From b155b1dafb52b4b9e352da2da9bf914be29a325a Mon Sep 17 00:00:00 2001 From: CrystalGamma Date: Thu, 2 Jul 2020 20:15:08 +0200 Subject: [PATCH 01/20] makeModulesClosure: handle builtin modules better The previous code discarded entire dependency trees if the first entry in the dependency list compiled by `modprobe --show-depends` is a builtin and otherwise handled its output in a rather hackish way. --- pkgs/build-support/kernel/modules-closure.sh | 67 +++++++++++++------- 1 file changed, 43 insertions(+), 24 deletions(-) diff --git a/pkgs/build-support/kernel/modules-closure.sh b/pkgs/build-support/kernel/modules-closure.sh index 220f3b00a77..68d840f1614 100644 --- a/pkgs/build-support/kernel/modules-closure.sh +++ b/pkgs/build-support/kernel/modules-closure.sh @@ -19,36 +19,55 @@ version=$(cd $kernel/lib/modules && ls -d *) echo "kernel version is $version" # Determine the dependencies of each root module. -closure= +mkdir -p $out/lib/modules/"$version" +touch closure for module in $rootModules; do echo "root module: $module" - deps=$(modprobe --config no-config -d $kernel --set-version "$version" --show-depends "$module" \ - | sed 's/^insmod //') \ - || if test -z "$allowMissing"; then exit 1; fi - if [[ "$deps" != builtin* ]]; then - closure="$closure $deps" + modprobe --config no-config -d $kernel --set-version "$version" --show-depends "$module" \ + | while read cmd module args; do + case "$cmd" in + builtin) + touch found + echo "$module" >>closure + echo " builtin dependency: $module";; + insmod) + touch found + if ! test -e "$module"; then + echo " dependency not found: $module" + exit 1 + fi + target=$(echo "$module" | sed "s^$NIX_STORE.*/lib/modules/^$out/lib/modules/^") + if test -e "$target"; then + echo " dependency already copied: $module" + continue + fi + echo "$module" >>closure + echo " copying dependency: $module" + mkdir -p $(dirname $target) + cp "$module" "$target" + # If the kernel is compiled with coverage instrumentation, it + # contains the paths of the *.gcda coverage data output files + # (which it doesn't actually use...). Get rid of them to prevent + # the whole kernel from being included in the initrd. + nuke-refs "$target" + echo "$target" >> $out/insmod-list;; + *) + echo " unexpected modprobe output: $cmd $module" + exit 1;; + esac + done || test -n "$allowMissing" + if ! test -e found; then + echo " not found" + if test -z "$allowMissing"; then + exit 1 + fi + else + rm found fi done -echo "closure:" -mkdir -p $out/lib/modules/"$version" -for module in $closure; do - target=$(echo $module | sed "s^$NIX_STORE.*/lib/modules/^$out/lib/modules/^") - if test -e "$target"; then continue; fi - if test \! -e "$module"; then continue; fi # XXX: to avoid error with "cp builtin builtin" - mkdir -p $(dirname $target) - echo $module - cp $module $target - # If the kernel is compiled with coverage instrumentation, it - # contains the paths of the *.gcda coverage data output files - # (which it doesn't actually use...). Get rid of them to prevent - # the whole kernel from being included in the initrd. - nuke-refs $target - echo $target >> $out/insmod-list -done - mkdir -p $out/lib/firmware -for module in $closure; do +for module in $(cat closure); do for i in $(modinfo -F firmware $module); do mkdir -p "$out/lib/firmware/$(dirname "$i")" echo "firmware for $module: $i" From b5a6cfe4e2a15db9036e3627083670d2e7f14e07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Tue, 11 Aug 2020 13:29:02 +0200 Subject: [PATCH 02/20] intel-compute-runtime: add libstdc++ to RPATH --- pkgs/os-specific/linux/intel-compute-runtime/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/intel-compute-runtime/default.nix b/pkgs/os-specific/linux/intel-compute-runtime/default.nix index 869041256b6..5a3a5bf7a4d 100644 --- a/pkgs/os-specific/linux/intel-compute-runtime/default.nix +++ b/pkgs/os-specific/linux/intel-compute-runtime/default.nix @@ -43,7 +43,7 @@ stdenv.mkDerivation rec { ''; postFixup = '' - patchelf --set-rpath ${stdenv.lib.makeLibraryPath [ intel-gmmlib intel-graphics-compiler libva ]} \ + patchelf --set-rpath ${stdenv.lib.makeLibraryPath [ intel-gmmlib intel-graphics-compiler libva stdenv.cc.cc.lib ]} \ $out/lib/intel-opencl/libigdrcl.so ''; From 9b56677634938860eedd06f9415432add0491ad7 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 11 Aug 2020 21:09:41 -0400 Subject: [PATCH 03/20] nixos/mysql: remove variable with confusing name --- nixos/modules/services/databases/mysql.nix | 26 ++++++++++------------ 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 