1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Commit graph

9519 commits

Author SHA1 Message Date
R. RyanTM 9b685c7997 alsaPlugins: 1.1.8 -> 1.1.9
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/alsa-plugins/versions
2019-05-10 21:01:17 -07:00
Joachim Fasting 87bc514620
hardened-config: enable the SafeSetID LSM
The purpose of this LSM is to allow processes to drop to a less privileged
user id without having to grant them full CAP_SETUID (or use file caps).

The LSM allows configuring a whitelist policy of permitted from:to uid
transitions.  The policy is enforced upon calls to setuid(2) and related
syscalls.

Policies are configured through securityfs by writing to
- safesetid/add_whitelist_policy ; and
- safesetid/flush_whitelist_policies

A process attempting a transition not permitted by current policy is killed
(to avoid accidentally running with higher privileges than intended).

A uid that has a configured policy is prevented from obtaining auxiliary
setuid privileges (e.g., setting up user namespaces).

See also: https://www.kernel.org/doc/html/latest/admin-guide/LSM/SafeSetID.html
2019-05-07 13:39:24 +02:00
Renaud 7085da0cef
Merge pull request #60870 from dkudriavtsev/patch-1
miraclecast: 20170427 -> 20190403
2019-05-07 13:37:39 +02:00
Jörg Thalheim 2146e1023a
Merge pull request #61076 from Mic92/linux-fpu
linux_5_0: restore __kernel_fpu_{begin,restore}
2019-05-07 10:35:04 +01:00
Matthew Bauer 69cf07ec0f
Merge pull request #60828 from matthewbauer/mark-bad-platforms
Mark some bad platforms
2019-05-06 15:54:08 -04:00
Jörg Thalheim 7b77c27caa
linux_5_0: restore __kernel_fpu_{begin,restore}
In 5.0er these function were removed from the public interface also zfs needs
them for AVX/AES-NI support. Without this patch for example throughput on a
encrypted zfs dataset drops to 200 MB/s from 1.2 GB/s. These functions were
removed as their was no user within the linux kernel tree itself.
2019-05-06 14:14:40 +01:00
Austin Seipp 0a4cd28f84
linuxPackages.bcc: 0.8.0 -> 0.9.0
Requires a minor tweak to the deadlock detector patch (the file was
renamed in the upstream repo).

bcc now also wants a copy of libbpf, which it doesn't have in the source
release tarball. Clone a copy from GiHub that's synchronized with the
release, and put it in place.

Tested on Linux 5.1 (with bpftrace as well).

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-06 01:42:02 -05:00
Austin Seipp 181e971755
linux: add 5.1 release
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-06 00:39:22 -05:00
José Romildo Malaquias 1c137e36ea
Merge pull request #59378 from romildo/upd.deepin.deepin-anything
deepin.deepin-anything: init at 0.0.7
2019-05-05 15:05:15 -03:00
José Romildo Malaquias 868ed9f2c4 linuxPackages.deepin-anything: init at 0.0.7 2019-05-05 13:26:42 -03:00
Renaud 67b263f6ac
Merge pull request #60975 from c0bw3b/pkg/mstpd
mstpd: 0.0.5.20171113 -> 0.0.7
2019-05-05 18:18:35 +02:00
Tim Steinbach 9d6aef817b
linux: 5.0.12 -> 5.0.13 2019-05-05 11:16:44 -04:00
Tim Steinbach e867007dc8
linux: 4.19.39 -> 4.19.40 2019-05-05 11:16:17 -04:00
Renaud 25e0560958
mstpd: 0.0.5.20171113 -> 0.0.7 2019-05-05 11:24:34 +02:00
Tim Steinbach 59e9fb1d52
linux: 5.0.11 -> 5.0.12 2019-05-04 10:26:55 -04:00
Tim Steinbach 5ee553b280
linux: 4.9.172 -> 4.9.173 2019-05-04 10:26:40 -04:00
Tim Steinbach 7d0a77cd36
linux: 4.19.38 -> 4.19.39 2019-05-04 10:25:28 -04:00
Tim Steinbach a03324e9ba
linux: 4.14.115 -> 4.14.116 2019-05-04 10:25:01 -04:00
Austin Seipp f60936d14d
Merge pull request #60121 from eadwu/nvidia_x11_beta/430.09
nvidia_x11_beta: stable -> 430.09
2019-05-03 15:33:04 -05:00
Austin Seipp c8cb015ff6
linuxPackages.perf: add libopcodes as a buildInput
Newer versions of perf in Linux 5.1+ support disassembling and
annotating eBPF programs inside the kernel. In order to do this, it uses
libbfd's support for bpf disassembly. There are two parts: libopcodes
and libbfd.

The 'perf' build system seems to expect libopcodes/libbfd to go "hand in
hand" -- always together, if one or the other is installed. If the build
system detects libbfd is available, then an import of <dis-asm.h> is
performed, but this fails since it wasn't in the buildInput. Fixing this
should be an easy, backwards-compatible change.

Fixes #60891, allowing linuxPackages_testing.perf to build again
(currently kernel version 5.1.0-rc7).

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-03 15:10:46 -05:00
Austin Seipp f40a559cbb
bpftrace: nuke some unneeded files from $out
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-03 12:25:59 -05:00
Austin Seipp 89d5bfc2db
Merge pull request #60844 from thoughtpolice/nixpkgs/bpftrace-update
bpftrace: unstable-2018-10-27 -> 0.9
2019-05-03 12:09:57 -05:00
Austin Seipp 241063ca84
bpftrace: unstable-2018-10-27 -> 0.9
Update bpftrace to the latest pre-release, with a real version number.

