public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:NixOS/nixpkgs into feat/acme/delay

Browse Source
This commit is contained in:
Gregor Kleen 2018-04-21 22:34:01 +02:00
commit e11cb1d2a9
9 changed files with 239 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
maintainers/scripts/hydra-eval-failures.py
View File

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click #!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])'
# To use, just execute this script with --help to display help. # To use, just execute this script with --help to display help.
@ -16,7 +16,7 @@ maintainers_json = subprocess.check_output([
'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json' 'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json'
]) ])
maintainers = json.loads(maintainers_json) maintainers = json.loads(maintainers_json)
MAINTAINERS = {v: k for k, v in maintainers.iteritems()} MAINTAINERS = {v: k for k, v in maintainers.items()}
def get_response_text(url): def get_response_text(url):
@ -45,6 +45,17 @@ def get_maintainers(attr_name):
except: except:
return [] return []
def print_build(table_row):
a = pq(table_row)('a')[1]
print("- [ ] [{}]({})".format(a.text, a.get('href')), flush=True)
maintainers = get_maintainers(a.text)
if maintainers:
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
sys.stdout.flush()
@click.command() @click.command()
@click.option( @click.option(
@ -73,23 +84,17 @@ def cli(jobset):
# TODO: aborted evaluations # TODO: aborted evaluations
# TODO: dependency failed without propagated builds # TODO: dependency failed without propagated builds
print('\nFailures:')
for tr in d('img[alt="Failed"]').parents('tr'): for tr in d('img[alt="Failed"]').parents('tr'):
a = pq(tr)('a')[1] print_build(tr)
print("- [ ] [{}]({})".format(a.text, a.get('href')))
sys.stdout.flush() print('\nDependency failures:')
for tr in d('img[alt="Dependency failed"]').parents('tr'):
maintainers = get_maintainers(a.text) print_build(tr)
if maintainers:
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
sys.stdout.flush()
if __name__ == "__main__": if __name__ == "__main__":
try: try:
cli() cli()
except: except Exception as e:
import pdb;pdb.post_mortem() import pdb;pdb.post_mortem()

46
nixos/modules/services/computing/boinc/client.nix
View File

@ -6,6 +6,13 @@ let
cfg = config.services.boinc; cfg = config.services.boinc;
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc"; allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
fhsEnv = pkgs.buildFHSUserEnv {
name = "boinc-fhs-env";
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
runScript = "/bin/boinc_client";
};
fhsEnvExecutable = "${fhsEnv}/bin/${fhsEnv.name}";
in in
{ {
options.services.boinc = { options.services.boinc = {
@ -49,6 +56,43 @@ in
See also: <link xlink:href="http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access"/> See also: <link xlink:href="http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access"/>
''; '';
}; };
extraEnvPackages = mkOption {
type = types.listOf types.package;
default = [];
example = "[ pkgs.virtualbox ]";
description = ''
Additional packages to make available in the environment in which
BOINC will run. Common choices are:
<variablelist>
<varlistentry>
<term><varname>pkgs.virtualbox</varname></term>
<listitem><para>
The VirtualBox virtual machine framework. Required by some BOINC
projects, such as ATLAS@home.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>pkgs.ocl-icd</varname></term>
<listitem><para>
OpenCL infrastructure library. Required by BOINC projects that
use OpenCL, in addition to a device-specific OpenCL driver.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>pkgs.linuxPackages.nvidia_x11</varname></term>
<listitem><para>
Provides CUDA libraries. Required by BOINC projects that use
CUDA. Note that this requires an NVIDIA graphics device to be
present on the system.
</para><para>
Also provides OpenCL drivers for NVIDIA GPUs;
<varname>pkgs.ocl-icd</varname> is also needed in this case.
</para></listitem>
</varlistentry>
</variablelist>
'';
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -70,7 +114,7 @@ in
chown boinc ${cfg.dataDir} chown boinc ${cfg.dataDir}
''; '';
script = '' script = ''
${cfg.package}/bin/boinc_client --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag} ${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
''; '';
serviceConfig = { serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root PermissionsStartOnly = true; # preStart must be run as root

