Currently pencil won't start, due to incompatible firefox version:
$ pencil
Error: Platform version '47.0.1' is not compatible with
minVersion >= 36.0
See https://github.com/prikhi/pencil/issues/840.
This follows on from PR #16965 for qrupdate and PR #16968 for fltk.
WIth these, the added explicit dependencies on arpack (to support
the octave `eigs` function) and `libwebp`, and not pulling X11 things,
octave works properly on darwin.
As pointed out by @danbst, the tomcat NixOS module expects packages
listed in services.tomcat.webapps to either be direct .war file paths or
have .war files inside a "webapps" directory.
Commit 4075c10a59
("jenkins: move .war file from $out to $out/lib/jenkins.war") broke
jenkins + tomcat. Fix it by moving jenkins.war to $out/webapps/.
The grsec patch fails to apply cleanly when combined with the hiddev CVE patch
(added in dde259dfb5). To fix this and future
problems, we set all our patches explicitly rather than inherit from the base
kernel.
Fixes#14137, also known as:
$ nix-shell -p jenkins
bash: source: /nix/store/ln1yw6c2v8bb2cjqfr1z5aqcssw054wa-jenkins-2.3:
cannot execute binary file
[nix-shell exited with error]
The problem is that jenkins.war is not installed inside the directory
$out, but rather _as the file_ $out. Fix it by moving the file to
$out/lib/jenkins.war.
While at it, move buildCommand so that the "meta" section is at the end
of the expression (standard style), and quote shell variables.
Fixes issue with virt-manager failing to list 'USB Host Devices' and
'PCI Host Devices' with the error "Connection does not support host
device enumeration".
downloads.sourceforge.net is the official way to download tarballs from
SourceForge. However, it is reported as unreliable due to SF's weird
load balancing system.
This commit gives the official mirror utmost priority, and will use
other configured mirrors (which may be temporary) as a fallback only
when the official one can't be reached/download fails/hangs.
References: NixOs/nixpkgs#16900
This update was generated by hackage2nix v2.0-4-gb156b94 using the following inputs:
- Hackage: 5bb0a1b20f
- LTS Haskell: a5a99cf176
- Stackage Nightly: 3664752ea8
If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:
fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group or world-writable.
The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.
- Fix a bug in the script which prevented it from finding its helper script.
- Automatically redirect the output of the script to make it even easier
to use.
- Update from Applications 16.04.2 to 16.04.3.
- Remove the version number from the directory storing the Applications
Nix expressions. It is not necessary to version the Nix expressions
now that we keep only one version in Nixpkgs.
- Fix a bug in generate-kde-applications.sh which prevented it from
finding its helper script.
- Automatically redirect the output of generate-kde-applications.sh to
make the update script even easier to use.
- Update from Plasma 5.7.0 to 5.7.1.
- Remove the version number from the directory storing the Plasma Nix
expressions. It is not necessary to version the Nix expressions now
that we keep only one version in Nixpkgs.
- Fix a bug in generate-kde-plasma.sh which prevented it from finding
its helper script.
- Automatically redirect the output of generate-kde-plasma.sh to make
the update script even easier to use.
Minor OTP releases (and their manpages) are not available for dowload at
http://erlang.org/download
But e.g.:
- 18.3.1 contains an important fix for mnesia
- 18.3.1-18.3.4 has a lot of SSL/TLS fixes
So we have to fetch from GitHub and build everything ourselves.
Also replace explicit path patching with upstream patches:
- https://github.com/erlang/otp/pull/1023
- https://github.com/erlang/otp/pull/1103 - with this patch it's now
possible to build erlang in sandboxed mode
For this package to be useful you need to wrap it in a fhs-user-env and/or
create a nixos module. Previous version had become completely broken/useless
though.
This patch fixes#16614 and #16741.
The first issue was caused by the fact that both `/share` and
`/share/fish/vendor_completions.d` end in the `pathsToLink`. The
`pkgs/build-support/buildenv/builder.pl` creates `/share`, then links
`/share/fish` under `/share` and then tries to create the directory
`/share/fish/vendor_completions.d` and fails because it already exists.
The simplest way to reproduce the issue is to build the next Nix
expression:
```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
name = "buildenv-issue";
paths = [
pkgs.fish
pkgs.vim
];
pathsToLink = [
"/share"
"/share/fish/vendor_completions.d"
];
}
```
The second issue is more critical and was caused by the fact findFiles
doesn't recurse deep enough. It stops at first unique directory for the
package (e.g., "/share" or even "/") and later the scripts decides it
shouldn't link it as it doesn't match pathsToLink (e.g., "/share/fish"),
so the result is empty.
The test:
```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
name = "buildenv-issue";
paths = [
pkgs.fish
pkgs.vim
];
pathsToLink = [
"/share/fish/functions"
];
}
```
or
```nix
let pkgs = import <nixpkgs> { };
in pkgs.buildEnv {
name = "buildenv-issue";
paths = [
pkgs.vim
];
pathsToLink = [
"/share"
];
}
```
Fixed for all available 4.x series kernels.
From CVE-2016-5829:
Multiple heap-based buffer overflows in the hiddev_ioctl_usage function
in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow
local users to cause a denial of service or possibly have unspecified
other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl
call.
