This currently uses a binary-only package, since building
jailer/firecracker all on their own is somewhat complex from my
attempts.
This will later be changed into a source-only build, ideally.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
… and add man pages, which means `containerd` becomes a multi-output
derivation : `containerd.bin` and `containerd.man`.
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
It does not work if the sha256 is not hex, it fails because VBoxExtPackHelperApp requires to be given a hex hash.
See https://github.com/NixOS/nixpkgs/issues/34846 where the same problem was fixed some time ago.
I had to drop xorriso because it didn't seem to want to compile with it
any more, and had to add libopus as a build input because it wouldn't
compile without that.
You can use stdenv.hostPlatform.emulator to get an executable that
runs cross-built binaries. This could be any emulator. For instance,
we use QEMU to emulate Linux targets and Wine to emulate Windows
targets. To work with qemu, we need to support custom targets.
I’ve reworked the cross tests in pkgs/test/cross to use this
functionality.
Also, I’ve used talloc to cross-execute with the emulator. There
appears to be a cross-execute for all waf builds. In the future, it
would be nice to set this for all waf builds.
Adds stdenv.hostPlatform.qemuArch attrbute to get the qemuArch for
each platform.
In a few cases it wasn't clear so I left them as-is.
While visiting these moved other things to nativeBuildInputs
when it was clear they were one of these cases:
* makeWrapper
* archive utilities (in order to unpack src)
* a few of these might no longer be needed but leaving for another day
Unlike docker (cli only) this probably won't work on darwin.
github.com/docker/libnetwork/networkdb
can't load package: package github.com/docker/libnetwork/ns: build constraints exclude all Go files in /private/tmp/nix-build-docker-proxy-7b2b1feb1de4817d522cc372af149ff48d25028e.drv-0/go/src/github.com/docker/libnetwork/ns
/cc ZHF #45961
Since years I'm not maintaining anything of the list below other
than some updates when I needed them for some reason. Other people
is doing that maintenance on my behalf so I better take me out but
for very few packages. Finally!
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.
Misc...
- qtikz: use libsForQt5.callPackage
This ensures we get the right poppler.
- rewrites:
docbook5_xsl -> docbook_xsl_ns
docbook_xml_xslt -> docbook_xsl
diffpdf: fixup
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/singularity/versions.
<details><summary>Version release notes (from GitHub)</summary>
Greetings Singularity containerizers!
This release contains fixes for a _high severity_ security issue affecting Singularity 2.3.0 through 2.5.1 on kernels that support overlay file systems (CVE-2018-12021). A malicious user with network access to the host system (e.g. ssh) could exploit this vulnerability to access sensitive information on disk and bypass directory image restrictions like those preventing the root file system from being mounted into the container.
Singularity 2.5.2 should be installed immediately, and all previous versions of Singularity should be removed. The vulnerability addressed in this release affects kernels that support overlayfs. If you are unable to upgrade immediately, you should set `enable overlay = no` in `singularity.conf`.
In addition, this release contains a large number of bug fixes. Details follow:
## [Security related fixes](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12021)
- Removed the option to use overlay images with `singularity mount`. This
flaw could allow a malicious user accessing the host system to access
sensitive information when coupled with persistent ext3 overlay.
- Fixed a race condition that might allow a malicious user to bypass directory
image restrictions, like mounting the host root filesystem as a container
image
## Bug fixes
- Fix an error in malloc allocation #1620
- Honor debug flag when pulling from docker hub #1556
- Fix a bug with passwd abort #1580
- Allow user to override singularity.conf "mount home = no" with --home option
#1496
- Improve debugging output #1535
- Fix some bugs in bind mounting #1525
- Define PR_(S|G)ET_NO_NEW_PRIVS in user space so that these features will
work with kernels that implement them (like Cray systems) #1506
- Create /dev/fd and standard streams symlinks in /dev when using minimal dev
mount or when specifying -c/-C/--contain option #1420
- Fixed * expansion during app runscript creation #1486
As always, please report any bugs to:
https://github.com/singularityware/singularity/issues/new</details>
These checks were done:
- built on NixOS
- /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2/bin/singularity passed the binary check.
- Warning: no invocation of /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2/bin/run-singularity had a zero exit code or showed the expected version
- 1 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 2.5.2 with grep in /nix/store/3igwiqi311c18w13y5r7zrgpcnzylg9l-singularity-2.5.2
- directory tree listing: https://gist.github.com/ed6db09ad43a19c6abf2d35d15ef489c
- du listing: https://gist.github.com/9bd23f4d6ee86a9eb2ba7ec5c986741d
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
I no longer use rancher and can test this derivation.
