ---
  imager (r-modules): add pkgs.x11 to fix build, unmark imager/ForestTools as 
broken


  Commit: ce34caaa343a2266ac89b93627d0bd02c0f71652
  
https://github.com/NixOS/nixpkgs/commit/ce34caaa343a2266ac89b93627d0bd02c0f71652
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-20 (Thu, 20 Apr 2017)

  Changed paths:
M pkgs/development/r-modules/default.nix

  Log Message:
  ---
  Merge pull request #25062 from Hodapp87/imager_fix

imager (r-modules): add pkgs.x11, unmark imager/ForestTools as broken


Compare: https://github.com/NixOS/nixpkgs/compare/8402585c398a...ce34caaa343a___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] e3a7d6: qemu: fixup systemWrapper

2017-04-20 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: e3a7d6e87343c1a21459edf10516b6e93f5e6671
  
https://github.com/NixOS/nixpkgs/commit/e3a7d6e87343c1a21459edf10516b6e93f5e6671
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-20 (Thu, 20 Apr 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  ---
  qemu: fixup systemWrapper


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 704246: qemu_test: enable architectures other than x86

2017-04-20 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 7042463f003c40b5a772570e3033d7fc51a86744
  
https://github.com/NixOS/nixpkgs/commit/7042463f003c40b5a772570e3033d7fc51a86744
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-20 (Thu, 20 Apr 2017)

  Changed paths:
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  qemu_test: enable architectures other than x86


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] eab1f5: qemu: support qemu-system-aarch64 in the system wr...

2017-04-14 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: eab1f528450c372f6811976cd595e3fda242906a
  
https://github.com/NixOS/nixpkgs/commit/eab1f528450c372f6811976cd595e3fda242906a
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  ---
  qemu: support qemu-system-aarch64 in the system wrapper


  Commit: 53b42cb28129064d0ffefa7b0f95c01b4a0a8e13
  
https://github.com/NixOS/nixpkgs/commit/53b42cb28129064d0ffefa7b0f95c01b4a0a8e13
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M pkgs/os-specific/linux/kernel/manual-config.nix

  Log Message:
  ---
  kernel: delete fewer files, which are necessary on aarch64


  Commit: b219a39f16804bfbe26acc939130591e272a2ab5
  
https://github.com/NixOS/nixpkgs/commit/b219a39f16804bfbe26acc939130591e272a2ab5
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M nixos/modules/installer/netboot/netboot.nix

  Log Message:
  ---
  netboot: don't appear to neeed syslinux / grub


  Commit: e0a17a308a82b392fcae19a28dfc9802e7ca24b1
  
https://github.com/NixOS/nixpkgs/commit/e0a17a308a82b392fcae19a28dfc9802e7ca24b1
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M nixos/modules/installer/netboot/netboot.nix
M nixos/release.nix

  Log Message:
  ---
  netboot: aarch64 compatability


Compare: https://github.com/NixOS/nixpkgs/compare/b13e7c88b27f...e0a17a308a82___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] b13e7c: fixup netboot

2017-04-14 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: b13e7c88b27f69d708d80b330a0e923136d34844
  
https://github.com/NixOS/nixpkgs/commit/b13e7c88b27f69d708d80b330a0e923136d34844
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M nixos/modules/installer/netboot/netboot.nix

  Log Message:
  ---
  fixup netboot


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 944380: netboot: don't appear to neeed syslinux / grub

2017-04-14 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 944380c743bf94ea534cead27a80c0337310d945
  
https://github.com/NixOS/nixpkgs/commit/944380c743bf94ea534cead27a80c0337310d945
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M nixos/modules/installer/netboot/netboot.nix

  Log Message:
  ---
  netboot: don't appear to neeed syslinux / grub


  Commit: b4f0f2658139717012a8250ec99789c684a835b6
  
https://github.com/NixOS/nixpkgs/commit/b4f0f2658139717012a8250ec99789c684a835b6
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M nixos/modules/installer/netboot/netboot.nix
M nixos/release.nix

  Log Message:
  ---
  netboot: aarch64 compatability


Compare: https://github.com/NixOS/nixpkgs/compare/69cff1f5aa68...b4f0f2658139___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] b86499: qemu: support qemu-system-aarch64 in the system wr...

2017-04-14 Thread Graham Christensen
  Branch: refs/heads/unstable-aarch64
  Home:   https://github.com/NixOS/nixpkgs
  Commit: b86499bd2ac079719692c6f5e838aad1a02fa6f7
  
https://github.com/NixOS/nixpkgs/commit/b86499bd2ac079719692c6f5e838aad1a02fa6f7
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  ---
  qemu: support qemu-system-aarch64 in the system wrapper


  Commit: 69cff1f5aa681fe49b34cdf4d8eaf6bfc2f5f1d3
  
https://github.com/NixOS/nixpkgs/commit/69cff1f5aa681fe49b34cdf4d8eaf6bfc2f5f1d3
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-14 (Fri, 14 Apr 2017)

  Changed paths:
M pkgs/os-specific/linux/kernel/manual-config.nix

  Log Message:
  ---
  kernel: delete fewer files, which are necessary on aarch64


Compare: https://github.com/NixOS/nixpkgs/compare/d3c737a080b2...69cff1f5aa68___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
https://mailman.science.uu.nl/mailman/listinfo/nix-commits


[Nix-dev] NixOS Security Advisory: Docker Local Privilege Escalation

2017-04-03 Thread Graham Christensen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Date:2017-04-03
CVE-ID:  CVE-2017-7412
Service: docker
Type:local privilege escalation


Summary
===

NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which
allows local users to gain privileges by executing docker commands.

NixOS 16.09 is not vulnerable.

Resolution
==

# nix-channel --update

and ensure your NixOS channel is advanced to 17.03.887 or greater.

Workaround
==

Manually apply socket permission restrictions to the Docker socket. In
your configuration.nix:

  systemd.sockets.docker = {
socketConfig.SocketMode = "0660";
socketConfig.SocketUser = "root";
socketConfig.SocketGroup = "docker";
  };

Thank You
=
Thank you Alexey Shmalko (rasendubi on GitHub) for promptly reporting
the vulnerablity and submitting a patch.

References
==

Fix applied to 17.03:
https://github.com/NixOS/nixpkgs/commit/6c59d851e2967410cc8fb6ba3f374b1d3efa988e

Fix applied to unstable:
https://github.com/NixOS/nixpkgs/commit/fa4fe7110566d8370983fa81f2b04a89236d

16.09 and older are not affected.

