summary refs log tree commit diff
path: root/nixos
Commit message (Collapse)AuthorAge
* Merge pull request #24304 from matklad/uefi-install-docsgoibhniu2017-03-25
|\ | | | | docs: clarify UEFI bootloader setup
| * docs: clarify UEFI bootloader setupAleksey Kladov2017-03-25
| |
* | channel.nix: Use filterSource to exclude unnecessary files from nixpkgsTuomas Tynkkynen2017-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, if you try to build a NixOS config including channel.nix, e.g.: nix-build -I nixpkgs=. -I nixos-config=nixos/modules/installer/cd-dvd/installation-cd-minimal.nix nixos -A config.system.build.isoImage twice in a row, you end up with two different build results. This is caused by the 'result' symlink of the first build affecting the channel contents of the second build. If we use filterSource with a predicate that ignores the 'result' symlinks, the problem is gone. Do the same thing for VIM/Emacs swap/backup files to avoid even more 'spurious' rebuilds. Additionally, filter out the '.git' directory at the same time, as we 'rm -rf' it from the result anyway. This avoids a considerable amount of unnecessary file I/O copying and deleting the .git directory.
* | Merge branch 'staging'Vladimír Čunát2017-03-24
|\ \ | |/ |/|
| * Merge branch 'master' into stagingVladimír Čunát2017-03-23
| |\
| * \ Merge remote-tracking branch 'upstream/master' into HEADFrederik Rietdijk2017-03-21
| |\ \
| * \ \ Merge pull request #23819 from ttuegel/freetypeThomas Tuegel2017-03-20
| |\ \ \ | | | | | | | | | | FreeType 2.7.1 and Fontconfig defaults
| | * | | nixos/fontconfig: add Changelog message about FreeType updateThomas Tuegel2017-03-20
| | | | |
| | * | | nixos/fontconfig: set rendering defaults, not overridesThomas Tuegel2017-03-17
| | | | |
| | * | | fontconfig-penultimate: init at 0.2Thomas Tuegel2017-03-17
| | | | | | | | | | | | | | | | | | | | Also provides a NixOS module.
| | * | | freetype: 2.6.5 -> 2.7.1Thomas Tuegel2017-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Infinality bytecode interpreter is removed in favor of the new v40 TrueType interpreter. In the past, the Infinality interpreter provided support for ClearType-style hinting instructions while the default interpreter (then v35) provided support only for original TrueType-style instructions. The v40 interpreter corrects this deficiency, so the Infinality interpreter is no longer necessary. To understand why the Infinality interpreter is no longer necessary, we should understand how ClearType differs from TrueType and how the v40 interpreter works. The following is a summary of information available on the FreeType website [1] mixed with my own editorializing. TrueType instructions use horizontal and vertical hints to improve glyph rendering. Before TrueType, fonts were only vertically hinted; horizontal hints improved rendering by snapping stems to pixel boundaries. Horizontal hinting is a risk because it can significantly distort glyph shapes and kerning. Extensive testing at different resolutions is needed to perfect the TrueType hints. Microsoft invested significant effort to do this with its "Core fonts for the Web" project, but few other typefaces have seen this level of attention. With the advent of subpixel rendering, the effective horizontal resolution of most displays increased significantly. ClearType eschews horizontal hinting in favor of horizontal supersampling. Most fonts are designed for the Microsoft bytecode interpreter, which implements a compatibility mode with TrueType-style (horizontal and vertical) instructions. However, applying the full horizontal hints to subpixel-rendered fonts leads to color fringes and inconsistent stem widths. The Infinality interpreter implements several techniques to mitigate these problems, going so far as to embed font- and glyph-specific hacks in the interpreter. On the other hand, the v40 interpreter ignores the horizontal hinting instructions so that glyphs render as they are intended to on the Microsoft interpreter. Without the horizontal hints, the problems of glyph and kerning distortion, color fringes, and inconsistent stem widths--the problems the Infinality interpreter was created to solve--simply don't occur in the first place. There are also security concerns which motivate removing the Infinality patches. Although there is an updated version of the Infinality interpreter for FreeType 2.7, the lack of a consistent upstream maintainer is a security concern. The interpreter is a Turing-complete virtual machine which has had security vulnerabilities in the past. While the default interpreter is used in billions of devices and is maintained by an active developer, the Infinality interpreter