Commit Graph

164505 Commits

Author SHA1 Message Date
R. RyanTM
76e7572a1f vault: 1.0.0 -> 1.0.1 (#52664)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/vault/versions
2018-12-22 11:09:02 +01:00
Jörg Thalheim
ea10141de4
Merge pull request #52030 from r-ryantm/auto-update/redis
redis: 5.0.1 -> 5.0.3
2018-12-22 11:03:02 +01:00
Ivan Kozik
12dcd34097 pythonPackages.manhole: disable tests (#52666)
`python: process-tests: 1.2.1 -> 2.0.0` included the change
e6d4f4db27
which removed setup_coverage and thus broke manhole's tests.
2018-12-22 10:53:35 +01:00
Domen Kožar
2088ae10a3
jre: use adoptopenjdk-jre-bin on aarch 2018-12-22 09:15:51 +00:00
R. RyanTM
76c2f7129e wireguard-tools: 0.0.20181119 -> 0.0.20181218
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/wireguard-tools/versions
2018-12-22 01:12:34 -08:00
Izorkin
eaf136b6b8 unit: 1.6 -> 1.7 2018-12-22 11:23:38 +03:00
Jörg Thalheim
88fbb32522
pythonPackages.thumbor: 6.5.2 -> 6.6.0
now compatible with our pillow
2018-12-22 09:23:17 +01:00
worldofpeace
94af8ebde2 nixos/displayManager: only install wayland sessions if they exist in extraSessionFilePackages
Not everyone is using wayland just yet.
2018-12-22 01:15:09 -05:00
Jörg Thalheim
c485a491db
Merge pull request #52642 from freepotion/ivan-054-to-055
ivan: 054 -> 055
2018-12-22 07:04:08 +01:00
R. RyanTM
58452342fd zim: 0.68 -> 0.69
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/zim/versions
2018-12-21 21:58:48 -08:00
Jörg Thalheim
907e88c1d1
Merge pull request #52607 from lopsided98/python-sh-disable-tests
pythonPackages.sh: fix tests on Python 3.7
2018-12-22 06:53:08 +01:00
Will Dietz
fb60aedd7c nlohmann_json: 3.4.0 -> 3.5.0
https://github.com/nlohmann/json/releases/tag/v3.5.0
2018-12-21 22:58:17 -06:00
Franz Pletz
12e57cbb61
gitea: fix version in app 2018-12-22 04:33:16 +01:00
Dmitry Kalinkin
0d7546c0c2
Merge pull request #52623 from erictapen/pdfjs
qutebrowser: fix pdfjs
2018-12-21 22:18:47 -05:00
Franz Pletz
b35d93731d
Merge pull request #52646 from etu/update-gitea
gitea: 1.6.0 -> 1.6.2
2018-12-22 02:24:38 +00:00
Herwig Hochleitner
48d08bea5a emacsPackages: update elpa and org generated
cc @ttuegel
2018-12-22 02:46:43 +01:00
Samuel Dionne-Riel
1bfe8f189b nixos/release-combined.nix: makes aarch64-linux limited support
This is because it will not eval properly with `hydra-eval-jobs`.

```
$ ...hydra/result/bin/hydra-eval-jobs \
    --arg nixpkgs '{ outPath = ./.; revCount = 123; shortRev = "4567"; }' \
    -I "$PWD" \
    nixos/release-combined.nix
```

It fails with:

```
Too many heap sections: Increase MAXHINCR or MAX_HEAP_SECTS
```
2018-12-21 20:43:23 -05:00
Herwig Hochleitner
f097a16992 clojure: add $out/bin to wrapper PATH
without this, the `clj` command calls into system path, instead of its
own `clojure` command

cc @the-kenny
2018-12-22 02:41:42 +01:00
Samuel Dionne-Riel
16316a1288 nixos/release-combined.nix: Adds missing aarch64 constituents
This will block channel advancing, even if it is limited support.
2018-12-21 20:28:04 -05:00
Ben Wolsieffer
d08254f7ff pythonPackages.sh: disable failing tests on Darwin 2018-12-21 17:58:43 -05:00
Lorenzo Manacorda
b3fe6fb1c6 solc: 0.5.1 -> 0.5.2 2018-12-21 23:42:59 +01:00
Dmitry Kalinkin
62aea9510c
Merge pull request #51796 from bachp/dsview-0.99
dsview: init at 0.99
2018-12-21 17:40:40 -05:00
Michiel Leenaars
f3b3b66cc4 source-sans-pro: 2.010 -> 2.040 2018-12-21 23:37:43 +01:00
Tor Hedin Brønner
8ed71e836a
Merge pull request #51712 from dtzWill/fix/mercurial-zsh-completions
mercurial: install zsh completions
2018-12-21 23:23:39 +01:00
Elis Hirwing
a87fd222c8
gitea: 1.6.0 -> 1.6.2
Changelog: https://github.com/go-gitea/gitea/releases/tag/v1.6.1
Changelog: https://github.com/go-gitea/gitea/releases/tag/v1.6.2
2018-12-21 23:07:47 +01:00
Will Dietz
3ce8b3cb3b mercurial: fix bash completion, correct comment 2018-12-21 16:04:15 -06:00
Dmitry Kalinkin
284df60986
Merge pull request #51841 from veprbl/pr/pyjet_fix
pythonPackages.pyjet: fix for python37
2018-12-21 16:57:54 -05:00
Jan Tojnar
c2617a7130
purple-discord: Do not abuse DESTDIR 2018-12-21 21:54:35 +01:00
Jan Tojnar
578003af40
pidgin-mra: Do not abuse DESTDIR 2018-12-21 21:46:15 +01:00
Jan Tojnar
6a6c28c40d
pidgin-msn-pecan: do not abuse DESTDIR 2018-12-21 21:34:42 +01:00
Jörg Thalheim
c0611717dc
Merge pull request #52641 from lopsided98/uritemplate-merge
pythonPackages.uritemplate_py: remove
2018-12-21 21:24:52 +01:00
Free Potion
2b0699b2c4
ivan: 054 -> 055 2018-12-21 23:02:12 +03:00
Ben Wolsieffer
26869e7b31 pythonPackages.uritemplate_py: remove
This package is the same as uritemplate.
2018-12-21 14:41:39 -05:00
Jörg Thalheim
435ba2ba3a
Merge pull request #52631 from jlesquembre/clojure
clojure: 1.9.0.391 -> 1.10.0.403
2018-12-21 20:37:59 +01:00
Free Potion
0f25f590e8
boohu: 0.11.1 -> 0.12.0 2018-12-21 22:35:51 +03:00
Ben Wolsieffer
26fb110d81 pythonPackages.sh: fix tests on Python 3.7 2018-12-21 14:00:06 -05:00
Austin Seipp
814319f1ae nixpkgs/firecracker: init at 0.12.0
This currently uses a binary-only package, since building
jailer/firecracker all on their own is somewhat complex from my
attempts.