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEP+htk0GpxXspt+y6BhIdNm/pQ1wFAlji5qYACgkQBhIdNm/p
Q1zX7hAAr8SXo49f8eVc5k1vryUQmESaKDRkVPtk5AANyHiXhBsViUdNVlHsPvon
Ciqfl/3vMcaBJGiXOYXRurZIy9i5XQuhMfTYDcA38qXqM2Sn0eyEYi38xJZGdZqf
d2ajClcfHh70jqtdJpuffhc4eWoN7Y+5TrkKG7wANRBX4rXfmPtcpzESBzVhQNu6
iarJhjypr0M/9cTDG7k9E5kV2HyFlRUpSIhmNhPsM1N3DioSuCtfQcy2K3KnRRQf
1jWvt5fvq/pjLCZ4Z3JiVj6NUai46HoD99iBVXeCsEHh9DLZmidrT5lrW2RP0Cyt
PQSiM/dZBeqPyRCQ7yRUcJrUjMHJQMM75T2SwCP8+UDAbNRSlJWwJy3ml5KukBcz
zUJNBj1BY2/6CmGqoopuF1GkqtIuwO7gXt/U9ze8N32epXb2EVk3xzNRqjuw6YWV
uBIQU68sWkKIYqw1Fi32UILBhn3CRBuK5S7I05zDgNKi15s98GGqMlIyPcPpn+YA
mX3zt6Jll8b3eN8vnZezW6HZdCC3lEwlfJ9Oxenodp8/JjPa9q/PnUiRd+FBK983
OF7bJCsuM028FB21GsyqksW/YhBaTUT3mjk2ua/LJ2kw+3XauQB3Pb9mnk8/Pssr
RqRyYacgAxZvtpdD/DzS9HLwwiXmNWAm/iXOrI4A1SR5zA/Xgvk=
=JnIC
-END PGP SIGNATURE-
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 6c59d8: docker: fix socket permissions

2017-04-03 Thread Graham Christensen
  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 6c59d851e2967410cc8fb6ba3f374b1d3efa988e
  
https://github.com/NixOS/nixpkgs/commit/6c59d851e2967410cc8fb6ba3f374b1d3efa988e
  Author: Alexey Shmalko <rasen.d...@gmail.com>
  Date:   2017-04-03 (Mon, 03 Apr 2017)

  Changed paths:
M nixos/modules/virtualisation/docker.nix

  Log Message:
  ---
  docker: fix socket permissions

Docker socket is world writable. This means any user on the system is
able to invoke docker command. (Which is equal to having a root access
to the machine.)

This commit makes socket group-writable and owned by docker group.

Inspired by
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.socket

(cherry picked from commit fa4fe7110566d8370983fa81f2b04a89236d)


  Commit: 6018464c49dc60b1779f10a714974dcb4eb21c30
  
https://github.com/NixOS/nixpkgs/commit/6018464c49dc60b1779f10a714974dcb4eb21c30
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-03 (Mon, 03 Apr 2017)

  Changed paths:
M nixos/tests/docker.nix

  Log Message:
  ---
  docker: test for socket permissions

(cherry picked from commit c7453084ef71e286699b7414894178e5559f5563)


Compare: https://github.com/NixOS/nixpkgs/compare/6024dd4067c4...6018464c49dc___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] fa4fe7: docker: fix socket permissions

2017-04-03 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: fa4fe7110566d8370983fa81f2b04a89236d
  
https://github.com/NixOS/nixpkgs/commit/fa4fe7110566d8370983fa81f2b04a89236d
  Author: Alexey Shmalko <rasen.d...@gmail.com>
  Date:   2017-04-03 (Mon, 03 Apr 2017)

  Changed paths:
M nixos/modules/virtualisation/docker.nix

  Log Message:
  ---
  docker: fix socket permissions

Docker socket is world writable. This means any user on the system is
able to invoke docker command. (Which is equal to having a root access
to the machine.)

This commit makes socket group-writable and owned by docker group.

Inspired by
https://github.com/docker/docker/blob/master/contrib/init/systemd/docker.socket


  Commit: c7453084ef71e286699b7414894178e5559f5563
  
https://github.com/NixOS/nixpkgs/commit/c7453084ef71e286699b7414894178e5559f5563
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-04-03 (Mon, 03 Apr 2017)

  Changed paths:
M nixos/tests/docker.nix

  Log Message:
  ---
  docker: test for socket permissions


Compare: https://github.com/NixOS/nixpkgs/compare/a29d0df28c30...c7453084ef71___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] NixOS 17.03 'Gorilla' Released

2017-04-02 Thread Graham Christensen

Congratulations, everyone. Excellent work! I couldn't be more excited!

Best,
Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


Re: [Nix-dev] NixOS 17.03 Release Sprint in Munich (25.-26.03.)

2017-03-24 Thread Graham Christensen
Robin Gloster  writes:

> The sprint will be held at the Mayflower office in Munich on Saturday
> and Sunday starting at 11:00. Drinks will be provided.

Sounds great, I wish I could come! I'll provide my own drinks from my
home office :)

Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 5d16b2: Revert "JBoss AS: list known vulnerability"

2017-03-15 Thread Graham Christensen
  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 5d16b24ed2c5bcb588c8cd1be0d5b02640083b8a
  
https://github.com/NixOS/nixpkgs/commit/5d16b24ed2c5bcb588c8cd1be0d5b02640083b8a
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-15 (Wed, 15 Mar 2017)

  Changed paths:
M nixos/modules/services/web-servers/jboss/default.nix
M pkgs/servers/http/jboss/default.nix

  Log Message:
  ---
  Revert "JBoss AS: list known vulnerability"

This reverts commit 061bd1293b2f26bb7951f253582d66147395ef30.


  Commit: ff8b5f913691bfeb5d070af5b3e4c10368ac723c
  
https://github.com/NixOS/nixpkgs/commit/ff8b5f913691bfeb5d070af5b3e4c10368ac723c
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-15 (Wed, 15 Mar 2017)

  Changed paths:
M pkgs/servers/http/jboss/default.nix

  Log Message:
  ---
  jboss: mark as broken for CVE-2015-7501


Compare: https://github.com/NixOS/nixpkgs/compare/061bd1293b2f...ff8b5f913691___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 72619a: JBoss AS: list known vulnerability

2017-03-15 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 72619a86c9166d7b4bea5762070ee14fb72dc6e7
  
https://github.com/NixOS/nixpkgs/commit/72619a86c9166d7b4bea5762070ee14fb72dc6e7
  Author: Renaud <c0b...@users.noreply.github.com>
  Date:   2017-03-13 (Mon, 13 Mar 2017)

  Changed paths:
M nixos/modules/services/web-servers/jboss/default.nix
M pkgs/servers/http/jboss/default.nix

  Log Message:
  ---
  JBoss AS: list known vulnerability

CVE-2015-7501

Warning in JBoss module


  Commit: e4c0613470007df5f286d375f6f529f076bf2c23
  
https://github.com/NixOS/nixpkgs/commit/e4c0613470007df5f286d375f6f529f076bf2c23
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-15 (Wed, 15 Mar 2017)

  Changed paths:
M nixos/modules/services/web-servers/jboss/default.nix
M pkgs/servers/http/jboss/default.nix

  Log Message:
  ---
  Merge pull request #23674 from c0bw3b/sec/jboss7

JBoss AS: list known vulnerability


Compare: https://github.com/NixOS/nixpkgs/compare/eba3900781ef...e4c061347000___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] b806e2: nixos: build for aarch64-linux

2017-03-13 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: b806e25d65421d7aa0a524ce1601f0e51099df11
  
https://github.com/NixOS/nixpkgs/commit/b806e25d65421d7aa0a524ce1601f0e51099df11
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-13 (Mon, 13 Mar 2017)

  Changed paths:
M nixos/release-combined.nix
M nixos/release.nix

  Log Message:
  ---
  nixos: build for aarch64-linux


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-dev] Aarch64!

