New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[18.09] python.pkgs.construct: 2.8.16 -> 2.9.45 #49154
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Critical security update (CVE-2018-16737, CVE-2018-16738, CVE-2018-16758) (cherry picked from commit 15a190e)
snapshot.debian.org actually keeps track of all of the updates as they come in rather than doing arbitrary (?) snapshots. (cherry picked from commit 9cc18fa)
When logging into a container by using nixos-container root-login all nix-related commands in the container would fail, as they tried to modify the nix db and nix store, which are mounted read-only in the container. We want nixos-container to not try to modify the nix store at all, but instead delegate any build commands to the nix daemon of the host operating system. This already works for non-root users inside a nixos-container, as it doesn't 'own' the nix-store, and thus defaults to talking to the daemon socket at /nix/var/nix/daemon-socket/, which is bind-mounted to the host daemon-socket, causing all nix commands to be delegated to the host. However, when we are the root user inside the container, we have the same uid as the nix store owner, eventhough it's not actually the same root user (due to user namespaces). Nix gets confused, and is convinced it's running in single-user mode, and tries to modify the nix store directly instead. By setting `NIX_REMOTE=daemon` in `/etc/profile`, we force nix to operate in multi-user mode, so that it will talk to the host daemon instead, which will modify the nix store for the container. This fixes NixOS#40355 (cherry picked from commit 3624bb5)
(cherry picked from commit 0668906)
(cherry picked from commit 844bcbd)
I'm not entirely sure what's going on here. The exact same code works on master.
(cherry picked from commit 2f7c242)
Included changes: * upstream repository has moved, URLs changed accordingly * journaldriver bumped to new upstream release The new release includes an important workaround for an issue that could cause log-forwarding to fail after service restarts due to invalid journal cursors being persisted. (cherry picked from commit 5ead273) backported because of moved upstream repo
This seems to cause problems if people have other display-managers enabled (cherry picked from commit 5a752ad)
The previous tentative to the fix got the order mixed up a bit. This new fix has been re-verified to get them in the good order as per the instructions in the following chapters. (cherry picked from commit 467bec3)
This reduces gitFull's closure size from 412 MiB to 271 MiB. (cherry picked from commit 7b9c495)
nfs-utils had a dependency on gcc through etc/systemd/system-generators/*-server-generator. It was not stripped correctly because it’s not in an expected path. This adds it to the strip list. (cherry picked from commit 1427c50)
This removed glibc.dev from the closure and improves binary reproducibility. (cherry picked from commit 1eff910)
This shrank my system closure by about 192 MiB. (cherry picked from commit 9bbd4f6)
This reduces the closure size from 1689 MiB to 425 MiB. (cherry picked from commit 2be4295)
(cherry picked from commit c8a2533)
This prevents a runtime dependency on a large number of -dev outputs. (cherry picked from commit a3382a8)
(cherry picked from commit 13c1f26)
(cherry picked from commit cd3a0b7)
[18.09] net_snmp: fix CVE-2018-18065
(cherry picked from commit 908a75a)
(cherry picked from commit 998d4e4)
(cherry picked from commit d837338)
…ixOS#45574 (cherry picked from commit 0083ca1)
Fixes runtime error: GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported (cherry picked from commit c047572)
Changelog: https://help.resilio.com/hc/en-us/articles/206216855-Sync-2-x-change-log (cherry picked from commit 632ae05)
dywedir
removed request for
ryantm,
peti,
edwtjo,
Mic92,
ttuegel,
basvandijk,
LnL7,
Ericson2314,
edolstra,
nbp and
FRidh
October 26, 2018 17:46
dywedir
removed
2.status: merge conflict
6.topic: emacs
6.topic: erlang
6.topic: GNOME
GNOME desktop environment and its underlying platform
6.topic: golang
6.topic: haskell
6.topic: nixos
6.topic: printing
6.topic: python
6.topic: qt/kde
6.topic: ruby
6.topic: rust
6.topic: stdenv
Standard environment
6.topic: vim
6.topic: xfce
The Xfce Desktop Environment
8.has: changelog
8.has: documentation
8.has: module (update)
labels
Oct 26, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
This should have been cherry-picked into 18.09 imho.
Construct 2.9 was released in January 2018 and brings a couple of neat improvements.
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)