[Nix-dev] NixOS 17.03 Beta, 16.09 Security Support Timeline
Thomas Hunger
tehunger at gmail.com
Wed Mar 8 10:16:11 CET 2017
Hi Graham,
I tried reproducing the nixos-rebuild switch issue for setuid wrappers
without success: Can you point me to an issue, or give a hint for what you
mean by "break setuid binaries"? I'd like to fix this but don't yet
understand what's going on.
~
On 5 March 2017 at 15:25, Graham Christensen <graham at grahamc.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>
> Hello,
>
> In my most recent roundup email, I included information about 17.03,
> 16.09, and the security support timeline. It was somewhat buried in the
> otherwise very standard message, so I'm sending just that information.
>
> NixOS 17.03 has entered Beta. This means we now have 3 versions of NixOS
> being developed:
>
> - 16.09 (stable)
> - 17.03 (beta)
> - unstable
>
> 17.03 will become stable at the end of March.
>
> Due to the size of the NixOS community and the available resources we
> have, we typically only support one stable version of NixOS at a time.
>
> In order to ease the transition, I have decided to continue providing
> security patches to the 16.09 channel for one month after 17.03 is
> released, ending on May 3rd, 2017.
>
> You can switch from 16.09 to 17.03-beta via:
>
> $ sudo nix-channel --add https://nixos.org/channels/nixos-17.03 nixos
> $ sudo nix-channel --update
> $ sudo nixos-rebuild boot
> $ reboot
>
> Note: Don't use nixos-rebuild switch. The path to setuid wrappers has
> changed, and using switch will break setuid binaries (like sudo, ping,
> etc.) until you reboot.
>
> Thank you very much,
> Graham Christensen
> NixOS Security Team
> https://github.com/nixos/security
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCAAdFiEEP+htk0GpxXspt+y6BhIdNm/pQ1wFAli8LdAACgkQBhIdNm/p
> Q1ygjA//U16fikL8uHxAjh4vM26U5rsztpXjDcMSMIv5wWi7omWWnwQ0b9nf/WPH
> Tzh/nPA5L+DMrYBardPWF3PEriuuCW2oCBLhQpVIuYSl1vUmEL6R+GlBmHw6yD+G
> DWFuxrJWwQLxNAjSrMwP0bID3ZYtFyQQZKvsrzpFSh+ThCu1tkvOUt8A9t43SBIJ
> a0TTF6zFPez4GDrn7W702m4PMN0PEe0dyIg/UfpjmwEaxzgM8gZKcx/FLPh4IkVs
> WN0RoPavLb5UhBeHGoV7kXWohJ26Wx4R8/5rX2kEQWl+5dP2fHuhGs6oEtRC5EHx
> hiQmcwR+BCsQIZ6SzzveO2wOESiejjZnVuzqKoJ85NFfP39PRJqWD/GgHCsKCzwb
> YQX8U5zKVmHNr0pbjtYFmkmyfMNisvJ217L1X758BylOSwMcaKCxPOxfO/A/Lra5
> 3MMRJQDs983sBuqBen4INPPcn/43GwwpMwlhxVdutCP9iyiH87hRSoX/Vf9l6fNa
> vui2N00t8tn/biQKC0bFGBr5IPQiPmxBIVXRCP/Wiju+9vX5LUtk8y7pTr3lvkvr
> M30W0/Q+1XK1IkTLsDDyvuG6NHqek5peIA7K4SKi5w6jI8quzdCqYkflGrgbXQOV
> tyEEmmV8BMVPrpo7pmOQgHCh5ZlCU46hbqmHJxOjI2AJomwfLQo=
> =eVJJ
> -----END PGP SIGNATURE-----
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170308/0364e03c/attachment-0001.html>
More information about the nix-dev
mailing list