diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f222af230bb..e819d451fd5 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -12,7 +12,7 @@ # Libraries /lib @edolstra @nbp -/lib/systems @nbp @ericson2314 +/lib/systems @nbp @ericson2314 @matthewbauer /lib/generators.nix @edolstra @nbp @Profpatsch /lib/debug.nix @edolstra @nbp @Profpatsch @@ -20,9 +20,11 @@ /default.nix @nbp /pkgs/top-level/default.nix @nbp @Ericson2314 /pkgs/top-level/impure.nix @nbp @Ericson2314 -/pkgs/top-level/stage.nix @nbp @Ericson2314 -/pkgs/stdenv/generic @Ericson2314 -/pkgs/stdenv/cross @Ericson2314 +/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer +/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer +/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer +/pkgs/stdenv/generic @Ericson2314 @matthewbauer +/pkgs/stdenv/cross @Ericson2314 @matthewbauer /pkgs/build-support/cc-wrapper @Ericson2314 @orivej /pkgs/build-support/bintools-wrapper @Ericson2314 @orivej /pkgs/build-support/setup-hooks @Ericson2314 @@ -74,6 +76,14 @@ /pkgs/stdenv/darwin @NixOS/darwin-maintainers /pkgs/os-specific/darwin @NixOS/darwin-maintainers +# C compilers +/pkgs/development/compilers/gcc @matthewbauer +/pkgs/development/compilers/llvm @matthewbauer + +# Compatibility stuff +/pkgs/top-level/unix-tools.nix @matthewbauer +/pkgs/development/tools/xcbuild @matthewbauer + # Beam-related (Erlang, Elixir, LFE, etc) /pkgs/development/beam-modules @gleber /pkgs/development/interpreters/erlang @gleber diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index c8f32c0b909..ec4289f19ea 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -4163,6 +4163,11 @@ github = "taku0"; name = "Takuo Yonezawa"; }; + talyz = { + email = "kim.lindberger@gmail.com"; + github = "talyz"; + name = "Kim Lindberger"; + }; tari = { email = "peter@taricorp.net"; github = "tari"; diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 8ea831afb7c..ce1cb6ad37f 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -14,15 +14,16 @@ let pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url; pgSuperUser = config.services.postgresql.superUser; - databaseYml = '' - production: - adapter: postgresql - database: ${cfg.databaseName} - host: ${cfg.databaseHost} - password: ${cfg.databasePassword} - username: ${cfg.databaseUsername} - encoding: utf8 - ''; + databaseConfig = { + production = { + adapter = "postgresql"; + database = cfg.databaseName; + host = cfg.databaseHost; + password = cfg.databasePassword; + username = cfg.databaseUsername; + encoding = "utf8"; + }; + }; gitalyToml = pkgs.writeText "gitaly.toml" '' socket_path = "${lib.escape ["\""] gitalySocket}" @@ -45,35 +46,31 @@ let '') gitlabConfig.production.repositories.storages))} ''; - gitlabShellYml = '' - user: ${cfg.user} - gitlab_url: "http+unix://${pathUrlQuote gitlabSocket}" - http_settings: - self_signed_cert: false - repos_path: "${cfg.statePath}/repositories" - secret_file: "${cfg.statePath}/config/gitlab_shell_secret" - log_file: "${cfg.statePath}/log/gitlab-shell.log" - custom_hooks_dir: "${cfg.statePath}/custom_hooks" - redis: - bin: ${pkgs.redis}/bin/redis-cli - host: 127.0.0.1 - port: 6379 - database: 0 - namespace: resque:gitlab - ''; + gitlabShellConfig = { + user = cfg.user; + gitlab_url = "http+unix://${pathUrlQuote gitlabSocket}"; + http_settings.self_signed_cert = false; + repos_path = "${cfg.statePath}/repositories"; + secret_file = "${cfg.statePath}/config/gitlab_shell_secret"; + log_file = "${cfg.statePath}/log/gitlab-shell.log"; + custom_hooks_dir = "${cfg.statePath}/custom_hooks"; + redis = { + bin = "${pkgs.redis}/bin/redis-cli"; + host = "127.0.0.1"; + port = 6379; + database = 0; + namespace = "resque:gitlab"; + }; + }; - redisYml = '' - production: - url: redis://localhost:6379/ - ''; + redisConfig.production.url = "redis://localhost:6379/"; - secretsYml = '' - production: - secret_key_base: ${cfg.secrets.secret} - otp_key_base: ${cfg.secrets.otp} - db_key_base: ${cfg.secrets.db} - openid_connect_signing_key: ${builtins.toJSON cfg.secrets.jws} - ''; + secretsConfig.production = { + secret_key_base = cfg.secrets.secret; + otp_key_base = cfg.secrets.otp; + db_key_base = cfg.secrets.db; + openid_connect_signing_key = cfg.secrets.jws; + }; gitlabConfig = { # These are the default settings from config/gitlab.example.yml @@ -115,12 +112,8 @@ let upload_pack = true; receive_pack = true; }; - workhorse = { - secret_file = "${cfg.statePath}/.gitlab_workhorse_secret"; - }; - git = { - bin_path = "git"; - }; + workhorse.secret_file = "${cfg.statePath}/.gitlab_workhorse_secret"; + git.bin_path = "git"; monitoring = { ip_whitelist = [ "127.0.0.0/8" "::1/128" ]; sidekiq_exporter = { @@ -138,7 +131,7 @@ let HOME = "${cfg.statePath}/home"; UNICORN_PATH = "${cfg.statePath}/"; GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/"; - GITLAB_STATE_PATH = "${cfg.statePath}"; + GITLAB_STATE_PATH = cfg.statePath; GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads"; SCHEMA = "${cfg.statePath}/db/schema.rb"; GITLAB_LOG_PATH = "${cfg.statePath}/log"; @@ -146,13 +139,11 @@ let GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/shell/config.yml"; GITLAB_SHELL_SECRET_PATH = "${cfg.statePath}/config/gitlab_shell_secret"; GITLAB_SHELL_HOOKS_PATH = "${cfg.statePath}/shell/hooks"; - GITLAB_REDIS_CONFIG_FILE = pkgs.writeText "gitlab-redis.yml" redisYml; + GITLAB_REDIS_CONFIG_FILE = pkgs.writeText "redis.yml" (builtins.toJSON redisConfig); prometheus_multiproc_dir = "/run/gitlab"; RAILS_ENV = "production"; }; - unicornConfig = builtins.readFile ./defaultUnicornConfig.rb; - gitlab-rake = pkgs.stdenv.mkDerivation rec { name = "gitlab-rake"; buildInputs = [ pkgs.makeWrapper ]; @@ -162,7 +153,6 @@ let mkdir -p $out/bin makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ - --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \ --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \ --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ --run 'cd ${cfg.packages.gitlab}/share/gitlab' @@ -306,7 +296,6 @@ in { initialRootPassword = mkOption { type = types.str; - default = "UseNixOS!"; description = '' Initial password of the root account if this is a new install. ''; @@ -461,10 +450,30 @@ in { } ]; + systemd.tmpfiles.rules = [ + "d /run/gitlab 0755 ${cfg.user} ${cfg.group} -" + "d ${gitlabEnv.HOME} 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.backupPath} 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/db 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/log 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/repositories 2770 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/shell 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/tmp/pids 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/tmp/sockets 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/uploads 0700 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/custom_hooks/pre-receive.d 0700 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/custom_hooks/post-receive.d 0700 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/custom_hooks/update.d 0700 ${cfg.user} ${cfg.group} -" + "d ${gitlabConfig.production.shared.path}/artifacts 0750 ${cfg.user} ${cfg.group} -" + "d ${gitlabConfig.production.shared.path}/lfs-objects 0750 ${cfg.user} ${cfg.group} -" + "d ${gitlabConfig.production.shared.path}/pages 