Since 9c57f3b5c0 bumped the protobuf
version because the new upstream requires it, electrum now gets
protobuf3_0 *and* protobuf3_2 instead of just one version.
This leads to the following build errer:
Found duplicated packages in closure for dependency 'protobuf':
protobuf 3.0.2 (...-python2.7-protobuf-3.0.2/lib/python2.7/site-packages)
protobuf 3.2.0 (...-python2.7-protobuf-3.2.0/lib/python2.7/site-packages)
Using protobuf3_2 for keepkey and electrum fixes the build.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @np
Regression introduced by 76beb08313.
With version 0.7.15 a few additional dependencies are needed by trezor,
mainly a newer version of protobuf bindings and requests.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @np
The motivation is to be able to get rid of common configuration
when initial packages differs since common configuration assumes
a very specific version set.
cc @jmitchell @peti
Improve beam docs:
* correct spelling
* update per pandoc changes
* capitalize titles
* capitalize BEAM throughout and use "the BEAM" when referring to the virtual machine.
* tweak grammar and phrasing
* reformat build-tools-rebar3 section
* add more links
* re-wrap <para>s
Also update <programlisting>s
* normalize whitespace
* don't double quote homepage
* use $ in all shell snippets
Tesseract seems to have a hard time detecting the "ALICE FOOBAR" text,
so let's match on "Select your user and enter password" instead.
Ran the test on x86_64-linux and it now succeeds.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
With newer Nix it's (fortunately) no longer possible to create a file
with setuid bits, even though the permissions are fixed later the build
will fail during installPhase already.
I've verified whether the contents of the output path are the same as
before this change and the contents match.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We really want to break channel updates whenever we break something like
this, because this actually will hit machines out there and can be very
much annoying (we had broken keymaps a few times which is why I
introduced these tests in the first place).
Just to be sure I don't break channel updates with this commit, I ran
all of the keymap tests and they all succeeded.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Enumerating the symbols directory doesn't include variants, so we're now
basically doing what "localectl list-x11-keymap-layouts" does but we use
sed instead.
The reason I'm not using localectl directly is because the path to
rules/base.lst is hardcoded in the systemd source.
Of course, the XKB specification allows for much more complicated rules,
but at least this should cover the most basic ones including variants.
So the sed expression itself is just for listing the available layouts
and variants and we use a grep with -xF to match only full lines without
interpreting regular expressions.
This should again allow to set "dvorak" as the layout option.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @lheckemann
Fixes: #25526
Upstream changes:
* Added OpenSSL.X509Store.set_time() to set a custom verification time
when verifying certificate chains. pyca/pyopenssl#567
* Added a collection of functions for working with OCSP stapling. None
of these functions make it possible to validate OCSP assertions, only
to staple them into the handshake and to retrieve the stapled
assertion if provided. Users will need to write their own code to
handle OCSP assertions. We specifically added:
Context.set_ocsp_server_callback, Context.set_ocsp_client_callback,
and Connection.request_ocsp. pyca/pyopenssl#580
* Changed the SSL module's memory allocation policy to avoid zeroing
memory it allocates when unnecessary. This reduces CPU usage and
memory allocation time by an amount proportional to the size of the
allocation. For applications that process a lot of TLS data or that
use very lage allocations this can provide considerable performance
improvements. pyca/pyopenssl#578
* Automatically set SSL_CTX_set_ecdh_auto() on OpenSSL.SSL.Context.
pyca/pyopenssl#575
* Fix empty exceptions from OpenSSL.crypto.load_privatekey().
pyca/pyopenssl#581
The full upstream changelog can be found at:
https://pyopenssl.readthedocs.io/en/17.0.0/changelog.html
I've also added a patch from pyca/pyopenssl#637 in order to fix the
tests, which was the main reason for the version bump because that patch
won't apply for 16.2.0.
According to the upstream changelog there should be no
backwards-incompatible changes, but I've tested building against some of
the packages depending on pyopenssl anyway. Regardless of this, the
build for pyopenssl fails right now anyway, so the worst that could
happen via this commit would be that we break something that's already
broken.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
With `builtins.functionArgs` we can get some information if the first argument
is an attrset and whether the contained fields have default values. Encode that
into the pretty-printed lambda.
This fixes the Stack Clash issue rediscovered by Qualys. See
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
for more information on the topic, specifically section III.
We don't have the kernel mitigation available because it is a Grsecurity
feature which we don't support anymore. Other distributions like Gentoo
Hardened and Arch already have `-fstack-check` enabled by default.
See the Gentoo page on Stack Clash for more information on this solution:
https://wiki.gentoo.org/wiki/Hardened/Gentoo_Hardened_and_Stack_Clash
This unfortunately doesn't apply to clang because `-fstack-check` is a
noop there. Note that the GCC implementation also has problems that could
be exploited to circumvent these checks but it is still better than
keeping it disabled.
