[Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline
Domen Kožar
domen at dev.si
Wed Mar 8 10:17:18 CET 2017
https://github.com/NixOS/nixpkgs/issues/19862#issuecomment-283732486
On Wed, Mar 8, 2017 at 10:16 AM, Thomas Hunger <tehunger at gmail.com> wrote:
> Hi Graham,
>
> I tried reproducing the nixos-rebuild switch issue for setuid wrappers
> without success: Can you point me to an issue, or give a hint for what you
> mean by "break setuid binaries"? I'd like to fix this but don't yet
> understand what's going on.
>
> ~
>
> On 5 March 2017 at 15:25, Graham Christensen <graham at grahamc.com> wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>>
>> Hello,
>>
>> In my most recent roundup email, I included information about 17.03,
>> 16.09, and the security support timeline. It was somewhat buried in the
>> otherwise very standard message, so I'm sending just that information.
>>
>> NixOS 17.03 has entered Beta. This means we now have 3 versions of NixOS
>> being developed:
>>
>> - 16.09 (stable)
>> - 17.03 (beta)
>> - unstable
>>
>> 17.03 will become stable at the end of March.
>>
>> Due to the size of the NixOS community and the available resources we
>> have, we typically only support one stable version of NixOS at a time.
>>
>> In order to ease the transition, I have decided to continue providing
>> security patches to the 16.09 channel for one month after 17.03 is
>> released, ending on May 3rd, 2017.
>>
>> You can switch from 16.09 to 17.03-beta via:
>>
>> $ sudo nix-channel --add https://nixos.org/channels/nixos-17.03 nixos
>> $ sudo nix-channel --update
>> $ sudo nixos-rebuild boot
>> $ reboot
>>
>> Note: Don't use nixos-rebuild switch. The path to setuid wrappers has
>> changed, and using switch will break setuid binaries (like sudo, ping,
>> etc.) until you reboot.
>>
>> Thank you very much,
>> Graham Christensen
>> NixOS Security Team
>> https://github.com/nixos/security
>> -----BEGIN PGP SIGNATURE-----
>>
>> iQIzBAEBCAAdFiEEP+htk0GpxXspt+y6BhIdNm/pQ1wFAli8LdAACgkQBhIdNm/p
>> Q1ygjA//U16fikL8uHxAjh4vM26U5rsztpXjDcMSMIv5wWi7omWWnwQ0b9nf/WPH
>> Tzh/nPA5L+DMrYBardPWF3PEriuuCW2oCBLhQpVIuYSl1vUmEL6R+GlBmHw6yD+G
>> DWFuxrJWwQLxNAjSrMwP0bID3ZYtFyQQZKvsrzpFSh+ThCu1tkvOUt8A9t43SBIJ
>> a0TTF6zFPez4GDrn7W702m4PMN0PEe0dyIg/UfpjmwEaxzgM8gZKcx/FLPh4IkVs
>> WN0RoPavLb5UhBeHGoV7kXWohJ26Wx4R8/5rX2kEQWl+5dP2fHuhGs6oEtRC5EHx
>> hiQmcwR+BCsQIZ6SzzveO2wOESiejjZnVuzqKoJ85NFfP39PRJqWD/GgHCsKCzwb
>> YQX8U5zKVmHNr0pbjtYFmkmyfMNisvJ217L1X758BylOSwMcaKCxPOxfO/A/Lra5
>> 3MMRJQDs983sBuqBen4INPPcn/43GwwpMwlhxVdutCP9iyiH87hRSoX/Vf9l6fNa
>> vui2N00t8tn/biQKC0bFGBr5IPQiPmxBIVXRCP/Wiju+9vX5LUtk8y7pTr3lvkvr
>> M30W0/Q+1XK1IkTLsDDyvuG6NHqek5peIA7K4SKi5w6jI8quzdCqYkflGrgbXQOV
>> tyEEmmV8BMVPrpo7pmOQgHCh5ZlCU46hbqmHJxOjI2AJomwfLQo=
>> =eVJJ
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170308/bc768624/attachment.html>
More information about the nix-dev
mailing list