Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3df56e998225
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: c3cc7034e256
Choose a head ref
  • 19 commits
  • 17 files changed
  • 11 contributors

Commits on Jun 30, 2019

  1. consul: 1.4.2 -> 1.4.4

    @nh2
    nh2 committed Jun 30, 2019
    Copy the full SHA
    c7876f1 View commit details

  2. consul: 1.4.4 -> 1.5.2

    @nh2
    nh2 committed Jun 30, 2019
    Copy the full SHA
    361e262 View commit details

  3. manual: Add consul upgrade notes

    @nh2
    nh2 committed Jun 30, 2019
    Copy the full SHA
    9d17e5e View commit details

Commits on Jul 4, 2019

  1. pythonPackages.websocket_client: 0.54.0 -> 0.56.0 and fix directory

    Jonathan Ringer committed Jul 4, 2019
    Copy the full SHA
    febf826 View commit details

  2. pythonPackages.praw: 6.0.0 -> 6.3.1

    Jonathan Ringer committed Jul 4, 2019
    Copy the full SHA
    9ed3fcc View commit details

  3. astor: 0.7.1 -> 0.8.0

    @tadeokondrak
    tadeokondrak committed Jul 4, 2019
    Copy the full SHA
    2b5b849 View commit details

  4. hy: 0.16.0 -> 0.17.0

    @tadeokondrak
    tadeokondrak committed Jul 4, 2019
    Copy the full SHA
    a1801ff View commit details

  5. php: drop 7.1 

    PHP 7.1 is currently on life support, as in only recieving security related patches.

This will only continue until: 2019-12-01

This date are in the middle of the 19.09 lifecycle. So it would be
nice to not have it in the 19.09 stable release. Dropping it now would
also result in less maintanance in updating them.

The death dates can be seen on following links:
 - https://endoflife.date/php
 - https://php.net/supported-versions.php
 - https://en.wikipedia.org/wiki/PHP#Release_history
    @etu
    etu committed Jul 4, 2019
    Copy the full SHA
    80c7463 View commit details

  6. Merge pull request #62901 from etu/drop-php71 

    php: drop 7.1
    @adisbladis
    adisbladis authored Jul 4, 2019
    Copy the full SHA
    e611200 View commit details

  7. Merge pull request #64277 from jonringer/update-praw 

    pythonPackages.praw: 6.0.0 -> 6.3.1
    @teto
    teto authored Jul 4, 2019
    Copy the full SHA
    e6b6815 View commit details

  8. nixos/iperf: add openFirewall setting 

    Opens the specified tcp port.
    @teto
    teto authored and Matthieu Coudron committed Jul 4, 2019
    Copy the full SHA
    2ebeba4 View commit details

  9. maintainers: add enorris

    @ericnorris
    ericnorris committed Jul 4, 2019
    Copy the full SHA
    d7bdab7 View commit details

  10. smimesign: init at v0.0.13

    @ericnorris
    ericnorris committed Jul 4, 2019
    Copy the full SHA
    de9bf55 View commit details

  11. Merge pull request #63954 from nh2/consul-1.5.2 

    consul: 1.4.2 -> 1.4.4 -> 1.5.2
    @danbst
    danbst authored Jul 4, 2019
    Copy the full SHA
    d0e3c02 View commit details

  12. Merge pull request #64294 from tadeokondrak/hy/update/0.17.0 

    hy: 0.16.0 -> 0.17.0
    @markuskowa
    markuskowa authored Jul 4, 2019
    Copy the full SHA
    9390903 View commit details

  13. Merge pull request #64163 from ericnorris/master 

    smimesign: init at v0.0.13
    @kalbasit
    kalbasit authored Jul 4, 2019
    Copy the full SHA
    6a6d115 View commit details

  14. nixos/malloc: use ld preload 

    This is more robust than setting via environment variable, though it does come
later in the load sequence.  An added benefit is affecting the current
session.
    @joachifm
    joachifm committed Jul 4, 2019
    Copy the full SHA
    44b6999 View commit details

  15. nixos/hardened: disable ftrace by default

    @joachifm
    joachifm committed Jul 4, 2019
    Copy the full SHA
    c233e24 View commit details

  16. nixos/hardened: harder inet defaults 

    See e.g., NixOS/nixpkgs#63768

Forwarding remains enabled for now, need to determine its effects on
virtualization, if any.
    @joachifm
    joachifm committed Jul 4, 2019
    Copy the full SHA
    c3cc703 View commit details
5 changes: 5 additions & 0 deletions maintainers/maintainer-list.nix
View file
Original file line number Diff line number Diff line change
@@ -1570,6 +1570,11 @@
github = "endgame";
name = "Jack Kelly";
};
enorris = {
name = "Eric Norris";
email = "erictnorris@gmail.com";
github = "ericnorris";
};
enzime = {
email = "enzime@users.noreply.github.com";
github = "enzime";
11 changes: 11 additions & 0 deletions nixos/doc/manual/release-notes/rl-1909.xml
View file
Original file line number Diff line number Diff line change
@@ -28,6 +28,11 @@
PHP now defaults to PHP 7.3, updated from 7.2.
</para>
</listitem>
<listitem>
<para>
PHP 7.1 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 19.09 release.
</para>
</listitem>
</itemizedlist>
</section>

