This was caused by multiple things: First, the module-path was wrong in
the release. Second, when modules tried to load stumpwm, asdf searched
for its sources in /tmp/nix-build-*.
Both of these issues are fixed by a nix-specific patch that tells adsf
to *never* try to load stumpwm (and others) from the filesystem. This is
fine as those modules are already available in the image anyway.
We also refactor some stuff & clean up the build. Stumpish works now
too.
This updates rdnssd to the following:
* Using the systemd interfaces directly
* Using the rdnssd user instead of the root user
* Integrating with resolvconf instead of writing directly to /etc/resolv.conf
The i686-linux test has never worked and I wrote the VM test only on
x86_64-linux to verify whether hardening mode works. I don't know why it
fails on i686-linux, but that might be because the inner VirtualBox VM
we're starting during the VM test doesn't use hardware virtualization.
Closes#5708.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Upstream changelog:
* GUI: in the snapshots pane, protect the age of snapshots against
wrong host time
* NAT Network: fixed a bug which prevented to propagate any DNS name
server / domain / search string information to the NAT
network (4.3.24 regression)
* NAT Network: don't delay the shutdown of VBoxSVC on Windows hosts
* Mouse support: the mouse could not be moved under rare conditions if
no Guest Additions are installed (4.3.24 regression)
* Storage: if the guest ejects a virtual CD/DVD medium, make the change
permanent
* VGA: made saving secondary screen sizes possible in X11 guests
* SDK: fixed the VirtualBox.tlb file (4.3.20 regression)
* rdesktop-vrdp: make it work with USB devices again (4.3.14
regression)
* USB: fixed a possible BSOD on Windows hosts under rare conditions
* iPXE: enable the HTTP download protocol on non-Linux hosts
* Mac OS X hosts: don't panic on hosts with activated SMAP (Broadwell
and later)
* Linux hosts: don't crash Linux 4.0 hosts
The same with bug IDs can be found at:
https://www.virtualbox.org/wiki/Changelog
Tested on my machine using the virtualbox NixOS VM test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This is espacially cruicial when it comes to Nix 1.9, where we even have
a more restrictive /nix/store. In any event, VirtualBox in hardenend
mode doesn't have to check the /nix/store path, because it's read-only
on NixOS systems. So this check would not introduce more security but
more hurdles, thus I'm removing it (of course _only_ for /nix/store).
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Sometimes, keys aren't properly recognized the first time, so in order
to make sure they get through, always resend the key again on retry.
In this case the worst that could happen is that the VM is started over
and over again, but never in parallel, so that's fine because we're
checking for successful startup 10 seconds after the keypress.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>