slack-cli must be configured using the SLACK_CLI_TOKEN environment
variable. Using `slack init` will not work because it tries to write to
the Nix store.
Refactors the process used to build the Datadog core integrations to
be more easily extensible with integrations other than the ones built
and installed by default.
Documentation has been added in relevant parts of the module to
describe how the process works.
As a high-level overview:
The `datadog-integrations-core` attribute in the top-level package set
now accepts an extra parameter.
This parameter is an attribute set where each key is the name of a
Datadog integration as it appears in Datadog's integrations-core
repository[1], and the value is a function that receives the Python
package set and returns the required dependencies of this integration.
For example:
datadog-integrations-core {
ntp = (ps: [ ps.ntplib ]);
};
This would build the default integrations and, additionally, the `ntp`
integration.
To support passing the modified Python environment to the
datadog-agent itself, the `python` key has been moved inside of the
derivation which means that it will be made overridable.
This relates to NixOS/nixpkgs#40399.
[1]: https://github.com/DataDog/integrations-core
DataDog have adopted a subtle naming convention:
- dd-agent refers to the v5 Python implementation
- datadog-agent refers to the v6 golang implementation
As per project's README:
> Recent systems can resolve IPv6 host names using getaddrinfo(). This
> primitive is not present in all libcs and does not work in all of
> them either. Support in glibc was broken before 2.3. Some embedded
> libs may not properly work either, thus, support is disabled by
> default, meaning that some host names which only resolve as IPv6
> addresses will not resolve and configs might emit an error during
> parsing. If you know that your OS libc has reliable support for
> getaddrinfo(), you can add USE_GETADDRINFO=1 on the make command
> line to enable it. This is the recommended option for most Linux
> distro packagers since it's working fine on all recent mainstream
> distros. It is automatically enabled on Solaris 8 and above, as it's
> known to work.
Without this option, it is not possible for HAProxy to solve IPv6-only
names. This option is enabled in Debian builds without any notable
adverse effect.
The patches previously applied have been included upstream. Upstream
changelog (only MAJOR/MEDIUM):
2018/07/30 : 1.8.13
- BUG/MEDIUM: h2: don't accept new streams if conn_streams are still in excess
- BUG/MEDIUM: h2: never leave pending data in the output buffer on close
- BUG/MEDIUM: h2: make sure the last stream closes the connection after a timeout
- BUG/MEDIUM: threads: Fix the exit condition of the thread barrier
- BUG/MEDIUM: stream-int: don't immediately enable reading when the buffer was reportedly full
- BUG/MEDIUM: stats: don't ask for more data as long as we're responding
- BUG/MEDIUM: threads/sync: use sched_yield when available
- BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection forever
- BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS
- BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread number
- MEDIUM: proxy_protocol: Convert IPs to v6 when protocols are mixed
2018/06/27 : 1.8.12
- BUG/MAJOR: stick_table: Complete incomplete SEGV fix
2018/06/26 : 1.8.11
- BUG/MAJOR: Stick-tables crash with segfault when the key is not in the stick-table
2018/06/22 : 1.8.10
- BUG/MEDIUM: spoe: Flags are not encoded in network order
- BUG/MEDIUM: contrib/mod_defender: Use network order to encode/decode flags
- BUG/MEDIUM: contrib/modsecurity: Use network order to encode/decode flags
- BUG/MEDIUM: cache: don't cache when an Authorization header is present
- BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check failure.
- BUG/MEDIUM: fd: Only check update_mask against all_threads_mask.
- BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file
- BUG/MEDIUM: lua/socket: Length required read doesn't work
- BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters
- BUG/MEDIUM: spoe: Return an error when the wrong ACK is received in sync mode
- BUG/MEDIUM: lua/socket: wrong scheduling for sockets
- BUG/MAJOR: lua: Dead lock with sockets
- BUG/MEDIUM: lua/socket: Notification error
- BUG/MEDIUM: lua/socket: Sheduling error on write: may dead-lock
- BUG/MEDIUM: lua/socket: Buffer error, may segfault
- MAJOR: spoe: upgrade the SPOP version to 2.0 and remove the support for 1.0
- BUG/MEDIUM: threads: handle signal queue only in thread 0
- BUG/MAJOR: map: fix a segfault when using http-request set-map
- BUG/MAJOR: ssl: Random crash with cipherlist capture
- BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
- BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete().
