From 9e9da7c4cb7d59a6d3d0309b6f004f31dd12027b Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Sat, 8 May 2021 17:13:18 +0200 Subject: [PATCH 1/7] hylafaxplus: use gentoo patch for libtiff 4.2 --- pkgs/servers/hylafaxplus/default.nix | 8 +++++++- pkgs/servers/hylafaxplus/libtiff-4.2.patch | 13 ------------- 2 files changed, 7 insertions(+), 14 deletions(-) delete mode 100644 pkgs/servers/hylafaxplus/libtiff-4.2.patch diff --git a/pkgs/servers/hylafaxplus/default.nix b/pkgs/servers/hylafaxplus/default.nix index e8bf832a15c..bb56e63c40e 100644 --- a/pkgs/servers/hylafaxplus/default.nix +++ b/pkgs/servers/hylafaxplus/default.nix @@ -2,6 +2,7 @@ , lib , fakeroot , fetchurl +, fetchpatch , libfaketime , substituteAll ## runtime dependencies @@ -68,7 +69,12 @@ stdenv.mkDerivation { inherit sha256; }; patches = [ - ./libtiff-4.2.patch # adjust configure check to work with libtiff > 4.1 + # adjust configure check to work with libtiff > 4.1 + (fetchpatch { + name = "libtiff-4.2.patch"; + url = "https://gitweb.gentoo.org/repo/gentoo.git/plain/net-misc/hylafaxplus/files/hylafaxplus-7.0.2-tiff-4.2.patch?id=82e3eefd5447f36e5bb00068a54b91d8c891ccf6"; + sha256 = "0hhf4wpgj842gz4nxq8s55vnzmciqkyjjaaxdpqawns2746vx0sw"; + }) ]; # Note that `configure` (and maybe `faxsetup`) are looking # for a couple of standard binaries in the `PATH` and diff --git a/pkgs/servers/hylafaxplus/libtiff-4.2.patch b/pkgs/servers/hylafaxplus/libtiff-4.2.patch deleted file mode 100644 index 5da106565f0..00000000000 --- a/pkgs/servers/hylafaxplus/libtiff-4.2.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/configure b/configure -index 7456dcb..90f0e8d 100755 ---- a/configure -+++ b/configure -@@ -2583,7 +2583,7 @@ EOF - echo '#define TIFFSTRIPBYTECOUNTS uint32' - echo '#define TIFFVERSION TIFF_VERSION' - echo '#define TIFFHEADER TIFFHeader';; -- 4.[01]) tiff_runlen_t="uint32" -+ 4.[012]) tiff_runlen_t="uint32" - tiff_offset_t="uint64" - echo '#define TIFFSTRIPBYTECOUNTS uint64' - echo '#define TIFFVERSION TIFF_VERSION_CLASSIC' From 87f08e8899becad629369a43a4b216fb6e1df69f Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Sat, 8 May 2021 17:44:30 +0200 Subject: [PATCH 2/7] hylafaxplus: switch to pname+version To support efforts like https://github.com/NixOS/nixpkgs/issues/103997 this splits `name` into `pname` and `version`. --- pkgs/servers/hylafaxplus/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/servers/hylafaxplus/default.nix b/pkgs/servers/hylafaxplus/default.nix index bb56e63c40e..4ce0d63f6be 100644 --- a/pkgs/servers/hylafaxplus/default.nix +++ b/pkgs/servers/hylafaxplus/default.nix @@ -30,12 +30,12 @@ let - name = "hylafaxplus-${version}"; + pname = "hylafaxplus"; version = "7.0.3"; sha256 = "139iwcwrn9i5lragxi33ilzah72w59wg4midfjjgx5cly3ah0iy4"; configSite = substituteAll { - name = "hylafaxplus-config.site"; + name = "${pname}-config.site"; src = ./config.site; config_maxgid = lib.optionalString (maxgid!=null) ''CONFIG_MAXGID=${builtins.toString maxgid}''; ghostscript_version = ghostscript.version; @@ -44,7 +44,7 @@ let }; postPatch = substituteAll { - name = "hylafaxplus-post-patch.sh"; + name = "${pname}-post-patch.sh"; src = ./post-patch.sh; inherit configSite; maxuid = lib.optionalString (maxuid!=null) (builtins.toString maxuid); @@ -55,7 +55,7 @@ let }; postInstall = substituteAll { - name = "hylafaxplus-post-install.sh"; + name = "${pname}-post-install.sh"; src = ./post-install.sh; inherit fakeroot libfaketime; }; @@ -63,7 +63,7 @@ let in stdenv.mkDerivation { - inherit name version; + inherit pname version; src = fetchurl { url = "mirror://sourceforge/hylafax/hylafax-${version}.tar.gz"; inherit sha256; From b5464b008f32699b0307a58ff7ce80de91bcfb5f Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Sat, 8 May 2021 19:31:16 +0200 Subject: [PATCH 3/7] hylafaxplus: drop patch for POSIXLY_CORRECT I'm not sure why this patch was needed, but it builds and works find without it now. Maybe this is connected with https://github.com/NixOS/nixpkgs/pull/30483 --- pkgs/servers/hylafaxplus/post-patch.sh | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pkgs/servers/hylafaxplus/post-patch.sh