137
nixos/modules/services/networking/nsd.nix
View File

@ -250,6 +250,46 @@ let
Use imports or pkgs.lib.readFile if you don't want this data in your config file. Use imports or pkgs.lib.readFile if you don't want this data in your config file.
''; '';
}; };
dnssec = mkEnableOption "DNSSEC";
dnssecPolicy = {
algorithm = mkOption {
type = types.str;
default = "RSASHA256";
description = "Which algorithm to use for DNSSEC";
};
keyttl = mkOption {
type = types.str;
default = "1h";
description = "TTL for dnssec records";
};
coverage = mkOption {
type = types.str;
default = "1y";
description = ''
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
'';
};
zsk = mkOption {
type = keyPolicy;
default = { keySize = 2048;
prePublish = "1w";
postPublish = "1w";
rollPeriod = "1mo";
};
description = "Key policy for zone signing keys";
};
ksk = mkOption {
type = keyPolicy;
default = { keySize = 4096;
prePublish = "1mo";
postPublish = "1mo";
rollPeriod = "0";
};
description = "Key policy for key signing keys";
};
};
maxRefreshSecs = mkOption { maxRefreshSecs = mkOption {
type = types.nullOr types.int; type = types.nullOr types.int;
@ -367,10 +407,61 @@ let
and stats_noreset. and stats_noreset.
''; '';
}; };
}; };
}; };
keyPolicy = types.submodule {
options = {
keySize = mkOption {
type = types.int;
description = "Key size in bits";
};
prePublish = mkOption {
type = types.str;
description = "How long in advance to publish new keys";
};
postPublish = mkOption {
type = types.str;
description = "How long after deactivation to keep a key in the zone";
};
rollPeriod = mkOption {
type = types.str;
description = "How frequently to change keys";
};
};
};
dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs);
dnssec = length (attrNames dnssecZones) != 0;
signZones = optionalString dnssec ''
mkdir -p ${stateDir}/dnssec
chown ${username}:${username} ${stateDir}/dnssec
chmod 0600 ${stateDir}/dnssec
${concatStrings (mapAttrsToList signZone dnssecZones)}
'';
signZone = name: zone: ''
${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name}
${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
'';
policyFile = name: policy: pkgs.writeText "${name}.policy" ''
zone ${name} {
algorithm ${policy.algorithm};
key-size zsk ${toString policy.zsk.keySize};
key-size ksk ${toString policy.ksk.keySize};
keyttl ${policy.keyttl};
pre-publish zsk ${policy.zsk.prePublish};
pre-publish ksk ${policy.ksk.prePublish};
post-publish zsk ${policy.zsk.postPublish};
post-publish ksk ${policy.ksk.postPublish};
roll-period zsk ${policy.zsk.rollPeriod};
roll-period ksk ${policy.ksk.rollPeriod};
coverage ${policy.coverage};
};
'';
in in
{ {
# options are ordered alphanumerically # options are ordered alphanumerically
@ -380,6 +471,14 @@ in
bind8Stats = mkEnableOption "BIND8 like statistics"; bind8Stats = mkEnableOption "BIND8 like statistics";
dnssecInterval = mkOption {
type = types.str;
default = "1h";
description = ''
How often to check whether dnssec key rollover is required
'';
};
extraConfig = mkOption { extraConfig = mkOption {
type = types.str; type = types.str;
default = ""; default = "";
@ -741,7 +840,6 @@ in
}; };
zones = mkOption { zones = mkOption {
type = types.attrsOf zoneOptions; type = types.attrsOf zoneOptions;
default = {}; default = {};
@ -785,7 +883,6 @@ in
serverGroup1. serverGroup1.
''; '';
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -832,9 +929,9 @@ in
mkdir -m 0700 -p "${stateDir}/var" mkdir -m 0700 -p "${stateDir}/var"
cat > "${stateDir}/don't touch anything in here" << EOF cat > "${stateDir}/don't touch anything in here" << EOF
Everything in this directory except NSD's state in var is Everything in this directory except NSD's state in var and dnssec
automatically generated and will be purged and redeployed is automatically generated and will be purged and redeployed by
by the nsd.service pre-start script. the nsd.service pre-start script.
EOF EOF
chown ${username}:${username} -R "${stateDir}/private" chown ${username}:${username} -R "${stateDir}/private"
@ -848,6 +945,34 @@ in
''; '';
}; };
nixpkgs.config = mkIf dnssec {
bind.enablePython = true;
};
systemd.timers."nsd-dnssec" = mkIf dnssec {
description = "Automatic DNSSEC key rollover";
wantedBy = [ "nsd.service" ];
timerConfig = {
OnActiveSec = cfg.dnssecInterval;
OnUnitActiveSec = cfg.dnssecInterval;
};
};
systemd.services."nsd-dnssec" = mkIf dnssec {
description = "DNSSEC key rollover";
wantedBy = [ "nsd.service" ];
before = [ "nsd.service" ];
script = signZones;
postStop = ''
${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service
'';
};
}; };
meta.maintainers = with lib.maintainers; [ hrdinka ]; meta.maintainers = with lib.maintainers; [ hrdinka ];

