Commit Graph

174171 Commits

Author SHA1 Message Date
Silvan Mosberger
aadb1cbe26
Merge pull request #58494 from markuskowa/upd-octopus
octopus: 8.3 -> 8.4
2019-03-29 20:43:28 +01:00
Silvan Mosberger
555734eded bazel: Fix PATH escaping 2019-03-29 20:31:04 +01:00
markuskowa
7701fd7603
Merge pull request #58097 from r-ryantm/auto-update/ginac
ginac: 1.7.4 -> 1.7.5
2019-03-29 20:27:39 +01:00
Silvan Mosberger
52a97dcf00
Merge pull request #57426 from r-ryantm/auto-update/python3.7-osmnx
python37Packages.osmnx: 0.8.1 -> 0.9
2019-03-29 20:25:47 +01:00
markuskowa
a8552f46e8
Merge pull request #58021 from r-ryantm/auto-update/cpptest
cpptest: 1.1.2 -> 2.0.0
2019-03-29 20:23:48 +01:00
Silvan Mosberger
030b845413
Merge pull request #58492 from markuskowa/upd-molden
molden: 5.9.3 -> 5.9.5
2019-03-29 20:16:08 +01:00
Aaron Lindsay
c17cf32a37 fixup! msp430: include vendor headers with stdenv 2019-03-29 11:08:37 -07:00
R. RyanTM
34483d88f5
python37Packages.osmnx: 0.8.1 -> 0.9
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/python3.7-osmnx/versions
2019-03-29 18:21:42 +01:00
Silvan Mosberger
06f883f7a0
Merge pull request #51344 from timokau/sagenb-matplotlib-fix
pythonPackages.matplotlib: enable tk backend by default
2019-03-29 18:17:13 +01:00
Will Dietz
9ad0e9ed55 whois: 5.4.1 -> 5.4.2
https://github.com/rfc1036/whois/blob/v5.4.2/debian/changelog
2019-03-29 11:41:57 -05:00
Will Dietz
dfdacfdd8a ffmpeg: 3.4.5 -> 3.4.6
0ac9001ab9:/Changelog
2019-03-29 11:25:28 -05:00
Ben Gamari
50a4de7326 nixos/gitlab: Install and fixup vendorised gitlab-shell
gitaly now ships its own vendorised version of gitlab-shell. Previously
we failed to install this, resulting in
https://gitlab.com/gitlab-org/gitlab-ce/issues/59403.
2019-03-29 11:53:07 -04:00
Will Dietz
b10d09901b gitAndTools.hub: 2.11.0 -> 2.11.1 2019-03-29 10:51:53 -05:00
Silvan Mosberger
106b52bac0
Merge pull request #58536 from markuskowa/fix-clblas
clblas: turn of gtest, fix build
2019-03-29 16:36:02 +01:00
Florian Klink
cb09c5bf6a
Merge pull request #54972 from trustedkey/minio
pythonPackages.minio: init at 4.0.11
2019-03-29 16:08:25 +01:00
Alexey Shmalko
5b0dc3c88c
Merge pull request #58521 from dtzWill/update/cmocka-1.1.15
cmocka: 1.1.3 -> 1.1.5
2019-03-29 17:04:31 +02:00
Ryan Mulligan
cb4b210894
Merge pull request #58533 from bignaux/assaultcube
assaultcube: unstable-2017-05-01 -> unstable-2018-05-20
2019-03-29 07:57:33 -07:00
Peter Romfeld
364cbd088e minio: init at 4.0.13 2019-03-29 15:50:36 +01:00
Silvan Mosberger
84067b7ef1
Merge pull request #58537 from matthiasbeyer/alias-map
lib: lists: Alias map = builtins.map
2019-03-29 15:35:46 +01:00
Vladyslav M
60ec578e6a
Merge pull request #57237 from vlaci/pkgs/emacs
emacs: backport hunspell 1.7.0 support from upstream
2019-03-29 16:32:07 +02:00
Bignaux Ronan
0a38c2794d assaultcube: unstable-2017-05-01 -> unstable-2018-05-20 2019-03-29 15:22:46 +01:00
Jörg Thalheim
382333b25e
Merge pull request #57824 from illegalprime/fix/libmodbus-cross
libmodbus: fix for cross compilation
2019-03-29 13:54:37 +00:00
zimbatm
b9038204d6
sublime3: Fix python api locale (#58491) 2019-03-29 14:38:03 +01:00
Judson Lester
704d02053b (ruby-modules/gem): (refactor) (#53525)
* Changing leaveDotGit to git chacha on build

