* ghcHEAD: bump to 8.11.20200403
* ghcHead: reduce diff vs. 8.10.1
dontAddExtraLibs was removed by accident (IMO) in ea19a8ed1e
* ghcHEAD: add ability to use system libffi
- enable nixpkgs' libffi
- minimise diffs against 8.10.1
- remove patching
* remove configure warning about --with-curses-includes
configure: WARNING: unrecognized options: --with-curses-includes
This is an updated version of the former upstream,
https://github.com/AndroidHardeningArchive/linux-hardened, and provides
a minimal set of additional hardening patches on top of upstream.
The patch already incorporates many of our hardened profile defaults,
and releases are timely (Linux 5.5.15 and 5.6.2 were released on
2020-04-02; linux-hardened patches for them came out on 2020-04-03 and
2020-04-04 respectively).
This commit migrates the Nomad package from the 0.10.x line of releases
to 0.11.X.
This allows us to also bump the version of Go that is used to 1.14.x.
NOTE: 1.14.x will be needed for the rest of the 0.11.x releases as Nomad
only bumps patch versions of Go within a release series.
CHANGELOG:
FEATURES:
Container Storage Interface [beta]: Nomad has expanded support
of stateful workloads through support for CSI plugins.
Exec UI: an in-browser terminal for connecting to running allocations.
Audit Logging (Enterprise): Audit logging support for Nomad
Enterprise.
Scaling APIs: new scaling policy API and job scaling APIs to support external autoscalers
Task Dependencies: introduces lifecycle stanza with prestart and sidecar hooks for tasks within a task group
BACKWARDS INCOMPATIBILITIES:
driver/rkt: The Rkt driver is no longer packaged with Nomad and is instead
distributed separately as a driver plugin. Further, the Rkt driver codebase
is now in a separate
repository.
IMPROVEMENTS:
core: Optimized streaming RPCs made between Nomad agents [GH-7044]
build: Updated to Go 1.14.1 [GH-7431]
consul: Added support for configuring enable_tag_override on service stanzas. [GH-2057]
client: Updated consul-template library to v0.24.1 - added support for working with consul connect. Deprecated vault_grace [GH-7170]
driver/exec: Added no_pivot_root option for ramdisk use [GH-7149]
jobspec: Added task environment interpolation to volume_mount [GH-7364]
jobspec: Added support for a per-task restart policy [GH-7288]
server: Added minimum quorum check to Autopilot with minQuorum option [GH-7171]
connect: Added support for specifying Envoy expose path configurations [GH-7323] [GH-7396]
connect: Added support for using Connect with TLS enabled Consul agents [GH-7602]
BUG FIXES:
core: Fixed a bug where group network mode changes were not honored [GH-7414]
core: Optimized and fixed few bugs in underlying RPC handling [GH-7044] [GH-7045]
api: Fixed a panic when canonicalizing a jobspec with an incorrect job type [GH-7207]
api: Fixed a bug where calling the node GC or GcAlloc endpoints resulted in an error EOF return on successful requests [GH-5970]
api: Fixed a bug where /client/allocations/... (e.g. allocation stats) requests may hang in special cases after a leader election [GH-7370]
cli: Fixed a bug where nomad agent -dev fails on Windows [GH-7534]
cli: Fixed a panic when displaying device plugins without stats [GH-7231]
cli: Fixed a bug where alloc exec command in TLS environments may fail [GH-7274]
client: Fixed a panic when running in Debian with /etc/debian_version is empty [GH-7350]
client: Fixed a bug affecting network detection in environments that mimic the EC2 Metadata API [GH-7509]
client: Fixed a bug where a multi-task allocation maybe considered healthy despite a task restarting [GH-7383]
consul: Fixed a bug where modified Consul service definitions would not be updated [GH-6459]
connect: Fixed a bug where Connect enabled allocation would not stop after promotion [GH-7540]
connect: Fixed a bug where restarting a client would prevent Connect enabled allocations from cleaning up properly [GH-7643]
driver/docker: Fixed handling of seccomp security_opts option [GH-7554]
driver/docker: Fixed a bug causing docker containers to use swap memory unexpectedly [GH-7550]
scheduler: Fixed a bug where changes to task group shutdown_delay were not persisted or displayed in plan output [GH-7618]
ui: Fixed handling of multi-byte unicode characters in allocation log view [GH-7470] [GH-7551]
