From c8c77476dc32afd42b6ac511c9895db7d93b1bc9 Mon Sep 17 00:00:00 2001 From: CharlesHD Date: Tue, 30 Oct 2018 16:01:56 +0100 Subject: [PATCH 01/33] cmusfm: init at 2018-10-11 --- pkgs/applications/audio/cmusfm/default.nix | 36 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 ++ 2 files changed, 38 insertions(+) create mode 100644 pkgs/applications/audio/cmusfm/default.nix diff --git a/pkgs/applications/audio/cmusfm/default.nix b/pkgs/applications/audio/cmusfm/default.nix new file mode 100644 index 00000000000..e528e9699a7 --- /dev/null +++ b/pkgs/applications/audio/cmusfm/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, curl, libnotify, gdk_pixbuf }: + +stdenv.mkDerivation rec { + version = "2018-10-11"; + name = "cmusfm-unstable-${version}"; + src = fetchFromGitHub { + owner = "Arkq"; + repo = "cmusfm"; + rev = "ad2fd0aad3f4f1a25add1b8c2f179e8859885873"; + sha256 = "0wpwdwgyrp64nvwc6shy0n387p31j6aw6cnmfi9x2y1jhl5hbv6b"; + }; + # building + configureFlags = [ "--enable-libnotify" ]; + nativeBuildInputs = [ autoreconfHook pkgconfig ]; + buildInputs = [ curl libnotify gdk_pixbuf ]; + + meta = with stdenv.lib; { + description = "Last.fm and Libre.fm standalone scrobbler for the cmus music player"; + longDescription = '' + Features: + + Listening now notification support + + Off-line played track cache for later submission + + POSIX ERE-based file name parser + + Desktop notification support (optionally) + + Customizable scrobbling service + + Small memory footprint + Configuration: + + run `cmusfm init` to generate configuration file under ~/.config/cmus/cmusfm.conf + + Inside cmus run `:set status_display_program=cmusfm` to set up cmusfm + ''; + homepage = https://github.com/Arkq/cmusfm/; + maintainers = with stdenv.lib.maintainers; [ CharlesHD ]; + license = licenses.gpl3Plus; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f98bf64fdf7..455620eedb1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16052,6 +16052,8 @@ with pkgs; pulseaudioSupport = config.pulseaudio or false; }; + cmusfm = callPackage ../applications/audio/cmusfm { }; + cni = callPackage ../applications/networking/cluster/cni {}; cni-plugins = callPackage ../applications/networking/cluster/cni/plugins.nix {}; From 84db315fb364972cd4d5687b52adb363900d3d86 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Thu, 1 Nov 2018 13:17:01 +0100 Subject: [PATCH 02/33] libid3tag: patch CVE-2017-11550 and CVE-2017-11551 --- .../CVE-2017-11550-and-CVE-2017-11551.patch | 13 +++++++++++++ pkgs/development/libraries/libid3tag/default.nix | 5 ++++- 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch diff --git a/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch b/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch new file mode 100644 index 00000000000..b1f9d0978ce --- /dev/null +++ b/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch @@ -0,0 +1,13 @@ +Common subdirectories: libid3tag-0.15.1b/msvc++ and libid3tag-0.15.1b-patched/msvc++ +diff -uwp libid3tag-0.15.1b/utf16.c libid3tag-0.15.1b-patched/utf16.c +--- libid3tag-0.15.1b/utf16.c 2004-01-23 10:41:32.000000000 +0100 ++++ libid3tag-0.15.1b-patched/utf16.c 2018-11-01 13:12:00.866050641 +0100 +@@ -250,6 +250,8 @@ id3_ucs4_t *id3_utf16_deserialize(id3_by + id3_ucs4_t *ucs4; + + end = *ptr + (length & ~1); ++ if (end == *ptr) ++ return 0; + + utf16 = malloc((length / 2 + 1) * sizeof(*utf16)); + if (utf16 == 0) diff --git a/pkgs/development/libraries/libid3tag/default.nix b/pkgs/development/libraries/libid3tag/default.nix index 0289a5331f8..4b7d9bdc2e3 100644 --- a/pkgs/development/libraries/libid3tag/default.nix +++ b/pkgs/development/libraries/libid3tag/default.nix @@ -14,7 +14,10 @@ stdenv.mkDerivation rec { propagatedBuildInputs = [ zlib gperf ]; - patches = [ ./debian-patches.patch ]; + patches = [ + ./debian-patches.patch + ./CVE-2017-11550-and-CVE-2017-11551.patch + ]; preConfigure = '' configureFlagsArray+=( From f422f8d0ad94cbb0ba1d0daf2c5a95e8ddf14a4d Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 1 Nov 2018 22:29:18 -0500 Subject: [PATCH 03/33] pyre: fix darwin build --- pkgs/development/tools/pyre/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/tools/pyre/default.nix b/pkgs/development/tools/pyre/default.nix index 99e53610c01..108f8bdb3ab 100644 --- a/pkgs/development/tools/pyre/default.nix +++ b/pkgs/development/tools/pyre/default.nix @@ -77,7 +77,7 @@ let description = "A performant type-checker for Python 3"; homepage = https://pyre-check.org; license = licenses.mit; - platforms = with platforms; linux; + platforms = ocamlPackages.ocaml.meta.platforms; maintainers = with maintainers; [ teh ]; }; }; From