Release 2023_007 (2023-04-11)

Impact

• [NixOS 22.11] Most services will be restarted due to a core dependency change. Machines will schedule a reboot to activate the changed kernel.

• [NixOS 21.05] Machines will schedule a reboot to activate the changed kernel.

NixOS 22.11 platform

• fc-manage check now displays NixOS (deprecation) warnings, read from /etc/fcio_nixos_warnings. The output of this command is also shown via the fc-agent Sensu check. These warnings should be fixed before upgrading the platform (PL-131380).

• devhost: increase timeout for NixOS containers from 1 min to 10 min to ensure successful startup for slow containers and during boot (PL-131407).

• Pull upstream NixOS changes, security fixes and package updates (PL-131399):

  • apacheHttpd: 2.4.55 -> 2.4.56 (CVE-2023-27522, CVE-2023-25690)

  • curl: fix CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538

  • gitlab: 15.8.4 -> 15.10.1

  • grafana: 9.4.3 -> 9.4.7

  • imagemagick: 7.1.1-2 -> 7.1.1-5

  • linux: 5.15.103 -> 5.15.105

  • matrix-synapse: 1.79.0 -> 1.80.0

  • php81: 8.1.16 -> 8.1.17

  • redis: 7.0.9 -> 7.0.10 (CVE-2023-28425)

  • systemd: 251.12 -> 251.13

• antivirus: prevent role activation for machines with less than 3GiB RAM (PL-130703).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/245482/download/1/nixexprs.tar.xz

NixOS 22.05 platform

• fc-manage check now displays NixOS (deprecation) warnings, read from /etc/fcio_nixos_warnings. The output of this command is also shown via the fc-agent Sensu check. These warnings should be fixed before upgrading the platform (PL-131380).

• Verbose output of management commands like fc-manage -v switch is now more readable. The flag can be used to see debug messages, build output and NixOS (deprecation) warnings (PL-131380).

• postgresql: fix deprecation warning which was always triggered, even if no legacy config in /etc/local/postgresql/14 was present, for example (PL-131380).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/246532/download/1/nixexprs.tar.xz

NixOS 21.05 platform

• linux: 5.10.159 -> 5.10.175 (PL-131262).

  (internal) includes a back-ported fix for our IPMI logging problems

• Production channel URL for this release: https://hydra.flyingcircus.io/build/245830/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 22.11: platform code, upstream changes

• NixOS 22.05: platform code

• NixOS 21.05: platform code