`ocserv` is a VPN server which follows the openconnect protocol
(https://github.com/openconnect/protocol). The packaging is slightly
inspired by the AUR version
(https://aur.archlinux.org/packages/ocserv/).
This patch initializes the package written in C, the man pages and a
module for a simple systemd unit to run the VPN server. The package
supports the following authentication methods for the server:
* `plain` (mostly username/password)
* `pam`
The third method (`radius`) is currently not supported since `nixpkgs`
misses a packaged client.
The module can be used like this:
``` nix
{
services.ocserv = {
enable = true;
config = ''
...
'';
};
}
```
The option `services.ocserv.config` is required on purpose to
ensure that nobody just enables the service and experiences unexpected
side-effects on the system. For a full reference, please refer to the
man pages, the online docs or the example value.
The docs recommend to simply use `nobody` as user, so no extra user has
been added to the internal user list. Instead a configuration like
this can be used:
```
run-as-user = nobody
run-as-group = nogroup
```
/cc @tenten8401
Fixes #42594
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.
* libffi: simplify using `checkInputs`
* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix
* utillinux: 2.32 -> 2.32.1
https://lkml.org/lkml/2018/7/16/532
* busybox: 1.29.0 -> 1.29.1
* bind: 9.12.1-P2 -> 9.12.2
https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html
* curl: 7.60.0 -> 7.61.0
* gvfs: make tests run, but disable
* ilmbase: disable tests on i686. Spooky!
* mdds: fix tests
* git: disable checks as tests are run in installcheck
* ruby: disable tests
* libcommuni: disable checks as tests are run in installcheck
* librdf: make tests run, but disable
* neon, neon_0_29: make tests run, but disable
* pciutils: 3.6.0 -> 3.6.1
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.
* mesa: more include fixes
mostly from void-linux (thanks!)
* npth: 1.5 -> 1.6
minor bump
* boost167: Add lockfree next_prior patch
* stdenv: cleanup darwin bootstrapping
Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.
* Revert "pciutils: use standardized equivalent for canonicalize_file_name"
This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.
* binutils-wrapper: Try to avoid adding unnecessary -L flags
(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>
* libffi: don't check on darwin
libffi usages in stdenv broken darwin. We need to disable doCheck for that case.
* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook
* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes #40273
When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.
* parity-ui: fix after merge
* python.pkgs.pytest-flake8: disable test, fix build
* Revert "meson: 0.46.1 -> 0.47.0"
With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.
When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.
Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.
I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)
This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.
--
Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).
Fixes #43650.
This reverts commit 305ac4dade.
(cherry picked from commit 273d68eff8)
Signed-off-by: Domen Kožar <domen@dev.si>
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.
Misc...
- qtikz: use libsForQt5.callPackage
This ensures we get the right poppler.
- rewrites:
docbook5_xsl -> docbook_xsl_ns
docbook_xml_xslt -> docbook_xsl
diffpdf: fixup
> whois (5.3.2) unstable; urgency=medium
>
> * Added the .ge TLD server.
> * Updated the charset for whois.nic.cl. (Closes: #900047)
> * Updated the list of new gTLDs.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/http-prompt/versions.
<details><summary>Version release notes (from GitHub)</summary>
* Fix bug: Handle OpenAPI `basePath` properly (#140, #141)</details>
These checks were done:
- built on NixOS
- /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2/bin/.http-prompt-wrapped passed the binary check.
- /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2/bin/http-prompt passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 2 of 2 passed binary check by having the new version present in output.
- found 0.11.2 with grep in /nix/store/1gzy7b5js44k972zrjzd5g2rjk00l901-http-prompt-0.11.2
- directory tree listing: https://gist.github.com/9cc6cb35afe53057b07f364f2b4bfae8
- du listing: https://gist.github.com/7ef9ede9ef7a82a304847cf671cef769
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/xl2tpd/versions.
These checks were done:
- built on NixOS
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/pfc passed the binary check.
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/xl2tpd passed the binary check.
- /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12/bin/xl2tpd-control passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 1 of 3 passed binary check by having the new version present in output.
- found 1.3.12 with grep in /nix/store/xvvr6zvnn8q3k0021bp74yfql82yp7q1-xl2tpd-1.3.12
- directory tree listing: https://gist.github.com/9e7e06daf4d57291dbefde0aff0da546
- du listing: https://gist.github.com/0eb400f5c7f43510ed9dc63f43181d95
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/zerotierone/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-idtool had a zero exit code or showed the expected version
- /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-cli passed the binary check.
- /nix/store/vd1y0dqqxk8dm0g7daw4anxfip7l97cm-zerotierone-1.2.10/bin/zerotier-one passed the binary check.
- 2 of 3 passed binary check by having a zero exit code.
- 2 of 3 passed binary check by having the new version present in output.
- directory tree listing: https://gist.github.com/87164b4a118f54881debe8986fa9d125
- du listing: https://gist.github.com/d1842159ba2f6272856b4451d5860bf7
In particular, this contains Firefox-related and libgcrypt updates.
Other larger rebuilds would apparently need lots of time to catch up
on Hydra, due to nontrivial rebuilds in other branches than staging.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/speedtest-cli/versions.
These checks were done:
- built on NixOS
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/.speedtest-wrapped passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/speedtest passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/.speedtest-cli-wrapped passed the binary check.
- /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2/bin/speedtest-cli passed the binary check.
- 4 of 4 passed binary check by having a zero exit code.
- 4 of 4 passed binary check by having the new version present in output.
- found 2.0.2 with grep in /nix/store/a4chlrm6z1ar1q81dxnyza2caw326mba-speedtest-cli-2.0.2
- directory tree listing: https://gist.github.com/6b0bc77e82e32f36a5b79985ecdfc141
- du listing: https://gist.github.com/d6c4b589c95fcdaad30bc0b4e265e6e6
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/unbound/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-checkconf had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control had a zero exit code or showed the expected version
- /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-host passed the binary check.
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-anchor had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2/bin/unbound-control-setup had a zero exit code or showed the expected version
- 1 of 6 passed binary check by having a zero exit code.
- 0 of 6 passed binary check by having the new version present in output.
- found 1.7.2 with grep in /nix/store/pka3ii26dp5xsxi7xs2rx3laxca2bv9l-unbound-1.7.2
- directory tree listing: https://gist.github.com/24f2136689bd3209095feb3b71734811
- du listing: https://gist.github.com/9efb5b527b161e93a47f0237c7d556a8
Adds programs.mosh.withUtempter (default: true).
The option enables -with-utempter for mosh, allowing it to write to
/var/run/utmp and thus making connected sessions appear in the output
of `who -a`.
For that, a guid-wrapper is required. Also, the path to the `utempter` was
hardcoded in the resulting binary until now (so it could never been found),
thus, libutempter was patched accordingly to point to
/run/wrappers/bin/utempter which at least works when the wrapper is
configured.