Commit Graph

3249 Commits

Author SHA1 Message Date
Ricardo M. Correia
b5b8b5247a spl, spl.git: Update to 0.6.3 2014-06-23 15:52:20 +02:00
Austin Seipp
0399c5ee24 grsecurity: update stable/testing kernels, refactoring
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.

This also removes the vserver kernel, since it's probably not nearly as
used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 22:29:10 -05:00
Austin Seipp
125c2b9468 gradm: 3.0-201401291757 -> 3.0-201405281853
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-22 20:26:24 -05:00
Michael Raskin
c68e3418fb Update 3.16-rc to -rc2: -rc1 has problems with mounting BtrFS, will test -rc2 2014-06-22 19:45:07 +04:00
Austin Seipp
b8ede68b25 kernel/grsec: updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-21 22:13:49 -05:00
Vladimír Čunát
a4042c373b alsa{Oss,Utils}: update to 1.0.28
I somehow forgot to update these other parts.
2014-06-20 10:12:43 +02:00
Vladimír Čunát
3ec2cea214 Merge master into x-updates
Conflicts (auto-solved):
	pkgs/os-specific/linux/alsa-plugins/default.nix
2014-06-20 00:24:38 +02:00
Vladimír Čunát
36e79e3b90 upower: pull patches used in Ubuntu/trusty (fix #2884) 2014-06-19 20:51:30 +02:00
Vladimír Čunát
1a1c83fa77 alsa{Lib,Plugins}: update to 1.28.0
Dropped unrecognized option, patch no longer applying, fixed licenses.
2014-06-19 20:24:23 +02:00
Rok Garbas
870a8a0833 alsa-plugins: upgrade to 1.0.28
adding libogg as dependency should fix the build
2014-06-19 16:06:03 +01:00
Michael Raskin
8297a26746 Create an option to build 3.16-rc1 which carries a new Wireless driver; make USB_DEBUG optional as it seems to be planned to disappear in 3.16. 2014-06-18 00:23:48 +02:00
Mathijs Kwik
5bc69209b1 linux-3.15: upgrade to 3.15.1 2014-06-17 08:17:38 +02:00
Vladimír Čunát
9757785295 Merge recent master 2014-06-15 17:55:35 +02:00
Eelco Dolstra
27c72f337b linux: Update to 3.12.22
Fixes CVE-2014-3153 (local privilege escalation via futex()).
2014-06-13 17:44:02 +02:00
Vladimír Čunát
de12094b0e Merge recent master 2014-06-12 09:15:11 +02:00
Joel Taylor
58971f7b14 add htop fork for darwin (close #2690)
@vcunat made it a single conditional attribute.

Conflicts (trivial):
	lib/maintainers.nix
2014-06-11 20:36:10 +02:00
Vladimír Čunát
f2352f7ecf Merge recent master 2014-06-10 20:14:08 +02:00
Domen Kožar
7334e38af5 Merge pull request #2678 from offlinehacker/pkgs/systemd/fix_python
systemd: fix python support
2014-06-09 23:09:32 +02:00
Vladimír Čunát
5a98b9f514 Merge recent master into p/stdenv
Merged just before the pypi update, as it seems to cause problems on Hydra.
2014-06-09 19:07:31 +02:00
William A. Kennington III
8bb2313915 kernel: Add 3.15 2014-06-08 16:39:47 -05:00
William A. Kennington III
d91eacd720 kernel: 3.14.5 -> 3.14.6 (close #2868) 2014-06-08 09:12:05 +02:00
Vladimir Kirillov
1859dbc4a2 sysdig: update to 0.1.83 2014-06-06 17:21:00 +03:00
Austin Seipp
b43421221f kernel/grsec: updates; add mainline package for brave souls
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-06-05 06:06:19 -05:00
Eelco Dolstra
246edc3df2 linux: Update to 3.12.21 2014-06-05 12:54:37 +02:00
William A. Kennington III
3a0b265af9 kernel: 3.14.4 -> 3.14.5 (close #2831) 2014-06-05 10:34:40 +02:00
Ricardo M. Correia
2030328fea disk-indicator: Add package
A program that will turn a LED into a hard disk indicator.
2014-05-30 21:24:46 +02:00
Vladimír Čunát
872860e6de Merge #1187 into p/stdenv
Tested building firefox, kdelibs, evince on x86_64-linux.
2014-05-29 22:16:07 +02:00
Cillian de Róiste
a1d350287b Plymouth: update to 0.9.0, fix build, sanitize, enable systemd-integration
NOTE: I can start the daemon and ping it, but I haven't been able to
get it to do more than that.
2014-05-29 14:39:37 +02:00
Moritz Ulrich
29da3bce27 usermount: New Package.
A simple tool to automatically mount removable drives using UDisks2 and
D-Bus.

