Emily
ed89b5b3f1
linux_*_hardened: don't set PANIC_ON_OOPS
...
Upstreamed in anthraxx/linux-hardened@366e0216f1 .
2020-04-17 16:13:39 +01:00
Emily
0d5f1697b7
linux_*_hardened: don't set SLAB_FREELIST_{RANDOM,HARDENED}
...
Upstreamed in anthraxx/linux-hardened@786126f177 ,
anthraxx/linux-hardened@44822ebeb7 .
2020-04-17 16:13:39 +01:00
Emily
4fb796e341
linux_*_hardened: don't set HARDENED_USERCOPY_FALLBACK
...
Upstreamed in anthraxx/linux-hardened@c1fe7a68e3 ,
anthraxx/linux-hardened@2c553a2bb1 .
2020-04-17 16:13:39 +01:00
Emily
3eeb5240ac
linux_*_hardened: don't set DEBUG_LIST
...
Upstreamed in anthraxx/linux-hardened@6b20124185 .
2020-04-17 16:13:39 +01:00
Emily
0611462e33
linux_*_hardened: don't set {,IO_}STRICT_DEVMEM
...
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66 .
Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
2020-04-17 16:13:39 +01:00
Emily
303bb60fb1
linux_*_hardened: don't set DEBUG_WX
...
Upstreamed in anthraxx/linux-hardened@55ee7417f3 .
2020-04-17 16:13:39 +01:00
Emily
33b94e5a44
linux_*_hardened: don't set BUG_ON_DATA_CORRUPTION
...
Upstreamed in anthraxx/linux-hardened@3fcd15014c .
2020-04-17 16:13:39 +01:00
Emily
db6b327508
linux_*_hardened: don't set LEGACY_VSYSCALL_NONE
...
Upstreamed in anthraxx/linux-hardened@d300b0fdad .
2020-04-17 16:13:39 +01:00
Emily
130f6812be
linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}
...
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3 .
2020-04-17 16:13:39 +01:00
Emily
8c68055432
linux_*_hardened: don't set MODIFY_LDT_SYSCALL
...
Upstreamed in anthraxx/linux-hardened@05644876fa .
2020-04-17 16:13:39 +01:00
Emily
8efe83c22e
linux_*_hardened: don't set DEFAULT_MMAP_MIN_ADDR
...
Upstreamed in anthraxx/linux-hardened@f1fe0a64dd .
2020-04-17 16:13:39 +01:00
Emily
3d4c8ae901
linux_*_hardened: don't set VMAP_STACK
...
This has been on by default upstream for as long as it's been an option.
2020-04-17 16:13:39 +01:00
Emily
7d5352df31
linux_*_hardened: don't set X86_X32
...
As far as I can tell, this has never defaulted to on upstream, and our
common kernel configuration doesn't turn it on, so the attack surface
reduction here is somewhat homeopathic.
2020-04-17 16:13:39 +01:00
Emily
0d4f35efd4
linux_*_hardened: use linux-hardened patch set
...
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened , and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
2020-04-17 16:13:39 +01:00
Emily
3d01e802bd
linux: explicitly enable SYSVIPC
...
The linux-hardened patch set removes this default, probably because of
its original focus on Android kernel hardening.
2020-04-17 16:12:29 +01:00
Tim Steinbach
e341107367
linux: 5.4.32 -> 5.4.33
2020-04-17 08:34:01 -04:00
Tim Steinbach
d9258d33be
linux: 4.19.115 -> 4.19.116
2020-04-17 08:34:01 -04:00
Vladimír Čunát
acb4710214
alsaTools: 1.1.7 -> 1.2.2
...
Fixes build regression (after alsa update, I assume).
Despite the version number change, the diff is trivial:
https://git.alsa-project.org/?p=alsa-tools.git;a=log;h=refs/tags/v1.2.2
2020-04-17 13:49:20 +02:00
Florian Klink
b3f14109a8
systemd: explicitly disable portabled for now
...
This hasn't worked with 243, let's disable it for now, until we have
tests and can ensure it works and keeps working.
2020-04-17 00:31:03 +02:00
Florian Klink
ce7c1230ea
systemd: explicitly disable homed for now
...
We don't currently have tests to ensure it works and keeps working.
So instead of having it accidentially working, and possibly breaking it
in the future, disable it for now.
2020-04-17 00:30:52 +02:00
Jörg Thalheim
c18ceab106
systemd: remove myself as maintainer
2020-04-17 00:30:52 +02:00
Florian Klink
b0b7f673dc
systemd: 245 -> 245.3
2020-04-17 00:30:52 +02:00
Florian Klink
d2871a723a
systemd: 244.3 -> 245
2020-04-17 00:30:51 +02:00
Florian Klink
9de0ac3770
systemd: 243.7 -> 244.3
...