2
pkgs/development/em-modules/generic/default.nix
View File

@ -22,8 +22,6 @@ pkgs.stdenv.mkDerivation (
HOME=$TMPDIR HOME=$TMPDIR
runHook preConfigure runHook preConfigure
# probably requires autotools as dependency
./autogen.sh
emconfigure ./configure --prefix=$out emconfigure ./configure --prefix=$out
runHook postConfigure runHook postConfigure

4
pkgs/development/libraries/pupnp/default.nix
View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "libupnp-${version}"; name = "libupnp-${version}";
version = "1.8.3"; version = "1.6.21";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "mrjimenez"; owner = "mrjimenez";
repo = "pupnp"; repo = "pupnp";
rev = "release-${version}"; rev = "release-${version}";
sha256 = "1w0kfq1pg3y2wl6gwkm1w872g0qz29w1z9wj08xxmwnk5mkpvsrl"; sha256 = "07ksfhadinaa20542gblrxi9pqz0v6y70a836hp3qr4037id4nm9";
}; };
nativeBuildInputs = [ autoreconfHook ]; nativeBuildInputs = [ autoreconfHook ];

8
pkgs/development/tools/cloudfoundry-cli/default.nix
View File

@ -2,17 +2,17 @@
buildGoPackage rec { buildGoPackage rec {
name = "cloudfoundry-cli-${version}"; name = "cloudfoundry-cli-${version}";
version = "6.32.0"; version = "6.36.1";
goPackagePath = "code.cloudfoundry.org/cli"; goPackagePath = "code.cloudfoundry.org/cli";
subPackages = [ "." ]; subPackages = [ "." ];
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "cloudfoundry";
repo = "cli";
rev = "v${version}"; rev = "v${version}";
owner = "cloudfoundry-attic"; sha256 = "19inl7qs2acs59p3gnl5zdsxym0wp2rn05q0zfg7rwf5sjh68amp";
repo = "cli-with-i18n";
sha256 = "16r8zvahn4b98krmyb8zq9370i6572dhz88bfxb3fnddcv6zy1ng";
}; };
outputs = [ "out" ]; outputs = [ "out" ];

