As reported in #39676 the build broke because of ca52152 as the bump of
`pythonPackages.botocore` to 1.10.9 clashed with the wanted dependencies
in `awscli`.
In order to reduce the risk of accidental bugs because of loosened
version constraints I bumped the AWS CLI to `1.15.10` which depends on
`botocore@1.10` as well.
Fixes#39676
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/bubblewrap/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/k02fh24ypj5gzazl8qknff4wi7xn0hp6-bubblewrap-0.2.1/bin/bwrap --help’ got 0 exit code
- ran ‘/nix/store/k02fh24ypj5gzazl8qknff4wi7xn0hp6-bubblewrap-0.2.1/bin/bwrap --version’ and found version 0.2.1
- found 0.2.1 with grep in /nix/store/k02fh24ypj5gzazl8qknff4wi7xn0hp6-bubblewrap-0.2.1
- directory tree listing: https://gist.github.com/9ee4cdd00b90b74f8599566d9ed1d5d0
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/certbot/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/certbot -h’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/certbot --help’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/certbot help’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/certbot --version’ and found version 0.23.0
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/..certbot-wrapped-wrapped -h’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/..certbot-wrapped-wrapped --help’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/..certbot-wrapped-wrapped help’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/..certbot-wrapped-wrapped --version’ and found version 0.23.0
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/.certbot-wrapped -h’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/.certbot-wrapped --help’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/.certbot-wrapped help’ got 0 exit code
- ran ‘/nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0/bin/.certbot-wrapped --version’ and found version 0.23.0
- found 0.23.0 with grep in /nix/store/nfz2crys8022jwc4caw7z8sm5ldpq265-certbot-0.23.0
- directory tree listing: https://gist.github.com/16960558211e845b02775a58c7aef6ce
Resolved the following conflicts (by carefully applying patches from the both
branches since the fork point):
pkgs/development/libraries/epoxy/default.nix
pkgs/development/libraries/gtk+/3.x.nix
pkgs/development/python-modules/asgiref/default.nix
pkgs/development/python-modules/daphne/default.nix
pkgs/os-specific/linux/systemd/default.nix
Semi-automatic update. These checks were done:
- built on NixOS
- Warning: no binary found that responded to help or version flags. (This warning appears even if the package isn't expected to have binaries.)
- found 190.0.1 with grep in /nix/store/y7rvgsj3077w8div5qny11xhgyjvy06c-google-cloud-sdk-190.0.1
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33/bin/nxproxy -h` got 0 exit code
- ran `/nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33/bin/nxproxy --help` got 0 exit code
- ran `/nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33/bin/nxproxy help` got 0 exit code
- ran `/nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33/bin/nxproxy -v` and found version 3.5.0.33
- found 3.5.0.33 with grep in /nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33
- found 3.5.0.33 in filename of file in /nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec -h` got 0 exit code
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec --help` got 0 exit code
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec -V` and found version 2.7.12
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec -v` and found version 2.7.12
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec --version` and found version 2.7.12
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec -h` and found version 2.7.12
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec --help` and found version 2.7.12
- found 2.7.12 with grep in /nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12
- found 2.7.12 in filename of file in /nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12
cc "@tv"
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/dehydrated -h` got 0 exit code
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/dehydrated --help` got 0 exit code
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/dehydrated -h` and found version 0.5.0
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/dehydrated --help` and found version 0.5.0
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/.dehydrated-wrapped -h` got 0 exit code
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/.dehydrated-wrapped --help` got 0 exit code
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/.dehydrated-wrapped -h` and found version 0.5.0
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/.dehydrated-wrapped --help` and found version 0.5.0
- found 0.5.0 with grep in /nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0
- found 0.5.0 in filename of file in /nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0
The biggest benefit is that we no longer have to update the registry
package. This means that just about any cargo package can be built by
nix. No longer does `cargo update` need to be feared because it will
update to packages newer then what is available in nixpkgs.
Instead of fetching the cargo registry this bundles all the source code
into a "vendor/" folder.
This also uses the new --frozen and --locked flags which is nice.
Currently cargo-vendor only provides binaries for Linux and
macOS 64-bit. This can be solved by building it for the other
architectures and uploading it somewhere (like the NixOS cache).
This also has the downside that it requires a change to everyone's deps
hash. And if the old one is used because it was cached it will fail to
build as it will attempt to use the old version. For this reason the
attribute has been renamed to `cargoSha256`.
Authors:
* Kevin Cox <kevincox@kevincox.ca>
* Jörg Thalheim <Mic92@users.noreply.github.com>
* zimbatm <zimbatm@zimbatm.com>
* tigervnc: correct default ssh client path
The -via command sets up an ssh tunnel, but is hardcoded to /usr/bin/ssh
upstream. This patches it to use the nixpkgs openssh client.
* tigervnc: patch ssh path correctly
The libcrypto patch didn't work well with `salt-ssh` (that code failed on
remote machines), so let's make Nix-based library lookup as fallback.
https://github.com/saltstack/salt/issues/43350
* pkgs: refactor needless quoting of homepage meta attribute
A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.
* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit
* Fixed some instances
* google-cloud-sdk: 150.0.0 -> 151.0.0
- gce/create-gce.sh: rewrite using nix-shell shebang and bash
- allows to run the script without being the same directory
- nix-shell install google-cloud-sdk
- some shellcheck cleanups and scripting best practice
- gce/create-gce.sh: do not clobber NIX_PATH: this allows NIX_PATH to be overwritten to build a different release
- gce/create-gce.sh: remove legacy hydra option
From the Arch Linux advisory:
- CVE-2017-5192 (arbitrary code execution): The
`LocalClient.cmd_batch()` method client does not accept
`external_auth` credentials and so access to it from salt-api has
been removed for now. This vulnerability allows code execution for
already- authenticated users and is only in effect when running
salt-api as the `root` user.
- CVE-2017-5200 (arbitrary command execution): Salt-api allows
arbitrary command execution on a salt-master via Salt's ssh_client.
Users of Salt-API and salt-ssh could execute a command on the salt
master via a hole when both systems were enabled.
---
Using the configure option relieves us of the patch and passing the path
via the env var in many places. Also the env var may not be inherited
when components like gdm spawn new sessions.
