Commit Graph

9698 Commits

Author SHA1 Message Date
Tim Steinbach
97aba92bcd
linux: 4.20-rc7 -> 5.0-rc1 2019-01-07 07:57:38 -05:00
Matthew Bauer
ed6148726b darwin: fix more *_cmds derivation
Doh
2019-01-06 22:34:19 -06:00
Matthew Bauer
2bbec30c2e darwin.diskdev_cmds: fix build with dsymutil
xcbuild doesn’t handle dsymutil correctly. fuser.pl does not contain
debug symbols, but xcbuild doesn’t handle this like xcodebuild does.
So, just disable the debug information. We probably should do this in
more places using xcbuild, but it requires some arbitrary patching.
2019-01-06 22:13:11 -06:00
Vladimír Čunát
9ee8cf5177
linuxPackages.nvidia_x11*: unmaintain
I now no longer use an nvidia card commonly, so it would be harder for
me to test at least a bit.  And I'm overcommited anyway.
Hopefully someone else can be found.
2019-01-06 14:59:03 +01:00
Vladimír Čunát
10a12194e3
Merge #53490: fix treewide linking errors after #51770
Issue #53001.  This might not be all of them, but let's not wait.
2019-01-06 12:14:52 +01:00
Vladimír Čunát
68c3097b96
rtkit: link with librt explicitly 2019-01-06 12:12:49 +01:00
Will Dietz
7200eff868 powertop: 2.9 -> 2.10
musl patch still needed :)
2019-01-06 02:58:57 -06:00
Frederik Rietdijk
a4250d1478 Merge staging-next into staging 2019-01-06 09:48:31 +01:00
Frederik Rietdijk
e5381cdece Merge master into staging-next 2019-01-06 09:36:23 +01:00
Will Dietz
2d79465173
Merge pull request #51700 from dtzWill/update/i2c-tools-4.1
i2c-tools: 4.0 -> 4.1
2019-01-05 13:46:26 -06:00
Vladimír Čunát
d84a33d85b
Merge branch 'master' into staging-next
A few more rebuilds (~1k on x86_64-linux).
2019-01-05 15:02:04 +01:00
R. RyanTM
df834ee56d sysstat: 12.1.1 -> 12.1.2 (#52675)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/sysstat/versions
2019-01-05 14:47:25 +01:00
Joachim Fasting
d62086e6fc
hardened-config: allow slub/slab free poisoning 2019-01-05 14:07:36 +01:00
Joachim Fasting
11840f5c70
hardened-config: explain HARDENED_USERCOPY_FALLBACK n 2019-01-05 14:07:36 +01:00
Joachim Fasting
dfd77a046d
hardened-config: ensure STRICT_KERNEL_RWX
This is y in the default config, but enable it explicitly here to catch
situations where it has been disabled (explicitly or implicitly).
2019-01-05 14:07:35 +01:00
Joachim Fasting
1801aad7b8
hardened-config: clarify MODIFY_LDT_SYSCALL
This likely never worked; MODIFY_LDT_SYSCALL depends on EXPERT; enabling
EXPERT however seems to introduce quite a few changes that would need to be
properly vetted.

The version guard is unnecessary, however, as this config has been supported
since 4.3.
2019-01-05 14:07:34 +01:00
Joachim Fasting
abc8ed3fca
hardened-config: clarify readonly LSM hooks config
SECURITY_WRITABLE_HOOKS is implicitly controlled by SECURITY_SELINUX_DISABLE;
explicitly unsetting results in an error because the configfile builder fails
to detect that it has in fact been unset (reporting it as an unused option).
For now, leave WRITABLE_HOOKS as an "optional" config for documentation
purposes.
2019-01-05 14:07:33 +01:00
Joachim Fasting
c68e8b05f0
Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT"
This reverts commit 5dda1324be.

