Merge branch 'master' of github.com:NixOS/nixpkgs into feat/acme/delay
This commit is contained in:
commit
e11cb1d2a9
|
@ -1,5 +1,5 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click
|
||||
#!nix-shell -i python3 -p 'python3.withPackages(ps: with ps; [ requests pyquery click ])'
|
||||
|
||||
# To use, just execute this script with --help to display help.
|
||||
|
||||
|
@ -16,7 +16,7 @@ maintainers_json = subprocess.check_output([
|
|||
'nix-instantiate', '-E', 'import ./maintainers/maintainer-list.nix {}', '--eval', '--json'
|
||||
])
|
||||
maintainers = json.loads(maintainers_json)
|
||||
MAINTAINERS = {v: k for k, v in maintainers.iteritems()}
|
||||
MAINTAINERS = {v: k for k, v in maintainers.items()}
|
||||
|
||||
|
||||
def get_response_text(url):
|
||||
|
@ -45,6 +45,17 @@ def get_maintainers(attr_name):
|
|||
except:
|
||||
return []
|
||||
|
||||
def print_build(table_row):
|
||||
a = pq(table_row)('a')[1]
|
||||
print("- [ ] [{}]({})".format(a.text, a.get('href')), flush=True)
|
||||
|
||||
maintainers = get_maintainers(a.text)
|
||||
if maintainers:
|
||||
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
|
||||
# TODO: print last three persons that touched this file
|
||||
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
|
||||
|
||||
sys.stdout.flush()
|
||||
|
||||
@click.command()
|
||||
@click.option(
|
||||
|
@ -73,23 +84,17 @@ def cli(jobset):
|
|||
|
||||
# TODO: aborted evaluations
|
||||
# TODO: dependency failed without propagated builds
|
||||
print('\nFailures:')
|
||||
for tr in d('img[alt="Failed"]').parents('tr'):
|
||||
a = pq(tr)('a')[1]
|
||||
print("- [ ] [{}]({})".format(a.text, a.get('href')))
|
||||
print_build(tr)
|
||||
|
||||
sys.stdout.flush()
|
||||
|
||||
maintainers = get_maintainers(a.text)
|
||||
if maintainers:
|
||||
print(" - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers))))
|
||||
# TODO: print last three persons that touched this file
|
||||
# TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
|
||||
|
||||
sys.stdout.flush()
|
||||
print('\nDependency failures:')
|
||||
for tr in d('img[alt="Dependency failed"]').parents('tr'):
|
||||
print_build(tr)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
try:
|
||||
cli()
|
||||
except:
|
||||
except Exception as e:
|
||||
import pdb;pdb.post_mortem()
|
||||
|
|
|
@ -6,6 +6,13 @@ let
|
|||
cfg = config.services.boinc;
|
||||
allowRemoteGuiRpcFlag = optionalString cfg.allowRemoteGuiRpc "--allow_remote_gui_rpc";
|
||||
|
||||
fhsEnv = pkgs.buildFHSUserEnv {
|
||||
name = "boinc-fhs-env";
|
||||
targetPkgs = pkgs': [ cfg.package ] ++ cfg.extraEnvPackages;
|
||||
runScript = "/bin/boinc_client";
|
||||
};
|
||||
fhsEnvExecutable = "${fhsEnv}/bin/${fhsEnv.name}";
|
||||
|
||||
in
|
||||
{
|
||||
options.services.boinc = {
|
||||
|
@ -49,6 +56,43 @@ in
|
|||
See also: <link xlink:href="http://boinc.berkeley.edu/wiki/Controlling_BOINC_remotely#Remote_access"/>
|
||||
'';
|
||||
};
|
||||
|
||||
extraEnvPackages = mkOption {
|
||||
type = types.listOf types.package;
|
||||
default = [];
|
||||
example = "[ pkgs.virtualbox ]";
|
||||
description = ''
|
||||
Additional packages to make available in the environment in which
|
||||
BOINC will run. Common choices are:
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><varname>pkgs.virtualbox</varname></term>
|
||||
<listitem><para>
|
||||
The VirtualBox virtual machine framework. Required by some BOINC
|
||||
projects, such as ATLAS@home.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>pkgs.ocl-icd</varname></term>
|
||||
<listitem><para>
|
||||
OpenCL infrastructure library. Required by BOINC projects that
|
||||
use OpenCL, in addition to a device-specific OpenCL driver.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><varname>pkgs.linuxPackages.nvidia_x11</varname></term>
|
||||
<listitem><para>
|
||||
Provides CUDA libraries. Required by BOINC projects that use
|
||||
CUDA. Note that this requires an NVIDIA graphics device to be
|
||||
present on the system.