2e8c5b7640b..63e769e0b0b 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -6,12 +6,10 @@ let cfg = config.services.mysql; - mysql = cfg.package; - - isMariaDB = lib.getName mysql == lib.getName pkgs.mariadb; + isMariaDB = lib.getName cfg.package == lib.getName pkgs.mariadb; mysqldOptions = - "--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}"; + "--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${cfg.package}"; settingsFile = pkgs.writeText "my.cnf" ( generators.toINI { listsAsDuplicateKeys = true; } cfg.settings + @@ -329,7 +327,7 @@ in users.groups.mysql.gid = config.ids.gids.mysql; - environment.systemPackages = [mysql]; + environment.systemPackages = [ cfg.package ]; environment.etc."my.cnf".source = cfg.configFile; @@ -357,12 +355,12 @@ in preStart = if isMariaDB then '' if ! test -e ${cfg.dataDir}/mysql; then - ${mysql}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${mysqldOptions} + ${cfg.package}/bin/mysql_install_db --defaults-file=/etc/my.cnf ${mysqldOptions} touch ${cfg.dataDir}/mysql_init fi '' else '' if ! test -e ${cfg.dataDir}/mysql; then - ${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} --initialize-insecure + ${cfg.package}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} --initialize-insecure touch ${cfg.dataDir}/mysql_init fi ''; @@ -372,7 +370,7 @@ in Restart = "on-abort"; RestartSec = "5s"; # The last two environment variables are used for starting Galera clusters - ExecStart = "${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION"; + ExecStart = "${cfg.package}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION"; ExecStartPost = let setupScript = pkgs.writeScript "mysql-setup" '' @@ -416,7 +414,7 @@ in cat ${database.schema}/mysql-databases/*.sql fi ''} - ) | ${mysql}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -u root -N fi '') cfg.initialDatabases} @@ -428,7 +426,7 @@ in echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;" echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');" echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';" - ) | ${mysql}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -u root -N ''} ${optionalString (cfg.replication.role == "slave") @@ -438,7 +436,7 @@ in ( echo "stop slave;" echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';" echo "start slave;" - ) | ${mysql}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -u root -N ''} ${optionalString (cfg.initialScript != null) @@ -446,7 +444,7 @@ in # Execute initial script # using toString to avoid copying the file to nix store if given as path instead of string, # as it might contain credentials - cat ${toString cfg.initialScript} | ${mysql}/bin/mysql -u root -N + cat ${toString cfg.initialScript} | ${cfg.package}/bin/mysql -u root -N ''} rm ${cfg.dataDir}/mysql_init @@ -457,7 +455,7 @@ in ${concatMapStrings (database: '' echo "CREATE DATABASE IF NOT EXISTS \`${database}\`;" '') cfg.ensureDatabases} - ) | ${mysql}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -u root -N ''} ${concatMapStrings (user: @@ -466,7 +464,7 @@ in ${concatStringsSep "\n" (mapAttrsToList (database: permission: '' echo "GRANT ${permission} ON ${database} TO '${user.name}'@'localhost';" '') user.ensurePermissions)} - ) | ${mysql}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -u root -N '') cfg.ensureUsers} ''; in From 3792fef4ec8ec089ae244a35172e540d34a9b06c Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 11 Aug 2020 21:12:59 -0400 Subject: [PATCH 04/20] nixos/mysql: add group option --- nixos/modules/services/databases/mysql.nix | 26 +++++++++++++++------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 63e769e0b0b..021a9bbe6eb 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -59,6 +59,12 @@ in description = "User account under which MySQL runs"; }; + group = mkOption { + type = types.str; + default = "mysql"; + description = "Group under which MySQL runs."; + }; + dataDir = mkOption { type = types.path; example = "/var/lib/mysql"; @@ -319,21 +325,25 @@ in }) ]; - users.users.mysql = { - description = "MySQL server user"; - group = "mysql"; - uid = config.ids.uids.mysql; + users.users = optionalAttrs (cfg.user == "mysql") { + mysql = { + description = "MySQL server user"; + group = cfg.group; + uid = config.ids.uids.mysql; + }; }; - users.groups.mysql.gid = config.ids.gids.mysql; + users.groups = optionalAttrs (cfg.group == "mysql") { + mysql.gid = config.ids.gids.mysql; + }; environment.systemPackages = [ cfg.package ]; environment.etc."my.cnf".source = cfg.configFile; systemd.tmpfiles.rules = [ - "d '${cfg.dataDir}' 0700 ${cfg.user} mysql - -" - "z '${cfg.dataDir}' 0700 ${cfg.user} mysql - -" + "d '${cfg.dataDir}' 0700 '${cfg.user}' '${cfg.group}' - -" + "z '${cfg.dataDir}' 0700 '${cfg.user}' '${cfg.group}' - -" ]; systemd.services.mysql = let @@ -473,7 +483,7 @@ in "+${setupScript}"; # User and group User = cfg.user; - Group = "mysql"; + Group = cfg.group; # Runtime directory and mode RuntimeDirectory = "mysqld"; RuntimeDirectoryMode = "0755"; From ff9921f0fd26432b9a7ef46a70eab237fb4865ae Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 11 Aug 2020 21:15:02 -0400 Subject: [PATCH 05/20] nixos/mysql: loosen mariadb check --- nixos/modules/services/databases/mysql.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 021a9bbe6eb..c6d30b3796f 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -347,7 +347,7 @@ in ]; systemd.services.mysql = let - hasNotify = (cfg.package == pkgs.mariadb); + hasNotify = isMariaDB; in { description = "MySQL Server"; From 31098a03a21b29204c4616d756878e05d399a3da Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 11 Aug 2020 21:17:02 -0400 Subject: [PATCH 06/20] nixos/mysql: cleanup some descriptions --- nixos/modules/services/databases/mysql.nix | 24 +++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index c6d30b3796f..4f5d442db8b 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -20,7 +20,7 @@ in { imports = [ - (mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd") + (mkRemovedOptionModule [ "services" "mysql" "pidDir" ] "Don't wait for pidfiles, describe dependencies through systemd.") (mkRemovedOptionModule [ "services" "mysql" "rootPassword" ] "Use socket authentication or set the password outside of the nix store.") ]; @@ -44,19 +44,19 @@ in type = types.nullOr types.str; default = null; example = literalExample "0.0.0.0"; - description = "Address to bind to. The default is to bind to all addresses"; + description = "Address to bind to. The default is to bind to all addresses."; }; port = mkOption { type = types.int; default = 3306; - description = "Port of MySQL"; + description = "Port of MySQL."; }; user = mkOption { type = types.str; default = "mysql"; - description = "User account under which MySQL runs"; + description = "User account under which MySQL runs."; }; group = mkOption { @@ -68,7 +68,7 @@ in dataDir = mkOption { type = types.path; example = "/var/lib/mysql"; - description = "Location where MySQL stores its table files"; + description = "Location where MySQL stores its table files."; }; configFile = mkOption { @@ -175,7 +175,7 @@ in initialScript = mkOption { type = types.nullOr types.path; default = null; - description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database"; + description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database."; }; ensureDatabases = mkOption { @@ -263,33 +263,33 @@ in serverId = mkOption { type = types.int; default = 1; - description = "Id of the MySQL server instance. This number must be unique for each instance"; + description = "Id of the MySQL server instance. This number must be unique for each instance."; }; masterHost = mkOption { type = types.str; - description = "Hostname of the MySQL master server"; + description = "Hostname of the MySQL master server."; }; slaveHost = mkOption { type = types.str; - description = "Hostname of the MySQL slave server"; + description = "Hostname of the MySQL slave server."; }; masterUser = mkOption { type = types.str; - description = "Username of the MySQL replication user"; + description = "Username of the MySQL replication user."; }; masterPassword = mkOption { type = types.str; - description = "Password of the MySQL replication user"; + description = "Password of the MySQL replication user."; }; masterPort = mkOption { type = types.int; default = 3306; - description = "Port number on which the MySQL master server runs"; + description = "Port number on which the MySQL master server runs."; }; }; }; From e3c210dfd19f60587a98c055266570d0f950edec Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 11 Aug 2020 21:54:51 -0400 Subject: [PATCH 07/20] nixos/mysql: run ExecStartPost as an unprivileged user --- nixos/modules/services/databases/mysql.nix | 26 +++++++++++++--------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index 4f5d442db8b..c1a6b895bdd 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -321,7 +321,7 @@ in binlog-ignore-db = [ "information_schema" "performance_schema" "mysql" ]; }) (mkIf (!isMariaDB) { - plugin-load-add = optional (cfg.ensureUsers != []) "auth_socket.so"; + plugin-load-add = "auth_socket.so"; }) ]; @@ -383,6 +383,8 @@ in ExecStart = "${cfg.package}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION"; ExecStartPost = let + # The super user account to use on *first* run of MySQL server + superUser = if isMariaDB then cfg.user else "root"; setupScript = pkgs.writeScript "mysql-setup" '' #!