Presumably this was done to work around build errors or something but it
works fine now.
2019-01-05 14:07:21 +01:00
Frederik Rietdijk
60a3973a55 Merge staging-next into staging 2019-01-05 10:15:00 +01:00
Michael Weiss
e7e18206dd
fuse: 2.9.8 -> 2.9.9 2019-01-05 02:26:02 +01:00
Joachim F
893c51bda8
Merge pull request #53369 from delroth/kernel-hardening
Re-add security features based on GCC plugins in 4.18+ hardened kernels
2019-01-04 21:49:53 +00:00
Pierre Bourdon
0f7ca26a48
kernel/hardened-config.nix: add STACKLEAK plugin on 4.20+ 2019-01-04 22:24:50 +01:00
Pierre Bourdon
9dc0d94896
kernel/hardened-config.nix: re-enable GCC plugins 2019-01-04 22:24:50 +01:00
Pierre Bourdon
c789f642f0
kernel/generic.nix: provide required dependencies for GCC plugins builds 2019-01-04 22:24:50 +01:00
Frederik Rietdijk
9618abe87c Merge master into staging-next 2019-01-04 21:13:19 +01:00
Matthew Bauer
030f66400d darwin.adv_cmds: fix build 2019-01-04 10:28:22 -06:00
Lengyel Balazs
f4a53ff3bc treewide/xorg: replace *proto with xorgproto 2019-01-04 14:38:57 +01:00
Dominik Xaver Hörl
b7967e9dc4 dbus-broker: 13 -> 17 2019-01-04 14:36:30 +01:00
Benno Fünfstück
7817aa3641
linux-rpi: set correct hydraPlatforms (#53325) 2019-01-03 22:42:14 +01:00
Matthew Bauer
8cb2d35760 darwin: fix typos in install scripts
fixes some issues in my commits in:

- basic_cmds
- network_cmds

(cherry picked from commit f283145308aec6aa9a8c3c6cbd4864718ccb7c53)
2019-01-03 15:20:26 -06:00
Matthew Bauer
8505e710e7 Revert "darwin 10.12 commits"
Reverts commits bumping to macOS stuff to 10.12:

commit ec1f78d1cb.
commit d0dc91d24f.
commit a1d297374d.
commit 425112151d.
commit e6f7f2928f.
2019-01-03 15:20:26 -06:00
Jörg Thalheim
31682848cb
android-udev-rules: 20180112 -> 20181031 2019-01-03 20:56:39 +01:00
Frederik Rietdijk
092e3b50a8 Merge master into staging-next 2019-01-02 21:08:27 +01:00
Joachim F
88c516dd55
Merge pull request #52606 from lopsided98/linux-hardkernel-update
linux_hardkernel_4_14: 4.14.85-152 -> 4.14.87-153
2019-01-02 18:16:47 +00:00
Vladimír Čunát
70bff06140
Merge branch 'master' into staging 2019-01-02 17:19:23 +01:00
David Guibert
d8e907ba18 conky: 1.11.0 -> 1.11.1 (#53157)
This fixes #52797.
2019-01-02 09:54:22 +01:00
Jan Tojnar
b2b921bdca
Merge pull request #53149 from jtojnar/qrencode-cleanup
qrencode: merge with libqrencode
2019-01-02 02:18:22 +01:00
R. RyanTM
46e7ce0526 lxc: 3.0.2 -> 3.0.3 (#52239)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/lxc/versions
2019-01-01 20:35:37 +01:00
Jan Tojnar
c5c2ac4f45
qrencode: merge with libqrencode 2019-01-01 17:19:07 +01:00
Will Dietz
d60806b90b i2c-toools: touchups, NFCI. (reviewer suggestions, thanks!) 2018-12-31 11:26:07 -06:00
Frederik Rietdijk
070290bda7 Merge master into staging-next 2018-12-31 12:00:36 +01:00
Tim Steinbach
d6805baded
linux: 4.19.12 -> 4.19.13 2018-12-30 09:57:54 -05:00
Tim Steinbach
226eb52715
linux: 4.14.90 -> 4.14.91 2018-12-30 09:57:54 -05:00
Tim Steinbach
a7bd7a38ea
linux: 4.9.147 -> 4.9.148 2018-12-30 09:57:53 -05:00
Matthew Bauer
ec1f78d1cb darwin.libunwind: fix hash 2018-12-30 00:00:30 -06:00
Matthew Bauer
4f522648cb darwin: fix *_cmds installation
These just copy commands from Products/Release/. But with #52256 we
now build .dsym directories that somehow wind up in Products/Release/.
This makes things more exact by just copying the files in Products/Release/.
2018-12-29 23:58:10 -06:00
Matthew Bauer
d0dc91d24f darwin: bump apple_sdks to 10.12
(cherry picked from commit 0b468bf0335eaa606fccfe98d4a36c3efbe83f2a)
2018-12-29 20:17:05 -06:00
Ivan Kozik
1c8fea18e2 kernel/patches.nix: remove hard tabs 2018-12-28 09:06:56 +01:00
Matthew Bauer
a1d297374d darwin.hfs: put headers in hfs/ directory
This is where they are supposed to go. My mistake in the original
commit.
2018-12-27 11:18:28 -06:00
Frederik Rietdijk
10afccf145 Merge staging-next into staging 2018-12-27 18:11:34 +01:00
Dmitry Kalinkin
3edd5cb227
Merge pull request #51294 from eadwu/nvidia_x11/legacy_390
nvidia: expose nvidia_x11_legacy390
2018-12-27 09:08:53 -05:00
markuskowa
98561c789c
Merge pull request #52597 from lopsided98/lvm2-no-parallel
lvm2: disable parallel building
2018-12-27 14:21:25 +01:00
Samuel Dionne-Riel
889ef35303 linuxPackages_4_{19,20}: works around bug with overlayfs.
See: https://github.com/NixOS/nixpkgs/issues/48828#issuecomment-445208626
2018-12-26 22:51:31 +00:00
Samuel Dionne-Riel
7093970e1d linuxPackages.ena: 1.5.2 -> 2.0.2 2018-12-26 11:03:10 +00:00
Samuel Dionne-Riel
d8cf1db93f linuxPackages.ndiswrapper: updated to fix build on recent kernels
While the upstream commit says 4.18, it builds for 4.19 and 4.20.
2018-12-26 11:03:10 +00:00
Frederik Rietdijk
e45ca47f14 Merge staging-next into staging 2018-12-26 09:30:32 +01:00
Craig Younkins
8b12b17df3
treewide: Fix broken Gmane URLs 2018-12-25 22:34:55 -05:00
Jan Tojnar
c45e9d0fac
Merge branch 'master' into staging 2018-12-25 17:03:57 +01:00
Ben Wolsieffer
369af2f5b2 lvm2: disable parallel building 2018-12-24 15:10:48 -05:00
Michael Raskin
aac3ae3be6
Merge pull request #52762 from r-ryantm/auto-update/sysdig
linuxPackages.sysdig: 0.24.1 -> 0.24.2
2018-12-24 18:18:04 +00:00
Tim Steinbach
24cdaa7b48
linux-libre: 15715 -> 15814 2018-12-24 12:33:24 -05:00
Tim Steinbach
8f9c2f9726
linux: Add 4.20 2018-12-24 12:33:24 -05:00
Jan Tojnar
ef935fa101
Merge branch 'master' into staging 2018-12-24 15:02:29 +01:00
R. RyanTM
4fa7bbf486 linuxPackages.sysdig: 0.24.1 -> 0.24.2
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/sysdig/versions
2018-12-24 02:17:58 -08:00
Michael Weiss
1259a24c05 fuse3: 3.3.0 -> 3.4.1 2018-12-22 17:56:42 +01:00
Tim Steinbach
af6c117fac
linux: 4.19.11 -> 4.19.12 2018-12-21 09:11:02 -05:00
Tim Steinbach
dea57f15e9
linux: 4.14.89 -> 4.14.90 2018-12-21 09:10:54 -05:00
Tim Steinbach
a5f447e16a
linux: 4.9.146 -> 4.9.147 2018-12-21 09:10:45 -05:00
Tim Steinbach
54ce2e016b
linux: 4.4.168 -> 4.4.169 2018-12-21 09:10:24 -05:00
Tim Steinbach
98ac5710bd
kernel-config: CIFS_POSIX no longer exists 2018-12-21 09:10:17 -05:00
Ben Wolsieffer
2b02350d39 linux_hardkernel_4_14: 4.14.85-152 -> 4.14.87-153 2018-12-20 21:15:07 -05:00
Maximilian Bosch
66bea3d206
Merge pull request #52538 from dtzWill/update/fwts-18.12.00
fwts: 18.11.00 -> 18.12.00
2018-12-20 19:35:58 +01:00
Tim Steinbach
1b84b9f725
linux: 4.19.10 -> 4.19.11 2018-12-20 10:46:17 -05:00
Matthew Bauer
425112151d
darwin: remove missing symbols
these symbols are not needed apparently
2018-12-19 23:46:06 -06:00
Will Dietz
76127c322d fwts: enable parallel building 2018-12-19 13:37:57 -06:00
Will Dietz
926965d4b1 fwts: 18.11.00 -> 18.12.00 2018-12-19 13:37:31 -06:00
Frederik Rietdijk
9ab61ab8e2 Merge staging-next into staging 2018-12-19 09:00:36 +01:00
Frederik Rietdijk
911d1853ca Merge master into staging-next 2018-12-19 08:57:41 +01:00
R. RyanTM
cbf9402574 libcap: 2.25 -> 2.26
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libcap/versions
2018-12-18 15:33:16 -05:00
volth
fed7914539
Merge branch 'staging' into make-perl-pathd 2018-12-18 17:13:27 +00:00
Matthew Bauer
59ec6b559d
Merge pull request #52256 from matthewbauer/52148-fix
Provide real dsymutil to darwin stdenv
2018-12-18 10:00:24 -06:00
Matthew Bauer
d1dfc92187
Merge pull request #47678 from matthewbauer/landmarks
Update macOS frameworks to 10.12
2018-12-18 09:59:44 -06:00
Tim Steinbach
4d14879081
linux: 4.4.167 -> 4.4.168 2018-12-18 09:12:34 -05:00
Frederik Rietdijk
826ab7026e Merge master into staging-next 2018-12-18 09:22:17 +01:00
Matthew Bauer
06bf67d7dd
Merge pull request #51018 from plchldr/rtl8821a
rtl8821a: init at 5.1.5
2018-12-17 23:36:36 -06:00
Tim Steinbach
31ddf1f136
linux: 4.19.9 -> 4.19.10 2018-12-17 09:19:41 -05:00
Tim Steinbach
c5234d7dbd
linux: 4.14.88 -> 4.14.89 2018-12-17 09:19:41 -05:00
Tim Steinbach
53c490a7ee
linux: 4.9.145 -> 4.9.146 2018-12-17 09:19:41 -05:00
Franz Pletz
4a73fb9717
Merge pull request #52158 from danielfullmer/rtl8812au-5.2.20.2
rtl8812au: 5.2.20_25672.20171213 -> 5.2.20.2_28373.20180619
2018-12-17 11:53:14 +00:00
Franz Pletz
307404bfa5
Merge pull request #52423 from eadwu/linux_testing/4.20-rc7
linux_testing: 4.20-rc6 -> 4.20-rc7
2018-12-17 11:17:56 +00:00
Ivan Kozik
9314c6a563 firejail: disable parallel building
firejail was frequently failing to build on my Hydra machine at -j16, and
the error looked like a typical parallel build problem:

<3>make[1]: Entering directory '/build/firejail-0.9.56/src/fcopy'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"'   -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"'  -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME  -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk   -c main.c -o main.o
<3>gcc  -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fcopy main.o
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fcopy'
<3>make -C src/fldd
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/fldd'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"'   -DPREFIX='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56"'  -DSYSCONFDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/etc/firejail"' -DLIBDIR='"/nix/store/0dm1agiwiggn8pmnqkknil7mkh25il0k-firejail-0.9.56/lib"' -DHAVE_X11 -DHAVE_PRIVATE_HOME  -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -mindirect-branch=thunk   -c main.c -o main.o
<3>gcc  -pie -Wl,-z,relro -Wl,-z,now -lpthread -o fldd main.o ../lib/ldd_utils.o
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/fldd'
<3>make -C src/libpostexecseccomp
<3>make[1]: Entering directory '/build/firejail-0.9.56/src/libpostexecseccomp'
<3>gcc -ggdb  -O2 -DVERSION='"0.9.56"' -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC -Wformat -Wformat-security  -c libpostexecseccomp.c -o libpostexecseccomp.o
<3>gcc -pie -Wl,-z,relro -Wl,-z,now -shared -fPIC -z relro -o libpostexecseccomp.so libpostexecseccomp.o -ldl
<3>make[1]: Leaving directory '/build/firejail-0.9.56/src/libpostexecseccomp'
<3>src/fseccomp/fseccomp default seccomp
<3>src/fsec-optimize/fsec-optimize seccomp
<3>/nix/store/6abyjgibafsbhlc7v7lab50mb3dj81jg-bash-4.4-p23/bin/bash: src/fsec-optimize/fsec-optimize: No such file or directory
<3>make: *** [Makefile:43: filters] Error 127
<3>builder for '/nix/store/30srqmpqrjyr11nhx4jbpr84m9pnmyv5-firejail-0.9.56.drv' failed with exit code 2
2018-12-17 06:41:44 +00:00
Matthew Bauer
e6f7f2928f darwin: 10.11 → 10.12
Lots of stuff has gotten moved around. Many security libraries have been merged
into the Security monorepo. I’ve cleared them out for now, we will
need to modify Security to build them!