- BUG/MEDIUM: threads: Use the sync point to check active jobs and exit
`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).
This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:
* `plain` (mostly username/password)
* `pam`
The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.
The module can be used like this:
``` nix
{
services.ocserv = {
enable = true;
config = ''
...
'';
};
}
```
The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.
The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:
```
run-as-user = nobody
run-as-group = nogroup
```
/cc @tenten8401
Fixes#42594
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.
* libffi: simplify using `checkInputs`
* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix
* utillinux: 2.32 -> 2.32.1
https://lkml.org/lkml/2018/7/16/532
* busybox: 1.29.0 -> 1.29.1
* bind: 9.12.1-P2 -> 9.12.2
https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html
* curl: 7.60.0 -> 7.61.0
* gvfs: make tests run, but disable
* ilmbase: disable tests on i686. Spooky!
* mdds: fix tests
* git: disable checks as tests are run in installcheck
* ruby: disable tests
* libcommuni: disable checks as tests are run in installcheck
* librdf: make tests run, but disable
* neon, neon_0_29: make tests run, but disable
* pciutils: 3.6.0 -> 3.6.1
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.
* mesa: more include fixes
mostly from void-linux (thanks!)
* npth: 1.5 -> 1.6
minor bump
* boost167: Add lockfree next_prior patch
* stdenv: cleanup darwin bootstrapping
Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.
* Revert "pciutils: use standardized equivalent for canonicalize_file_name"
This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.
* binutils-wrapper: Try to avoid adding unnecessary -L flags
(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>
* libffi: don't check on darwin
libffi usages in stdenv broken darwin. We need to disable doCheck for that case.
* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook
* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes#40273
When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.
* parity-ui: fix after merge
* python.pkgs.pytest-flake8: disable test, fix build
* Revert "meson: 0.46.1 -> 0.47.0"
With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.
When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.
Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.
I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)
This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.
--
Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).
Fixes#43650.
This reverts commit 305ac4dade.
(cherry picked from commit 273d68eff8)
Signed-off-by: Domen Kožar <domen@dev.si>
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.
Misc...
- qtikz: use libsForQt5.callPackage
This ensures we get the right poppler.
- rewrites:
docbook5_xsl -> docbook_xsl_ns
docbook_xml_xslt -> docbook_xsl
diffpdf: fixup
> whois (5.3.2) unstable; urgency=medium
>
> * Added the .ge TLD server.
> * Updated the charset for whois.nic.cl. (Closes: #900047)
> * Updated the list of new gTLDs.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/http-prompt/versions.
<details><summary>Version release notes (from GitHub)</summary>
* Fix bug: Handle OpenAPI `basePath` properly (#140, #141)</details>
These checks were done:
- built on NixOS
- /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2/bin/.http-prompt-wrapped passed the binary check.
- /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2/bin/http-prompt passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 2 of 2 passed binary check by having the new version present in output.
- found 0.11.2 with grep in /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2
- directory tree listing: https://gist.github.com/9cc6cb35afe53057b07f364f2b4bfae8
- du listing: https://gist.github.com/7ef9ede9ef7a82a304847cf671cef769
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/xl2tpd/versions.
These checks were done:
- built on NixOS
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/pfc passed the binary check.
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/xl2tpd passed the binary check.
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/xl2tpd-control passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 1 of 3 passed binary check by having the new version present in output.
- found 1.3.12 with grep in /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12
- directory tree listing: https://gist.github.com/9e7e06daf4d57291dbefde0aff0da546
- du listing: https://gist.github.com/0eb400f5c7f43510ed9dc63f43181d95
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/zerotierone/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-idtool had a zero exit code or showed the expected version
- /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-cli passed the binary check.
- /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-one passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 2 of 3 passed binary check by having the new version present in output.
- directory tree listing: https://gist.github.com/87164b4a118f54881debe8986fa9d125
- du listing: https://gist.github.com/d1842159ba2f6272856b4451d5860bf7
In particular, this contains Firefox-related and libgcrypt updates.
Other larger rebuilds would apparently need lots of time to catch up
on Hydra, due to nontrivial rebuilds in other branches than staging.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/speedtest-cli/versions.
