Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update nixpkgs #764

Merged
merged 5 commits into from
Aug 10, 2023
Merged

Update nixpkgs #764

merged 5 commits into from
Aug 10, 2023

Conversation

dpausp
Copy link
Member

@dpausp dpausp commented Aug 8, 2023
edited
Loading

Update nixpkgs

Pull upstream NixOS changes, security fixes and package updates:

  • curl: apply patch for CVE-2023-32001
  • docker-compose: cherry-pick patches to fix starting containers using a local socket
  • github-runner: 2.306.0 -> 2.307.1
  • gitlab: 16.1.2 -> 16.1.3
  • grafana: 9.5.6 -> 9.5.7
  • imagemagick: 7.1.1-14 -> 7.1.1-15
  • linux: 6.1.41 -> 6.1.43
  • mastodon: 4.1.4 -> 4.1.6
  • matrix-synapse: 1.88.0 -> 1.89.0
  • nss_latest: 3.91 -> 3.92
  • openssl_3: apply patch for CVE-2023-2975
  • systemd: 253.5 -> 253.6

PL-131682

@flyingcircusio/release-managers

Release process

Impact:

  • [NixOS 23.05] This is the first update using the new maintenance code so machines will reboot to activate the changed kernel directly after the update has finished.

Changelog: (include changes from commit msg here)

Security implications

  • Security requirements defined? (WHERE)
    • pull in upstream security fixes regularly
  • Security requirements tested? (EVIDENCE)
    • automated tests still run, works on test VM and Gitlab staging VM (gitlab-runner is broken with docker there but this will be fixed soon. The problem already occurred after the previous nixpkgs update)
    • checked commit log for fixed CVEs and possible problems with updates, looked at synapse/upgrade.md, Grafana changelog

osnyx
osnyx reviewed Aug 8, 2023
View reviewed changes
update-nixpkgs.py Outdated Show resolved Hide resolved
@dpausp
update-nixpkgs: package-versions.json, pull origin before pushing
aee1090 
package-versions.json is now updated by the `fc-nixos` command
and there's also a standalone command `package-versions`.
Version changes are displayed but not used for creating the
commit msg, yet. The commit msg is still an excerpt from the upstream
commit messages.

PL-131682
@dpausp
Update important packages list
55bb3a3 
PL-131682
@dpausp
Update nixpkgs
7cdbe54 
Pull upstream NixOS changes, security fixes and package updates:

- curl: apply patch for CVE-2023-32001
- docker-compose: cherry-pick patches to fix starting containers using a local socket
- github-runner: 2.306.0 -> 2.307.1
- gitlab: 16.1.2 -> 16.1.3
- grafana: 9.5.6 -> 9.5.7
- imagemagick: 7.1.1-14 -> 7.1.1-15
- linux: 6.1.41 -> 6.1.43
- mastodon: 4.1.4 -> 4.1.6
- matrix-synapse: 1.88.0 -> 1.89.0
- nss_latest: 3.91 -> 3.92
- openssl_3: apply patch for CVE-2023-2975
- systemd: 253.5 -> 253.6

PL-131682
@dpausp
Update permitted openssl_1_1 version to v
b0b7079 
PL-131682
@dpausp
gitlab: remove service dependency override which is now upstream
8f1ba66 
PL-131682
@dpausp dpausp requested a review from osnyx August 9, 2023 20:49
@dpausp dpausp marked this pull request as ready for review August 9, 2023 20:49
@dpausp dpausp changed the title Pl 131682 update nixpkgs Update nixpkgs Aug 10, 2023
osnyx

This comment was marked as outdated.

Sign in to view

@dpausp dpausp merged commit ef0aecc into fc-23.05-dev Aug 10, 2023
1 check passed
@dpausp dpausp deleted the PL-131682-update-nixpkgs branch August 10, 2023 10:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@osnyx osnyx osnyx approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dpausp @osnyx