This also moves some things around to more clearly separate
bootstrapping the stdenv from everything else. We want the “normal”
mode to be the non-bootstrapped version. When you ask for “Security”,
you want the actual built software, not a crippled one.

- Add TARGET_OS_OSX to darwin.libSystem. Looks like something
  introduced in 10.12. TARGET_OS_MAC is only set when building for
  desktop (iOS will have TARGET_OS_MAC set)
- Bump darwin.dtrace
- Bump darwin.libpthread
- Remove SmartCardServices, libsecurity*, etc.
- Install some more headers for darling.
2018-12-17 00:07:09 -06:00
Edmund Wu
cb6c9af457
linux_testing: 4.20-rc6 -> 4.20-rc7 2018-12-16 22:09:03 -05:00
Franz Pletz
b213de9328
Merge pull request #52265 from ikervagyok/firmware
firmware-linux-nonfree: 20181017 -> 20181213
2018-12-17 02:18:07 +00:00
Lengyel Balazs
374a672424
firmware-linux-nonfree: 20181017 -> 20181213 2018-12-17 03:16:46 +01:00
Ben Wolsieffer
f554d4e40f raspberrypifw: 1.20180919 -> 1.20181112 2018-12-17 02:01:13 +00:00
Jan Tojnar
aead6e12f9
Merge remote-tracking branch 'upstream/master' into staging 2018-12-16 22:55:06 +01:00
R. RyanTM
f6bcf08516 lxcfs: 3.0.2 -> 3.0.3
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/lxcfs/versions
2018-12-16 19:11:30 +00:00
markuskowa
28a3c61ecd
Merge pull request #52282 from r-ryantm/auto-update/ipset
ipset: 7.0 -> 7.1
2018-12-16 19:45:51 +01:00
Linus Heckemann
c081bded6c
Merge pull request #52366 from r-ryantm/auto-update/cryptsetup
cryptsetup: 2.0.5 -> 2.0.6
2018-12-16 17:25:22 +01:00