https://github.com/tom5760/usermount
2014-05-29 13:39:16 +02:00
Rob Vermaas
ce87d3e307 Merge pull request #2465 from robberer/nvidia/driver
nvidia-x11: add nvidia-uvm module which is necessary for blender GPU support
2014-05-28 08:30:22 +02:00
Michael Raskin
515a7e78fa Updating conspy 2014-05-28 01:33:29 +04:00
Michael Raskin
f9c05a3bad Merge pull request #2378 from wizeman/u/kernel-zram
linux: Add support for zram
2014-05-27 01:40:18 -07:00
Eelco Dolstra
fc70d6f712 nvidia-x11: Don't install nvidia-xconfig
Rewriting the X11 config doesn't work on NixOS.
2014-05-22 13:00:52 +02:00
Eelco Dolstra
5ec3a63fcb nvidia-x11: Update to 331.79 2014-05-22 13:00:51 +02:00
Luca Bruno
df95a8cc2f upower: add 0.99 version for gnome 3.12 2014-05-20 13:41:39 +02:00
Eelco Dolstra
2ee6c0c63e linux: Update to 3.12.20 2014-05-19 16:03:37 +02:00
Austin Seipp
0781563b46 lockdep: 3.14.2 -> 3.14.4
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 15:28:50 -05:00
Austin Seipp
ac38b32974 kernel/grsec: another optional option
This should fix the testing kernels.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:57:10 -05:00
Austin Seipp
e64e3ad88a kernel: only use DEBUG_STACKOVERFLOW if !grsecurity
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:56:52 -05:00
Austin Seipp
80d0e31a94 kernel: allow features to be used in common-config
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-18 08:49:32 -05:00
Austin Seipp
657998dbcb kernel/common-config: Another optional option
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 19:44:03 -05:00
Austin Seipp
b5b434c98a kernel: make some common-config options optional for grsec
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 16:37:22 -05:00
Austin Seipp
4f27ad14a1 grsec: refactor grsecurity packages
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:43 -05:00
Austin Seipp
cb894d4fc3 grsec: updates
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
92abc4c610 kernel: enable AppArmor by default
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
3efdeef6a3 linux-3.{4,10}: update
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
f7123982c2 apparmor: 2.8.2 -> 2.8.3
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Jaka Hudoklin
71b923fa74 systemd: fix python support 2014-05-17 12:13:29 +02:00
Ricardo M. Correia
1c2aacb5d8 spl: Fix compilation with grsecurity's constify plugin and kernels < 3.8 2014-05-15 13:25:47 +02:00
Eelco Dolstra
3d1d9bb7dd linux-3.12: Apply patch for CVE-2014-0196 2014-05-14 14:11:48 +02:00
Vladimír Čunát
9c8ee7a7e5 linux: minor updates, probably often fixing CVE-2014-0196 2014-05-13 20:00:21 +02:00
Eelco Dolstra
abbf643ae2 linux: Update to 3.12.19
Backport: 14.04
2014-05-13 13:28:14 +02:00
Luca Bruno
9e7e3978f9 shadow: Fix lastlog and faillog to find logs in /var/log
Fixes #2575 and closes #2586.
2014-05-13 11:32:10 +02:00
Michael Raskin
f8a62ff002 Allow no-kernel-module build of SysDig 2014-05-13 00:08:45 +04:00
Shea Levy
89238a251c Merge branch 'sysdig-0.1.82-now-with-osx' of git://github.com/proger/nixpkgs
sysdig: updated to 0.1.82, starting to support Darwin builds (includes
luajit Darwin support)
2014-05-12 09:34:23 -04:00
Ricky Elrod
c0a30a4b51 htop: Bump to 1.0.3 (close #2611)
Signed-off-by: Ricky Elrod <ricky@elrod.me>
2014-05-11 13:45:25 +02:00
Vladimir Kirillov
96903d5e48 sysdig: support builds without the kernel module, add pkgs.sysdig attr 2014-05-10 13:50:49 +03:00
Vladimir Kirillov
96373a4041 sysdig: update to 0.1.82 2014-05-10 13:50:49 +03:00
William A. Kennington III
e2672e892a keyutils: Update from 1.5.8 -> 1.5.9 2014-05-10 02:29:36 -05:00
Rickard Nilsson
5a0c8ff040 Merge pull request #2548 from proger/sysdig-0.1.81
sysdig: update to 0.1.81
2014-05-08 10:45:18 +02:00
Austin Seipp
130cb5d005 criu: upgrade, hopefully fix Hydra build
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-07 16:43:48 -05:00
Vladimir Kirillov
bf9612e797 sysdig: update to 0.1.81 2014-05-07 11:46:02 +03:00
Ricardo M. Correia
5b4006cddb paxctl: Update from 0.7 -> 0.8 2014-05-06 20:29:06 +02:00
Vladimír Čunát
1796a939d4 b43-fwcutter: update 015 -> 018 2014-05-06 18:43:01 +02:00
Eelco Dolstra
24cbe874d6 systemd-journal-flush: Require /var/log/journal rather than all filesystems
Backport: 14.04
2014-05-05 16:47:43 +02:00
Eelco Dolstra
014fe1a3c3 sysinit.target: Don't depend on systemd-tmpfiles-setup.service
systemd-tmpfiles-setup.service pulls in local-fs.target, which
interferes with NixOps' send-keys feature (since sshd.service depends
indirectly on sysinit.target). Since in NixOS we don't use
systemd-tmpfiles for creating files (that's done by activation scripts
and preStart scripts), it's not a problem to start it a bit later.