These checks were done:
- built on NixOS
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/.speedtest-wrapped passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/speedtest passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/.speedtest-cli-wrapped passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/speedtest-cli passed the binary check.
- 4 of 4 passed binary check by having a zero exit code.
- 4 of 4 passed binary check by having the new version present in output.
- found 2.0.2 with grep in /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2
- directory tree listing: https://gist.github.com/6b0bc77e82e32f36a5b79985ecdfc141
- du listing: https://gist.github.com/d6c4b589c95fcdaad30bc0b4e265e6e6
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/unbound/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-checkconf had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control had a zero exit code or showed the expected version
- /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-host passed the binary check.
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-anchor had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control-setup had a zero exit code or showed the expected version
- 1 of 6 passed binary check by having a zero exit code.
- 0 of 6 passed binary check by having the new version present in output.
- found 1.7.2 with grep in /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2
- directory tree listing: https://gist.github.com/24f2136689bd3209095feb3b71734811
- du listing: https://gist.github.com/9efb5b527b161e93a47f0237c7d556a8
Adds programs.mosh.withUtempter (default: true).
The option enables -with-utempter for mosh, allowing it to write to
/var/run/utmp and thus making connected sessions appear in the output
of `who -a`.
For that, a guid-wrapper is required. Also, the path to the `utempter` was
hardcoded in the resulting binary until now (so it could never been found),
thus, libutempter was patched accordingly to point to
/run/wrappers/bin/utempter which at least works when the wrapper is
configured.
This fixes CVE-2018-10184 a potential remote denial of service in the
http/2 module. The version bump also includes various other changes that
are described in the changelog [1]:
2018/05/18 : 1.8.9
- BUG/MINOR: pattern: Add a missing HA_SPIN_INIT() in pat_ref_newid()
- BUG/MAJOR: channel: Fix crash when trying to read from a closed socket
- BUG/MINOR: log: t_idle (%Ti) is not set for some requests
- BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits
- MINOR: h2: detect presence of CONNECT and/or content-length
- BUG/MEDIUM: h2: implement missing support for chunked encoded uploads
- BUG/MINOR: lua/threads: Make lua's tasks sticky to the current thread
- BUG/MINOR: config: disable http-reuse on TCP proxies
- BUG/MINOR: checks: Fix check->health computation for flapping servers
- BUG/MEDIUM: threads: Fix the sync point for more than 32 threads
- BUG/MINOR: lua: Put tasks to sleep when waiting for data
- DOC/MINOR: clean up LUA documentation re: servers & array/table.
- BUG/MINOR: map: correctly track reference to the last ref_elt being dumped
- BUG/MEDIUM: task: Don't free a task that is about to be run.
- BUG/MINOR: lua: schedule socket task upon lua connect()
- BUG/MINOR: lua: ensure large proxy IDs can be represented
- BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR
- BUG/MEDIUM: pollers: Use a global list for fd shared between threads.
- BUG/MEDIUM: ssl: properly protect SSL cert generation
- BUG/MINOR: spoe: Mistake in error message about SPOE configuration
2018/04/19 : 1.8.8
- BUG/MEDIUM: threads: Fix the max/min calculation because of name clashes
- BUG/MEDIUM: connection: Make sure we have a mux before calling detach().
- BUG/MINOR: http: Return an error in proxy mode when url2sa fails
- BUG/MEDIUM: kqueue: When adding new events, provide an output to get errors.
