summaryrefslogtreecommitdiff
Commit message (Expand)AuthorAgeFilesLines
* nixos/github-runner: refactor tokens handling•••This commit changes how we deal with the current token, i.e., the token which may exist from a previous runner registration, and the configured token, i.e., the path set for the respective NixOS configuration option. Until now, we copied the configured and the current token (if any) to the runtime directory to compare them. The path of the current token may reference a file which is only accessible to specific users (even only root). Therefore, we ran the copying of credentials with elevated privileges by prefixing the `ExecStartPre=` script with a `+` (see systemd.service(5)). In this script, we also changed the owner of the files to the service user. Apparently, however, the user/group pair sometimes did not exist because we use `DynamicUser=`. To address this issue, we no longer change the owner of the file. Instead, we change the file permissions to 0666 to allow the runner configuration script (runs with full sandboxing) to read-write the file. Due to the current permissions of the runtime directory (0755), this would expose the token. Therefore, we process the tokens in the state directory, which is only accessible to the service user. If a new token file exists in the state directory, the configuration script should trigger a new runner registration. Afterward, it deletes the new token file. The token is still available using the path of the current token which is inaccessible within the service's sandbox. (cherry picked from commit 3cf9508c72c31e93aa3af566437efd5aff5fb3bd) origin/backport-148164-to-release-21.11Vincent Haupert2022-01-041-34/+26
* Merge pull request #153349 from NixOS/backport-153337-to-release-21.11•••[Backport release-21.11] lean: 3.35.0 -> 3.35.1Bobby Rong2022-01-041-3/+3
|\
| * lean: 3.35.0 -> 3.35.1•••(cherry picked from commit 5b3eac3130bb68737b8f433722515acc5a6c24b1) Mauricio Collares2022-01-031-3/+3
* | Merge pull request #153410 from NixOS/backport-153407-to-release-21.11•••[Backport release-21.11] mpv: 0.34.0 -> 0.34.1Anderson Torres2022-01-031-2/+2
|\ \
| * | mpv: 0.34.0 -> 0.34.1•••(cherry picked from commit ddc858382c160e14b9c896ffc347c8db43476415) adisbladis2022-01-031-2/+2
* | | apk-tools: 2.12.8 -> 2.12.9•••(cherry picked from commit db54e33ba697b31c4b27d2ccbf25ecb47e6f5321) R. Ryantm2022-01-031-2/+2
|/ /
* | Merge pull request #153391 from NixOS/backport-153366-to-release-21.11•••[Backport release-21.11] gnustep.base: fix issue with UTF-8 BOMajs1242022-01-031-0/+7
|\ \
| * | gnustep.base: fix issue with UTF-8 BOM•••(cherry picked from commit c2ed098285eee0528b89bbd98ced7786ddaf2a42) ajs1242022-01-031-0/+7
|/ /
* | Merge pull request #152249 from NixOS/backport-151139-to-release-21.11•••[Backport release-21.11] firmwareLinuxNonfree: 20211027 -> 20211216Bernardo Meurer2022-01-031-3/+3
|\ \
| * | firmwareLinuxNonfree: 20211027 -> 20211216•••(cherry picked from commit f1edf331dfef08d0e142fd7720af12f7fbaaee8e) origin/backport-151139-to-release-21.11TredwellGit2021-12-261-3/+3
* | | Merge pull request #151914 from NixOS/backport-151354-to-release-21.11•••[Backport release-21.11] eolie: switch back to normal webkitgtkRenaud2022-01-031-1/+1
|\ \ \
| * | | eolie: switch back to normal webkitgtk•••i i can't reproduce the issue mentioned in #95559 (cherry picked from commit 1bb3af849a2f0263f49824b3e69c1c0a18d401d4) origin/backport-151354-to-release-21.11Artturin2021-12-231-1/+1
