diff --git a/nixos/doc/manual/configuration/networking.xml b/nixos/doc/manual/configuration/networking.xml index 02cf811e0bd..8369e9c9c85 100644 --- a/nixos/doc/manual/configuration/networking.xml +++ b/nixos/doc/manual/configuration/networking.xml @@ -15,5 +15,6 @@ + diff --git a/nixos/doc/manual/configuration/renaming-interfaces.xml b/nixos/doc/manual/configuration/renaming-interfaces.xml new file mode 100644 index 00000000000..d760bb3a4da --- /dev/null +++ b/nixos/doc/manual/configuration/renaming-interfaces.xml @@ -0,0 +1,67 @@ +
+ Renaming network interfaces + + + NixOS uses the udev + predictable naming scheme + to assign names to network interfaces. This means that by default + cards are not given the traditional names like + eth0 or eth1, whose order can + change unpredictably across reboots. Instead, relying on physical + locations and firmware information, the scheme produces names like + ens1, enp2s0, etc. + + + + These names are predictable but less memorable and not necessarily + stable: for example installing new hardware or changing firmware + settings can result in a + name change. + If this is undesirable, for example if you have a single ethernet + card, you can revert to the traditional scheme by setting + to + false. + + +
+ Assigning custom names + + In case there are multiple interfaces of the same type, it’s better to + assign custom names based on the device hardware address. For + example, we assign the name wan to the interface + with MAC address 52:54:00:12:01:01 using a + netword link unit: + + + systemd.network.links."10-wan" = { + matchConfig.MACAddress = "52:54:00:12:01:01"; + linkConfig.Name = "wan"; + }; + + + Note that links are directly read by udev, not networkd, + and will work even if networkd is disabled. + + + Alternatively, we can use a plain old udev rule: + + + services.udev.initrdRules = '' + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \ + ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="wan" + ''; + + + + The rule must be installed in the initrd using + services.udev.initrdRules, not the usual + services.udev.extraRules option. This is to avoid race + conditions with other programs controlling the interface. + +
+ +
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml index 3760c52d363..9894ab02500 100644 --- a/nixos/doc/manual/release-notes/rl-2105.xml +++ b/nixos/doc/manual/release-notes/rl-2105.xml @@ -91,6 +91,16 @@ + + + If you are using to assign + custom names to network interfaces, this may stop working due to a change + in the initialisation of dhcpcd and systemd networkd. To avoid this, either + move them to or see the new + Assigning custom names section + of the NixOS manual for an example using networkd links. + + The systemConfig kernel parameter is no longer added to boot loader entries. It has been unused since September 2010, but if do have a system generation from that era, you will now be unable to boot into them. diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix index 63027f7744d..d48b5444677 100644 --- a/nixos/modules/services/hardware/udev.nix +++ b/nixos/modules/services/hardware/udev.nix @@ -202,12 +202,26 @@ in ''; }; - extraRules = mkOption { + initrdRules = mkOption { default = ""; example = '' SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:1D:60:B9:6D:4F", KERNEL=="eth*", NAME="my_fast_network_card" ''; type = types.lines; + description = '' + udev rules to include in the initrd + only. They'll be written into file + 99-local.rules. Thus they are read and applied + after the essential initrd rules. + ''; + }; + + extraRules = mkOption { + default = ""; + example = '' + ENV{ID_VENDOR_ID}=="046d", ENV{ID_MODEL_ID}=="0825", ENV{PULSE_IGNORE}="1" + ''; + type = types.lines; description = '' Additional udev rules. They'll be written into file 99-local.rules. Thus they are @@ -284,6 +298,13 @@ in boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ]; + boot.initrd.extraUdevRulesCommands = optionalString (cfg.initrdRules != "") + '' + cat <<'EOF' > $out/99-local.rules + ${cfg.initrdRules} + EOF + ''; + environment.etc = { "udev/rules.d".source = udevRules; diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix index d10bffd9147..31e4b6ad298 100644 --- a/nixos/modules/services/networking/dhcpcd.nix +++ b/nixos/modules/services/networking/dhcpcd.nix @@ -191,9 +191,8 @@ in { description = "DHCP Client"; wantedBy = [ "multi-user.target" ] ++ optional (!hasDefaultGatewaySet) "network-online.target"; - wants = [ "network.target" "systemd-udev-settle.service" ]; + wants = [ "network.target" ]; before = [ "network-online.target" ]; - after = [ "systemd-udev-settle.service" ]; restartTriggers = [ exitHook ]; diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 3b01bc00baf..914d3e62eb4 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -1553,9 +1553,6 @@ in wantedBy = [ "multi-user.target" ]; aliases = [ "dbus-org.freedesktop.network1.service" ]; restartTriggers = map (x: x.source) (attrValues unitFiles); - # prevent race condition with interface renaming (#39069) - requires = [ "systemd-udev-settle.service" ]; - after = [ "systemd-udev-settle.service" ]; }; systemd.services.systemd-networkd-wait-online = { diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 44287f3cf09..4074f2e0235 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -205,13 +205,22 @@ let ''; # */ + # Networkd link files are used early by udev to set up interfaces early. + # This must be done in stage 1 to avoid race conditions between udev and + # network daemons. linkUnits = pkgs.runCommand "link-units" { allowedReferences = [ extraUtils ]; preferLocalBuild = true; - } '' + } ('' mkdir -p $out cp -v ${udev}/lib/systemd/network/*.link $out/ - ''; + '' + ( + let + links = filterAttrs (n: v: hasSuffix ".link" n) config.systemd.network.units; + files = mapAttrsToList (n: v: "${v.unit}/${n}") links; + in + concatMapStringsSep "\n" (file: "cp -v ${file} $out/") files + )); udevRules = pkgs.runCommand "udev-rules" { allowedReferences = [ extraUtils ]; diff --git a/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash b/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash new file mode 100644 index 00000000000..4a860196111 --- /dev/null +++ b/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +set -euo pipefail + +WGET() { + wget --retry-connrefused -t 15 --waitretry=10 --header='Metadata-Flavor: Google' "$@" +} + +# When dealing with cryptographic keys, we want to keep things private. +umask 077 +mkdir -p /root/.ssh + +echo "Fetching authorized keys..." +WGET -O /tmp/auth_keys http://metadata.google.internal/computeMetadata/v1/instance/attributes/sshKeys + +# Read keys one by one, split in case Google decided +# to append metadata (it does sometimes) and add to +# authorized_keys if not already present. +touch /root/.ssh/authorized_keys +while IFS='' read -r line || [[ -n "$line" ]]; do + keyLine=$(echo -n "$line" | cut -d ':' -f2) + IFS=' ' read -r -a array <<<"$keyLine" + if [[ ${#array[@]} -ge 3 ]]; then + echo "${array[@]:0:3}" >>/tmp/new_keys + echo "Added ${array[*]:2} to authorized_keys" + fi +done +Date: Sun, 24 Jan 2021 21:10:29 -0800 +Subject: [PATCH 4/4] Hack to address build failure when using newer macOS SDKs + with older deployment targets + +Signed-off-by: Jeremy Huddleston Sequoia +--- + include/c11/threads_posix.h | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/include/c11/threads_posix.h