${pkgs.runtimeShell} -e @@ -405,6 +407,12 @@ in if [ -f ${cfg.dataDir}/mysql_init ] then + # While MariaDB comes with a 'mysql' super user account since 10.4.x MySQL does not + # Since we don't want to run this service as 'root' we need to ensure the account exists on first run + ( echo "CREATE USER IF NOT EXISTS '${cfg.user}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};" + echo "GRANT ALL PRIVILEGES ON *.* TO '${cfg.user}'@'localhost' WITH GRANT OPTION;" + ) | ${cfg.package}/bin/mysql -u ${superUser} -N + ${concatMapStrings (database: '' # Create initial databases if ! test -e "${cfg.dataDir}/${database.name}"; then @@ -424,7 +432,7 @@ in cat ${database.schema}/mysql-databases/*.sql fi ''} - ) | ${cfg.package}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -u ${superUser} -N fi '') cfg.initialDatabases} @@ -436,7 +444,7 @@ in echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;" echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');" echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';" - ) | ${cfg.package}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -u ${superUser} -N ''} ${optionalString (cfg.replication.role == "slave") @@ -446,7 +454,7 @@ in ( echo "stop slave;" echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';" echo "start slave;" - ) | ${cfg.package}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -u ${superUser} -N ''} ${optionalString (cfg.initialScript != null) @@ -454,7 +462,7 @@ in # Execute initial script # using toString to avoid copying the file to nix store if given as path instead of string, # as it might contain credentials - cat ${toString cfg.initialScript} | ${cfg.package}/bin/mysql -u root -N + cat ${toString cfg.initialScript} | ${cfg.package}/bin/mysql -u ${superUser} -N ''} rm ${cfg.dataDir}/mysql_init @@ -465,7 +473,7 @@ in ${concatMapStrings (database: '' echo "CREATE DATABASE IF NOT EXISTS \`${database}\`;" '') cfg.ensureDatabases} - ) | ${cfg.package}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -N ''} ${concatMapStrings (user: @@ -474,13 +482,11 @@ in ${concatStringsSep "\n" (mapAttrsToList (database: permission: '' echo "GRANT ${permission} ON ${database} TO '${user.name}'@'localhost';" '') user.ensurePermissions)} - ) | ${cfg.package}/bin/mysql -u root -N + ) | ${cfg.package}/bin/mysql -N '') cfg.ensureUsers} ''; in - # ensureDatbases & ensureUsers depends on this script being run as root - # when the user has secured their mysql install - "+${setupScript}"; + "${setupScript}"; # User and group User = cfg.user; Group = cfg.group; From 14245e9ad494a810c4d3f761d794ba13e65cf35d Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 12 Aug 2020 15:35:56 +0000 Subject: [PATCH 08/20] operator-sdk: 0.19.2 -> 1.0.0 --- pkgs/development/tools/operator-sdk/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/operator-sdk/default.nix b/pkgs/development/tools/operator-sdk/default.nix index 7e02ada4fe9..cec885499bf 100644 --- a/pkgs/development/tools/operator-sdk/default.nix +++ b/pkgs/development/tools/operator-sdk/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "operator-sdk"; - version = "0.19.2"; + version = "1.0.0"; src = fetchFromGitHub { owner = "operator-framework"; repo = pname; rev = "v${version}"; - sha256 = "1lmnxw6l6lknvbwmw5xh238i0j452sib37fw8ybxp64zwvj2sac0"; + sha256 = "1s59rgr0ssics1487mvx0h37zs7dfjimsvkbs2d8wqc3r8asw0g4"; }; - vendorSha256 = "1xk3zw8w2fynww0z4d66nlclhjf52bk4cv3bh51yyd1mr808lip5"; + vendorSha256 = "0xvjsiaa3qvlix1fm07z080vh79wg0xyx2s6jqnqn7fb3nh65kn7"; doCheck = false; From ab55fd735a732aee524fd5e2c42c25fd2f35ed66 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Wed, 12 Aug 2020 21:08:57 +0000 Subject: [PATCH 09/20] tendermint: 0.33.6 -> 0.33.8 --- pkgs/tools/networking/tendermint/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/tendermint/default.nix b/pkgs/tools/networking/tendermint/default.nix index 4c4013fb36c..081819458f0 100644 --- a/pkgs/tools/networking/tendermint/default.nix +++ b/pkgs/tools/networking/tendermint/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "tendermint"; - version = "0.33.6"; + version = "0.33.8"; src = fetchFromGitHub { owner = "tendermint"; repo = pname; rev = "v${version}"; - sha256 = "17zy18s9373f3fp6bqjgj02irzasfv3b6axi84kw7da17mq68vnv"; + sha256 = "1dcr60gmbkb6833n49mjmlr082ahlv7alaqycl8g3d4f93kdm5c3"; }; vendorSha256 = "0i0n89lal99fqnzva51kp9f7wzqsfmncpshwxhq26kvykp7ji7sw"; From 82f62b22477f1c2f32d5366f8147b6a8b85f333f Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 13 Aug 2020 04:20:00 +0000 Subject: [PATCH 10/20] vale: 2.3.0 -> 2.3.2 --- pkgs/tools/text/vale/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/text/vale/default.nix b/pkgs/tools/text/vale/default.nix index 01e2a366b65..65b2678dfc0 100644 --- a/pkgs/tools/text/vale/default.nix +++ b/pkgs/tools/text/vale/default.nix @@ -2,7 +2,7 @@ buildGoModule rec { pname = "vale"; - version = "2.3.0"; + version = "2.3.2"; subPackages = [ "." ]; outputs = [ "out" "data" ]; @@ -11,7 +11,7 @@ buildGoModule rec { owner = "errata-ai"; repo = "vale"; rev = "v${version}"; - sha256 = "0jxlh8dlhhqw1mrhp42nywnp6wwpk7nw373s89lp3khhqwb1n08f"; + sha256 = "0accs8ygg2h5hk8n4d5hs1fpxp9mlbzic6f4dwrygi463z7c3icc"; }; vendorSha256 = null; From 9d38a815790fe65e6548707c9ed2450e7b65c0a7 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 13 Aug 2020 07:36:55 +0000 Subject: [PATCH 11/20] chezmoi: 1.8.3 -> 1.8.4 --- pkgs/tools/misc/chezmoi/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/misc/chezmoi/default.nix b/pkgs/tools/misc/chezmoi/default.nix index 59e6a174bfa..ad27d146742 100644 --- a/pkgs/tools/misc/chezmoi/default.nix +++ b/pkgs/tools/misc/chezmoi/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "chezmoi"; - version = "1.8.3"; + version = "1.8.4"; src = fetchFromGitHub { owner = "twpayne"; repo = "chezmoi"; rev = "v${version}"; - sha256 = "01px0nj2llas835g1hf8lvhigip4jm4innjacz18c7nf1ddwn7ss"; + sha256 = "0m8ik01y1lag3mgg3g4rxvzndh86b972hv2702dqs28l5zy5h3mv"; }; - vendorSha256 = "1gzg73lrx73rhb9yj6yakv95m8rz1rhjgqjl1a78c8nvaii27a9x"; + vendorSha256 = "18s60k7y64z12lx9lgj13fl1jh0aiqinwxrsz751d2iqhgdi2jja"; doCheck = false; From f08049e712e661503e3bbfffbea81a0efddab573 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Tue, 11 Aug 2020 22:04:16 -0400 Subject: [PATCH 12/20] nixos/mysql: move ExecStartPost into postStart --- nixos/modules/services/databases/mysql.nix | 208 ++++++++++----------- 1 file changed, 102 insertions(+), 106 deletions(-) diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix index c1a6b895bdd..7d0a3f9afc4 100644 --- a/nixos/modules/services/databases/mysql.nix +++ b/nixos/modules/services/databases/mysql.nix @@ -375,118 +375,114 @@ in fi ''; + postStart = let + # The super user account to use on *first* run of MySQL server + superUser = if isMariaDB then cfg.user else "root"; + in '' + ${optionalString (!hasNotify) '' + # Wait until the MySQL server is available for use + count=0 + while [ ! -e /run/mysqld/mysqld.sock ] + do + if [ $count -eq 30 ] + then + echo "Tried 30 times, giving up..." + exit 1 + fi + + echo "MySQL daemon not yet started. Waiting for 1 second..." + count=$((count++)) + sleep 1 + done + ''} + + if [ -f ${cfg.dataDir}/mysql_init ] + then + # While MariaDB comes with a 'mysql' super user account since 10.4.x, MySQL does not + # Since we don't want to run this service as 'root' we need to ensure the account exists on first run + ( echo "CREATE USER IF NOT EXISTS '${cfg.user}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};" + echo "GRANT ALL PRIVILEGES ON *.* TO '${cfg.user}'@'localhost' WITH GRANT OPTION;" + ) | ${cfg.package}/bin/mysql -u ${superUser} -N + + ${concatMapStrings (database: '' + # Create initial databases + if ! test -e "${cfg.dataDir}/${database.name}"; then + echo "Creating initial database: ${database.name}" + ( echo 'create database `${database.name}`;' + + ${optionalString (database.schema != null) '' + echo 'use `${database.name}`;' + + # TODO: this silently falls through if database.schema does not exist, + # we should catch this somehow and exit, but can't do it here because we're in a subshell. + if [ -f "${database.schema}" ] + then + cat ${database.schema} + elif [ -d "${database.schema}" ] + then + cat ${database.schema}/mysql-databases/*.sql + fi + ''} + ) | ${cfg.package}/bin/mysql -u ${superUser} -N + fi + '') cfg.initialDatabases} + + ${optionalString (cfg.replication.role == "master") + '' + # Set up the replication master + + ( echo "use mysql;" + echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;" + echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');" + echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';" + ) | ${cfg.package}/bin/mysql -u ${superUser} -N + ''} + + ${optionalString (cfg.replication.role == "slave") + '' + # Set up the replication slave + + ( echo "stop slave;" + echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';" + echo "start slave;" + ) | ${cfg.package}/bin/mysql -u ${superUser} -N + ''} + + ${optionalString (cfg.initialScript != null) + '' + # Execute initial script + # using toString to avoid copying the file to nix store if given as path instead of string, + # as it might contain credentials + cat ${toString cfg.initialScript} | ${cfg.package}/bin/mysql -u ${superUser} -N + ''} + + rm ${cfg.dataDir}/mysql_init + fi + + ${optionalString (cfg.ensureDatabases != []) '' + ( + ${concatMapStrings (database: '' + echo "CREATE DATABASE IF NOT EXISTS \`${database}\`;" + '') cfg.ensureDatabases} + ) | ${cfg.package}/bin/mysql -N + ''} + + ${concatMapStrings (user: + '' + ( echo "CREATE USER IF NOT EXISTS '${user.name}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};" + ${concatStringsSep "\n" (mapAttrsToList (database: permission: '' + echo "GRANT ${permission} ON ${database} TO '${user.name}'@'localhost';" + '') user.ensurePermissions)} + ) | ${cfg.package}/bin/mysql -N + '') cfg.ensureUsers} + ''; + serviceConfig = { Type = if hasNotify then "notify" else "simple"; Restart = "on-abort"; RestartSec = "5s"; # The last two environment variables are used for starting Galera clusters ExecStart = "${cfg.package}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION"; - ExecStartPost = - let - # The super user account to use on *first* run of MySQL server - superUser = if isMariaDB then cfg.user else "root"; - setupScript = pkgs.writeScript "mysql-setup" '' - #!${pkgs.runtimeShell} -e - - ${optionalString (!hasNotify) '' - # Wait until the MySQL server is available for use - count=0 - while [ ! -e /run/mysqld/mysqld.sock ] - do - if [ $count -eq 30 ] - then - echo "Tried 30 times, giving up..." - exit 1 - fi - - echo "MySQL daemon not yet started. Waiting for 1 second..." - count=$((count++)) - sleep 1 - done - ''} - - if [ -f ${cfg.dataDir}/mysql_init ] - then - # While MariaDB comes with a 'mysql' super user account since 10.4.x MySQL does not - # Since we don't want to run this service as 'root' we need to ensure the account exists on first run - ( echo "CREATE USER IF NOT EXISTS '${cfg.user}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};" - echo "GRANT ALL PRIVILEGES ON *.* TO '${cfg.user}'@'localhost' WITH GRANT OPTION;" - ) | ${cfg.package}/bin/mysql -u ${superUser} -N - - ${concatMapStrings (database: '' - # Create initial databases - if ! test -e "${cfg.dataDir}/${database.name}"; then - echo "Creating initial database: ${database.name}" - ( echo 'create database `${database.name}`;' - - ${optionalString (database.schema != null) '' - echo 'use `${database.name}`;' - - # TODO: this silently falls through if database.schema does not exist, - # we should catch this somehow and exit, but can't do it here because we're in a subshell. - if [ -f "${database.schema}" ] - then - cat ${database.schema} - elif [ -d "${database.schema}" ] - then - cat ${database.schema}/mysql-databases/*.sql - fi - ''} - ) | ${cfg.package}/bin/mysql -u ${superUser} -N - fi - '') cfg.initialDatabases} - - ${optionalString (cfg.replication.role == "master") - '' - # Set up the replication master - - ( echo "use mysql;" - echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;" - echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');" - echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';" - ) | ${cfg.package}/bin/mysql -u ${superUser} -N - ''} - - ${optionalString (cfg.replication.role == "slave") - '' - # Set up the replication slave - - ( echo "stop slave;" - echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';" - echo "start slave;" - ) | ${cfg.package}/bin/mysql -u ${superUser} -N - ''} - - ${optionalString (cfg.initialScript != null) - '' - # Execute initial script - # using toString to avoid copying the file to nix store if given as path instead of string, - # as it might contain credentials - cat ${toString cfg.initialScript} | ${cfg.package}/bin/mysql -u ${superUser} -N - ''} - - rm ${cfg.dataDir}/mysql_init - fi - - ${optionalString (cfg.ensureDatabases != []) '' - ( - ${concatMapStrings (database: '' - echo "CREATE DATABASE IF NOT EXISTS \`${database}\`;" - '') cfg.ensureDatabases} - ) | ${cfg.package}/bin/mysql -N - ''} - - ${concatMapStrings (user: - '' - ( echo "CREATE USER IF NOT EXISTS '${user.name}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};" - ${concatStringsSep "\n" (mapAttrsToList (database: permission: '' - echo "GRANT ${permission} ON ${database} TO '${user.name}'@'localhost';" - '') user.ensurePermissions)} - ) | ${cfg.package}/bin/mysql -N - '') cfg.ensureUsers} - ''; - in - "${setupScript}"; # User and group User = cfg.user; Group = cfg.group; From 806253800ba72152e9f12c9f2fd1e97a3ebecbe8 Mon Sep 17 00:00:00 2001 From: Aaron Andersen Date: Wed, 12 Aug 2020 07:50:24 -0400 Subject: [PATCH 13/20] nixos/mysql: update release notes --- nixos/doc/manual/release-notes/rl-2009.xml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 35ffadc17c5..3a0c1865a62 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -109,6 +109,17 @@ systemd.services.mysql.serviceConfig.ProtectHome = lib.mkForce "read-only"; systemd.services.mysql.serviceConfig.ReadWritePaths = [ "/var/data" ]; + + The MySQL service no longer runs its systemd service startup script as root anymore. A dedicated non root + super user account is required for operation. This means users with an existing MySQL or MariaDB database server are required to run the following SQL statements + as a super admin user before upgrading: + +CREATE USER IF NOT EXISTS 'mysql'@'localhost' identified with unix_socket; +GRANT ALL PRIVILEGES ON *.* TO 'mysql'@'localhost' WITH GRANT OPTION; + + If you use MySQL instead of MariaDB please replace unix_socket with auth_socket. If you have changed the value of + from the default of mysql to a different user please change 'mysql'@'localhost' to the corresponding user instead. + From 6a4339974726bb78dc9f59d54859087ee5fbd429 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20=C8=98erb=C4=83nescu?= Date: Thu, 13 Aug 2020 22:52:41 +0200 Subject: [PATCH 14/20] reportlab: 3.5.46 -> 3.5.47 --- pkgs/development/python-modules/reportlab/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/python-modules/reportlab/default.nix b/pkgs/development/python-modules/reportlab/default.nix index 8463feca219..a7c96ef2e6e 100644 --- a/pkgs/development/python-modules/reportlab/default.nix +++ b/pkgs/development/python-modules/reportlab/default.nix @@ -11,11 +11,11 @@ let ft = freetype.overrideAttrs (oldArgs: { dontDisableStatic = true; }); in buildPythonPackage rec { pname = "reportlab"; - version = "3.5.46"; + version = "3.5.47"; src = fetchPypi { inherit pname version; - sha256 = "56d71b78e7e4bb31a93e1dff13c22d19b7fb3890b021a39b6c3661b095bd7de8"; + sha256 = "0gw0902yjszwxk0air69in7nk4h2q36r96ga3r4bz0p0cnmagcj5"; }; checkInputs = [ glibcLocales ]; @@ -30,6 +30,7 @@ in buildPythonPackage rec { # Remove the tests that require Vera fonts installed rm tests/test_graphics_render.py + rm tests/test_graphics_charts.py ''; checkPhase = '' From 961aa3145599bb7f44afb2eff9667c7ba5d28159 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 12 Aug 2020 19:33:03 +1000 Subject: [PATCH 15/20] buildGoModule: update deleteVendor docs --- doc/languages-frameworks/go.xml | 9 ++++++++- pkgs/development/go-modules/generic/default.nix | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/doc/languages-frameworks/go.xml b/doc/languages-frameworks/go.xml index eee4706e551..26414f23c7d 100644 --- a/doc/languages-frameworks/go.xml +++ b/doc/languages-frameworks/go.xml @@ -40,7 +40,9 @@ pet = buildGoModule rec { subPackages = [ "." ]; - runVend = true; + deleteVendor = true; + + runVend = true; meta = with lib; { description = "Simple command-line snippet manager, written in Go"; @@ -67,6 +69,11 @@ pet = buildGoModule rec { + + deleteVendor removes the pre-existing vendor directory and fetches the dependencies. This should only be used if the dependencies included in the vendor folder are broken or incomplete. + + + runVend runs the vend command to generate the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build. diff --git a/pkgs/development/go-modules/generic/default.nix b/pkgs/development/go-modules/generic/default.nix index 25b031a8229..020f22ecd33 100644 --- a/pkgs/development/go-modules/generic/default.nix +++ b/pkgs/development/go-modules/generic/default.nix @@ -89,7 +89,7 @@ let fi if [ -e vendor ]; then - echo "vendor folder exists, please set 'vendorSha256=null;' or 'deleteVendor=true;' in your expression" + echo "vendor folder exists, please set 'vendorSha256 = null;' in your expression" exit 10 fi From cdd4547867c80bb6ced21d3800d06907090104be Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 12 Aug 2020 20:14:58 +1000 Subject: [PATCH 16/20] buildGoModule: check if vendor exists with deleteVendor --- pkgs/development/go-modules/generic/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkgs/development/go-modules/generic/default.nix