2017-03-09 Thread Graham Christensen

Vladimír's email reminded me I hadn't said anything about aarch64...
but, many people already know :)

As of yesterday, with the excellent help of Tuomas (Dezgeg) and others,
plus the generous donation of 96-core Cavium ThunderX machines from
Packet.net, we now have Nixpkgs unstable building Aarch64 packages!

These should run just fine on Raspberry Pi 3, and of course,
Packet.net's ThunderX machines.

I added it first to nixpkgs only in order to "smoke test" the deployment
without interrupting NixOS. I have no objection to moving it over to
NixOS itself, the machines should be able to run the NixOS tests just
fine.

Currently, we only have one Aarch64 builder. We can add more, and having
Hydra building stdenv will make the provisioning process much faster.

Let us all celebrate this big milestone, and push forward to NixOS on
ARM!

Thank you to Tuomas, nathan7, Eelco, Packet.net, and all the ARM
contributors for making this possible.

Thank you,
Graham Christensen
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-dev] Vulnerability Roundup #missing

2017-03-08 Thread Graham Christensen

Just a heads up that the LWN Vulnerability Database we use hasn't been
updated in over a week, which means our tooling thinks there have been
zero problems. This is obviously not true.

LWN's database provides a hugely valuable resource for us. They collect
mail from many distro's mailing lists and aggregate similar reports in
to a single entry. Each of those then will have multiple solutions and
patches that we can use to fix the issue in our distribution. This
aggregation has been a huge "force multiplier," allowing us to keep up
to date and patch almost as fast as the bigger distributions, even in
the earliest weeks of roundups where only a few people were regularly
contributing.

If you appreciate the work we've done, I recommend subscribing to LWN as
a thank-you.


Remediation:

 - I've messaged LWN to ask if the database will be updated again.
 - I've been researching alternative ways to get the job done:
   - Other DBs with similar goals of aggregating issues and reports.
   - Reviewing all the mail from oss-security
   - Subscribing to and reviewing all the mail from all the distro's
 that LWN watched
 - other options?

This is a tough spot to be in, and I am hoping LWN will continue. Either
way, we should likely expand our tooling to support other sources as
well.

If anyone has any ideas or suggestions, I'm all ears :)

Best,
Graham Christensen
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 0aa29f: gitkraken: init at 2.1.0

2017-03-07 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 0aa29fa4d8a8bf0e96e83993a624f61fab73c59f
  
https://github.com/NixOS/nixpkgs/commit/0aa29fa4d8a8bf0e96e83993a624f61fab73c59f
  Author: NWDD <nwdd+ni...@no.team>
  Date:   2017-03-07 (Tue, 07 Mar 2017)

  Changed paths:
A pkgs/applications/version-management/gitkraken/default.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  gitkraken: init at 2.1.0


  Commit: ebeb722e14b503efff11a204ad495712a0b6270b
  
https://github.com/NixOS/nixpkgs/commit/ebeb722e14b503efff11a204ad495712a0b6270b
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-07 (Tue, 07 Mar 2017)

  Changed paths:
A pkgs/applications/version-management/gitkraken/default.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Merge pull request #23459 from xNWDD/gitkraken

gitkraken: init at 2.1.0


Compare: https://github.com/NixOS/nixpkgs/compare/442fc47cbe61...ebeb722e14b5___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] e965d8: cassandra: remove old branches 1.2 and 2.0

2017-03-07 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: e965d8aa1c7be58f6a07ba9d9f3c0370dcce6f94
  
https://github.com/NixOS/nixpkgs/commit/e965d8aa1c7be58f6a07ba9d9f3c0370dcce6f94
  Author: Robert Helgesson <rob...@rycee.net>
  Date:   2017-03-07 (Tue, 07 Mar 2017)

  Changed paths:
R pkgs/servers/nosql/cassandra/1.2.nix
R pkgs/servers/nosql/cassandra/2.0.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  cassandra: remove old branches 1.2 and 2.0

These are no longer supported upstream.


  Commit: 442fc47cbe61c5e851887d0553436609e95b760a
  
https://github.com/NixOS/nixpkgs/commit/442fc47cbe61c5e851887d0553436609e95b760a
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-07 (Tue, 07 Mar 2017)

  Changed paths:
R pkgs/servers/nosql/cassandra/1.2.nix
R pkgs/servers/nosql/cassandra/2.0.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Merge pull request #23617 from rycee/delete/old-cassandra

cassandra: remove old branches 1.2 and 2.0


Compare: https://github.com/NixOS/nixpkgs/compare/9e6ae2f60a10...442fc47cbe61___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] eff9b0: qemu: separate usbredirSupport option out of spice...

2017-03-07 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: eff9b09fb737bf7e619cd3fed65566857ed663e0
  
https://github.com/NixOS/nixpkgs/commit/eff9b09fb737bf7e619cd3fed65566857ed663e0
  Author: Jan Malakhovski <o...@oxij.org>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix

  Log Message:
  ---
  qemu: separate usbredirSupport option out of spiceSupport option


  Commit: 1c8940a2b817ed3cb559e7d0fb96e25783b3dbfe
  
https://github.com/NixOS/nixpkgs/commit/1c8940a2b817ed3cb559e7d0fb96e25783b3dbfe
  Author: Jan Malakhovski <o...@oxij.org>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M pkgs/applications/virtualization/qemu/default.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  qemu: add xen support


  Commit: 916fa0a6102a75325dbc3ffca5e88ec435aeffa4
  
https://github.com/NixOS/nixpkgs/commit/916fa0a6102a75325dbc3ffca5e88ec435aeffa4
  Author: Jan Malakhovski <o...@oxij.org>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
A pkgs/applications/virtualization/xen/-fix-install-python.patch
A pkgs/applications/virtualization/xen/-fix-ipxe-src.patch
M pkgs/applications/virtualization/xen/4.5.nix
M pkgs/applications/virtualization/xen/generic.nix
A pkgs/applications/virtualization/xen/packages.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  xen: rewrite build expression to be more modular, support upstream qemu and 
seabios

Also:

* provides a bunch of build options
* documents build options config in longDescription
* provides a bunch of predefined packages and documents them some more
* sources' hashes stay the same


  Commit: 442b8d49d0e973d2f78bd424efab55d33f6ae98c
  
https://github.com/NixOS/nixpkgs/commit/442b8d49d0e973d2f78bd424efab55d33f6ae98c
  Author: Jan Malakhovski <o...@oxij.org>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M nixos/modules/virtualisation/xen-dom0.nix

  Log Message:
  ---
  nixos: xen: make packages configurable


  Commit: 9e6ae2f60a109c6e5380c0fb3775e783a1fc8f00
  
https://github.com/NixOS/nixpkgs/commit/9e6ae2f60a109c6e5380c0fb3775e783a1fc8f00
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-07 (Tue, 07 Mar 2017)

  Changed paths:
M nixos/modules/virtualisation/xen-dom0.nix
M pkgs/applications/virtualization/qemu/default.nix
A pkgs/applications/virtualization/xen/-fix-install-python.patch
A pkgs/applications/virtualization/xen/-fix-ipxe-src.patch
M pkgs/applications/virtualization/xen/4.5.nix
M pkgs/applications/virtualization/xen/generic.nix
A pkgs/applications/virtualization/xen/packages.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Merge pull request #23441 from oxij/pkg/pretty-xen

xen: modular expression


Compare: https://github.com/NixOS/nixpkgs/compare/e206d5ab63b6...9e6ae2f60a10___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] Hydra Building PRs

2017-03-07 Thread Graham Christensen
Bas van Dijk  writes:

> Hi Graham, what's te status of this project?

