From 2fea3122d4fe967a74d14ee49cfaeb2a046292f8 Mon Sep 17 00:00:00 2001 From: Kranium Gikos Mendoza Date: Fri, 27 Aug 2021 20:09:15 +1000 Subject: [PATCH 01/11] libaom: disable NEON on armv7l (cherry picked from commit b7066a57deb8bb3f13ab7f2ef5e389c0559edac0) --- pkgs/development/libraries/libaom/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/libraries/libaom/default.nix b/pkgs/development/libraries/libaom/default.nix index 83f5de4d013..180c78e5ab2 100644 --- a/pkgs/development/libraries/libaom/default.nix +++ b/pkgs/development/libraries/libaom/default.nix @@ -35,6 +35,10 @@ stdenv.mkDerivation rec { ] ++ lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [ # CPU detection isn't supported on Darwin and breaks the aarch64-darwin build: "-DCONFIG_RUNTIME_CPU_DETECT=0" + ] ++ lib.optionals stdenv.isAarch32 [ + # armv7l-hf-multiplatform does not support NEON + # see lib/systems/platform.nix + "-DENABLE_NEON=0" ]; postFixup = '' From cb8066b1932df8a07bbeeb25c4884a0fc834e9d7 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 27 Sep 2021 20:00:37 +0000 Subject: [PATCH 02/11] linux/hardened/patches/4.14: 4.14.247-hardened1 -> 4.14.248-hardened1 (cherry picked from commit 1e05c4eae9ec704b7057dcec87cf5007d6a081ac) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 36c7b557818..5e695be4ca4 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -1,9 +1,9 @@ { "4.14": { "extra": "-hardened1", - "name": "linux-hardened-4.14.247-hardened1.patch", - "sha256": "0k3ii26ry0cszxs5n4ljll61p1kdi3dn5cvzjr8zb78bfrk7lbra", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.247-hardened1/linux-hardened-4.14.247-hardened1.patch" + "name": "linux-hardened-4.14.248-hardened1.patch", + "sha256": "1lwqlpd21f8rwqfyz61083w0lg2bjzdjf7rzrqxsw1jz0l879035", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.248-hardened1/linux-hardened-4.14.248-hardened1.patch" }, "4.19": { "extra": "-hardened1", From 559153f26764cda97f2f8bdeefff88eeeb001e48 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 27 Sep 2021 20:00:38 +0000 Subject: [PATCH 03/11] linux/hardened/patches/4.19: 4.19.207-hardened1 -> 4.19.208-hardened1 (cherry picked from commit 9e78068b041dfebbac36958d6745bc3ef2415d5d) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 5e695be4ca4..5d4bdfc185f 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -7,9 +7,9 @@ }, "4.19": { "extra": "-hardened1", - "name": "linux-hardened-4.19.207-hardened1.patch", - "sha256": "1yn6c8axvnmck1ignw4k3pi458x0m2qm7g5vjwf2rw8cnzskrs48", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.207-hardened1/linux-hardened-4.19.207-hardened1.patch" + "name": "linux-hardened-4.19.208-hardened1.patch", + "sha256": "0bg45n1kgd628gwjkp1vxslxyci6589ygy9mmmhpl7kj3y7370ck", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.208-hardened1/linux-hardened-4.19.208-hardened1.patch" }, "5.10": { "extra": "-hardened1", From ee4a4412a1ebc6f81b265d1bcd14fc22963ca298 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 27 Sep 2021 20:00:39 +0000 Subject: [PATCH 04/11] linux/hardened/patches/5.10: 5.10.68-hardened1 -> 5.10.69-hardened1 (cherry picked from commit c4ea02fc5c468ebd06f9575eb764ad4d08c8fdd6) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 5d4bdfc185f..5dcd6aac7a8 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -13,9 +13,9 @@ }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.68-hardened1.patch", - "sha256": "11cn72lzgc6vcbx4xbdvfxrfwy3hfn7sqjxf5laqw9jdhacnlhvn", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.68-hardened1/linux-hardened-5.10.68-hardened1.patch" + "name": "linux-hardened-5.10.69-hardened1.patch", + "sha256": "11frhnprvxnqxm8yn1kay2jv2i473i9glnvsjnqz6kj8f0q2gl4v", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.69-hardened1/linux-hardened-5.10.69-hardened1.patch" }, "5.13": { "extra": "-hardened1", From e62dfb6de951a173698e89eda32097e55175c28d Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 27 Sep 2021 20:00:40 +0000 Subject: [PATCH 05/11] linux/hardened/patches/5.14: 5.14.7-hardened1 -> 5.14.8-hardened1 (cherry picked from commit 05ed561fb6de4fce668d5c5d1c2c7ae18ab8aff5) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 5dcd6aac7a8..2a207669e16 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -25,9 +25,9 @@ }, "5.14": { "extra": "-hardened1", - "name": "linux-hardened-5.14.7-hardened1.patch", - "sha256": "18i0qxhzga2vg0kal5ifsks0vra6gj21q6whcjry9sglxandn2vg", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.7-hardened1/linux-hardened-5.14.7-hardened1.patch" + "name": "linux-hardened-5.14.8-hardened1.patch", + "sha256": "1kg02ixyd2dbk97iz28g26k1nnxi96s0bcyr90wc7diylhf7kz4a", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.8-hardened1/linux-hardened-5.14.8-hardened1.patch" }, "5.4": { "extra": "-hardened1", From 0fd3917aa6ea36133afdbe352eac9474958fc050 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Mon, 27 Sep 2021 20:00:41 +0000 Subject: [PATCH 06/11] linux/hardened/patches/5.4: 5.4.148-hardened1 -> 5.4.149-hardened1 (cherry picked from commit a92a208a9d8eaba19a5d985f567387adea455687) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 2a207669e16..fa3dea08ece 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -31,8 +31,8 @@ }, "5.4": { "extra": "-hardened1", - "name": "linux-hardened-5.4.148-hardened1.patch", - "sha256": "0kb2d9csm8bbjark2ii0n1jpfcr6avdr8r5g97awzbg9jxkfs0j4", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.148-hardened1/linux-hardened-5.4.148-hardened1.patch" + "name": "linux-hardened-5.4.149-hardened1.patch", + "sha256": "1v21dz66ngsdsdcld23rgmidz955x74al5nsxnvwasc5gh18ahh9", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.149-hardened1/linux-hardened-5.4.149-hardened1.patch" } } From 57b924eab196e16b80a6076f4d4ffccedda9582a Mon Sep 17 00:00:00 2001 From: Lara Date: Thu, 30 Sep 2021 21:42:28 +0000 Subject: [PATCH 07/11] nextcloud: 20.0.12 -> 20.0.13, 21.0.4 -> 21.0.5, 22.1.1 -> 22.2.0 (cherry picked from commit 49573709c5f842f0e3fbe4da3cd02f1c74aa9b1b) --- pkgs/servers/nextcloud/default.nix | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/servers/nextcloud/default.nix b/pkgs/servers/nextcloud/default.nix index 385483ead8d..39c3afce3fe 100644 --- a/pkgs/servers/nextcloud/default.nix +++ b/pkgs/servers/nextcloud/default.nix @@ -55,18 +55,18 @@ in { }; nextcloud20 = generic { - version = "20.0.12"; - sha256 = "sha256-gIIPuWVcWv/5nuXMWticcPBKMjJVsCmvs83tj8fdbgY="; + version = "20.0.13"; + sha256 = "15mi51aayi3m8brxc0w51mbxp4h3hjv14gr5mm7ch2930x655gg9"; }; nextcloud21 = generic { - version = "21.0.4"; - sha256 = "sha256-Sg0w/r+6UxGLqZCgwtLBZ2e3eqZ2r8k30gGNaGXF/jo="; + version = "21.0.5"; + sha256 = "1q46h480kn97k7h3xm7r5gsa8l3f0kfiicapi46sh0p39pbjbyhv"; }; nextcloud22 = generic { - version = "22.1.1"; - sha256 = "sha256-5VtuuXf7U5CB4zp9jxluOEMOszfMdr8DeaZjpJf73ls="; + version = "22.2.0"; + sha256 = "07ryvynws65k42n6ca20nni1vqr90fsrd2dpx2bvh09mwhyblg97"; }; # tip: get she sha with: # curl 'https://download.nextcloud.com/server/releases/nextcloud-${version}.tar.bz2.sha256' From f182b8d23b0d92d1d3ad53c604e2cc182c3b25b3 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 1 Oct 2021 15:25:31 +0200 Subject: [PATCH 08/11] nixos/nextcloud: temp fix for MariaDB >=10.6 The MariaDB version 10.6 doesn't seem supported with current Nextcloud versions and the test fails with the following error[1]: nextcloud # [ 14.950034] nextcloud-setup-start[1001]: Error while trying to initialise the database: An exception occurred while executing a query: SQLSTATE[HY000]: General error: 4047 InnoDB refuses to write tables with ROW_FORMAT=COMPRESSED or KEY_BLOCK_SIZE. According to a support-thread in upstream's Discourse[2] this is because of a missing support so far. Considering that we haven't received any bugreports so far - even though the issue already exists on master - and the workaround[3] appears to work fine, an evaluation warning for administrators should be sufficient. [1] https://hydra.nixos.org/build/155015223 [2] https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/15 [3] setting `innodb_read_only_compressed=0` (cherry picked from commit 675e262f5a03eb9aa6b0500434ee30a9d6b882a0) --- nixos/modules/services/web-apps/nextcloud.nix | 29 ++++++++++++++++++- .../nextcloud/with-mysql-and-memcached.nix | 7 +++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index 4b9b0806bac..d047a768233 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -399,13 +399,40 @@ in { The package can be upgraded by explicitly declaring the service-option `services.nextcloud.package`. ''; + + # FIXME(@Ma27) remove as soon as nextcloud properly supports + # mariadb >=10.6. + isUnsupportedMariadb = + # All currently supported Nextcloud versions are affected. + (versionOlder cfg.package.version "23") + # This module uses mysql + && (cfg.config.dbtype == "mysql") + # MySQL is managed via NixOS + && config.services.mysql.enable + # We're using MariaDB + && (getName config.services.mysql.package) == "mariadb-server" + # MariaDB is at least 10.6 and thus not supported + && (versionAtLeast (getVersion config.services.mysql.package) "10.6"); + in (optional (cfg.poolConfig != null) '' Using config.services.nextcloud.poolConfig is deprecated and will become unsupported in a future release. Please migrate your configuration to config.services.nextcloud.poolSettings. '') ++ (optional (versionOlder cfg.package.version "19") (upgradeWarning 18 "20.09")) ++ (optional (versionOlder cfg.package.version "20") (upgradeWarning 19 "21.05")) - ++ (optional (versionOlder cfg.package.version "21") (upgradeWarning 20 "21.05")); + ++ (optional (versionOlder cfg.package.version "21") (upgradeWarning 20 "21.05")) + ++ (optional (versionOlder cfg.package.version "22") (upgradeWarning 21 "21.11")) + ++ (optional isUnsupportedMariadb '' + You seem to be using MariaDB at an unsupported version (i.e. at least 10.6)! + Please note that this isn't supported officially by Nextcloud. You can either + + * Switch to `pkgs.mysql` + * Downgrade MariaDB to at least 10.5 + * Work around Nextcloud's problems by specifying `innodb_read_only_compressed=0` + + For further context, please read + https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/15 + ''); services.nextcloud.package = with pkgs; mkDefault ( diff --git a/nixos/tests/nextcloud/with-mysql-and-memcached.nix b/nixos/tests/nextcloud/with-mysql-and-memcached.nix index 82041874de4..de5f53d559a 100644 --- a/nixos/tests/nextcloud/with-mysql-and-memcached.nix +++ b/nixos/tests/nextcloud/with-mysql-and-memcached.nix @@ -39,6 +39,13 @@ in { enable = true; bind = "127.0.0.1"; package = pkgs.mariadb; + + # FIXME(@Ma27) Nextcloud isn't compatible with mariadb 10.6, + # this is a workaround. + # See https://help.nextcloud.com/t/update-to-next-cloud-21-0-2-has-get-an-error/117028/22 + extraOptions = '' + innodb_read_only_compressed=0 + ''; initialScript = pkgs.writeText "mysql-init" '' CREATE USER 'nextcloud'@'localhost' IDENTIFIED BY 'hunter2'; CREATE DATABASE IF NOT EXISTS nextcloud; From f83bc9fb22e276f4709df51a7e3927537f6435eb Mon Sep 17 00:00:00 2001 From: Artturin Date: Fri, 1 Oct 2021 20:12:06 +0300 Subject: [PATCH 09/11] rxvt-unicode: fix terminfo path (cherry picked from commit 937f349b5f6ed47591fc373017175efb9cf4d13e) --- pkgs/applications/terminal-emulators/rxvt-unicode/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix b/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix index 02f1b100f49..2c130bf02d3 100644 --- a/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix +++ b/pkgs/applications/terminal-emulators/rxvt-unicode/default.nix @@ -49,7 +49,7 @@ stdenv.mkDerivation { configureFlags = [ - "--with-terminfo=$terminfo/share/terminfo" + "--with-terminfo=${placeholder "terminfo"}/share/terminfo" "--enable-256-color" (enableFeature perlSupport "perl") (enableFeature unicode3Support "unicode3") From c1541b370a2c5f444fe4885222af4d490abbeef1 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 1 Oct 2021 17:03:09 +0200 Subject: [PATCH 10/11] nixos/nextcloud: use php8 where possible (cherry picked from commit 66edc1e84625ed5b4bed5868f4093a570a822c2e) --- nixos/modules/services/web-apps/nextcloud.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index d047a768233..4bfa564a67f 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -6,7 +6,7 @@ let cfg = config.services.nextcloud; fpm = config.services.phpfpm.pools.nextcloud; - phpPackage = pkgs.php74.buildEnv { + phpPackage = cfg.phpPackage.buildEnv { extensions = { enabled, all }: (with all; enabled @@ -94,6 +94,14 @@ in { description = "Which package to use for the Nextcloud instance."; relatedPackages = [ "nextcloud19" "nextcloud20" "nextcloud21" "nextcloud22" ]; }; + phpPackage = mkOption { + type = types.package; + relatedPackages = [ "php74" "php80" ]; + defaultText = "pkgs.php"; + description = '' + PHP package to use for Nextcloud. + ''; + }; maxUploadSize = mkOption { default = "512M"; @@ -450,6 +458,10 @@ in { else if versionOlder stateVersion "21.03" then nextcloud19 else nextcloud21 ); + + services.nextcloud.phpPackage = + if versionOlder cfg.package.version "21" then pkgs.php74 + else pkgs.php80; } { systemd.timers.nextcloud-cron = { From 50b29bf6aae0fcbe6e6423369de438616e9c8c75 Mon Sep 17 00:00:00 2001 From: Maximilian Bosch Date: Fri, 1 Oct 2021 17:03:32 +0200 Subject: [PATCH 11/11] nixos/nextcloud: run tests against each Nextcloud instance (cherry picked from commit 10703a8c926e182311cdf538937517db33f4261c) --- nixos/tests/nextcloud/basic.nix | 7 ++++-- nixos/tests/nextcloud/default.nix | 22 ++++++++++++++----- .../nextcloud/with-mysql-and-memcached.nix | 7 ++++-- .../nextcloud/with-postgresql-and-redis.nix | 7 ++++-- 4 files changed, 32 insertions(+), 11 deletions(-) diff --git a/nixos/tests/nextcloud/basic.nix b/nixos/tests/nextcloud/basic.nix index c4ce34748ac..40ee9d5184c 100644 --- a/nixos/tests/nextcloud/basic.nix +++ b/nixos/tests/nextcloud/basic.nix @@ -1,4 +1,6 @@ -import ../make-test-python.nix ({ pkgs, ...