This required some changes in how we treat DEFAULT_PATH_NORMAL.
2020-04-17 00:30:51 +02:00
Florian Klink
b4cbcba5b1
systemd: update paths kmod-static-nodes.service
...
The previous patch just removed a `ConditionFileNotEmpty=…` line from
`kmod-static-nodes.service` referring to a location not existing on
NixOS. We know better, and can actually replace this Condition to point
to `run/booted-system/kernel-modules/lib/modules/%v/`, instead of just
patching it out.
2020-04-17 00:28:58 +02:00
Florian Klink
a6710adab2
systemd: join 000{3,8}-Don-t-try-to-unmount-nix-or-nix-store.patch
2020-04-17 00:27:30 +02:00
Florian Klink
4f346cd849
systemd: drop 0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch
...
This was simply undoing a hunk from
0008-Don-t-try-to-unmount-nix-or-nix-store.patch, so drop that one from
there and omit
0017-Fix-mount-option-x-initrd.mount-handling-35268-16.patch entirely.
2020-04-17 00:27:29 +02:00
Florian Klink
a16ebf8561
systemd: drop 001{4,5}-{catalog,hwdb}-don-t-update-on-install.patch
...
These patches removed logic in the meson install phase invoking
`journalctl --update-catalog` and `systemd-hwdb update`, which would
mutate the running system, and obviously fails in the sandbox.
Upstream also knows this is a bad thing if you're not on the machine you
want to deploy to, so there's logic in there to not execute it when
DESTDIR isn't empty. In our case, it is - as we set --prefix instead for
other reasons, but by just setting DESTIDIR to "/", we can still trigger
these things to be skipped.
The patches removed some context from
0018-Install-default-configuration-into-out-share-factory.patch, which
we need to introduce there to make that patch still apply.
2020-04-17 00:27:29 +02:00
Florian Klink
1ad4accdaf
systemd: drop 0027-Start-getty-on-lxc.patch
...
Since quite some time, systemd starts getty on these consoles
automatically.
2020-04-17 00:27:29 +02:00
Florian Klink
22bb3a6771
systemd: remove local-fs patch and revert of it
2020-04-17 00:27:29 +02:00
Florian Klink
ba770e599c
systemd: switch from our own fork to upstream repo + local patches
...
After patching, this produces exactly the same source code as in our
custom fork, but having the actual patches inlined inside nixpkgs makes
it easier to get rid of them.
In case more complicated rebasing is necessary, maintainers can
- Clone the upstream systemd/systemd[-stable] repo
- Checkout the current rev mentioned in src
- Apply the patches from this folder via `git am 00*.patch`
- Rebase the repo on top of a new version
- Export the patch series via `git format-patch $newVersion`
- Update the patches = [ … ] attribute (if necessary)
2020-04-17 00:27:19 +02:00
Mario Rodas
fc7efb2d49
lxc: 4.0.1 -> 4.0.2
2020-04-16 04:20:00 -05:00
Jan Tojnar
4b706490da
Merge branch 'staging-next' into staging
2020-04-16 10:10:38 +02:00
Jan Tojnar
3d8e436917
Merge branch 'master' into staging-next
2020-04-16 10:09:43 +02:00
markuskowa
4289160b17
Merge pull request #85281 from r-ryantm/auto-update/rdma-core
...
rdma-core: 28.0 -> 29.0
2020-04-15 13:27:20 +02:00
R. RyanTM
d6d2b1ee6d
rdma-core: 28.0 -> 29.0
2020-04-15 07:31:00 +00:00
Niklas Hambüchen
f16ae2da3e
linux: Enable CONFIG_NET_DROP_MONITOR
by default.
...
Needed for subscribing to dropped packets (e.g. via `dropwatch`).
2020-04-14 20:07:51 +02:00
Maximilian Bosch
401e07d419
Merge pull request #84551 from gnprice/pr-stripDebugList
...
treewide: Fix types of stripDebugList attrs (and fix doc)
2020-04-14 15:54:52 +02:00
John Ericson
17f2cf93dc
fwupdate: Clean up -I flags
2020-04-13 19:21:23 -04:00
Matthew Bauer
e520d6af29
Merge pull request #84415 from matthewbauer/mb-cross-fixes-april2020
...
