Commit Graph

115553 Commits

Author SHA1 Message Date
Herwig Hochleitner
2773508b5d chromium: 60.0.3112.113 -> 61.0.3163.79
CVE-2017-5111
CVE-2017-5112
CVE-2017-5113
CVE-2017-5114
CVE-2017-5115
CVE-2017-5116
CVE-2017-5117
CVE-2017-5118
CVE-2017-5119
CVE-2017-5120
2017-09-14 20:15:57 +02:00
Kirill Boltaev
73af0b1696 chromium: 60.0.3112.90 -> 60.0.3112.113 2017-09-14 00:40:57 +02:00
Jörg Thalheim
bb5b084986 tor: skip ControlPort in torrc, if not set. 2017-09-13 23:33:46 +01:00
Jörg Thalheim
987a2be430 Merge pull request #29330 from geistesk/racket-6.10.1
racket: 6.10 -> 6.10.1
2017-09-13 23:18:39 +01:00
Jörg Thalheim
0febf8d43c Merge pull request #29304 from woffs/oysttyer
oysttyer-2.9.1
2017-09-13 23:17:45 +01:00
Tuomas Tynkkynen
0c368ef02f treewide: Escape backslash in strings properly
"\." is apparently the same as "." wheras the correct one is "\\."
2017-09-14 01:03:39 +03:00
aszlig
62711f4265
Merge pull request #27683 (add test for ACME)
This is a rebased version of the pull request with small fixes due to
changes in recent master.

Original description from the pull request:

  Currently this is only a very basic test which gets certificates via
  the enableACME option of the nginx module.

  However the main reason why I'm not directly merging and putting this
  up for review is that the complexity here lies in the support-modules
  needed for the test. The support modules are for running a Boulder
  instance along with a DNS resolver (as a separate module).

  For details about the implementation, see the commit messages and the
  comments at the start of the respective support modules.

I'm merging this first of all because other than @abbradar, none of the
other requested reviewers did comment on the changes and second because
the change here is adding a test, so even if the implementation would be
so disgusting and crappy it's better than having no test at all.

The comment of @abbradar was:

  Can't we factor Boulder into a proper package and a NixOS service?
  Maybe not very general purpose for now but still -- putting everything
  into one test seems painful to me.

My objection to this is that the components are heavily patched and some
of them don't even have a release, so I'm not sure whether infesting
pkgs/ with them is really a good idea.

Nevertheless, we can still do that later.

Cc: @fpletz, @domenkozar, @bjornfor
2017-09-13 23:30:07 +02:00
Jörg Thalheim
50cf2a7156 Merge pull request #29309 from NeQuissimus/atom_1_20_0
atom: 1.19.7 -> 1.20.0
2017-09-13 22:21:29 +01:00
aszlig
01fffd94e5
nixos/tests/acme: Patch certifi with cacert
Since 67651d80bc the requests package now
depends on certifi, which in turn provides the CA root certificates that
we need to replace.

It might also be a good idea to actually patch certifi with our version
of cacert by default so that if we want to override and/or add something
we only need to do it once.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @fpletz, @k0ral, @FRidh
2017-09-13 23:16:43 +02:00
aszlig
bda38317eb
nixos/tests/letsencrypt: Fix nginx options
The enableSSL option has been deprecated in
a912a6a291, so we switch to using onlySSL.

I've also explicitly disabled enableACME, because this is the default
and we don't actually want to have ACME enabled for a host which runs an
actual ACME server.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:40 +02:00
aszlig
11b3ae74e1
nixos/tests: Add a basic test for ACME
The test here is pretty basic and only tests nginx, but it should get us
started to write tests for different webservers and different ACME
implementations.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:37 +02:00
aszlig
b3162a1074
nixos/tests: Add common modules for letsencrypt
These modules implement a way to test ACME based on a test instance of
Letsencrypt's Boulder service. The service implementation is in
letsencrypt.nix and the second module (resolver.nix) is a support-module
for the former, but can also be used for tests not involving ACME.

The second module provides a DNS server which hosts a root zone
containing all the zones and /etc/hosts entries (except loopback) in the
entire test network, so this can be very useful for other modules that
need DNS resolution.