is neither scrutinized nor maintained. We will probably never know if there are defects in the Infinality interpreter, and if they were discovered they would likely never be fixed. I do not think that is an acceptable situtation for a core library like FreeType. Dropping the Infinality patches means that font rendering will be less customizable. I think this is an acceptable trade-off. The Infinality interpreter made many compromises to mitigate the problems with horizontal hinting; the main purpose of customization is to tailor these compromises to the user's preferences. The new interpreter does not have to make these compromises because it renders fonts as their designers intended, so this level of customization is not necessary. The Infinality-associated patches are also removed from cairo. These patches only set the default rendering options in case they aren't set though Fontconfig. On NixOS, the rendering options are always set in Fontconfig, so these patches never actually did anything for us! The Fontconfig test suite is patched to account for a quirk in the way PCF fonts are named. The fontconfig option `hintstyle` is no longer configurable in NixOS. This option selects the TrueType interpreter; the v40 interpreter is `hintslight` and the older v35 interpreter is `hintmedium` or `hintfull` (which have actually always been the same thing). The setting may still be changed through the `localConf` option or by creating a user Fontconfig file. Users with HiDPI displays should probably disable hinting and antialiasing: at best they have no visible effect. The fontconfig-ultimate settings are still available in NixOS, but they are no longer the default. They still work, but their main purpose is to set rendering quirks which are no longer necessary and may actually be detrimental (e.g. setting `hintfull` for some fonts). Also, the vast array of font substitutions provided is not an appropriate default; the default setting should be to give the user the font they asked for. [1]. https://www.freetype.org/freetype2/docs/subpixel-hinting.html
* | | | | nixos/sddm: test automatic and manual loginThomas Tuegel2017-03-24
| | | | |
* | | | | nixos/plasma5: re-enable testThomas Tuegel2017-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #24240. I do not know the cause of the test failures, but the tests pass now.
* | | | | nixos/plasma5: also test SDDM themeThomas Tuegel2017-03-24
| | | | |
* | | | | dnscrypt-proxy service: systemd notification under apparmorJoachim Fasting2017-03-24
| | | | |
* | | | | Revert "gdm module: only make xserver args overrideable"Robin Gloster2017-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit a5aa9269027d638b80fe1f23bcf8887ca80d034b. This allows gdm to run again, the test is still failing.
* | | | | google-compute-image: copy store paths with rsyncc74d2017-03-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In `nixos/modules/virtualisation/google-compute-image.nix`, copy store paths with `rsync -a` rather than `cp -prd`, because `rsync` seems better able to handle the hard-links that may be present in the store, whereas `cp` may fail to copy them. I have tested that the Google Compute Engine image builds successfully for me with this patch, whereas it did not without this patch. This is the same fix applied for Azure images in commit 097ef6e435d5b3fcde92e67abbaaaaaf05c0723d. Fixes #23973.
* | | | | nixos: xen: condition default packages on `enable`Jan Malakhovski2017-03-24
| | | | | | | | | | | | | | | | | | | | Closes #23690.
* | | | | nixos/sddm: improve testThomas Tuegel2017-03-23
| | | | | | | | | | | | | | | | | | | | Disable SDDM auto-login to improve testing for SDDM themes. See #24246.
* | | | | Merge pull request #24026 from benley/use-xkbDirRobin Gloster2017-03-23
|\ \ \ \ \ | | | | | | | | | | | | nixos: Use xkbDir consistently so it has an effect
| * | | | | nixos: Use xkbDir consistently so it has an effectBenjamin Staffin2017-03-18
| | | | | |
* | | | | | release-combined: disable plasma tests temporarilyVladimír Čunát2017-03-23
| | | | | | | | | | | | | | | | | | | | | | | | ... to get a channel bump after a long time; see #24240.
* | | | | | security-wrapper: link old wrapper dir to new oneRobin Gloster2017-03-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This makes setuid wrappers not fail after upgrading. references #23641, #22914, #19862, #16654
* | | | | | Revert "security-wrapper: Don't remove the old paths yet as that can create ↵Robin Gloster2017-03-23
| |_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | migration pain" This reverts commit 4c751ced376e0042ddd4f2aa8bd40754b9ea8926. This does not fix the issue as /run is now mounted with nosuid.
