Commit Graph

1964 Commits

Author SHA1 Message Date
Mario Rodas
c831e4e9e4 podman: 2.2.1 -> 3.0.0
https://github.com/containers/podman/releases/tag/v3.0.0
2021-02-11 04:20:00 +00:00
Sascha Grunert
c2ef7b1cbf
crun: add criu support
Adding the criu dependency allows using the feature, too:

```
> ./result/bin/crun --version
crun version 0.17
commit: 0.17
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
```

Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
2021-02-11 13:58:58 +01:00
Alyssa Ross
8f0bd879da
qemu: re-enable stack protection
5e25995295 ("qemu: 2.6.1 -> 2.7.0") added this, because the QEMU
build failed without it.  That's no longer the case, so we can bring
back stack protection.
2021-02-09 21:26:43 +00:00
R. RyanTM
74c9af1c7c charliecloud: 0.21 -> 0.22 2021-02-09 07:52:17 +00:00
Ivan Babrou
251add14cf qemu: only apply autoPatchelfHook on linux
It fails on darwin due to missing `patchelf` and the missing ELFs:

```
/nix/store/...-auto-patchelf-hook/nix-support/setup-hook: line 220: -l: command not found
```
2021-02-08 13:48:16 -08:00
Ivan Babrou
d29e8f0e59 qemu: rename VERSION to QEMU_VERSION to avoid name clash
In libc++ starting with LLVM8 there's `<version>` include in `cstddef`:

The following things also align:

* QEMU has a file called `VERSION` in repo root
* QEMU prepends repo root to include path in build
* macOS has a case-insensetive filesystem

All of this combined means that `VERSION` file is included as a header.

Working around this be renaming `VERSION` -> `QEMU_VERSION` to resolve ambiguity.

The problem really only appears on `aarch64-darwin`, since on `x86_64-darwin`
there are no C++ files to compile. The workaround is harmless enough to apply.
2021-02-08 13:45:47 -08:00
Ivan Babrou
bb475b01d2 qemu: do not force x86_64 cpu on darwin
This change produces the following warning:

```
... configure: line 619: sysctl: command not found
```

It's benign and sysctl is only useful on MacOS X Leopard:

* https://github.com/qemu/qemu/blob/v5.2.0/configure#L615-L621

Leopard is 13 years old and is not supported by Nix.

The sysctl check is removed in qemu master branch already.

Plus aarch64-darwin is coming in #105026, so there's no reason to force x86_64.
2021-02-08 13:39:10 -08:00
Sandro
8a4a984fd5
Merge pull request #105439 from avdv/bazel_3.7.1 2021-02-04 20:15:45 +01:00
Sascha Grunert
c1b7380700
runc: 1.0.0-rc92 -> 1.0.0-rc93
Signed-off-by: Sascha Grunert <mail@saschagrunert.de>
2021-02-04 10:29:07 +01:00
R. RyanTM
e87a8406c6 conmon: 2.0.25 -> 2.0.26 2021-02-04 04:40:30 +00:00
Claudio Bley
6d8c431eb0 bazel: 3.7.1 -> 3.7.2
* update sha256 for gvisor, tensorflow{,WithCuda}, bazel-watcher, bazel-remote
  and envoy
2021-02-03 10:44:07 +01:00
Sandro
b881f100f6
Merge pull request #111625 from jbedo/singularity
singularity: 3.7.0 -> 3.7.1
2021-02-02 13:11:41 +01:00
Justin Bedo
efd372d82c
singularity: 3.7.0 -> 3.7.1 2021-02-02 14:05:34 +11:00
Andreas Rammhold
ad5f23870c
Merge pull request #110847 from andir/docker-overrides
docker: allow overriding package inputs per docker package
2021-02-01 00:55:22 +01:00
Claudio Bley
71cda4f111 bazel: 3.3.1 -> 3.7.1
* remove python-shebang patch since it was integrated upstream[1]

[1]: https://github.com/bazelbuild/bazel/pull/11535/files
2021-01-29 21:53:25 +01:00
Mario Rodas
75fbbeeaa9 docker-slim: 1.33.0 -> 1.34.0
https://github.com/docker-slim/docker-slim/releases/tag/1.34.0
2021-01-29 04:20:00 +00:00
R. RyanTM
0449f1e8f2 docker-compose: 1.28.0 -> 1.28.2 2021-01-28 00:45:55 +00:00
Andreas Rammhold
ed46383416 docker: allow overriding package inputs per docker package
Previously we could not override the input packages to docker at all as
that had been shadowed due to the usage of inherit in all-package.nix.