Backport: 14.04
2014-05-05 16:47:02 +02:00
Vladimír Čunát
07aaea85d4 pam: upstream patch to fix CVE-2014-2583 2014-05-03 21:30:48 +02:00
robberer
9683c6e806 add nvidia-uvm module which is necessary for blender GPU support 2014-05-01 16:37:14 +02:00
Eelco Dolstra
cb45ecad34 systemd: Look for fsck.* in the right place
Fixes #2464.
2014-05-01 14:32:58 +02:00
Austin Seipp
7faaa9e6da lockdep: 3.14 -> 3.14.2
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-28 17:34:35 -05:00
Bjørn Forsman
6859853045 psmisc: (from upstream) Typo in fuser makes -M on all the time 2014-04-27 20:19:31 +02:00
Austin Seipp
92f7781f00 kernel/grsecurity: stable/longterm/testing updates
kernels:

  - longterm: 3.4.87  -> 3.4.88
  - longterm: 3.10.37 -> 3.10.38
  - stable:   3.13.10 -> 3.13.11
  - stable:   3.14.1  -> 3.14.2

grsecurity:

  - test: 3.0-3.14.1-201404241722 -> 3.0-3.14.2-201404270907

NOTE: technically the 3.13 stable kernel is now EOL. However, it will
become the long-term grsecurity stable kernel, and will have ongoing
support from Canonical.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-27 08:41:42 -05:00
Ricardo M. Correia
efae8ce543 grsecurity: Update all patches
stable:  3.0-3.2.57-201404182109            -> 3.0-3.2.57-201404241714
test:    3.0-3.14.1-201404201132            -> 3.0-3.14.1-201404241722
vserver: 3.0-3.2.57-vs2.3.2.16-201404182110 -> 3.0-3.2.57-vs2.3.2.16-201404241715
2014-04-25 04:41:58 +02:00
Ricardo M. Correia
f0e3775f2e linux: Add support for zram 2014-04-24 23:47:08 +02:00
Vladimír Čunát
116d52c6df linux-3.12: bump .17 -> .18 2014-04-24 20:02:34 +02:00
Lluís Batlle i Rossell
8ef1d4ecdb Making nvidia build with linux 3.14. Patch not needed anymore. 2014-04-23 16:06:15 +02:00
Ricardo M. Correia
419a71e1e5 spl, zfs: Add git versions, based on recent commits
Upstream has not been tagging new versions for a long time, but we need
compatibility with newer kernels. The 0.6.2 versions already have a bunch of
backported compatibility patches, but 3.14 kernels need even more.

Also, the git versions have fixed a bunch of crashes and other bugs, so perhaps
we should just bite the bullet and just use recent git versions (as sometimes
upstream recommends, when people run into bugs).

This adds a new "boot.zfs.useGit" boolean option, so that a user can
easily opt into using the git versions.
2014-04-23 01:42:52 +02:00
Eelco Dolstra
fb3629df49 systemd: Re-allow Restart=yes with Type=oneshot 2014-04-22 23:53:21 +02:00
Rickard Nilsson
5db9287b7c rtkit: Update from 0.10 to 0.11 2014-04-21 23:22:10 +02:00
Ricardo M. Correia
5d5ca7b260 grsecurity: Update all patches
stable:  3.0-3.2.57-201404131252            -> 3.0-3.2.57-201404182109
test:    3.0-3.13.10-201404141717           -> 3.0-3.14.1-201404201132
vserver: 3.0-3.2.57-vs2.3.2.16-201404131253 -> 3.0-3.2.57-vs2.3.2.16-201404182110
2014-04-21 18:46:41 +02:00
aszlig
625d7b9043
Merge pull request #1928 from 'cross-win-osx'.
This includes a lot of fixes for cross-building to Windows and Mac OS X
and could possibly fix things even for non-cross-builds, like for
example OpenSSL on Windows.

The main reason for merging this in 14.04 already is that we already
have runInWindowsVM in master and it doesn't work until we actually
cross-build Cygwin's setup binary as the upstream version is a fast
moving target which gets _overwritten_ on every new release.

Conflicts:
	pkgs/top-level/all-packages.nix
2014-04-21 10:00:35 +02:00
Eelco Dolstra
4e8c2f0ff9 Merge branch 'systemd-update' 2014-04-20 19:31:01 +02:00
Eelco Dolstra
660d38e838 nvidia-x11: Update to 331.67 2014-04-18 21:50:00 +02:00
Eelco Dolstra
5da309fcaa linux: Enable SND_DYNAMIC_MINORS
This is necessary if you get:

