diff --git a/maintainers/scripts/hydra-eval-failures.py b/maintainers/scripts/hydra-eval-failures.py
index d0bd1913ba8..23669502e46 100755
--- a/maintainers/scripts/hydra-eval-failures.py
+++ b/maintainers/scripts/hydra-eval-failures.py
@@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
-#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click
+#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])'
# To use, just execute this script with --help to display help.
@@ -16,7 +16,7 @@ maintainers_json = subprocess.check_output([
'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json'
])
maintainers = json.loads(maintainers_json)
-MAINTAINERS = {v: k for k, v in maintainers.iteritems()}
+MAINTAINERS = {v: k for k, v in maintainers.items()}
def get_response_text(url):
@@ -45,6 +45,17 @@ def get_maintainers(attr_name):
except:
return []
+def print_build(table_row):
+ a = pq(table_row)('a')[1]
+ print("- [ ] [{}]({})".format(a.text, a.get('href')), flush=True)
+
+ maintainers = get_maintainers(a.text)
+ if maintainers:
+ print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
+ # TODO: print last three persons that touched this file
+ # TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
+
+ sys.stdout.flush()
@click.command()
@click.option(
@@ -73,23 +84,17 @@ def cli(jobset):
# TODO: aborted evaluations
# TODO: dependency failed without propagated builds
+ print('\nFailures:')
for tr in d('img[alt="Failed"]').parents('tr'):
- a = pq(tr)('a')[1]
- print("- [ ] [{}]({})".format(a.text, a.get('href')))
+ print_build(tr)
- sys.stdout.flush()
-
- maintainers = get_maintainers(a.text)
- if maintainers:
- print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
- # TODO: print last three persons that touched this file
- # TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
-
- sys.stdout.flush()
+ print('\nDependency failures:')
+ for tr in d('img[alt="Dependency failed"]').parents('tr'):
+ print_build(tr)
if __name__ == "__main__":
try:
cli()
- except:
+ except Exception as e:
import pdb;pdb.post_mortem()
diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix
index e43b6bbb253..8abe3c5b8c9 100644
--- a/nixos/modules/services/computing/boinc/client.nix
+++ b/nixos/modules/services/computing/boinc/client.nix
@@ -6,6 +6,13 @@ let
cfg = config.services.boinc;
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
+ fhsEnv = pkgs.buildFHSUserEnv {
+ name = "boinc-fhs-env";
+ targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
+ runScript = "/bin/boinc_client";
+ };
+ fhsEnvExecutable = "${fhsEnv}/bin/${fhsEnv.name}";
+
in
{
options.services.boinc = {
@@ -49,6 +56,43 @@ in
See also:
'';
};
+
+ extraEnvPackages = mkOption {
+ type = types.listOf types.package;
+ default = [];
+ example = "[ pkgs.virtualbox ]";
+ description = ''
+ Additional packages to make available in the environment in which
+ BOINC will run. Common choices are:
+
+
+ pkgs.virtualbox
+
+ The VirtualBox virtual machine framework. Required by some BOINC
+ projects, such as ATLAS@home.
+
+
+
+ pkgs.ocl-icd
+
+ OpenCL infrastructure library. Required by BOINC projects that
+ use OpenCL, in addition to a device-specific OpenCL driver.
+
+
+
+ pkgs.linuxPackages.nvidia_x11
+
+ Provides CUDA libraries. Required by BOINC projects that use
+ CUDA. Note that this requires an NVIDIA graphics device to be
+ present on the system.
+
+ Also provides OpenCL drivers for NVIDIA GPUs;
+ pkgs.ocl-icd is also needed in this case.
+
+
+
+ '';
+ };
};
config = mkIf cfg.enable {
@@ -70,7 +114,7 @@ in
chown boinc ${cfg.dataDir}
'';
script = ''
- ${cfg.package}/bin/boinc_client --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
+ ${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root
diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix
index 4241e6fccea..0b52b1d3e30 100644
--- a/nixos/modules/services/networking/nsd.nix
+++ b/nixos/modules/services/networking/nsd.nix
@@ -250,6 +250,46 @@ let
Use imports or pkgs.lib.readFile if you don't want this data in your config file.