|
||||
</para><para>
|
||||
Also provides OpenCL drivers for NVIDIA GPUs;
|
||||
<varname>pkgs.ocl-icd</varname> is also needed in this case.
|
||||
</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -70,7 +114,7 @@ in
|
|||
chown boinc ${cfg.dataDir}
|
||||
'';
|
||||
script = ''
|
||||
${cfg.package}/bin/boinc_client --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
|
||||
${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}
|
||||
'';
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = true; # preStart must be run as root
|
||||
|
|
|
@ -250,6 +250,46 @@ let
|
|||
Use imports or pkgs.lib.readFile if you don't want this data in your config file.
|
||||
'';
|
||||
};
|
||||
|
||||
dnssec = mkEnableOption "DNSSEC";
|
||||
|
||||
dnssecPolicy = {
|
||||
algorithm = mkOption {
|
||||
type = types.str;
|
||||
default = "RSASHA256";
|
||||
description = "Which algorithm to use for DNSSEC";
|
||||
};
|
||||
keyttl = mkOption {
|
||||
type = types.str;
|
||||
default = "1h";
|
||||
description = "TTL for dnssec records";
|
||||
};
|
||||
coverage = mkOption {
|
||||
type = types.str;
|
||||
default = "1y";
|
||||
description = ''
|
||||
The length of time to ensure that keys will be correct; no action will be taken to create new keys to be activated after this time.
|
||||
'';
|
||||
};
|
||||
zsk = mkOption {
|
||||
type = keyPolicy;
|
||||
default = { keySize = 2048;
|
||||
prePublish = "1w";
|
||||
postPublish = "1w";
|
||||
rollPeriod = "1mo";
|
||||
};
|
||||
description = "Key policy for zone signing keys";
|
||||
};
|
||||
ksk = mkOption {
|
||||
type = keyPolicy;
|
||||
default = { keySize = 4096;
|
||||
prePublish = "1mo";
|
||||
postPublish = "1mo";
|
||||
rollPeriod = "0";
|
||||
};
|
||||
description = "Key policy for key signing keys";
|
||||
};
|
||||
};
|
||||
|
||||
maxRefreshSecs = mkOption {
|
||||
type = types.nullOr types.int;
|
||||
|
@ -367,10 +407,61 @@ let
|
|||
and stats_noreset.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
keyPolicy = types.submodule {
|
||||
options = {
|
||||
keySize = mkOption {
|
||||
type = types.int;
|
||||
description = "Key size in bits";
|
||||
};
|
||||
prePublish = mkOption {
|
||||
type = types.str;
|
||||
description = "How long in advance to publish new keys";
|
||||
};
|
||||
postPublish = mkOption {
|
||||
type = types.str;
|
||||
description = "How long after deactivation to keep a key in the zone";
|
||||
};
|
||||
rollPeriod = mkOption {
|
||||
type = types.str;
|
||||
description = "How frequently to change keys";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
dnssecZones = (filterAttrs (n: v: if v ? dnssec then v.dnssec else false) zoneConfigs);
|
||||
|
||||
dnssec = length (attrNames dnssecZones) != 0;
|
||||
|
||||
signZones = optionalString dnssec ''
|
||||
mkdir -p ${stateDir}/dnssec
|
||||
chown ${username}:${username} ${stateDir}/dnssec
|
||||
chmod 0600 ${stateDir}/dnssec
|
||||
|
||||
${concatStrings (mapAttrsToList signZone dnssecZones)}
|
||||
'';
|
||||
signZone = name: zone: ''
|
||||
${pkgs.bind}/bin/dnssec-keymgr -g ${pkgs.bind}/bin/dnssec-keygen -s ${pkgs.bind}/bin/dnssec-settime -K ${stateDir}/dnssec -c ${policyFile name zone.dnssecPolicy} ${name}
|
||||
${pkgs.bind}/bin/dnssec-signzone -S -K ${stateDir}/dnssec -o ${name} -O full -N date ${stateDir}/zones/${name}
|
||||
${nsdPkg}/sbin/nsd-checkzone ${name} ${stateDir}/zones/${name}.signed && mv -v ${stateDir}/zones/${name}.signed ${stateDir}/zones/${name}
|
||||
'';
|
||||
policyFile = name: policy: pkgs.writeText "${name}.policy" ''
|
||||
zone ${name} {
|
||||
algorithm ${policy.algorithm};
|
||||
key-size zsk ${toString policy.zsk.keySize};
|
||||
key-size ksk ${toString policy.ksk.keySize};
|
||||
keyttl ${policy.keyttl};
|
||||
pre-publish zsk ${policy.zsk.prePublish};
|
||||
pre-publish ksk ${policy.ksk.prePublish};
|
||||
post-publish zsk ${policy.zsk.postPublish};
|
||||
post-publish ksk ${policy.ksk.postPublish};
|
||||
roll-period zsk ${policy.zsk.rollPeriod};
|
||||
roll-period ksk ${policy.ksk.rollPeriod};
|
||||
coverage ${policy.coverage};
|
||||
};
|
||||
'';
|
||||
in
|
||||
{
|
||||
# options are ordered alphanumerically
|
||||
|
@ -380,6 +471,14 @@ in
|
|||
|
||||
bind8Stats = mkEnableOption "BIND8 like statistics";
|
||||
|
||||
dnssecInterval = mkOption {
|
||||
type = types.str;
|
||||
default = "1h";
|
||||
description = ''
|
||||
How often to check whether dnssec key rollover is required
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
|
@ -741,7 +840,6 @@ in
|
|||
|
||||
};
|
||||
|
||||
|
||||
zones = mkOption {
|
||||
type = types.attrsOf zoneOptions;
|
||||
default = {};
|
||||
|
@ -785,7 +883,6 @@ in
|
|||
serverGroup1.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -832,9 +929,9 @@ in
|
|||
mkdir -m 0700 -p "${stateDir}/var"
|
||||
|
||||
cat > "${stateDir}/don't touch anything in here" << EOF
|
||||
Everything in this directory except NSD's state in var is
|
||||
automatically generated and will be purged and redeployed
|
||||
by the nsd.service pre-start script.
