As stated in the parent commit, the 32bit Chrome package is not
available upstream, so let's at least provide the SHA256 hash for the
64bit package.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Until now, if we have a failure to fetch either the 32bit Debian package
or the 64bit Debian package, neither of these will be put into
sources.nix.
Unfortunately the beta/dev channels do not have a 32bit Debian package,
so even though there is a 64bit Debian package available we don't get
plugins *at* *all*.
This also introduces a nicer error message rather than just failing with
an assertion in fetchurl because we did not provide url/urls.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Updates gitlab to the current stable version and fixes a lot of features that
were broken, at least with the current version and our configuration.
Quite a lot of sweat and tears has gone into testing nearly all features and
reading/patching the Gitlab source as we're about to deploy gitlab for our
whole company.
Things to note:
* The gitlab config is now written as a nix attribute set and will be
converted to JSON. Gitlab uses YAML but JSON is a subset of YAML.
The `extraConfig` opition is also an attribute set that will be merged
with the default config. This way *all* Gitlab options are supported.
* Some paths like uploads and configs are hardcoded in rails (at least
after my study of the Gitlab source). This is why they are linked from
the Gitlab root to /run/gitlab and then linked to the configurable
`statePath`.
* Backup & restore should work out of the box from another Gitlab instance.
* gitlab-git-http-server has been replaced by gitlab-workhorse upstream.
Push & pull over HTTPS works perfectly. Communication to gitlab is done
over unix sockets. An HTTP server is required to proxy requests to
gitlab-workhorse over another unix socket at
`/run/gitlab/gitlab-workhorse.socket`.
* The user & group running gitlab are now configurable. These can even be
changed for live instances.
* The initial email address & password of the root user can be configured.
Fixes#8598.
This release includes the following changes:
o libssh2_session_set_last_error: Add function
o mac: Add support for HMAC-SHA-256 and HMAC-SHA-512
o WinCNG: support for SHA256/512 HMAC
o kex: Added diffie-hellman-group-exchange-sha256 support
o OS/400 crypto library QC3 support
This release includes the following security advisory:
o diffie_hellman_sha256: convert bytes to bits
CVE-2016-0787: http://www.libssh2.org/adv_20160223.html
This release includes the following bugfixes:
o SFTP: Increase speed and datasize in SFTP read
o openssl: make libssh2_sha1 return error code
o openssl: fix memleak in _libssh2_dsa_sha1_verify()
o cmake: include CMake files in the release tarballs
o Fix builds with Visual Studio 2015
o hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined
o GNUmakefile: add support for LIBSSH2_LDFLAG_EXTRAS
o GNUmakefile: add -m64 CFLAGS when targeting mingw64
o kex: free server host key before allocating it (again)
o SCP: add libssh2_scp_recv2 to support large (> 2GB) files on windows
o channel: Detect bad usage of libssh2_channel_process_startup
o userauth: Fix off by one error when reading public key file
o kex: removed dupe entry from libssh2_kex_methods
o _libssh2_error: Support allocating the error message
o hostkey: fix invalid memory access if libssh2_dsa_new fails
o hostkey: align code path of ssh_rsa_init to ssh_dss_init
o libssh2.pc.in: fix the output of pkg-config --libs
o wincng: fixed possible memory leak in _libssh2_wincng_hash
o wincng: fixed _libssh2_wincng_hash_final return value
o add OpenSSL 1.1.0-pre2 compatibility
o agent_disconnect_unix: unset the agent fd after closing it
o sftp: stop reading when buffer is full
o sftp: Send at least one read request before reading
o sftp: Don't return EAGAIN if data was written to buffer
o sftp: Check read packet file offset
o configure: build "silent" if possible
o openssl: add OpenSSL 1.1.0-pre3-dev compatibility
o GNUmakefile: list system libs after user libs
NetworkManager needs an additional avahi-user to use link-local
IPv4 (and probably IPv6) addresses. avahi-autoipd also needs to be
patched to the right path.