- BUG/MINOR: cli: Guard against NULL messages when using CLI_ST_PRINT_FREE
- MINOR: cli: Ensure the CLI always outputs an error when it should
- DOC: lua: update the links to the config and Lua API
- BUG/CRITICAL: h2: fix incorrect frame length check
2018/04/07 : 1.8.7
- BUG/MAJOR: cache: always initialize newly created objects
- MINOR: servers: Support alphanumeric characters for the server templates names
2018/04/05 : 1.8.6
- BUG/MINOR: lua: the function returns anything
- BUG/MINOR: lua funtion hlua_socket_settimeout don't check negative values
- BUILD/MINOR: fix build when USE_THREAD is not defined
- MINOR: cli/threads: make "show fd" report thread_sync_io_handler instead of "unknown"
- MINOR: cli: make "show fd" report the mux and mux_ctx pointers when available
- BUILD/MINOR: cli: fix a build warning introduced by last commit
- BUG/MINOR: hpack: fix harmless use of uninitialized value in hpack_dht_insert
- CLEANUP: h2: rename misleading h2c_stream_close() to h2s_close()
- MINOR: h2: provide and use h2s_detach() and h2s_free()
- BUG/MAJOR: h2: remove orphaned streams from the send list before closing
- MINOR: h2: always call h2s_detach() in h2_detach()
- MINOR: h2: fuse h2s_detach() and h2s_free() into h2s_destroy()
- BUG/MEDIUM: h2/threads: never release the task outside of the task handler
- BUG/MEDIUM: h2: don't consider pending data on detach if connection is in error
- BUILD/MINOR: threads: always export thread_sync_io_handler()
- BUG/MEDIUM: h2: always add a stream to the send or fctl list when blocked
- BUG/MINOR: checks: check the conn_stream's readiness and not the connection
- BUG/MINOR: email-alert: Set the mailer port during alert initialization
- BUG/MINOR: cache: fix "show cache" output
- BUG/MINOR: fd: Don't clear the update_mask in fd_insert.
- BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on non-first blocks
- BUG/MINOR: spoe: Initialize variables used during conf parsing before any check
- BUG/MINOR: spoe: Don't release the context buffer in .check_timeouts callbaclk
2018/03/23 : 1.8.5
- BUG/MINOR: threads: fix missing thread lock labels for 1.8
- BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as unrecovarable.
- BUG/MEDIUM: ssl: Shutdown the connection for reading on SSL_ERROR_SYSCALL
- BUG/MINOR: init: Add missing brackets in the code parsing -sf/-st
- BUG/MINOR: ssl/threads: Make management of the TLS ticket keys files thread-safe
- BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier as possible
- BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken.
- DOC: lua: new prototype for function "register_action()"
- DOC: cfgparse: Warn on option (tcp|http)log in backend
- BUG/MINOR: debug/pools: properly handle out-of-memory when building with DEBUG_UAF
- MINOR: debug/pools: make DEBUG_UAF also detect underflows
- BUG/MINOR: h2: Set the target of dbuf_wait to h2c
- MINOR: stats: display the number of threads in the statistics.
- BUG/MEDIUM: h2: always consume any trailing data after end of output buffers
- BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk
- BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk
- Revert "BUG/MINOR: send-proxy-v2: string size must include ('\0')"
- MINOR: systemd: Add section for SystemD sandboxing to unit file
- MINOR: systemd: Add SystemD's Protect*= options to the unit file
- MINOR: systemd: Add SystemD's SystemCallFilter option to the unit file
- MINOR/BUILD: fix Lua build on Mac OS X
- BUILD/MINOR: fix Lua build on Mac OS X (again)
- BUG/MINOR: session: Fix tcp-request session failure if handshake.
- CLEANUP: .gitignore: Ignore binaries from the contrib directory
- BUG/MINOR: unix: Don't mess up when removing the socket from the xfer_sock_list.
- BUG/MEDIUM: h2: also arm the h2 timeout when sending
- BUG/MINOR: cli: Fix a crash when passing a negative or too large value to "show fd"
- CLEANUP: ssl: Remove a duplicated #include
- CLEANUP: cli: Remove a leftover debug message
- BUG/MINOR: cli: Fix a typo in the 'set rate-limit' usage
- BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc
- BUG/MINOR: force-persist and ignore-persist only apply to backends
- BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping
- BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is temporarily disabled
- BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues management
- BUG/MINOR: dns: don't downgrade DNS accepted payload size automatically
- BUG/MINOR: seemless reload: Fix crash when an interface is specified.
- BUG/MINOR: cli: Fix a crash when sending a command with too many arguments
- BUILD: ssl: Fix build with OpenSSL without NPN capability
- BUG/MINOR: spoa-example: unexpected behavior for more than 127 args
- BUG/MINOR: lua: return bad error messages
- BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers
- BUG/MINOR: tcp-check: use the server's service port as a fallback
- BUG/MEDIUM: threads/queue: wake up other threads upon dequeue
- MINOR: log: stop emitting alerts when it's not possible to write on the socket
- BUILD/BUG: enable -fno-strict-overflow by default
- DOC: log: more than 2 log servers are allowed
- DOC: don't suggest using http-server-close
- BUG/MEDIUM: h2: properly account for DATA padding in flow control
- BUG/MINOR: h2: ensure we can never send an RST_STREAM in response to an RST_STREAM
- BUG/MINOR: listener: Don't decrease actconn twice when a new session is rejected
[1] https://www.haproxy.org/download/1.8/src/CHANGELOG
Applies a patch to the dd-agent derivation that fixes a compatibility
issue with the current version of iostat, which no longer contains a
colon after its table headers.