@@ -285,6 +290,12 @@
<literal>buildRustPackage</literal> may have to be updated as well.
</para>
</listitem>
<listitem>
<para>
The <literal>consul</literal> package was upgraded past version <literal>1.5</literal>,
so its deprecated legacy UI is no longer available.
</para>
</listitem>
<listitem>
<para>
The default resample-method for PulseAudio has been changed from the upstream default <literal>speex-float-1</literal>
12 changes: 3 additions & 9 deletions nixos/modules/config/malloc.nix
View file
Original file line number Diff line number Diff line change
@@ -79,19 +79,13 @@ in
and/or service failure.
</para>
</warning>
<note>
<para>
Changing this option does not affect the current session.
</para>
</note>
'';
};
};

config = mkIf (cfg.provider != "libc") {
environment.variables.LD_PRELOAD = providerLibPath;
systemd.extraConfig = "DefaultEnvironment=\"LD_PRELOAD=${providerLibPath}\"";
systemd.user.extraConfig = "DefaultEnvironment=\"LD_PRELOAD=${providerLibPath}\"";
environment.etc."ld-nix.so.preload".text = ''
${providerLibPath}
'';
};
}
33 changes: 33 additions & 0 deletions nixos/modules/profiles/hardened.nix
View file
Original file line number Diff line number Diff line change
@@ -89,4 +89,37 @@ with lib;
#
# The value is taken from the KSPP recommendations (Debian uses 4096).
boot.kernel.sysctl."vm.mmap_min_addr" = mkDefault 65536;

# Disable ftrace debugging
boot.kernel.sysctl."kernel.ftrace_enabled" = mkDefault false;

# Enable reverse path filtering (that is, do not attempt to route packets
# that "obviously" do not belong to the iface's network; dropped packets are
# logged as martians).
boot.kernel.sysctl."net.ipv4.conf.all.log_martians" = mkDefault true;
boot.kernel.sysctl."net.ipv4.conf.all.rp_filter" = mkDefault true;
boot.kernel.sysctl."net.ipv4.conf.default.log_martians" = mkDefault true;
boot.kernel.sysctl."net.ipv4.conf.default.rp_filter" = mkDefault true;

# Ignore broadcast ICMP (mitigate SMURF)
boot.kernel.sysctl."net.ipv4.icmp_echo_ignore_broadcasts" = mkDefault true;

# Ignore route information from sender
boot.kernel.sysctl."net.ipv4.conf.all.accept_source_route" = mkDefault false;
boot.kernel.sysctl."net.ipv4.conf.default.accept_source_route" = mkDefault false;
boot.kernel.sysctl."net.ipv6.conf.all.accept_source_route" = mkDefault false;
boot.kernel.sysctl."net.ipv6.conf.default.accept_source_route" = mkDefault false;

# Ignore incoming ICMP redirects (note: default is needed to ensure that the
# setting is applied to interfaces added after the sysctls are set)
boot.kernel.sysctl."net.ipv4.conf.all.accept_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv4.conf.all.secure_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv4.conf.default.accept_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv4.conf.default.secure_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv6.conf.all.accept_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv6.conf.default.accept_redirects" = mkDefault false;

# Ignore outgoing ICMP redirects (this is ipv4 only)
boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false;
boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false;
}
10 changes: 10 additions & 0 deletions nixos/modules/services/networking/iperf3.nix
View file
Original file line number Diff line number Diff line change
@@ -19,6 +19,11 @@ let
default = null;
description = "Bind to the specific interface associated with the given address.";
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Open ports in the firewall for iperf3.";
};
verbose = mkOption {
type = types.bool;
default = false;
@@ -52,6 +57,11 @@ let
};

imp = {

networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};

systemd.services.iperf3 = {
description = "iperf3 daemon";
unitConfig.Documentation = "man:iperf3(1) https://iperf.fr/iperf-doc.php";
31 changes: 11 additions & 20 deletions pkgs/development/interpreters/hy/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,14 @@
{ stdenv, fetchurl, fetchpatch, pythonPackages }:
{ stdenv, fetchurl, pythonPackages }:

pythonPackages.buildPythonApplication rec {
name = "hy-${version}";
version = "0.16.0";
pname = "hy";
version = "0.17.0";

src = fetchurl {
url = "mirror://pypi/h/hy/${name}.tar.gz";
sha256 = "00lq38ppikrpyw38fn5iy9iwrsamsv22507cp146dsjbzkwjpzrd";
src = pythonPackages.fetchPypi {
inherit pname version;
sha256 = "1gdbqsirsdxj320wnp7my5awzs1kfs6m4fqmkzbd1zd47qzj0zfi";
};

patches = [
(fetchpatch {
name = "bytecode-error-handling.patch";
url = "https://github.com/hylang/hy/commit/57326785b97b7b0a89f6258fe3d04dccdc06cfc0.patch";
sha256 = "1lxxs7mxbh0kaaa25b1pbqs9d8asyjnlf2n86qg8hzsv32jfcq92";
excludes = [ "AUTHORS" "NEWS.rst" ];
})
];