0750 ${cfg.user} ${cfg.group} -" + ]; + systemd.services.gitlab-sidekiq = { - after = [ "network.target" "redis.service" ]; + after = [ "network.target" "redis.service" "gitlab.service" ]; wantedBy = [ "multi-user.target" ]; - partOf = [ "gitlab.service" ]; environment = gitlabEnv; path = with pkgs; [ config.services.postgresql.package @@ -486,10 +495,8 @@ in { }; systemd.services.gitaly = { - after = [ "network.target" "gitlab.service" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment.HOME = gitlabEnv.HOME; - environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH; path = with pkgs; [ gitAndTools.git cfg.packages.gitaly.rubyEnv cfg.packages.gitaly.rubyEnv.wrappedRuby ]; serviceConfig = { Type = "simple"; @@ -505,8 +512,6 @@ in { systemd.services.gitlab-workhorse = { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment.HOME = gitlabEnv.HOME; - environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH; path = with pkgs; [ gitAndTools.git gnutar @@ -514,10 +519,6 @@ in { openssh gitlab-workhorse ]; - preStart = '' - mkdir -p /run/gitlab - chown ${cfg.user}:${cfg.group} /run/gitlab - ''; serviceConfig = { PermissionsStartOnly = true; # preStart must be run as root Type = "simple"; @@ -538,7 +539,7 @@ in { }; systemd.services.gitlab = { - after = [ "network.target" "postgresql.service" "redis.service" ]; + after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "postgresql.service" "redis.service" ]; requires = [ "gitlab-sidekiq.service" ]; wantedBy = [ "multi-user.target" ]; environment = gitlabEnv; @@ -551,102 +552,75 @@ in { gnupg ]; preStart = '' - mkdir -p ${cfg.backupPath} - mkdir -p ${cfg.statePath}/builds - mkdir -p ${cfg.statePath}/repositories - mkdir -p ${gitlabConfig.production.shared.path}/artifacts - mkdir -p ${gitlabConfig.production.shared.path}/lfs-objects - mkdir -p ${gitlabConfig.production.shared.path}/pages - mkdir -p ${cfg.statePath}/log - mkdir -p ${cfg.statePath}/tmp/pids - mkdir -p ${cfg.statePath}/tmp/sockets - mkdir -p ${cfg.statePath}/shell - mkdir -p ${cfg.statePath}/db - mkdir -p ${cfg.statePath}/uploads - mkdir -p ${cfg.statePath}/custom_hooks/pre-receive.d - mkdir -p ${cfg.statePath}/custom_hooks/post-receive.d - mkdir -p ${cfg.statePath}/custom_hooks/update.d - - rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks - mkdir -p ${cfg.statePath}/config - ${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/config/gitlab_shell_secret - mkdir -p /run/gitlab - mkdir -p ${cfg.statePath}/log - [ -d /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log - [ -d /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp - [ -d /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads - ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml - chown -R ${cfg.user}:${cfg.group} /run/gitlab - - # Prepare home directory - mkdir -p ${gitlabEnv.HOME}/.ssh - touch ${gitlabEnv.HOME}/.ssh/authorized_keys - chown -R ${cfg.user}:${cfg.group} ${gitlabEnv.HOME}/ - cp -rf ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config - ${optionalString cfg.smtp.enable '' - ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb - ''} - ln -sf ${cfg.statePath}/config /run/gitlab/config if [ -e ${cfg.statePath}/lib ]; then rm ${cfg.statePath}/lib fi - ln -sf ${pkgs.gitlab}/share/gitlab/lib ${cfg.statePath}/lib + + ln -sf ${cfg.packages.gitlab}/share/gitlab/lib ${cfg.statePath}/lib + [ -L /run/gitlab/config ] || ln -sf ${cfg.statePath}/config /run/gitlab/config + [ -L /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log + [ -L /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp + [ -L /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads + ${optionalString cfg.smtp.enable '' + ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb + ''} cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION # JSON is a subset of YAML - ln -fs ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml - ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.statePath}/config/database.yml - ln -fs ${pkgs.writeText "secrets.yml" secretsYml} ${cfg.statePath}/config/secrets.yml - ln -fs ${pkgs.writeText "unicorn.rb" unicornConfig} ${cfg.statePath}/config/unicorn.rb + ln -sf ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml + ln -sf ${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} ${cfg.statePath}/config/database.yml + ln -sf ${pkgs.writeText "secrets.yml" (builtins.toJSON secretsConfig)} ${cfg.statePath}/config/secrets.yml + ln -sf ${./defaultUnicornConfig.rb} ${cfg.statePath}/config/unicorn.rb + + # Install the shell required to push repositories + ln -sf ${pkgs.writeText "config.yml" (builtins.toJSON gitlabShellConfig)} /run/gitlab/shell-config.yml + [ -L ${cfg.statePath}/shell/hooks ] || ln -sf ${cfg.packages.gitlab-shell}/hooks ${cfg.statePath}/shell/hooks + ${cfg.packages.gitlab-shell}/bin/install chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}/ chmod -R ug+rwX,o-rwx+X ${cfg.statePath}/ + chown -R ${cfg.user}:${cfg.group} /run/gitlab - # Install the shell required to push repositories - ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} "$GITLAB_SHELL_CONFIG_PATH" - ln -fs ${cfg.packages.gitlab-shell}/hooks "$GITLAB_SHELL_HOOKS_PATH" - ${cfg.packages.gitlab-shell}/bin/install - - if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then - if ! test -e "${cfg.statePath}/db-created"; then + if ! test -e "${cfg.statePath}/db-created"; then + if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "CREATE ROLE ${cfg.databaseUsername} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.databasePassword}'" ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} ${config.services.postgresql.package}/bin/createdb --owner ${cfg.databaseUsername} ${cfg.databaseName} - touch "${cfg.statePath}/db-created" + + # enable required pg_trgm extension for gitlab + ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql ${cfg.databaseName} -c "CREATE EXTENSION IF NOT EXISTS pg_trgm" fi - # enable required pg_trgm extension for gitlab - ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql ${cfg.databaseName} -c "CREATE EXTENSION IF NOT EXISTS pg_trgm" + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake db:schema:load + + touch "${cfg.statePath}/db-created" fi # Always do the db migrations just to be sure the database is up-to-date - ${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake db:migrate - # The gitlab:setup task is horribly broken somehow, the db:migrate - # task above and the db:seed_fu below will do the same for setting - # up the initial database if ! test -e "${cfg.statePath}/db-seeded"; then - ${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \ + ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${gitlab-rake}/bin/gitlab-rake db:seed_fu \ GITLAB_ROOT_PASSWORD='${cfg.initialRootPassword}' GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' touch "${cfg.statePath}/db-seeded" fi # The gitlab:shell:setup regenerates the authorized_keys file so that # the store path to the gitlab-shell in it gets updated - ${pkgs.sudo}/bin/sudo -u ${cfg.user} force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup RAILS_ENV=production + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup # The gitlab:shell:create_hooks task seems broken for fixing links # so we instead delete all the hooks and