From df0481276d935f47faf1c64fdf9b66f264074470 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 26 Mar 2016 22:53:41 +0100 Subject: openafsClient: 1.6.14 -> 1.6.17 According to the changelog, the delta between these versions contains fixes for several CVEs. See https://www.openafs.org/dl/openafs/1.6.17/RELNOTES-1.6.17 and https://www.openafs.org/dl/openafs/1.6.16/RELNOTES-1.6.16 and https://www.openafs.org/dl/openafs/1.6.15/RELNOTES-1.6.15 --- pkgs/servers/openafs-client/default.nix | 37 +++++++++++++-------------------- 1 file changed, 14 insertions(+), 23 deletions(-) (limited to 'pkgs/servers/openafs-client') diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix index 5d8e255f47f..a6581612e1d 100644 --- a/pkgs/servers/openafs-client/default.nix +++ b/pkgs/servers/openafs-client/default.nix @@ -1,27 +1,18 @@ { stdenv, fetchurl, fetchgit, which, autoconf, automake, flex, yacc, kernel, glibc, ncurses, perl, kerberos }: -let - version = if stdenv.lib.versionAtLeast kernel.version "4.2" - then "1.6.14-1-602130" - else "1.6.14"; -in -stdenv.mkDerivation { +stdenv.mkDerivation rec { name = "openafs-${version}-${kernel.version}"; + version = "1.6.17"; - src = if version == "1.6.14-1-602130" - # 1.6.14 + patches to run on linux 4.2 that will get into 1.6.15 - then fetchgit { - url = "git://git.openafs.org/openafs.git"; - rev = "feab09080ec050b3026eff966352b058e2c2295b"; - sha256 = "03j71c7y487jbjmm6ydr1hw38pf43j2dz153xknndf4x4v21nnp2"; - } - else fetchurl { - url = "http://www.openafs.org/dl/openafs/${version}/openafs-${version}-src.tar.bz2"; - sha256 = "3e62c798a7f982c4f88d85d32e46bee6a47848d207b1e318fe661ce44ae4e01f"; - }; + src = fetchurl { + url = "http://www.openafs.org/dl/openafs/${version}/openafs-${version}-src.tar.bz2"; + sha256 = "16532f4951piv1g2i539233868xfs1damrnxql61gjgxpwnklhcn"; + }; + + nativeBuildInputs = [ autoconf automake flex yacc perl which ]; - buildInputs = [ autoconf automake flex yacc ncurses perl which ]; + buildInputs = [ ncurses ]; preConfigure = '' ln -s "${kernel.dev}/lib/modules/"*/build $TMP/linux @@ -47,11 +38,11 @@ stdenv.mkDerivation { ) ''; - meta = { + meta = with stdenv.lib; { description = "Open AFS client"; - homepage = http://www.openafs.org; - license = stdenv.lib.licenses.ipl10; - platforms = stdenv.lib.platforms.linux; - maintainers = [ stdenv.lib.maintainers.z77z ]; + homepage = https://www.openafs.org; + license = licenses.ipl10; + platforms = platforms.linux; + maintainers = [ maintainers.z77z ]; }; } -- cgit 1.4.1 From b741198116cc7c6d3df5c38b8f4531069bdbb13d Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 26 Mar 2016 23:11:21 +0100 Subject: openafsClient: mark as broken on unsupported kernels Sandboxed builds against linux 3.14 and 4.4 fail; 3.18.29 and 4.3 succeed. From this, I conclude that 4.3 is the latest supported version, while the lower bound is set to the oldest kernel in nixpkgs >3.14 (the changelog does not indicate otherwise). It appears that openafs-client is simply incompatible with grsec; all hydra builds of openafs-client on grsec fail; local sandboxed builds against grsec with the most recent openafs-client also fail. --- pkgs/servers/openafs-client/default.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'pkgs/servers/openafs-client') diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix index a6581612e1d..abc6d78f20c 100644 --- a/pkgs/servers/openafs-client/default.nix +++ b/pkgs/servers/openafs-client/default.nix @@ -44,5 +44,9 @@ stdenv.mkDerivation rec { license = licenses.ipl10; platforms = platforms.linux; maintainers = [ maintainers.z77z ]; + broken = + (builtins.compareVersions kernel.version "3.18" == -1) || + (builtins.compareVersions kernel.version "4.4" != -1) || + (kernel.features.grsecurity or false); }; } -- cgit 1.4.1