9
pkgs/servers/dns/bind/default.nix
View File

@ -1,8 +1,10 @@
{ stdenv, lib, fetchurl, openssl, libtool, perl, libxml2 { stdenv, lib, fetchurl, openssl, libtool, perl, libxml2
, enablePython ? false, python3 ? null
, enableSeccomp ? false, libseccomp ? null, buildPackages , enableSeccomp ? false, libseccomp ? null, buildPackages
}: }:
assert enableSeccomp -> libseccomp != null; assert enableSeccomp -> libseccomp != null;
assert enablePython -> python3 != null;
let version = "9.12.1"; in let version = "9.12.1"; in
@ -20,8 +22,9 @@ stdenv.mkDerivation rec {
stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch; stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;
nativeBuildInputs = [ perl ]; nativeBuildInputs = [ perl ];
buildInputs = [ openssl libtool libxml2 ] ++ buildInputs = [ openssl libtool libxml2 ]
stdenv.lib.optional enableSeccomp libseccomp; ++ lib.optional enableSeccomp libseccomp
++ lib.optional enablePython python3;
STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase
@ -32,6 +35,7 @@ stdenv.mkDerivation rec {
"--with-libtool" "--with-libtool"
"--with-libxml2=${libxml2.dev}" "--with-libxml2=${libxml2.dev}"
"--with-openssl=${openssl.dev}" "--with-openssl=${openssl.dev}"
(if enablePython then "--with-python" else "--without-python")
"--without-atf" "--without-atf"
"--without-dlopen" "--without-dlopen"
"--without-docbook-xsl" "--without-docbook-xsl"
@ -41,7 +45,6 @@ stdenv.mkDerivation rec {
"--without-lmdb" "--without-lmdb"
"--without-pkcs11" "--without-pkcs11"
"--without-purify" "--without-purify"
"--without-python"
"--with-randomdev=/dev/random" "--with-randomdev=/dev/random"
"--with-ecdsa" "--with-ecdsa"
"--with-gost" "--with-gost"

26
pkgs/servers/monitoring/zipkin/default.nix Normal file
View File

@ -0,0 +1,26 @@
{stdenv, fetchurl, makeWrapper, jre}:
stdenv.mkDerivation rec {
version = "1.28.1";
name = "zipkin-server-${version}";
src = fetchurl {
url = "https://search.maven.org/remotecontent?filepath=io/zipkin/java/zipkin-server/${version}/zipkin-server-${version}-exec.jar";
sha256 = "02369fkv0kbl1isq6y26fh2zj5wxv3zck522m5wypsjlcfcw2apa";
};
buildInputs = [ makeWrapper ];
buildCommand =
''
mkdir -p $out/share/java
cp ${src} $out/share/java/zipkin-server-${version}-exec.jar
mkdir -p $out/bin
makeWrapper ${jre}/bin/java $out/bin/zipkin-server \
--add-flags "-cp $out/share/java/zipkin-server-${version}-exec.jar org.springframework.boot.loader.JarLauncher"
'';
meta = with stdenv.lib; {
description = "Zipkin distributed tracing system";
homepage = "http://zipkin.io/";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = [ maintainers.hectorj ];
};
}

10
pkgs/top-level/all-packages.nix
View File

@ -7644,9 +7644,7 @@ with pkgs;
cl-launch = callPackage ../development/tools/misc/cl-launch {}; cl-launch = callPackage ../development/tools/misc/cl-launch {};
cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli { cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli { };
go = go_1_9;
};
coan = callPackage ../development/tools/analysis/coan { }; coan = callPackage ../development/tools/analysis/coan { };
@ -12264,7 +12262,10 @@ with pkgs;
bftpd = callPackage ../servers/ftp/bftpd {}; bftpd = callPackage ../servers/ftp/bftpd {};
bind = callPackage ../servers/dns/bind { }; bind = callPackage ../servers/dns/bind {
enablePython = config.bind.enablePython or false;
python3 = python3.withPackages (ps: with ps; [ ply ]);
};
dnsutils = bind.dnsutils; dnsutils = bind.dnsutils;
inherit (callPackages ../servers/bird { }) inherit (callPackages ../servers/bird { })
@ -12946,6 +12947,7 @@ with pkgs;
zabbix20 = callPackage ../servers/monitoring/zabbix/2.0.nix { }; zabbix20 = callPackage ../servers/monitoring/zabbix/2.0.nix { };
zabbix22 = callPackage ../servers/monitoring/zabbix/2.2.nix { }; zabbix22 = callPackage ../servers/monitoring/zabbix/2.2.nix { };
zipkin = callPackage ../servers/monitoring/zipkin { };
### OS-SPECIFIC ### OS-SPECIFIC