create them anew rm -f ${cfg.statePath}/repositories/**/*.git/hooks - ${gitlab-rake}/bin/gitlab-rake gitlab:shell:create_hooks RAILS_ENV=production + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake gitlab:shell:create_hooks + + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${pkgs.git}/bin/git config --global core.autocrlf "input" # Change permissions in the last step because some of the # intermediary scripts like to create directories as root. - chown -R ${cfg.user}:${cfg.group} ${cfg.statePath} - chmod -R ug+rwX,o-rwx+X ${cfg.statePath} chmod -R u+rwX,go-rwx+X ${gitlabEnv.HOME} chmod -R ug+rwX,o-rwx ${cfg.statePath}/repositories chmod -R ug-s ${cfg.statePath}/repositories diff --git a/nixos/modules/virtualisation/docker-preloader.nix b/nixos/modules/virtualisation/docker-preloader.nix new file mode 100644 index 00000000000..faa94f53d98 --- /dev/null +++ b/nixos/modules/virtualisation/docker-preloader.nix @@ -0,0 +1,135 @@ +{ config, lib, pkgs, ... }: + +with lib; +with builtins; + +let + cfg = config.virtualisation; + + sanitizeImageName = image: replaceStrings ["/"] ["-"] image.imageName; + hash = drv: head (split "-" (baseNameOf drv.outPath)); + # The label of an ext4 FS is limited to 16 bytes + labelFromImage = image: substring 0 16 (hash image); + + # The Docker image is loaded and some files from /var/lib/docker/ + # are written into a qcow image. + preload = image: pkgs.vmTools.runInLinuxVM ( + pkgs.runCommand "docker-preload-image-${sanitizeImageName image}" { + buildInputs = with pkgs; [ docker e2fsprogs utillinux curl kmod ]; + preVM = pkgs.vmTools.createEmptyImage { + size = cfg.dockerPreloader.qcowSize; + fullName = "docker-deamon-image.qcow2"; + }; + } + '' + mkfs.ext4 /dev/vda + e2label /dev/vda ${labelFromImage image} + mkdir -p /var/lib/docker + mount -t ext4 /dev/vda /var/lib/docker + + modprobe overlay + + # from https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + + dockerd -H tcp://127.0.0.1:5555 -H unix:///var/run/docker.sock & + + until $(curl --output /dev/null --silent --connect-timeout 2 http://127.0.0.1:5555); do + printf '.' + sleep 1 + done + + docker load -i ${image} + + kill %1 + find /var/lib/docker/ -maxdepth 1 -mindepth 1 -not -name "image" -not -name "overlay2" | xargs rm -rf + ''); + + preloadedImages = map preload cfg.dockerPreloader.images; + +in + +{ + options.virtualisation.dockerPreloader = { + images = mkOption { + default = [ ]; + type = types.listOf types.package; + description = + '' + A list of Docker images to preload (in the /var/lib/docker directory). + ''; + }; + qcowSize = mkOption { + default = 1024; + type = types.int; + description = + '' + The size (MB) of qcow files. + ''; + }; + }; + + config = { + assertions = [{ + # If docker.storageDriver is null, Docker choose the storage + # driver. So, in this case, we cannot be sure overlay2 is used. + assertion = cfg.dockerPreloader.images == [] + || cfg.docker.storageDriver == "overlay2" + || cfg.docker.storageDriver == "overlay" + || cfg.docker.storageDriver == null; + message = "The Docker image Preloader only works with overlay2 storage driver!"; + }]; + + virtualisation.qemu.options = + map (path: "-drive if=virtio,file=${path}/disk-image.qcow2,readonly,media=cdrom,format=qcow2") + preloadedImages; + + + # All attached QCOW files are mounted and their contents are linked + # to /var/lib/docker/ in order to make image available. + systemd.services.docker-preloader = { + description = "Preloaded Docker images"; + wantedBy = ["docker.service"]; + after = ["network.target"]; + path = with pkgs; [ mount rsync jq ]; + script = '' + mkdir -p /var/lib/docker/overlay2/l /var/lib/docker/image/overlay2 + echo '{}' > /tmp/repositories.json + + for i in ${concatStringsSep " " (map labelFromImage cfg.dockerPreloader.images)}; do + mkdir -p /mnt/docker-images/$i + + # The ext4 label is limited to 16 bytes + mount /dev/disk/by-label/$(echo $i | cut -c1-16) -o ro,noload /mnt/docker-images/$i + + find /mnt/docker-images/$i/overlay2/ -maxdepth 1 -mindepth 1 -not -name l\ + -exec ln -s '{}' /var/lib/docker/overlay2/ \; + cp -P /mnt/docker-images/$i/overlay2/l/* /var/lib/docker/overlay2/l/ + + rsync -a /mnt/docker-images/$i/image/ /var/lib/docker/image/ + + # Accumulate image definitions + cp /tmp/repositories.json /tmp/repositories.json.tmp + jq -s '.[0] * .[1]' \ + /tmp/repositories.json.tmp \ + /mnt/docker-images/$i/image/overlay2/repositories.json \ + > /tmp/repositories.json + done + + mv /tmp/repositories.json /var/lib/docker/image/overlay2/repositories.json + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + }; +} diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 4e9c87222d0..ed3431554be 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -185,7 +185,10 @@ let in { - imports = [ ../profiles/qemu-guest.nix ]; + imports = [ + ../profiles/qemu-guest.nix + ./docker-preloader.nix + ]; options = { diff --git a/nixos/release.nix b/nixos/release.nix index 51505d6aab9..c3a10c9d330 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -283,6 +283,7 @@ in rec { tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {}; tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {}; tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {}; + tests.docker-preloader = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-preloader.nix {}; tests.docker-registry = callTest tests/docker-registry.nix {}; tests.dovecot = callTest tests/dovecot.nix {}; tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {}; @@ -300,7 +301,7 @@ in rec { tests.fsck = callTest tests/fsck.nix {}; tests.fwupd = callTest tests/fwupd.nix {}; tests.gdk-pixbuf = callTest tests/gdk-pixbuf.nix {}; - #tests.gitlab = callTest tests/gitlab.nix {}; + tests.gitlab = callTest tests/gitlab.nix {}; tests.gitolite = callTest tests/gitolite.nix {}; tests.gjs = callTest tests/gjs.nix {}; tests.gocd-agent = callTest tests/gocd-agent.nix {}; diff --git a/nixos/tests/docker-preloader.nix b/nixos/tests/docker-preloader.nix new file mode 100644 index 00000000000..eeedec9a392 --- /dev/null +++ b/nixos/tests/docker-preloader.nix @@ -0,0 +1,27 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "docker-preloader"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ lewo ]; + }; + + nodes = { + docker = + { pkgs, ... }: + { + virtualisation.docker.enable = true; + virtualisation.dockerPreloader.images = [ pkgs.dockerTools.examples.nix pkgs.dockerTools.examples.bash ]; + + services.openssh.enable = true; + services.openssh.permitRootLogin = "yes"; + services.openssh.extraConfig = "PermitEmptyPasswords yes"; + users.extraUsers.root.password = ""; + }; + }; + testScript = '' + startAll; + + $docker->waitForUnit("sockets.target"); + $docker->succeed("docker run nix nix-store --version"); + $docker->succeed("docker run bash bash --version"); + ''; +}) diff --git a/nixos/tests/gitlab.nix b/nixos/tests/gitlab.nix index 3af2cbcd098..53675c375e3 100644 --- a/nixos/tests/gitlab.nix +++ b/nixos/tests/gitlab.nix @@ -1,14 +1,18 @@ # This test runs gitlab and checks if it works -import ./make-test.nix ({ pkgs, ...} : { +import ./make-test.nix ({ pkgs, lib, ...