b/pkgs/development/go-modules/generic/default.nix index 020f22ecd33..c1550238721 100644 --- a/pkgs/development/go-modules/generic/default.nix +++ b/pkgs/development/go-modules/generic/default.nix @@ -85,10 +85,15 @@ let runHook preBuild if [ ${deleteFlag} == "true" ]; then - rm -rf vendor + if [ ! -d vendor ]; then + echo "vendor folder does not exist, 'deleteVendor' is not needed" + exit 10 + else + rm -rf vendor + fi fi - if [ -e vendor ]; then + if [ -d vendor ]; then echo "vendor folder exists, please set 'vendorSha256 = null;' in your expression" exit 10 fi From 465646f12e91e93988739021093d1def7748d3b2 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Wed, 12 Aug 2020 08:25:46 +1000 Subject: [PATCH 17/20] .github/CODEOWNERS: add go compilers and builders --- .github/CODEOWNERS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 4be9ae506ea..d362d857838 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -202,3 +202,8 @@ # Blockchains /pkgs/applications/blockchains @mmahut + +# Go +/pkgs/development/compilers/go @kalbasit @Mic92 @zowoq +/pkgs/development/go-modules @kalbasit @Mic92 @zowoq +/pkgs/development/go-packages @kalbasit @Mic92 @zowoq From 20fab51c3f02d908172d9a67dbff7840ff5f5b86 Mon Sep 17 00:00:00 2001 From: "R. RyanTM" Date: Thu, 13 Aug 2020 23:50:47 +0000 Subject: [PATCH 18/20] gitolite: 3.6.11 -> 3.6.12 --- pkgs/applications/version-management/gitolite/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/version-management/gitolite/default.nix b/pkgs/applications/version-management/gitolite/default.nix index 60fed6954dc..d0853f33978 100644 --- a/pkgs/applications/version-management/gitolite/default.nix +++ b/pkgs/applications/version-management/gitolite/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "gitolite"; - version = "3.6.11"; + version = "3.6.12"; src = fetchFromGitHub { owner = "sitaramc"; repo = "gitolite"; rev = "v${version}"; - sha256 = "1rkj7gknwjlc5ij9w39zf5mr647bm45la57yjczydmvrb8c56yrh"; + sha256 = "05xw1pmagvkrbzga5pgl3xk9qyc6b5x73f842454f3w9ijspa8zy"; }; buildInputs = [ nettools perl ]; From 49a99103c83bc5dc46576834f575a400b1940a4f Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Tue, 11 Aug 2020 07:13:56 +0200 Subject: [PATCH 19/20] =?UTF-8?q?ocamlPackages.uucd:=2010.0.0=20=E2=86=92?= =?UTF-8?q?=2013.0.0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pkgs/development/ocaml-modules/uucd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/ocaml-modules/uucd/default.nix b/pkgs/development/ocaml-modules/uucd/default.nix index 097676e8abb..355b177b204 100644 --- a/pkgs/development/ocaml-modules/uucd/default.nix +++ b/pkgs/development/ocaml-modules/uucd/default.nix @@ -6,11 +6,11 @@ let in stdenv.mkDerivation rec { name = "ocaml-${pname}-${version}"; - version = "10.0.0"; + version = "13.0.0"; src = fetchurl { url = "${webpage}/releases/${pname}-${version}.tbz"; - sha256 = "0cdyg6vaic4n58w80qriwvaq1c40ng3fh74ilxrwajbq163k055q"; + sha256 = "1fg77hg4ibidkv1x8hhzl8z3rzmyymn8m4i35jrdibb8adigi8v2"; }; buildInputs = [ ocaml findlib ocamlbuild topkg ]; From c25d99efcb49408f0ceb402a400409af055e4bfb Mon Sep 17 00:00:00 2001 From: Vincent Laporte Date: Fri, 7 Aug 2020 10:31:59 +0200 Subject: [PATCH 20/20] =?UTF-8?q?ocamlPackages.merlin-extend:=200.4=20?= =?UTF-8?q?=E2=86=92=200.6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../ocaml-modules/merlin-extend/default.nix | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/pkgs/development/ocaml-modules/merlin-extend/default.nix b/pkgs/development/ocaml-modules/merlin-extend/default.nix index ad3b1337977..752fbc039fa 100644 --- a/pkgs/development/ocaml-modules/merlin-extend/default.nix +++ b/pkgs/development/ocaml-modules/merlin-extend/default.nix @@ -1,20 +1,18 @@ -{ lib, buildDunePackage, fetchFromGitHub, cppo }: +{ lib, buildDunePackage, fetchurl, cppo }: buildDunePackage rec { pname = "merlin-extend"; - version = "0.4"; + version = "0.6"; - src = fetchFromGitHub { - owner = "let-def"; - repo = pname; - sha256 = "1dxiqmm7ry24gvw6p9n4mrz37mnq4s6m8blrccsv3rb8yq82acx9"; - rev = "v${version}"; + src = fetchurl { + url = "https://github.com/let-def/merlin-extend/releases/download/v${version}/merlin-extend-v${version}.tbz"; + sha256 = "0hvc4mz92x3rl2dxwrhvhzwl4gilnyvvwcqgr45vmdpyjyp3dwn2"; }; buildInputs = [ cppo ]; meta = with lib; { - inherit (src.meta) homepage; + homepage = "https://github.com/let-def/merlin-extend"; description = "SDK to extend Merlin"; license = licenses.mit; maintainers = [ maintainers.volth ];