Great question. Dezgeg and I are working on bootstrapping some ARM
machines now, at which point I'll be working with Eelco to add
them to Hydra.

I don't have an ETA, but finding a compatible time between Dezgeg and I
was a major blocker. From here, I expect the slow parts will be
coordinating with Eelco, then having nixpkgs build them.

Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 55996b: nixos: network-interfaces-scripted: don't require ...

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 55996b8daf9549cc1b7484be5384e52ee3c77bae
  
https://github.com/NixOS/nixpkgs/commit/55996b8daf9549cc1b7484be5384e52ee3c77bae
  Author: Jan Malakhovski <o...@oxij.org>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M nixos/modules/tasks/network-interfaces-scripted.nix

  Log Message:
  ---
  nixos: network-interfaces-scripted: don't require mstpd when rstp is off


  Commit: 2027f8e74aac5596a02bf26a6b837d4daff3be9c
  
https://github.com/NixOS/nixpkgs/commit/2027f8e74aac5596a02bf26a6b837d4daff3be9c
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M nixos/modules/tasks/network-interfaces-scripted.nix

  Log Message:
  ---
  Merge pull request #23522 from oxij/nixos/mstpd-rstp

nixos: network-interfaces-scripted: don't require mstpd when rstp is off


Compare: https://github.com/NixOS/nixpkgs/compare/6f88f8ca1b94...2027f8e74aac___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] fc6c50: xfce: add screenLock option

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: fc6c50f1b530c717c34dc6c2acd637de06d2858f
  
https://github.com/NixOS/nixpkgs/commit/fc6c50f1b530c717c34dc6c2acd637de06d2858f
  Author: David Costa <da...@zarel.net>
  Date:   2017-03-04 (Sat, 04 Mar 2017)

  Changed paths:
M nixos/modules/services/x11/desktop-managers/xfce.nix

  Log Message:
  ---
  xfce: add screenLock option

screenLock option is needed to provide at least one application for
xflock4 to lock the screen


  Commit: 710973e354cc0f1c18a2d201f631d54420c6084a
  
https://github.com/NixOS/nixpkgs/commit/710973e354cc0f1c18a2d201f631d54420c6084a
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M nixos/modules/services/x11/desktop-managers/xfce.nix

  Log Message:
  ---
  Merge pull request #23492 from zarelit/xfce_lockscreen

xfce: add screenLock option


Compare: https://github.com/NixOS/nixpkgs/compare/5013998b0ee4...710973e354cc___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 5ff2a9: elpa-packages: 2017-03-06

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 5ff2a924c6b6323b6392c57a783cb2ce3dc2
  
https://github.com/NixOS/nixpkgs/commit/5ff2a924c6b6323b6392c57a783cb2ce3dc2
  Author: Michael Alan Dorman <mdor...@ironicdesign.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/applications/editors/emacs-modes/elpa-generated.nix

  Log Message:
  ---
  elpa-packages: 2017-03-06


  Commit: 192bc411b0d653cd4fc8f8c5b581106f23382bfa
  
https://github.com/NixOS/nixpkgs/commit/192bc411b0d653cd4fc8f8c5b581106f23382bfa
  Author: Michael Alan Dorman <mdor...@ironicdesign.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/applications/editors/emacs-modes/melpa-stable-generated.nix

  Log Message:
  ---
  melpa-stable-packages: 2017-03-06


  Commit: cc5bb40c1c0eb8e5b21e4b0fd303d29ead3e67c2
  
https://github.com/NixOS/nixpkgs/commit/cc5bb40c1c0eb8e5b21e4b0fd303d29ead3e67c2
  Author: Michael Alan Dorman <mdor...@ironicdesign.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/applications/editors/emacs-modes/melpa-generated.nix

  Log Message:
  ---
  melpa-packages: 2017-03-06


  Commit: 37052cbdfd1419510e8c5233059e63d628f6
  
https://github.com/NixOS/nixpkgs/commit/37052cbdfd1419510e8c5233059e63d628f6
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/applications/editors/emacs-modes/elpa-generated.nix
M pkgs/applications/editors/emacs-modes/melpa-generated.nix
M pkgs/applications/editors/emacs-modes/melpa-stable-generated.nix

  Log Message:
  ---
  Merge pull request #23254 from mdorman/emacs-updates

Automated emacs package updates


Compare: https://github.com/NixOS/nixpkgs/compare/85b47bbd5e52...37052cbd___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 6111f6: mailpile: mark as insecure, pending removal

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 6111f6a756553d26e60d24d908d481e380edfbf2
  
https://github.com/NixOS/nixpkgs/commit/6111f6a756553d26e60d24d908d481e380edfbf2
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/applications/networking/mailreaders/mailpile/default.nix

  Log Message:
  ---
  mailpile: mark as insecure, pending removal

(cherry picked from commit 85b47bbd5e5273207919ad9ff81f12471f1769d3)


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 85b47b: mailpile: mark as insecure, pending removal

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 85b47bbd5e5273207919ad9ff81f12471f1769d3
  
https://github.com/NixOS/nixpkgs/commit/85b47bbd5e5273207919ad9ff81f12471f1769d3
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/applications/networking/mailreaders/mailpile/default.nix

  Log Message:
  ---
  mailpile: mark as insecure, pending removal


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 8605d3: mailpile: Mark as broken

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 8605d317d16375ddb496ec3522f7924ef7e75e2d
  
https://github.com/NixOS/nixpkgs/commit/8605d317d16375ddb496ec3522f7924ef7e75e2d
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/applications/networking/mailreaders/mailpile/default.nix

  Log Message:
  ---
  mailpile: Mark as broken


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] c56587: doc: Remove indention from program listings

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: c56587eb301b514dff380268876134c5cb841cbe
  
https://github.com/NixOS/nixpkgs/commit/c56587eb301b514dff380268876134c5cb841cbe
  Author: Matthias Beyer <m...@beyermatthias.de>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M nixos/doc/manual/configuration/xfce.xml

  Log Message:
  ---
  doc: Remove indention from program listings


  Commit: 1e3dec3baaf12c6be0704d4e15fb270a628ecc10
  
https://github.com/NixOS/nixpkgs/commit/1e3dec3baaf12c6be0704d4e15fb270a628ecc10
  Author: Matthias Beyer <m...@beyermatthias.de>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M nixos/doc/manual/configuration/xfce.xml

