Merge branch 'master' of github.com:NixOS/nixpkgs into feat/acme/delay

This commit is contained in:
Gregor Kleen 2018-04-21 22:34:01 +02:00
commit e11cb1d2a9
9 changed files with 239 additions and 36 deletions

View File

@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click
#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])'
# To use, just execute this script with --help to display help.
@ -16,7 +16,7 @@ maintainers_json = subprocess.check_output([
'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json'
])
maintainers = json.loads(maintainers_json)
MAINTAINERS = {v: k for k, v in maintainers.iteritems()}
MAINTAINERS = {v: k for k, v in maintainers.items()}
def get_response_text(url):
@ -45,6 +45,17 @@ def get_maintainers(attr_name):
except:
return []
def print_build(table_row):
a = pq(table_row)('a')[1]
print("- [ ] [{}]({})".format(a.text, a.get('href')), flush=True)
maintainers = get_maintainers(a.text)
if maintainers:
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
sys.stdout.flush()
@click.command()
@click.option(
@ -73,23 +84,17 @@ def cli(jobset):
# TODO: aborted evaluations
# TODO: dependency failed without propagated builds
print('\nFailures:')
for tr in d('img[alt="Failed"]').parents('tr'):
a = pq(tr)('a')[1]
print("- [ ] [{}]({})".format(a.text, a.get('href')))
print_build(tr)
sys.stdout.flush()
maintainers = get_maintainers(a.text)
if maintainers:
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
# TODO: print last three persons that touched this file
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
sys.stdout.flush()
print('\nDependency failures:')
for tr in d('img[alt="Dependency failed"]').parents('tr'):
print_build(tr)
if __name__ == "__main__":
try:
cli()
except:
except Exception as e:
import pdb;pdb.post_mortem()

View File

@ -6,6 +6,13 @@ let
cfg = config.services.boinc;
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
fhsEnv = pkgs.buildFHSUserEnv {
name = "boinc-fhs-env";
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
runScript = "/bin/boinc_client";
};
fhsEnvExecutable = "${fhsEnv}/bin/${fhsEnv.name}";
in
{
options.services.boinc = {
@ -49,6 +56,43 @@ in
See also: <link xlink:href="http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access"/>
'';
};
extraEnvPackages = mkOption {
type = types.listOf types.package;
default = [];
example = "[ pkgs.virtualbox ]";
description = ''
Additional packages to make available in the environment in which
BOINC will run. Common choices are:
<variablelist>
<varlistentry>
<term><varname>pkgs.virtualbox</varname></term>
<listitem><para>
The VirtualBox virtual machine framework. Required by some BOINC
projects, such as ATLAS@home.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>pkgs.ocl-icd</varname></term>
<listitem><para>
OpenCL infrastructure library. Required by BOINC projects that
use OpenCL, in addition to a device-specific OpenCL driver.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>pkgs.linuxPackages.nvidia_x11</varname></term>
<listitem><para>
Provides CUDA libraries. Required by BOINC projects that use
CUDA. Note that this requires an NVIDIA graphics device to be
present on the system.
</para><para>
Also provides OpenCL drivers for NVIDIA GPUs;
<varname>pkgs.ocl-icd</varname> is also needed in this case.
</para></listitem>
</varlistentry>
</variablelist>
'';
};
};
config = mkIf cfg.enable {
@ -70,7 +114,7 @@ in
chown boinc ${cfg.dataDir}
'';
script = ''
${cfg.package}/bin/boinc_client --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
'';
serviceConfig = {
PermissionsStartOnly = true; # preStart must be run as root