}: let +args@{ pkgs, nextcloudVersion ? 22, ... }: + +(import ../make-test-python.nix ({ pkgs, ...}: let adminpass = "notproduction"; adminuser = "root"; in { @@ -39,6 +41,7 @@ in { inherit adminpass; dbtableprefix = "nixos_"; }; + package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; autoUpdateApps = { enable = true; startAt = "20:00"; @@ -100,4 +103,4 @@ in { ) assert "hi" in client.succeed("cat /mnt/dav/test-shared-file") ''; -}) +})) args diff --git a/nixos/tests/nextcloud/default.nix b/nixos/tests/nextcloud/default.nix index e4c7a70606c..65043e509b3 100644 --- a/nixos/tests/nextcloud/default.nix +++ b/nixos/tests/nextcloud/default.nix @@ -2,8 +2,20 @@ config ? {}, pkgs ? import ../../.. { inherit system config; } }: -{ - basic = import ./basic.nix { inherit system pkgs; }; - with-postgresql-and-redis = import ./with-postgresql-and-redis.nix { inherit system pkgs; }; - with-mysql-and-memcached = import ./with-mysql-and-memcached.nix { inherit system pkgs; }; -} + +with pkgs.lib; + +foldl + (matrix: ver: matrix // { + "basic${toString ver}" = import ./basic.nix { inherit system pkgs; nextcloudVersion = ver; }; + "with-postgresql-and-redis${toString ver}" = import ./with-postgresql-and-redis.nix { + inherit system pkgs; + nextcloudVersion = ver; + }; + "with-mysql-and-memcached${toString ver}" = import ./with-mysql-and-memcached.nix { + inherit system pkgs; + nextcloudVersion = ver; + }; + }) + {} + [ 20 21 22 ] diff --git a/nixos/tests/nextcloud/with-mysql-and-memcached.nix b/nixos/tests/nextcloud/with-mysql-and-memcached.nix index de5f53d559a..c0df773eaaa 100644 --- a/nixos/tests/nextcloud/with-mysql-and-memcached.nix +++ b/nixos/tests/nextcloud/with-mysql-and-memcached.nix @@ -1,4 +1,6 @@ -import ../make-test-python.nix ({ pkgs, ...}: let +args@{ pkgs, nextcloudVersion ? 22, ... }: + +(import ../make-test-python.nix ({ pkgs, ...}: let adminpass = "hunter2"; adminuser = "root"; in { @@ -18,6 +20,7 @@ in { enable = true; hostName = "nextcloud"; https = true; + package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; caching = { apcu = true; redis = false; @@ -103,4 +106,4 @@ in { "${withRcloneEnv} ${diffSharedFile}" ) ''; -}) +})) args diff --git a/nixos/tests/nextcloud/with-postgresql-and-redis.nix b/nixos/tests/nextcloud/with-postgresql-and-redis.nix index 81af620598e..36a69fda505 100644 --- a/nixos/tests/nextcloud/with-postgresql-and-redis.nix +++ b/nixos/tests/nextcloud/with-postgresql-and-redis.nix @@ -1,4 +1,6 @@ -import ../make-test-python.nix ({ pkgs, ...}: let +args@{ pkgs, nextcloudVersion ? 22, ... }: + +(import ../make-test-python.nix ({ pkgs, ...}: let adminpass = "hunter2"; adminuser = "custom-admin-username"; in { @@ -17,6 +19,7 @@ in { services.nextcloud = { enable = true; hostName = "nextcloud"; + package = pkgs.${"nextcloud" + (toString nextcloudVersion)}; caching = { apcu = false; redis = true; @@ -96,4 +99,4 @@ in { "${withRcloneEnv} ${diffSharedFile}" ) ''; -}) +})) args