  Log Message:
  ---
  nixos doc xfce: Fix missing space


  Commit: 0a18a56375fbf2146b19fba7528b8d1a5bd51d44
  
https://github.com/NixOS/nixpkgs/commit/0a18a56375fbf2146b19fba7528b8d1a5bd51d44
  Author: Matthias Beyer <m...@beyermatthias.de>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M nixos/doc/manual/configuration/xfce.xml

  Log Message:
  ---
  nixos doc xfce: Tabs -> spaces


  Commit: 87f57de8e579ed7b41096c77b1ceb2146db87f5a
  
https://github.com/NixOS/nixpkgs/commit/87f57de8e579ed7b41096c77b1ceb2146db87f5a
  Author: Matthias Beyer <m...@beyermatthias.de>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M nixos/doc/manual/configuration/xfce.xml

  Log Message:
  ---
  Wrap command in 


  Commit: 0705346de46b0b60b612b2e88cc7291b7050ab23
  
https://github.com/NixOS/nixpkgs/commit/0705346de46b0b60b612b2e88cc7291b7050ab23
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M nixos/doc/manual/configuration/xfce.xml

  Log Message:
  ---
  Merge pull request #23512 from matthiasbeyer/doc-fix-xfce

doc: Remove indention from program listings


Compare: https://github.com/NixOS/nixpkgs/compare/5054035c1873...0705346de46b___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] a3e6b4: javasvn: remove

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: a3e6b41d3677d37d808ee8f3b81f94d996899d40
  
https://github.com/NixOS/nixpkgs/commit/a3e6b41d3677d37d808ee8f3b81f94d996899d40
  Author: Robert Helgesson <rob...@rycee.net>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
R pkgs/development/libraries/java/javasvn/builder.sh
R pkgs/development/libraries/java/javasvn/default.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  javasvn: remove

Upstream URL is invalid and the package has not had direct attention
since June 2006.


  Commit: 5054035c18732fdf6bb4b8d215c20a89638ed0ff
  
https://github.com/NixOS/nixpkgs/commit/5054035c18732fdf6bb4b8d215c20a89638ed0ff
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
R pkgs/development/libraries/java/javasvn/builder.sh
R pkgs/development/libraries/java/javasvn/default.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Merge pull request #23571 from rycee/remove/javasvn

javasvn: remove


Compare: https://github.com/NixOS/nixpkgs/compare/558751b41eda...5054035c1873___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] ff9891: libgpg-error: 1.26 -> 1.27

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/staging
  Home:   https://github.com/NixOS/nixpkgs
  Commit: ff9891767f11d1f52b8e970bd145fb4959f2ac42
  
https://github.com/NixOS/nixpkgs/commit/ff9891767f11d1f52b8e970bd145fb4959f2ac42
  Author: Lancelot SIX <l...@lancelotsix.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/development/libraries/libgpg-error/default.nix

  Log Message:
  ---
  libgpg-error: 1.26 -> 1.27


  Commit: ade2357c653cbe336d8a7dc17a8dc02099ced432
  
https://github.com/NixOS/nixpkgs/commit/ade2357c653cbe336d8a7dc17a8dc02099ced432
  Author: Lancelot SIX <l...@lancelotsix.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/tools/security/gnupg/21.nix

  Log Message:
  ---
  gnupg21: 2.1.18 -> 2.1.19

See http://lists.gnu.org/archive/html/info-gnu/2017-03/msg0.html
for release information


  Commit: 33b738be4414b416d9e81ccd6114be81846fab84
  
https://github.com/NixOS/nixpkgs/commit/33b738be4414b416d9e81ccd6114be81846fab84
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/development/libraries/libgpg-error/default.nix
M pkgs/tools/security/gnupg/21.nix

  Log Message:
  ---
  Merge pull request #23386 from lsix/update_gnupg21

gnupg21: 2.1.18 -> 2.1.19


Compare: https://github.com/NixOS/nixpkgs/compare/2a385516516c...33b738be4414___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] NixOS 16.09 and Firefox Nightly

2017-03-06 Thread Graham Christensen
Mark Gardner  writes:

> ​It is indeed. Going to the Firefox home page (​
> https://www.mozilla.org/en-US/firefox/new/) tells me "Congrats! You’re
> using the latest version of Firefox." Sorry for the confusion.

I'm so glad to hear it, thank you for getting back to us! I'm going to
ask Mozilla about renaming our stable FF to Firefox.

Graham

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 9ac3a8: khd: 2.0.0 -> 2.1.1

2017-03-06 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 9ac3a8a5afa9c880fbf635f15d6a691751980540
  
https://github.com/NixOS/nixpkgs/commit/9ac3a8a5afa9c880fbf635f15d6a691751980540
  Author: Daiderd Jordan <daid...@gmail.com>
  Date:   2017-03-04 (Sat, 04 Mar 2017)

  Changed paths:
M pkgs/os-specific/darwin/khd/default.nix

  Log Message:
  ---
  khd: 2.0.0 -> 2.1.1


  Commit: d8ee4ea69985fcc7c6c4ca132b3422cff6e1f133
  
https://github.com/NixOS/nixpkgs/commit/d8ee4ea69985fcc7c6c4ca132b3422cff6e1f133
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-06 (Mon, 06 Mar 2017)

  Changed paths:
M pkgs/os-specific/darwin/khd/default.nix

  Log Message:
  ---
  Merge pull request #23493 from LnL7/khd

khd: 2.0.0 -> 2.1.1


Compare: https://github.com/NixOS/nixpkgs/compare/550f65a0f413...d8ee4ea69985___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 079c30: openshot-qt: remove myself from the maintainer lis...

2017-03-05 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 079c306c6e498caa0d99e5a0e212e60ebac4fd58
  
https://github.com/NixOS/nixpkgs/commit/079c306c6e498caa0d99e5a0e212e60ebac4fd58
  Author: Tomas Hlavaty <t...@logand.com>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M pkgs/applications/video/openshot-qt/default.nix
M pkgs/applications/video/openshot-qt/libopenshot-audio.nix
M pkgs/applications/video/openshot-qt/libopenshot.nix
M pkgs/development/libraries/unittest-cpp/default.nix

  Log Message:
  ---
  openshot-qt: remove myself from the maintainer list


  Commit: 1e8d505e0302eadc5a012a94541a69c010053012
  
https://github.com/NixOS/nixpkgs/commit/1e8d505e0302eadc5a012a94541a69c010053012
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-05 (Sun, 05 Mar 2017)

  Changed paths:
M pkgs/applications/video/openshot-qt/default.nix
M pkgs/applications/video/openshot-qt/libopenshot-audio.nix
M pkgs/applications/video/openshot-qt/libopenshot.nix
M pkgs/development/libraries/unittest-cpp/default.nix

  Log Message:
  ---
  Merge pull request #23539 from tohl/master

openshot-qt: remove myself from the maintainer list


Compare: https://github.com/NixOS/nixpkgs/compare/2ddcbcfe62d3...1e8d505e0302___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


Re: [Nix-dev] 'nixos-stable' channel?