This patch is applied in order for the fix to be backportable to
existing stable releases. A final "proper" fix will be an upgrade to a
newer version of dd-agent, but that requires several other changes.
This fixes#40103.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/strongswan/versions.
These checks were done:
- built on NixOS
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/pki passed the binary check.
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/charon-cmd passed the binary check.
- Warning: no invocation of /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/charon-systemd had a zero exit code or showed the expected version
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/ipsec passed the binary check.
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/swanctl passed the binary check.
- 4 of 5 passed binary check by having a zero exit code.
- 1 of 5 passed binary check by having the new version present in output.
- found 5.6.3 with grep in /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3
- directory tree listing: https://gist.github.com/258736889db4e822d054b65e7035147b
- du listing: https://gist.github.com/478dbb4f44b4ed18b112076b17451a4e
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/stunnel/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/9dvqa02pamz2wgzrpsjlzvf02qlmmabj-stunnel-5.46/bin/stunnel3 had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/9dvqa02pamz2wgzrpsjlzvf02qlmmabj-stunnel-5.46/bin/stunnel had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 5.46 with grep in /nix/store/9dvqa02pamz2wgzrpsjlzvf02qlmmabj-stunnel-5.46
- directory tree listing: https://gist.github.com/fa7d88d4b57706beacb1a6c4ca25a0ab
- du listing: https://gist.github.com/1eb91f78f53c9d1e590c49e38c2869f3
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/wireguard-tools/versions.
These checks were done:
- built on NixOS
- /nix/store/mr991d4pyvfng5bhh06kdlb29mj93cf3-wireguard-tools-0.0.20180524/bin/wg passed the binary check.
- /nix/store/mr991d4pyvfng5bhh06kdlb29mj93cf3-wireguard-tools-0.0.20180524/bin/wg-quick passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 0.0.20180524 with grep in /nix/store/mr991d4pyvfng5bhh06kdlb29mj93cf3-wireguard-tools-0.0.20180524
- directory tree listing: https://gist.github.com/52b47d18275b1b4550ccdd7bfdd16ef0
- du listing: https://gist.github.com/074aac4bf75c6a0a31e18b04cb0ffbc8
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/speedtest-cli/versions.
These checks were done:
- built on NixOS
- /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1/bin/.speedtest-wrapped passed the binary check.
- /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1/bin/speedtest passed the binary check.
- /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1/bin/.speedtest-cli-wrapped passed the binary check.
- /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1/bin/speedtest-cli passed the binary check.
- 4 of 4 passed binary check by having a zero exit code.
- 4 of 4 passed binary check by having the new version present in output.
- found 2.0.1 with grep in /nix/store/rhi9py7nac05v8qsvwjaszp15l5db3p6-speedtest-cli-2.0.1
- directory tree listing: https://gist.github.com/8474ab8a0bcd232ed8b3f5f9bff112ee
- du listing: https://gist.github.com/f130f280bd23afc5797bf84f764288c4
Lots of packages are missing versions in their name. This adds them
where appropriate. These were found with this command:
$ nix-env -qa -f. | grep -v '\-[0-9A-Za-z.-_+]*$' | grep -v '^hook$'
See issue #41007.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/stunnel/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/7s4vc01h5glyylky8hsjfbmyxdfr44wl-stunnel-5.45/bin/stunnel3 had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/7s4vc01h5glyylky8hsjfbmyxdfr44wl-stunnel-5.45/bin/stunnel had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 5.45 with grep in /nix/store/7s4vc01h5glyylky8hsjfbmyxdfr44wl-stunnel-5.45
- directory tree listing: https://gist.github.com/4c607748a7a424c16abcadab39e0a7f7
- du listing: https://gist.github.com/d4b428776b9214e913cb8a97f7698d65
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/urlwatch/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/gpf4j5mmd5zbz0rqj39d57d38f6311pn-urlwatch-2.11/bin/.urlwatch-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/gpf4j5mmd5zbz0rqj39d57d38f6311pn-urlwatch-2.11/bin/urlwatch had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 2.11 with grep in /nix/store/gpf4j5mmd5zbz0rqj39d57d38f6311pn-urlwatch-2.11
- directory tree listing: https://gist.github.com/f36eb5277839d9ca3d15995cec7cc592
- du listing: https://gist.github.com/47f738cad88e3941c1c0f149f8aa4fc7
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/wireguard-tools/versions.
