nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,011,408 Commits 355 Branches 81 Tags
master
Commit Graph

60991 Commits

Author SHA1 Message Date
Martin Weinelt
3993ad9cb1 varnish60: drop (#525499) 2026-06-01 00:32:56 +00:00
Michael Daniels
8ecef3c27f maintainers: drop ttuegel (#520887) 2026-06-01 00:26:10 +00:00
Defelo
d08ca95d4d nixos/tests/flap-alerted: init 2026-06-01 00:12:20 +02:00
Defelo
316a705cd7 nixos/flap-alerted: init module 2026-06-01 00:12:20 +02:00
Bobbe
42531a79bf klipper-flash: support can bus flashing via katapult 2026-05-31 23:32:04 +02:00
r-vdp
1ac3c5dc99 nixos/shadow: use file capabilities for newuidmap/newgidmap 
Writing a multi-line /proc/<pid>/[ug]id_map only requires
CAP_SETUID/CAP_SETGID over the parent user namespace, not full root.
shadow's own --with-fcaps install mode (70971457b761) sets exactly
cap_setuid+ep / cap_setgid+ep, and Arch, Fedora and Debian have shipped
these binaries with file capabilities instead of setuid for years.

The setuid variant already drops to the same single capability before
the uid_map write (see lib/idmapping.c), so the privilege at the point
attacker-controlled data reaches the kernel is unchanged. The reduction
is in the startup window: with file capabilities the process never has
euid 0 and never holds the full capability set during NSS lookups,
/etc/subuid parsing and /proc/<pid> opening.

The only functional difference is that mapping host uid 0 into a child
namespace additionally needs CAP_SETFCAP, which the setuid path got
implicitly. NixOS never puts uid 0 into auto-allocated subuid ranges,
and granting it manually is a deliberate root-equivalent configuration;
the release notes document the override for that case.

nixosTests.{shadow,podman,docker-rootless} pass; the latter two
exercise newuidmap/newgidmap via rootless containers.

Supersedes #461172.

