diff --git a/maintainers/scripts/hydra-eval-failures.py b/maintainers/scripts/hydra-eval-failures.py index d0bd1913ba8..23669502e46 100755 --- a/maintainers/scripts/hydra-eval-failures.py +++ b/maintainers/scripts/hydra-eval-failures.py @@ -1,5 +1,5 @@ #!/usr/bin/env nix-shell -#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click +#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])' # To use, just execute this script with --help to display help. @@ -16,7 +16,7 @@ maintainers_json = subprocess.check_output([ 'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json' ]) maintainers = json.loads(maintainers_json) -MAINTAINERS = {v: k for k, v in maintainers.iteritems()} +MAINTAINERS = {v: k for k, v in maintainers.items()} def get_response_text(url): @@ -45,6 +45,17 @@ def get_maintainers(attr_name): except: return [] +def print_build(table_row): + a = pq(table_row)('a')[1] + print("- [ ] [{}]({})".format(a.text, a.get('href')), flush=True) + + maintainers = get_maintainers(a.text) + if maintainers: + print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers)))) + # TODO: print last three persons that touched this file + # TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked? + + sys.stdout.flush() @click.command() @click.option( @@ -73,23 +84,17 @@ def cli(jobset): # TODO: aborted evaluations # TODO: dependency failed without propagated builds + print('\nFailures:') for tr in d('img[alt="Failed"]').parents('tr'): - a = pq(tr)('a')[1] - print("- [ ] [{}]({})".format(a.text, a.get('href'))) + print_build(tr) - sys.stdout.flush() - - maintainers = get_maintainers(a.text) - if maintainers: - print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers)))) - # TODO: print last three persons that touched this file - # TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked? - - sys.stdout.flush() + print('\nDependency failures:') + for tr in d('img[alt="Dependency failed"]').parents('tr'): + print_build(tr) if __name__ == "__main__": try: cli() - except: + except Exception as e: import pdb;pdb.post_mortem() diff --git a/nixos/modules/services/computing/boinc/client.nix b/nixos/modules/services/computing/boinc/client.nix index e43b6bbb253..8abe3c5b8c9 100644 --- a/nixos/modules/services/computing/boinc/client.nix +++ b/nixos/modules/services/computing/boinc/client.nix @@ -6,6 +6,13 @@ let cfg = config.services.boinc; allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; + fhsEnv = pkgs.buildFHSUserEnv { + name = "boinc-fhs-env"; + targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages; + runScript = "/bin/boinc_client"; + }; + fhsEnvExecutable = "${fhsEnv}/bin/${fhsEnv.name}"; + in { options.services.boinc = { @@ -49,6 +56,43 @@ in See also: ''; }; + + extraEnvPackages = mkOption { + type = types.listOf types.package; + default = []; + example = "[ pkgs.virtualbox ]"; + description = '' + Additional packages to make available in the environment in which + BOINC will run. Common choices are: + + + pkgs.virtualbox + + The VirtualBox virtual machine framework. Required by some BOINC + projects, such as ATLAS@home. + + + + pkgs.ocl-icd + + OpenCL infrastructure library. Required by BOINC projects that + use OpenCL, in addition to a device-specific OpenCL driver. + + + + pkgs.linuxPackages.nvidia_x11 + + Provides CUDA libraries. Required by BOINC projects that use + CUDA. Note that this requires an NVIDIA graphics device to be + present on the system. + + Also provides OpenCL drivers for NVIDIA GPUs; + pkgs.ocl-icd is also needed in this case. + + + + ''; + }; }; config = mkIf cfg.enable { @@ -70,7 +114,7 @@ in chown boinc ${cfg.dataDir} ''; script = '' - ${cfg.package}/bin/boinc_client --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag} + ${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag} ''; serviceConfig = { PermissionsStartOnly = true; # preStart must be run as root diff --git a/nixos/modules/services/networking/nsd.nix b/nixos/modules/services/networking/nsd.nix index 4241e6fccea..0b52b1d3e30 100644 --- a/nixos/modules/services/networking/nsd.nix +++ b/nixos/modules/services/networking/nsd.nix @@ -250,6 +250,46 @@ let Use imports or pkgs.lib.readFile if you don't want this data in your config file. ''; }; + + dnssec = mkEnableOption "DNSSEC"; + + dnssecPolicy = { + algorithm = mkOption { + type = types.str; + default = "RSASHA256"; + description = "Which algorithm to use for DNSSEC"; + }; + keyttl = mkOption { + type = types.str; + default = "1h"; + description = "TTL for dnssec records"; + }; + coverage = mkOption { + type = types.str; + default = "1y"; + description = '' + The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time. + ''; + }; + zsk = mkOption { + type = keyPolicy; + default = { keySize = 2048; + prePublish = "1w"; + postPublish = "1w"; + rollPeriod = "1mo"; + }; + description = "Key policy for zone signing keys"; + }; + ksk = mkOption { + type = keyPolicy; + default = { keySize = 4096; + prePublish = "1mo"; + postPublish = "1mo"; + rollPeriod = "0"; + }; + description = "Key policy for key signing keys"; + }; + }; maxRefreshSecs = mkOption { type = types.nullOr types.int; @@ -367,10 +407,61 @@ let and stats_noreset. ''; }; - }; }; + keyPolicy = types.submodule { + options = { + keySize = mkOption { + type = types.int; + description = "Key size in bits"; + }; + prePublish = mkOption { + type = types.str; + description = "How long in advance to publish new keys"; + }; + postPublish = mkOption { + type = types.str; + description = "How long after deactivation to keep a key in the zone"; + }; + rollPeriod = mkOption { + type = types.str; + description = "How frequently to change keys"; + }; + }; + }; + + dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs); + + dnssec = length (attrNames dnssecZones) != 0; + + signZones = optionalString dnssec '' + mkdir -p ${stateDir}/dnssec + chown ${username}:${username} ${stateDir}/dnssec + chmod 0600 ${stateDir}/dnssec + + ${concatStrings (mapAttrsToList signZone dnssecZones)} + ''; + signZone = name: zone: '' + ${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name} + ${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name} + ${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name} + ''; + policyFile = name: policy: pkgs.writeText "${name}.policy" '' + zone ${name} { + algorithm ${policy.algorithm}; + key-size zsk ${toString policy.zsk.keySize}; + key-size ksk ${toString policy.ksk.keySize}; + keyttl ${policy.keyttl}; + pre-publish zsk ${policy.zsk.prePublish}; + pre-publish ksk ${policy.ksk.prePublish}; + post-publish zsk ${policy.zsk.postPublish}; + post-publish ksk ${policy.ksk.postPublish}; + roll-period zsk ${policy.zsk.rollPeriod}; + roll-period ksk ${policy.ksk.rollPeriod}; + coverage ${policy.coverage}; + }; + ''; in { # options are ordered alphanumerically @@ -380,6 +471,14 @@ in bind8Stats = mkEnableOption "BIND8 like statistics"; + dnssecInterval = mkOption { + type = types.str; + default = "1h"; + description = '' + How often to check whether dnssec key rollover is required + ''; + }; + extraConfig = mkOption { type = types.str; default = ""; @@ -741,7 +840,6 @@ in }; - zones = mkOption { type = types.attrsOf zoneOptions; default = {}; @@ -785,7 +883,6 @@ in serverGroup1. ''; }; - }; config = mkIf cfg.enable { @@ -832,9 +929,9 @@ in mkdir -m 0700 -p "${stateDir}/var" cat > "${stateDir}/don't touch anything in here" << EOF - Everything in this directory except NSD's state in var is - automatically generated and will be purged and redeployed - by the nsd.service pre-start script. + Everything in this directory except NSD's state in var and dnssec + is automatically generated and will be purged and redeployed by + the nsd.service pre-start script. EOF chown ${username}:${username} -R "${stateDir}/private" @@ -848,6 +945,34 @@ in ''; }; + nixpkgs.config = mkIf dnssec { + bind.enablePython = true; + }; + + systemd.timers."nsd-dnssec" = mkIf dnssec { + description = "Automatic DNSSEC key rollover"; + + wantedBy = [ "nsd.service" ]; + + timerConfig = { + OnActiveSec = cfg.dnssecInterval; + OnUnitActiveSec = cfg.dnssecInterval; + }; + }; + + systemd.services."nsd-dnssec" = mkIf dnssec { + description = "DNSSEC key rollover"; + + wantedBy = [ "nsd.service" ]; + before = [ "nsd.service" ]; + + script = signZones; + + postStop = '' + ${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service + ''; + }; + }; meta.maintainers = with lib.maintainers; [ hrdinka ]; diff --git a/pkgs/development/em-modules/generic/default.nix b/pkgs/development/em-modules/generic/default.nix index 332fab8e14a..f03e6e42739 100644 --- a/pkgs/development/em-modules/generic/default.nix +++ b/pkgs/development/em-modules/generic/default.nix @@ -22,8 +22,6 @@ pkgs.stdenv.mkDerivation ( HOME=$TMPDIR runHook preConfigure - # probably requires autotools as dependency - ./autogen.sh emconfigure ./configure --prefix=$out runHook postConfigure diff --git a/pkgs/development/libraries/pupnp/default.nix b/pkgs/development/libraries/pupnp/default.nix index 018a57ad057..fd738faf507 100644 --- a/pkgs/development/libraries/pupnp/default.nix +++ b/pkgs/development/libraries/pupnp/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { name = "libupnp-${version}"; - version = "1.8.3"; + version = "1.6.21"; src = fetchFromGitHub { owner = "mrjimenez"; repo = "pupnp"; rev = "release-${version}"; - sha256 = "1w0kfq1pg3y2wl6gwkm1w872g0qz29w1z9wj08xxmwnk5mkpvsrl"; + sha256 = "07ksfhadinaa20542gblrxi9pqz0v6y70a836hp3qr4037id4nm9"; }; nativeBuildInputs = [ autoreconfHook ]; diff --git a/pkgs/development/tools/cloudfoundry-cli/default.nix b/pkgs/development/tools/cloudfoundry-cli/default.nix index fc085b3e5ea..22c2f077418 100644 --- a/pkgs/development/tools/cloudfoundry-cli/default.nix +++ b/pkgs/development/tools/cloudfoundry-cli/default.nix @@ -2,17 +2,17 @@ buildGoPackage rec { name = "cloudfoundry-cli-${version}"; - version = "6.32.0"; + version = "6.36.1"; goPackagePath = "code.cloudfoundry.org/cli"; subPackages = [ "." ]; src = fetchFromGitHub { + owner = "cloudfoundry"; + repo = "cli"; rev = "v${version}"; - owner = "cloudfoundry-attic"; - repo = "cli-with-i18n"; - sha256 = "16r8zvahn4b98krmyb8zq9370i6572dhz88bfxb3fnddcv6zy1ng"; + sha256 = "19inl7qs2acs59p3gnl5zdsxym0wp2rn05q0zfg7rwf5sjh68amp"; }; outputs = [ "out" ]; diff --git a/pkgs/servers/dns/bind/default.nix b/pkgs/servers/dns/bind/default.nix index 86e756a0db3..4002c6b3542 100644 --- a/pkgs/servers/dns/bind/default.nix +++ b/pkgs/servers/dns/bind/default.nix @@ -1,8 +1,10 @@ { stdenv, lib, fetchurl, openssl, libtool, perl, libxml2 +, enablePython ? false, python3 ? null , enableSeccomp ? false, libseccomp ? null, buildPackages }: assert enableSeccomp -> libseccomp != null; +assert enablePython -> python3 != null; let version = "9.12.1"; in @@ -20,8 +22,9 @@ stdenv.mkDerivation rec { stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch; nativeBuildInputs = [ perl ]; - buildInputs = [ openssl libtool libxml2 ] ++ - stdenv.lib.optional enableSeccomp libseccomp; + buildInputs = [ openssl libtool libxml2 ] + ++ lib.optional enableSeccomp libseccomp + ++ lib.optional enablePython python3; STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase @@ -32,6 +35,7 @@ stdenv.mkDerivation rec { "--with-libtool" "--with-libxml2=${libxml2.dev}" "--with-openssl=${openssl.dev}" + (if enablePython then "--with-python" else "--without-python") "--without-atf" "--without-dlopen" "--without-docbook-xsl" @@ -41,7 +45,6 @@ stdenv.mkDerivation rec { "--without-lmdb" "--without-pkcs11" "--without-purify" - "--without-python" "--with-randomdev=/dev/random" "--with-ecdsa" "--with-gost" diff --git a/pkgs/servers/monitoring/zipkin/default.nix b/pkgs/servers/monitoring/zipkin/default.nix new file mode 100644 index 00000000000..2925a8f2dc5 --- /dev/null +++ b/pkgs/servers/monitoring/zipkin/default.nix @@ -0,0 +1,26 @@ +{stdenv, fetchurl, makeWrapper, jre}: +stdenv.mkDerivation rec { + version = "1.28.1"; + name = "zipkin-server-${version}"; + src = fetchurl { + url = "https://search.maven.org/remotecontent?filepath=io/zipkin/java/zipkin-server/${version}/zipkin-server-${version}-exec.jar"; + sha256 = "02369fkv0kbl1isq6y26fh2zj5wxv3zck522m5wypsjlcfcw2apa"; + }; + buildInputs = [ makeWrapper ]; + + buildCommand = + '' + mkdir -p $out/share/java + cp ${src} $out/share/java/zipkin-server-${version}-exec.jar + mkdir -p $out/bin + makeWrapper ${jre}/bin/java $out/bin/zipkin-server \ + --add-flags "-cp $out/share/java/zipkin-server-${version}-exec.jar org.springframework.boot.loader.JarLauncher" + ''; + meta = with stdenv.lib; { + description = "Zipkin distributed tracing system"; + homepage = "http://zipkin.io/"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = [ maintainers.hectorj ]; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b56c0de6939..0a844693fe3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7644,9 +7644,7 @@ with pkgs; cl-launch = callPackage ../development/tools/misc/cl-launch {}; - cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli { - go = go_1_9; - }; + cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli { }; coan = callPackage ../development/tools/analysis/coan { }; @@ -12264,7 +12262,10 @@ with pkgs; bftpd = callPackage ../servers/ftp/bftpd {}; - bind = callPackage ../servers/dns/bind { }; + bind = callPackage ../servers/dns/bind { + enablePython = config.bind.enablePython or false; + python3 = python3.withPackages (ps: with ps; [ ply ]); + }; dnsutils = bind.dnsutils; inherit (callPackages ../servers/bird { }) @@ -12946,6 +12947,7 @@ with pkgs; zabbix20 = callPackage ../servers/monitoring/zabbix/2.0.nix { }; zabbix22 = callPackage ../servers/monitoring/zabbix/2.2.nix { }; + zipkin = callPackage ../servers/monitoring/zipkin { }; ### OS-SPECIFIC