We are now mixing the "variable" variables for the build and the
dependency declarations for the package and using callPackage as if each
of the docker packages would be separate files that we evaluate.

This now enables overriding e.g. iptables for a single verison of
docker which previously was not feasible without importing the
default.nix again (and passing different arguments).

> pkgs.docker.override { iptables = pkgs.iptables-nftables-compat; }
2021-01-26 13:08:25 +01:00
Milan
b7871c3f2d
qemu: fix build when desktop file does not exist (#110721)
The qemu-user variants as used by binfmt emulation through
`(lib.systems.elaborate lib.systems.examples.aarch64-multiplatform).emulator pkgs`
does not install a .desktop file since qemu 5.2.0. This change allows
the build to continue if deletion of the desktop file fails.
2021-01-25 19:24:32 +01:00
Pavol Rusnak
a6ce00c50c
treewide: remove stdenv where not needed 2021-01-25 18:31:47 +01:00
Florian Klink
68b6d6ca8e
Merge pull request #110550 from bryanasdev000/package-virtualbox-6.1.18
virtualbox: 6.1.16 -> 6.1.18
2021-01-25 16:36:05 +01:00
volth
bc0d605cf1 treewide: fix double quoted strings in meta.description
Signed-off-by: Ben Siraphob <bensiraphob@gmail.com>
2021-01-24 19:56:59 +07:00
John Ericson
12881a7aa7
Merge pull request #110544 from Ericson2314/no-platform
top-level, lib: Remove platform attribute of platforms
2021-01-23 16:32:36 -05:00
Sandro
cba0c7e756
Merge pull request #110543 from bobrik/ivan/buildx-path
docker: correct substitution path with buildx enabled
2021-01-23 20:32:55 +01:00
John Ericson
9c213398b3 lib: Clean up how linux and gcc config is specified
Second attempt of 8929989614589ee3acd070a6409b2b9700c92d65; see that
commit for details.

This reverts commit 0bc275e634.
2021-01-23 10:01:28 -05:00
Florian Klink
994e221f16
Merge pull request #106988 from drewrisinger/dr-pr-qemu-bump
qemu: 5.1.0 -> 5.2.0
2021-01-23 00:20:06 +01:00
Bryan A. S
72e688c973 virtualbox: 6.1.16 -> 6.1.18
Signed-off-by: Bryan A. S <bryanasdev000@gmail.com>
2021-01-22 19:36:45 -03:00
Maximilian Bosch
c6d4197e4f
Merge pull request #110283 from r-ryantm/auto-update/docker-compose
docker-compose: 1.27.4 -> 1.28.0
2021-01-22 23:25:29 +01:00
Jonathan Ringer
0bc275e634
Revert "lib: Clean up how linux and gcc config is specified"
This is a stdenv-rebuild, and should not be merged
into master

This reverts commit 8929989614.
2021-01-22 14:07:06 -08:00
Ivan Babrou
aea19f284a docker: correct substitution path with buildx enabled
Starting with Docker 20.10, the client repo moved and the path changed.
2021-01-22 13:43:30 -08:00
John Ericson
d95aebbe0e
Merge pull request #107214 from Ericson2314/linux-config-cleanup
lib: Clean up how linux and gcc config is specified
2021-01-22 15:15:58 -05:00
Sandro
0c096b67dc
Merge pull request #107302 from bobrik/ivan/docker-buildx 2021-01-22 12:50:25 +01:00
John Ericson
8929989614 lib: Clean up how linux and gcc config is specified
The `platform` field is pointless nesting: it's just stuff that happens
to be defined together, and that should be an implementation detail.

This instead makes `linux-kernel` and `gcc` top level fields in platform
configs. They join `rustc` there [all are optional], which was put there
and not in `platform` in anticipation of a change like this.