Originally, I wrote these modules for the Headcounter deployment, but
I've refactored them a bit to be generally useful to NixOS users. The
original implementation can be found here:

https://github.com/headcounter/deployment/tree/89e7feafb/modules/testing

Quoting parts from the commit message of the initial implementation of
the Letsencrypt module in headcounter/deployment@95dfb31110:

    This module is going to be used for tests where we need to
    impersonate an ACME service such as the one from Letsencrypt within
    VM tests, which is the reason why this module is a bit ugly (I only
    care if it's working not if it's beautiful).

    While the module isn't used anywhere, it will serve as a pluggable
    module for testing whether ACME works properly to fetch certificates
    and also as a replacement for our snakeoil certificate generator.

Also quoting parts of the commit where I have refactored the same module
in headcounter/deployment@85fa481b34:

    Now we have a fully pluggable module which automatically discovers
    in which network it's used via the nodes attribute.

    The test environment of Boulder used "dns-test-srv", which is a fake
    DNS server that's resolving almost everything to 127.0.0.1. On our
    setup this is not useful, so instead we're now running a local BIND
    name server which has a fake root zone and uses the mentioned node
    attribute to automatically discover other zones in the network of
    machines and generate delegations from the root zone to the
    respective zones with the primaryIPAddress of the node.

    ...

    We want to use real letsencrypt.org FQDNs here, so we can't get away
    with the snakeoil test certificates from the upstream project but
    now roll our own.

    This not only has the benefit that we can easily pass the snakeoil
    certificate to other nodes, but we can (and do) also use it for an
    nginx proxy that's now serving HTTPS for the Boulder web front end.

The Headcounter deployment tests are simulating a production scenario
with real IPs and nameservers so it won't need to rely on
networking.extraHost. However in this implementation we don't
necessarily want to do that, so I've added auto-discovery of
networking.extraHosts in the resolver module.

Another change here is that the letsencrypt module now falls back to
using a local resolver, the Headcounter implementation on the other hand
always required to add an extra test node which serves as a resolver.