2017-03-05 Thread Graham Christensen
David Izquierdo  writes:

> I think it would be handy though. After all, this is NixOS we're talking 
> about. We already have system.stateVersion for protecting stateful data, 
> and fixing the rest of the system is only a rollback away. Why not make 
> the alias/symlink without making it the default?

Another option I've wanted to explore, is dropping warnings on old
channels. See: https://github.com/NixOS/nixpkgs/pull/22096

A nice benefit to this option is we can retroactively apply it to all
channels.

Graham

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


Re: [Nix-dev] NixOS 16.09 and Firefox Nightly

2017-03-05 Thread Graham Christensen

David Izquierdo  writes:

> AFAIK those restrictions were recently dropped, Debian's firefox is now 
> branded Firefox instead of Iceweasel. It probably should be changed in 
> nixpkgs too to prevent further confusion.

I've asked in #firefox on Mozilla's IRC network. They've asked me to
come back and ask again in #build on Monday during US business hours,
but suggested we may indeed be able to have official branding.

Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline

2017-03-05 Thread Graham Christensen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Hello,

In my most recent roundup email, I included information about 17.03,
16.09, and the security support timeline. It was somewhat buried in the
otherwise very standard message, so I'm sending just that information.

NixOS 17.03 has entered Beta. This means we now have 3 versions of NixOS
being developed:

 - 16.09 (stable)
 - 17.03 (beta)
 - unstable

17.03 will become stable at the end of March.

Due to the size of the NixOS community and the available resources we
have, we typically only support one stable version of NixOS at a time.

In order to ease the transition, I have decided to continue providing
security patches to the 16.09 channel for one month after 17.03 is
released, ending on May 3rd, 2017.

You can switch from 16.09 to 17.03-beta via:

$ sudo nix-channel --add https://nixos.org/channels/nixos-17.03 nixos
$ sudo nix-channel --update
$ sudo nixos-rebuild boot
$ reboot

Note: Don't use nixos-rebuild switch. The path to setuid wrappers has
changed, and using switch will break setuid binaries (like sudo, ping,
etc.) until you reboot.

Thank you very much,
Graham Christensen
NixOS Security Team
https://github.com/nixos/security
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEP+htk0GpxXspt+y6BhIdNm/pQ1wFAli8LdAACgkQBhIdNm/p
Q1ygjA//U16fikL8uHxAjh4vM26U5rsztpXjDcMSMIv5wWi7omWWnwQ0b9nf/WPH
Tzh/nPA5L+DMrYBardPWF3PEriuuCW2oCBLhQpVIuYSl1vUmEL6R+GlBmHw6yD+G
DWFuxrJWwQLxNAjSrMwP0bID3ZYtFyQQZKvsrzpFSh+ThCu1tkvOUt8A9t43SBIJ
a0TTF6zFPez4GDrn7W702m4PMN0PEe0dyIg/UfpjmwEaxzgM8gZKcx/FLPh4IkVs
WN0RoPavLb5UhBeHGoV7kXWohJ26Wx4R8/5rX2kEQWl+5dP2fHuhGs6oEtRC5EHx
hiQmcwR+BCsQIZ6SzzveO2wOESiejjZnVuzqKoJ85NFfP39PRJqWD/GgHCsKCzwb
YQX8U5zKVmHNr0pbjtYFmkmyfMNisvJ217L1X758BylOSwMcaKCxPOxfO/A/Lra5
3MMRJQDs983sBuqBen4INPPcn/43GwwpMwlhxVdutCP9iyiH87hRSoX/Vf9l6fNa
vui2N00t8tn/biQKC0bFGBr5IPQiPmxBIVXRCP/Wiju+9vX5LUtk8y7pTr3lvkvr
M30W0/Q+1XK1IkTLsDDyvuG6NHqek5peIA7K4SKi5w6jI8quzdCqYkflGrgbXQOV
tyEEmmV8BMVPrpo7pmOQgHCh5ZlCU46hbqmHJxOjI2AJomwfLQo=
=eVJJ
-END PGP SIGNATURE-
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


Re: [Nix-dev] NixOS 16.09 and Firefox Nightly

2017-03-05 Thread Graham Christensen

Hi Mark,

As I understand it, what we ship in 16.09 is indeed the stable version
of Firefox. However, since we build it ourselves the licensing
restrictions of Mozilla require us to not call it "Firefox" but instead
force us to call it "Nightly."

Can you confirm that the version of Firefox you're running matches the
currently available, stable, Firefox?

Best,
Graham Christensen
NixOS Security Team
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 84deb2: jitsi: 2.8.5426 -> 2.10.5550 for CVE-2017-5603

2017-03-04 Thread Graham Christensen
  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 84deb2205ca283c89767b8f0dd81df14f3f0c0b1
  
https://github.com/NixOS/nixpkgs/commit/84deb2205ca283c89767b8f0dd81df14f3f0c0b1
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-04 (Sat, 04 Mar 2017)

  Changed paths:
M pkgs/applications/networking/instant-messengers/jitsi/default.nix
M pkgs/applications/networking/instant-messengers/jitsi/jitsi.patch

  Log Message:
  ---
  jitsi: 2.8.5426 -> 2.10.5550 for CVE-2017-5603

(cherry picked from commit 6011e3ea93e78e45dc2cb6cdf63afeb516670681)


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 6011e3: jitsi: 2.8.5426 -> 2.10.5550 for CVE-2017-5603

2017-03-04 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 6011e3ea93e78e45dc2cb6cdf63afeb516670681
  
https://github.com/NixOS/nixpkgs/commit/6011e3ea93e78e45dc2cb6cdf63afeb516670681
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-04 (Sat, 04 Mar 2017)

  Changed paths:
M pkgs/applications/networking/instant-messengers/jitsi/default.nix
M pkgs/applications/networking/instant-messengers/jitsi/jitsi.patch

  Log Message:
  ---
  jitsi: 2.8.5426 -> 2.10.5550 for CVE-2017-5603


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] d1a9f2: gpgme: fix build on macOS

2017-03-03 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: d1a9f2e8be9624e06d42714a107d2b8288945d12
  
https://github.com/NixOS/nixpkgs/commit/d1a9f2e8be9624e06d42714a107d2b8288945d12
  Author: Ignat Loskutov <ignat.losku...@gmail.com>
  Date:   2017-02-16 (Thu, 16 Feb 2017)

  Changed paths:
M pkgs/development/libraries/gpgme/default.nix

  Log Message:
  ---
  gpgme: fix build on macOS


  Commit: 75bc511222e9b8cc66ec4ccd967ca3c6d2d1f5d4
  
https://github.com/NixOS/nixpkgs/commit/75bc511222e9b8cc66ec4ccd967ca3c6d2d1f5d4
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-03 (Fri, 03 Mar 2017)

  Changed paths:
M pkgs/development/libraries/gpgme/default.nix

  Log Message:
  ---
  Merge pull request #22848 from loskutov/gpgme-macos-fix

gpgme: fix build on macOS


Compare: https://github.com/NixOS/nixpkgs/compare/0297fdc76495...75bc511222e9___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 1f709a: bazel: add gcc to PATH and simplify patch

2017-03-02 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 1f709ad136ff18b209638372a0b48345cf1f4fa6
  
https://github.com/NixOS/nixpkgs/commit/1f709ad136ff18b209638372a0b48345cf1f4fa6
  Author: Itai Zukerman <zuker...@math-hat.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/development/tools/build-managers/bazel/default.nix

  Log Message:
  ---
  bazel: add gcc to PATH and simplify patch

Removed patches that are purely for testing.
Removed dependencies that seemed to not be needed.
Expand all instances of #!/bin/bash, not just those at the start of scripts.