} : with lib; { name = "gitlab"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ domenkozar offline ]; + maintainers = [ globin ]; }; nodes = { gitlab = { ... }: { - virtualisation.memorySize = 768; + virtualisation.memorySize = 4096; + systemd.services.gitlab.serviceConfig.Restart = mkForce "no"; + systemd.services.gitlab-workhorse.serviceConfig.Restart = mkForce "no"; + systemd.services.gitaly.serviceConfig.Restart = mkForce "no"; + systemd.services.gitlab-sidekiq.serviceConfig.Restart = mkForce "no"; services.nginx = { enable = true; @@ -19,10 +23,10 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; - systemd.services.gitlab.serviceConfig.TimeoutStartSec = "10min"; services.gitlab = { enable = true; databasePassword = "dbPassword"; + initialRootPassword = "notproduction"; secrets = { secret = "secret"; otp = "otpsecret"; @@ -65,8 +69,12 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = '' $gitlab->start(); + $gitlab->waitForUnit("gitaly.service"); + $gitlab->waitForUnit("gitlab-workhorse.service"); $gitlab->waitForUnit("gitlab.service"); $gitlab->waitForUnit("gitlab-sidekiq.service"); - $gitlab->waitUntilSucceeds("curl http://localhost:80/users/sign_in"); + $gitlab->waitForFile("/var/gitlab/state/tmp/sockets/gitlab.socket"); + $gitlab->waitUntilSucceeds("curl -sSf http://localhost/users/sign_in"); + $gitlab->succeed("${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2") ''; }) diff --git a/pkgs/applications/audio/cmusfm/default.nix b/pkgs/applications/audio/cmusfm/default.nix new file mode 100644 index 00000000000..e528e9699a7 --- /dev/null +++ b/pkgs/applications/audio/cmusfm/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, curl, libnotify, gdk_pixbuf }: + +stdenv.mkDerivation rec { + version = "2018-10-11"; + name = "cmusfm-unstable-${version}"; + src = fetchFromGitHub { + owner = "Arkq"; + repo = "cmusfm"; + rev = "ad2fd0aad3f4f1a25add1b8c2f179e8859885873"; + sha256 = "0wpwdwgyrp64nvwc6shy0n387p31j6aw6cnmfi9x2y1jhl5hbv6b"; + }; + # building + configureFlags = [ "--enable-libnotify" ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ curl libnotify gdk_pixbuf ]; + + meta = with stdenv.lib; { + description = "Last.fm and Libre.fm standalone scrobbler for the cmus music player"; + longDescription = '' + Features: + + Listening now notification support + + Off-line played track cache for later submission + + POSIX ERE-based file name parser + + Desktop notification support (optionally) + + Customizable scrobbling service + + Small memory footprint + Configuration: + + run `cmusfm init` to generate configuration file under ~/.config/cmus/cmusfm.conf + + Inside cmus run `:set status_display_program=cmusfm` to set up cmusfm + ''; + homepage = https://github.com/Arkq/cmusfm/; + maintainers = with stdenv.lib.maintainers; [ CharlesHD ]; + license = licenses.gpl3Plus; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/pkgs/applications/misc/josm/default.nix b/pkgs/applications/misc/josm/default.nix index 808ff2d6f61..f529fa395d9 100644 --- a/pkgs/applications/misc/josm/default.nix +++ b/pkgs/applications/misc/josm/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "josm-${version}"; - version = "14289"; + version = "14382"; src = fetchurl { url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar"; - sha256 = "102dph3479qskzf72cpb9139pq9ifka6pzna1c6s5rs2il6mfvsb"; + sha256 = "1a2nx9jr1fvw95gdvl9kj3z0cs6ndafm0k4l0lwfx9p9qn4lgzjg"; }; buildInputs = [ jdk11 makeWrapper ]; diff --git a/pkgs/applications/networking/cluster/terraform-providers/data.nix b/pkgs/applications/networking/cluster/terraform-providers/data.nix index 261d067eb1d..421fc652a32 100644 --- a/pkgs/applications/networking/cluster/terraform-providers/data.nix +++ b/pkgs/applications/networking/cluster/terraform-providers/data.nix @@ -11,8 +11,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-alicloud"; - version = "1.17.0"; - sha256 = "1zmywmcgfmx5ccp0qxj912sqymisxdg2s84b4qclfa225hrbaqpn"; + version = "1.21.0"; + sha256 = "17853l2s5z1y2g24wdkapdp26hw0sx5w73y118h0px85fiwhkq79"; }; archive = { @@ -39,15 +39,15 @@ { owner = "terraform-providers"; repo = "terraform-provider-aws"; - version = "1.38.0"; - sha256 = "1jhr2l8p7wf7kgr2y0c40n1jb9p2153xkpcp4b2half2vhsh1nwi"; + version = "1.42.0"; + sha256 = "1wi1m7i6vq53p36x1prax4yaz400834024q494zg0ckk4rvngfp6"; }; azurerm = { owner = "terraform-providers"; repo = "terraform-provider-azurerm"; - version = "1.15.0"; - sha256 = "1pdmj0ww5y2nwxivlf5l886nwd76hpqhwdayab2fp16zyl1qbpfd"; + version = "1.17.0"; + sha256 = "03sjlqkwy0qa382sjwi21g6h2fz1mpsiqcd4naj5zh76fkp8aslw"; }; azurestack = { @@ -88,8 +88,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-circonus"; - version = "0.1.1"; - sha256 = "05n1q9hc0h31icxsmyi2y60wiwd5fs2hz1dqm3bl6hgh5x3ss1im"; + version = "0.2.0"; + sha256 = "1vcia3p31cgdwjs06k4244bk7ib2qp1f2lhc7hmyhdfi1c8jym45"; }; clc = { @@ -102,8 +102,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-cloudflare"; - version = "1.5.0"; - sha256 = "0l8bmnxmjr2g3xxw8w0ay91cvs4kzc65wkdwybfahvq9r6mww45n"; + version = "1.7.0"; + sha256 = "0sqq6miwyh6z86b3wq2bhkaj4x39g2nqq784py8nm8gvs06gcm5a"; }; cloudscale = { @@ -130,22 +130,22 @@ { owner = "terraform-providers"; repo = "terraform-provider-consul"; - version = "2.1.0"; - sha256 = "1qm29vj8ms37zb4b3bhdv4b4vrl0am134zmc654lb2g582cnj9yw"; + version = "2.2.0"; + sha256 = "13jwvf7n7238pzvdq9m6vnl9vqa9hkr1mrcf9sa1q9lxkim9ijfk"; }; datadog = { owner = "terraform-providers"; repo = "terraform-provider-datadog"; - version = "1.3.0"; - sha256 = "0d3xccfkzibjp4jl8irja1cdhppdn3b7nh4wy857zvfxpfhz7aj2"; + version = "1.4.0"; + sha256 = "06ik2k0jkm4200d8njpsidwfjl12ikn5ciqkmlxfwr3b8s1w8kpa"; }; digitalocean = { owner = "terraform-providers"; repo = "terraform-provider-digitalocean"; - version = "0.1.3"; - sha256 = "10crxciw7y2gnm8vqp007vw0k7c1a1xk2z2zsjr5rksk6qlnri4k"; + version = "1.0.2"; + sha256 = "0ilkdnadzsidq8hia5wk4jyk6034pmajrpkgwf4ryz7kx41vy2g6"; }; dme = { @@ -172,8 +172,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-docker"; - version = "1.0.1"; - sha256 = "1q5bsdvp47gvpiyqlzgrpxczlh6m9g870pn84ks49xfkwk5izpz6"; + version = "1.1.0"; + sha256 = "1ba9z9fd69hpg6kg30nf95zzskzipi74s1aadywc068gfrkdm9jj"; }; dyn = { @@ -193,15 +193,15 @@ { owner = "terraform-providers"; repo = "terraform-provider-fastly"; - version = "0.3.0"; - sha256 = "1hh4s81g256iy1rvp9snqbyhidz8n6p7pzanlxp89ffrq9p32sp0"; + version = "0.4.0"; + sha256 = "1fkn9b6ibs36cmhknb3x05g31rf73w70xwx05rh9fhybrz5dd9z9"; }; flexibleengine = { owner = "terraform-providers"; repo = "terraform-provider-flexibleengine"; - version = "1.1.0"; - sha256 = "07g6kc211crxf9nvgvghg05jdahd1fb09lpwfcps9ph259pwwam3"; + version = "1.2.1"; + sha256 = "000v6fmmnwfibzfssk23s9qwrb8a9l0j1qd14x2dqsc7ql0kbnz8"; }; github = { @@ -221,8 +221,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-google"; - version = "1.18.0"; - sha256 = "0zwy1imby0xqvb86a82rdvglipf2sfpi3rmsj72iikp7vi3mqk64"; + version = "1.19.1"; + sha256 = "1n2a1y9103xkndmvr5cvj7i1m8s9lv61vgijgk3m2f73pb4znak0"; }; grafana = { @@ -235,15 +235,22 @@ { owner = "terraform-providers"; repo = "terraform-provider-hcloud"; - version = "1.3.0"; - sha256 = "0sb9pajsy0if18vgw5pllgv8qvb4v7pv65m2f3hfkck2za82ndwb"; + version = "1.4.0"; + sha256 = "00mq6p2y61z4hg9dncf3mj59cp6fx4iqrn86m96wkw346shs6prs"; + }; + helm = + { + owner = "terraform-providers"; + repo = "terraform-provider-helm"; + version = "0.6.2"; + sha256 = "11j4lpzbrdszgkjf1gjyibh9c5w0fly01qdkrflv98ry5csx9q5b"; }; heroku = { owner = "terraform-providers"; repo = "terraform-provider-heroku"; - version = "1.4.0"; - sha256 = "159a9add5v4dj2bry1b85i74q2lb4pjjypkm5hzrbqys6gn2imhn"; + version = "1.5.0"; + sha256 = "0hzzhqd87vkcbzndsn15g4nl3qhv2kvnhs9zv6kbxaxm7p7rm3pz"; }; http = { @@ -284,8 +291,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-kubernetes"; - version = "1.2.0"; - sha256 = "0slvhj8f7p27r9v4vb5vjyqpmzlpaji1djzwsxsf247df68mka61"; + version = "1.3.0"; + sha256 = "0fhh0r92whcxqz4z2kb6qx9dyygms5mz7ifhb9c7s2r22jnfz1j3"; }; librato = { @@ -294,6 +301,13 @@ version = "0.1.0"; sha256 = "0bxadwj5s7bvc4vlymn3w6qckf14hz82r7q98w2nh55sqr52d923"; }; + linode = + { + owner = "terraform-providers"; + repo = "terraform-provider-linode"; + version = "1.1.0"; + sha256 = "19c269w8jjx04a8rhm4x7bg2xad3y0s74wgis446mwaw7mhla3l3"; + }; local = { owner = "terraform-providers"; @@ -340,8 +354,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-newrelic"; - version = "1.0.1"; - sha256 = "0g4fd2rvx90f2bmjl6jjdvrsx7ayhf30vj9y3mklhxgsd9x83wpq"; + version = "1.1.0"; + sha256 = "040pxbr4xp0h6s0njdwy0phlkblnk5p3xrcms2gkwyzkqpd82s8b"; }; nomad = { @@ -371,12 +385,19 @@ version = "1.0.0"; sha256 = "12vpa09xrq8z1pjq0bwzq3889c4fl6c5kvynwqy0z1pdx21m60ha"; }; + nutanix = + { + owner = "terraform-providers"; + repo = "terraform-provider-nutanix"; + version = "1.0.0"; + sha256 = "16nky5ryyjvv7vny18ymxvy20ivwmqw7lagnz48pq8mnwwrp5541"; + }; oci = { owner = "terraform-providers"; repo = "terraform-provider-oci"; - version = "3.1.1"; - sha256 = "0wrvb44gs0c1khvam5lrq53l2889japg7d4nyk2hrpywy9japc8m"; + version = "3.5.0"; + sha256 = "0f4m6rahis1n62w0h0amg8sjs5bb3ifnrfzq1dys7r01k5411wcf"; }; oneandone = { @@ -389,22 +410,22 @@ { owner = "terraform-providers"; repo = "terraform-provider-opc"; - version = "1.2.1"; - sha256 = "0mnvi47kbdwwpfzdlcd1mhd15w5b0ivwxi1a5lvs0zyqf0g0cas8"; + version = "1.3.0"; + sha256 = "1ksqjfp6gxgrpc9gcs9jv3wj5058z93h7prv4mhvc2bilal4gc0p"; }; openstack = { owner = "terraform-providers"; repo = "terraform-provider-openstack"; - version = "1.9.0"; - sha256 = "0prmdj78jsyrns876cglfp8a3dbpfl33bwb0dj072flh4yknfrdr"; + version = "1.11.0"; + sha256 = "1wqb7q10nyr4jy9ny4giazblwhh3qrn4s1f0xb5q702b5igbfwwm"; }; opentelekomcloud = { owner = "terraform-providers"; repo = "terraform-provider-opentelekomcloud"; - version = "1.1.0"; - sha256 = "04pcgygcz2ld5hp7f29j2z3d4ypy4fm4m1zbbs9l9gc3fya88iny"; + version = "1.2.0"; + sha256 = "05w899l18gmdywfhakjvaxqxxzd9cxga3s932ljfibr0ssipkhh9"; }; opsgenie = { @@ -431,8 +452,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-packet"; - version = "1.2.4"; - sha256 = "11ga29d5bzmn6rzlb6sb28nh1zbbwglinzn185pysqx6n21l6wva"; + version = "1.2.5"; + sha256 = "1c40w1q18piip4fn572mnf67g07h6g03hnin23c7jw265m4yr222"; }; pagerduty = { @@ -445,8 +466,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-panos"; - version = "1.4.0"; - sha256 = "033xpglbn0q805b129kf1ywl13m4pgrkwlvgl347nldysryiasxq"; + version = "1.4.1"; + sha256 = "1mlz01v01675cf9ja8i42c6ssklf65kd8wpjzf0j472lfwki4xpp"; }; postgresql = { @@ -508,15 +529,15 @@ { owner = "terraform-providers"; repo = "terraform-provider-runscope"; - version = "0.4.0"; - sha256 = "1n3q2hdwvkkn5rphrcl5qfv4ry2mrr13dcjwzhbym2i1nhpxkld0"; + version = "0.5.0"; + sha256 = "0n0m39gaiwhqigjny51a7g36ldik33alimkqqbv6hqyzrhk0qs8h"; }; scaleway = { owner = "terraform-providers"; repo = "terraform-provider-scaleway"; - version = "1.6.0"; - sha256 = "1ykcakfw0gp239jp4brpjynxzzvlhldfpv12hkgymj22s37n5jnn"; + version = "1.7.0"; + sha256 = "0gsjvpwfw2sc6ncy8v3j6gs0aanq3b08j3gid43687mfd782f4gk"; }; softlayer = { @@ -553,6 +574,13 @@ version = "1.0.0"; sha256 = "0jl6bp6gwg96sdk5j6s13vv1j9gxjpy2yva3barmzv9138i665mz"; }; + tencentcloud = + { + owner = "terraform-providers"; + repo = "terraform-provider-tencentcloud"; + version = "1.2.2"; + sha256 = "1ypsfm48c30szg3zc1sknblhwcnca8aapfgp62bhszyqxq6zq37s"; + }; terraform = { owner = "terraform-providers"; @@ -592,8 +620,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-vault"; - version = "1.1.4"; - sha256 = "00i9rl9pnmicvndkmvcmlj6y80341dmkqnhq09f94yljh1w1zpvv"; + version = "1.2.0"; + sha256 = "1z92dcr5b665l69gxs1hw1rizc5znvf0ck1lksphd301l2ywk97b"; }; vcd = { @@ -606,8 +634,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-vsphere"; - version = "1.8.1"; - sha256 = "0y6n7mvv1f3jqsxlvf68iq85k69fj7a333203vkvc83dba84aqki"; + version = "1.9.0"; + sha256 = "1by9klwvdw3m854jffimfnsz1lnbaixi4zcv4zzs63dc3flwy2b2"; }; matchbox = { diff --git a/pkgs/applications/networking/cluster/terraform/default.nix b/pkgs/applications/networking/cluster/terraform/default.nix index a4ffe27102a..583b6a06aea 100644 --- a/pkgs/applications/networking/cluster/terraform/default.nix +++ b/pkgs/applications/networking/cluster/terraform/default.nix @@ -113,8 +113,8 @@ in rec { terraform_0_10-full = terraform_0_10.withPlugins lib.attrValues; terraform_0_11 = pluggable (generic { - version = "0.11.8"; - sha256 = "1kdmx21l32vj5kvkimkx0s5mxgmgkdwlgbin4f3iqjflzip0cddh"; + version = "0.11.10"; + sha256 = "08mapla89g106bvqr41zfd7l4ki55by6207qlxq9caiha54nx4nb"; patches = [ ./provider-path.patch ]; passthru = { inherit plugins; }; }); diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index ace0df5efdf..c1c4d20feac 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -11,29 +11,29 @@ let groups = [ "default" "unicorn" "ed25519" "metrics" ]; }; - version = "11.4.3"; + version = "11.4.4"; sources = if gitlabEnterprise then { gitlabDeb = fetchurl { url = "https://packages.gitlab.com/gitlab/gitlab-ee/packages/debian/stretch/gitlab-ee_${version}-ee.0_amd64.deb/download.deb"; - sha256 = "1cw75qj508z6n00rqgqjzdm2013kyb7c57cypmq0m08nc6f3jspz"; + sha256 = "15lpcdjcw6lpmzlhqnpd6pgaxh7wvx2mldjd1vqr414r4bcnhgy4"; }; gitlab = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-ee"; rev = "v${version}-ee"; - sha256 = "1vqc77whpbsifbm9vgcmpxnw13v8jz1s9q04i8jfv99c59fjlids"; + sha256 = "046hchr7q4jnx3j4yxg3rdixfzlva35al3ci26pf9vxrbbl5y8cg"; }; } else { gitlabDeb = fetchurl { url = "https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/stretch/gitlab-ce_${version}-ce.0_amd64.deb/download.deb"; - sha256 = "0vk03k42pp92h520wnynl9czcigjhj9m7y68z1x0gwqr9m61r7zm"; + sha256 = "02p7azyjgb984bk491q6f4zk1mikbcd38rif08kl07bjjzzkir81"; }; gitlab = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-ce"; rev = "v${version}"; - sha256 = "1zvjz2gv2vwqqjz52zcvi0ap3d8rdbpgsqk9wv80hqq4v37a5gfx"; + sha256 = "1hq9iyp0xrxwmncn61ja3pdj9h2hmdy1l63d1ic3r1dyacybaf2g"; }; }; @@ -63,17 +63,7 @@ stdenv.mkDerivation rec { --replace "ps -U" "${procps}/bin/ps -U" sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake - - # required for some gems: - cat > config/database.yml < - database: gitlab - host: <%= ENV["GITLAB_DATABASE_HOST"] || "127.0.0.1" %> - password: <%= ENV["GITLAB_DATABASE_PASSWORD"] || "blerg" %> - username: gitlab - encoding: utf8 - EOF + sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb ''; buildPhase = '' diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.sh b/pkgs/build-support/setup-hooks/auto-patchelf.sh index 7c165627f72..d1ae317ff9a 100644 --- a/pkgs/build-support/setup-hooks/auto-patchelf.sh +++ b/pkgs/build-support/setup-hooks/auto-patchelf.sh @@ -7,7 +7,16 @@ gatherLibraries() { addEnvHooks "$targetOffset" gatherLibraries isExecutable() { - readelf -h "$1" 2> /dev/null | grep -q '^ *Type: *EXEC\>' + # For dynamically linked ELF files it would be enough to check just for the + # INTERP section. However, we won't catch statically linked executables as + # they only have an ELF type of EXEC but no INTERP. + # + # So what we do here is just check whether *either* the ELF type is EXEC + # *or* there is an INTERP section. This also catches position-independent + # executables, as they typically have an INTERP section but their ELF type + # is DYN. + LANG=C readelf -h -l "$1" 2> /dev/null \ + | grep -q '^ *Type: *EXEC\>\|^ *INTERP\>' } # We cache dependencies so that we don't need to search through all of them on @@ -157,7 +166,7 @@ autoPatchelf() { isELF "$file" || continue if isExecutable "$file"; then # Skip if the executable is statically linked. - readelf -l "$file" | grep -q "^ *INTERP\\>" || continue + LANG=C readelf -l "$file" | grep -q "^ *INTERP\\>" || continue fi autoPatchelfFile "$file" done < <(find "$prefix" -type f -print0) diff --git a/pkgs/data/fonts/comfortaa/default.nix b/pkgs/data/fonts/comfortaa/default.nix index 0dd4f727ad2..f7ec6e8b8c8 100644 --- a/pkgs/data/fonts/comfortaa/default.nix +++ b/pkgs/data/fonts/comfortaa/default.nix @@ -1,18 +1,18 @@ {stdenv, fetchzip}: let - version = "2.004"; + version = "3.001"; in fetchzip rec { name = "comfortaa-${version}"; - url = "http://openfontlibrary.org/assets/downloads/comfortaa/38318a69b56162733bf82bc0170b7521/comfortaa.zip"; + url = "https://orig00.deviantart.net/40a3/f/2017/093/d/4/comfortaa___font_by_aajohan-d1qr019.zip"; postFetch = '' mkdir -p $out/share/fonts $out/share/doc unzip -l $downloadedFile unzip -j $downloadedFile \*.ttf -d $out/share/fonts/truetype unzip -j $downloadedFile \*/FONTLOG.txt \*/donate.html -d $out/share/doc/${name} ''; - sha256 = "1gnscf3kw9p5gbc5594a22cc6nmiir9mhp1nl3mkbzd4v1jfbh2h"; + sha256 = "0z7xr0cnn6ghwivrm5b5awq9bzhnay3y99qq6dkdgfkfdsaz0n9h"; meta = with stdenv.lib; { homepage = http://aajohan.deviantart.com/art/Comfortaa-font-105395949; diff --git a/pkgs/data/fonts/open-dyslexic/default.nix b/pkgs/data/fonts/open-dyslexic/default.nix index 40a9be3282e..7fa57463ece 100644 --- a/pkgs/data/fonts/open-dyslexic/default.nix +++ b/pkgs/data/fonts/open-dyslexic/default.nix @@ -1,11 +1,11 @@ {stdenv, fetchzip}: let - version = "2014-11-11"; + version = "2016-06-23"; in fetchzip { name = "open-dyslexic-${version}"; - url = https://github.com/antijingoist/open-dyslexic/archive/f4b5ba89018b44d633608907e15f93fb3fabbabc.zip; + url = https://github.com/antijingoist/open-dyslexic/archive/20160623-Stable.zip; postFetch = '' mkdir -p $out/share/{doc,fonts} @@ -13,7 +13,7 @@ in fetchzip { unzip -j $downloadedFile \*/README.md -d $out/share/doc/open-dyslexic ''; - sha256 = "045xc7kj56q4ygnjppm8f8fwqqvf21x1piabm4nh8hwgly42a3w2"; + sha256 = "1vl8z5rknh2hpr2f0v4b2qgs5kclx5pzyk8al7243k5db82a2cyi"; meta = with stdenv.lib; { homepage = https://opendyslexic.org/; diff --git a/pkgs/data/fonts/overpass/default.nix b/pkgs/data/fonts/overpass/default.nix index 8bb4e82747a..c39bb945f48 100644 --- a/pkgs/data/fonts/overpass/default.nix +++ b/pkgs/data/fonts/overpass/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchzip }: let - version = "3.0.2"; + version = "3.0.3"; in fetchzip rec { name = "overpass-${version}"; @@ -12,7 +12,7 @@ in fetchzip rec { mkdir -p $out/share/doc/${name} ; unzip -j $downloadedFile \*.md -d $out/share/doc/${name} ''; - sha256 = "05zv3zcfc9a707sn3hhf46b126k19d9byzvi5ixp5y2548vjvl6s"; + sha256 = "1m6p7rrlyqikjvypp4698sn0lp3a4z0z5al4swblfhg8qaxzv5pg"; meta = with stdenv.lib; { homepage = http://overpassfont.org/; diff --git a/pkgs/desktops/gnustep/libobjc2/default.nix b/pkgs/desktops/gnustep/libobjc2/default.nix index a3e718187c7..3aba235b3a7 100644 --- a/pkgs/desktops/gnustep/libobjc2/default.nix +++ b/pkgs/desktops/gnustep/libobjc2/default.nix @@ -24,5 +24,6 @@ stdenv.mkDerivation rec { license = licenses.mit; maintainers = with maintainers; [ ashalkhakov matthewbauer ]; platforms = platforms.unix; + badPlatforms = [ "aarch64-linux" ]; }; } diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 2c9d9d307ae..56ffd6ee54e 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -370,6 +370,7 @@ self: super: { safecopy = dontCheck super.safecopy; sai-shape-syb = dontCheck super.sai-shape-syb; scp-streams = dontCheck super.scp-streams; + sdl2 = dontCheck super.sdl2; # the test suite needs an x server sdl2-ttf = dontCheck super.sdl2-ttf; # as of version 0.2.1, the test suite requires user intervention separated = dontCheck super.separated; shadowsocks = dontCheck super.shadowsocks; diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/development/libraries/grpc/default.nix index a21e2aacde2..e568ea9eb65 100644 --- a/pkgs/development/libraries/grpc/default.nix +++ b/pkgs/development/libraries/grpc/default.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation rec { rm -vf BUILD ''; + NIX_CFLAGS_COMPILE = "-Wno-error=unknown-warning-option"; + enableParallelBuilds = true; meta = with stdenv.lib; { diff --git a/pkgs/development/libraries/gsasl/default.nix b/pkgs/development/libraries/gsasl/default.nix index 71da2c716f8..a1df933149f 100644 --- a/pkgs/development/libraries/gsasl/default.nix +++ b/pkgs/development/libraries/gsasl/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-gssapi-impl=mit" ]; - doCheck = true; + doCheck = !stdenv.hostPlatform.isDarwin; meta = { description = "GNU SASL, Simple Authentication and Security Layer library"; diff --git a/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch b/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch new file mode 100644 index 00000000000..b1f9d0978ce --- /dev/null +++ b/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch @@ -0,0 +1,13 @@ +Common subdirectories: libid3tag-0.15.1b/msvc++ and libid3tag-0.15.1b-patched/msvc++ +diff -uwp libid3tag-0.15.1b/utf16.c libid3tag-0.15.1b-patched/utf16.c +--- libid3tag-0.15.1b/utf16.c 2004-01-23 10:41:32.000000000 +0100 ++++ libid3tag-0.15.1b-patched/utf16.c 2018-11-01 13:12:00.866050641 +0100 +@@ -250,6 +250,8 @@ id3_ucs4_t *id3_utf16_deserialize(id3_by + id3_ucs4_t *ucs4; + + end = *ptr + (length & ~1); ++ if (end == *ptr) ++ return 0; + + utf16 = malloc((length / 2 + 1) * sizeof(*utf16)); + if (utf16 == 0) diff --git a/pkgs/development/libraries/libid3tag/default.nix b/pkgs/development/libraries/libid3tag/default.nix index 0289a5331f8..4b7d9bdc2e3 100644 --- a/pkgs/development/libraries/libid3tag/default.nix +++ b/pkgs/development/libraries/libid3tag/default.nix @@ -14,7 +14,10 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ zlib gperf ]; - patches = [ ./debian-patches.patch ]; + patches = [ + ./debian-patches.patch + ./CVE-2017-11550-and-CVE-2017-11551.patch + ]; preConfigure = '' configureFlagsArray+=( diff --git a/pkgs/development/python-modules/bsddb3/default.nix b/pkgs/development/python-modules/bsddb3/default.nix index 971aac70ad8..700f5b3d0c5 100644 --- a/pkgs/development/python-modules/bsddb3/default.nix +++ b/pkgs/development/python-modules/bsddb3/default.nix @@ -3,12 +3,12 @@ , fetchPypi , pkgs , isPy3k +, python }: buildPythonPackage rec { pname = "bsddb3"; version = "6.2.6"; - disabled = isPy3k; src = fetchPypi { inherit pname version; @@ -17,8 +17,9 @@ buildPythonPackage rec { buildInputs = [ pkgs.db ]; - # Judging from SyntaxError in test - doCheck = false; # test suite breaks python3 compatibility + checkPhase = '' + ${python.interpreter} test.py + ''; # Path to database need to be set. # Somehow the setup.py flag is not propagated. diff --git a/pkgs/development/r-modules/default.nix b/pkgs/development/r-modules/default.nix index f40c0fcb559..428d6c60546 100644 --- a/pkgs/development/r-modules/default.nix +++ b/pkgs/development/r-modules/default.nix @@ -942,6 +942,10 @@ let PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -L${pkgs.cyrus_sasl.out}/lib -L${pkgs.zlib.out}/lib -lssl -lcrypto -lsasl2 -lz"; }); + ps = old.ps.overrideDerivation (attrs: { + preConfigure = "patchShebangs configure"; + }); + rlang = old.rlang.overrideDerivation (attrs: { preConfigure = "patchShebangs configure"; }); diff --git a/pkgs/development/tools/jq/darwin-strptime-test.patch b/pkgs/development/tools/jq/darwin-strptime-test.patch deleted file mode 100644 index 4ea83fc164a..00000000000 --- a/pkgs/development/tools/jq/darwin-strptime-test.