b/pkgs/servers/hylafaxplus/post-patch.sh index 6ec5937147e..43ee91d2f62 100644 --- a/pkgs/servers/hylafaxplus/post-patch.sh +++ b/pkgs/servers/hylafaxplus/post-patch.sh @@ -1,10 +1,3 @@ -# `configure` (maybe others) set `POSIXLY_CORRECT`, which -# breaks the gcc wrapper script of nixpkgs (maybe others). -# We simply un-export `POSIXLY_CORRECT` after each export so -# its effects don't apply within nixpkgs wrapper scripts. -grep -rlF POSIXLY_CORRECT | xargs \ - sed '/export *POSIXLY_CORRECT/a export -n POSIXLY_CORRECT' -i - # Replace strange default value for the nobody account. if test -n "@maxuid@" then From 449647daf50c0707e3e5fa6ae9e4c9523fb3dbb3 Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Sat, 8 May 2021 20:44:32 +0200 Subject: [PATCH 4/7] nixos/hylafax: use `lib.types.ints.positive` I haven't realized earlier that there is already an option type for postive integers. --- .../services/networking/hylafax/options.nix | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/nixos/modules/services/networking/hylafax/options.nix b/nixos/modules/services/networking/hylafax/options.nix index 7f18c0d39ab..74960e69b9a 100644 --- a/nixos/modules/services/networking/hylafax/options.nix +++ b/nixos/modules/services/networking/hylafax/options.nix @@ -3,7 +3,7 @@ let inherit (lib.options) literalExample mkEnableOption mkOption; - inherit (lib.types) bool enum int lines attrsOf nullOr path str submodule; + inherit (lib.types) bool enum ints lines attrsOf nullOr path str submodule; inherit (lib.modules) mkDefault mkIf mkMerge; commonDescr = '' @@ -18,7 +18,6 @@ let ''; str1 = lib.types.addCheck str (s: s!=""); # non-empty string - int1 = lib.types.addCheck int (i: i>0); # positive integer configAttrType = # Options in HylaFAX configuration files can be @@ -27,7 +26,7 @@ let # This type definition resolves all # those types into a list of strings. let - inherit (lib.types) attrsOf coercedTo listOf; + inherit (lib.types) attrsOf coercedTo int listOf; innerType = coercedTo bool (x: if x then "Yes" else "No") (coercedTo int (toString) str); in @@ -290,7 +289,7 @@ in ''; }; faxcron.infoDays = mkOption { - type = int1; + type = ints.positive; default = 30; description = '' Set the expiration time for data in the @@ -298,7 +297,7 @@ in ''; }; faxcron.logDays = mkOption { - type = int1; + type = ints.positive; default = 30; description = '' Set the expiration time for @@ -306,7 +305,7 @@ in ''; }; faxcron.rcvDays = mkOption { - type = int1; + type = ints.positive; default = 7; description = '' Set the expiration time for files in @@ -343,7 +342,7 @@ in ''; }; faxqclean.doneqMinutes = mkOption { - type = int1; + type = ints.positive; default = 15; example = literalExample "24*60"; description = '' @@ -353,7 +352,7 @@ in ''; }; faxqclean.docqMinutes = mkOption { - type = int1; + type = ints.positive; default = 60; example = literalExample "24*60"; description = '' From 89df33f882473f714162ead43288455d6192a35a Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Sat, 8 May 2021 21:05:39 +0200 Subject: [PATCH 5/7] nixos/hylafax: replace a nested expression with `lib.pipe` This avoids a tripple-nested function call, and it looks slightly simpler (at least to me). --- nixos/modules/services/networking/hylafax/systemd.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/networking/hylafax/systemd.nix b/nixos/modules/services/networking/hylafax/systemd.nix index f63f7c97ad1..137698ef83d 100644 --- a/nixos/modules/services/networking/hylafax/systemd.nix +++ b/nixos/modules/services/networking/hylafax/systemd.nix @@ -13,11 +13,10 @@ let # creates hylafax config file, # makes sure "Include" is listed *first* let - mkLines = conf: - (lib.concatLists - (lib.flip lib.mapAttrsToList conf - (k: map (v: "${k}: ${v}") - ))); + mkLines = lib.flip lib.pipe [ + (lib.mapAttrsToList (key: map (val: "${key}: ${val}"))) + lib.concatLists + ]; include = mkLines { Include = conf.Include or []; }; other = mkLines ( conf // { Include = []; } ); in From 4415846d5cbb0e1128f2042288037b85b231219e Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Sat, 8 May 2021 21:34:09 +0200 Subject: [PATCH 6/7] nixos/hylafax: use `runtimeShell` where possible According to https://github.com/NixOS/nixpkgs/pull/84556 this effort helps with cross-compilation. This commit also renames a substituted variable `hylafax` to `hylafaxplus` to permit substitution with `inherit`. --- nixos/modules/services/networking/hylafax/faxq-wait.sh | 2 +- nixos/modules/services/networking/hylafax/spool.sh | 6 +++--- nixos/modules/services/networking/hylafax/systemd.nix | 5 ++--- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/networking/hylafax/faxq-wait.sh b/nixos/modules/services/networking/hylafax/faxq-wait.sh index 8c39e9d20c1..1826aa30e62 100755 --- a/nixos/modules/services/networking/hylafax/faxq-wait.sh +++ b/nixos/modules/services/networking/hylafax/faxq-wait.sh @@ -1,4 +1,4 @@ -#! @shell@ -e +#! @runtimeShell@ -e # skip this if there are no modems at all if ! stat -t "@spoolAreaPath@"/etc/config.* >/dev/null 2>&1 diff --git a/nixos/modules/services/networking/hylafax/spool.sh b/nixos/modules/services/networking/hylafax/spool.sh index 31e930e8c59..8b723df77df 100755 --- a/nixos/modules/services/networking/hylafax/spool.sh +++ b/nixos/modules/services/networking/hylafax/spool.sh @@ -1,4 +1,4 @@ -#! @shell@ -e +#! @runtimeShell@ -e # The following lines create/update the HylaFAX spool directory: # Subdirectories/files with persistent data are kept, @@ -80,7 +80,7 @@ touch clientlog faxcron.lastrun xferfaxlog chown @faxuser@:@faxgroup@ clientlog faxcron.lastrun xferfaxlog # create symlinks for frozen directories/files -lnsym --target-directory=. "@hylafax@"/spool/{COPYRIGHT,bin,config} +lnsym --target-directory=. "@hylafaxplus@"/spool/{COPYRIGHT,bin,config} # create empty temporary directories update --mode=0700 -d client dev status @@ -93,7 +93,7 @@ install -d "@spoolAreaPath@/etc" cd "@spoolAreaPath@/etc" # create symlinks to all files in template's etc -lnsym --target-directory=. "@hylafax@/spool/etc"/* +lnsym --target-directory=. "@hylafaxplus@/spool/etc"/* # set LOCKDIR in setup.cache sed --regexp-extended 's|^(UUCP_LOCKDIR=).*$|\1'"'@lockPath@'|g" --in-place setup.cache diff --git a/nixos/modules/services/networking/hylafax/systemd.nix b/nixos/modules/services/networking/hylafax/systemd.nix index 137698ef83d..251a6f6457f 100644 --- a/nixos/modules/services/networking/hylafax/systemd.nix +++ b/nixos/modules/services/networking/hylafax/systemd.nix @@ -47,13 +47,12 @@ let name = "hylafax-setup-spool.sh"; src = ./spool.sh; isExecutable = true; - inherit (pkgs.stdenv) shell; - hylafax = pkgs.hylafaxplus; faxuser = "uucp"; faxgroup = "uucp"; lockPath = "/var/lock"; inherit globalConfigPath modemConfigPath; inherit (cfg) sendmailPath spoolAreaPath userAccessFile; + inherit (pkgs) hylafaxplus runtimeShell; }; waitFaxqScript = pkgs.substituteAll { @@ -63,8 +62,8 @@ let src = ./faxq-wait.sh; isExecutable = true; timeoutSec = toString 10; - inherit (pkgs.stdenv) shell; inherit (cfg) spoolAreaPath; + inherit (pkgs) runtimeShell; }; sockets.hylafax-hfaxd = { From c2af1ff281e44225d1f560f17e49103c70075015 Mon Sep 17 00:00:00 2001 From: Yarny0 <41838844+Yarny0@users.noreply.github.com> Date: Thu, 13 May 2021 20:59:24 +0200 Subject: [PATCH 7/7] nixos/hylafax: enable `ProtectKernelLogs` for most services Also document that `ProtectClock` blocks access to serial line. I couldn't found out why this is the case, but faxgetty complains about the device file not being accessible with `ProtectClock=true`. --- nixos/modules/services/networking/hylafax/systemd.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/modules/services/networking/hylafax/systemd.nix b/nixos/modules/services/networking/hylafax/systemd.nix index 251a6f6457f..4506bbbc5eb 100644 --- a/nixos/modules/services/networking/hylafax/systemd.nix +++ b/nixos/modules/services/networking/hylafax/systemd.nix @@ -106,8 +106,10 @@ let PrivateDevices = true; # breaks /dev/tty... PrivateNetwork = true; PrivateTmp = true; + #ProtectClock = true; # breaks /dev/tty... (why?) ProtectControlGroups = true; #ProtectHome = true; # breaks custom spool dirs + ProtectKernelLogs = true; ProtectKernelModules = true; ProtectKernelTunables = true; #ProtectSystem = "strict"; # breaks custom spool dirs