c7c278dc0fdf97aea865efebb76454df6b44af2b Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Thu, 1 Nov 2018 22:31:11 -0500 Subject: [PATCH 04/33] pyre: enable tests --- pkgs/development/tools/pyre/default.nix | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/pkgs/development/tools/pyre/default.nix b/pkgs/development/tools/pyre/default.nix index 108f8bdb3ab..a0ea5f59f25 100644 --- a/pkgs/development/tools/pyre/default.nix +++ b/pkgs/development/tools/pyre/default.nix @@ -1,5 +1,5 @@ { stdenv, fetchFromGitHub, ocamlPackages, makeWrapper, writeScript -, dune, python3, rsync, fetchpatch }: +, dune, python3, rsync, fetchpatch, buck }: let # Manually set version - the setup script requires # hg and git + keeping the .git directory around. @@ -120,6 +120,10 @@ in python3.pkgs.buildPythonApplication rec { substituteInPlace scripts/build-pypi-package.sh \ --replace 'NIX_BINARY_FILE' '${pyre-bin}/bin/pyre.bin' \ --replace 'BUILD_ROOT="$(mktemp -d)"' "BUILD_ROOT=$(pwd)/build" + substituteInPlace client/buck.py \ + --replace '"buck"' '"${buck}/bin/buck"' + substituteInPlace client/tests/buck_test.py \ + --replace '"buck"' '"${buck}/bin/buck"' ''; buildInputs = [ pyre-bin rsync ]; @@ -128,6 +132,8 @@ in python3.pkgs.buildPythonApplication rec { bash scripts/build-pypi-package.sh --version ${pyre-version} --bundle-typeshed ${typeshed} cp -r build/dist dist ''; - - doCheck = false; # can't open file 'nix_run_setup': + checkPhase = '' + sed -i 's/which python3/command -v python3/g' scripts/run-python-tests.sh + bash scripts/run-python-tests.sh + ''; } From 91ce8c050fdc1bd3fb29caa54cade79adb04979d Mon Sep 17 00:00:00 2001 From: Mario Rodas Date: Fri, 2 Nov 2018 06:42:05 -0500 Subject: [PATCH 05/33] pyre: 0.0.14 -> 0.0.17 --- pkgs/development/tools/pyre/default.nix | 43 +++++++++---------------- 1 file changed, 15 insertions(+), 28 deletions(-) diff --git a/pkgs/development/tools/pyre/default.nix b/pkgs/development/tools/pyre/default.nix index a0ea5f59f25..382e733cb98 100644 --- a/pkgs/development/tools/pyre/default.nix +++ b/pkgs/development/tools/pyre/default.nix @@ -3,7 +3,13 @@ let # Manually set version - the setup script requires # hg and git + keeping the .git directory around. - pyre-version = "0.0.14"; + pyre-version = "0.0.17"; # also change typeshed revision below with $pyre-src/.typeshed-version + pyre-src = fetchFromGitHub { + owner = "facebook"; + repo = "pyre-check"; + rev = "v${pyre-version}"; + sha256 = "0y86a3g5xbgh0byksyx5jw7yq7w840x85dhz9inz6mkg5j06mcis"; + }; versionFile = writeScript "version.ml" '' cat > "./version.ml" < dune cp ${versionFile} ./scripts/generate-version-number.sh @@ -83,14 +83,12 @@ let }; typeshed = stdenv.mkDerivation { name = "typeshed"; - # typeshed doesn't have versions, it seems to be synchronized with - # mypy relases. I'm assigning a random version here (same as pyre). version = pyre-version; src = fetchFromGitHub { owner = "python"; repo = "typeshed"; - rev = "a08c6ea"; - sha256 = "0wy8yh43vhyyc4g7iqnmlj66kz5in02y5qc0c4jdckhpa3mchaqk"; + rev = "bc3f9fe1d3c43b00c04cedb23e0eeebc9e1734b6"; + sha256 = "06b2kj4n49h4sgi8hn5kalmir8llhanfdc7f1924cxvrkj5ry94b"; }; phases = [ "unpackPhase" "installPhase" ]; installPhase = "cp -r $src $out"; @@ -98,19 +96,8 @@ typeshed = stdenv.mkDerivation { in python3.pkgs.buildPythonApplication rec { pname = "pyre-check"; version = pyre-version; - src = fetchFromGitHub { - owner = "facebook"; - repo = "pyre-check"; - rev = "v${pyre-version}"; - sha256 = "0ig7bx2kfn2kbxw74wysh5365yp5gyby42l9l29iclrzdghgk32l"; - }; - patches = [ - (fetchpatch { - url = "https://github.com/facebook/pyre-check/commit/b473d2ed9fc11e7c1cd0c7b8c42f521e5cdc2003.patch"; - sha256 = "05xvyp7j4n6z92bxf64rxfq5pvaadxgx1c8c5qziy75vdz72lkcy"; - }) - ./pyre-bdist-wheel.patch - ]; + src = pyre-src; + patches = [ ./pyre-bdist-wheel.patch ]; # The build-pypi-package script does some funky stuff with build # directories - easier to patch it a bit than to replace it @@ -119,21 +106,21 @@ in python3.pkgs.buildPythonApplication rec { mkdir ./build substituteInPlace scripts/build-pypi-package.sh \ --replace 'NIX_BINARY_FILE' '${pyre-bin}/bin/pyre.bin' \ - --replace 'BUILD_ROOT="$(mktemp -d)"' "BUILD_ROOT=$(pwd)/build" + --replace 'BUILD_ROOT="$(mktemp -d)"' "BUILD_ROOT=$PWD/build" substituteInPlace client/buck.py \ --replace '"buck"' '"${buck}/bin/buck"' substituteInPlace client/tests/buck_test.py \ --replace '"buck"' '"${buck}/bin/buck"' ''; - buildInputs = [ pyre-bin rsync ]; + buildInputs = [ pyre-bin ]; + nativeBuildInputs = [ rsync ]; # only required for build-pypi-package.sh propagatedBuildInputs = with python3.pkgs; [ docutils typeshed ]; buildPhase = '' bash