* | | | Merge pull request #152360 from NixOS/backport-152251-to-release-21.11•••[Backport release-21.11] roon-server: 1.8-850 -> 1.8-880Bernardo Meurer2022-01-031-2/+7
|\ \ \ \
| * | | | roon-server: explicitly set dontConfigure/Build•••(cherry picked from commit 795469df589a3e1a595f556c8e817ce158922bd7) origin/backport-152251-to-release-21.11Bernardo Meurer2021-12-271-0/+3
| * | | | roon-server: 1.8-850 -> 1.8-880•••(cherry picked from commit 2d18e3a33daf50b3eb1fb6e9405f72ca8be502ba) Bernardo Meurer2021-12-271-2/+4
* | | | | Merge pull request #153299 from taku0/thunderbird-bin-91.4.1_release-21.11•••[21.11] thunderbird: 91.4.0 -> 91.4.1, thunderbird-bin: 91.3.2 -> 91.4.1Bernardo Meurer2022-01-032-263/+263
|\ \ \ \ \ | |_|_|_|/ |/| | | |
| * | | | thunderbird: 91.4.0 -> 91.4.1•••(cherry picked from commit 95011c834a0775d87f75c1d3d5af9ef190e4814b) taku02022-01-031-2/+2
| * | | | thunderbird-bin: 91.4.0 -> 91.4.1•••(cherry picked from commit b02d1064cb0810bc9ad4cf9519da654b762128b9) taku02022-01-031-261/+261
| * | | | thunderbird-bin: 91.3.2 -> 91.4.0•••(cherry picked from commit b9e3d2fede984a1e9dae6c3aa072a7db6fe42b51) Bernardo Meurer2022-01-031-261/+261
* | | | | Merge pull request #153330 from NixOS/backport-148140-to-release-21.11•••[Backport release-21.11] knot-resolver: 5.4.2 -> 5.4.3ajs1242022-01-031-2/+2
|\ \ \ \ \
| * | | | | knot-resolver: 5.4.2 -> 5.4.3•••https://gitlab.nic.cz/knot/knot-resolver/-/tags/v5.4.3 (cherry picked from commit 93ee1a9cb0cedc65b26c8ebd748c7045506c4e9b) Vladimír Čunát2022-01-031-2/+2
* | | | | | Merge pull request #153322 from NixOS/backport-153308-to-release-21.11•••[Backport release-21.11] jitsi-meet-electron: add pipewire screensharing supportBobby Rong2022-01-031-1/+2
|\ \ \ \ \ \ | |/ / / / / |/| | | | |
| * | | | | jitsi-meet-electron: add pipewire screensharing support•••(cherry picked from commit df583011106021eca6b1c154ceb1bdd8ff58c5d7) Fabian Hauser2022-01-031-1/+2
|/ / / / /
* | | | | Merge pull request #153313 from NixOS/backport-153307-to-release-21.11•••[Backport release-21.11] vscode-extensions.dbaeumer.vscode-eslint: 2.1.14 -> 2.2.2Bobby Rong2022-01-031-2/+2
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | vscode-extensions.dbaeumer.vscode-eslint: 2.1.14 -> 2.2.2•••(cherry picked from commit d1f228919825f47bda1484bdb97169601ddc0fcb) Fabian Hauser2022-01-031-2/+2
|/ / / /
* | | | Merge pull request #153274 from NixOS/backport-153002-to-release-21.11•••[Backport release-21.11] bandwidth: 1.10.4 -> 1.11.2Ryan Burns2022-01-021-2/+2
|\ \ \ \
| * | | | bandwidth: 1.10.4 -> 1.11.2•••(cherry picked from commit 68e39c2f981092d3763acf16ddbfa1c225d811e7) Ryan Burns2022-01-021-2/+2
|/ / / /
* | | | nncp: 7.7.0 -> 8.0.2•••This update introduces an encrypted packet format that is incompatible with releases older than 8.0.0. Backport of commit 2d4524eb8cfc0d554d281fd932ff264d2c114f9e Emery Hemingway2022-01-022-24/+14
* | | | Merge pull request #153223 from NixOS/backport-151922-to-release-21.11•••[Backport release-21.11] gitea: 1.15.7 -> 1.15.9Maximilian Bosch2022-01-021-2/+2
|\ \ \ \
| * | | | gitea: 1.15.7 -> 1.15.9•••ChangeLog: https://github.com/go-gitea/gitea/releases/tag/v1.15.8 ChangeLog: https://github.com/go-gitea/gitea/releases/tag/v1.15.9 (cherry picked from commit 8cb0ae287c810bb1d37f8ba67a8a978d968a3d94) Maximilian Bosch2022-01-021-2/+2