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/tests/jq.test b/tests/jq.test -index 4a4018b..f5aa7d5 100644 ---- a/src/tests/jq.test -+++ b/src/tests/jq.test -@@ -1144,9 +1144,9 @@ bsearch(4) - [1,2,3] - -4 - --[strptime("%Y-%m-%dT%H:%M:%SZ")|(.,mktime)] -+[strptime("%Y-%m-%dT%H:%M:%SZ")|mktime] - "2015-03-05T23:51:47Z" --[[2015,2,5,23,51,47,4,63],1425599507] -+[1425599507] - - strftime("%Y-%m-%dT%H:%M:%SZ") - [2015,2,5,23,51,47,4,63] diff --git a/pkgs/development/tools/jq/default.nix b/pkgs/development/tools/jq/default.nix index 712ec64bd41..b7b2b5066b9 100644 --- a/pkgs/development/tools/jq/default.nix +++ b/pkgs/development/tools/jq/default.nix @@ -2,33 +2,17 @@ stdenv.mkDerivation rec { name = "jq-${version}"; - version="1.5"; + version="1.6"; src = fetchurl { url="https://github.com/stedolan/jq/releases/download/jq-${version}/jq-${version}.tar.gz"; - sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4"; + sha256="1a76f46a652i2g333kfvrl6mp2w7whf6h1yly519izg4y967h9cn"; }; outputs = [ "bin" "doc" "man" "dev" "lib" "out" ]; buildInputs = [ oniguruma ]; - patches = [ - (fetchpatch { - name = "CVE-2015-8863.patch"; - url = https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd.diff; - sha256 = "18bjanzvklfzlzzd690y88725l7iwl4f6wnr429na5pfmircbpvh"; - }) - (fetchpatch { - name = "CVE-2016-4074.patch"; - url = https://patch-diff.githubusercontent.com/raw/stedolan/jq/pull/1214.diff; - sha256 = "1w8bapnyp56di6p9casbfczfn8258rw0z16grydavdjddfm280l9"; - }) - ] - ++ stdenv.lib.optional stdenv.isDarwin ./darwin-strptime-test.patch; - - patchFlags = [ "-p2" ]; # `src` subdir was introduced after v1.5 was released - configureFlags = [ "--bindir=\${bin}/bin" diff --git a/pkgs/development/tools/pyre/default.nix b/pkgs/development/tools/pyre/default.nix index 99e53610c01..382e733cb98 100644 --- a/pkgs/development/tools/pyre/default.nix +++ b/pkgs/development/tools/pyre/default.nix @@ -1,9 +1,15 @@ { stdenv, fetchFromGitHub, ocamlPackages, makeWrapper, writeScript -, dune, python3, rsync, fetchpatch }: +, dune, python3, rsync, fetchpatch, buck }: let # Manually set version - the setup script requires # hg and git + keeping the .git directory around. - pyre-version = "0.0.14"; + pyre-version = "0.0.17"; # also change typeshed revision below with $pyre-src/.typeshed-version + pyre-src = fetchFromGitHub { + owner = "facebook"; + repo = "pyre-check"; + rev = "v${pyre-version}"; + sha256 = "0y86a3g5xbgh0byksyx5jw7yq7w840x85dhz9inz6mkg5j06mcis"; + }; versionFile = writeScript "version.ml" '' cat > "./version.ml" < dune cp ${versionFile} ./scripts/generate-version-number.sh @@ -77,20 +77,18 @@ let description = "A performant type-checker for Python 3"; homepage = https://pyre-check.org; license = licenses.mit; - platforms = with platforms; linux; + platforms = ocamlPackages.ocaml.meta.platforms; maintainers = with maintainers; [ teh ]; }; }; typeshed = stdenv.mkDerivation { name = "typeshed"; - # typeshed doesn't have versions, it seems to be synchronized with - # mypy relases. I'm assigning a random version here (same as pyre). version = pyre-version; src = fetchFromGitHub { owner = "python"; repo = "typeshed"; - rev = "a08c6ea"; - sha256 = "0wy8yh43vhyyc4g7iqnmlj66kz5in02y5qc0c4jdckhpa3mchaqk"; + rev = "bc3f9fe1d3c43b00c04cedb23e0eeebc9e1734b6"; + sha256 = "06b2kj4n49h4sgi8hn5kalmir8llhanfdc7f1924cxvrkj5ry94b"; }; phases = [ "unpackPhase" "installPhase" ]; installPhase = "cp -r $src $out"; @@ -98,19 +96,8 @@ typeshed = stdenv.mkDerivation { in python3.pkgs.buildPythonApplication rec { pname = "pyre-check"; version = pyre-version; - src = fetchFromGitHub { - owner = "facebook"; - repo = "pyre-check"; - rev = "v${pyre-version}"; - sha256 = "0ig7bx2kfn2kbxw74wysh5365yp5gyby42l9l29iclrzdghgk32l"; - }; - patches = [ - (fetchpatch { - url = "https://github.com/facebook/pyre-check/commit/b473d2ed9fc11e7c1cd0c7b8c42f521e5cdc2003.patch"; - sha256 = "05xvyp7j4n6z92bxf64rxfq5pvaadxgx1c8c5qziy75vdz72lkcy"; - }) - ./pyre-bdist-wheel.patch - ]; + src = pyre-src; + patches = [ ./pyre-bdist-wheel.patch ]; # The build-pypi-package script does some funky stuff with build # directories - easier to patch it a bit than to replace it @@ -119,15 +106,21 @@ in python3.pkgs.buildPythonApplication rec { mkdir ./build substituteInPlace scripts/build-pypi-package.sh \ --replace 'NIX_BINARY_FILE' '${pyre-bin}/bin/pyre.bin' \ - --replace 'BUILD_ROOT="$(mktemp -d)"' "BUILD_ROOT=$(pwd)/build" + --replace 'BUILD_ROOT="$(mktemp -d)"' "BUILD_ROOT=$PWD/build" + substituteInPlace client/buck.py \ + --replace '"buck"' '"${buck}/bin/buck"' + substituteInPlace client/tests/buck_test.py \ + --replace '"buck"' '"${buck}/bin/buck"' ''; - buildInputs = [ pyre-bin rsync ]; + buildInputs = [ pyre-bin ]; + nativeBuildInputs = [ rsync ]; # only required for build-pypi-package.sh propagatedBuildInputs = with python3.pkgs; [ docutils typeshed ]; buildPhase = '' bash scripts/build-pypi-package.sh --version ${pyre-version} --bundle-typeshed ${typeshed} cp -r build/dist dist ''; - - doCheck = false; # can't open file 'nix_run_setup': + checkPhase = '' + bash scripts/run-python-tests.sh + ''; } diff --git a/pkgs/development/tools/rust/cargo-asm/default.nix b/pkgs/development/tools/rust/cargo-asm/default.nix index ca793bf4908..246f5b18843 100644 --- a/pkgs/development/tools/rust/cargo-asm/default.nix +++ b/pkgs/development/tools/rust/cargo-asm/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, rustPlatform }: +{ stdenv, fetchFromGitHub, rustPlatform, Security }: rustPlatform.buildRustPackage rec { name = "cargo-asm-${version}"; @@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "1m2j6i8hc8isdlj77gv9m6sk6q0x3bvzpva2k16g27i1ngy1989b"; + buildInputs = stdenv.lib.optional stdenv.isDarwin Security; + # Test checks against machine code output, which fails with some # LLVM/compiler versions. doCheck = false; diff --git a/pkgs/games/gemrb/default.nix b/pkgs/games/gemrb/default.nix index 0e902525922..fc7bf7168dd 100644 --- a/pkgs/games/gemrb/default.nix +++ b/pkgs/games/gemrb/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchFromGitHub, cmake -, freetype, SDL2, SDL2_mixer, openal, zlib, libpng, python, libvorbis }: +, freetype, SDL2, SDL2_mixer, openal, zlib, libpng, python, libvorbis +, libiconv }: stdenv.mkDerivation rec { name = "gemrb-${version}"; @@ -13,7 +14,7 @@ stdenv.mkDerivation rec { }; # TODO: make libpng, libvorbis, sdl_mixer, freetype, vlc, glew (and other gl reqs) optional - buildInputs = [ freetype python openal SDL2 SDL2_mixer zlib libpng libvorbis ]; + buildInputs = [ freetype python openal SDL2 SDL2_mixer zlib libpng libvorbis libiconv ]; nativeBuildInputs = [ cmake ]; diff --git a/pkgs/tools/admin/nomachine-client/default.nix b/pkgs/tools/admin/nomachine-client/default.nix new file mode 100644 index 00000000000..be616c1bf9e --- /dev/null +++ b/pkgs/tools/admin/nomachine-client/default.nix @@ -0,0 +1,83 @@ +{ stdenv, lib, file, fetchurl, makeWrapper, autoPatchelfHook, jsoncpp }: +let + versionMajor = "6.3"; + versionMinor = "6_1"; +in + stdenv.mkDerivation rec { + name = "nomachine-client-${version}"; + version = "${versionMajor}.