* Removing debugging cruft

* Simpler git handling

* Can't clobber index after `add`

* Update pkgs/development/ruby-modules/gem/default.nix

Useful comments

Co-Authored-By: nyarly <nyarly@users.noreply.github.com>

* Update pkgs/development/ruby-modules/gem/default.nix

Comments are useful

Co-Authored-By: nyarly <nyarly@users.noreply.github.com>
2019-03-29 14:36:04 +01:00
Matthias Beyer
3cf40fc794 lib: lists: Alias builtins.map
Signed-off-by: Matthias Beyer <mail@beyermatthias.de>
Suggested-by: Profpatsch <mail@profpatsch.de>
2019-03-29 14:34:30 +01:00
Markus Kowalewski
ad1e7b09c0
libgpuarray: fix build
move cmake into nativeBuildInputs
2019-03-29 14:18:55 +01:00
Markus Kowalewski
4c74ee948e
clblas: turn of gtest, fix build
clblas does not work anymore with gmock 1.8.1.
Turning off the test suite fixes the build.
2019-03-29 13:59:45 +01:00
Domen Kožar
bad5d145c2
Merge pull request #58525 from domenkozar/haskell-bin-output
Haskell optional separate bin output
2019-03-29 19:18:36 +07:00
Graham Christensen
bb32e322a5
Merge pull request #57559 from Ekleog/iso-image-reproducibilization
iso-image: make reproducible by not relying on mcopy's readdir
2019-03-29 08:02:56 -04:00
Andreas Rammhold
e0b4356c0d
Merge pull request #57936 from andir/build-rust-crate-nix-build-cores
buildRustCrate: use $NIX_BUILD_CORES for each of the crates
2019-03-29 12:29:43 +01:00
Maximilian Bosch
347a49ad5d
Merge pull request #58282 from r-ryantm/auto-update/ktlint
ktlint: 0.30.0 -> 0.31.0
2019-03-29 11:45:15 +01:00
Maximilian Bosch
27ad1d515b
Merge pull request #58188 from r-ryantm/auto-update/hatari
hatari: 2.1.0 -> 2.2.1
2019-03-29 11:38:39 +01:00
Maximilian Bosch
9197ad64ee
Merge pull request #58102 from r-ryantm/auto-update/gphoto2
gphoto2: 2.5.17 -> 2.5.20
2019-03-29 11:20:14 +01:00
Vincent Demeester
28a2dd8024
runc: 1.0.0-rc6 -> 1.0.0-rc7
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
2019-03-29 11:12:04 +01:00
Maximilian Bosch
e2ae451560
Merge pull request #58523 from dtzWill/update/trilium-0.30.6
trilium: 0.30.4 -> 0.30.6
2019-03-29 11:09:31 +01:00
Andreas Rammhold
c8186ad7b3
firefox: 66.0.1 -> 66.0.2 2019-03-29 10:41:00 +01:00
Pascal Wittmann
b514ec36fa
Merge pull request #58524 from dtzWill/update/hub-2.11.0
gitAndTools.hub: 2.10.0 -> 2.11.0
2019-03-29 10:38:31 +01:00
Andreas Rammhold
6977980927
firefox-bin: 66.0.1 -> 66.0.2 2019-03-29 10:36:47 +01:00
Maximilian Bosch
34fd0cc793
Merge pull request #56575 from zarelit/upgrade_mailcatcher
mailcatcher: 0.6.5 -> 0.7.1
2019-03-29 10:09:00 +01:00
Domen Kožar
b06201bf6f
cachix: use separate bin output to prove it's useful
Spares compilation time by not compiling the package twice.
2019-03-29 15:10:54 +07:00
Domen Kožar
bd06834d5e
haskell: allow separate bin output, disable by default 2019-03-29 15:10:42 +07:00
Vincent Laporte
823107038b coqPackages.coqhammer: init at 1.1
CoqHammer is a general-purpose automated reasoning hammer tool for Coq.

Homepage: http://cl-informatik.uibk.ac.at/cek/coqhammer/
2019-03-29 09:07:27 +01:00
Will Dietz
89e15afa66 gitAndTools.hub: 2.10.0 -> 2.11.0
https://github.com/github/hub/releases/tag/v2.11.0
https://github.com/github/hub/releases/tag/v2.10.2
https://github.com/github/hub/releases/tag/v2.10.1
2019-03-29 02:48:53 -05:00
Will Dietz
6d7d5759fc trilium: 0.30.4 -> 0.30.6 2019-03-29 02:33:48 -05:00
Will Dietz
658d891b38 cmocka: 1.1.3 -> 1.1.5
https://gitlab.com/cmocka/cmocka/tags/cmocka-1.1.5
slightly more descriptive note about the release
on https://cmocka.org but not easy to link.
2019-03-29 02:30:57 -05:00
Robert Schütz
2cfe129d65 postfix: 3.4.3 -> 3.4.4
http://www.postfix.org/announcements/postfix-3.4.4.html
2019-03-29 07:52:24 +01:00
Matthew Glazar
689e1efda0 iterm2: fix build
During iterm2's build, xcodebuild invokes $LD and passes it options such
as -isysroot. These options are intended for the linker driver (clang),
not for the linker directly. ld64 ($LD) does not recognize these
options, causing iterm2's build to fail.

