This is a syscall table used for compiling Minijail policy files to
BPF. The compiler is available in the minijail-tools package. The
file is generated by compiling and running a small program named
dump_constants.
When cross-compiling, we have to get the syscall table for the host
platform. To do this, dump_constants is run under QEMU user emulation
for the appropriate platform. Google takes the same approach in their
minijail packages for ChromiumOS[1].
[1]: 729bd4269a/chromeos-base/minijail/minijail-9999.ebuild (49)
This is built from the same source as minijail, but is for all intents
and purposes a seperate package. It builds different things, with no
overlap, and is under a different license.
Hello,
New versions of all the skarnet.org packages are available.
This is mostly a bugfix release (there was an installation bug in
some circumstances with shared libraries) but some packages, notably
execline and s6, have new, useful features.
The new versions are the following:
skalibs-2.9.2.0
nsss-0.0.2.2
utmps-0.0.3.2
execline-2.6.0.0
s6-2.9.1.0
s6-rc-0.5.1.2
s6-linux-init-1.0.4.0
s6-dns-2.3.2.0
s6-networking-2.3.1.2
s6-portable-utils-2.2.2.2
s6-linux-utils-2.5.1.2
mdevd-0.1.1.2
bcnm-0.0.1.0
Here are details for the packages that have more than bugfixes:
* skalibs-2.9.2.0
---------------
- New header: skalibs/bigkv.h. It's a set of functions allowing
efficient lookups in a large set of strings (typically read from the
command line or the environment).
https://skarnet.org/software/skalibs/
git://git.skarnet.org/skalibs
* execline-2.6.0.0
----------------
- It's a major release because an API has been modified: dollarat.
Beforehand, dollarat's -0 option would always prevail over any -d
option. Now, dollarat has its conflicting -0 and -d options handled
in the conventional way, with rightmost priority.
- The runblock program now accepts a command line prefix, which is
given as runblock's own command line. This allows blocks to serve as
arguments to a new command, instead of having to be full command lines
by themselves.
- New binary: posix-umask.
- The former "cd" program is now named "execline-cd" and the former
"umask" program is named "execline-umask". When the=20
--enable-pedantic-posix
option is not given at configure time, "cd" and "umask" are symbolic
links created at installation time and pointing to execline-cd and
execline-umask respectively. When the --enable-pedantic-posix option is
given, the symbolic links point to posix-cd and posix-umask instead.
- With posix-cd and posix-umask (and the changes to wait done in the
previous version), execline is now fully POSIX-compliant when built with
the --enable-pedantic-posix option. This will certainly, without the
slightest hint of a doubt, change distributions' attitudes about it.
https://skarnet.org/software/execline/
git://git.skarnet.org/execline
* s6-2.9.1.0
----------
- A new '?' directive has been added to s6-log. It behaves exactly like
'!', except that it spawns the given processor with /bin/sh as an
interpreter instead of execlineb.
- execline support is now optional: it can be disabled by specifying
--disable-execline at configure time. Some functionality is unavailable
when execline support is disabled:
* s6-log's '!' directive
* s6-notifyoncheck's -c option
* s6-ipcserver-access's support for 'exec' directives in a ruleset
- A new -X option has been added to s6-svscan, to specify a descriptor
that will be passed as stderr to a service spawned by this s6-svscan and
named s6-svscan-log. This is used in the new s6-linux-init, to avoid
needing to hardcode the /dev/console name for the catch-all logger's
standard error.
- On systems that define SIGPWR and SIGWINCH, s6-svscan -s now diverts
those signals. This allows powerfail and kbrequest events to be handled
when s6-svscan runs as process 1.
https://skarnet.org/software/s6/
git://git.skarnet.org/s6
* s6-linux-init-1.0.4.0
---------------------
- New options have been added to s6-linux-init-maker: to support
running s6-linux-init without a catch-all logger, and to support running
it in a container.
- s6-linux-init-maker now adds a SIGPWR handler to the default image:
on receipt of a SIGPWR, the system's shutdown procedure is triggered.
- s6-linux-init now handles kbrequest, which triggers a SIGWINCH in
init when a special, configurable set of keys is pressed. By default,
no SIGWINCH handler is declared in the image, and no set of keys is
bound to kbrequest.
https://skarnet.org/software/s6-linux-init/
git://git.skarnet.org/s6-linux-init
* s6-dns-2.3.2.0
--------------
- New library: libdcache, implementing a clean cache structure
to contain DNS data. It's still not used at the moment.
https://skarnet.org/software/s6-dns/
git://git.skarnet.org/s6-dns
* bcnm-0.0.1.0
------------
- First numbered release, because the Ad=C3=A9lie Linux distribution,
which uses libwpactrl, needs an official release instead of pulling
from git.
