-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport 346200 to release 24.05 #346433
Closed
MarcelCoding
wants to merge
5,461
commits into
NixOS:master
from
MarcelCoding:backport-346200-to-release-24.05
Closed
Backport 346200 to release 24.05 #346433
MarcelCoding
wants to merge
5,461
commits into
NixOS:master
from
MarcelCoding:backport-346200-to-release-24.05
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…24-09-02 (cherry picked from commit f8a752f)
(cherry picked from commit a597aac)
(cherry picked from commit 9f3c106)
(cherry picked from commit f24fd1b)
…24-02-23 -> 0-unstable-2024-09-02 (NixOS#342958)
smartctl_exporter already runs with SupplementaryGroups "disk", which gives full access to SATA drives, but NVMe devices are owned by root:root, resulting in no access: [...] msg="Smartctl open device: /dev/nvme0 failed: Permission denied" This patch introduces a "smartctl-exporter-access" supplementary group, and an udev rule with setfacl to give the exporter access to NVMe drives, without changing the base root:root ownership. Fixes NixOS#210041 (cherry picked from commit 86a6ef5)
(cherry picked from commit cf71c1d)
(cherry picked from commit 14dec03)
(cherry picked from commit 1389dc9)
Follow up to NixOS#342584. Similarly to that PR, it is surprising that software which was installed by the user isn't available to a script run over ssm by default. When executing commands with ssm, users will now have more predictable access to baked-in software instead of an extremely bare-minimum set currently there. (cherry picked from commit 7547a1f)
It is surprising that software which was installed by the user at AMI generation time isn't available to a script run over user data by default. When authoring user data to execute at startup, users will now have more predictable access to baked-in software instead of an extremely bare-minimum set currently there. (cherry picked from commit 76b614b)
https://blog.torproject.org/new-release-tor-browser-1354/ (cherry picked from commit 9366f2b)
https://github.com/envoyproxy/envoy/releases/tag/v1.30.6 CVE-2024-45808: Malicious log injection via access logs CVE-2024-45806: Potential manipulate x-envoy headers from external sources CVE-2024-45809: Jwt filter crash in the clear route cache with remote JWKs CVE-2024-45810: Envoy crashes for LocalReply in http async client
(cherry picked from commit ff4117b)
Diff: NixOS/nix@2.24.6...2.24.7 (cherry picked from commit 1517e22)
Diff: NixOS/nix@2.18.5...2.18.7 (cherry picked from commit 9d6e0fc)
Diff: NixOS/nix@b9d3cdf...ca3fc16 (cherry picked from commit 4976e15)
- rcu uses requireFile as src, so it cannot be built on Hydra (cherry picked from commit fe0a550)
This update cannot be done by the nixpkgs bot, as the structure of the project has been changed, so why wait. The mautrix-meta project has been moved under "cmd/mautrix-meta" There is also "cmd/lscli", but since this package is mainly about mautrix-meta, I think we can stay with this specific cmd. If we wanted, we could switch to both of them by removing this `subPackages` attribute. (cherry picked from commit 9ef2c90)
Based on 2641d97, to allow easier backporting.
github-actions
bot
added
6.topic: emacs
6.topic: printing
6.topic: rust
6.topic: policy discussion
6.topic: golang
6.topic: ruby
6.topic: vim
6.topic: ocaml
6.topic: fetch
6.topic: steam
6.topic: stdenv
Standard environment
6.topic: nodejs
6.topic: pantheon
The Pantheon desktop environment
6.topic: TeX
Issues regarding texlive and TeX in general
6.topic: lua
6.topic: testing
Tooling for automated testing of packages and modules
6.topic: systemd
6.topic: LXQt
The Lightweight Qt Desktop Environment
6.topic: vscode
6.topic: flakes
The experimental Nix feature
6.topic: lib
The Nixpkgs function library
6.topic: jupyter
Interactive computing tooling: kernels, notebook, jupyterlab
6.topic: julia
6.topic: php
8.has: maintainer-list (update)
6.topic: k3s
6.topic: llvm/clang
Issues related to llvmPackages, clangStdenv and related
6.topic: dotnet
Language: .NET
labels
Oct 4, 2024
Mass ping |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
6.topic: dotnet
Language: .NET
6.topic: emacs
6.topic: fetch
6.topic: flakes
The experimental Nix feature
6.topic: GNOME
GNOME desktop environment and its underlying platform
6.topic: golang
6.topic: haskell
6.topic: julia
6.topic: jupyter
Interactive computing tooling: kernels, notebook, jupyterlab
6.topic: k3s
6.topic: kernel
6.topic: lib
The Nixpkgs function library
6.topic: llvm/clang
Issues related to llvmPackages, clangStdenv and related
6.topic: lua
6.topic: LXQt
The Lightweight Qt Desktop Environment
6.topic: nixos
6.topic: nodejs
6.topic: ocaml
6.topic: pantheon
The Pantheon desktop environment
6.topic: php
6.topic: policy discussion
6.topic: printing
6.topic: python
6.topic: qt/kde
6.topic: ruby
6.topic: rust
6.topic: stdenv
Standard environment
6.topic: steam
6.topic: systemd
6.topic: testing
Tooling for automated testing of packages and modules
6.topic: TeX
Issues regarding texlive and TeX in general
6.topic: vim
6.topic: vscode
8.has: changelog
8.has: documentation
8.has: maintainer-list (update)
8.has: module (update)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.