Cross compilation fixes [april 2020]
2020-04-13 16:48:38 -04:00
Jan Tojnar
b4a6714571
Merge branch 'staging-next' into staging
2020-04-13 18:54:59 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next
2020-04-13 18:50:35 +02:00
Matthew Bauer
156c67858f
Merge pull request #85017 from r-ryantm/auto-update/android-udev-rules
...
android-udev-rules: 20191103 -> 20200410
2020-04-13 11:11:25 -04:00
Tim Steinbach
f6e64feb14
linux: 5.6.3 -> 5.6.4
2020-04-13 08:36:35 -04:00
Tim Steinbach
bba4a30f8c
linux: 5.5.16 -> 5.5.17
2020-04-13 08:36:27 -04:00
Tim Steinbach
2b6e16abe0
linux: 5.4.31 -> 5.4.32
2020-04-13 08:36:19 -04:00
Tim Steinbach
f47969645b
linux: 4.9.218 -> 4.9.219
2020-04-13 08:36:11 -04:00
Tim Steinbach
e06d2a4682
linux: 4.19.114 -> 4.19.115
2020-04-13 08:36:04 -04:00
Tim Steinbach
f717bfeedb
linux: 4.14.175 -> 4.14.176
2020-04-13 08:35:56 -04:00
Tim Steinbach
3a8f6159cb
linux: 4.4.218 -> 4.4.219
2020-04-13 08:35:32 -04:00
Maximilian Bosch
89d2967c9e
linuxPackages.bpftrace: 0.9.3 -> 0.9.4
...
https://github.com/iovisor/bpftrace/releases/tag/v0.9.4
2020-04-13 12:03:37 +02:00
R. RyanTM
b1d4fdad19
pam_krb5: 4.8 -> 4.9
2020-04-12 17:43:53 -07:00
R. RyanTM
1c0b645d7b
earlyoom: 1.5 -> 1.6
2020-04-12 09:09:57 +00:00
Edmund Wu
f9ac494891
rtkit: 0.11 -> 0.13
2020-04-11 21:36:43 -04:00
Edmund Wu
363004c7eb
rtkit: cleanup
2020-04-11 17:09:44 -04:00
R. RyanTM
64f80e3397
android-udev-rules: 20191103 -> 20200410
2020-04-11 18:24:40 +00:00
Andreas Stührk
9ddfde8977
v4l2loopback: 0.12.3 -> 0.12.4
2020-04-10 14:22:11 -07:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Jan Tojnar
55a5c128d4
Merge branch 'staging-next' into staging
2020-04-10 12:13:27 +02:00
Jan Tojnar
1ab03c3a76
Merge branch 'master' into staging-next
2020-04-10 12:12:56 +02:00
Dmitry Kalinkin
98790dab3b
Merge pull request #84680 from lovesegfault/nvidia-x11-440.82
...
linuxPackages.nvidia_x11: 440.64 -> 440.82
2020-04-09 00:16:46 -04:00
Bernardo Meurer
73ff54e7b9
linuxPackages.nvidia_x11: 440.64 -> 440.82
2020-04-08 20:01:41 -07:00
Peter Hoeg
f14b43a54c
Merge pull request #84716 from peterhoeg/p/g15daemon
...
g15daemon: init at 1.9.5.3
2020-04-09 09:56:26 +08:00
Michael Weiss
b7bf29993b
Merge pull request #82298 from Ralith/netem
...
iproute: include netem tools
2020-04-08 19:05:59 +02:00
Michael Bishop
70308c5c56
device-tree_rpi: fix platforms
2020-04-08 12:54:58 -03:00
Jörg Thalheim
fe8875a363
Merge pull request #84597 from NixOS/acpi-call
...
linuxPackages.acpi-call: switch to nix-community fork
2020-04-08 15:34:01 +01:00
Jörg Thalheim
1ae03c9db1
linuxPackages.acpi-call: switch to nix-community fork
...
This fixes also build against linux 5.6
We also took the opportunity to cleanup the build.
2020-04-08 15:03:53 +01:00
Tim Steinbach
7bd91fe7af
linux: 5.6.2 -> 5.6.3
2020-04-08 08:51:08 -04:00
Tim Steinbach
1c637d2326
linux: 5.5.15 -> 5.5.16
2020-04-08 08:51:07 -04:00
Tim Steinbach
5653337922
linux: 5.4.30 -> 5.4.31
2020-04-08 08:51:07 -04:00
Peter Hoeg
0669cd72ae
g15daemon: init at 1.9.5.3
2020-04-08 20:49:49 +08:00
Silvan Mosberger
b293421a69
Merge pull request #84129 from Infinisil/removing-python-from-grub
...
Support removing python from zfs/grub closure
2020-04-08 12:53:28 +02:00
Jörg Thalheim
b3a9a65955
Merge pull request #84595 from NixOS/zfs
...
zfs: fix build against 5.6
2020-04-08 10:14:11 +01:00
worldofpeace
d9a056953c
Merge pull request #81693 from lovesegfault/uvcdynctrl-udev
...
uvcdynctrl: fix udev files
2020-04-07 23:38:50 -04:00
worldofpeace
9fa5658672
Merge pull request #84161 from lovesegfault/ddcci-0.3.3
...
ddcci: 0.3.2 -> 0.3.3
2020-04-07 23:36:12 -04:00
R. RyanTM
53c6b76dc4
fwts: 20.02.00 -> 20.03.00
2020-04-07 19:35:21 -07:00
Silvan Mosberger
0a43c6e0f9
zfs: Add enablePython argument
...