  kernel: Too many HDMI devices
  kernel: Consider building the kernel with CONFIG_SND_DYNAMIC_MINORS=y
2014-04-18 21:50:00 +02:00
Eelco Dolstra
890d0cc3a5 firmware-linux-nonfree: Update to 0.41 2014-04-18 15:34:10 +02:00
Eelco Dolstra
7ea51b1c6c Enable kmod-static-nodes.service
This creates static device nodes such as /dev/fuse or
/dev/snd/seq. The kernel modules for these devices will be loaded on
demand when the device node is opened.
2014-04-17 14:35:05 +02:00
Eelco Dolstra
9594421617 kmod: Respect $MODULE_DIR in ‘kmod static-nodes’ 2014-04-17 13:52:30 +02:00
Eelco Dolstra
51a1e0a4a9 kmod: Update to 17 2014-04-17 13:46:48 +02:00
Eelco Dolstra
3f01caa89f linux: Enable transparent hugepages 2014-04-16 22:40:07 +02:00
Eelco Dolstra
2503e7e0c8 systemd: Apply patch to make container logins work again 2014-04-16 18:15:48 +02:00
Eelco Dolstra
c21ef84810 linux-pam: Update to 1.1.8 2014-04-16 16:44:05 +02:00
Eelco Dolstra
7438b95437 util-linux: Update to 2.24.1 2014-04-16 16:31:58 +02:00
Eelco Dolstra
c81565f6cf Remove hack for using upstream getty units
Also, enable the container-getty@ unit so that "machinectl login"
works.
2014-04-16 16:11:17 +02:00
Eelco Dolstra
19d4e40dfc systemd: Build on i686-linux 2014-04-16 15:25:37 +02:00
Eelco Dolstra
0ac322c7a0 systemd-nspawn: Fix starting NixOS containers 2014-04-16 11:34:34 +02:00
William A. Kennington III
171a58bcd6 cpupower: Add package to replace cpufrequtils 2014-04-16 01:09:57 +02:00
Eelco Dolstra
ee9c068b0c systemd: Update to 212
Note that systemd no longer depends on dbus, so we're rid of the
cyclic dependency problem between systemd and dbus.

This commit incorporates from wkennington's systemd branch
(203dcff45002a63f6be75c65f1017021318cc839,
1f842558a95947261ece66f707bfa24faf5a9d88).
2014-04-16 00:59:26 +02:00
Eelco Dolstra
07cb7451d9 lvm2: Update to 2.02.106 2014-04-15 18:02:07 +02:00
Eelco Dolstra
a37edbbb63 linux-headers: Add 3.14 2014-04-15 16:59:19 +02:00
Eelco Dolstra
0fc9f65ff2 linux-headers-2.6.28: Remove, no longer used 2014-04-15 16:50:29 +02:00
Peter Simons
e572b5c104 Merge pull request #2253 from jwiegley/watch
Add a recipe for installing "watch" from procps (#2227)
2014-04-15 16:12:27 +02:00
Austin Seipp
ba2f861f05 kernel: stable/longterm updates
- stable:   3.14    -> 3.14.1
 - longterm: 3.10.36 -> 3.10.37
 - longterm: 3.4.86  -> 3.4.86

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-14 19:46:39 -05:00
Ricardo M. Correia
1b113178ee grsecurity: Update test patch from 3.0-3.13.9-201404131254 -> 3.0-3.13.10-201404141717 2014-04-15 00:16:29 +02:00
Ricardo M. Correia
3a1c9a2945 linux: Update to 3.13.10 2014-04-15 00:16:29 +02:00
Eelco Dolstra
73b4b287bb linux: Don't use underscores in the timestamp 2014-04-14 21:06:04 +02:00
John Wiegley
7a59054dce Add a recipe for installing "watch" from procps (#2227) 2014-04-14 09:10:10 -05:00
Bjørn Forsman
1296372681 cifs-utils: update 6.2 -> 6.3
January 9, 2014: Release 6.3:
* fixes for various bugs turned up by Coverity
* clean unused cruft out of upcall binary
* add new pam_cifscreds PAM module for establishing NTLM creds on login
* https://lists.samba.org/archive/samba-technical/2014-January/097124.html
2014-04-13 22:56:21 +02:00
Bjørn Forsman
5e50b35a26 bluez5: remove unneeded libusb dependency
bluez >= 5.9 does not depend on libusb[1].

[1] http://www.bluez.org/release-of-bluez-5-9/
2014-04-13 22:46:47 +02:00
Austin Seipp
788d9a13fb grsecurity: stable/vserver/testing updates
- stable:  201404111812            -> 201404131252
 - vserver: vs2.3.2.16-201404111814 -> vs2.3.2.16-201404131253
 - testing: 201404111815            -> 201404131254

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-13 13:11:17 -05:00
Michael Raskin
e86e76e560 Adding sysdig system call tracer for Linux 2014-04-13 20:49:37 +04:00
Bjørn Forsman
d1f875c6af lttng project: update from 2.3.0 to 2.4.1
(And update liburcu to 0.8.4 according to release notes for lttng 2.4.x.)

In addition to new features and bug fixes, version 2.4.x is needed to build
against Linux 3.12 (our new stable kernel).
2014-04-13 10:47:16 +02:00
Austin Seipp
172dc1336f nixos: add grsecurity module (#1875)
This module implements a significant refactoring in grsecurity
configuration for NixOS, making it far more usable by default and much
easier to configure.