Co-authored-by: Rasheeq Azad <rasheeqhere@gmail.com>
 2026-06-01 00:18:28 +03:00
Felix Bühler
54665733b5 nixos/docuseal: update extraConfig docs with link to upstream documentation (#525777) 2026-05-31 19:41:17 +00:00
Marcin Serwin
85ac6ca088 maintainers: drop ttuegel 
Signed-off-by: Marcin Serwin <marcin@serwin.dev>
 2026-05-31 20:27:39 +02:00
nixpkgs-ci[bot]
bbb5a121dc Merge master into staging-nixos 2026-05-31 18:26:58 +00:00
Sandro
e52ad6d686 nixos/gemstash: add package option (#392135) 2026-05-31 15:38:28 +00:00
Ramses
ea0723ecc7 kmscon: 9.3.5 -> 10.0.0, nixos/kmscon: RFC42 treatment (#520693) 2026-05-31 14:56:05 +00:00
dotlambda
652328185b python3Packages.insightface: 0.7.3 -> 1.0.1 (#525339) 2026-05-31 14:45:19 +00:00
Doron Behar
183cfa7156 python2: remove from top level, isolate to resholve (#516241) 2026-05-31 13:26:34 +00:00
Martin Weinelt
930dc971bf home-assistant: construct package set with overrideScope (#526304) 2026-05-31 12:59:31 +00:00
ccicnce113424
9b9e0a021a nixos/kmscon: RFC42 treatment, support version 10.0.0 
This commit includes changes from #483195, #523569, and #523955.
 2026-05-31 20:34:53 +08:00
nixpkgs-ci[bot]
9d49b3d150 Merge master into staging-nixos 2026-05-31 12:31:02 +00:00
Aliaksandr
e28fcb5f87 nixos/doc: note python2 removal in 26.11 release notes 2026-05-31 15:16:57 +03:00
Niklas Hambüchen
305115578d e57inspector: init at 0.3.1 (#518719) 2026-05-31 12:06:43 +00:00
Martin Weinelt
05c5c4ff32 home-assistant: construct package set with overrideScope 
No direct access to the unspliced `python.pkgs` any more, which should
improve cross compat.
 2026-05-31 13:44:33 +02:00
NotAShelf
7b7b68f76c nixos/iso-image: update comment to reflect systemd and scripted initrd paths 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iaaa48d692e400cf17e1ec7ad82e656716a6a6964
 2026-05-31 14:41:31 +03:00
NotAShelf
73882115c0 doc/rl-2605: document /dev/root unavailability with systemd stage 1 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: I25f6196bc5af3a6cadff1972c1ab1f9b6a6a6964
 2026-05-31 14:41:30 +03:00
r-vdp
dd0e79a002 nixos/tests/installer: fix clevis ZFS tests 
Follow-up to c5feb3c424 / #525613, which fixed zfsroot and
separateBootZfs after a2e55e31d6 flipped the default of
boot.zfs.forceImportRoot to false, but missed the clevis ZFS tests.
Without a matching hostId on the installer side, the target refuses to
import the pool ("pool was previously in use from another system").
 2026-05-31 14:15:04 +03:00
Kim Lindberger
c164d638c4 nixos/logrotate: Fix the config file check phase regex for create/createolddir (#525600) 2026-05-31 07:27:35 +00:00
nixpkgs-ci[bot]
cafbbb8d84 Merge master into staging-nixos 2026-05-31 07:21:14 +00:00
zowoq
1dfd9599a9 nixos/dhparams: remove (#524658) 2026-05-31 02:04:24 +00:00
nixpkgs-ci[bot]
76eff5fb5b Merge master into staging-nixos 2026-05-31 00:47:08 +00:00
Sandro
56a5446ae3 nixos/pangolin: render default settings in option search, disable sign up per default (#522041) 2026-05-30 22:09:37 +00:00
Asa Paparo
6e5b63357b nixos/etc: create uninitialized /etc/machine-id with readonly /etc/ 
This resolves #523878 where /etc/ is readonly and /etc/machine-id
cannot be created. Instead, /etc/machine-id is initialized to
"uninitialized" by systemd-tmpfiles in initrd and persisted in
/var/lib/nixos.
 2026-05-30 16:52:46 -05:00
rorosen
732b67fb80 rke2_1_36: init at 1.36.1+rke2r1 (#522596) 2026-05-30 21:33:21 +00:00
Ramses
82141a1cd5 nixos-rebuild-ng: add --elevate={sudo,run0} and polkit-stdin-agent (#512018) 2026-05-30 20:01:40 +00:00
Martin Weinelt
54288f108f nixos/home-assistant: open sonos component specific ports when in use and openFirewall is true (#497705) 2026-05-30 20:00:49 +00:00
nixpkgs-ci[bot]
6bc2984826 Merge master into staging-nixos 2026-05-30 18:25:33 +00:00
isabel
8f0089a920 tranquil-pds: init at 0.6.3, tranquil-pds-frontend: init at 0.6.3, nixos/tranquil-pds: init module; nixosTests.tranquil-pds: init (#525658) 2026-05-30 13:19:51 +00:00
nelind
46a9ac2071 nixosTests.tranquil-pds: init 2026-05-30 15:14:45 +02:00
nelind
564795482d nixos/tranquil-pds: init module 2026-05-30 15:14:45 +02:00
yaya
c6e2474b78 Release NixOS 26.05 2026-05-30 14:45:18 +02:00
yaya
2002ce930b Revert "Release 26.05" 
We messed up the commit message. This is too embarrassing to leave it
be. On a second thought, this commit message is even more embarrassing.
 2026-05-30 14:40:56 +02:00
Jo
6caa4224c6 Release 26.05 (#525937) 2026-05-30 14:34:02 +02:00
nixpkgs-ci[bot]
a22264c84b Merge master into staging-nixos 2026-05-30 12:27:45 +00:00
yaya
123a2dedb2 Release 26.05 2026-05-30 14:24:24 +02:00
yaya
97bc04fb44 doc/rl-2605: Move entries from nixpkgs to nixos doc 2026-05-30 13:45:42 +02:00
yaya
0f48c24eb5 doc/rl-2605: Move entries from nixos to nixpkgs doc 2026-05-30 13:45:42 +02:00
yaya
0264f06d5c doc/rl-2605: Fix broken links 2026-05-30 13:45:42 +02:00
yaya
f154bcae55 doc/rl-2605: Remove a note about headplane 
This is not a backwards incompatible change, as this module is being
introduced with NixOS 26.05.
 2026-05-30 13:45:42 +02:00
Yt
f80c483894 nixos/stalwart: Allow AF_UNIX address family for journal tracer (#525587) 2026-05-30 10:56:44 +00:00
Christian Flach
1859b4a89b nixos/opensnitch: link network_aliases.json to /etc/opensnitchd 
Without this file present, the built in "LAN" and "MULTICAST" network options provided in the UI do not work.

Fixes: #445086
 2026-05-30 11:22:41 +02:00
Jan Tojnar
c7c4ec30b6 libgdata: drop due to upstream archival (#525685) 2026-05-30 09:10:02 +00:00
nixpkgs-ci[bot]
87c84cce23 Merge master into staging-nixos 2026-05-30 00:43:25 +00:00
Jeremy Fleischman
ebbe530dcd nixos/docuseal: update extraConfig docs with link to upstream documentation 
It took me a while to find this page, I thought it would be nice to save
others some time.
 2026-05-29 16:49:04 -07:00
jonscoresby
3ec4b8f09e fulcrum: 1.12.0.1 -> 2.1.0 2026-05-30 01:15:45 +02:00