The most notable change now is that bpftrace can use a stable version of
the 'bcc' toolchain in order to build, meaning no more hacks are needed
to clone the source code and fix up the build system, etc. This
simplifies things greatly and removes the old bcc-source patch.

Similarly, we can remove our custom gtests patch (which disabled the
build) by just passing -DBUILD_TESTING=FALSE when running cmake. This
was also added upstream recently.

However, something does still need to be fixed, at a cost: bpftrace
requires the kernel -dev package because it wants both objects and
include directories (some files are only shipped in one or the other).
Therefore, we remove the dependency on linuxHeaders and instead use
kernel.dev as the sole input to the build.

This is both a positive and a negative: the positive is that tools work
without annoying fatal errors, and that the bpf toolchain is
synchronized to the linuxPackages.kernel derivation it was built
against. The downside is that the .dev expression is much heavier as a
dependency, so bpftrace is now closer to 700mb in closure size. (This
especially hurts across kernel upgrades requiring a whole new rebuild,
especially if you have existing nixos generations that won't GC, etc.)

We probably want to slim this down substantially in the future (and
there may be a few ways to do that), but as this will probably also
touch bcc, and as a first cut of the pre-releases, this is probably fine
while we work out other kinks.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2019-05-03 11:32:58 -05:00
Dmitry Kudriavtsev 6b5848e26b
miraclecast: 20170427 -> 20190403 2019-05-03 09:21:52 -07:00
Renaud 45b7685314
Merge pull request #60800 from r-ryantm/auto-update/sysstat
sysstat: 12.1.3 -> 12.1.4
2019-05-03 11:36:28 +02:00
Leah Neukirchen 23336fb44a extrace: init at 0.7 2019-05-03 18:19:57 +09:00
Matthew Bauer b7950c560a kexectools: mark bad platforms 2019-05-02 21:30:32 -04:00
R. RyanTM a0e953768a sysstat: 12.1.3 -> 12.1.4
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/sysstat/versions
2019-05-02 13:22:12 -07:00
Tim Steinbach 6494ad9996
linux: 5.0.10 -> 5.0.11 2019-05-02 13:57:46 -04:00
Tim Steinbach 9d7638371f
linux: 4.9.171 -> 4.9.172 2019-05-02 13:57:46 -04:00
Tim Steinbach e0bf73dbde
linux: 4.19.37 -> 4.19.38 2019-05-02 13:57:45 -04:00
Tim Steinbach 5d03bfd653
linux: 4.14.114 -> 4.14.115 2019-05-02 13:57:45 -04:00
R. RyanTM 36f45dc7d3 mbpfan: 2.1.0 -> 2.1.1
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/mbpfan/versions
2019-05-01 03:55:14 -07:00
R. RyanTM da627dec9f btfs: 2.18 -> 2.19 (#60478)
* btfs: 2.18 -> 2.19

Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/btfs/versions

* btfs: refactor
2019-05-01 00:22:15 +02:00
Frederik Rietdijk fd2bd6e433
Merge staging-next into master 2019-04-30 15:50:24 +02:00
Tim Steinbach aeb464dfd3
linux: 5.1-rc6 -> 5.1-rc7 2019-04-29 08:06:52 -04:00
Frederik Rietdijk 2f936f85d8 Merge master into staging-next 2019-04-29 13:46:20 +02:00
c0bw3b 3aa6b25fdf service-wrapper: 16.04.0 -> 19.04 2019-04-28 18:35:34 +02:00
Franz Pletz 4f0ffce77b
Merge pull request #59748 from dtzWill/update/linux-firmware-20190416
firmwareLinuxNonfree: 20190312 -> 20190416
2019-04-27 12:36:55 +00:00
Tim Steinbach c08aa32c90
linux: Remove i2c-oops patch 2019-04-27 08:08:33 -04:00
Tim Steinbach 264367b15e
linux: 5.0.9 -> 5.0.10 2019-04-27 08:08:31 -04:00
Tim Steinbach 8d98033d99
linux: 4.9.170 -> 4.9.171 2019-04-27 08:08:26 -04:00
Tim Steinbach 3d829058a1
linux: 4.4.178 -> 4.4.179 2019-04-27 08:06:43 -04:00
Tim Steinbach d43faab5ef
linux: 4.19.36 -> 4.19.37 2019-04-27 08:06:39 -04:00
Tim Steinbach ae7baea76f
linux: 4.14.113 -> 4.14.114 2019-04-27 08:05:36 -04:00
Frederik Rietdijk 883232c00d Merge master into staging-next 2019-04-27 07:01:38 +02:00
Matthew Bauer fa0208c09a
Merge pull request #60291 from matthewbauer/kexec-tools-get-correct-compiler
kexec-tools: use depsBuildBuild to get the right compiler
2019-04-26 18:16:21 -04:00
Renaud 3567860a27
Merge pull request #59006 from terlar/wip-update-sysdig
WIP linuxPackages.sysdig: 0.24.2 -> 0.25
2019-04-27 00:05:24 +02:00
Matthew Bauer c1287a4b9c kexec-tools: use depsBuildBuild to get the right compiler
Need this to avoid this issue in pkgsStatic:

  ld: cannot find -lc

/cc @ericson2314
2019-04-26 18:04:29 -04:00
Vladyslav M e8c2633bc1
linux_testing_bcachefs,bcachefs-tools: 2019-04-04 (#58296)
linux_testing_bcachefs,bcachefs-tools: 2019-04-04
2019-04-26 19:35:10 +03:00