Loading nixos/modules/system/boot/systemd.nix +1 −1 Original line number Diff line number Diff line Loading @@ -53,7 +53,7 @@ let "systemd-udevd-kernel.socket" "systemd-udevd.service" "systemd-udev-settle.service" ] ++ (optional (!config.boot.isContainer) "systemd-udev-trigger.service") ++ [ ] ++ (optional (!config.boot.isContainer || config.virtualisation.lxc.nestedContainer) "systemd-udev-trigger.service") ++ [ # hwdb.bin is managed by NixOS # "systemd-hwdb-update.service" Loading nixos/modules/virtualisation/lxc-container.nix +10 −9 Original line number Diff line number Diff line Loading @@ -9,15 +9,16 @@ in { options = { virtualisation.lxc = { privilegedContainer = lib.mkOption { type = lib.types.bool; default = false; description = lib.mdDoc '' nestedContainer = lib.mkEnableOption (lib.mdDoc '' Whether this container is configured as a nested container. On LXD containers this is recommended for all containers and is enabled with `security.nesting = true`. ''); privilegedContainer = lib.mkEnableOption (lib.mdDoc '' Whether this LXC container will be running as a privileged container or not. If set to `true` then additional configuration will be applied to the `systemd` instance running within the container as recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/). ''; }; ''); }; }; Loading pkgs/applications/networking/browsers/chromium/common.nix +10 −4 Original line number Diff line number Diff line Loading @@ -250,14 +250,20 @@ let fi done if [[ -e native_client/SConstruct ]]; then # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" "" fi if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \ --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" fi if [ -e third_party/webgpu-cts/src/tools/run_deno ]; then chmod -x third_party/webgpu-cts/src/tools/run_deno fi if [ -e third_party/dawn/third_party/webgpu-cts/tools/run_deno ]; then chmod -x third_party/dawn/third_party/webgpu-cts/tools/run_deno fi # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ Loading pkgs/applications/networking/browsers/chromium/default.nix +5 −5 Original line number Diff line number Diff line Loading @@ -6,10 +6,12 @@ , libva, pipewire, wayland , gcc, nspr, nss, runCommand , lib, libkrb5 , electron-source # for warnObsoleteVersionConditional # package customization # Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper) , channel ? "stable" , upstream-info ? (import ./upstream-info.nix).${channel} , proprietaryCodecs ? true , enableWideVine ? false , ungoogled ? false # Whether to build chromium or ungoogled-chromium Loading @@ -28,14 +30,12 @@ let llvmPackages_attrName = "llvmPackages_16"; stdenv = pkgs.${llvmPackages_attrName}.stdenv; upstream-info = (import ./upstream-info.nix).${channel}; # Helper functions for changes that depend on specific versions: warnObsoleteVersionConditional = min-version: result: let ungoogled-version = (import ./upstream-info.nix).ungoogled-chromium.version; let min-supported-version = (lib.head (lib.attrValues electron-source)).unwrapped.info.chromium.version; in lib.warnIf (lib.versionAtLeast ungoogled-version min-version) "chromium: ungoogled version ${ungoogled-version} is newer than a conditional bounded at ${min-version}. You can safely delete it." (lib.versionAtLeast min-supported-version min-version) "chromium: min-supported-version ${min-supported-version} is newer than a conditional bounded at ${min-version}. You can safely delete it." result; chromiumVersionAtLeast = min-version: let result = lib.versionAtLeast upstream-info.version min-version; Loading pkgs/applications/networking/cluster/helm/default.nix +3 −3 Original line number Diff line number Diff line Loading @@ -2,15 +2,15 @@ buildGoModule rec { pname = "kubernetes-helm"; version = "3.12.2"; version = "3.13.0"; src = fetchFromGitHub { owner = "helm"; repo = "helm"; rev = "v${version}"; sha256 = "sha256-nUkUb41UX9kCIjBrz3AMnaHZSgNoEc+lS6J8Edy6lVA="; sha256 = "sha256-/czguDCjnQPO4bcWa9Idl9U3yzFDxL7D4P/Ia7ZzMXE="; }; vendorHash = "sha256-4NsGosKFyl3T3bIndYRP0hhJQ5oj6KuSv4kYH9b83WE="; vendorHash = "sha256-ba5ZUpV8QHn8T1mXxY5WB0pA1OGUzmNixtwwTQFrqb4="; subPackages = [ "cmd/helm" ]; ldflags = [ Loading Loading
nixos/modules/system/boot/systemd.nix +1 −1 Original line number Diff line number Diff line Loading @@ -53,7 +53,7 @@ let "systemd-udevd-kernel.socket" "systemd-udevd.service" "systemd-udev-settle.service" ] ++ (optional (!config.boot.isContainer) "systemd-udev-trigger.service") ++ [ ] ++ (optional (!config.boot.isContainer || config.virtualisation.lxc.nestedContainer) "systemd-udev-trigger.service") ++ [ # hwdb.bin is managed by NixOS # "systemd-hwdb-update.service" Loading