`linux-kernel.arch` in particular also becomes `linuxArch`, to match the
other `*Arch`es.

The next step after is this to combine the *specific* machines from
`lib.systems.platforms` with `lib.systems.examples`, keeping just the
"multiplatform" ones for defaulting.
2021-01-21 22:44:09 -05:00
zowoq
722c5a8316 crun: 0.16 -> 0.17
https://github.com/containers/crun/releases/tag/0.17
2021-01-22 08:06:10 +10:00
Ivan Babrou
deb0d298a2 docker: add buildx support to docker client 2021-01-21 12:52:46 -08:00
Ivan Babrou
e431ff7e2e docker-buildx: init at 0.5.1
Installing docker-buildx enables buildx subcommand on the client:

* https://github.com/docker/buildx
2021-01-21 12:52:45 -08:00
zowoq
30ab92ea31 conmon: 2.0.24 -> 2.0.25
https://github.com/containers/conmon/releases/tag/v2.0.25
2021-01-21 18:35:16 +10:00
R. RyanTM
a17adff3e9 docker-compose: 1.27.4 -> 1.28.0 2021-01-21 07:50:25 +00:00
Mario Rodas
369e772cda
Merge pull request #109955 from r-ryantm/auto-update/dumb-init
dumb-init: 1.2.4 -> 1.2.5
2021-01-20 21:24:40 -05:00
zowoq
31f5dd3f36 treewide: editorconfig fixes
- remove trailing whitespace
- use spaces for indentation
2021-01-20 09:11:11 +10:00
Drew Risinger
9e403b19a1 qemu: 5.1.0 -> 5.2.0
Updates to latest version of QEMU.
The build system has changed to ninja.
There are several configuration flags that aren't enabled. I will
defer to maintainers on those.

Adds autoPatchelfHook for patching output dynamically linked binaries.

qemu: use Nix's meson vs bundled

qemu: remove custom directory locations

It appears that these directories are no longer automatically prefixed
with $out/, so they are now trying to write to the system /etc/, /var/
directories, which is not permitted in sandbox.
The default directories seem to work OK, so using those.
2021-01-19 14:06:28 -05:00
R. RyanTM
2ed911999c dumb-init: 1.2.4 -> 1.2.5 2021-01-19 12:17:33 +00:00
R. RyanTM
d71bca5967
cri-o-unwrapped: 1.19.0 -> 1.20.0 (#109920) 2021-01-19 18:58:49 +10:00
Sandro
1afec60627
Merge pull request #95274 from misuzu/qemu-iscsi 2021-01-17 20:16:06 +01:00
Ben Siraphob
5d566c43b4 pkgs/applications: pkgconfig -> pkg-config 2021-01-16 23:49:59 -08:00
Jörg Thalheim
f3042e3078
Merge pull request #108862 from cpcloud/refactor-nvidia-containers 2021-01-15 11:10:09 +00:00
Ben Siraphob
108bdac3d9 pkgs/applications: stdenv.lib -> lib 2021-01-15 14:24:03 +07:00
zowoq
93e5d99592 conmon: 2.0.22 -> 2.0.24
https://github.com/containers/conmon/releases/tag/v2.0.24
2021-01-15 13:03:08 +10:00
zowoq
8a4b39330f Revert "conmon: 2.0.22 -> 2.0.23"
This reverts commit 59d4583cf3.