- libwpactrl is a set of C functions helping control a wpa_supplicant
process.
- bcnm-waitif is a binary that waits for network interface state
events such as appearance/disappearance, up/down, running/not-running.
It is useful to avoid race conditions during a boot sequence, for
instance.
https://skarnet.org/software/bcnm/
git://git.skarnet.org/bcnm
Enjoy,
Bug-reports welcome.
--
Laurent
This adds a patch from debian to switch ipmitool to openssl 1.1.
Upstream seems to already carry a version of this but that is yet to be
part of a release.
Includes LC_ALL = "en_US.UTF-8"; that resolves a locale.Error exception
during the check phase.
[...]
File "/build/s-tui-1.0.0/s_tui/sensors_menu.py", line 27, in <module>
import urwid
File "/nix/store/xxhpq1kcjy0kimfwnwqlzh2pchkp9khi-python3.7-urwid-2.1.0/lib/python3.7/site-packages/urwid/__init__.py", line 26, in <module>
from urwid.widget import (FLOW, BOX, FIXED, LEFT, RIGHT, CENTER, TOP, MIDDLE,
File "/nix/store/xxhpq1kcjy0kimfwnwqlzh2pchkp9khi-python3.7-urwid-2.1.0/lib/python3.7/site-packages/urwid/widget.py", line 27, in <module>
from urwid.util import (MetaSuper, decompose_tagmarkup, calc_width,
File "/nix/store/xxhpq1kcjy0kimfwnwqlzh2pchkp9khi-python3.7-urwid-2.1.0/lib/python3.7/site-packages/urwid/util.py", line 61, in <module>
detected_encoding = detect_encoding()
File "/nix/store/xxhpq1kcjy0kimfwnwqlzh2pchkp9khi-python3.7-urwid-2.1.0/lib/python3.7/site-packages/urwid/util.py", line 58, in detect_encoding
locale.setlocale(locale.LC_ALL, initial)
File "/nix/store/ja04f3cmapzb3f2mvjrb883bfqclsirq-python3-3.7.6/lib/python3.7/locale.py", line 608, in setlocale
return _setlocale(category, locale)
locale.Error: unsupported locale setting
Changes the default fetcher in the Rust Platform to be the newer
`fetchCargoTarball`, and changes every application using the current default to
instead opt out.
This commit does not change any hashes or cause any rebuilds. Once integrated,
we will start deleting the opt-outs and recomputing hashes.
See #79975 for details.
This has several advantages:
1. It takes up less space on disk in-between builds in the nix store.
2. It uses less space in the binary cache for vendor derivation packages.
3. It uses less network traffic downloading from the binary cache.
4. It plays nicely with hashed mirrors like tarballs.nixos.org, which only
substitute --flat hashes on single files (not recursive directory hashes).
5. It's consistent with how simple `fetchurl` src derivations work.
6. It provides a stronger abstraction between input src-package and output
package, e.g., it's harder to accidentally depend on the src derivation at
runtime by referencing something like `${src}/etc/index.html`. Likewise, in
the store it's harder to get confused with something that is just there as a
build-time dependency vs. a runtime dependency, since the build-time
src dependencies are tarred up.
Disadvantages are:
1. It takes slightly longer to untar at the start of a build.
As currently implemented, this attaches the compacted vendor.tar.gz feature as a
rider on `verifyCargoDeps`, since both of them are relatively newly implemented
behavior that change the `cargoSha256`.
If this PR is accepted, I will push forward the remaining rust packages with a
series of treewide PRs to update the `cargoSha256`s.
This is only the easy cases -- some fetchgit uses that point to
Gitiles instances are in generated code, where the generating code
would have to know in advance if it was fetching from Gitiles or not.
I don't think this is worth it.
osquery was marked as broken since April.
If somebody steps up to fix it, we can always revive it from the
histroy, but there's not much value in shipping completely broken things
in current master.
cc @ma27
Alioth is now offline -> https://wiki.debian.org/Salsa/AliothMigration
Sources moved to other forges (Salsa for example)
Some release tarballs are available on alioth-archive.debian.org