Changes:
- CVE-2018-14424 - double free fix
- lifecycle fixes to libgdm/GdmClient
- follow up fixes dealing with login screen reaping form last release
- allow pam modules to use SIGUSR1
- set PWD for user session
- tell cirrus not to use wayland
- Translation updates
The `Vte.2.91.gir` imports `Gtk.3.0.gir`. So in order to use
`Vte.2.91.gir`, you must also have `Gtk.3.0.gir` on the GI_TYPELIB_PATH.
Adding gtk3 to the `propagatedBuildInputs` of vte accomplishes this.
TryExec needs absolute path too, otherwise the desktop file will be ignored
unless gnome-session is in PATH, in which case, we would not need to patch
Exec.
GPaste GNOME Shell extension uses GPaste library generated via introspection. Previously, we added the gpaste package to services.xserver.desktopManager.gnome3.sessionPath option, which
added its typelib directory to GI_TYPELIB_PATH environment variable globally, in order for GNOME Shell to be able to find it. This is not very Nix-y, though, so we have decided to patch the code to
append the path to the GI repository search path.
Additionally, the code relies on GPaste’s GSettings schemas, so we had to hard-code the paths to them as well. We ignored the GNOME Shell’s schemas, since they will already be available for the
extension inside GNOME Shell program.
When creating a new mobile broadband connection
with the plasma network manager connection editor,
it tries to find a file containing provider
information somewhere in /usr/share/... .
The build recipe contains a patch to fix the lookup path
such that it finds the file in the corresponding package,
probably added due to
https://github.com/NixOS/nixpkgs/issues/9389 .
The actual lookup path is injected into
the patch file with substituteAll.
With commit a31d98f312 ,
the variable name used in subsituteAll changed from
mobile_broadband_provider_info to mobile-broadband-provider-info
(underscores in package names turned into dashes).
Apparently, substituteAll can't handle dashes in variable names.
Consequently, the variable name was no longer resolved.
plasma-nm failed to create new mobile broadband connections;
the connection creator silently exited and logged the error
> plasma-nm: Error opening providers file "@mobile-broadband-provider-info@/share/mobile-broadband-provider-info/serviceproviders.xml"
This commit keeps the dashes in package names, but it
restores the underscores in the variable used by substituteAll,
thereby ensuring the variable gets resolved properly.
* substitute(): --subst-var was silently coercing to "" if the variable does not exist.
* libffi: simplify using `checkInputs`
* pythonPackges.hypothesis, pythonPackages.pytest: simpify dependency cycle fix
* utillinux: 2.32 -> 2.32.1
https://lkml.org/lkml/2018/7/16/532
* busybox: 1.29.0 -> 1.29.1
* bind: 9.12.1-P2 -> 9.12.2
https://ftp.isc.org/isc/bind9/9.12.2/RELEASE-NOTES-bind-9.12.2.html
* curl: 7.60.0 -> 7.61.0
* gvfs: make tests run, but disable
* ilmbase: disable tests on i686. Spooky!
* mdds: fix tests
* git: disable checks as tests are run in installcheck
* ruby: disable tests
* libcommuni: disable checks as tests are run in installcheck
* librdf: make tests run, but disable
* neon, neon_0_29: make tests run, but disable
* pciutils: 3.6.0 -> 3.6.1
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/pciutils/versions.
* mesa: more include fixes
mostly from void-linux (thanks!)
* npth: 1.5 -> 1.6
minor bump
* boost167: Add lockfree next_prior patch
* stdenv: cleanup darwin bootstrapping
Also gets rid of the full python and some of it's dependencies in the
stdenv build closure.
* Revert "pciutils: use standardized equivalent for canonicalize_file_name"
This reverts commit f8db20fb3a.
Patching should no longer be needed with 3.6.1.
* binutils-wrapper: Try to avoid adding unnecessary -L flags
(cherry picked from commit f3758258b8895508475caf83e92bfb236a27ceb9)
Signed-off-by: Domen Kožar <domen@dev.si>
* libffi: don't check on darwin
libffi usages in stdenv broken darwin. We need to disable doCheck for that case.
* "rm $out/share/icons/hicolor/icon-theme.cache" -> hicolor-icon-theme setup-hook
* python.pkgs.pytest: setupHook to prevent creation of .pytest-cache folder, fixes#40273
When `py.test` was run with a folder as argument, it would not only
search for tests in that folder, but also create a .pytest-cache folder.
Not only is this state we don't want, but it was also causing
collisions.
* parity-ui: fix after merge
* python.pkgs.pytest-flake8: disable test, fix build
* Revert "meson: 0.46.1 -> 0.47.0"
With meson 0.47.0 (or 0.47.1, or git)
things are very wrong re:rpath handling
resulting in at best missing libs but
even corrupt binaries :(.
When we run patchelf it masks the problem
by removing obviously busted paths.
Which is probably why this wasn't noticed immediately.
Unfortunately the binary already
has a long series of paths scribbled
in a space intended for a much smaller string;
in my testing it was something like
lengths were 67 with 300+ written to it.
