Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nix: 2.3 -> 2.3.1 #76736

Merged
merged 1 commit into from Dec 31, 2019
Merged

nix: 2.3 -> 2.3.1 #76736

merged 1 commit into from Dec 31, 2019

Conversation

zimbatm
Copy link
Member

@zimbatm zimbatm commented Dec 31, 2019

(cherry picked from commit 3ab3614)

back-port the point release to 19.09. These are all bug-fixes.

Motivation for this change

NixOS/nix#3104

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.
Notify maintainers

cc @

@edolstra @zimbatm
nix: 2.3 -> 2.3.1
2ce54ed 
(cherry picked from commit 3ab3614)
@ofborg ofborg bot requested a review from edolstra December 31, 2019 13:55
vcunat
vcunat approved these changes Dec 31, 2019
View reviewed changes
Copy link
Member

@vcunat vcunat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't look at (all) changes in 2.3.1, but it sounds good, and 2.3.1 has been used in unstable/master for months.

@flokli flokli merged commit cf17d0e into NixOS:release-19.09 Dec 31, 2019
@edolstra
Copy link
Member

2.3.1 changes the handling of /nix/var/nix/{profiles,gcroots} in an incompatible way so it's not really appropriate for a stable channel.

If we do backport it, then we probably need to cherry-pick 4e0d6a5, otherwise the security fixes in 2.3.1 are kind of pointless. Maybe also 27d2857 and 9d0de0d

@Ericson2314
Copy link
Member

2.3.1 changes the handling of /nix/var/nix/{profiles,gcroots} in an incompatible way so it's not really appropriate for a stable channel.

Should this have been a major version bump?

@flokli
Copy link
Contributor

flokli commented Dec 31, 2019

Wait… this means, CVE-2019-17365 currently wasn't fixed in the stable channel at all?

@zimbatm
Copy link
Member Author

zimbatm commented Jan 1, 2020

reverted in dce9dfa

@zimbatm zimbatm deleted the release-19.09-nix-2.3.1 branch January 1, 2020 10:23
@flokli flokli mentioned this pull request Jan 1, 2020
Merged
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flokli flokli flokli approved these changes

@vcunat vcunat vcunat approved these changes

@Ericson2314 Ericson2314 Awaiting requested review from Ericson2314

@edolstra edolstra Awaiting requested review from edolstra

Assignees
No one assigned
Labels
6.topic: nixos 8.has: module (update) 10.rebuild-darwin: 11-100 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@zimbatm @edolstra @Ericson2314 @flokli @vcunat