scripts/build-pypi-package.sh --version ${pyre-version} --bundle-typeshed ${typeshed} cp -r build/dist dist ''; checkPhase = '' - sed -i 's/which python3/command -v python3/g' scripts/run-python-tests.sh bash scripts/run-python-tests.sh ''; } From 06acfb853fb6598237b944bb129da66593f228e6 Mon Sep 17 00:00:00 2001 From: talyz Date: Sat, 27 Oct 2018 10:38:47 +0200 Subject: [PATCH 06/33] nomachine-client: init at 6.3.6_1 Packages mainly the nxplayer part of the client, since the tray doesn't work very well without the server / a complete installation. Use the shipped libs, since nxplayer really doesn't like any others. I believe they use internally modified versions of many libs. Audio doesn't work: the libasound.so shipped looks for the alsa config files in the wrong place, and even if it finds them, it still doesn't work. Using the one from alsaLib doesn't work either and adds instability. --- maintainers/maintainer-list.nix | 5 ++ pkgs/tools/admin/nomachine-client/default.nix | 83 +++++++++++++++++++ pkgs/top-level/all-packages.nix | 2 + 3 files changed, 90 insertions(+) create mode 100644 pkgs/tools/admin/nomachine-client/default.nix diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix index 22ea07b9f11..f04e02bb1c7 100644 --- a/maintainers/maintainer-list.nix +++ b/maintainers/maintainer-list.nix @@ -4143,6 +4143,11 @@ github = "taku0"; name = "Takuo Yonezawa"; }; + talyz = { + email = "kim.lindberger@gmail.com"; + github = "talyz"; + name = "Kim Lindberger"; + }; tari = { email = "peter@taricorp.net"; github = "tari"; diff --git a/pkgs/tools/admin/nomachine-client/default.nix b/pkgs/tools/admin/nomachine-client/default.nix new file mode 100644 index 00000000000..be616c1bf9e --- /dev/null +++ b/pkgs/tools/admin/nomachine-client/default.nix @@ -0,0 +1,83 @@ +{ stdenv, lib, file, fetchurl, makeWrapper, autoPatchelfHook, jsoncpp }: +let + versionMajor = "6.3"; + versionMinor = "6_1"; +in + stdenv.mkDerivation rec { + name = "nomachine-client-${version}"; + version = "${versionMajor}.${versionMinor}"; + + src = + if stdenv.hostPlatform.system == "x86_64-linux" then + fetchurl { + url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_x86_64.tar.gz"; + sha256 = "1035j2z2rqmdfb8cfm1pakd05c575640604b8lkljmilpky9mw5d"; + } + else if stdenv.hostPlatform.system == "i686-linux" then + fetchurl { + url = "https://download.nomachine.com/download/${versionMajor}/Linux/nomachine_${version}_i686.tar.gz"; + sha256 = "07j9f6mlq9m01ch8ik5dybi283vrp5dlv156jr5n7n2chzk34kf3"; + } + else + throw "NoMachine client is not supported on ${stdenv.hostPlatform.system}"; + + postUnpack = '' + mv $(find . -type f -name nxclient.tar.gz) . + mv $(find . -type f -name nxplayer.tar.gz) . + rm -r NX/ + tar xf nxclient.tar.gz + tar xf nxplayer.tar.gz + rm $(find . -maxdepth 1 -type f) + ''; + + nativeBuildInputs = [ file makeWrapper autoPatchelfHook ]; + buildInputs = [ jsoncpp ]; + + installPhase = '' + rm bin/nxplayer bin/nxclient + + mkdir -p $out/NX + cp -r bin lib share $out/NX/ + + ln -s $out/NX/bin $out/bin + + for i in share/icons/*; do + if [[ -d "$i" ]]; then + mkdir -p "$out/share/icons/hicolor/$(basename $i)/apps" + cp "$i"/* "$out/share/icons/hicolor/$(basename $i)/apps/" + fi + done + + mkdir $out/share/applications + cp share/applnk/player/xdg/*.desktop $out/share/applications/ + cp share/applnk/client/xdg-mime/*.desktop $out/share/applications/ + + mkdir -p $out/share/mime/packages + cp share/applnk/client/xdg-mime/*.xml $out/share/mime/packages/ + + for i in $out/share/applications/*.desktop; do + substituteInPlace "$i" --replace /usr/NX/bin $out/bin + done + ''; + + postFixup = '' + makeWrapper $out/bin/nxplayer.bin $out/bin/nxplayer --set NX_SYSTEM $out/NX + makeWrapper $out/bin/nxclient.bin $out/bin/nxclient --set NX_SYSTEM $out/NX + ''; + + dontBuild = true; + dontStrip = true; + + meta = with stdenv.lib; { + description = "NoMachine remote desktop client (nxplayer)"; + homepage = https://www.nomachine.com/; + license = { + fullName = "NoMachine 6 End-User License Agreement"; + url = https://www.nomachine.com/licensing-6; + free = false; + }; + maintainers = with maintainers; [ talyz ]; + platforms = [ "x86_64-linux" "i686-linux" ]; + }; + } + diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 57f65c28deb..99b95e7345a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4362,6 +4362,8 @@ with pkgs; nms = callPackage ../tools/misc/nms { }; + nomachine-client = callPackage ../tools/admin/nomachine-client { }; + notify-desktop = callPackage ../tools/misc/notify-desktop {}; nkf = callPackage ../tools/text/nkf {}; From ec7cb84bf07ef1064a28b0b4dbb370efacd9e56e Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Fri, 