These checks were done:
- built on NixOS
- /nix/store/c48vhaf6wqmra1g6sv4hv3i6vqlw7ll1-wireguard-tools-0.0.20180519/bin/wg passed the binary check.
- /nix/store/c48vhaf6wqmra1g6sv4hv3i6vqlw7ll1-wireguard-tools-0.0.20180519/bin/wg-quick passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 0.0.20180519 with grep in /nix/store/c48vhaf6wqmra1g6sv4hv3i6vqlw7ll1-wireguard-tools-0.0.20180519
- directory tree listing: https://gist.github.com/64bccf9c57ca84c49486890ccbf17239
- du listing: https://gist.github.com/f28d6cfd8bcbf6ab1a6c39ad40ce1606
Wireguard is now split into two pretty much independent packages:
`wireguard` (Linux-specific kernel module) and `wireguard-tools`,
which is cross-platform.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/ntp/versions.
These checks were done:
- built on NixOS
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/calc_tickadj passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntp-wait passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntptrace passed the binary check.
- Warning: no invocation of /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/update-leap had a zero exit code or showed the expected version
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/sntp passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntpd passed the binary check.
- Warning: no invocation of /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntpdate had a zero exit code or showed the expected version
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntpdc passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntpq passed the binary check.
- /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntp-keygen passed the binary check.
- Warning: no invocation of /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/ntptime had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11/bin/tickadj had a zero exit code or showed the expected version
- 8 of 12 passed binary check by having a zero exit code.
- 0 of 12 passed binary check by having the new version present in output.
- found 4.2.8p11 with grep in /nix/store/ib7i3wijfdx2h24aswazaqivr6hfrbip-ntp-4.2.8p11
- directory tree listing: https://gist.github.com/643849ae077bac0514537c8aa923dd6d
- du listing: https://gist.github.com/1b2abf7cee80b022945ff72be1eb7070
"platforms.gnu" has been linux-only since at least 17.03:
$ nix eval -f channel:nixos-17.03 lib.platforms.gnu
[ "i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mips64el-linux" ]
Unlike platforms.linux, platforms.gnu indicates "must use glibc"
which for the most part is not intended.
Replacing platforms.gnu with platforms.linux would be the same "today"
but let's err on preserving existing behavior and be optimistic
about platforms these packages work on.
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/openfortivpn/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0/bin/openfortivpn -h’ got 0 exit code
- ran ‘/nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0/bin/openfortivpn --help’ got 0 exit code
- ran ‘/nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0/bin/openfortivpn help’ got 0 exit code
- ran ‘/nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0/bin/openfortivpn --version’ and found version 1.7.0
- found 1.7.0 with grep in /nix/store/p02dl9fy2g9f6dddm4i0z1nbi4b4vk7j-openfortivpn-1.7.0
- directory tree listing: https://gist.github.com/34708b90f0d4fc975a7b9dbd4670bfee
a) Some providers can update multiple domains - support that.
b) Make "zone" and "script" configurable. Some providers require these.
c) Instead of leaving the ddclient daemon running all the time, use a systemd
timer to kick it off.
d) Don't use a predefined user - run everything via DynamicUser
e) Add documentation
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/chrony/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3/bin/chronyc --help’ got 0 exit code
- ran ‘/nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3/bin/chronyc help’ got 0 exit code
- ran ‘/nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3/bin/chronyd -h’ got 0 exit code
- ran ‘/nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3/bin/chronyd --help’ got 0 exit code
- found 3.3 with grep in /nix/store/d5v3k2h8rdhxzyg4my66nrr0zhdhzvaw-chrony-3.3
- directory tree listing: https://gist.github.com/60dede830d6efc2bf29be2b4983e4c97