I think we've reported the relevant issues upstream,
but unfortunately it appears our patches
are what introduces the overwrite/corruption
(by no longer being correct in what they assume)
This doesn't look so bad to fix but it's
not something I can spend more time on
at the moment.
--
Interestingly the overwritten string data
(because it is scribbled past the bounds)
remains in the binary and is why we're suddenly
seeing unexpected references in various builds
-- notably this is is the reason we're
seeing the "extra-utils" breakage
that entirely crippled NixOS on master
(and probably on staging before?).
Fixes#43650.
This reverts commit 305ac4dade.
(cherry picked from commit 273d68eff8f7b6cd4ebed3718e5078a0f43cb55d)
Signed-off-by: Domen Kožar <domen@dev.si>
76999cc40e changed some hashes resulting in this PR being technically
a mass rebuild. To avoid this, I am restoring some of the hashes (even
though it seems silly). My main goal is to get this PR merged quickly
as treewide changes like this get out-of-date quickly.
This commit should be reverted on the next mass rebuild.
This makes the command ‘nix-env -qa -f. --arg config '{skipAliases =
true;}'’ work in Nixpkgs.
Misc...
- qtikz: use libsForQt5.callPackage
This ensures we get the right poppler.
- rewrites:
docbook5_xsl -> docbook_xsl_ns
docbook_xml_xslt -> docbook_xsl
diffpdf: fixup
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/marco/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0/bin/marco-message had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0/bin/marco-window-demo had a zero exit code or showed the expected version
- /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0/bin/marco passed the binary check.
- Warning: no invocation of /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0/bin/marco-theme-viewer had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0/bin/.marco-message-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0/bin/.marco-window-demo-wrapped had a zero exit code or showed the expected version
- /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0/bin/.marco-wrapped passed the binary check.
- Warning: no invocation of /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0/bin/.marco-theme-viewer-wrapped had a zero exit code or showed the expected version
- 2 of 8 passed binary check by having a zero exit code.
- 0 of 8 passed binary check by having the new version present in output.
- found 1.21.0 with grep in /nix/store/105g04v1faqwfb457slg5igkwsi9qqdf-marco-1.21.0
- directory tree listing: https://gist.github.com/7234306294e99b33fef6a86358544611
- du listing: https://gist.github.com/8c742fd13a9c7ded57bc11be9c669b95
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/mate-applets/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/6q9mwpgw42jld019cnn6ka513c8zw1sc-mate-applets-1.21.0/bin/mate-cpufreq-selector had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/6q9mwpgw42jld019cnn6ka513c8zw1sc-mate-applets-1.21.0/bin/.mate-cpufreq-selector-wrapped had a zero exit code or showed the expected version
- 0 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 1.21.0 with grep in /nix/store/6q9mwpgw42jld019cnn6ka513c8zw1sc-mate-applets-1.21.0
- directory tree listing: https://gist.github.com/a0ab2cac21cf6cae44f410df2b5c6284
- du listing: https://gist.github.com/0c9f7376cb17ad1d5e2a1bce03520edc
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/mate-power-manager/versions.
These checks were done:
- built on NixOS
- /nix/store/3p5n72sk436hkj88ndbws85n3sjpjws6-mate-power-manager-1.21.0/bin/mate-power-manager passed the binary check.
- /nix/store/3p5n72sk436hkj88ndbws85n3sjpjws6-mate-power-manager-1.21.0/bin/mate-power-preferences passed the binary check.
- /nix/store/3p5n72sk436hkj88ndbws85n3sjpjws6-mate-power-manager-1.21.0/bin/mate-power-statistics passed the binary check.
- /nix/store/3p5n72sk436hkj88ndbws85n3sjpjws6-mate-power-manager-1.21.0/bin/.mate-power-manager-wrapped passed the binary check.
- /nix/store/3p5n72sk436hkj88ndbws85n3sjpjws6-mate-power-manager-1.21.0/bin/.mate-power-preferences-wrapped passed the binary check.
- /nix/store/3p5n72sk436hkj88ndbws85n3sjpjws6-mate-power-manager-1.21.0/bin/.mate-power-statistics-wrapped passed the binary check.
- /nix/store/3p5n72sk436hkj88ndbws85n3sjpjws6-mate-power-manager-1.21.0/bin/mate-power-backlight-helper passed the binary check.
- 7 of 7 passed binary check by having a zero exit code.
- 2 of 7 passed binary check by having the new version present in output.
- found 1.21.0 with grep in /nix/store/3p5n72sk436hkj88ndbws85n3sjpjws6-mate-power-manager-1.21.0
- directory tree listing: https://gist.github.com/1e52186ae9e0f46684d551318ba77db0
- du listing: https://gist.github.com/c94ea5d841ae308a842d899ce7685a0b
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/mate-system-monitor/versions.
These checks were done:
- built on NixOS
- /nix/store/r2kdrj4kv3ljxdv8l9m6k5ihpij628s5-mate-system-monitor-1.21.0/bin/mate-system-monitor passed the binary check.
- /nix/store/r2kdrj4kv3ljxdv8l9m6k5ihpij628s5-mate-system-monitor-1.21.0/bin/.mate-system-monitor-wrapped passed the binary check.