 - New security.grsecurity NixOS attributes.
   - All grsec kernels supported
   - Allows default 'auto' grsec configuration, or custom config
   - Supports custom kernel options through kernelExtraConfig
   - Defaults to high-security - user must choose kernel, server/desktop
     mode, and any virtualisation software. That's all.
   - kptr_restrict is fixed under grsecurity (it's unwriteable)
 - grsecurity patch creation is now significantly abstracted
   - only need revision, version, and SHA1
   - kernel version requirements are asserted for sanity
   - built kernels can have the uname specify the exact grsec version
     for development or bug reports. Off by default (requires
     `security.grsecurity.config.verboseVersion = true;`)
 - grsecurity sysctl support
   - By default, disabled.
   - For people who enable it, NixOS deploys a 'grsec-lock' systemd
     service which runs at startup. You are expected to configure sysctl
     through NixOS like you regularly would, which will occur before the
     service is started. As a result, changing sysctl settings requires
     a reboot.
 - New default group: 'grsecurity'
   - Root is a member by default
   - GRKERNSEC_PROC_GID is implicitly set to the 'grsecurity' GID,
     making it possible to easily add users to this group for /proc
     access
 - AppArmor is now automatically enabled where it wasn't before, despite
   implying features.apparmor = true

The most trivial example of enabling grsecurity in your kernel is by
specifying:

    security.grsecurity.enable          = true;
    security.grsecurity.testing         = true;      # testing 3.13 kernel
    security.grsecurity.config.system   = "desktop"; # or "server"

This specifies absolutely no virtualisation support. In general, you
probably at least want KVM host support, which is a little more work.
So:

    security.grsecurity.enable = true;
    security.grsecurity.stable = true; # enable stable 3.2 kernel
    security.grsecurity.config = {
      system   = "server";
      priority = "security";
      virtualisationConfig   = "host";
      virtualisationSoftware = "kvm";
      hardwareVirtualisation = true;
    }

This module has primarily been tested on Hetzner EX40 & VQ7 servers
using NixOps.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:43:51 -05:00
Austin Seipp
acbf28145c nixos: make several kernel common-config options optional
Realistically, common-config is useful, but there are a lot of things in
there that are non-optionally specified that aren't always useful. For
example, when deploying grsecurity, I don't want the bluetooth,
wireless, or input joystick/extra filesystem stack (XFS, etc), nor the
staging drivers tree.

The problem is that if you specify this in your own kernel config in the
grsecurity module, by saying 'BT n' to turn off bluetooth,
common-config turns on 'BT_HCIUART_BCSP y', which then becomes unused
and errors out.

This is really just an arbitrary picking at the moment, but it should be
OK.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-11 22:39:29 -05:00
Mathijs Kwik
5a3fa7f88f nvidia-x11: patch for kernel 3.14 support 2014-04-11 23:40:16 +02:00
Peter Simons
3c7f5870e3 Merge pull request #2197 from offlinehacker/pkgs/lxc/rootfs_fix
lxc: set rootfs path somewhere outside /nix/store
2014-04-10 12:34:08 +02:00
Mathijs Kwik
4219eb430d intel-microcode: upgrade to 20140122 2014-04-10 11:57:20 +02:00
Jaka Hudoklin
c7e94de91f lxc: set rootfs path somewhere outside /nix/store
This commit fixes lxc to eventually work
2014-04-10 11:46:06 +02:00
Ricardo M. Correia
5dfc6584a5 grsecurity: Update stable patch from 3.0-3.2.56-201404062126 -> 3.0-3.2.57-201404091758 2014-04-10 00:37:33 +02:00
Ricardo M. Correia
c50abd0e13 linux: Update to 3.2.57 2014-04-10 00:37:33 +02:00
Peter Simons
2cc462eb11 lxc: update from 1.0.1 to 1.0.3 2014-04-09 12:41:10 +02:00
Peter Simons
30aa995a42 busybox: update from 1.21.1 to 1.22.1 2014-04-09 12:41:10 +02:00
Austin Seipp
3ff158289a lockdep: refactor into non-kernel package
Lockdep doesn't *really* require the kernel package - just the kernel
sources. It's really a user-space tool just compiled from some portable
code within the kernel, nothing more.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-08 19:21:55 -05:00
Eelco Dolstra
2ba552fb2e Revert "Fix services.udisks.enable."
This reverts commit 02a30bea44,
necessary after reverting to udisks 1.0.4.

http://hydra.nixos.org/build/10194840
2014-04-08 13:28:24 +02:00
Austin Seipp
05ec851050 kernel: longterm updates
- longterm: 3.4.85  -> 3.4.86
 - longterm: 3.10.35 -> 3.10.36
 - longterm: 3.12.15 -> 3.12.17

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-07 13:56:50 -05:00
Austin Seipp
4dc15c087a musl: version 1.0.0
NB: This currently doesn't add a working musl-wrapper around musl-gcc to
allow it to work properly (musl has its own dynamic linker as well as
libc too which must be accounted for). But at the moment it builds fine,
and I plan on working more on it in the future. So lets get it
integrated and building on Hydra.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-07 10:31:31 -05:00
Ricardo M. Correia
807fad571a grsecurity: Update stable and test patches
stable: 3.0-3.2.56-201404012135 -> 3.0-3.2.56-201404062126
test:   3.0-3.13.8-201404011912 -> 3.0-3.13.9-201404062127
2014-04-07 15:31:12 +02:00
Ricardo M. Correia
c494289c12 linux: Update to 3.13.9 2014-04-07 15:31:12 +02:00
Eelco Dolstra
59ea2d7ba5 Apply patch for CVE-2014-0004 to udisks-1.0.4
(cherry picked from commit 3b1f9899618f81794ce8b88fe4eaa867e549eb06)
2014-04-07 13:22:12 +02:00
Eelco Dolstra
fa6b9baea9 Revert "udisks1: bump to fix CVE-2014-0004"
This reverts commit 0194a44d63c613065bb5c55d50470881c00563c2 because
it breaks udisks on 13.10 (e.g. running "udisks --enumerate" will
print "Unit udisks.service failed to load").

