Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 570ec19f3910
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: b0f8181432cd
Choose a head ref
  • 9 commits
  • 14 files changed
  • 7 contributors

Commits on Sep 24, 2018

  1. firefox-bin: 61.0.2 -> 62.0.2 

    (cherry picked from commit 5b79f81)
    @taku0 @andir
    taku0 authored and andir committed Sep 24, 2018

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    10db65e View commit details

  2. firefox: 61.0.2 -> 62.0.2 

    (cherry picked from commit da98236)
    @taku0 @andir
    taku0 authored and andir committed Sep 24, 2018
    Copy the full SHA
    53dee62 View commit details

  3. firefox-esr: 60.1.0esr -> 60.2.1esr 

    (cherry picked from commit e5778a9)
    @taku0 @andir
    taku0 authored and andir committed Sep 24, 2018
    Copy the full SHA
    02429f7 View commit details

  4. eztrace: 1.0.6 -> 1.1-7 (#47282) 

    See https://hydra.nixos.org/build/80721509
Addresses #45960

(cherry picked from commit 2babfb5)
    @Ma27 @xeji
    Ma27 authored and xeji committed Sep 24, 2018
    Copy the full SHA
    32af342 View commit details

  5. *: remove DappHub projects 

    DappHub maintains a separate overlay at
https://github.com/dapphub/dapptools/blob/master/overlay.nix

(cherry picked from commit 6017c6f)
    @asymmetric @Mic92
    asymmetric authored and Mic92 committed Sep 24, 2018
    Copy the full SHA
    71fd97d View commit details

  6. Merge pull request #47277 from andir/18.09/firefox 

    [18.09] firefox, firefox-bin 61.0.2 -> 62.0.2, firefox-esr: 60.2.0esr -> 60.2.1esr [Moderate security fixes]
    @andir
    andir authored Sep 24, 2018
    Copy the full SHA
    2373df6 View commit details

  7. nixos tests: move common configuration into separate file 

    This allows tests outside nixos to use acme setup.

(cherry picked from commit 6eacc17)
Signed-off-by: Domen Kožar <domen@dev.si>
    @domenkozar
    domenkozar committed Sep 24, 2018
    Copy the full SHA
    31432d4 View commit details

  8. dotnet-sdk: Reduce closure: Unpack to a subdirectory to prevent copyi… 

    …ng build files (#47269)

(cherry picked from commit 7f0865b)
    @baracoder @Mic92
    baracoder authored and Mic92 committed Sep 24, 2018
    Copy the full SHA
    f34ef9e View commit details

  9. nixos/chrony: clean up, rework to be a little closer to upstream 

    Most importantly, this sets PrivateTmp, ProtectHome, and ProtectSystem
so that Chrony flaws are mitigated, should they occur.

Moving to ProtectSystem=full however, requires moving the chrony key
files under /var/lib/chrony -- which should be fine, anyway.

This also ensures ConditionCapability=CAP_SYS_TIME is set, ensuring
that chronyd will only be launched in an environment where such a
capability can be granted.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
(cherry picked from commit 0ce90d5)
    @thoughtpolice
    thoughtpolice committed Sep 24, 2018
    Copy the full SHA
    b0f8181 View commit details
52 changes: 20 additions & 32 deletions nixos/modules/services/networking/chrony.nix
View file
Original file line number Diff line number Diff line change
@@ -3,12 +3,10 @@
with lib;

let
cfg = config.services.chrony;

stateDir = "/var/lib/chrony";

keyFile = "/etc/chrony.keys";

cfg = config.services.chrony;
keyFile = "${stateDir}/chrony.keys";

configFile = pkgs.writeText "chrony.conf" ''
${concatMapStringsSep "\n" (server: "server " + server) cfg.servers}
@@ -19,26 +17,18 @@ let
}
driftfile ${stateDir}/chrony.drift
keyfile ${keyFile}
${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
${cfg.extraConfig}
'';

chronyFlags = "-n -m -u chrony -f ${configFile} ${toString cfg.extraFlags}";

chronyFlags = "-m -u chrony -f ${configFile} ${toString cfg.extraFlags}";
in

{

###### interface

options = {

services.chrony = {

enable = mkOption {
default = false;
description = ''
@@ -83,15 +73,9 @@ in
description = "Extra flags passed to the chronyd command.";
};
};

};