I could have squashed both modules into the final ACME test, but that
would make it not very reusable, so that's the main reason why I put
these modules in tests/common.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-09-13 23:16:33 +02:00
Jörg Thalheim
b6c68c34e5 Merge pull request #29327 from jtojnar/fix/meson-0.42.1
meson: 0.41.2 → 0.42.1
2017-09-13 22:16:32 +01:00
geistesk
af2ceaf63c racket: 6.10 -> 6.10.1 2017-09-13 23:16:18 +02:00
Joachim F
9580bafbb1 Merge pull request #25525 from emanueleperuffo/alc1100
epson-alc1100: init at version 1.2-0
2017-09-13 21:12:34 +00:00
Jörg Thalheim
c188741eb2 Merge pull request #29325 from jtojnar/fix/sublime-3
sublime3: 3126 → 3143
2017-09-13 22:07:43 +01:00
Jörg Thalheim
cc04948a49 Merge pull request #29180 from srhb/nixos-unstable
steam: Get rid of newStdcpp option, always on
2017-09-13 22:04:13 +01:00
Tuomas Tynkkynen
1e84bb90d4 strace: 4.18 -> 4.19 2017-09-14 00:00:02 +03:00
Yann Hodique
85f3834bad hugo: 0.27 -> 0.27.1 2017-09-13 22:49:15 +02:00
Vladimír Čunát
efeef044be
appstream-glib: more RPATH fixes #29326
Fix in 6a17c5a46c wasn't enough.
2017-09-13 22:41:35 +02:00
Jan Tojnar
ad8e4c272a
meson: 0.41.2 → 0.42.1 2017-09-13 22:37:30 +02:00
John Ericson
349a09228e Merge pull request #29246 from LnL7/clang-stdenv
clang-stdenv: move libstdcxxHook to cc-wrapper
2017-09-13 16:21:41 -04:00
Daiderd Jordan
56ea313c29
prometheus-node-exported: fix output cycle on darwin 2017-09-13 22:08:25 +02:00
Robin Gloster
f5e0e94b2a
nixos/redmine: fix create role
postgresql create role no longer supports NOCREATEUSER option. See
https://www.postgresql.org/docs/9.6/static/release-9-6.html for
details.
2017-09-13 21:55:50 +02:00
Matthias Beyer
b0237f767e bean-add: 2017-04-16 -> 2017-09-13 2017-09-13 21:53:56 +02:00
Matthias Beyer
8c1403066c rtv: 1.15.1 -> 1.18.0
Disable tests, which try to access the network.
2017-09-13 21:53:55 +02:00
Matthias Beyer
495dbc2cc2 mdp: 1.0.9 -> 1.0.10 2017-09-13 21:44:49 +02:00
Matthias Beyer
30a1e189ac ctodo: 1.2 -> 1.3 2017-09-13 21:44:49 +02:00
Matthias Beyer
678c149e53 buku: 3.0 -> 3.3.1 2017-09-13 21:44:49 +02:00
Matthias Beyer
65b91cd23b sqlitebrowser: 3.9.1 -> 3.10.0 2017-09-13 21:44:49 +02:00
Matthias Beyer
56cf561581 toot: 0.13.0 -> 0.15.0 2017-09-13 21:44:49 +02:00
Joachim F
c9200f8d9c Merge pull request #28874 from ryantm/mattermost
nixos/mattermost: fix create role
2017-09-13 19:41:25 +00:00
Joachim F
161b8a2bc8 Merge pull request #29035 from ryantm/update_mattermost
mattermost: 3.8.2 -> 4.1.0
2017-09-13 19:41:10 +00:00
Gabriel Adomnicai
49eb1664d8 meteor: 1.4.2.3 -> 1.5 (#28905) 2017-09-13 19:35:36 +00:00
Domen Kožar
4ffa9ace43
Add atom-beta 2017-09-13 21:08:32 +02:00
Daiderd Jordan
70c4ac12cd
nixpkgs-tests: add tests for llvm 3.9 2017-09-13 20:51:55 +02:00
Daiderd Jordan
ad486c48a6
llvm-packages: apply cc-wrapper/stdenv changes to older versions 2017-09-13 20:51:52 +02:00
Daiderd Jordan
ac88515052
clang-stdenv: move libstdcxxHook to cc-wrapper 2017-09-13 20:51:41 +02:00
Joachim F
d1f0affe33 Merge pull request #28869 from symphorien/bombono
bombono: init at 1.2.4
2017-09-13 18:46:13 +00:00
Jan Tojnar
74065fc780
sublime3: 3126 → 3143 2017-09-13 20:34:50 +02:00
Vincent Laporte
cc5491d02c proverif: 1.95 -> 1.97pl1 2017-09-13 20:01:55 +02:00
Profpatsch
4cbe7bda70 Remove Profpatsch from the CODEOWNERS file
Since CODEOWNERS shall be interpreted as actual ownership (and not just a
mentionbot replacement), I will remove myself again.
2017-09-13 19:56:13 +02:00
Andreas Rammhold
f47ab6c2fe afewmail: update meta.homepage (#29313) 2017-09-13 17:42:40 +00:00
Jörg Thalheim
13edd9765a Merge pull request #29125 from geistesk/firehol-3.1.4
firehol: init at 3.1.4, iprange: init at 1.0.3
2017-09-13 18:10:22 +01:00
Thomas Tuegel
787c6ff3e1 Merge pull request #29321 from NixOS/revert-29277-kde_frameworks_5_38
Revert "kdeFrameworks: 5.37 -> 5.38"
2017-09-13 11:58:45 -05:00
Thomas Tuegel
e468ef5119 Revert "kdeFrameworks: 5.37 -> 5.38" 2017-09-13 11:57:15 -05:00
Joachim Fasting
aff74b6af7
socklog: fixup implicit function declarations 2017-09-13 18:27:15 +02:00
Joachim Fasting
705f47f50e
socklog: properly disable the chkshsgr test
My previous attempt d438cbb0b6 was
bogus ...
2017-09-13 18:27:09 +02:00
Joachim F
2a329d4c18 Merge pull request #29314 from mdorman/emacs-updates
Semi-automated Emacs package updates
2017-09-13 16:25:55 +00:00
Joachim F
34b4935850 Merge pull request #29288 from florianjacob/piwik-3.1.0
piwik: 3.0.4 -> 3.1.0
2017-09-13 16:25:45 +00:00