* | | | | Merge pull request #153212 from Ma27/backport-ferdi•••[21.11] ferdi: 5.6.4 -> 5.6.5Jörg Thalheim2022-01-021-2/+2
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | ferdi: 5.6.4 -> 5.6.5 (#152239)•••(cherry picked from commit 64346a8685d366907680c53228e262983f4c0729) derjohn2022-01-021-2/+2
* | | | | Merge pull request #153205 from NixOS/backport-153044-to-release-21.11•••[Backport release-21.11] roundcube: 1.5.1 -> 1.5.2Maximilian Bosch2022-01-021-2/+2
|\ \ \ \ \
| * | | | | roundcube: 1.5.1 -> 1.5.2•••(cherry picked from commit c630bcd3e7a3634d1b3ff6a6c3562073228ff864) R. Ryantm2022-01-021-2/+2
|/ / / / /
* | | | | Merge pull request #153064 from NixOS/backport-148857-to-release-21.11•••[Backport release-21.11] meshlab: 2020.12 -> 2021.10Bobby Rong2022-01-011-2/+11
|\ \ \ \ \ | |/ / / / |/| | | |
| * | | | meshlab: 2020.12 -> 2021.10•••* De-vendors boost and xercesc * Enables CGAL (cherry picked from commit 7c0942ba57f5dc855ce062af7cac07428f9bf94c) Zane van Iperen2022-01-011-2/+11
|/ / / /
* | | | Merge pull request #152940 from NixOS/backport-152594-to-release-21.11•••[Backport release-21.11] security/wrappers: remove C compiler from the nixos/security.wrappers…Michele Guerini Rocco2022-01-011-2/+0
|\ \ \ \
| * | | | security/wrappers: remove C compiler from the nixos/security.wrappers AppArmo...•••(cherry picked from commit 0e5611e0bec892dfff082aea596d2f1e1ccd75a6) origin/backport-152594-to-release-21.11Julien Moutinho2021-12-311-2/+0
* | | | | Merge pull request #152941 from NixOS/backport-152897-to-release-21.11•••[Backport release-21.11] mutt: 2.1.4 -> 2.1.5Michele Guerini Rocco2022-01-011-2/+2
|\ \ \ \ \
| * | | | | mutt: 2.1.4 -> 2.1.5•••Signed-off-by: Matthias Beyer <mail@beyermatthias.de> (cherry picked from commit 60dfe7dd08baf86dc1eaf28ba48573a929bda6b0) origin/backport-152897-to-release-21.11Matthias Beyer2021-12-311-2/+2
| |/ / / /
* | | | | Merge pull request #153019 from NixOS/backport-152984-to-release-21.11•••[Backport release-21.11] treewide: fix homepages with permanent redirect to https (2)Bobby Rong2022-01-0112-12/+12
|\ \ \ \ \
| * | | | | milkytracker: fix meta.homepage•••(cherry picked from commit 3bedb63be96113ef68e8edde21dba3f6f6fba6a6) Ben Siraphob2022-01-011-1/+1
| * | | | | pbrt: fix meta.homepage•••(cherry picked from commit 6ffd6401e980699fbf2bf03d60f1de4a8fdc2fdb) Ben Siraphob2022-01-011-1/+1
| * | | | | mkgmap: fix meta.homepage•••(cherry picked from commit 874b1186a9aba7e1780810f264c9e373a08d9d4d) Ben Siraphob2022-01-011-1/+1
| * | | | | mkgmap-splitter: fix meta.homepage•••(cherry picked from commit 80c1981cd620020f5f88a41c0f507d494e42c160) Ben Siraphob2022-01-011-1/+1
| * | | | | openfst: fix meta.homepage•••(cherry picked from commit 2bf68ff9e7f8286758e242b06c8e7696541dac36) Ben Siraphob2022-01-011-1/+1
| * | | | | pekwm: fix meta.homepage•••(cherry picked from commit b74f29e6e8ad00bb3ca5d71201f783a84bf3944b) Ben Siraphob2022-01-011-1/+1
| * | | | | opengrm-ngram: fix meta.homepage•••(cherry picked from commit 1baad9bfb6bb293e6b02c29d4046da726fc26c9b) Ben Siraphob2022-01-011-1/+1
| * | | | | premake: fix meta.homepage•••(cherry picked from commit d96f843157c1b783783f7863ec0e27a85cd60304) Ben Siraphob2022-01-011-1/+1
| * | | | | meteor: fix meta.homepage•••(cherry picked from commit f5c380b978a16b6d69f7daa48acc7663c095d610) Ben Siraphob2022-01-011-1/+1
generated by cgit v1.2.3 (git 2.52.0) at 2026-01-17 05:11:34 +0000