staging-next 2023-03-16 #221461
Merged
staging-next 2023-03-16 #221461
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Expose a new `withLibidn2` flag (defauts to true for backwards compatibility) to be able to conditionally enable and disable integration with `libidn2`, which is used by the `systemd-network` and `systemd-resolved` to support internationalized domain names.
Expose a new `withAcl` flag (defaults to true for backwards compatibility) to be able to conditionally enable and disable an integration with `libacl` library, which is used by variety of systemd tools and daemon, e.g. `journald` will check ACLs in addition to regular permissions when accessing journal files and `systemd-nspawn` will update ACL entries when used with the `--private-users-chown` flag.
Expose a new `withAudit` flag (defaults to `true` for backwards compatibility) to be able to conditionally enable and disable an integration with the `libaudit` library, which is used to integrate with Linux Audit Framework for logging various security-relevant events.
Expose a new `withPam` option to allow enabling and disabling integration with PAM stack, including the `systemd-user-sessions` daemon and the associated `.service` file, as well as `pam_systemd.so` PAM module for integration with `systemd-logind` and user session registration with the systemd cgroup hierarchy.
Expose a new `withKmod` option to be able to enable and disable kmod integration, including the `systemd-modules-load` tool for automatic modules loading during the system boot sequence.
The `systemdMinimal` build is used purely for Udev and therefore does not require all the extra dependencies that are needed for normal operation. As more flags were exposed to allow disabling additional opional dependencies the `systemdMinimal` will now take advantage of those.
…trap-buildFlags-again
gcc/{11,12}: update buildFlags for `--disable-bootstrap` case
The tests are disabled when cross compiling. The effect of adding pythonRelaxDepsHook to check inputs is that it is skipped when cross compiling or when checks are disabled.
cargo-auditable: 0.6.0 -> 0.6.1
nodejs-18_x: 18.14.2 -> 18.15.0
sphinx-rtd-theme: fix missing docutils for cross compilation
compiler-rt has accumulated several regressions that prevent it from building on ARMv6. It is important to note that there are two major versions of ARMv6: base ARMv6 and ARMv6K. ARMv6K includes several important new instructions, such as non-word size atomic operations (ldrexd, strexd, etc.) and the yield instruction. Most ARMv6 CPUs actually implement ARMv6K, including all those used in Raspberry Pis, but nixpkgs' "raspberryPi" platform targets base ARMv6. compiler-rt versions 8-14 fail to build on ARMv6 and ARMv6K. compiler-rt 15 (not yet in nixpkgs) builds on ARMv6K but not ARMv6. This patch fixes versions 9-14 on both ARMv6 variants. The patches don't apply cleanly to version 8, and I figured it wasn't worth carrying another version of the patches for such an old version. A total of five patches are required to get compiler-rt building on ARMv6: * armv6-mcr-dmb.patch: use `mcr` to provide the equivalent of `dmb` on ARMv6. Included in LLVM 15. * armv6-sync-ops-no-thumb.patch: prevent certain atomic operation functions from using Thumb mode. Included in LLVM 15. * armv6-no-ldrexd-strexd.patch: don't use ldrexd or strexd, which are not available in base ARMv6. Submitted upstream by me. * armv6-scudo-no-yield.patch: use nop instead of yield on ARMv6 in standalone scudo. Required by versions >=13, since they enable standalone scudo. Submitted upstream by me. * armv6-scudo-libatomic.patch: link standlone scudo to libatomic on ARMv6 (and any other platforms that need it). Not yet submitted because the backport is a bit different from the upstream version and I need to test it.
libopenmpt: 0.6.8 -> 0.6.9
When PAM was made optional initially, we decided to keep it enabled for stage 1, but as was later pointed out during the code review it is unnecessary, because we never use PAM in stage 1, even in network-enabled stage 1 with OpenSSH we have `UsePAM` set to `no`, so disabling it now.
Systemd optional deps
This change adds an option to disable legacy BIOS boot support for ISO images. The implementation uses syslinux package that currently does not support non-x86 platforms and thus cannot be cross-compiled, e.g. from AArch64 system.
...into staging-next
libxcrypt: add -legacy variant
Fix for Fix for |
…th-bcrypt perlPackages.Plack: add patch to avoid DES encrypted passwords in tests
…DES encrypted passwords in tests
…reHtpasswd}: Fix libxcrypt DES ...into staging-next
This was referenced Mar 26, 2023
With our recent libxcrypt changes we don't support a lot of weak algorithms any longer, which made this test fail.
12 tasks
These are legacy ciphers, which we don't support any longer.
12 tasks
...into staging-next
...into staging-next
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Helpful links
https://hydra.nixos.org/job/nixpkgs/staging-next/unstable#tabs-constituents
https://hydra.nixos.org/job/nixos/staging-next-small/tested
https://hydra.nixos.org/jobset/nixpkgs/staging-next
https://hydra.nixos.org/jobset/nixos/staging-next-small
Mass breakages
perlPackages.Authen-Simplea973339 https://hydra.nixos.org/build/213019520dovecotdovecot: avoid testing DES-encrypted passwords #222022perlPackages.PlackperlPackages.Plack: add patch to avoid DES encrypted passwords in tests #223138patchelfStable.snappyon x86_64-darwin https://hydra.nixos.org/build/213305017 2a21328Fixes
Closes #222180