Commit Graph

684382 Commits

Author SHA1 Message Date
WilliButz
56d038e17d
nixos/tests/appliance-repart-image-verity-store: init
This test should illustrate how to build a verity-protected NixOS image
with systemd-repart, using the opinionated image.repart.verityStore module.
2024-09-20 17:35:49 +02:00
WilliButz
942588c686
nixos/repart-verity-store: init
This module provides some abstraction for a multi-stage build to create
a dm-verity protected NixOS repart image.

The opinionated approach realized by this module is to first create an
immutable, verity-protected nix store partition, then embed the root
hash of the corresponding verity hash partition in a UKI, that is then
injected into the ESP of the resulting image.
The UKI can then precisely identify the corresponding data from which
the entire system is bootstrapped.

The module comes with a script that checks the UKI used in the final
image corresponds to the intermediate image created in the first step.
This is necessary to notice incompatible substitutions of
non-reproducible store paths, for example when working with distributed
builds, or when offline-signing the UKI.
2024-09-20 17:35:49 +02:00
R. Ryantm
74d496e1de mdcat: 2.3.1 -> 2.4.0 2024-09-20 15:31:00 +00:00
Emily
acb9363e5a
mupdf: 1.24.8 -> 1.24.9, fixes (#342894) 2024-09-20 16:26:59 +01:00
Fabian Affolter
de184ab282
polenum: init at 1.6.1-unstable-2024-07-30 (#342832) 2024-09-20 17:19:01 +02:00
R. Ryantm
0d78a8539e nixos-anywhere: 1.3.0 -> 1.4.0 2024-09-20 15:02:50 +00:00
Raghav Sood
ff5752aab3
flyctl: 0.3.1 -> 0.3.6 (#343197) 2024-09-20 22:59:15 +08:00
Peder Bergebakken Sundt
eb18392075
python312Packages.robotframework-seleniumlibrary: 6.5.0 -> 6.6.1 (#342910) 2024-09-20 16:24:28 +02:00
Peder Bergebakken Sundt
955338da33
python312Packages.sentence-transformers: 3.1.0 -> 3.1.1 (#343112) 2024-09-20 16:21:41 +02:00
Peder Bergebakken Sundt
fd32be7f3b
python312Packages.braceexpand: modernize, adopt (#343142) 2024-09-20 16:18:33 +02:00
Aleksana
67d9b47a75
backrest: init at 1.5.0 (#342141) 2024-09-20 22:06:40 +08:00
Johannes Kirschbauer
e2dd770370
Doc: clarify mkDerivation argument handling (#343247) 2024-09-20 16:01:49 +02:00
Emily
8d4e202d62
grafana-agent: 0.42.0 -> 0.43.0 (#341565) 2024-09-20 16:00:54 +02:00
Jörg Thalheim
95661913ba
nix-serve: pin nix 2.24 (#343274) 2024-09-20 16:00:02 +02:00
Jörg Thalheim
58b379f8c4 nix-serve: pin nix 2.24 2024-09-20 15:54:08 +02:00
R. Ryantm
b6f5bf49d3 disko: 1.7.0 -> 1.8.0 2024-09-20 13:50:31 +00:00
R. Ryantm
4ddc9f80d6 ddccontrol-db: 20240304 -> 20240920 2024-09-20 13:38:20 +00:00
R. Ryantm
fe06432224 cargo-public-api: 0.37.0 -> 0.38.0 2024-09-20 13:34:56 +00:00
Jörg Thalheim
a11ec092e8
maintainers: update mkez (#343263) 2024-09-20 15:19:50 +02:00
Martin Weinelt
5988878cbb
bibtex-tidy: 1.13.0 -> 1.14.0
https://github.com/FlamingTempura/bibtex-tidy/blob/v1.14.0/CHANGELOG.md

https://github.com/FlamingTempura/bibtex-tidy/compare/v1.13.0...v1.14.0
2024-09-20 15:12:08 +02:00
nikstur
6fe973349d nix-store-veritysetup-generator: init at 0.1.0 2024-09-20 15:04:20 +02:00
Austin Horstman
6c9ef1b934
luaPackages.sqlite: disable checks on darwin 2024-09-20 07:58:48 -05:00
Matias Zwinger
a690c547bb
maintainers: update mkez 2024-09-20 15:52:15 +03:00
Nick Cao
b3e9ef326d
eigenmath: 3.27-unstable-2024-08-24 -> 3.27-unstable-2024-09-15 (#343228) 2024-09-20 08:47:12 -04:00
James Ward
f1ff851a7d
jetbrains.plugins: update 2024-09-20 06:47:05 -06:00
James Ward
ddb153d741
jetbrains: 2024.1 EAP -> 2024.2.2
jetbrains.clion: 2024.2.1 -> 2024.2.2
jetbrains.dataspell: 2024.2.1 -> 2024.2.2
jetbrains.goland: 2024.2.1.1 -> 2024.2.2
jetbrains.idea-community: 2024.2.1 -> 2024.2.2
jetbrains.idea-ultimate: 2024.2.1 -> 2024.2.2
jetbrains.pycharm-community: 2024.2.1 -> 2024.2.2
jetbrains.pycharm-professional: 2024.2.1 -> 2024.2.2
jetbrains.ruby-mine: 2024.2.1 -> 2024.2.2
jetbrains.rust-rover: 2024.2 -> 2024.2.1
jetbrains.webstorm: 2024.2.1 -> 2024.2.2
jetbrains.writerside: 2024.1 EAP -> 2024.2 EAP
2024-09-20 06:46:09 -06:00
Adam Stephens
0cfb8d3f7b
envoy: 1.31.1 -> 1.31.2
https://github.com/envoyproxy/envoy/releases/tag/v1.31.2