Broken release.
2021-01-15 04:44:13 +10:00
Sascha Grunert
59d4583cf3 conmon: 2.0.22 -> 2.0.23
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2021-01-14 08:03:25 -08:00
Mark Vainomaa
b451286b1f
docker: 19.03.4 -> 20.10.2 (#108960)
This commit refactors the build process to handle Docker engine and
CLI split.
2021-01-13 11:33:14 +01:00
Sandro
e12409de89
Merge pull request #108959 from mikroskeem/docker-proxy-update
docker-proxy: 7b2b1fe -> fa125a3
2021-01-13 09:18:19 +01:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
Mark Vainomaa
855bf1a311
docker-proxy: 7b2b1fe -> fa125a3 2021-01-10 17:31:10 +02:00
Phillip Cloud
4cd4468144 nvidia-container-toolkit: remove unused input 2021-01-10 08:54:38 -05:00
Phillip Cloud
5af3dd4a96 nvidia-container-toolkit: fix license 2021-01-10 08:54:38 -05:00
Phillip Cloud
8f33bef20f nvidia-container-runtime: fix license 2021-01-10 08:54:38 -05:00
Phillip Cloud
7eed27754c libnvidia-container: fix license 2021-01-10 08:54:38 -05:00
Phillip Cloud
8169d5c644 nvidia-container-toolkit: pass nvidia-container-runtime into drv 2021-01-10 08:54:38 -05:00
Phillip Cloud
f91f9eacd6 nvidia-container-toolkit: format 2021-01-10 08:54:37 -05:00
Phillip Cloud
bc43141b48 nvidia-container-runtime: format 2021-01-10 08:54:37 -05:00
Phillip Cloud
b0b92e598d libnvidia-container: remove line break 2021-01-10 08:54:37 -05:00
Phillip Cloud
d93754bb40 nvidia-docker: fix lib access 2021-01-10 08:54:37 -05:00
Phillip Cloud
e94a0228c5 nvidia-docker: clean up drv inputs 2021-01-10 08:54:37 -05:00
Phillip Cloud
6b5b64173f nvidia-docker: no longer perform templating of container runtime config files 2021-01-10 08:54:37 -05:00
Phillip Cloud
91b47ae43c nvidia-docker: podman-config.toml -> nvidia-podman/config.toml 2021-01-10 08:54:37 -05:00
Phillip Cloud
e67c679649 nvidia-docker: split out nvidia-container-toolkit into separate drv 2021-01-10 08:54:37 -05:00
Phillip Cloud
610ec202dc nvidia-docker: split out nvidia-container-runtime into separate drv 2021-01-10 08:54:37 -05:00
Phillip Cloud
27cd42fd6d nvidia-docker: use pname for repo attribute 2021-01-10 08:54:37 -05:00
Phillip Cloud
b578c28217 nvidia-docker: split out libnvidia-container into separate drv 2021-01-10 08:54:37 -05:00
Michael Weiss
8ae8602bf7
Merge branch 'master' into staging-next
Manually resolved a conflict in
pkgs/development/libraries/libbladeRF/default.nix.
2021-01-09 12:16:11 +01:00
Phillip Cloud
7115e5ac8d nvidia-docker: fix pname of nvidia-container-runtime 2021-01-08 09:29:56 -05:00
Phillip Cloud
890a298409 nvidia-docker: wrapProgram to pickup needed runc executable 2021-01-08 09:29:56 -05:00
Phillip Cloud
df43c0f9da nvidia-docker: install podman config 2021-01-08 09:29:56 -05:00
Jan Tojnar
e6c0c98940
Merge branch 'master' into staging-next
zynaddsubfx conflict has been updated to 3.0.1, which conflicted with rewrite after 3.0.5 update on a different branch.
2021-01-08 02:07:34 +01:00
Phillip Cloud
976c3999a2 nvidia-docker: fix VERSION reporting bug 2021-01-07 15:56:08 -05:00
github-actions[bot]
5c072a088d
Merge master into staging-next 2021-01-07 18:40:50 +00:00
Phillip Cloud
6468f2cb69 nvidia-docker: 2.0.3 -> 2.5.0 2021-01-07 07:50:01 -05:00
Ben Siraphob
b04fc593e7 treewide: cmake buildInputs to nativeBuildInputs, minor cleanups 2021-01-01 11:52:33 +07:00
Jörg Thalheim
f91d7cf059
cntr: 1.2.1 -> 1.4.1 2020-12-30 07:09:54 +01:00
misuzu
c5dd597870 qemu: libiscsi support 2020-12-29 16:19:42 +02:00
Florian Klink
f13837054b
Merge pull request #107778 from zowoq/containerd
containerd: misc fixes
2020-12-29 01:04:10 +01:00
zowoq
824cfdd019 docker: disable containerd completion
not available in containerd prior to 1.4
2020-12-29 09:33:28 +10:00
zowoq
d7d6f5507c containerd: misc fixes
- build man during buildPhase
- use `src.rev` for `commit`
- install completion
2020-12-29 09:33:28 +10:00
freezeboy
8ab8ada2f5 charliecloud: 0.20 -> 0.21 2020-12-27 22:34:18 +01:00
zowoq
70bcf62c05 conmon: 2.0.21 -> 2.0.22
https://github.com/containers/conmon/releases/tag/v2.0.22
2020-12-21 05:28:42 +10:00
Michael Weiss
52424415bc
vpcs: 0.8 -> 0.8.1
Thanks to Repology / Alpine Linux I noticed that the GNS3 team continued
the development. From their README:
> This is a continuation of VPCS, based on the last development version
> and improved with patches wrote by various people from the community.
> The original VPCS code, which is unfortunately not maintained anymore,
> can be viewed on https://sourceforge.net/p/vpcs/code/
2020-12-18 20:45:54 +01:00
Mario Rodas
9c8a7716d3 docker-slim: 1.32.0 -> 1.33.0
https://github.com/docker-slim/docker-slim/releases/tag/1.33.0
2020-12-15 13:45:00 -05:00
R. RyanTM
4cddb0930d dumb-init: 1.2.3 -> 1.2.4 2020-12-10 15:01:17 +00:00
zowoq
cfbc1af189 podman: 2.2.0 -> 2.2.1
https://github.com/containers/podman/releases/tag/v2.2.1
2020-12-09 05:37:31 +10:00
R. RyanTM
bbbb6dfa36 dumb-init: 1.2.2 -> 1.2.3 2020-12-04 10:05:05 +00:00
Maximilian Bosch
ccb3f1c9dd
Merge pull request #105591 from mweinelt/qemu
qemu: fix CVE-2020-28916
2020-12-02 21:14:16 +01:00
Sergey Lukjanov
b999879206 docker: 19.03.13 -> 19.03.14 2020-12-01 23:34:59 -08:00
Martin Weinelt
2d55b8def4 containerd: update commit id for version indicator
I forogt to update the `commit` value in 8884729, which is why this the
version output was wrong:

```
❯ ./result/bin/containerd -v
containerd github.com/containerd/containerd v1.4.3 7ad184331fa3e55e52b890ea95e65ba581ae3429
```