propagatedBuildInputs = with pythonPackages; [
appdirs
astor
@@ -27,11 +18,11 @@ pythonPackages.buildPythonApplication rec {
rply
];

meta = {
meta = with stdenv.lib; {
description = "A LISP dialect embedded in Python";
homepage = http://hylang.org/;
license = stdenv.lib.licenses.mit;
maintainers = [ stdenv.lib.maintainers.nixy ];
platforms = stdenv.lib.platforms.all;
homepage = "http://hylang.org/";
license = licenses.mit;
maintainers = with maintainers; [ nixy ];
platforms = platforms.all;
};
}
8 changes: 0 additions & 8 deletions pkgs/development/interpreters/php/default.nix
View file
Original file line number Diff line number Diff line change
@@ -253,14 +253,6 @@ let
};

in {
php71 = generic {
version = "7.1.30";
sha256 = "1czcf5qwk727sdzx5n4wvsxvl50jx6d5x8ws1dqx46fa9xvm0j36";

# https://bugs.php.net/bug.php?id=76826
extraPatches = optional stdenv.isDarwin ./php71-darwin-isfinite.patch;
};

php72 = generic {
version = "7.2.19";
sha256 = "16d0j0d4563bcrxlw5yysldscxpgyp917hmc4m4ys1zyfprv3l7b";
60 changes: 0 additions & 60 deletions pkgs/development/interpreters/php/php71-darwin-isfinite.patch
View file

This file was deleted.

4 changes: 2 additions & 2 deletions pkgs/development/python-modules/astor/default.nix
View file
Original file line number Diff line number Diff line change
@@ -2,11 +2,11 @@

buildPythonPackage rec {
pname = "astor";
version = "0.7.1";
version = "0.8.0";

src = fetchPypi {
inherit pname version;
sha256 = "95c30d87a6c2cf89aa628b87398466840f0ad8652f88eb173125a6df8533fb8d";
sha256 = "0qkq5bf13fqcwablg0nk7rx83izxdizysd42n26j5wbingcfx9ip";
};

# disable tests broken with python3.6: https://github.com/berkerpeksag/astor/issues/89
42 changes: 24 additions & 18 deletions pkgs/development/python-modules/praw/default.nix
View file
Original file line number Diff line number Diff line change
@@ -1,47 +1,53 @@
{ stdenv, buildPythonPackage, fetchFromGitHub
, requests, decorator, flake8, mock, six, update_checker, pytestrunner, prawcore
, pytest_3, betamax, betamax-serializers, betamax-matchers, requests_toolbelt
, betamax
, betamax-serializers
, betamax-matchers
, mock
, six
, pytestrunner
, prawcore
, pytest
, requests-toolbelt
, update_checker
, websocket_client
}:

buildPythonPackage rec {
pname = "praw";
version = "6.0.0";
version = "6.3.1";

src = fetchFromGitHub {
owner = "praw-dev";
repo = "praw";
rev = "v${version}";
sha256 = "0y6nyz8vf98gl1qfmnznv3dbvlbzdl6mz99vk673nyfn3hbs451i";
sha256 = "0by89aw7m803dvjcc33m9390msjm6v5v8g3k8ink9gfm421lw8ky";
};

postPatch = ''
# drop upper bound of prawcore requirement
sed -ri "s/'(prawcore >=.+), <.+'/'\1'/" setup.py
'';
nativeBuildInputs = [
pytestrunner
];

propagatedBuildInputs = [
requests
decorator
flake8
mock
six
update_checker
pytestrunner
prawcore
update_checker
websocket_client
];

checkInputs = [
pytest_3
betamax
betamax-serializers
betamax-matchers
requests_toolbelt
mock
pytest
requests-toolbelt
six
];

meta = with stdenv.lib; {
description = "Python Reddit API wrapper";
homepage = https://praw.readthedocs.org/;
license = licenses.gpl3;
homepage = "https://praw.readthedocs.org/";
license = licenses.bsd2;
platforms = platforms.all;
maintainers = with maintainers; [ ];
};
25 changes: 25 additions & 0 deletions pkgs/development/python-modules/websocket_client/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{ lib, buildPythonPackage, fetchPypi, isPy27
, six
, backports_ssl_match_hostname
}:

buildPythonPackage rec {
version = "0.56.0";
pname = "websocket_client";

src = fetchPypi {
inherit pname version;
sha256 = "0fpxjyr74klnyis3yf6m54askl0h5dchxcwbfjsq92xng0455m8z";
};

propagatedBuildInputs = [
six
] ++ lib.optional isPy27 backports_ssl_match_hostname;

meta = with lib; {
description = "Websocket client for python";
homepage = "https://github.com/websocket-client/websocket-client";
license = licenses.bsd3;
maintainers = with maintainers; [ ];
};
}
24 changes: 0 additions & 24 deletions pkgs/development/python-modules/websockets_client/default.nix
View file

This file was deleted.

Loading