nixos/modules/virtualisation/lxc-container.nix +10 −9 Original line number Diff line number Diff line Loading @@ -9,15 +9,16 @@ in { options = { virtualisation.lxc = { privilegedContainer = lib.mkOption { type = lib.types.bool; default = false; description = lib.mdDoc '' nestedContainer = lib.mkEnableOption (lib.mdDoc '' Whether this container is configured as a nested container. On LXD containers this is recommended for all containers and is enabled with `security.nesting = true`. ''); privilegedContainer = lib.mkEnableOption (lib.mdDoc '' Whether this LXC container will be running as a privileged container or not. If set to `true` then additional configuration will be applied to the `systemd` instance running within the container as recommended by [distrobuilder](https://linuxcontainers.org/distrobuilder/introduction/). ''; }; ''); }; }; Loading
pkgs/applications/networking/browsers/chromium/common.nix +10 −4 Original line number Diff line number Diff line Loading @@ -250,14 +250,20 @@ let fi done if [[ -e native_client/SConstruct ]]; then # Required for patchShebangs (unsupported interpreter directive, basename: invalid option -- '*', etc.): substituteInPlace native_client/SConstruct --replace "#! -*- python -*-" "" fi if [ -e third_party/harfbuzz-ng/src/src/update-unicode-tables.make ]; then substituteInPlace third_party/harfbuzz-ng/src/src/update-unicode-tables.make \ --replace "/usr/bin/env -S make -f" "/usr/bin/make -f" fi if [ -e third_party/webgpu-cts/src/tools/run_deno ]; then chmod -x third_party/webgpu-cts/src/tools/run_deno fi if [ -e third_party/dawn/third_party/webgpu-cts/tools/run_deno ]; then chmod -x third_party/dawn/third_party/webgpu-cts/tools/run_deno fi # We want to be able to specify where the sandbox is via CHROME_DEVEL_SANDBOX substituteInPlace sandbox/linux/suid/client/setuid_sandbox_host.cc \ Loading
pkgs/applications/networking/browsers/chromium/default.nix +5 −5 Original line number Diff line number Diff line Loading @@ -6,10 +6,12 @@ , libva, pipewire, wayland , gcc, nspr, nss, runCommand , lib, libkrb5 , electron-source # for warnObsoleteVersionConditional # package customization # Note: enable* flags should not require full rebuilds (i.e. only affect the wrapper) , channel ? "stable" , upstream-info ? (import ./upstream-info.nix).${channel} , proprietaryCodecs ? true , enableWideVine ? false , ungoogled ? false # Whether to build chromium or ungoogled-chromium Loading @@ -28,14 +30,12 @@ let llvmPackages_attrName = "llvmPackages_16"; stdenv = pkgs.${llvmPackages_attrName}.stdenv; upstream-info = (import ./upstream-info.nix).${channel}; # Helper functions for changes that depend on specific versions: warnObsoleteVersionConditional = min-version: result: let ungoogled-version = (import ./upstream-info.nix).ungoogled-chromium.version; let min-supported-version = (lib.head (lib.attrValues electron-source)).unwrapped.info.chromium.version; in lib.warnIf (lib.versionAtLeast ungoogled-version min-version) "chromium: ungoogled version ${ungoogled-version} is newer than a conditional bounded at ${min-version}. You can safely delete it." (lib.versionAtLeast min-supported-version min-version) "chromium: min-supported-version ${min-supported-version} is newer than a conditional bounded at ${min-version}. You can safely delete it." result; chromiumVersionAtLeast = min-version: let result = lib.versionAtLeast upstream-info.version min-version; Loading
pkgs/applications/networking/cluster/helm/default.nix +3 −3 Original line number Diff line number Diff line Loading @@ -2,15 +2,15 @@ buildGoModule rec { pname = "kubernetes-helm"; version = "3.12.2"; version = "3.13.0"; src = fetchFromGitHub { owner = "helm"; repo = "helm"; rev = "v${version}"; sha256 = "sha256-nUkUb41UX9kCIjBrz3AMnaHZSgNoEc+lS6J8Edy6lVA="; sha256 = "sha256-/czguDCjnQPO4bcWa9Idl9U3yzFDxL7D4P/Ia7ZzMXE="; }; vendorHash = "sha256-4NsGosKFyl3T3bIndYRP0hhJQ5oj6KuSv4kYH9b83WE="; vendorHash = "sha256-ba5ZUpV8QHn8T1mXxY5WB0pA1OGUzmNixtwwTQFrqb4="; subPackages = [ "cmd/helm" ]; ldflags = [ Loading
![github-actions[bot]'s avatar](https://secure.gravatar.com/avatar/e7cd911927c7d1acf6281b69d385990d8fadcd26871048bbcdbff2e88da7f607?s=48&d=identicon "github-actions[bot]")