Sadly the only device I had that was requiring this was an nRF52840 MDK
USB dongle and I apparently broke its bootloader, so it won't get
recognized anymore.
symlinks like `tpm2_createprimary -> tpm2` were wrapped, causing argv0
issues due to double wrapping:
$ tpm2_ptool init
[..]
RuntimeError: Could not execute tpm2_createprimary: b'ERROR:
/nix/store/[..]/bin/.tpm2_createprimary-wrapped: unknown tool.
This patch only wraps the `tpm2` and `tss2` executables, and not the
symlinks to them `tpm2_*` and `tss2_*`
Fixes:
STM32CubeMX uses an outdated version of xstream that is not
compatible with JDK16. The derivation uses JDK11 (LTS) explicitly now.
Additionally, the desktop file wasn't generated by copyDesktopItems
before. This is now fixed as well.
Upstream changes:
- Main files moved from . to MX
- JAR file has no .exe extension anymore
- Icon format changed from icns to ico
- There is now a bundled JRE, but we prefer not to use it
Additional changes:
- Move version definition into mkDerivation
This reverts commit d6e0d38b84a00b2ab05324b69e3253d956bb5be7.
We need shorter secrets to continue working, since the earlier
recommendation was too short and there's no way to rotate the them.
The upstream recommended minimum length for db_key_base is 30 bytes,
which our option descriptions repeated. Recently, however, upstream
has, in many places, moved to using aes-256-gcm, which requires a key
of exactly 32 bytes. To allow for shorter keys, the upstream code pads
the key in some places. However, in many others, it just truncates the
key if it's too long, leaving it too short if it was to begin
with. This adds a patch that fixes this and updates the descriptions
to recommend a key of at least 32 characters.
See https://gitlab.com/gitlab-org/gitlab/-/merge_requests/53602