'';
};
+
+ dnssec = mkEnableOption "DNSSEC";
+
+ dnssecPolicy = {
+ algorithm = mkOption {
+ type = types.str;
+ default = "RSASHA256";
+ description = "Which algorithm to use for DNSSEC";
+ };
+ keyttl = mkOption {
+ type = types.str;
+ default = "1h";
+ description = "TTL for dnssec records";
+ };
+ coverage = mkOption {
+ type = types.str;
+ default = "1y";
+ description = ''
+ The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
+ '';
+ };
+ zsk = mkOption {
+ type = keyPolicy;
+ default = { keySize = 2048;
+ prePublish = "1w";
+ postPublish = "1w";
+ rollPeriod = "1mo";
+ };
+ description = "Key policy for zone signing keys";
+ };
+ ksk = mkOption {
+ type = keyPolicy;
+ default = { keySize = 4096;
+ prePublish = "1mo";
+ postPublish = "1mo";
+ rollPeriod = "0";
+ };
+ description = "Key policy for key signing keys";
+ };
+ };
maxRefreshSecs = mkOption {
type = types.nullOr types.int;
@@ -367,10 +407,61 @@ let
and stats_noreset.
'';
};
-
};
};
+ keyPolicy = types.submodule {
+ options = {
+ keySize = mkOption {
+ type = types.int;
+ description = "Key size in bits";
+ };
+ prePublish = mkOption {
+ type = types.str;
+ description = "How long in advance to publish new keys";
+ };
+ postPublish = mkOption {
+ type = types.str;
+ description = "How long after deactivation to keep a key in the zone";
+ };
+ rollPeriod = mkOption {
+ type = types.str;
+ description = "How frequently to change keys";
+ };
+ };
+ };
+
+ dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs);
+
+ dnssec = length (attrNames dnssecZones) != 0;
+
+ signZones = optionalString dnssec ''
+ mkdir -p ${stateDir}/dnssec
+ chown ${username}:${username} ${stateDir}/dnssec
+ chmod 0600 ${stateDir}/dnssec
+
+ ${concatStrings (mapAttrsToList signZone dnssecZones)}
+ '';
+ signZone = name: zone: ''
+ ${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name}
+ ${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
+ ${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
+ '';
+ policyFile = name: policy: pkgs.writeText "${name}.policy" ''
+ zone ${name} {
+ algorithm ${policy.algorithm};
+ key-size zsk ${toString policy.zsk.keySize};
+ key-size ksk ${toString policy.ksk.keySize};
+ keyttl ${policy.keyttl};
+ pre-publish zsk ${policy.zsk.prePublish};
+ pre-publish ksk ${policy.ksk.prePublish};
+ post-publish zsk ${policy.zsk.postPublish};
+ post-publish ksk ${policy.ksk.postPublish};
+ roll-period zsk ${policy.zsk.rollPeriod};
+ roll-period ksk ${policy.ksk.rollPeriod};
+ coverage ${policy.coverage};
+ };
+ '';
in
{
# options are ordered alphanumerically
@@ -380,6 +471,14 @@ in
bind8Stats = mkEnableOption "BIND8 like statistics";
+ dnssecInterval = mkOption {
+ type = types.str;
+ default = "1h";
+ description = ''
+ How often to check whether dnssec key rollover is required
+ '';
+ };
+
extraConfig = mkOption {
type = types.str;
default = "";
@@ -741,7 +840,6 @@ in
};
-
zones = mkOption {
type = types.attrsOf zoneOptions;
default = {};
@@ -785,7 +883,6 @@ in
serverGroup1.