(cherry picked from commit d7daf1a47f0d3d759555a3f0a0f09398c69c6b28)
2014-04-07 13:22:12 +02:00
Shea Levy
9949d0255e Merge branch 'make-the-kernel-build-repeatable' of git://github.com/alexanderkjeldaas/nixpkgs
Make the kernel build and initrd generation binary repeatable (#2128)
2014-04-06 17:02:16 -04:00
Austin Seipp
ef903555fd gradm: learn of all accesses for /nix/store
This is necessary for gradm's learning mode to work, as otherwise the
/nix/store directory is marked hidden, which causes the kernel to reject
the linker loading ld-linux.so

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-06 21:51:35 +02:00
Austin Seipp
784062214c gradm: fix gradm_pam path
We alredy rewrote /sbin/gradm, which technically matches
/sbin/gradm_pam, so this ends up working exactly as we want. Otherwise
we rewrite twice and gradm can't execute the PAM module with '-p'

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-06 21:51:26 +02:00
Shea Levy
d35619429a Merge branch 'cache.su' of git://github.com/wkennington/nixpkgs
su: Make the su package a provider of only the su binary

Fixes #1877
2014-04-05 18:49:30 -04:00
William A. Kennington III
28ab3acb58 su: Make the su package a provider of only the su binary
Additionally, provide su with the base system and remove su from the
util-linux package as it is now provided by shadow.
2014-04-05 16:01:52 -05:00
Alexander Kjeldaas
4aeb10b09a Make cpufrequtils compilation pure. 2014-04-05 09:08:05 +02:00
Alexander Kjeldaas
c69eb7c2c1 Remove timestamp from the kernel. 2014-04-05 08:40:55 +02:00
Evgeny Egorochkin
9f957d054f hostapd: update from 2.0 to 2.1 2014-04-03 07:05:07 +03:00
Shea Levy
0c66dbaee6 Enable CC_STACKPROTECTOR_REGULAR on linux 3.14+ 2014-04-02 17:58:54 -04:00
Vladimír Čunát
8146737127 Merge #2090: add new lockdep tool from Linux 3.14 2014-04-02 20:55:30 +02:00
Ricardo M. Correia
52d233af22 grsecurity: Update stable patch from 3.0-3.2.55-201403300851 -> 3.0-3.2.56-201404012135 2014-04-02 15:11:33 +02:00
Ricardo M. Correia
e8c6c60b93 linux: Update to 3.2.56 2014-04-02 15:11:32 +02:00
Domen Kožar
f7b19ea8b3 typo 2014-04-02 12:40:59 +02:00
Ricardo M. Correia
407a6857c6 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403252026 -> 3.0-3.2.55-201403300851
test:   3.0-3.13.7-201403252047 -> 3.0-3.13.8-201404011912
2014-04-02 02:16:59 +02:00
Austin Seipp
19bc051ca1 kernel: stable/longterm updates
- longterm: 3.4.83  -> 3.4.85
 - longterm: 3.10.33 -> 3.10.35
 - longterm: 3.12.14 -> 3.12.15
 - stable:   3.13.7  -> 3.13.8

NOTE: This will break the testing grsec kernel at the moment (there's
not a 3.13.8 patch yet), but it's destined to be upgraded to 3.14 soon
anyway.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 11:11:10 +02:00
Austin Seipp
7288f25bd1 kernel: stable/longterm updates
- longterm: 3.4.83  -> 3.4.85
 - longterm: 3.10.33 -> 3.10.35
 - longterm: 3.12.14 -> 3.12.15
 - stable:   3.13.7  -> 3.13.8

NOTE: This will break the testing grsec kernel at the moment (there's
not a 3.18.8 patch yet), but it's destined to be upgraded to 3.14 soon
anyway.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 03:03:00 -05:00
Austin Seipp
1459896be1 kernel: add myself to maintainer list
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 02:59:20 -05:00
Austin Seipp
bdff718c5b kernel: add lockdep expression
Lockdep is the kernel's locking validation/debugging tool and has seen
heavy pro-active usage and development. In Linux 3.14, it's now
available directly to userspace for the same purpose. It comes with a
convenient utility to LD_PRELOAD a shared library for validation, or a
user-space API to link to directly.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 01:20:46 -05:00
Austin Seipp
9493159017 kernel: remove 3.11 series (EOL)
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 00:56:23 -05:00
Shea Levy
2d4ce25b5b Add linux 3.14 2014-03-31 20:54:47 -04:00
Jaka Hudoklin
4eefc983a2 xcode: fix hash 2014-04-01 01:34:07 +02:00
Domen Kožar
c6ebbd29e5 add v4l2loopback: a kernel module to create V4L2 loopback devices 2014-03-31 20:02:53 +02:00
ambrop7@gmail.com
bc2984d77d nvidia-x11: Fix build with kernel 3.13. 2014-03-29 23:35:14 +01:00
Shea Levy
701cb6b099 Merge branch 'nixos/containers/fix1' of git://github.com/offlinehacker/nixpkgs
nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt)
2014-03-28 23:39:01 -04:00
Eelco Dolstra
98c3caed93 nvidia-x11: Update to 331.49 2014-03-28 16:43:56 +01:00
Ricardo M. Correia
911f332279 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403202347 -> 3.0-3.2.55-201403252026
test:   3.0-3.13.6-201403202349 -> 3.0-3.13.7-201403252047
2014-03-26 23:07:57 +00:00
Ricardo M. Correia
1c73e6f9d8 linux: Update to 3.13.7 2014-03-26 23:07:57 +00:00
Moritz Ulrich
02a30bea44 Fix services.udisks.enable.
Latest update to udisks in 344f2e65 broke it for me. Fix it by doing the
following:

- Add udisks.service to /etc/systemd/system (via systemd.packages)
- Fix path to udisks-daemon in udisks.service (libexec/ instead of lib/)
2014-03-25 16:52:45 +01:00
Jaka Hudoklin
70a4c7b1df nixos: fix linux containers (systemd-nspawn, lxc, lxc-libvirt)
- Make dhcp work, use dhcpcd without udev in container
- Make login shell work, patch getty to not wait for /dev/tty0
- Make ssh work, sshd/pam do not start session
2014-03-24 23:59:50 +01:00
Mathijs Kwik
231f6c5460 psmisc: the tarball got updated upstream
looking at our git history, I think it is very peculiar that we
managed to have this version (22.21) 2 months before release :)

So I think we were using some beta/rc that accidentally got called
22.21
2014-03-24 10:35:52 +01:00
Ricardo M. Correia
f63d2dba0a pax-utils: Update from 0.7 -> 0.8.1 2014-03-21 16:14:17 +01:00
Ricardo M. Correia
9db587bf7d grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403172027 -> 3.0-3.2.55-201403202347
test:   3.0-3.13.6-201403172032 -> 3.0-3.13.6-201403202349
2014-03-21 15:41:32 +01:00
Vladimír Čunát
00cfc70b10 linux: update to 3.12.14 and 3.10.33 2014-03-21 15:38:52 +01:00
Evgeny Egorochkin
5115636037 bluez5: update from 5.12 to 5.16 2014-03-21 16:04:15 +02:00
Shea Levy
e4961c63f7 Remove sec_perm patch that was needed by AUFS
Now the kernel is unpatched by default on non-MIPS!
2014-03-21 04:37:23 -04:00
Shea Levy
f4c989ede4 Merge branch 'master' of git://github.com/hrdinka/nixpkgs
conky: add config options
2014-03-20 20:14:14 -04:00
Austin Seipp
9bcc48a4b2 criu: attempt to fix doc building on Hydra
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-20 14:01:57 -05:00
Austin Seipp
7dcf9f6907 criu: only supported on 64-bit
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-20 13:41:05 -05:00
Vladimír Čunát
8a8ae81e40 acpid: update from 2.0.21 to 2.0.22 2014-03-19 21:56:48 +01:00
Vladimír Čunát
3cf4029981 Merge pull request #1972 from vcunat/p/procps
procps-ng: make it the default procps (name and attr)
2014-03-19 17:54:30 +01:00
Ricardo M. Correia
cc69228119 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403142107 -> 3.0-3.2.55-201403172027
test:   3.0-3.13.6-201403142112 -> 3.0-3.13.6-201403172032
2014-03-18 16:51:25 +01:00
Eelco Dolstra
c0f3f6e396 linux: Update to 3.4.83 2014-03-17 11:25:48 +01:00
mornfall
ec353692ad Merge pull request #1849 from thoughtpolice/criu
criu: version 1.2
2014-03-16 22:58:54 +01:00
Vladimír Čunát
ca09a878d0 procps-ng: make it the default procps (name and attr) 2014-03-16 19:07:38 +01:00
Austin Seipp
47b35d5e80 criu: version 1.2
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-03-16 07:16:34 -05:00
Christoph Hrdinka
26d5d506c9 conky: add config options 2014-03-16 12:30:15 +01:00
Cillian de Róiste
b57ee8c331 nixpkgs-lint: add the platforms meta attr for most of my packages 2014-03-16 12:08:26 +01:00
Ricardo M. Correia
e76c059b23 grsecurity: Fix grsec-path.patch to apply with newest patches 2014-03-15 18:01:47 +01:00
Peter Simons
f1a30454f6 Merge pull request #1942 from thoughtpolice/fixups
Trivial fixes for my packages
2014-03-15 09:35:35 +01:00
Ricardo M. Correia
ceec014020 grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403122114 -> 3.0-3.2.55-201403142107
test:   3.0-3.13.6-201403122116 -> 3.0-3.13.6-201403142112
2014-03-15 04:15:28 +01:00
Ricardo M. Correia
3c97fdc7a8 spl, zfs: Add myself as a maintainer 2014-03-15 02:01:57 +01:00
Shea Levy
602cf8d78c Merge branch 'u/zfs-import' of git://github.com/wizeman/nixpkgs
zfs: Misc fixes
2014-03-14 19:40:34 -04:00
Shea Levy
0c12dd3ded Merge branch 'pkgs/systemd/journald_http_gateway' of git://github.com/offlinehacker/nixpkgs
systemd: python support & journal http gateway