  Commit: 03549854ac7eb0c7f680733dc8e9458873a1bde4
  
https://github.com/NixOS/nixpkgs/commit/03549854ac7eb0c7f680733dc8e9458873a1bde4
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/development/tools/build-managers/bazel/default.nix

  Log Message:
  ---
  Merge pull request #23385 from izuk/bazel

bazel: add gcc to PATH and simplify patch


Compare: https://github.com/NixOS/nixpkgs/compare/f4f0889131b6...03549854ac7e___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 17a3e9: kdeApplications.kdelibs: patch for insecure URL pa...

2017-03-02 Thread Graham Christensen
  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 17a3e979a40b9d916dab0a8d72b2cb0ffeb20ca1
  
https://github.com/NixOS/nixpkgs/commit/17a3e979a40b9d916dab0a8d72b2cb0ffeb20ca1
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/applications/kde/kdelibs/default.nix

  Log Message:
  ---
  kdeApplications.kdelibs: patch for insecure URL passing

(cherry picked from commit 7abda54bbbe9e43fe3ed4712d875701837e31d3f)


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 7abda5: kdeApplications.kdelibs: patch for insecure URL pa...

2017-03-02 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 7abda54bbbe9e43fe3ed4712d875701837e31d3f
  
https://github.com/NixOS/nixpkgs/commit/7abda54bbbe9e43fe3ed4712d875701837e31d3f
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/applications/kde/kdelibs/default.nix

  Log Message:
  ---
  kdeApplications.kdelibs: patch for insecure URL passing


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 43e84f: kde.kdelibs: patch for insecure URL passing

2017-03-02 Thread Graham Christensen
  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 43e84f4085437ba4c791e63ac304f30e51f2d058
  
https://github.com/NixOS/nixpkgs/commit/43e84f4085437ba4c791e63ac304f30e51f2d058
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/desktops/kde-5/applications/kdelibs/default.nix

  Log Message:
  ---
  kde.kdelibs: patch for insecure URL passing


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 9daae5: kdeFrameworks.kio: patch for insecure URL passing

2017-03-02 Thread Graham Christensen
  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 9daae5bb850a9ea9edda38ab69dcd71c29644760
  
https://github.com/NixOS/nixpkgs/commit/9daae5bb850a9ea9edda38ab69dcd71c29644760
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/development/libraries/kde-frameworks/kio/default.nix

  Log Message:
  ---
  kdeFrameworks.kio: patch for insecure URL passing

(cherry picked from commit 5ce06263a35da4b99589227f3553093d381c24c9)


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 646958: kdeFrameworks.kio: patch for insecure URL passing

2017-03-02 Thread Graham Christensen
  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 646958098d77b62ccc6056d529d8acba91c28fc0
  
https://github.com/NixOS/nixpkgs/commit/646958098d77b62ccc6056d529d8acba91c28fc0
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/development/libraries/kde-frameworks/kio/default.nix

  Log Message:
  ---
  kdeFrameworks.kio: patch for insecure URL passing

(cherry picked from commit 5ce06263a35da4b99589227f3553093d381c24c9)


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 5ce062: kdeFrameworks.kio: patch for insecure URL passing

2017-03-02 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 5ce06263a35da4b99589227f3553093d381c24c9
  
https://github.com/NixOS/nixpkgs/commit/5ce06263a35da4b99589227f3553093d381c24c9
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-03-02 (Thu, 02 Mar 2017)

  Changed paths:
M pkgs/development/libraries/kde-frameworks/kio/default.nix

  Log Message:
  ---
  kdeFrameworks.kio: patch for insecure URL passing


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 442b58: webkitgtk24x: mark as insecure

2017-02-27 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 442b589b71132f593de9ec5725c1b4cca2cab065
  
https://github.com/NixOS/nixpkgs/commit/442b589b71132f593de9ec5725c1b4cca2cab065
  Author: Joachim Fasting <joach...@fastmail.fm>
  Date:   2017-02-26 (Sun, 26 Feb 2017)

  Changed paths:
M pkgs/development/libraries/webkitgtk/2.4.nix

  Log Message:
  ---
  webkitgtk24x: mark as insecure

See https://github.com/NixOS/nixpkgs/issues/18312


  Commit: ba78819782cec6e9846d02944f34254615e8dc80
  
https://github.com/NixOS/nixpkgs/commit/ba78819782cec6e9846d02944f34254615e8dc80
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-27 (Mon, 27 Feb 2017)

  Changed paths:
M pkgs/development/libraries/webkitgtk/2.4.nix

  Log Message:
  ---
  Merge pull request #23225 from joachifm/webkitgtk24x-broken

webkitgtk24x: mark as insecure


Compare: https://github.com/NixOS/nixpkgs/compare/14b6f2a8378e...ba78819782ce___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 143050: mcelog: init Machine Check Exception Logging Daemo...

2017-02-26 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 1430507a59f8b809274182fe7ae120b099bf
  
https://github.com/NixOS/nixpkgs/commit/1430507a59f8b809274182fe7ae120b099bf
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-26 (Sun, 26 Feb 2017)

  Changed paths:
A nixos/modules/hardware/mcelog.nix
M nixos/modules/module-list.nix

  Log Message:
  ---
  mcelog: init Machine Check Exception Logging Daemon service


  Commit: 4f3d06dc7d011b57f69d71c12d427c290c987bb8
  
https://github.com/NixOS/nixpkgs/commit/4f3d06dc7d011b57f69d71c12d427c290c987bb8
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-26 (Sun, 26 Feb 2017)

  Changed paths:
A nixos/modules/hardware/mcelog.nix
M nixos/modules/module-list.nix

  Log Message:
  ---
  Merge pull request #23214 from grahamc/mcelog-service

mcelog: init Machine Check Exception Logging Daemon service


Compare: https://github.com/NixOS/nixpkgs/compare/4b6f021251e6...4f3d06dc7d01___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 8b40d2: mcelog: 144 -> 148

2017-02-26 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 8b40d2e305e861c4f18a96af943fa927125b9537
  
https://github.com/NixOS/nixpkgs/commit/8b40d2e305e861c4f18a96af943fa927125b9537
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-26 (Sun, 26 Feb 2017)

  Changed paths:
M pkgs/os-specific/linux/mcelog/default.nix

  Log Message:
  ---
  mcelog: 144 -> 148


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 4d006d: Revert "Revert "linux kernels: patch against DCCP ...