- 2 of 2 passed binary check by having a zero exit code.
- 0 of 2 passed binary check by having the new version present in output.
- found 1.21.0 with grep in /nix/store/r2kdrj4kv3ljxdv8l9m6k5ihpij628s5-mate-system-monitor-1.21.0
- directory tree listing: https://gist.github.com/f4f7bd0ff2528925fb7906a6dba7a165
- du listing: https://gist.github.com/a529d5cc92ba18328a47ad40d4a87b2a
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/mate-terminal/versions.
These checks were done:
- built on NixOS
- /nix/store/pkwgjc2972cx5yicsppl6ivkrbl9sflh-mate-terminal-1.21.0/bin/mate-terminal passed the binary check.
- /nix/store/pkwgjc2972cx5yicsppl6ivkrbl9sflh-mate-terminal-1.21.0/bin/mate-terminal.wrapper passed the binary check.
- /nix/store/pkwgjc2972cx5yicsppl6ivkrbl9sflh-mate-terminal-1.21.0/bin/.mate-terminal-wrapped passed the binary check.
- /nix/store/pkwgjc2972cx5yicsppl6ivkrbl9sflh-mate-terminal-1.21.0/bin/.mate-terminal.wrapper-wrapped passed the binary check.
- 4 of 4 passed binary check by having a zero exit code.
- 0 of 4 passed binary check by having the new version present in output.
- found 1.21.0 with grep in /nix/store/pkwgjc2972cx5yicsppl6ivkrbl9sflh-mate-terminal-1.21.0
- directory tree listing: https://gist.github.com/cbbde60e233e1916f09d61e0a3e6e306
- du listing: https://gist.github.com/21079e9340adbd98c94647457231e080
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/mate-calc/versions.
These checks were done:
- built on NixOS
- Warning: no invocation of /nix/store/pj0sfjgfdibchfcjxmw8hqqz6b3733vf-mate-calc-1.21.0/bin/mate-calc had a zero exit code or showed the expected version
- /nix/store/pj0sfjgfdibchfcjxmw8hqqz6b3733vf-mate-calc-1.21.0/bin/mate-calc-cmd passed the binary check.
- Warning: no invocation of /nix/store/pj0sfjgfdibchfcjxmw8hqqz6b3733vf-mate-calc-1.21.0/bin/.mate-calculator-wrapped had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pj0sfjgfdibchfcjxmw8hqqz6b3733vf-mate-calc-1.21.0/bin/mate-calculator had a zero exit code or showed the expected version
- Warning: no invocation of /nix/store/pj0sfjgfdibchfcjxmw8hqqz6b3733vf-mate-calc-1.21.0/bin/.mate-calc-wrapped had a zero exit code or showed the expected version
- /nix/store/pj0sfjgfdibchfcjxmw8hqqz6b3733vf-mate-calc-1.21.0/bin/.mate-calc-cmd-wrapped passed the binary check.
- 2 of 6 passed binary check by having a zero exit code.
- 0 of 6 passed binary check by having the new version present in output.
- found 1.21.0 with grep in /nix/store/pj0sfjgfdibchfcjxmw8hqqz6b3733vf-mate-calc-1.21.0
- directory tree listing: https://gist.github.com/5dedfa9ca0998bbe4bc5a135a203e38d
- du listing: https://gist.github.com/aa96b097f6ceb6a2b427396a17d41e73
This adds configuration options which automate the configuration of NVIDIA Optimus using PRIME. This allows using the NVIDIA proprietary driver on Optimus laptops, in order to render using the NVIDIA GPU while outputting to displays connected only to the integrated Intel GPU. It also adds an option for enabling kernel modesetting for the NVIDIA driver (via a kernel command line flag); this is particularly useful together with Optimus/PRIME because it fixes tearing on PRIME-connected screens.
The user still needs to enable the Optimus/PRIME feature and specify the bus IDs of the Intel and NVIDIA GPUs, but this is still much easier for users and more reliable. The implementation handles both the X configuration file as well as getting display managers to run certain necessary `xrandr` commands just after X has started.
Configuration of commands run after X startup is done using a new configuration option `services.xserver.displayManager.setupCommands`. Support for this option is implemented for LightDM, GDM and SDDM; all of these have been tested with this feature including logging into a Plasma session.
Note: support of `setupCommands` for GDM is implemented by making GDM run the session executable via a wrapper; the wrapper will run the `setupCommands` before execing. This seemed like the simplest and most reliable approach, and solves running these commands both for GDM's X server and user X servers (GDM starts separate X servers for itself and user sessions). An alternative approach would be with autostart files but that seems harder to set up and less reliable.
Note that some simple features for X configuration file generation (in `xserver.nix`) are added which are used in the implementation:
- `services.xserver.extraConfig`: Allows adding arbitrary new sections. This is used to add the Device section for the Intel GPU.
- `deviceSection` and `screenSection` within `services.xserver.drivers`. This allows the nvidia configuration module to add additional contents into the `Device` and `Screen` sections of the "nvidia" driver, and not into such sections for other drivers that may be enabled.