###### implementation

config = mkIf cfg.enable {

# Make chronyc available in the system path
environment.systemPackages = [ pkgs.chrony ];

users.groups = singleton
@@ -113,26 +97,30 @@ in
{ description = "chrony NTP daemon";

wantedBy = [ "multi-user.target" ];
wants = [ "time-sync.target" ];
before = [ "time-sync.target" ];
after = [ "network.target" ];
wants = [ "time-sync.target" ];
before = [ "time-sync.target" ];
after = [ "network.target" ];
conflicts = [ "ntpd.service" "systemd-timesyncd.service" ];

path = [ pkgs.chrony ];

preStart =
''
mkdir -m 0755 -p ${stateDir}
touch ${keyFile}
chmod 0640 ${keyFile}
chown chrony:chrony ${stateDir} ${keyFile}
'';
preStart = ''
mkdir -m 0755 -p ${stateDir}
touch ${keyFile}
chmod 0640 ${keyFile}
chown chrony:chrony ${stateDir} ${keyFile}
'';

serviceConfig =
{ ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}";
{ Type = "forking";
ExecStart = "${pkgs.chrony}/bin/chronyd ${chronyFlags}";

ProtectHome = "yes";
ProtectSystem = "full";
PrivateTmp = "yes";

ConditionCapability = "CAP_SYS_TIME";
};
};

};

}
29 changes: 1 addition & 28 deletions nixos/tests/acme.nix
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,5 @@
let
commonConfig = { lib, nodes, ... }: {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];

nixpkgs.overlays = lib.singleton (self: super: {
cacert = super.cacert.overrideDerivation (drv: {
installPhase = (drv.installPhase or "") + ''
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
>> "$out/etc/ssl/certs/ca-bundle.crt"
'';
});

# Override certifi so that it accepts fake certificate for Let's Encrypt
# Need to override the attribute used by simp_le, which is python3Packages
python3Packages = (super.python3.override {
packageOverrides = lib.const (pysuper: {
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
postPatch = (attrs.postPatch or "") + ''
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
> certifi/cacert.pem
'';
});
});
}).pkgs;
});
};

commonConfig = ./common/letsencrypt/common.nix;
in import ./make-test.nix {
name = "acme";

27 changes: 27 additions & 0 deletions nixos/tests/common/letsencrypt/common.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
{ lib, nodes, ... }: {
networking.nameservers = [
nodes.letsencrypt.config.networking.primaryIPAddress
];

nixpkgs.overlays = lib.singleton (self: super: {
cacert = super.cacert.overrideDerivation (drv: {
installPhase = (drv.installPhase or "") + ''
cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \
>> "$out/etc/ssl/certs/ca-bundle.crt"
'';
});

# Override certifi so that it accepts fake certificate for Let's Encrypt
# Need to override the attribute used by simp_le, which is python3Packages
python3Packages = (super.python3.override {
packageOverrides = lib.const (pysuper: {
certifi = pysuper.certifi.overridePythonAttrs (attrs: {
postPatch = (attrs.postPatch or "") + ''
cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \
> certifi/cacert.pem
'';
});
});
}).pkgs;
});
}
33 changes: 0 additions & 33 deletions pkgs/applications/altcoins/dapp.nix
View file

This file was deleted.

6 changes: 0 additions & 6 deletions pkgs/applications/altcoins/default.nix
View file
Original file line number Diff line number Diff line change
@@ -50,7 +50,6 @@ rec {
dogecoin = callPackage ./dogecoin.nix { boost = boost165; withGui = true; };
dogecoind = callPackage ./dogecoin.nix { boost = boost165; withGui = false; };

ethsign = callPackage ./ethsign { };

freicoin = callPackage ./freicoin.nix { boost = boost155; };
go-ethereum = callPackage ./go-ethereum.nix {
@@ -78,11 +77,6 @@ rec {
namecoind = callPackage ./namecoin.nix { withGui = false; };

ethabi = callPackage ./ethabi.nix { };
ethrun = callPackage ./ethrun.nix { };
seth = callPackage ./seth.nix { };
dapp = callPackage ./dapp.nix { };

hevm = (haskellPackages.callPackage ./hevm.nix {});

stellar-core = callPackage ./stellar-core.nix { };

26 changes: 0 additions & 26 deletions pkgs/applications/altcoins/ethrun.nix
View file

This file was deleted.

60 changes: 0 additions & 60 deletions pkgs/applications/altcoins/ethsign/default.nix
View file

This file was deleted.

62 changes: 0 additions & 62 deletions pkgs/applications/altcoins/hevm.nix
View file

This file was deleted.

Loading