View File

@ -250,6 +250,46 @@ let
Use imports or pkgs.lib.readFile if you don't want this data in your config file.
'';
};
dnssec = mkEnableOption "DNSSEC";
dnssecPolicy = {
algorithm = mkOption {
type = types.str;
default = "RSASHA256";
description = "Which algorithm to use for DNSSEC";
};
keyttl = mkOption {
type = types.str;
default = "1h";
description = "TTL for dnssec records";
};
coverage = mkOption {
type = types.str;
default = "1y";
description = ''
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
'';
};
zsk = mkOption {
type = keyPolicy;
default = { keySize = 2048;
prePublish = "1w";
postPublish = "1w";
rollPeriod = "1mo";
};
description = "Key policy for zone signing keys";
};
ksk = mkOption {
type = keyPolicy;
default = { keySize = 4096;
prePublish = "1mo";
postPublish = "1mo";
rollPeriod = "0";
};
description = "Key policy for key signing keys";
};
};
maxRefreshSecs = mkOption {
type = types.nullOr types.int;
@ -367,10 +407,61 @@ let
and stats_noreset.
'';
};
};
};
keyPolicy = types.submodule {
options = {
keySize = mkOption {
type = types.int;
description = "Key size in bits";
};
prePublish = mkOption {
type = types.str;
description = "How long in advance to publish new keys";
};
postPublish = mkOption {
type = types.str;
description = "How long after deactivation to keep a key in the zone";
};
rollPeriod = mkOption {
type = types.str;
description = "How frequently to change keys";
};
};
};
dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs);
dnssec = length (attrNames dnssecZones) != 0;
signZones = optionalString dnssec ''
mkdir -p ${stateDir}/dnssec
chown ${username}:${username} ${stateDir}/dnssec
chmod 0600 ${stateDir}/dnssec
${concatStrings (mapAttrsToList signZone dnssecZones)}
'';
signZone = name: zone: ''
${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name}
${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
'';
policyFile = name: policy: pkgs.writeText "${name}.policy" ''
zone ${name} {
algorithm ${policy.algorithm};
key-size zsk ${toString policy.zsk.keySize};
key-size ksk ${toString policy.ksk.keySize};
keyttl ${policy.keyttl};
pre-publish zsk ${policy.zsk.prePublish};
pre-publish ksk ${policy.ksk.prePublish};
post-publish zsk ${policy.zsk.postPublish};
post-publish ksk ${policy.ksk.postPublish};
roll-period zsk ${policy.zsk.rollPeriod};
roll-period ksk ${policy.ksk.rollPeriod};
coverage ${policy.coverage};
};
'';
in
{
# options are ordered alphanumerically
@ -380,6 +471,14 @@ in
bind8Stats = mkEnableOption "BIND8 like statistics";
dnssecInterval = mkOption {
type = types.str;
default = "1h";
description = ''
How often to check whether dnssec key rollover is required
'';
};
extraConfig = mkOption {
type = types.str;
default = "";
@ -741,7 +840,6 @@ in
};
zones = mkOption {
type = types.attrsOf zoneOptions;
default = {};
@ -785,7 +883,6 @@ in
serverGroup1.
'';
};
};
config = mkIf cfg.enable {
@ -832,9 +929,9 @@ in
mkdir -m 0700 -p "${stateDir}/var"
cat > "${stateDir}/don't touch anything in here" << EOF
Everything in this directory except NSD's state in var is
automatically generated and will be purged and redeployed
by the nsd.service pre-start script.
Everything in this directory except NSD's state in var and dnssec
is automatically generated and will be purged and redeployed by
the nsd.service pre-start script.
EOF
chown ${username}:${username} -R "${stateDir}/private"
@ -848,6 +945,34 @@ in
'';
};
nixpkgs.config = mkIf dnssec {
bind.enablePython = true;
};
systemd.timers."nsd-dnssec" = mkIf dnssec {
description = "Automatic DNSSEC key rollover";
wantedBy = [ "nsd.service" ];
timerConfig = {
OnActiveSec = cfg.dnssecInterval;
OnUnitActiveSec = cfg.dnssecInterval;
};
};
systemd.services."nsd-dnssec" = mkIf dnssec {
description = "DNSSEC key rollover";
wantedBy = [ "nsd.service" ];
before = [ "nsd.service" ];
script = signZones;
postStop = ''
${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service
'';
};
};
meta.maintainers = with lib.maintainers; [ hrdinka ];

View File

@ -22,8 +22,6 @@ pkgs.stdenv.mkDerivation (
HOME=$TMPDIR
runHook preConfigure
# probably requires autotools as dependency
./autogen.sh
emconfigure ./configure --prefix=$out
runHook postConfigure

View File

@ -2,13 +2,13 @@
stdenv.mkDerivation rec {
name = "libupnp-${version}";
version = "1.8.3";
version = "1.6.21";
src = fetchFromGitHub {
owner = "mrjimenez";
repo = "pupnp";
rev = "release-${version}";
sha256 = "1w0kfq1pg3y2wl6gwkm1w872g0qz29w1z9wj08xxmwnk5mkpvsrl";
sha256 = "07ksfhadinaa20542gblrxi9pqz0v6y70a836hp3qr4037id4nm9";
};
nativeBuildInputs = [ autoreconfHook ];