Conflicts:
	nixos/modules/misc/ids.nix
2014-03-14 19:16:59 -04:00
Shea Levy
3f6603a80e Fix alsa-utils 2014-03-14 09:08:04 -04:00
Nixpkgs Monitor
69fff447aa alsaUtils: update from 1.0.27 to 1.0.27.2 2014-03-14 11:16:56 +01:00
Vladimír Čunát
d6349df0dd put systemd unit dirs on the right place
Also see #1936.
2014-03-13 21:44:51 +01:00
Vladimír Čunát
344f2e6518 udisks1: bump to fix CVE-2014-0004
Also systemd unit is now installed.
Thanks to nixpkgs monitor again, as for all my CVE commits.
2014-03-13 21:16:50 +01:00
Shea Levy
0f72effdd9 The derivation primop doesn't play well with null outputs attribute 2014-03-13 15:05:15 -04:00
Evgeny Egorochkin
0ffbfd38bf udisks2: update from 2.1.1 to 2.1.3, potentially fixes CVE-2014-0004 2014-03-13 08:59:25 +02:00
Ricardo M. Correia
86b8cf954a grsecurity: Update stable and test patches
stable: 3.0-3.2.55-201403072107 -> 3.0-3.2.55-201403122114
test:   3.0-3.13.6-201403072241 -> 3.0-3.13.6-201403122116
2014-03-13 02:28:58 +01:00
Domen Kozar
059e8e179b set all licenses to be attributes (and wait for Nix 1.7) 2014-03-12 21:20:43 +01:00
aszlig
c7bac81c66
Merge 'mingw-w64' and 'darwin' into cross-win-osx.
Both branches have quite a lot in common, so it's time for a merge and
do the cleanups with respect to both implementations and also generalize
both implementations as much as possible.

This also closes #1876.

Conflicts:
	pkgs/development/interpreters/lua-5/5.2.nix
	pkgs/development/libraries/SDL/default.nix
	pkgs/development/libraries/glew/default.nix
	pkgs/top-level/all-packages.nix
2014-03-12 10:16:51 +01:00
aszlig
a445199db4
xcode: Update to new version 5.1.
This version just got released two days ago, while we were working for
cross-builds on 5.0.2. From the release notes it shouldn't introduce any
incompatibilities.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:49 +01:00
aszlig
a6621202af
xcode: Drop use of weak_import on enumerators.
GCC doesn't support attributes on enumerators, which could pose a
problem but fortunately not in this case. Here a
__attribute__((weak_import)) is used, which doesn't make much sense for
enumerators anyway (noone will die because the corresponding enumerator
won't be referenced either in older OS X versions).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:49 +01:00
aszlig
3940b21988
cctools-port: Pass through wrapped XCToolchain.
At the moment, this includes only dyldinfo, dwarfdump and dsymutil, but
we'll see whether we need more of these utilities later.

Tho reason those are wrapped in cctools-port is because it is the
binutils used to cross-compile for Mac OS X.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:46 +01:00
aszlig
45cd9994bc
darwin: Add new package maloader.
This is the mentioned Mach-O loader that we're yoing to use to execute
Apple's proprietary binaries.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:45 +01:00
aszlig
53a267e535
darwin: Add new package opencflite.
This provides a port of Mac OS X's CoreFoundation and is needed if we
want to be able to run dsymutil using maloader.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:45 +01:00
aszlig
c0d55fcc6a
xcode: Provide the commandline toolchain as well.
This toolchain contains Mach-O binaries and might not be useful in the
first place, but there are programs like dsymutil, where Apple didn't
release the source code, so we need a Mach-O loader...

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:45 +01:00
aszlig
dd10bb3181
Add a cross-platform port of cctools.
This basically is binutils for Mac OS X, but ported to work on
(GNU/)Linux and FreeBSD.

And it's up-to-date as well! I'm mentioning this, because it was quite
hard to find a recent port of it and I just accidentally stumbled on it
while trying to do the port by myself.

So thanks to @tpoechtrager for doing this.

Also, I've added two more patches, which essentially are:

 * ld-rpath-nonfinal:
     This allows -rpath to be used for linking non-final builds, which
     was allowed for earlier versions of cctools and got a check for
     that in more recent versions.

 * ld-ignore-rpath-link:
     Ignores the -rpath-link option, because the cross-wrapper uses it
     in different places. Unfortunately, the cctools linker doesn't
     support it, so we might need to implement this later if it's
     possible (I'm not a Mach-O man^H^H^Hexpert).

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:44 +01:00
aszlig
83dd414ca2
Add new package for Apple's XCode.
This package provides the SDK and standard library needed for
cross-compiling to Mac US X. We're using xpwn here to extract the DMG.

Also, this version (XCode 5.0.2) only contains the SDKs for version 10.9
and 10.8, so we might need to add requireFile directives for older
versions as well.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:43 +01:00
Peter Simons
24d0e07a47 wpa_supplicant: cosmetic to un-break syntax highlighting 2014-03-11 12:34:48 +01:00