This will later be changed into a source-only build, ideally.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-12-21 11:17:01 -06:00
Florian Klink
3539f3875a release-notes/rl-1903: add security.googleOsLogin 2018-12-21 18:01:36 +01:00
Florian Klink
706efadcb6 nixos/modules/virtualisation/google-compute-config.nix: remove google-accounts-daemon
Use googleOsLogin for login instead.
This allows setting users.mutableUsers back to false, and to strip the
security.sudo.extraConfig.

security.sudo.enable is default anyhow, so we can remove that as well.
2018-12-21 17:52:37 +01:00
Florian Klink
0f46188ca1 nixos/tests: add google-oslogin test 2018-12-21 17:52:37 +01:00
Florian Klink
04f3562fc4 config.nsswitch: load cache_oslogin and oslogin nss modules if config.security.googleOsLogin.enable is set 2018-12-21 17:52:37 +01:00
Florian Klink
c6de45c0d7 config.security.googleOsLogin: add module
The OS Login package enables the following components:
AuthorizedKeysCommand to query valid SSH keys from the user's OS Login
profile during ssh authentication phase.
NSS Module to provide user and group information
PAM Module for the sshd service, providing authorization and
authentication support, allowing the system to use data stored in
Google Cloud IAM permissions to control both, the ability to log into
an instance, and to perform operations as root (sudo).
2018-12-21 17:52:37 +01:00
Florian Klink
be5ad774bf security.pam.services.<name?>.: add googleOsLogin(AccountVerification|Authentication) 2018-12-21 17:52:37 +01:00
Florian Klink
fb41136208 google-compute-engine-oslogin: init at 1.4.3 2018-12-21 17:52:37 +01:00
Florian Klink
9c86e8faf5
Merge pull request #52488 from flokli/pam_account_unix_required
security.pam: make pam_unix.so required, not sufficient
2018-12-21 17:49:19 +01:00
Alyssa Ross
a2eed09a8c
Merge pull request #52416 from alyssais/icu
icu63: init at 63.1
2018-12-21 16:07:40 +00:00
José Luis Lafuente
5d9d164c77
clojure: 1.9.0.391 -> 1.10.0.403 2018-12-21 17:03:48 +01:00
Mario Rodas
485bf85407
pyre: fix watchman references 2018-12-21 16:20:44 +01:00
Jörg Thalheim
594fd0ff6e
Merge pull request #52627 from vdemeester/52469-localtime-to-buildgopackage
localtime: migrate to using buildGoPackage
2018-12-21 15:32:49 +01:00
Florian Klink
d180bf3862 security.pam: make pam_unix.so required, not sufficient
Having pam_unix set to "sufficient" means early-succeeding account
management group, as soon as pam_unix.so is succeeding.

This is not sufficient. For example, nixos modules might install nss
modules for user lookup, so pam_unix.so succeeds, and we end the stack
successfully, even though other pam account modules might want to do
more extensive checks.

Other distros seem to set pam_unix.so to 'required', so if there are
other pam modules in that management group, they get a chance to do some
validation too.

For SSSD, @PsyanticY already added a workaround knob in
https://github.com/NixOS/nixpkgs/pull/31969, while stating this should
be the default anyway.

I did some thinking in what could break - after this commit, we require
pam_unix to succeed, means we require `getent passwd $username` to
return something.
This is the case for all local users due to the passwd nss module, and
also the case for all modules installing their nss module to
nsswitch.conf - true for ldap (if not explicitly disabled) and sssd.

I'm not so sure about krb5, cc @eqyiel for opinions. Is there some nss
module loaded? Should the pam account module be placed before pam_unix?

We don't drop the `security.pam.services.<name?>.sssdStrictAccess`
option, as it's also used some lines below to tweak error behaviour
inside the pam sssd module itself (by changing it's 'control' field).

This is also required to get admin login for Google OS Login working
(#51566), as their pam_oslogin_admin accounts module takes care of sudo
configuration.
2018-12-21 15:31:07 +01:00