CVE-2024-45807: oghttp2 crash on OnBeginHeadersForStream
CVE-2024-45808: Malicious log injection via access logs
CVE-2024-45806: Potential manipulate x-envoy headers from external sources
CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs
CVE-2024-45810: Envoy crashes for LocalReply in http async client
2024-09-20 08:42:08 -04:00
h7x4
19635fef8f
nrfutil: 7.11.1 -> 7.13.0 2024-09-20 14:27:24 +02:00
h7x4
4dc21cedcb
nrfutil: switch upstream source 2024-09-20 14:27:24 +02:00
R. Ryantm
b8a7670d76 mesonlsp: 4.3.4 -> 4.3.5 2024-09-20 12:24:45 +00:00
Adam C. Stephens
b93a350252
matrix-authentication-service: 0.10.0 -> 0.12.0 (#342301) 2024-09-20 08:14:23 -04:00
github-actions[bot]
33e2cbc61f
Merge staging-next into staging 2024-09-20 12:05:56 +00:00
github-actions[bot]
7556e2a306
Merge master into staging-next 2024-09-20 12:05:32 +00:00
Weijia Wang
0cfbf76e38 bun: 1.1.27 -> 1.1.29 2024-09-20 14:04:39 +02:00
Rick van Schijndel
02971f96c1
mautrix-meta: 0.3.2 -> 0.4.0 (#342988) 2024-09-20 13:45:58 +02:00
Cosima Neidahl
d19ec26142
rcu: 2024.001p -> 2024.001q (#341869) 2024-09-20 13:43:31 +02:00
Cosima Neidahl
eee25622ff
nixosTests.terminal-emulators: Fix lomiri-terminal-app test after mesa change (#341573) 2024-09-20 13:42:57 +02:00
Gaetan Lepage
02f584f37f ruff-lsp: 0.0.56 -> 0.0.57
Diff: https://github.com/astral-sh/ruff-lsp/compare/refs/tags/v0.0.56...v0.0.57

Changelog: https://github.com/astral-sh/ruff-lsp/releases/tag/v0.0.57
2024-09-20 13:34:08 +02:00
Emily
8e51715333
default-gcc-version: Remove conditional for vc4 and relibc (#343146) 2024-09-20 12:30:02 +01:00
DontEatOreo
c4b9fe09f4
warp-terminal: 0.2024.09.10.08.02.stable_01 -> 0.2024.09.17.08.02.stable_01
Changelog: https://docs.warp.dev/getting-started/changelog#id-2024.09.19-v0.2024.09.17.08.02
2024-09-20 14:19:54 +03:00
Robert Hensing
039db25806
Doc: init stdenv.mkDerivation doc-comment (#343031) 2024-09-20 13:15:36 +02:00
R. Ryantm
1bb415810e nwg-displays: 0.3.20 -> 0.3.21 2024-09-20 11:04:55 +00:00
Moritz Sanft
5ee6467bd3
nixos: add support for dm-verity
Co-authored-by: nikstur <nikstur@outlook.com>
Co-authored-by: WilliButz <willibutz@posteo.de>
2024-09-20 13:03:10 +02:00
Yt
3fe7fe4a14
gleam: 1.4.1 -> 1.5.0 (#343211) 2024-09-20 06:59:03 -04:00
Ilan Joselevich
7723b79623
rush-parallel: init at 0.5.6 (#342875) 2024-09-20 13:53:52 +03:00
Jörg Thalheim
9625766c32
Nix minor version bump (#343187) 2024-09-20 12:26:37 +02:00
Johannes Kirschbauer
f14a171413
Doc: init stdenv.mkDerivation doc-comment 2024-09-20 12:13:43 +02:00
R. Ryantm
5ba4c6a061 eigenmath: 3.27-unstable-2024-08-24 -> 3.27-unstable-2024-09-15 2024-09-20 10:12:53 +00:00
Leah Amelia Chen
2825fb0546
i-dot-ming: 8.00 -> 8.10 2024-09-20 12:08:25 +02:00
Jörg Thalheim
eb678b4772
nix-serve: unstable-2018-03-20 → unstable-2024-09-17 (#342714) 2024-09-20 12:04:08 +02:00