b/include/c11/threads_posix.h +index 45cb6075e6e..355d725f7da 100644 +--- a/include/c11/threads_posix.h ++++ b/include/c11/threads_posix.h +@@ -382,7 +382,13 @@ tss_set(tss_t key, void *val) + + /*-------------------- 7.25.7 Time functions --------------------*/ + // 7.25.6.1 +-#ifndef HAVE_TIMESPEC_GET ++#if !defined(HAVE_TIMESPEC_GET) || defined(__APPLE__) ++ ++#ifdef __APPLE__ ++#include ++#define timespec_get(ts, b) mesa_timespec_get(ts, b) ++#endif ++ + static inline int + timespec_get(struct timespec *ts, int base) + { +-- +2.29.2 (Apple Git-129) + diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix index 36a0b52f357..e7c87bbc2c7 100644 --- a/pkgs/development/libraries/mesa/default.nix +++ b/pkgs/development/libraries/mesa/default.nix @@ -65,6 +65,10 @@ stdenv.mkDerivation { url = "https://gitlab.freedesktop.org/mesa/mesa/commit/aebbf819df6d1e.patch"; sha256 = "17248hyzg43d73c86p077m4lv1pkncaycr3l27hwv9k4ija9zl8q"; }) + ] ++ optionals (stdenv.isDarwin && stdenv.isAarch64) [ + # Fix aarch64-darwin build, remove when upstreaam supports it out of the box. + # See: https://gitlab.freedesktop.org/mesa/mesa/-/issues/1020 + ./aarch64-darwin.patch ]; postPatch = '' diff --git a/pkgs/development/libraries/pipewire/default.nix b/pkgs/development/libraries/pipewire/default.nix index fc566d91e91..93cef9b659f 100644 --- a/pkgs/development/libraries/pipewire/default.nix +++ b/pkgs/development/libraries/pipewire/default.nix @@ -13,6 +13,7 @@ , glib , dbus , alsaLib +, SDL2 , libjack2 , udev , libva @@ -42,7 +43,7 @@ let self = stdenv.mkDerivation rec { pname = "pipewire"; - version = "0.3.21"; + version = "0.3.22"; outputs = [ "out" @@ -60,7 +61,7 @@ let owner = "pipewire"; repo = "pipewire"; rev = version; - hash = "sha256:2YJzPTMPIoQQeNja3F53SD4gtpdSlbD/i77hBWiQfuQ="; + hash = "sha256:1ywna5f5v8s79ivrqfwwc8vy6sn3a2zvfwqyalf1fypj5d90w8g9"; }; patches = [ @@ -86,6 +87,7 @@ let alsaLib dbus glib + SDL2 libjack2 libsndfile ncurses diff --git a/pkgs/development/python-modules/google-cloud-bigquery/default.nix b/pkgs/development/python-modules/google-cloud-bigquery/default.nix index a2664265171..644c7ef9185 100644 --- a/pkgs/development/python-modules/google-cloud-bigquery/default.nix +++ b/pkgs/development/python-modules/google-cloud-bigquery/default.nix @@ -17,11 +17,11 @@ buildPythonPackage rec { pname = "google-cloud-bigquery"; - version = "2.8.0"; + version = "2.9.0"; src = fetchPypi { inherit pname version; - sha256 = "c4c43f7f440d6e5bb2895d21122af5de65b487ea2c69cea466a516bb826ab921"; + sha256 = "33fcbdf5567bdb7657fb3485f061e7f1b45361f65fdafc168ab9172117fd9a5a"; }; propagatedBuildInputs = [ diff --git a/pkgs/development/python-modules/google-cloud-container/default.nix b/pkgs/development/python-modules/google-cloud-container/default.nix index 1cf94d220e6..4a14080e5e9 100644 --- a/pkgs/development/python-modules/google-cloud-container/default.nix +++ b/pkgs/development/python-modules/google-cloud-container/default.nix @@ -12,11 +12,11 @@ buildPythonPackage rec { pname = "google-cloud-container"; - version = "2.3.0"; + version = "2.3.1"; src = fetchPypi { inherit pname version; - sha256 = "04f9mx1wxy3l9dvzvvr579fnjp1fdqhgplv5y2gl7h2mvn281k8d"; + sha256 = "69e10c999c64996822aa2ca138cffcdf0f1e04bdbdb7206c286fa17fb800703a"; }; propagatedBuildInputs = [ google-api-core grpc_google_iam_v1 libcst proto-plus ]; diff --git a/pkgs/development/python-modules/pysmbc/default.nix b/pkgs/development/python-modules/pysmbc/default.nix index bea1438f679..93aa6606c7d 100644 --- a/pkgs/development/python-modules/pysmbc/default.nix +++ b/pkgs/development/python-modules/pysmbc/default.nix @@ -1,23 +1,31 @@ -{ lib, buildPythonPackage, fetchPypi -, samba, pkg-config -, setuptools }: +{ lib +, buildPythonPackage +, fetchPypi +, samba +, pkg-config +}: buildPythonPackage rec { - version = "1.0.21"; pname = "pysmbc"; + version = "1.0.23"; src = fetchPypi { inherit pname version; - extension = "tar.bz2"; - sha256 = "14b75f358ical7zzqh3g1qkh2dxwxn2gz7sah5f5svndqkd3z8jy"; + sha256 = "1y0n1n6jkzf4mr5lqfc73l2m0qp56gvxwfjnx2vj8c0hh5i1gnq8"; }; nativeBuildInputs = [ pkg-config ]; - buildInputs = [ setuptools samba ]; + + buildInputs = [ samba ]; + + # Tests would require a local SMB server + doCheck = false; + pythonImportsCheck = [ "smbc" ]; meta = with lib; { description = "libsmbclient binding for Python"; homepage = "https://github.com/hamano/pysmbc"; - license = licenses.gpl2Plus; + license = with licenses; [ gpl2Plus ]; + maintainers = with maintainers; [ fab ]; }; } diff --git a/pkgs/development/python-modules/yalesmartalarmclient/default.nix b/pkgs/development/python-modules/yalesmartalarmclient/default.nix new file mode 100644 index 00000000000..a4ca97e27ac --- /dev/null +++ b/pkgs/development/python-modules/yalesmartalarmclient/default.nix @@ -0,0 +1,30 @@ +{ lib +, buildPythonPackage +, fetchFromGitHub +, requests +}: + +buildPythonPackage rec { + pname = "yalesmartalarmclient"; + version = "0.3.1"; + + src = fetchFromGitHub { + owner = "domwillcode"; + repo = "yale-smart-alarm-client"; + rev = "v${version}"; + sha256 = "0fscp9n66h8a8khvjs2rjgm95xsdckpknadnyxqdmhw3hlj0aw6h"; + }; + + propagatedBuildInputs = [ requests ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "yalesmartalarmclient" ]; + + meta = with lib; { + description = "Python module to interface with Yale Smart Alarm Systems"; + homepage = "https://github.com/mampfes/python-wiffi"; + license = with licenses; [ asl20 ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/pkgs/development/tools/sumneko-lua-language-server/default.nix b/pkgs/development/tools/sumneko-lua-language-server/default.nix index d63493ba7a1..f962447feb7 100644 --- a/pkgs/development/tools/sumneko-lua-language-server/default.nix +++ b/pkgs/development/tools/sumneko-lua-language-server/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "sumneko-lua-language-server"; - version = "1.11.2"; + version = "1.16.0"; src = fetchFromGitHub { owner = "sumneko"; repo = "lua-language-server"; rev = version; - sha256 = "1cnzwfqmzlzi6797l37arhhx2l6wsvs3jjgxdxwdbgq3rfz1ncr8"; + sha256 = "1fqhvmz7a4qgz3zq6qgpcjhhhm2j4wpx0385n3zcphd9h9s3a9xa"; fetchSubmodules = true; }; diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix index 3c244696f1f..fe0d0a16022 100644 --- a/pkgs/servers/home-assistant/component-packages.nix +++ b/pkgs/servers/home-assistant/component-packages.nix @@ -953,7 +953,7 @@ "xiaomi_tv" = ps: with ps; [ ]; # missing inputs: pymitv "xmpp" = ps: with ps; [ slixmpp ]; "xs1" = ps: with ps; [ ]; # missing inputs: xs1-api-client - "yale_smart_alarm" = ps: with ps; [ ]; # missing inputs: yalesmartalarmclient + "yale_smart_alarm" = ps: with ps; [ yalesmartalarmclient ]; "yamaha" = ps: with ps; [ rxv ]; "yamaha_musiccast" = ps: with ps; [ ]; # missing inputs: pymusiccast "yandex_transport" = ps: with ps; [ ]; # missing inputs: aioymaps diff --git a/pkgs/servers/xandikos/default.nix b/pkgs/servers/xandikos/default.nix index 5241139cfa3..60480b3ac2b 100644 --- a/pkgs/servers/xandikos/default.nix +++ b/pkgs/servers/xandikos/default.nix @@ -6,13 +6,13 @@ python3Packages.buildPythonApplication rec { pname = "xandikos"; - version = "0.2.3"; + version = "0.2.5"; src = fetchFromGitHub { owner = "jelmer"; repo = "xandikos"; rev = "v${version}"; - sha256 = "1x0bylmdizirvlcn6ryd43lffpmlq0cklj3jz956scmxgq4p6wby"; + sha256 = "sha256-/pr8ZqgYk24CdJNAETCDF4ZtufXkVEu1Zw25PcPEo7M="; }; propagatedBuildInputs = with python3Packages; [ diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 86c44ef0953..ff2d70f3924 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.30" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.31" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index dd5d4dc2f6b..60aa8ce9eb0 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: f444c3995f21f9e9eaba63d465fac7d60ba88ebb - ref: refs/tags/6.0.30 + revision: 56ef940a085620b127d61a516bc10241a795f92b + ref: refs/tags/6.0.31 specs: - metasploit-framework (6.0.30) + metasploit-framework (6.0.31) actionpack (~> 5.2.2) activerecord (~> 5.2.2) activesupport (~> 5.2.2) @@ -124,7 +124,7 @@ GEM arel-helpers (2.12.0) activerecord (>= 3.1.0, < 7) aws-eventstream (1.1.0) - aws-partitions (1.427.0) + aws-partitions (1.428.0) aws-sdk-core (3.112.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) @@ -215,7 +215,7 @@ GEM activesupport (~> 5.2.2) railties (~> 5.2.2) metasploit-payloads (2.0.28) - metasploit_data_models (4.1.1) + metasploit_data_models (4.1.2) activerecord (~> 5.2.2) activesupport (~> 5.2.2) arel-helpers @@ -224,6 +224,7 @@ GEM pg railties (~> 5.2.2) recog (~> 2.0) + webrick metasploit_payloads-mettle (1.0.6) method_source (1.0.0) mini_portile2 (2.5.0) @@ -326,7 +327,7 @@ GEM rex-text rex-socket (0.1.25) rex-core - rex-sslscan (0.1.5) + rex-sslscan (0.1.6) rex-core rex-socket rex-text diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index f2358d1f80d..a0fa76e9c7f 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -8,13 +8,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.0.30"; + version = "6.0.31"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-DD/nFbSNs3nVNe+W+5zAmDlvMCseYuWWpKX9Dp+9Etc="; + sha256 = "sha256-wt7VeS8NnmJHMhry/68W1S1f9jUnsSHnhUSrCQN1qNM="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index 72f60a90ea4..429e685b8f0 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -114,10 +114,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1v7dwyqkwdbp4f627y459lj22vimjzwhk2z987bcncq2ml7ldrfz"; + sha256 = "13rvpllihvpksf1jqwa2i5vbv2hhb34viaidw4rkxr3dyygkdpj8"; type = "gem"; }; - version = "1.427.0"; + version = "1.428.0"; }; aws-sdk-core = { groups = ["default"]; @@ -524,12 +524,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "f444c3995f21f9e9eaba63d465fac7d60ba88ebb"; - sha256 = "1mqjpnghxzd5ljbfaqhy5cq6yfcqq2fgp5pg6papkcwdnhayfgqc"; + rev = "56ef940a085620b127d61a516bc10241a795f92b"; + sha256 = "1lx8fl1hkas4hpkj3c976pv5ybfm2spzzwhs693n57hd5xwxbpn2"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.0.30"; + version = "6.0.31"; }; metasploit-model = { groups = ["default"]; @@ -556,10 +556,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1czqg49b7n9n2iqp6r4f1cxh8kd39gbjvydq09hzmzdmkwxh3x1f"; + sha256 = "1kzlvq20ml4b5lr1qbrkmivdi37mxi8fasdqg4yla2libfbdz008"; type = "gem"; }; - version = "4.1.1"; + version = "4.1.2"; }; metasploit_payloads-mettle = { groups = ["default"]; @@ -1086,10 +1086,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06gbx45q653ajcx099p0yxdqqxazfznbrqshd4nwiwg1p498lmyx"; + sha256 = "0r58n1ifbay1gq3kln9yg5iqjwp69l0pmb9sqakhqwhjlhzqx2kr"; type = "gem"; }; - version = "0.1.5"; + version = "0.1.6"; }; rex-struct2 = { groups = ["default"]; diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 8e9824fe901..d67b31e9c3d 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -8512,6 +8512,8 @@ in { yahooweather = callPackage ../development/python-modules/yahooweather { }; + yalesmartalarmclient = callPackage ../development/python-modules/yalesmartalarmclient { }; + yamale = callPackage ../development/python-modules/yamale { }; yamllint = callPackage ../development/python-modules/yamllint { };