${versionMinor}"; + + src = + if stdenv.hostPlatform.system == "x86_64-linux" then + fetchurl { + url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_x86_64.tar.gz"; + sha256 = "1035j2z2rqmdfb8cfm1pakd05c575640604b8lkljmilpky9mw5d"; + } + else if stdenv.hostPlatform.system == "i686-linux" then + fetchurl { + url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_i686.tar.gz"; + sha256 = "07j9f6mlq9m01ch8ik5dybi283vrp5dlv156jr5n7n2chzk34kf3"; + } + else + throw "NoMachine client is not supported on ${stdenv.hostPlatform.system}"; + + postUnpack = '' + mv $(find . -type f -name nxclient.tar.gz) . + mv $(find . -type f -name nxplayer.tar.gz) . + rm -r NX/ + tar xf nxclient.tar.gz + tar xf nxplayer.tar.gz + rm $(find . -maxdepth 1 -type f) + ''; + + nativeBuildInputs = [ file makeWrapper autoPatchelfHook ]; + buildInputs = [ jsoncpp ]; + + installPhase = '' + rm bin/nxplayer bin/nxclient + + mkdir -p $out/NX + cp -r bin lib share $out/NX/ + + ln -s $out/NX/bin $out/bin + + for i in share/icons/*; do + if [[ -d "$i" ]]; then + mkdir -p "$out/share/icons/hicolor/$(basename $i)/apps" + cp "$i"/* "$out/share/icons/hicolor/$(basename $i)/apps/" + fi + done + + mkdir $out/share/applications + cp share/applnk/player/xdg/*.desktop $out/share/applications/ + cp share/applnk/client/xdg-mime/*.desktop $out/share/applications/ + + mkdir -p $out/share/mime/packages + cp share/applnk/client/xdg-mime/*.xml $out/share/mime/packages/ + + for i in $out/share/applications/*.desktop; do + substituteInPlace "$i" --replace /usr/NX/bin $out/bin + done + ''; + + postFixup = '' + makeWrapper $out/bin/nxplayer.bin $out/bin/nxplayer --set NX_SYSTEM $out/NX + makeWrapper $out/bin/nxclient.bin $out/bin/nxclient --set NX_SYSTEM $out/NX + ''; + + dontBuild = true; + dontStrip = true; + + meta = with stdenv.lib; { + description = "NoMachine remote desktop client (nxplayer)"; + homepage = https://www.nomachine.com/; + license = { + fullName = "NoMachine 6 End-User License Agreement"; + url = https://www.nomachine.com/licensing-6; + free = false; + }; + maintainers = with maintainers; [ talyz ]; + platforms = [ "x86_64-linux" "i686-linux" ]; + }; + } + diff --git a/pkgs/tools/audio/abcmidi/default.nix b/pkgs/tools/audio/abcmidi/default.nix index 2d54c182349..1a215d4ca83 100644 --- a/pkgs/tools/audio/abcmidi/default.nix +++ b/pkgs/tools/audio/abcmidi/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "abcMIDI-${version}"; - version = "2018.06.23"; + version = "2018.10.25"; src = fetchzip { url = "https://ifdo.ca/~seymour/runabc/${name}.zip"; - sha256 = "0487dlw9v4ayb929w8bk71fs4nbcs1liyk59g6sfr4yn6dx2sl2d"; + sha256 = "0q7yrds1hpis1821mdsz31c2cvn7hs73a10fi1mrk1v4hqql8vv3"; }; # There is also a file called "makefile" which seems to be preferred by the standard build phase diff --git a/pkgs/tools/misc/bat/default.nix b/pkgs/tools/misc/bat/default.nix index 4bd4a02c7a2..d449b3b82f9 100644 --- a/pkgs/tools/misc/bat/default.nix +++ b/pkgs/tools/misc/bat/default.nix @@ -20,6 +20,9 @@ rustPlatform.buildRustPackage rec { buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security libiconv ]; + # https://github.com/NixOS/nixpkgs/issues/49642 + doCheck = !stdenv.isDarwin; + postInstall = '' install -m 444 -Dt $out/share/man/man1 doc/bat.1 diff --git a/pkgs/tools/package-management/nix-du/default.nix b/pkgs/tools/package-management/nix-du/default.nix index 24672296506..59ec714261b 100644 --- a/pkgs/tools/package-management/nix-du/default.nix +++ b/pkgs/tools/package-management/nix-du/default.nix @@ -1,25 +1,23 @@ -{ stdenv, fetchFromGitHub, rustPlatform, nix, boost, graphviz }: +{ stdenv, fetchFromGitHub, rustPlatform, nix, boost, graphviz, darwin }: rustPlatform.buildRustPackage rec { name = "nix-du-${version}"; - version = "0.2.0"; + version = "0.3.0"; src = fetchFromGitHub { owner = "symphorien"; repo = "nix-du"; rev = "v${version}"; - sha256 = "1n1qgqjbwbb59xnzgz0dn8h8pckh6yq3crh0w6x2sngijwh678x8"; + sha256 = "1x6qpivxbn94034jfdxb97xi97fhcdv2z7llq2ccfc80mgd0gz8l"; }; - cargoSha256 = "1qidbrkdpf4kliyvy2040qi3a67s8mr2r46rjcblr1v2gar0xgs0"; + cargoSha256 = "0sva4lnhccm6ly7pa6m99s3fqkmh1dzv7r2727nsg2f55prd4kxc"; - # switch to true when nix includes https://github.com/NixOS/nix/pull/2223 and - # https://github.com/NixOS/nix/pull/2234 - doCheck = false; + doCheck = true; checkInputs = [ graphviz ]; buildInputs = [ boost nix - ]; + ] ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security; meta = with stdenv.lib; { description = "A tool to determine which gc-roots take space in your nix store"; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 380e403262c..ec338f5b913 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4388,6 +4388,8 @@ with pkgs; nms = callPackage ../tools/misc/nms { }; + nomachine-client = callPackage ../tools/admin/nomachine-client { }; + notify-desktop = callPackage ../tools/misc/notify-desktop {}; nkf = callPackage ../tools/text/nkf {}; @@ -7350,7 +7352,9 @@ with pkgs; cargo-tree = callPackage ../tools/package-management/cargo-tree { }; cargo-update = callPackage ../tools/package-management/cargo-update { }; - cargo-asm = callPackage ../development/tools/rust/cargo-asm { }; + cargo-asm = callPackage ../development/tools/rust/cargo-asm { + inherit (darwin.apple_sdk.frameworks) Security; + }; cargo-fuzz = callPackage ../development/tools/rust/cargo-fuzz { }; pyo3-pack = callPackage ../development/tools/rust/pyo3-pack { }; @@ -16045,6 +16049,8 @@ with pkgs; pulseaudioSupport = config.pulseaudio or false; }; + cmusfm = callPackage ../applications/audio/cmusfm { }; + cni = callPackage ../applications/networking/cluster/cni {}; cni-plugins = callPackage ../applications/networking/cluster/cni/plugins.nix {}; diff --git a/pkgs/top-level/release-cross.nix b/pkgs/top-level/release-cross.nix index 456bacb106b..6cf0cb57be4 100644 --- a/pkgs/top-level/release-cross.nix +++ b/pkgs/top-level/release-cross.nix @@ -142,7 +142,7 @@ in avr = mapTestOnCross lib.systems.examples.avr embedded; arm-embedded = mapTestOnCross lib.systems.examples.arm-embedded embedded; - powerpc-embedded = mapTestOnCross lib.systems.examples.powerpc-embedded embedded; + powerpc-embedded = mapTestOnCross lib.systems.examples.ppc-embedded embedded; aarch64-embedded = mapTestOnCross lib.systems.examples.aarch64-embedded embedded; i686-embedded = mapTestOnCross lib.systems.examples.i686-embedded embedded; x86_64-embedded = mapTestOnCross lib.systems.examples.x86_64-embedded embedded;