This change corrects it.

```
❯ ./result/bin/containerd -v
containerd github.com/containerd/containerd v1.4.3 269548fa27e0089a8b8278fc4fc781d7f65a939b
```
2020-12-01 18:55:01 +01:00
Martin Weinelt
8884729f19
containerd: 1.4.2 -> 1.4.3
Access controls for the shim’s API socket verified that the connecting
process had an effective UID of 0, but did not otherwise restrict
access to the abstract Unix domain socket. This would allow malicious
containers running in the same network namespace as the shim, with an
effective UID of 0 but otherwise reduced privileges, to cause new
processes to be run with elevated privileges.

Fixes: CVE-2020-15257
2020-12-01 17:10:19 +01:00
Martin Weinelt
c3f268000e
qemu: fix CVE-2020-28916
While receiving packets via e1000e_write_packet_to_guest an infinite
loop could be triggered if the receive descriptor had a NULL buffer
address.

A privileged guest user could use this to induce a DoS Scenario.

Fixes: CVE-2020-28916
2020-12-01 16:54:21 +01:00
Sascha Grunert
bd6067cd5d podman: 2.1.0 -> 2.2.0
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
2020-12-01 22:20:11 +10:00
Martin Weinelt
3200eaef74
Merge pull request #105157 from mweinelt/libslirp
libslirp: fix CVE-2020-29129
2020-11-30 15:56:09 +01:00
Martin Weinelt
bd3ce46719
qemu: fix CVE-2020-29129, CVE-2020-29130 in vendored libslirp
Fixes out-of-bounds access in libslirp while processing ARP/NCSI packets.

Fixes: CVE-2020-29129, CVE-2020-29130
2020-11-28 02:47:44 +01:00
Sandro
1542fd8e8d
Merge pull request #77421 from Shados/xen-build-efi-binaries 2020-11-27 23:49:07 +01:00