|
||||
Everything in this directory except NSD's state in var and dnssec
|
||||
is automatically generated and will be purged and redeployed by
|
||||
the nsd.service pre-start script.
|
||||
EOF
|
||||
|
||||
chown ${username}:${username} -R "${stateDir}/private"
|
||||
|
@ -848,6 +945,34 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
nixpkgs.config = mkIf dnssec {
|
||||
bind.enablePython = true;
|
||||
};
|
||||
|
||||
systemd.timers."nsd-dnssec" = mkIf dnssec {
|
||||
description = "Automatic DNSSEC key rollover";
|
||||
|
||||
wantedBy = [ "nsd.service" ];
|
||||
|
||||
timerConfig = {
|
||||
OnActiveSec = cfg.dnssecInterval;
|
||||
OnUnitActiveSec = cfg.dnssecInterval;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."nsd-dnssec" = mkIf dnssec {
|
||||
description = "DNSSEC key rollover";
|
||||
|
||||
wantedBy = [ "nsd.service" ];
|
||||
before = [ "nsd.service" ];
|
||||
|
||||
script = signZones;
|
||||
|
||||
postStop = ''
|
||||
${pkgs.systemd}/bin/systemctl kill -s SIGHUP nsd.service
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
meta.maintainers = with lib.maintainers; [ hrdinka ];
|
||||
|
|
|
@ -22,8 +22,6 @@ pkgs.stdenv.mkDerivation (
|
|||
HOME=$TMPDIR
|
||||
runHook preConfigure
|
||||
|
||||
# probably requires autotools as dependency
|
||||
./autogen.sh
|
||||
emconfigure ./configure --prefix=$out
|
||||
|
||||
runHook postConfigure
|
||||
|
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "libupnp-${version}";
|
||||
version = "1.8.3";
|
||||
version = "1.6.21";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mrjimenez";
|
||||
repo = "pupnp";
|
||||
rev = "release-${version}";
|
||||
sha256 = "1w0kfq1pg3y2wl6gwkm1w872g0qz29w1z9wj08xxmwnk5mkpvsrl";
|
||||
sha256 = "07ksfhadinaa20542gblrxi9pqz0v6y70a836hp3qr4037id4nm9";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook ];
|
||||
|
|
|
@ -2,17 +2,17 @@
|
|||
|
||||
buildGoPackage rec {
|
||||
name = "cloudfoundry-cli-${version}";
|
||||
version = "6.32.0";
|
||||
version = "6.36.1";
|
||||
|
||||
goPackagePath = "code.cloudfoundry.org/cli";
|
||||
|
||||
subPackages = [ "." ];
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cloudfoundry";
|
||||
repo = "cli";
|
||||
rev = "v${version}";
|
||||
owner = "cloudfoundry-attic";
|
||||
repo = "cli-with-i18n";
|
||||
sha256 = "16r8zvahn4b98krmyb8zq9370i6572dhz88bfxb3fnddcv6zy1ng";
|
||||
sha256 = "19inl7qs2acs59p3gnl5zdsxym0wp2rn05q0zfg7rwf5sjh68amp";
|
||||
};
|
||||
|
||||
outputs = [ "out" ];
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ stdenv, lib, fetchurl, openssl, libtool, perl, libxml2
|
||||
, enablePython ? false, python3 ? null
|
||||
, enableSeccomp ? false, libseccomp ? null, buildPackages
|
||||
}:
|
||||
|
||||
assert enableSeccomp -> libseccomp != null;
|
||||
assert enablePython -> python3 != null;
|
||||
|
||||
let version = "9.12.1"; in
|
||||
|
||||
|
@ -20,8 +22,9 @@ stdenv.mkDerivation rec {
|
|||
stdenv.lib.optional stdenv.isDarwin ./darwin-openssl-linking-fix.patch;
|
||||
|
||||
nativeBuildInputs = [ perl ];
|
||||