Also rancher-compose should have the same version as the rancher cluster
used. So it is better to be build by the user using it rather having a
random version in nixpkgs.
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/virtualbox/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxManage -h’ got 0 exit code
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxManage --help’ got 0 exit code
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxManage help’ got 0 exit code
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxBalloonCtrl -h’ got 0 exit code
- ran ‘/nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12/bin/VBoxBalloonCtrl --help’ got 0 exit code
- found 5.2.12 with grep in /nix/store/6769l9s88jlcv3qgxpjsfr1ybkq3yvvb-virtualbox-5.2.12
- directory tree listing: https://gist.github.com/f9bf852a0a8e6e0b4c44a9b68764850b
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/containerd/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/containerd-release help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr -h’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr --help’ got 0 exit code
- ran ‘/nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0/bin/ctr help’ got 0 exit code
- found 1.1.0 with grep in /nix/store/lmnlz9w8fhf71pxl7wlhv9vsv4k3bnxd-containerd-1.1.0
- directory tree listing: https://gist.github.com/7b4a990853acfbf946f8abe02582f41d
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/tini/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0/bin/tini -h’ got 0 exit code
- ran ‘/nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0/bin/tini --version’ and found version 0.18.0
- found 0.18.0 with grep in /nix/store/h0h2qyxwrvsjy47m1xyv7sxzd2j0ilsi-tini-0.18.0
- directory tree listing: https://gist.github.com/c992fd0a24dfc0365d6b62ac567d395c
Following legacy packing conventions, `isArm` was defined just for
32-bit ARM instruction set. This is confusing to non packagers though,
because Aarch64 is an ARM instruction set.
The official ARM overview for ARMv8[1] is surprisingly not confusing,
given the overall state of affairs for ARM naming conventions, and
offers us a solution. It divides the nomenclature into three levels:
```
ISA: ARMv8 {-A, -R, -M}
/ \
Mode: Aarch32 Aarch64
| / \
Encoding: A64 A32 T32
```
At the top is the overall v8 instruction set archicture. Second are the
two modes, defined by bitwidth but differing in other semantics too, and
buttom are the encodings, (hopefully?) isomorphic if they encode the
same mode.
The 32 bit encodings are mostly backwards compatible with previous
non-Thumb and Thumb encodings, and if so we can pun the mode names to
instead mean "sets of compatable or isomorphic encodings", and then
voilà we have nice names for 32-bit and 64-bit arm instruction sets
which do not use the word ARM so as to not confused either laymen or
experienced ARM packages.
[1]: https://developer.arm.com/products/architecture/a-profile
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/singularity/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/0rcn1kn4j7rmr0qn314g28vpa4xf230d-singularity-2.4.6/bin/singularity -h’ got 0 exit code
- ran ‘/nix/store/0rcn1kn4j7rmr0qn314g28vpa4xf230d-singularity-2.4.6/bin/singularity --help’ got 0 exit code
- ran ‘/nix/store/0rcn1kn4j7rmr0qn314g28vpa4xf230d-singularity-2.4.6/bin/singularity help’ got 0 exit code
- found 2.4.6 with grep in /nix/store/0rcn1kn4j7rmr0qn314g28vpa4xf230d-singularity-2.4.6
- directory tree listing: https://gist.github.com/e2f21872e885760acf461b07dd5b4f86
This obsoletes two of the included patches, one of them RISC-V specific,
since they've been picked up by upstream.
This build has been confirmed as being able to build and run an (extremely
recent) RISC-V Fedora 28 Rawhide image, available from:
https://fedorapeople.org/groups/risc-v/disk-images/
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/containerd/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd -h’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd --help’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd help’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd-release -h’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd-release --help’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd-release help’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd-stress -h’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd-stress --help’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/containerd-stress help’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/ctr -h’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/ctr --help’ got 0 exit code
- ran ‘/nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3/bin/ctr help’ got 0 exit code
- found 1.0.3 with grep in /nix/store/qmgzfad2cazgv7j1k31pqs512b59b8hp-containerd-1.0.3
- directory tree listing: https://gist.github.com/b830fb8c24834f83e627fd6d567eae87
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/singularity/versions.