* | | | | grub module: fix useOSProber when installing grub as EFISymphorien Gibol2017-03-23
| | | | |
* | | | | Merge pull request #24182 from ndowens/muninJörg Thalheim2017-03-22
|\ \ \ \ \ | | | | | | | | | | | | munin: 2.0.30 -> 2.0.33; for CVE-2017-6188
| * | | | | munin: fix tests by replacing cron with systemd timerJörg Thalheim2017-03-22
| | | | | |
* | | | | | lightdm-greeters service: add extraConfig option (#24135)Piotr Bogdan2017-03-22
| | | | | |
* | | | | | nixos/sddm: replace `themes` option with `package` optionThomas Tuegel2017-03-22
| | | | | |
* | | | | | nixos/plasma5: do not include extra-cmake-modules in sddmThomas Tuegel2017-03-22
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #24126.
* | | | | | nixos/tor: add missing option typeJoachim Fasting2017-03-22
|/ / / / /
* | | | | Allow attaching to non-child processes by defaultEelco Dolstra2017-03-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The inability to run strace or gdb is the kind of developer-unfriendliness that we're used to from OS X, let's not do it on NixOS. This restriction can be re-enabled by setting boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1; It might be nice to have a NixOS module for enabling hardened defaults. Xref #14392. Thanks @abbradar.
* | | | | nix-daemon.nix: Make the 1.12 check less strictEelco Dolstra2017-03-21
| | | | |
* | | | | udev module: filter duplicate udev pathsNikolay Amiantov2017-03-21
| | | | | | | | | | | | | | | | | | | | Fixes #24174
* | | | | octoprint: 1.3.1 -> 1.3.2Nikolay Amiantov2017-03-21
| | | | | | | | | | | | | | | | | | | | Fix startup wizard and cleanup dependencies.
* | | | | Expand on creating USB bootable for OS XCarlos D2017-03-21
| | | | |
* | | | | Merge pull request #23672 from edanaher/nginx-aliasDomen Kožar2017-03-21
|\ \ \ \ \ | | | | | | | | | | | | Nginx alias directive
| * | | | | nginx: disallow alias directive on server level; it doesn't work.Evan Danaher2017-03-09
| | | | | |
| * | | | | nginx: Assert that either root or alias is null.Evan Danaher2017-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If both are set, nginx won't start. More error checking is certainly in order, but this seems like a reasonable start.
| * | | | | nginx: Add alias configuration option for hosts and locations.Evan Danaher2017-03-09
| | | | | | | | | | | | | | | | | | | | | | | | It's like root, but doesn't keep the prefix.
* | | | | | nix: 1.11.7 -> 1.11.8Eelco Dolstra2017-03-21
| | | | | |
* | | | | | Merge pull request #23641 from awakenetworks/parnell/fix-wrapper-migrationRobin Gloster2017-03-21
|\ \ \ \ \ \ | | | | | | | | | | | | | | security-wrapper: Don't remove the old paths yet as that can create migration pain
| * | | | | | security-wrapper: Don't remove the old paths yet as that can create ↵Parnell Springmeyer2017-03-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | migration pain
* | | | | | | Merge pull request #23838 from mayflower/remove-md5Robin Gloster2017-03-21
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | fetch-*: remove md5 support
| * | | | | | | fetch-*: add md5 support removal to rl-notesRobin Gloster2017-03-20
| | | | | | | |
* | | | | | | | gitlab module: explicitely create pages shared pathFranz Pletz2017-03-21
| |_|_|_|_|_|/ |/| | | | | | | | | | | | | | | | | | | | Fixes creation of backups.
* | | | | | | Python changelogFrederik Rietdijk2017-03-21
| | | | | | |
* | | | | | | nixos/treewide: systemd.time is in manvolume 7Franz Pletz2017-03-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | cc #23396
* | | | | | | nix-daemon: fix autoOptimiseStore optionRobin Gloster2017-03-21
| | | | | | |
* | | | | | | rl-notes 17.03: info on python module locationRobin Gloster2017-03-20
|/ / / / / / | | | | | | | | | | | | | | | | | | closes #11567
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-25 10:46:13 +0000