[24.11] nginx changes for 24.11 #1145
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- -oss seems to be broken at the moment due to a failing test relying on x-pack. We have to re-check this later. - Use upstream packages.
Pull upstream NixOS changes, security fixes and package updates: - awscli2: 2.17.18 -> 2.17.42 - containerd: 1.7.20 -> 1.7.21 - haproxy: 3.0.3 -> 3.0.4 - imagemagick: 7.1.1-37 -> 7.1.1-38 - imagemagick: add willow to passthru.tests - k3s_1_30: 1.30.3+k3s1 -> 1.30.4+k3s1 - libmodsecurity: 3.0.12 -> 3.0.13 - linux_5_15: 5.15.165 -> 5.15.166 - mongodb-5_0: 5.0.28 -> 5.0.29 - nss_latest: 3.103 -> 3.104 - php82: 8.2.22 -> 8.2.23 - php83: 8.3.10 -> 8.3.11 - prometheus: 2.53.1 → 2.54.1 - qemu: 9.0.2 -> 9.1.0 - roundcube: 1.6.8 -> 1.6.9 - runc: 1.1.13 -> 1.1.14 - unifi8: 8.3.32 -> 8.4.59
This way we get to a channel faster that we can use for development. Before, we used to disable tests and packages to keep `release` green which is error-prone and takes away the feedback we get from failing tests in Hydra.
This was taken from NixOS 23.05 and is obsolete now. Had to remove the code that depends on cfgUpstream.configFile but it's just for informational purposes and we can fix that later.
Our patch logic used for adding our log patch to older PHP versions left out `patches` which skipped a patch needed for building 8.1.
slurm 24.05 doesn't work with pyslurm at the moment and there's no visible work going on in the repo to make it compatible. Go back to slurm 23.11 in the meantime. If the problem still persists in 1-2 months, we should think about how we can resolve this properly.
Pull upstream NixOS changes, security fixes and package updates: - asterisk: 20.9.2 -> 20.9.3 - curl: enable configure flag `--enable-versioned-symbols` - curl: enable flag `--enable-versioned-symbols` (#336712) - nodejs_20: 20.16.0 -> 20.17.0, (#336388) - nodejs_22: 22.6.0 -> 22.8.0, (#336556) - podman: drop slirp4netns which has been replaced by passt - postgresql: move dynamic modules to default output - postgresql: move libecpq to lib output - postgresql: refactor removal of references in bitcode files - postgresql: refactor to simplify condition - postgresql: remove references to llvm-dev on darwin as well - postgresql: split dev output - postgresql: use systemdLibs (#337441) - unifi7: mark insecure due to CVE-2024-42025 (#340341) - vim: 9.1.0689 -> 9.1.0707
Pull upstream NixOS changes, security fixes and package updates: - calibre: enable tests (#338867) - containerd: 1.7.21 -> 1.7.22, (#340887) - gitlab-container-registry: 4.7.0 -> 4.9.0 - gitlab: 17.2.4 -> 17.2.5, (#341398) - keycloak: 25.0.4 -> 25.0.5, (#341062) - openssl: expose 'enable-md2' option (#337885) - python39: 3.9.19 -> 3.9.20; python310: 3.10.14 -> 3.10.15; python313: 3.13.0rc1 -> 3.13.0rc2, (#340330) - rabbitmq-server: 3.13.6 -> 3.13.7, (#337489) - subversion: fix darwin (#341232) - telegraf: 1.31.3 -> 1.32.0, (#341515)
In PL-132659, we've decided to override security.acme.defaults.server from the upstream value to avoid triggering mass letsencrypt account re-registrations. **Re-**registrations are only an issue for existing machines. Freshly bootstrapped systems won't cause any problems. As we cannot be certain that our workaround is going to work for all future NixOS releases, I propose to make this conditional on the VM state version <= 24.05. If ever necessary, this reduces the number of VMs in need of a state migration for the account in the future. PL-133038
Pull upstream NixOS changes, security fixes and package updates: - calibre: exclude test test_websocket_basic (#341843) - clamav: 1.4.0 -> 1.4.1 (#341437) - curl: apply patch for CVE-2024-8096 (#342030) - docker-compose: 2.29.2 -> 2.29.3, (#341583) - keycloak: 25.0.5 -> 25.0.6 (#343113) - kubernetes-helm: 3.15.4 -> 3.16.1 (#341294) - nix: 2.18 -> 2.24 (#335342) - strace: 6.10 -> 6.11 - tomcat9: 9.0.93 -> 9.0.94 - tomcat10: 10.1.28 -> 10.1.29 (#341440)
laalsaas
force-pushed
the
PL-131381-nginx-changes
branch
from
22ff7ac
to
77b393f
Compare
added 2 commits
October 30, 2024 19:34
PL-131381
The masterUser option is remove since it caused many problems and brings us closer to upstream. PL-131381
This is done to reduce the diff once we switch to the upstream module. It is also part of the preparations for 24.11 PL-131381
laalsaas
force-pushed
the
PL-131381-nginx-changes
branch
from
77b393f
to
a18b990
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@flyingcircusio/release-managers
PL-131381
Release process
Impact:
Changelog:
PR release workflow (internal)
Platform24.11 agile boardDesign notes
onoroff. Example: rate limiting.Security implications