2017-02-23 Thread Graham Christensen
  Branch: refs/heads/release-16.09
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 4d006d3371e96f4933b0d2233a969722acf3aeda
  
https://github.com/NixOS/nixpkgs/commit/4d006d3371e96f4933b0d2233a969722acf3aeda
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-23 (Thu, 23 Feb 2017)

  Changed paths:
M pkgs/os-specific/linux/kernel/patches.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Revert "Revert "linux kernels: patch against DCCP double free 
(CVE-2017-6074)""

This reverts commit 53a2baabbeb29ce0180b0353deb623139f1808bd.

(cherry picked from commit d36b1ccc135fd86dd228db735ce6ef54d69cd9a1)


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] d36b1c: Revert "Revert "linux kernels: patch against DCCP ...

2017-02-23 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: d36b1ccc135fd86dd228db735ce6ef54d69cd9a1
  
https://github.com/NixOS/nixpkgs/commit/d36b1ccc135fd86dd228db735ce6ef54d69cd9a1
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-23 (Thu, 23 Feb 2017)

  Changed paths:
M pkgs/os-specific/linux/kernel/patches.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Revert "Revert "linux kernels: patch against DCCP double free 
(CVE-2017-6074)""

This reverts commit 53a2baabbeb29ce0180b0353deb623139f1808bd.


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-dev] Linux Kernel: DCCP Double Free, Local Root (CVE-2017-6074)

2017-02-23 Thread Graham Christensen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


Hello,

Recently, a kernel double-free vulnerability was reported by Andrey
Konovalov in the DCCP functionality of the Linux kernel. All kernels
compiled with CONFIG_IP_DCCP enabled (compiled in or as a module) are
vulnerable. If the module is not loaded, the kernel will load it on
first use.


VULNERABILITY STATUS
- - 
NixOS's default configuration does compile the kernels with
CONFIG_IP_DCCP set to m and thusly we are vulnerable.


MITIGATION
- - --
Until we are able to release patches, users are able to mitigate the
issue by applying the following configuration and running `nixos-rebuild
switch`:

boot.extraModProbeConfig = ''
  install dccp /run/current-system/sw/bin/false
'';

If your kernel has already loaded the dccp module, you will need to
reboot:

lsmod | grep dccp

However, if you don't use dccp and your kernel has loaded the module,
you should investigate the situation.


RELEASE SCHEDULE
- - 
We are currently working to release patches and updates to NixOS 16.09
and Unstable. I hope to have patches being tested for release within the
next few hours.


MORE
- - 
For more details, visit: http://seclists.org/oss-sec/2017/q1/471,
reply to me (gra...@grahamc.com), or ask in #NixOS on Freenode.

Thank you to clever on Freenode for help on this email.

Thank you,
Graham Christensen
NixOS Security Team
-BEGIN PGP SIGNATURE-

iQIcBAEBCAAGBQJYr6LGAAoJEAYSHTZv6UNcjjUP/jKZ2N2RJt3HjhCDfjBcT3da
c6i0I89Fjf0gypJmA+iEonZE0fMQTSMwFkU49FpmSvB2Dt/9IF5fsH5KLfC45gac
F5QAxmHn00HbJ3QKbfm8f+AwvgXoMSBe6eP9GStsu7VQDBCvblggbHgUnw/nBY/Q
uCa+X159sncS8HW9eLSdyPSpTt2yfPOiCeLXunmZpX4s3W5hPfNGz+OzgxpSspYY
i20iH75Mxtmkm60qFI91YqyVqGoWHtEu+Su/BK3i1NaY9Y+2Gf2p5SakBx8023/l
fagFKH2caebNJIwNDTBqpxKLVRT5I6n2h9Q9TGdFKE7izSYHj80LnyGau4mDLScX
imzDCSWaEOtoWwaeu/LGnM2Fn2BS+DtIf+GbNeOTohzRW1c6D3u43Xegl/adIX1q
mg3H2nkrJTDRQI98Ftu5OSziln8xrFkriJYORdIsdfTPtdLHgog2HVjvJ3U5k7t+
Snr4ep5ZBebaFTYhoZdSoCL8zmCwp722TIoBcUiQ/jjSCUeQ/USsjTTAlWQSb/AX
VU5X7/t/7ZeBd+67R5ovowCb2Axj4JF9COoMdbE6slgfuqEvghM+cK8komv+GJWV
y9DxTEVT9gm3qV+stbO+yIh41jAG9DqR5rwmzhdch+nrOA/Ib4U2bHD80U0DmRfc
QlI58q2jPzOaF0ubJDzH
=F23d
-END PGP SIGNATURE-
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[Nix-commits] [NixOS/nixpkgs] 53a2ba: Revert "linux kernels: patch against DCCP double f...

2017-02-23 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 53a2baabbeb29ce0180b0353deb623139f1808bd
  
https://github.com/NixOS/nixpkgs/commit/53a2baabbeb29ce0180b0353deb623139f1808bd
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-23 (Thu, 23 Feb 2017)

  Changed paths:
M pkgs/os-specific/linux/kernel/patches.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  Revert "linux kernels: patch against DCCP double free (CVE-2017-6074)"

This reverts commit 1d68edbef48f30a4cefc33a85636099582411957.


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 1d68ed: linux kernels: patch against DCCP double free (CVE...

2017-02-23 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 1d68edbef48f30a4cefc33a85636099582411957
  
https://github.com/NixOS/nixpkgs/commit/1d68edbef48f30a4cefc33a85636099582411957
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-23 (Thu, 23 Feb 2017)

  Changed paths:
M pkgs/os-specific/linux/kernel/patches.nix
M pkgs/top-level/all-packages.nix

  Log Message:
  ---
  linux kernels: patch against DCCP double free (CVE-2017-6074)


___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


[Nix-commits] [NixOS/nixpkgs] 59d61e: Revert "nixpkgs: allow packages to be marked insec...

2017-02-23 Thread Graham Christensen
  Branch: refs/heads/master
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 59d61ef34aae47f9fae53c4a10cc9bc1b19a6db1
  
https://github.com/NixOS/nixpkgs/commit/59d61ef34aae47f9fae53c4a10cc9bc1b19a6db1
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-23 (Thu, 23 Feb 2017)

  Changed paths:
M pkgs/development/libraries/libplist/default.nix
M pkgs/stdenv/generic/default.nix

  Log Message:
  ---
  Revert "nixpkgs: allow packages to be marked insecure"


  Commit: 0cfa40d1229d20af816e299d77d09819934231e9
  
https://github.com/NixOS/nixpkgs/commit/0cfa40d1229d20af816e299d77d09819934231e9
  Author: Graham Christensen <gra...@grahamc.com>
  Date:   2017-02-23 (Thu, 23 Feb 2017)

  Changed paths:
M pkgs/development/libraries/libplist/default.nix
M pkgs/stdenv/generic/default.nix

  Log Message:
  ---
  Merge pull request #23108 from NixOS/revert-22890-mark-as-insecure

Revert "nixpkgs: allow packages to be marked insecure"


Compare: https://github.com/NixOS/nixpkgs/compare/274994785d9e...0cfa40d1229d___
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits


  1   2   3   4   5   6   7   >