3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

83098 commits

Author SHA1 Message Date
Joachim Fasting 0a9b7b3159 Merge pull request #15155 from yawnt/java-source-files
jdk: keep source files for IDE support
2016-05-07 17:45:32 +02:00
Ricardo Ardissone c4cd453c07 pythonPackages.mathics: 0.8 -> 0.9 2016-05-07 12:17:43 -03:00
Tuomas Tynkkynen 24b046ce05 rpm: Fix python3 detection hack
Commit 5dff3c4b68 made rpm use autoreconfHook, so the patch that we
are making to `configure` gets lost when the file is regenerated.
To fix this, just patch the equivalent string in the `configure.ac` file
instead.

Fixes #15287
2016-05-07 17:55:32 +03:00
Christoph Hrdinka 72306b762d hugin: 2015.0.0 -> 2016.0.0
This updates hugin to its latest version and cleanes the derivation.

Release notes:

http://hugin.sourceforge.net/releases/2016.0.0/en.shtml
2016-05-07 16:50:06 +02:00
Joachim Fasting 5b90702cd6 Merge pull request #15243 from sindikat/patch-1
update docs for services.dictd.* config options
2016-05-07 16:44:41 +02:00
Joachim Fasting 16510869eb Merge pull request #15278 from Baughn/ckan
ckan: Add curl to runtime libraries
2016-05-07 16:42:39 +02:00
Vladimír Čunát 72acb24c1f Merge #15084: gcc: add 6.1.0 2016-05-07 15:20:19 +02:00
Nikolay Amiantov 17e4803de7 initrd-ssh service: fix build 2016-05-07 15:38:46 +03:00
Nikolay Amiantov f396fa8cb2 deadbeef: fix tray icon 2016-05-07 15:29:28 +03:00
Nikolay Amiantov 62c41cc539 dropbox: meta.licenses -> meta.license 2016-05-07 15:13:28 +03:00
Nikolay Amiantov 41ced9f100 dropbox: mark as unfree 2016-05-07 15:12:07 +03:00
Nikolay Amiantov f7c02f8670 ejabberd service: add image thumbnailing support 2016-05-07 14:31:16 +03:00
Nikolay Amiantov bbde5400cf Merge pull request #15286 from Profpatsch/substituteAll-docs-underscore
manual/substituteAll: document filtered variables
2016-05-07 15:13:32 +04:00
Profpatsch c6cfa7a412 manual/substituteAll: document filtered variables
Some variables are filtered out as of #14907.
2016-05-07 13:10:09 +02:00
Thomas Tuegel f2ec142847 quassel: 0.12.3 -> 0.12.4
Security update for CVE-2016-4414 (denial of service).
2016-05-07 06:00:09 -05:00
Christoph Hrdinka f2ac136ec1 darktable: 2.0.2 -> 2.0.4
Release notes for 2.0.3 and 2.0.4 bugfix releases:

https://www.darktable.org/2016/03/darktable-2-0-3-released
https://www.darktable.org/2016/05/darktable-2-0-4-released
2016-05-07 12:59:24 +02:00
Nikolay Amiantov 2d57767974 openspades-git: drop yet another hack, fix accidential python merge 2016-05-07 12:03:24 +03:00
Nikolay Amiantov 628c8e8995 openspades-git: init at 2016-04-17 2016-05-07 11:59:53 +03:00
Nikolay Amiantov c7193c1506 openspades: less hacks 2016-05-07 11:59:53 +03:00
Nikolay Amiantov a7fe84e38a openspades: link to openal instead of using LD_LIBRARY_PATH 2016-05-07 11:59:53 +03:00
Peter Simons a211eef81a heimdall: cosmetic 2016-05-07 10:46:52 +02:00
Vladimír Čunát 372d367b37 mediastreamer: 2.11.2 -> 2.12.1
This fixes the build broken by ortp update d4d6d9d3d.
http://hydra.nixos.org/build/35224682
2016-05-07 09:32:18 +02:00
Rok Garbas 9cd896367a pypi2nix: new release 2016-05-07 05:04:25 +02:00
Ricardo Ardissone f3843aed47 pythonPackages.sympy: 0.7.6.1 -> 1.0 2016-05-07 00:03:30 -03:00
Charles Strahan e965e42dc5 go: fix build on Darwin
The go tests get tripped up due to error messages along the lines of:

    ld: warning: /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation, ignoring unexpected dylib file

Which is due to us passing that along via $NIX_LDFLAGS in the `clang` wrapper.
To keep `go` from getting confused, I create a small `clang` wrapper that
filters out that warning.