Set $LD to $CC (clang) as intended, making iterm2's build succeed.
2019-03-28 20:44:08 -07:00
aszlig
dcf40f7c24
Merge pull request #57519 (systemd-confinement)
Currently if you want to properly chroot a systemd service, you could do
it using BindReadOnlyPaths=/nix/store or use a separate derivation which
gathers the runtime closure of the service you want to chroot. The
former is the easier method and there is also a method directly offered
by systemd, called ProtectSystem, which still leaves the whole store
accessible. The latter however is a bit more involved, because you need
to bind-mount each store path of the runtime closure of the service you
want to chroot.

This can be achieved using pkgs.closureInfo and a small derivation that
packs everything into a systemd unit, which later can be added to
systemd.packages.

However, this process is a bit tedious, so the changes here implement
this in a more generic way.

Now if you want to chroot a systemd service, all you need to do is:

  {
    systemd.services.myservice = {
      description = "My Shiny Service";
      wantedBy = [ "multi-user.target" ];

      confinement.enable = true;
      serviceConfig.ExecStart = "${pkgs.myservice}/bin/myservice";
    };
  }

If more than the dependencies for the ExecStart* and ExecStop* (which
btw. also includes script and {pre,post}Start) need to be in the chroot,
it can be specified using the confinement.packages option. By default
(which uses the full-apivfs confinement mode), a user namespace is set
up as well and /proc, /sys and /dev are mounted appropriately.

In addition - and by default - a /bin/sh executable is provided, which
is useful for most programs that use the system() C library call to
execute commands via shell.

Unfortunately, there are a few limitations at the moment. The first
being that DynamicUser doesn't work in conjunction with tmpfs, because
systemd seems to ignore the TemporaryFileSystem option if DynamicUser is
enabled. I started implementing a workaround to do this, but I decided
to not include it as part of this pull request, because it needs a lot
more testing to ensure it's consistent with the behaviour without
DynamicUser.

The second limitation/issue is that RootDirectoryStartOnly doesn't work
right now, because it only affects the RootDirectory option and doesn't
include/exclude the individual bind mounts or the tmpfs.

A quirk we do have right now is that systemd tries to create a /usr
directory within the chroot, which subsequently fails. Fortunately, this
is just an ugly error and not a hard failure.

The changes also come with a changelog entry for NixOS 19.03, which is
why I asked for a vote of the NixOS 19.03 stable maintainers whether to
include it (I admit it's a bit late a few days before official release,
sorry for that):

  @samueldr:

    Via pull request comment[1]:

      +1 for backporting as this only enhances the feature set of nixos,
      and does not (at a glance) change existing behaviours.

    Via IRC:

      new feature: -1, tests +1, we're at zero, self-contained, with no
      global effects without actively using it, +1, I think it's good

  @lheckemann:

    Via pull request comment[2]:

      I'm neutral on backporting. On the one hand, as @samueldr says,
      this doesn't change any existing functionality. On the other hand,
      it's a new feature and we're well past the feature freeze, which
      AFAIU is intended so that new, potentially buggy features aren't
      introduced in the "stabilisation period". It is a cool feature
      though? :)

A few other people on IRC didn't have opposition either against late
inclusion into NixOS 19.03:

  @edolstra:  "I'm not against it"
  @Infinisil: "+1 from me as well"
  @grahamc:   "IMO its up to the RMs"

So that makes +1 from @samueldr, 0 from @lheckemann, 0 from @edolstra
and +1 from @Infinisil (even though he's not a release manager) and no
opposition from anyone, which is the reason why I'm merging this right
now.

I also would like to thank @Infinisil, @edolstra and @danbst for their
reviews.

[1]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-477322127
[2]: https://github.com/NixOS/nixpkgs/pull/57519#issuecomment-477548395
2019-03-29 04:37:53 +01:00
Maximilian Bosch
673c8193cd
Merge pull request #58489 from aanderse/mailcatcher
nixos/mailcatcher: fix test to be compatible with mailcatcher 7.x series
2019-03-29 04:01:02 +01:00
Maximilian Bosch
54e77d51b8
Merge pull request #58503 from geistesk/stellarium-v0.19.0
stellarium: 0.18.3 -> 0.19.0
2019-03-29 03:52:02 +01:00