krb5: 1.15.2 -> 1.17 #56182
krb5: 1.15.2 -> 1.17 #56182
Conversation
|
kerberos tests exist, not sure how to ask borg to run them (nixos/tests/kerberos/mit.nix ?). |
|
Staging changes will be probably too tough for Borg to complete. |
GrahamcOfBorg
added
10.rebuild-darwin-stdenv
|
BTW, for other cases see the Borg's README: https://github.com/NixOS/ofborg#test-added-2017-11-24 |
|
I checked |
|
Great, thank you! Running against it now, think this is good for staging
then! :)
…On Fri, 22 Feb 2019 02:27:04 -0800, Vladimír Čunát ***@***.***> wrote:
I checked `nixos.tests.kerberos.{mit,heimdal}.{x86_64,aarch64}-linux` atop c7a1b77.
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#56182 (comment) part: text/html
|
|
I just merged staging to -next and there are almost no binaries yet – if you think it's worth it, this could be merged directly there (but soon if so, like today). |
|
In particular, the next staging iteration might not make it to 19.03. |
|
I don't have strong feelings on this, perhaps best to wait.
The main reason this might be important for 19.03 is if it has
security fixes as well -- which would be grounds for
backporting post-branch anyway.
I know of a strong reason to push it through,
I'd vote for the conservative path for now
if I had to go one way or the other myself :).
…On Fri, 22 Feb 2019 09:03:17 -0800, Vladimír Čunát ***@***.***> wrote:
In particular, the next iteration might not make it to 19.03.
--
You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHub:
#56182 (comment) part: text/html
|
|
👍 let's wait, at least until we confirm there's something important in the changes. |
|
(19.03 has branched off) |
|
I'd like to advocate for backporting this to 19.03. I've got a mixed environment of machines running 19.03 (for some servers, including my KDC) and unstable (mostly for workstations). User auth is handled using keys and certificates on Yubikeys. In this environment, freshness tokens provide some significant additional security and I'd like to require them. However, I can't do that without having everything run 1.17 and I'd prefer not to move all my machines to unstable. I've successfully overridden just the kerberos packages in 19.03 and that seems to work but taking that approach requires a mass rebuild on every change to 19.03 because (I think) the curl in stdenv has a dependency on these libraries. |
krb5: 1.15.2 -> 1.17
Motivation for this change
Not sure why this is so far behind, bump to latest release.
Review/testing requested-- will be doing at least basic build testing
but help appreciated beyond that :).
Things done
sandboxinnix.confon non-NixOS)nix-shell -p nox --run "nox-review wip"./result/bin/)nix path-info -Sbefore and after)