All 11 comments
DynamicUser option is interesting. That way we do not have to allocate users for services without persistent data.
Mic92
on 4 Nov 2016
@grahamc security, update, possibly mass-rebuild
spacekitteh
on 4 Nov 2016
@spacekitteh is there a security issue the update does address beside hardening?
Mic92
on 4 Nov 2016
@Mic92 CVE-2016-7795 CVE-2016-7796
spacekitteh
on 4 Nov 2016
I updated nixos patches to v232, built it, and running some tests locally now.
vcunat
on 5 Nov 2016
Sweet. I'll create a ticket to take advantage of the new features.
spacekitteh
on 5 Nov 2016
The simple nixpkgs part of the WIP: 0d3981941e6b8. I don't think I can really finish it anytime soon.
Many tests are failing with systemd-journald complaining Failed to create notify socket: Protocol not supported, maybe due to https://github.com/systemd/systemd/issues/4575. It's well possible some other problems are there as well, but some tests did succeed for me.
For now it might be best to find and apply security-only patches – we probably don't want systemd-232 in 16.09 anyway.
vcunat
on 6 Nov 2016
From 64-bit ones, tests.simple times out, for example, repeatedly spitting
node2# Error retrieving list of active machines: googleapi: Error 503: fleet server unable to communicate with etcd
It looks like a seccomp problem: https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1576066
spacekitteh
on 11 Nov 2016
@vcunat work-around seccomp bug for the moment: https://github.com/fbuihuu/systemd-opensuse-next/commit/e798dcbc24681f9516be4e18dfbe916cf9fa44bf
Mic92
on 13 Dec 2016
This is pushed to staging btw. (a38f1911d34f2a72e15d5e98d76bece6cb8042a8)
globin
on 29 Jan 2017
Related issues
retrry
路
3Comments
yawnt
路
3Comments
copumpkin
路
3Comments
vaibhavsagar
路
3Comments
ob7
路
3Comments
Most helpful comment
I updated nixos patches to v232, built it, and running some tests locally now.