buildInputs = [ openssl libtool libxml2 ] ++
|
||||
stdenv.lib.optional enableSeccomp libseccomp;
|
||||
buildInputs = [ openssl libtool libxml2 ]
|
||||
++ lib.optional enableSeccomp libseccomp
|
||||
++ lib.optional enablePython python3;
|
||||
|
||||
STD_CDEFINES = [ "-DDIG_SIGCHASE=1" ]; # support +sigchase
|
||||
|
||||
|
@ -32,6 +35,7 @@ stdenv.mkDerivation rec {
|
|||
"--with-libtool"
|
||||
"--with-libxml2=${libxml2.dev}"
|
||||
"--with-openssl=${openssl.dev}"
|
||||
(if enablePython then "--with-python" else "--without-python")
|
||||
"--without-atf"
|
||||
"--without-dlopen"
|
||||
"--without-docbook-xsl"
|
||||
|
@ -41,7 +45,6 @@ stdenv.mkDerivation rec {
|
|||
"--without-lmdb"
|
||||
"--without-pkcs11"
|
||||
"--without-purify"
|
||||
"--without-python"
|
||||
"--with-randomdev=/dev/random"
|
||||
"--with-ecdsa"
|
||||
"--with-gost"
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
{stdenv, fetchurl, makeWrapper, jre}:
|
||||
stdenv.mkDerivation rec {
|
||||
version = "1.28.1";
|
||||
name = "zipkin-server-${version}";
|
||||
src = fetchurl {
|
||||
url = "https://search.maven.org/remotecontent?filepath=io/zipkin/java/zipkin-server/${version}/zipkin-server-${version}-exec.jar";
|
||||
sha256 = "02369fkv0kbl1isq6y26fh2zj5wxv3zck522m5wypsjlcfcw2apa";
|
||||
};
|
||||
buildInputs = [ makeWrapper ];
|
||||
|
||||
buildCommand =
|
||||
''
|
||||
mkdir -p $out/share/java
|
||||
cp ${src} $out/share/java/zipkin-server-${version}-exec.jar
|
||||
mkdir -p $out/bin
|
||||
makeWrapper ${jre}/bin/java $out/bin/zipkin-server \
|
||||
--add-flags "-cp $out/share/java/zipkin-server-${version}-exec.jar org.springframework.boot.loader.JarLauncher"
|
||||
'';
|
||||
meta = with stdenv.lib; {
|
||||
description = "Zipkin distributed tracing system";
|
||||
homepage = "http://zipkin.io/";
|
||||
license = licenses.asl20;
|
||||
platforms = platforms.unix;
|
||||
maintainers = [ maintainers.hectorj ];
|
||||
};
|
||||
}
|
|
@ -7644,9 +7644,7 @@ with pkgs;
|
|||
|
||||
cl-launch = callPackage ../development/tools/misc/cl-launch {};
|
||||
|
||||
cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli {
|
||||
go = go_1_9;
|
||||
};
|
||||
cloudfoundry-cli = callPackage ../development/tools/cloudfoundry-cli { };
|
||||
|
||||
coan = callPackage ../development/tools/analysis/coan { };
|
||||
|
||||
|
@ -12264,7 +12262,10 @@ with pkgs;
|
|||
|
||||
bftpd = callPackage ../servers/ftp/bftpd {};
|
||||
|
||||
bind = callPackage ../servers/dns/bind { };
|
||||
bind = callPackage ../servers/dns/bind {
|
||||
enablePython = config.bind.enablePython or false;
|
||||
python3 = python3.withPackages (ps: with ps; [ ply ]);
|
||||
};
|
||||
dnsutils = bind.dnsutils;
|
||||
|
||||
inherit (callPackages ../servers/bird { })
|
||||
|
@ -12946,6 +12947,7 @@ with pkgs;
|
|||
zabbix20 = callPackage ../servers/monitoring/zabbix/2.0.nix { };
|
||||
zabbix22 = callPackage ../servers/monitoring/zabbix/2.2.nix { };
|
||||
|
||||
zipkin = callPackage ../servers/monitoring/zipkin { };
|
||||
|
||||
### OS-SPECIFIC
|
||||
|
||||
|
|
Loading…
Reference in New Issue