Also, the strip.patch is no longer necessary, and only causes problems when
testing DWARF support:

    --- FAIL: TestDwarfAranges (0.59s)
        runtime-lldb_test.go:218: Missing aranges section
    FAIL
    FAIL    runtime 17.123s

Also, I disable the misc/cgo/errors test, as I suspect it is also due to similar
problems regarding `ld`:

    ##### ../misc/cgo/errors
    misc/cgo/errors/test.bash: BUG: expected error output to contain "err1.go:11:" but saw:
    # command-line-arguments
    cannot parse gcc output $WORK/command-line-arguments/_obj//_cgo_.o as ELF, Mach-O, PE object
    2016/05/07 02:07:58 Failed: exit status 1

Closes #14208
2016-05-06 22:34:16 -04:00
Charles Strahan ec1c8071b1 macvim: fix build 2016-05-06 22:32:23 -04:00
Nathaniel Baxter 24ffbfde1d teamspeak_client: 3.0.18.2 -> 3.0.19.1 2016-05-07 09:52:49 +10:00
kklas 491b7c2f15 nodejs: add nodePackages_6_x to all-packages.nix 2016-05-07 01:47:09 +02:00
Peter Simons c083ef0c6d heimdall: update to version 1.4.1-34-g7ebee1e (current Git 'master') 2016-05-07 01:39:48 +02:00
Peter Simons 91896f4ac5 syncthing: update to version 0.12.23 2016-05-07 01:12:35 +02:00
Tobias Geerinckx-Rice cd76b71431
cegui: 0.8.4 -> 0.8.7 2016-05-07 00:32:56 +02:00
aszlig e936f7dff6
Merge branch 'stage1-dont-kill-kthreads'
Merges pull request #15275:

    This addresses #15226 and fixes killing of processes before
    switching from the initrd to the real root.

    Right now, the pkill that is issued not only kills user space
    processes but also sends a SIGKILL to kernel threads as well.
    Usually these threads ignore signals, but some of these processes do
    handle signals, like for example the md module, which happened in
    #15226.

    It also adds a small check for the swraid installer test and a
    standalone test which checks on just that problem, so in the future
    this shouldn't happen again.

This has been acked by @edolstra on IRC.
2016-05-06 22:00:01 +02:00
aszlig 64ca91cac9
nixos/tests/boot-stage1: Add myself to maintainers
As @edolstra pointed out that the kernel module might be painful to
maintain. I strongly disagree because it's only a small module and it's
good to have such a canary in the tests no matter how the bootup process
looks like, so I'm going the masochistic route and try to maintain it.

If it *really* becomes too much maintenance burden, we can still drop or
disable kcanary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 21:32:21 +02:00
Tim Steinbach f53850bf21 kernel: 4.4.8 -> 4.4.9 (#15276) 2016-05-06 20:25:29 +02:00
Tobias Geerinckx-Rice 5ac997b875
appstream: 0.8.0 -> 0.9.5 2016-05-06 19:17:07 +02:00
Tobias Geerinckx-Rice 237168d452
neovim: unmaintain
*reinstalls emacs*
2016-05-06 19:17:07 +02:00
Tobias Geerinckx-Rice 39421df56a
stress-ng: 0.05.25 -> 0.06.00
Changes: https://launchpad.net/ubuntu/+source/stress-ng/0.06.00-1.
2016-05-06 19:17:07 +02:00
Svein Ove Aas 3d8f9a6937 ckan: Add curl to runtime libraries 2016-05-06 18:04:01 +01:00
zimbatm 4ba7767d91 Merge pull request #14722 from puffnfresh/bug/dockertools-postmount
dockerTools: only add "/nix" if it exists
2016-05-06 17:40:23 +01:00
Lluís Batlle i Rossell 53a4582552 Adding vmlinux to linux kernel 'dev' derivation.
It takes some extra 13MB (and in dev, not out), but allows perf to show kernel
symbols when profiling. I think it is worth it.

In my NixOS, I refer to it in the system derivation, for easy telling to perf
through /run/booted-system/vmlinux:

  system.extraSystemBuilderCmds = ''
    ln -s ${config.boot.kernelPackages.kernel.dev}/vmlinux $out/vmlinux
  '';
2016-05-06 18:11:03 +02:00
Joachim Fasting 5a0cde6c19 Merge pull request #15277 from NeQuissimus/kernel453
kernel: 4.5.2 -> 4.5.3
2016-05-06 17:20:27 +02:00
Tim Steinbach 02d94d335a
kernel: 4.5.2 -> 4.5.3 2016-05-06 11:12:04 -04:00
Joachim Fasting e341771fc8 Merge pull request #15273 from NeQuissimus/gradle213
gradle: 2.12 -> 2.13
2016-05-06 17:04:39 +02:00
aszlig eb6e366446
nixos/release-combined: Add boot-stage1 test
We don't want to push out a channel update whenever this test fails,
because that might have unexpected and confused side effects and it
*really* means that stage 1 of our boot up is broken.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:56:54 +02:00
aszlig 4f796c28d5
nixos/tests: Add a test for boot stage 1
We already have a small regression test for #15226 within the swraid
installer test. Unfortunately, we only check there whether the md
kthread got signalled but not whether other rampaging processes are
still alive that *should* have been killed.

