Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33/bin/nxproxy -h` got 0 exit code
- ran `/nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33/bin/nxproxy --help` got 0 exit code
- ran `/nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33/bin/nxproxy help` got 0 exit code
- ran `/nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33/bin/nxproxy -v` and found version 3.5.0.33
- found 3.5.0.33 with grep in /nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33
- found 3.5.0.33 in filename of file in /nix/store/0q7isf3b9x0yan8dpzmm6qch9cdp95mn-nxproxy-3.5.0.33
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec -h` got 0 exit code
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec --help` got 0 exit code
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec -V` and found version 2.7.12
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec -v` and found version 2.7.12
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec --version` and found version 2.7.12
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec -h` and found version 2.7.12
- ran `/nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12/bin/sec --help` and found version 2.7.12
- found 2.7.12 with grep in /nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12
- found 2.7.12 in filename of file in /nix/store/586lmj690hk6bvlsbzmx44kfcpamxs1l-sec-2.7.12
cc "@tv"
Semi-automatic update. These checks were performed:
- built on NixOS
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/dehydrated -h` got 0 exit code
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/dehydrated --help` got 0 exit code
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/dehydrated -h` and found version 0.5.0
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/dehydrated --help` and found version 0.5.0
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/.dehydrated-wrapped -h` got 0 exit code
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/.dehydrated-wrapped --help` got 0 exit code
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/.dehydrated-wrapped -h` and found version 0.5.0
- ran `/nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0/bin/.dehydrated-wrapped --help` and found version 0.5.0
- found 0.5.0 with grep in /nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0
- found 0.5.0 in filename of file in /nix/store/khsw23siwrvmczmlcjdlp31ksqjxs902-dehydrated-0.5.0
The biggest benefit is that we no longer have to update the registry
package. This means that just about any cargo package can be built by
nix. No longer does `cargo update` need to be feared because it will
update to packages newer then what is available in nixpkgs.
Instead of fetching the cargo registry this bundles all the source code
into a "vendor/" folder.
This also uses the new --frozen and --locked flags which is nice.
Currently cargo-vendor only provides binaries for Linux and
macOS 64-bit. This can be solved by building it for the other
architectures and uploading it somewhere (like the NixOS cache).
This also has the downside that it requires a change to everyone's deps
hash. And if the old one is used because it was cached it will fail to
build as it will attempt to use the old version. For this reason the
attribute has been renamed to `cargoSha256`.
Authors:
* Kevin Cox <kevincox@kevincox.ca>
* Jörg Thalheim <Mic92@users.noreply.github.com>
* zimbatm <zimbatm@zimbatm.com>
* tigervnc: correct default ssh client path
The -via command sets up an ssh tunnel, but is hardcoded to /usr/bin/ssh
upstream. This patches it to use the nixpkgs openssh client.
* tigervnc: patch ssh path correctly
The libcrypto patch didn't work well with `salt-ssh` (that code failed on
remote machines), so let's make Nix-based library lookup as fallback.
https://github.com/saltstack/salt/issues/43350
* pkgs: refactor needless quoting of homepage meta attribute
A lot of packages are needlessly quoting the homepage meta attribute
(about 1400, 22%), this commit refactors all of those instances.
* pkgs: Fixing some links that were wrongfully unquoted in the previous
commit
* Fixed some instances
* google-cloud-sdk: 150.0.0 -> 151.0.0
- gce/create-gce.sh: rewrite using nix-shell shebang and bash
- allows to run the script without being the same directory
- nix-shell install google-cloud-sdk
- some shellcheck cleanups and scripting best practice
- gce/create-gce.sh: do not clobber NIX_PATH: this allows NIX_PATH to be overwritten to build a different release
- gce/create-gce.sh: remove legacy hydra option
From the Arch Linux advisory:
- CVE-2017-5192 (arbitrary code execution): The
`LocalClient.cmd_batch()` method client does not accept
`external_auth` credentials and so access to it from salt-api has
been removed for now. This vulnerability allows code execution for
already- authenticated users and is only in effect when running
salt-api as the `root` user.
- CVE-2017-5200 (arbitrary command execution): Salt-api allows
arbitrary command execution on a salt-master via Salt's ssh_client.
Users of Salt-API and salt-ssh could execute a command on the salt
master via a hole when both systems were enabled.