These checks were done:
- built on NixOS
- ran `/nix/store/893zy5r9ih8lp9p24s9l198jdjdwadj4-singularity-2.4.5/bin/singularity -h` got 0 exit code
- ran `/nix/store/893zy5r9ih8lp9p24s9l198jdjdwadj4-singularity-2.4.5/bin/singularity --help` got 0 exit code
- ran `/nix/store/893zy5r9ih8lp9p24s9l198jdjdwadj4-singularity-2.4.5/bin/singularity help` got 0 exit code
- ran `/nix/store/893zy5r9ih8lp9p24s9l198jdjdwadj4-singularity-2.4.5/bin/singularity -v` and found version 2.4.5
- found 2.4.5 with grep in /nix/store/893zy5r9ih8lp9p24s9l198jdjdwadj4-singularity-2.4.5
- directory tree listing: https://gist.github.com/f42298f39e3c1c4832de9817cc1fc5bf
And also build in parallel.
I don't understand why we manually tediously link every single directory
from the source, but I don't want to investigate too much.
Bump lkl version to latest that includes merge of Linux 4.15 and fix for
an issue where cptofs wasn't returning failure when image size was too
small and file copying failed with:
error writing file: No space left on device
(see lkl/linux#427)
Semi-automatic update. These checks were done:
- built on NixOS
- ran `/nix/store/p41wb0fqnvn4bx6jjs7hs98xlrzp8s79-tini-0.17.0/bin/tini -h` got 0 exit code
- ran `/nix/store/p41wb0fqnvn4bx6jjs7hs98xlrzp8s79-tini-0.17.0/bin/tini --version` and found version 0.17.0
- ran `/nix/store/p41wb0fqnvn4bx6jjs7hs98xlrzp8s79-tini-0.17.0/bin/tini -h` and found version 0.17.0
- found 0.17.0 with grep in /nix/store/p41wb0fqnvn4bx6jjs7hs98xlrzp8s79-tini-0.17.0
- found 0.17.0 in filename of file in /nix/store/p41wb0fqnvn4bx6jjs7hs98xlrzp8s79-tini-0.17.0
Semi-automatic update. These checks were performed:
- built on NixOS
- found 1.11.0 with grep in /nix/store/m55my69q0dc6rbvf7sfz3mln7vca1d53-seabios-1.11.0
- found 1.11.0 in filename of file in /nix/store/m55my69q0dc6rbvf7sfz3mln7vca1d53-seabios-1.11.0
cc "@tstrobel"
Semi-automatic update. These checks were performed:
- built on NixOS
- found 2.4 with grep in /nix/store/5p43l2r5y6m0sdpyxwcwiv381ycglami-remotebox-2.4
- found 2.4 in filename of file in /nix/store/5p43l2r5y6m0sdpyxwcwiv381ycglami-remotebox-2.4
The AArch64 build fails after trying to pull in tmmintrin.h:
```
../common/memcpySSE.h:24:23: fatal error: tmmintrin.h: No such file or directory
#include <tmmintrin.h>
^
compilation terminated.
make: *** [Makefile:29: .build/renderers/opengl.o] Error 1
```
Which are SSSE3 intrinsics unsupported on ARM. This package also likely would
not be useful on ARM, as it requires KVM and a compatible KVM guest running
the frame relay (usually Windows).
Upstream changes without issue IDs:
* GUI: fixed occasional screen corruption when host screen resolution
is changed
* User interface: increase proposed disk size when creating new VMs for
Windows 7 and newer
* User interface: various improvements for high resolution screens
* VMM: Fixed problems using 256MB VRAM in raw-mode VMs
* Audio: implemented support for audio playback and recording for macOS
guests
* Audio: further timing improvements for Windows 10 guests
* Linux hosts: fixed problem accessing mini-toolbar under XFCE
The full changelog including issue IDs can be found at:
https://www.virtualbox.org/wiki/Changelog#v6
What was not mentioned in the changelog is that this release fixes
compiling the VirtualBox modules against kernel 4.15, which was added in
commit 61043ad4d1.
Tested this by running all of the tests in nixos/tests/virtualbox.nix.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @flokli, @svanderburg
[...]
make modules -C /nix/store/h1vzl6bq4wif3m8dd1bw2p3fv4shjg3n-linux-4.14.9-dev/lib/modules/4.14.9/build EXTRA_CFLAGS=-Werror-implicit-function-declaration M=/tmp/nix-build-spl-kernel-2017-11-16-4.14.9.drv-0/source/build
/nix/store/h1vzl6bq4wif3m8dd1bw2p3fv4shjg3n-linux-4.14.9-dev/lib/modules/4.14.9/source/Makefile:939: *** "Cannot generate ORC metadata for CONFIG_UNWINDER_ORC=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel". Stop.
This patch introduces kernel.moduleBuildDependencies to avoid the logic "stdenv.lib.optional (stdenv.lib.versionAtLeast kernel.version "4.14") libelf" in multiple places.
[dezgeg did some minor tweaks on top]