So in order to do this we provide multiple canary processes which are
checked after the system has booted up:

 * canary1: It's a simple forking daemon which just sleeps until it's
            going to be killed. Of course we expect this process to not
            be alive anymore after boot up.
 * canary2: Similar to canary1, but tries to mimick a kthread to make
            sure that it's going to be properly killed at the end of
            stage 1.
 * canary3: Like canary2, but this time using a @ in front of its
            command name to actually prevent it from being killed.
 * kcanary: This one is a real kthread and it runs until killed, which
            shouldn't be the case.

Tested with and without 67223ee and everything works as expected, at
least on my machine.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:56:43 +02:00
Tim Steinbach a17c90dcd1
gradle: 2.12 -> 2.13 2016-05-06 10:52:25 -04:00
aszlig dc6d003011
nixos/tests/installer/swraid: Check for safemode
This is a regression test for #15226, so that the test will fail once we
accidentally kill one or more of the md kthreads (aka: if safe mode is
enabled).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-05-06 16:51:38 +02:00
Joachim Fasting 50d915c758
grsecurity: optionally disable features for redistributed kernels 2016-05-06 16:37:25 +02:00
Joachim Fasting 27061905bd
linuxPackages_grsec_4_5: 3.1-4.5.2-201604290633 -> 3.1-4.5.3-201605060852 2016-05-06 16:37:25 +02:00
aszlig 67223ee205
nixos/stage-1: Don't kill kernel threads
Unfortunately, pkill doesn't distinguish between kernel and user space
processes, so we need to make sure we don't accidentally kill kernel
threads.

Normally, a kernel thread ignores all signals, but there are a few that
do. A quick grep on the kernel source tree (as of kernel 4.6.0) shows
the following source files which use allow_signal():

  drivers/isdn/mISDN/l1oip_core.c
  drivers/md/md.c
  drivers/misc/mic/cosm/cosm_scif_server.c
  drivers/misc/mic/cosm_client/cosm_scif_client.c
  drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
  drivers/staging/rtl8188eu/core/rtw_cmd.c
  drivers/staging/rtl8712/rtl8712_cmd.c
  drivers/target/iscsi/iscsi_target.c
  drivers/target/iscsi/iscsi_target_login.c
  drivers/target/iscsi/iscsi_target_nego.c
  drivers/usb/atm/usbatm.c
  drivers/usb/gadget/function/f_mass_storage.c
  fs/jffs2/background.c
  fs/lockd/clntlock.c
  fs/lockd/svc.c
  fs/nfs/nfs4state.c
  fs/nfsd/nfssvc.c

While not all of these are necessarily kthreads and some functionality
may still be unimpeded, it's still quite harmful and can cause
unexpected side-effects, especially because some of these kthreads are
storage-related (which we obviously don't want to kill during bootup).

During discussion at #15226, @dezgeg suggested the following
implementation:

for pid in $(pgrep -v -f '@'); do
    if [ "$(cat /proc/$pid/cmdline)" != "" ]; then
        kill -9 "$pid"
    fi
done

This has a few downsides:

 * User space processes which use an empty string in their command line
   won't be killed.
 * It results in errors during bootup because some shell-related
   processes are already terminated (maybe it's pgrep itself, haven't
   checked).
 * The @ is searched within the full command line, not just at the
   beginning of the string. Of course, we already had this until now, so
   it's not a problem of his implementation.

I posted an alternative implementation which doesn't suffer from the
first point, but even that one wasn't sufficient:

for pid in $(pgrep -v -f '^@'); do
    readlink "/proc/$pid/exe" &> /dev/null || continue
    echo "$pid"
done | xargs kill -9

This one spawns a subshell, which would be included in the processes to
kill and actually kills itself during the process.

So what we have now is even checking whether the shell process itself is
in the list to kill and avoids killing it just to be sure.

Also, we don't spawn a subshell anymore and use /proc/$pid/exe to
distinguish between user space and kernel processes like in the comments
of the following StackOverflow answer:

http://stackoverflow.com/a/12231039

We don't need to take care of terminating processes, because what we
actually want IS to terminate the processes.

The only point where this (and any previous) approach falls short if we
have processes that act like fork bombs, because they might spawn
additional processes between the pgrep and the killing. We can only
address this with process/control groups and this still won't save us
because the root user can escape from that as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Fixes: #15226
2016-05-06 16:24:42 +02:00