'';
};
-
};
config = mkIf cfg.enable {
@@ -832,9 +929,9 @@ in
mkdir -m 0700 -p "${stateDir}/var"
cat > "${stateDir}/don't touch anything in here" << EOF
- Everything in this directory except NSD's state in var is
- automatically generated and will be purged and redeployed
- by the nsd.service pre-start script.
+ Everything in this directory except NSD's state in var and dnssec
+ is automatically generated and will be purged and redeployed by
+ the nsd.service pre-start script.
EOF
chown ${username}:${username} -R "${stateDir}/private"
@@ -848,6 +945,34 @@ in
'';
};
+ nixpkgs.config = mkIf dnssec {
+ bind.enablePython = true;
+ };
+
+ systemd.timers."nsd-dnssec" = mkIf dnssec {
+ description = "Automatic DNSSEC key rollover";
+
+ wantedBy = [ "nsd.service" ];
+
+ timerConfig = {
+ OnActiveSec = cfg.dnssecInterval;
+ OnUnitActiveSec = cfg.dnssecInterval;
+ };
+ };
+
+ systemd.services."nsd-dnssec" = mkIf dnssec {
+ description = "DNSSEC key rollover";
+
+ wantedBy = [ "nsd.service" ];
+ before = [ "nsd.service" ];
+
+ script = signZones;
+
+ postStop = ''
+ ${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service
+ '';
+ };
+
};
meta.maintainers = with lib.maintainers; [ hrdinka ];
diff --git a/pkgs/development/em-modules/generic/default.nix b/pkgs/development/em-modules/generic/default.nix
index 332fab8e14a..f03e6e42739 100644
--- a/pkgs/development/em-modules/generic/default.nix
+++ b/pkgs/development/em-modules/generic/default.nix
@@ -22,8 +22,6 @@ pkgs.stdenv.mkDerivation (
HOME=$TMPDIR
runHook preConfigure
- # probably requires autotools as dependency
- ./autogen.sh
emconfigure ./configure --prefix=$out
runHook postConfigure
diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix
index 018a57ad057..fd738faf507 100644
--- a/pkgs/development/libraries/pupnp/default.nix
+++ b/pkgs/development/libraries/pupnp/default.nix
@@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
name = "libupnp-${version}";
- version = "1.8.3";
+ version = "1.6.21";
src = fetchFromGitHub {
owner = "mrjimenez";
repo = "pupnp";
rev = "release-${version}";
- sha256 = "1w0kfq1pg3y2wl6gwkm1w872g0qz29w1z9wj08xxmwnk5mkpvsrl";
+ sha256 = "07ksfhadinaa20542gblrxi9pqz0v6y70a836hp3qr4037id4nm9";
};
nativeBuildInputs = [ autoreconfHook ];
diff --git a/pkgs/development/tools/cloudfoundry-cli/default.nix b/pkgs/development/tools/cloudfoundry-cli/default.nix
index fc085b3e5ea..22c2f077418 100644
--- a/pkgs/development/tools/cloudfoundry-cli/default.nix
+++ b/pkgs/development/tools/cloudfoundry-cli/default.nix
@@ -2,17 +2,17 @@
buildGoPackage rec {
name = "cloudfoundry-cli-${version}";
- version = "6.32.0";
+ version = "6.36.1";
goPackagePath = "code.cloudfoundry.org/cli";
subPackages = [ "." ];
src = fetchFromGitHub {
+ owner = "cloudfoundry";
+ repo = "cli";
rev = "v${version}";
- owner = "cloudfoundry-attic";
- repo = "cli-with-i18n";
- sha256 = "16r8zvahn4b98krmyb8zq9370i6572dhz88bfxb3fnddcv6zy1ng";
+ sha256 = "19inl7qs2acs59p3gnl5zdsxym0wp2rn05q0zfg7rwf5sjh68amp";
};
outputs = [ "out" ];
diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix
index 86e756a0db3..4002c6b3542 100644
--- a/pkgs/servers/dns/bind/default.nix
+++ b/pkgs/servers/dns/bind/default.nix
@@ -1,8 +1,10 @@
{ stdenv, lib, fetchurl, openssl, libtool, perl, libxml2
