`rngd` seems to be the root cause for slow boot issues, and its functionality is
redundant since kernel v3.17 (2014), which introduced a `krngd` task (in kernel
space) that takes care of pulling in data from hardware RNGs:
> commit be4000bc4644d027c519b6361f5ae3bbfc52c347
> Author: Torsten Duwe <duwe@lst.de>
> Date: Sat Jun 14 23:46:03 2014 -0400
>
> hwrng: create filler thread
>
> This can be viewed as the in-kernel equivalent of hwrngd;
> like FUSE it is a good thing to have a mechanism in user land,
> but for some reasons (simplicity, secrecy, integrity, speed)
> it may be better to have it in kernel space.
>
> This patch creates a thread once a hwrng registers, and uses
> the previously established add_hwgenerator_randomness() to feed
> its data to the input pool as long as needed. A derating factor
> is used to bias the entropy estimation and to disable this
> mechanism entirely when set to zero.
Closes: #96067
The build has been broken since gdk-pixbuf-xlib was broken out into a
separate package in #88086.
For some reason if I just add gdk-pixbuf-xlib.dev the headers don't make it
into CFLAGS.
On darwin the compilation would fail with the following warning:
```
clang-7: error: argument unused during compilation: '-fno-strict-overflow' [-Werror,-Wunused-command-line-argument]
```
This error happens because the `-fno-strict-overflow` is passed to the compiler. To fix this, disable the `strictoverflow` hardening feature. Also see #39687.
ZHF: #97479
The `pass.withExtensions`-function uses `buildEnv` to create a
derivation which contains a `pass`-package and a list of extensions for
it.
However, this function always uses the `pass`-attribute for `buildEnv` which
will break e.g. `passmenu` or `pass show -c` on desktops using Wayland (and
`pass-wayland.withExtensions`) since the default `pass`-package without
support for Wayland's clipboard is used.
This patch replaces the `pass`-attribute in the derivation with
`pass-wayland` to work around this issue.
Jasper has been marked insecure for a while, and upstream has not
been responsive to CVEs for over a year.
Fixes #55388.
Signed-off-by: David Anderson <dave@natulte.net>
The build for this package was failing due to failing tests that were caused by a breaking change in a dependency. The requirements.txt for this package does not pin specific versions so it was trying to build with the new version of the dependency and failing. This commit overrides the version of the dependency that is used to build the package.
This commit pins go versions for nomad 0.11 and 0.12. Future versions of
Nomad should have their versions pinned from the beginning, even if they
support the latest-at-the-time version of Go to prevent accidental
version bumps on unsupported go versions.
See https://github.com/NixOS/nixpkgs/pull/96414 for further discussion
around this change.