Reduces closure size with it disabled from 236.0M to 176.7M
2020-04-08 02:29:03 +02:00
Jörg Thalheim
75c28ebdf7
zfs: fix build against 5.6
2020-04-07 13:00:55 +01:00
Michael Weiss
84867e44bf
Merge pull request #84134 from primeos/iproute2
...
iproute: 5.5.0 -> 5.6.0
2020-04-07 12:39:04 +02:00
Bernardo Meurer
fe9b7e6281
uvcdynctrl: fix udev files
2020-04-07 00:35:53 -07:00
Bernardo Meurer
79045d9051
linuxPackages.ddcci-driver: 0.3.2 -> 0.3.3
2020-04-07 00:34:54 -07:00
Greg Price
7547cf9dfc
treewide: Fix up stripDebugList attrs to be lists.
...
The documentation says this should be a list, and it already is in
about half the expressions that set it.
The difference doesn't matter at present, because these values are all
space-free literals. But it will in a future with __structuredAttrs .
(The similar attr stripAllList has no users in the nixpkgs tree, so
there's nothing to do to fix any of those up.)
2020-04-06 21:26:52 -07:00
Dmitry Kalinkin
9b0d2f3fd1
Merge pull request #84163 from lovesegfault/nvidia-x11-440.64
...
linuxPackages.nvidia_x11: 440.59 -> 440.64
2020-04-06 18:24:27 -04:00
Matthew Bauer
024877e7b2
alsa-plugins: move pkgconfig to native
2020-04-06 16:36:28 -04:00
Matthew Bauer
0bbdba2d11
bluez: don’t build python packages when tests are disabled
...
Can’t run these on cross anyway
2020-04-06 16:36:28 -04:00
Matthew Bauer
3a71e62c56
plymouth: set systemd-tty-ask-password-agent path
...
This is needed in cross where systemd is not in path.
2020-04-06 16:36:21 -04:00
Eelco Dolstra
50913242ab
Merge pull request #81500 from primeos/tcp-cong-switch-to-cubic
...
linux config: Set TCP_CONG_CUBIC=yes to restore the default
2020-04-06 17:11:31 +02:00
Jörg Thalheim
a737f030cf
Merge pull request #71481 from eadwu/bcachefs/update-10
...
bcachefs: update 10
2020-04-06 15:43:36 +01:00
Edmund Wu
04a5e5ab7c
linux_testing_bcachefs: 5.3.2020.03.25 -> 5.3.2020.04.04
2020-04-06 10:29:33 -04:00
Jörg Thalheim
b2aa0bbf46
Merge pull request #84422 from r-ryantm/auto-update/lxcfs
...
lxcfs: 4.0.0 -> 4.0.1
2020-04-06 13:17:41 +01:00
Michael Weiss
94f2a76718
iproute: Build the netem tools
...
They will be installed now and we can provide $HOSTCC for
cross-compilation.
New files:
+lib/tc/experimental.dist
+lib/tc/normal.dist
+lib/tc/pareto.dist
+lib/tc/paretonormal.dist
Note: The distributions are generated in a reproducible way.
Co-Authored-By: Benjamin Saunders <ben.e.saunders@gmail.com>
2020-04-06 14:00:06 +02:00
Michael Weiss
aa46e1ae34
iproute: Simplify and improve the expression
2020-04-06 13:56:48 +02:00
Mario Rodas
39f6269ec0
lxc: 4.0.0 -> 4.0.1
2020-04-06 04:20:00 -05:00
Frederik Rietdijk
2420184727
Merge staging into staging-next
2020-04-06 08:54:28 +02:00
R. RyanTM
a6d549c98f
lxcfs: 4.0.0 -> 4.0.1
2020-04-06 03:47:09 +00:00
Mario Rodas
f16fb03d32
Merge pull request #84313 from r-ryantm/auto-update/procdump
...
procdump: 1.1 -> 1.1.1
2020-04-05 20:19:53 -05:00
Bernardo Meurer
408de509cc
linuxPackages.nvidia_x11: 440.59 -> 440.64
2020-04-05 14:01:28 -07:00
Graham Christensen
65d3a18576
Merge pull request #84387 from kraem/fix/facetimehd-linux-5.6
...
facetimehd: update src to build with linux >= 5.6
2020-04-05 16:28:50 -04:00
kraem
a5b0581cf7
facetimehd: update src to build with linux >= 5.6
...
also add kraem to maintainers
2020-04-05 22:14:54 +02:00
Frederik Rietdijk
98cefdd37f
Merge pull request #83155 from roastiek/alsa-upgrade
...
alsa-lib: 1.1.9 -> 1.2.2 and new alsa conf packages
2020-04-05 13:17:16 +02:00