+, enablePython ? false, python3 ? null
, enableSeccomp ? false, libseccomp ? null, buildPackages
}:
assert enableSeccomp -> libseccomp != null;
+assert enablePython -> python3 != null;
let version = "9.12.1"; in
@@ -20,8 +22,9 @@ stdenv.mkDerivation rec {
stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;
nativeBuildInputs = [ perl ];
- buildInputs = [ openssl libtool libxml2 ] ++
- stdenv.lib.optional enableSeccomp libseccomp;
+ buildInputs = [ openssl libtool libxml2 ]
+ ++ lib.optional enableSeccomp libseccomp
+ ++ lib.optional enablePython python3;
STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase
@@ -32,6 +35,7 @@ stdenv.mkDerivation rec {
"--with-libtool"
"--with-libxml2=${libxml2.dev}"
"--with-openssl=${openssl.dev}"
+ (if enablePython then "--with-python" else "--without-python")
"--without-atf"
"--without-dlopen"
"--without-docbook-xsl"
@@ -41,7 +45,6 @@ stdenv.mkDerivation rec {
"--without-lmdb"
"--without-pkcs11"
"--without-purify"
- "--without-python"
"--with-randomdev=/dev/random"
"--with-ecdsa"
"--with-gost"
diff --git a/pkgs/servers/monitoring/zipkin/default.nix b/pkgs/servers/monitoring/zipkin/default.nix
new file mode 100644
index 00000000000..2925a8f2dc5
--- /dev/null
+++ b/pkgs/servers/monitoring/zipkin/default.nix
@@ -0,0 +1,26 @@
+{stdenv, fetchurl, makeWrapper, jre}:
+stdenv.mkDerivation rec {
+ version = "1.28.1";
+ name = "zipkin-server-${version}";
+ src = fetchurl {
+ url = "https://search.maven.org/remotecontent?filepath=io/zipkin/java/zipkin-server/${version}/zipkin-server-${version}-exec.jar";
+ sha256 = "02369fkv0kbl1isq6y26fh2zj5wxv3zck522m5wypsjlcfcw2apa";
+ };
+ buildInputs = [ makeWrapper ];
+
+ buildCommand =
+ ''
+ mkdir -p $out/share/java
+ cp ${src} $out/share/java/zipkin-server-${version}-exec.jar
+ mkdir -p $out/bin
+ makeWrapper ${jre}/bin/java $out/bin/zipkin-server \
+ --add-flags "-cp $out/share/java/zipkin-server-${version}-exec.jar org.springframework.boot.loader.JarLauncher"
+ '';
+ meta = with stdenv.lib; {
+ description = "Zipkin distributed tracing system";
+ homepage = "http://zipkin.io/";
+ license = licenses.asl20;
+ platforms = platforms.unix;
+ maintainers = [ maintainers.hectorj ];
+ };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b56c0de6939..0a844693fe3 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7644,9 +7644,7 @@ with pkgs;
cl-launch = callPackage ../development/tools/misc/cl-launch {};
- cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli {
- go = go_1_9;
- };
+ cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli { };
coan = callPackage ../development/tools/analysis/coan { };
@@ -12264,7 +12262,10 @@ with pkgs;
bftpd = callPackage ../servers/ftp/bftpd {};
- bind = callPackage ../servers/dns/bind { };
+ bind = callPackage ../servers/dns/bind {
+ enablePython = config.bind.enablePython or false;
+ python3 = python3.withPackages (ps: with ps; [ ply ]);
+ };
dnsutils = bind.dnsutils;
inherit (callPackages ../servers/bird { })
@@ -12946,6 +12947,7 @@ with pkgs;
zabbix20 = callPackage ../servers/monitoring/zabbix/2.0.nix { };
zabbix22 = callPackage ../servers/monitoring/zabbix/2.2.nix { };
+ zipkin = callPackage ../servers/monitoring/zipkin { };
### OS-SPECIFIC