View File

@ -2,17 +2,17 @@
buildGoPackage rec {
name = "cloudfoundry-cli-${version}";
version = "6.32.0";
version = "6.36.1";
goPackagePath = "code.cloudfoundry.org/cli";
subPackages = [ "." ];
src = fetchFromGitHub {
owner = "cloudfoundry";
repo = "cli";
rev = "v${version}";
owner = "cloudfoundry-attic";
repo = "cli-with-i18n";
sha256 = "16r8zvahn4b98krmyb8zq9370i6572dhz88bfxb3fnddcv6zy1ng";
sha256 = "19inl7qs2acs59p3gnl5zdsxym0wp2rn05q0zfg7rwf5sjh68amp";
};
outputs = [ "out" ];

View File

@ -1,8 +1,10 @@
{ stdenv, lib, fetchurl, openssl, libtool, perl, libxml2
, enablePython ? false, python3 ? null
, enableSeccomp ? false, libseccomp ? null, buildPackages
}:
assert enableSeccomp -> libseccomp != null;
assert enablePython -> python3 != null;
let version = "9.12.1"; in
@ -20,8 +22,9 @@ stdenv.mkDerivation rec {
stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;
nativeBuildInputs = [ perl ];
buildInputs = [ openssl libtool libxml2 ] ++
stdenv.lib.optional enableSeccomp libseccomp;
buildInputs = [ openssl libtool libxml2 ]
++ lib.optional enableSeccomp libseccomp
++ lib.optional enablePython python3;
STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase
@ -32,6 +35,7 @@ stdenv.mkDerivation rec {
"--with-libtool"
"--with-libxml2=${libxml2.dev}"
"--with-openssl=${openssl.dev}"
(if enablePython then "--with-python" else "--without-python")
"--without-atf"
"--without-dlopen"
"--without-docbook-xsl"
@ -41,7 +45,6 @@ stdenv.mkDerivation rec {
"--without-lmdb"
"--without-pkcs11"
"--without-purify"
"--without-python"
"--with-randomdev=/dev/random"
"--with-ecdsa"
"--with-gost"

View File

@ -0,0 +1,26 @@
{stdenv, fetchurl, makeWrapper, jre}:
stdenv.mkDerivation rec {
version = "1.28.1";
name = "zipkin-server-${version}";
src = fetchurl {
url = "https://search.maven.org/remotecontent?filepath=io/zipkin/java/zipkin-server/${version}/zipkin-server-${version}-exec.jar";
sha256 = "02369fkv0kbl1isq6y26fh2zj5wxv3zck522m5wypsjlcfcw2apa";
};
buildInputs = [ makeWrapper ];
buildCommand =
''
mkdir -p $out/share/java
cp ${src} $out/share/java/zipkin-server-${version}-exec.jar
mkdir -p $out/bin
makeWrapper ${jre}/bin/java $out/bin/zipkin-server \
--add-flags "-cp $out/share/java/zipkin-server-${version}-exec.jar org.springframework.boot.loader.JarLauncher"
'';
meta = with stdenv.lib; {
description = "Zipkin distributed tracing system";
homepage = "http://zipkin.io/";
license = licenses.asl20;
platforms = platforms.unix;
maintainers = [ maintainers.hectorj ];
};
}

View File

@ -7644,9 +7644,7 @@ with pkgs;
cl-launch = callPackage ../development/tools/misc/cl-launch {};
cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli {
go = go_1_9;
};
cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli { };
coan = callPackage ../development/tools/analysis/coan { };
@ -12264,7 +12262,10 @@ with pkgs;
bftpd = callPackage ../servers/ftp/bftpd {};
bind = callPackage ../servers/dns/bind { };
bind = callPackage ../servers/dns/bind {
enablePython = config.bind.enablePython or false;
python3 = python3.withPackages (ps: with ps; [ ply ]);
};
dnsutils = bind.dnsutils;
inherit (callPackages ../servers/bird { })
@ -12946,6 +12947,7 @@ with pkgs;
zabbix20 = callPackage ../servers/monitoring/zabbix/2.0.nix { };
zabbix22 = callPackage ../servers/monitoring/zabbix/2.2.nix { };
zipkin = callPackage ../servers/monitoring/zipkin { };
### OS-SPECIFIC