Nix now returns base64-encoded SRI hashes on hash mismatch. Usually,
people copy the returned hashes in TOFU fashion but since base64-encoded
strings can contain slashes, they often broke our use of them for temporary file name.
Escaping them should prevent the failures.
Add a cage module to nixos. This can be used to make kiosk-style
systems that boot directly to a single application. The user (demo by
default) is automatically logged in by this service and the
program (xterm by default) is automatically started.
This is useful for some embedded, single-user systems where we want
automatic booting. To keep the system secure, the user should have
limited privileges.
Based on the service provided in the Cage wiki here:
https://github.com/Hjdskes/cage/wiki/Starting-Cage-on-boot-with-systemd
Co-Authored-By: Florian Klink <flokli@flokli.de>
* prometheus-nginx-exporter: 0.5.0 -> 0.6.0
* nixos/prometheus-nginx-exporter: update for 0.6.0
Added new option constLabels and updated virtualHost name in the
exporter's test.
The fix for the CC/CXX variables was merged some time before 1.3.0.
The `-Werror` seems to be new. It is removed in upstream's master so it
should be removable in the next release. Something in glibc is causing a
warning that is killing the build if `-Werror` isn't removed.
The problem was that nix passes lists as space-separated strings not as
arrays of strings, so `"${foo[@]}"` doesn't work as intended because
it's not an array. Instead we pass it in a bash array.
Also, using builtins.placeholder instead of passing "$(out)" to bash, as
that's not what we want to do (the `$(...)` is the process expansion in
bash)
Update GDAL/OGR to 3.0.4
GDAL 3.0.4 includes a fix for build failure due to poppler 0.85.0
upgrade (change to parameters for setErrorCallback). See commit:
6e9e51ef93