2 Nov 2018 21:22:51 +0100 Subject: [PATCH 07/33] gitlab: refactor and fix test --- nixos/modules/services/misc/gitlab.nix | 214 ++++++++---------- nixos/release.nix | 2 +- nixos/tests/gitlab.nix | 18 +- .../version-management/gitlab/default.nix | 12 +- 4 files changed, 109 insertions(+), 137 deletions(-) diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 8ea831afb7c..ce1cb6ad37f 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -14,15 +14,16 @@ let pathUrlQuote = url: replaceStrings ["/"] ["%2F"] url; pgSuperUser = config.services.postgresql.superUser; - databaseYml = '' - production: - adapter: postgresql - database: ${cfg.databaseName} - host: ${cfg.databaseHost} - password: ${cfg.databasePassword} - username: ${cfg.databaseUsername} - encoding: utf8 - ''; + databaseConfig = { + production = { + adapter = "postgresql"; + database = cfg.databaseName; + host = cfg.databaseHost; + password = cfg.databasePassword; + username = cfg.databaseUsername; + encoding = "utf8"; + }; + }; gitalyToml = pkgs.writeText "gitaly.toml" '' socket_path = "${lib.escape ["\""] gitalySocket}" @@ -45,35 +46,31 @@ let '') gitlabConfig.production.repositories.storages))} ''; - gitlabShellYml = '' - user: ${cfg.user} - gitlab_url: "http+unix://${pathUrlQuote gitlabSocket}" - http_settings: - self_signed_cert: false - repos_path: "${cfg.statePath}/repositories" - secret_file: "${cfg.statePath}/config/gitlab_shell_secret" - log_file: "${cfg.statePath}/log/gitlab-shell.log" - custom_hooks_dir: "${cfg.statePath}/custom_hooks" - redis: - bin: ${pkgs.redis}/bin/redis-cli - host: 127.0.0.1 - port: 6379 - database: 0 - namespace: resque:gitlab - ''; + gitlabShellConfig = { + user = cfg.user; + gitlab_url = "http+unix://${pathUrlQuote gitlabSocket}"; + http_settings.self_signed_cert = false; + repos_path = "${cfg.statePath}/repositories"; + secret_file = "${cfg.statePath}/config/gitlab_shell_secret"; + log_file = "${cfg.statePath}/log/gitlab-shell.log"; + custom_hooks_dir = "${cfg.statePath}/custom_hooks"; + redis = { + bin = "${pkgs.redis}/bin/redis-cli"; + host = "127.0.0.1"; + port = 6379; + database = 0; + namespace = "resque:gitlab"; + }; + }; - redisYml = '' - production: - url: redis://localhost:6379/ - ''; + redisConfig.production.url = "redis://localhost:6379/"; - secretsYml = '' - production: - secret_key_base: ${cfg.secrets.secret} - otp_key_base: ${cfg.secrets.otp} - db_key_base: ${cfg.secrets.db} - openid_connect_signing_key: ${builtins.toJSON cfg.secrets.jws} - ''; + secretsConfig.production = { + secret_key_base = cfg.secrets.secret; + otp_key_base = cfg.secrets.otp; + db_key_base = cfg.secrets.db; + openid_connect_signing_key = cfg.secrets.jws; + }; gitlabConfig = { # These are the default settings from config/gitlab.example.yml @@ -115,12 +112,8 @@ let upload_pack = true; receive_pack = true; }; - workhorse = { - secret_file = "${cfg.statePath}/.gitlab_workhorse_secret"; - }; - git = { - bin_path = "git"; - }; + workhorse.secret_file = "${cfg.statePath}/.gitlab_workhorse_secret"; + git.bin_path = "git"; monitoring = { ip_whitelist = [ "127.0.0.0/8" "::1/128" ]; sidekiq_exporter = { @@ -138,7 +131,7 @@ let HOME = "${cfg.statePath}/home"; UNICORN_PATH = "${cfg.statePath}/"; GITLAB_PATH = "${cfg.packages.gitlab}/share/gitlab/"; - GITLAB_STATE_PATH = "${cfg.statePath}"; + GITLAB_STATE_PATH = cfg.statePath; GITLAB_UPLOADS_PATH = "${cfg.statePath}/uploads"; SCHEMA = "${cfg.statePath}/db/schema.rb"; GITLAB_LOG_PATH = "${cfg.statePath}/log"; @@ -146,13 +139,11 @@ let GITLAB_SHELL_CONFIG_PATH = "${cfg.statePath}/shell/config.yml"; GITLAB_SHELL_SECRET_PATH = "${cfg.statePath}/config/gitlab_shell_secret"; GITLAB_SHELL_HOOKS_PATH = "${cfg.statePath}/shell/hooks"; - GITLAB_REDIS_CONFIG_FILE = pkgs.writeText "gitlab-redis.yml" redisYml; + GITLAB_REDIS_CONFIG_FILE = pkgs.writeText "redis.yml" (builtins.toJSON redisConfig); prometheus_multiproc_dir = "/run/gitlab"; RAILS_ENV = "production"; }; - unicornConfig = builtins.readFile ./defaultUnicornConfig.rb; - gitlab-rake = pkgs.stdenv.mkDerivation rec { name = "gitlab-rake"; buildInputs = [ pkgs.makeWrapper ]; @@ -162,7 +153,6 @@ let mkdir -p $out/bin makeWrapper ${cfg.packages.gitlab.rubyEnv}/bin/rake $out/bin/gitlab-rake \ ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \ - --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \ --set PATH '${lib.makeBinPath [ pkgs.nodejs pkgs.gzip pkgs.git pkgs.gnutar config.services.postgresql.package pkgs.coreutils pkgs.procps ]}:$PATH' \ --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \ --run 'cd ${cfg.packages.gitlab}/share/gitlab' @@ -306,7 +296,6 @@ in { initialRootPassword = mkOption { type = types.str; - default = "UseNixOS!"; description = '' Initial password of the root account if this is a new install. ''; @@ -461,10 +450,30 @@ in { } ]; + systemd.tmpfiles.rules = [ + "d /run/gitlab 0755 ${cfg.user} ${cfg.group} -" + "d ${gitlabEnv.HOME} 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.backupPath} 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/db 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/log 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/repositories 2770 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/shell 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/tmp/pids 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/tmp/sockets 0750 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/uploads 0700 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/custom_hooks/pre-receive.d 0700 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/custom_hooks/post-receive.d 0700 ${cfg.user} ${cfg.group} -" + "d ${cfg.statePath}/custom_hooks/update.d 0700 ${cfg.user} ${cfg.group} -" + "d ${gitlabConfig.production.shared.path}/artifacts 0750 ${cfg.user} ${cfg.group} -" + "d ${gitlabConfig.production.shared.path}/lfs-objects 0750 ${cfg.user} ${cfg.group} -" + "d ${gitlabConfig.production.shared.path}/pages 0750 ${cfg.user} ${cfg.group} -" + ]; + systemd.services.gitlab-sidekiq = { - after = [ "network.target" "redis.service" ]; + after = [ "network.target" "redis.service" "gitlab.service" ]; wantedBy = [ "multi-user.target" ]; - partOf = [ "gitlab.service" ]; environment = gitlabEnv; path = with pkgs; [ config.services.postgresql.package @@ -486,10 +495,8 @@ in { }; systemd.services.gitaly = { - after = [ "network.target" "gitlab.service" ]; + after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment.HOME = gitlabEnv.HOME; - environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH; path = with pkgs; [ gitAndTools.git cfg.packages.gitaly.rubyEnv cfg.packages.gitaly.rubyEnv.wrappedRuby ]; serviceConfig = { Type = "simple"; @@ -505,8 +512,6 @@ in { systemd.services.gitlab-workhorse = { after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment.HOME = gitlabEnv.HOME; - environment.GITLAB_SHELL_CONFIG_PATH = gitlabEnv.GITLAB_SHELL_CONFIG_PATH; path = with pkgs; [ gitAndTools.git gnutar @@ -514,10 +519,6 @@ in { openssh gitlab-workhorse ]; - preStart = '' - mkdir -p /run/gitlab - chown ${cfg.user}:${cfg.group} /run/gitlab - ''; serviceConfig = { PermissionsStartOnly = true; # preStart must be run as root Type = "simple"; @@ -538,7 +539,7 @@ in { }; systemd.services.gitlab = { - after = [ "network.target" "postgresql.service" "redis.service" ]; + after = [ "gitlab-workhorse.service" "gitaly.service" "network.target" "postgresql.service" "redis.service" ]; requires = [ "gitlab-sidekiq.service" ]; wantedBy = [ "multi-user.target" ]; environment = gitlabEnv; @@ -551,102 +552,75 @@ in { gnupg ]; preStart = '' - mkdir -p ${cfg.backupPath} - mkdir -p ${cfg.statePath}/builds - mkdir -p ${cfg.statePath}/repositories - mkdir -p ${gitlabConfig.production.shared.path}/artifacts - mkdir -p ${gitlabConfig.production.shared.path}/lfs-objects - mkdir -p ${gitlabConfig.production.shared.path}/pages - mkdir -p ${cfg.statePath}/log - mkdir -p ${cfg.statePath}/tmp/pids - mkdir -p ${cfg.statePath}/tmp/sockets - mkdir -p ${cfg.statePath}/shell - mkdir -p ${cfg.statePath}/db - mkdir -p ${cfg.statePath}/uploads - mkdir -p ${cfg.statePath}/custom_hooks/pre-receive.d - mkdir -p ${cfg.statePath}/custom_hooks/post-receive.d - mkdir -p ${cfg.statePath}/custom_hooks/update.d - - rm -rf ${cfg.statePath}/config ${cfg.statePath}/shell/hooks - mkdir -p ${cfg.statePath}/config - ${pkgs.openssl}/bin/openssl rand -hex 32 > ${cfg.statePath}/config/gitlab_shell_secret - mkdir -p /run/gitlab - mkdir -p ${cfg.statePath}/log - [ -d /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log - [ -d /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp - [ -d /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads - ln -sf $GITLAB_SHELL_CONFIG_PATH /run/gitlab/shell-config.yml - chown -R ${cfg.user}:${cfg.group} /run/gitlab - - # Prepare home directory - mkdir -p ${gitlabEnv.HOME}/.ssh - touch ${gitlabEnv.HOME}/.ssh/authorized_keys - chown -R ${cfg.user}:${cfg.group} ${gitlabEnv.HOME}/ - cp -rf ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config - ${optionalString cfg.smtp.enable '' - ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb - ''} - ln -sf ${cfg.statePath}/config /run/gitlab/config if [ -e ${cfg.statePath}/lib ]; then rm ${cfg.statePath}/lib fi - ln -sf ${pkgs.gitlab}/share/gitlab/lib ${cfg.statePath}/lib + + ln -sf ${cfg.packages.gitlab}/share/gitlab/lib ${cfg.statePath}/lib + [ -L /run/gitlab/config ] || ln -sf ${cfg.statePath}/config /run/gitlab/config + [ -L /run/gitlab/log ] || ln -sf ${cfg.statePath}/log /run/gitlab/log + [ -L /run/gitlab/tmp ] || ln -sf ${cfg.statePath}/tmp /run/gitlab/tmp + [ -L /run/gitlab/uploads ] || ln -sf ${cfg.statePath}/uploads /run/gitlab/uploads + ${optionalString cfg.smtp.enable '' + ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb + ''} cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION # JSON is a subset of YAML - ln -fs ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml - ln -fs ${pkgs.writeText "database.yml" databaseYml} ${cfg.statePath}/config/database.yml - ln -fs ${pkgs.writeText "secrets.yml" secretsYml} ${cfg.statePath}/config/secrets.yml - ln -fs ${pkgs.writeText "unicorn.rb" unicornConfig} ${cfg.statePath}/config/unicorn.rb + ln -sf ${pkgs.writeText "gitlab.yml" (builtins.toJSON gitlabConfig)} ${cfg.statePath}/config/gitlab.yml + ln -sf ${pkgs.writeText "database.yml" (builtins.toJSON databaseConfig)} ${cfg.statePath}/config/database.yml + ln -sf ${pkgs.writeText "secrets.yml" (builtins.toJSON secretsConfig)} ${cfg.statePath}/config/secrets.yml + ln -sf ${./defaultUnicornConfig.rb} ${cfg.statePath}/config/unicorn.rb + + # Install the shell required to push repositories + ln -sf ${pkgs.writeText "config.yml" (builtins.toJSON gitlabShellConfig)} /run/gitlab/shell-config.yml + [ -L ${cfg.statePath}/shell/hooks ] || ln -sf ${cfg.packages.gitlab-shell}/hooks ${cfg.statePath}/shell/hooks + ${cfg.packages.gitlab-shell}/bin/install chown -R ${cfg.user}:${cfg.group} ${cfg.statePath}/ chmod -R ug+rwX,o-rwx+X ${cfg.statePath}/ + chown -R ${cfg.user}:${cfg.group} /run/gitlab - # Install the shell required to push repositories - ln -fs ${pkgs.writeText "config.yml" gitlabShellYml} "$GITLAB_SHELL_CONFIG_PATH" - ln -fs ${cfg.packages.gitlab-shell}/hooks "$GITLAB_SHELL_HOOKS_PATH" - ${cfg.packages.gitlab-shell}/bin/install - - if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then - if ! test -e "${cfg.statePath}/db-created"; then + if ! test -e "${cfg.statePath}/db-created"; then + if [ "${cfg.databaseHost}" = "127.0.0.1" ]; then ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql postgres -c "CREATE ROLE ${cfg.databaseUsername} WITH LOGIN NOCREATEDB NOCREATEROLE ENCRYPTED PASSWORD '${cfg.databasePassword}'" ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} ${config.services.postgresql.package}/bin/createdb --owner ${cfg.databaseUsername} ${cfg.databaseName} - touch "${cfg.statePath}/db-created" + + # enable required pg_trgm extension for gitlab + ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql ${cfg.databaseName} -c "CREATE EXTENSION IF NOT EXISTS pg_trgm" fi - # enable required pg_trgm extension for gitlab - ${pkgs.sudo}/bin/sudo -u ${pgSuperUser} psql ${cfg.databaseName} -c "CREATE EXTENSION IF NOT EXISTS pg_trgm" + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake db:schema:load + + touch "${cfg.statePath}/db-created" fi # Always do the db migrations just to be sure the database is up-to-date - ${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake db:migrate - # The gitlab:setup task is horribly broken somehow, the db:migrate - # task above and the db:seed_fu below will do the same for setting - # up the initial database if ! test -e "${cfg.statePath}/db-seeded"; then - ${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \ + ${pkgs.sudo}/bin/sudo -u ${cfg.user} ${gitlab-rake}/bin/gitlab-rake db:seed_fu \ GITLAB_ROOT_PASSWORD='${cfg.initialRootPassword}' GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' touch "${cfg.statePath}/db-seeded" fi # The gitlab:shell:setup regenerates the authorized_keys file so that # the store path to the gitlab-shell in it gets updated - ${pkgs.sudo}/bin/sudo -u ${cfg.user} force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup RAILS_ENV=production + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H force=yes ${gitlab-rake}/bin/gitlab-rake gitlab:shell:setup # The gitlab:shell:create_hooks task seems broken for fixing links # so we instead delete all the hooks and create them anew rm -f ${cfg.statePath}/repositories/**/*.git/hooks - ${gitlab-rake}/bin/gitlab-rake gitlab:shell:create_hooks RAILS_ENV=production + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${gitlab-rake}/bin/gitlab-rake gitlab:shell:create_hooks + + ${pkgs.sudo}/bin/sudo -u ${cfg.user} -H ${pkgs.git}/bin/git config --global core.autocrlf "input" # Change permissions in the last step because some of the # intermediary scripts like to create directories as root. - chown -R ${cfg.user}:${cfg.group} ${cfg.statePath} - chmod -R ug+rwX,o-rwx+X ${cfg.statePath} chmod -R u+rwX,go-rwx+X ${gitlabEnv.HOME} chmod -R ug+rwX,o-rwx ${cfg.statePath}/repositories chmod -R ug-s ${cfg.statePath}/repositories diff --git a/nixos/release.nix b/nixos/release.nix index 51505d6aab9..96d2e11fff3 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -300,7 +300,7 @@ in rec { tests.fsck = callTest tests/fsck.nix {}; tests.fwupd = callTest tests/fwupd.nix {}; tests.gdk-pixbuf = callTest tests/gdk-pixbuf.nix {}; - #tests.gitlab = callTest tests/gitlab.nix {}; + tests.gitlab = callTest tests/gitlab.nix {}; tests.gitolite = callTest tests/gitolite.nix {}; tests.gjs = callTest tests/gjs.nix {}; tests.gocd-agent = callTest tests/gocd-agent.nix {}; diff --git a/nixos/tests/gitlab.nix b/nixos/tests/gitlab.nix index 3af2cbcd098..53675c375e3 100644 --- a/nixos/tests/gitlab.nix +++ b/nixos/tests/gitlab.nix @@ -1,14 +1,18 @@ # This test runs gitlab and checks if it works -import ./make-test.nix ({ pkgs, ...} : { +import ./make-test.nix ({ pkgs, lib, ...} : with lib; { name = "gitlab"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ domenkozar offline ]; + maintainers = [ globin ]; }; nodes = { gitlab = { ... }: { - virtualisation.memorySize = 768; + virtualisation.memorySize = 4096; + systemd.services.gitlab.serviceConfig.Restart = mkForce "no"; + systemd.services.gitlab-workhorse.serviceConfig.Restart = mkForce "no"; + systemd.services.gitaly.serviceConfig.Restart = mkForce "no"; + systemd.services.gitlab-sidekiq.serviceConfig.Restart = mkForce "no"; services.nginx = { enable = true; @@ -19,10 +23,10 @@ import ./make-test.nix ({ pkgs, ...} : { }; }; - systemd.services.gitlab.serviceConfig.TimeoutStartSec = "10min"; services.gitlab = { enable = true; databasePassword = "dbPassword"; + initialRootPassword = "notproduction"; secrets = { secret = "secret"; otp = "otpsecret"; @@ -65,8 +69,12 @@ import ./make-test.nix ({ pkgs, ...} : { testScript = '' $gitlab->start(); + $gitlab->waitForUnit("gitaly.service"); + $gitlab->waitForUnit("gitlab-workhorse.service"); $gitlab->waitForUnit("gitlab.service"); $gitlab->waitForUnit("gitlab-sidekiq.service"); - $gitlab->waitUntilSucceeds("curl http://localhost:80/users/sign_in"); + $gitlab->waitForFile("/var/gitlab/state/tmp/sockets/gitlab.socket"); + $gitlab->waitUntilSucceeds("curl -sSf http://localhost/users/sign_in"); + $gitlab->succeed("${pkgs.sudo}/bin/sudo -u gitlab -H gitlab-rake gitlab:check 1>&2") ''; }) diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index ace0df5efdf..933db40cfc0 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -63,17 +63,7 @@ stdenv.mkDerivation rec { --replace "ps -U" "${procps}/bin/ps -U" sed -i '/ask_to_continue/d' lib/tasks/gitlab/two_factor.rake - - # required for some gems: - cat > config/database.yml < - database: gitlab - host: <%= ENV["GITLAB_DATABASE_HOST"] || "127.0.0.1" %> - password: <%= ENV["GITLAB_DATABASE_PASSWORD"] || "blerg" %> - username: gitlab - encoding: utf8 - EOF + sed -ri -e '/log_level/a config.logger = Logger.new(STDERR)' config/environments/production.rb ''; buildPhase = '' From 25e68e30487548091e6936c23d13ea53de3d2fc9 Mon Sep 17 00:00:00 2001 From: Averell Dalton Date: Fri, 2 Nov 2018 23:02:04 +0100 Subject: [PATCH 08/33] r-ps: patchShebangs in ./configure to fix build --- pkgs/development/r-modules/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/development/r-modules/default.nix b/pkgs/development/r-modules/default.nix index f40c0fcb559..428d6c60546 100644 --- a/pkgs/development/r-modules/default.nix +++ b/pkgs/development/r-modules/default.nix @@ -942,6 +942,10 @@ let PKGCONFIG_LIBS = "-Wl,-rpath,${pkgs.openssl.out}/lib -L${pkgs.openssl.out}/lib -L${pkgs.cyrus_sasl.out}/lib -L${pkgs.zlib.out}/lib -lssl -lcrypto -lsasl2 -lz"; }); + ps = old.ps.overrideDerivation (attrs: { + preConfigure = "patchShebangs configure"; + }); + rlang = old.rlang.overrideDerivation (attrs: { preConfigure = "patchShebangs configure"; }); From a562c5fc751633e40c23eddebfca4f162411878b Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Fri, 2 Nov 2018 22:55:26 +0100 Subject: [PATCH 09/33] josm: 14289 -> 14382 --- pkgs/applications/misc/josm/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/misc/josm/default.nix b/pkgs/applications/misc/josm/default.nix index 808ff2d6f61..f529fa395d9 100644 --- a/pkgs/applications/misc/josm/default.nix +++ b/pkgs/applications/misc/josm/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "josm-${version}"; - version = "14289"; + version = "14382"; src = fetchurl { url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar"; - sha256 = "102dph3479qskzf72cpb9139pq9ifka6pzna1c6s5rs2il6mfvsb"; + sha256 = "1a2nx9jr1fvw95gdvl9kj3z0cs6ndafm0k4l0lwfx9p9qn4lgzjg"; }; buildInputs = [ jdk11 makeWrapper ]; From 811509e5a3b7d7328ecafa2503205fef43c39cb4 Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Fri, 2 Nov 2018 22:55:45 +0100 Subject: [PATCH 10/33] abcmidi: 2018.06.23 -> 2018.10.25 --- pkgs/tools/audio/abcmidi/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/audio/abcmidi/default.nix b/pkgs/tools/audio/abcmidi/default.nix index 2d54c182349..1a215d4ca83 100644 --- a/pkgs/tools/audio/abcmidi/default.nix +++ b/pkgs/tools/audio/abcmidi/default.nix @@ -2,11 +2,11 @@ stdenv.mkDerivation rec { name = "abcMIDI-${version}"; - version = "2018.06.23"; + version = "2018.10.25"; src = fetchzip { url = "https://ifdo.ca/~seymour/runabc/${name}.zip"; - sha256 = "0487dlw9v4ayb929w8bk71fs4nbcs1liyk59g6sfr4yn6dx2sl2d"; + sha256 = "0q7yrds1hpis1821mdsz31c2cvn7hs73a10fi1mrk1v4hqql8vv3"; }; # There is also a file called "makefile" which seems to be preferred by the standard build phase From 2db8372554d190c6fd00b990152eef196b740d9a Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Fri, 2 Nov 2018 23:10:17 +0100 Subject: [PATCH 11/33] pythonPackages.PyICU: 2.0.3 -> 2.2 --- pkgs/top-level/python-packages.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 49bc322d479..381cdea938e 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -4454,21 +4454,21 @@ in { }; PyICU = buildPythonPackage rec { - name = "PyICU-2.0.3"; + name = "PyICU-2.2"; src = pkgs.fetchurl { url = "mirror://pypi/P/PyICU/${name}.tar.gz"; - sha256 = "0pzss3l0b0vcsyr7wlqdd6pkcqldspajfgd9k2iijf6r152d2ln4"; + sha256 = "0wq9y5fi1ighgf5aws9nr87vi1w44p7q1k83rx2y3qj5d2xyhspa"; }; patches = [ (pkgs.fetchpatch { - url = https://sources.debian.org/data/main/p/pyicu/2.0.3-1/debian/patches/icu_test.patch; + url = https://sources.debian.org/data/main/p/pyicu/2.2-1/debian/patches/icu_test.patch; sha256 = "1iavdkyqixm9i753svl17barla93b7jzgkw09dn3hnggamx7zwx9"; }) ]; - buildInputs = [ pkgs.icu self.pytest ]; + buildInputs = [ pkgs.icu60 self.pytest ]; propagatedBuildInputs = [ self.six ]; From 7bade1b0f3ab78c46d265d279b738c4b20037a4a Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Fri, 2 Nov 2018 23:23:33 +0100 Subject: [PATCH 12/33] overpass: 3.0.2 -> 3.0.3 --- pkgs/data/fonts/overpass/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/data/fonts/overpass/default.nix b/pkgs/data/fonts/overpass/default.nix index 8bb4e82747a..c39bb945f48 100644 --- a/pkgs/data/fonts/overpass/default.nix +++ b/pkgs/data/fonts/overpass/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchzip }: let - version = "3.0.2"; + version = "3.0.3"; in fetchzip rec { name = "overpass-${version}"; @@ -12,7 +12,7 @@ in fetchzip rec { mkdir -p $out/share/doc/${name} ; unzip -j $downloadedFile \*.md -d $out/share/doc/${name} ''; - sha256 = "05zv3zcfc9a707sn3hhf46b126k19d9byzvi5ixp5y2548vjvl6s"; + sha256 = "1m6p7rrlyqikjvypp4698sn0lp3a4z0z5al4swblfhg8qaxzv5pg"; meta = with stdenv.lib; { homepage = http://overpassfont.org/; From 6b9e570bc2a04e9184ee40edc90426f9ccb5ed65 Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Fri, 2 Nov 2018 23:29:29 +0100 Subject: [PATCH 13/33] open-dyslexic: 2014-11-11 -> 2016-06-23 --- pkgs/data/fonts/open-dyslexic/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/data/fonts/open-dyslexic/default.nix b/pkgs/data/fonts/open-dyslexic/default.nix index 40a9be3282e..7fa57463ece 100644 --- a/pkgs/data/fonts/open-dyslexic/default.nix +++ b/pkgs/data/fonts/open-dyslexic/default.nix @@ -1,11 +1,11 @@ {stdenv, fetchzip}: let - version = "2014-11-11"; + version = "2016-06-23"; in fetchzip { name = "open-dyslexic-${version}"; - url = https://github.com/antijingoist/open-dyslexic/archive/f4b5ba89018b44d633608907e15f93fb3fabbabc.zip; + url = https://github.com/antijingoist/open-dyslexic/archive/20160623-Stable.zip; postFetch = '' mkdir -p $out/share/{doc,fonts} @@ -13,7 +13,7 @@ in fetchzip { unzip -j $downloadedFile \*/README.md -d $out/share/doc/open-dyslexic ''; - sha256 = "045xc7kj56q4ygnjppm8f8fwqqvf21x1piabm4nh8hwgly42a3w2"; + sha256 = "1vl8z5rknh2hpr2f0v4b2qgs5kclx5pzyk8al7243k5db82a2cyi"; meta = with stdenv.lib; { homepage = https://opendyslexic.org/; From 1851203c7b16cb1d61e824bb83cccda28817f296 Mon Sep 17 00:00:00 2001 From: Robert Helgesson Date: Fri, 2 Nov 2018 23:38:37 +0100 Subject: [PATCH 14/33] comfortaa: 2.004 -> 3.001 --- pkgs/data/fonts/comfortaa/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/data/fonts/comfortaa/default.nix b/pkgs/data/fonts/comfortaa/default.nix index 0dd4f727ad2..f7ec6e8b8c8 100644 --- a/pkgs/data/fonts/comfortaa/default.nix +++ b/pkgs/data/fonts/comfortaa/default.nix @@ -1,18 +1,18 @@ {stdenv, fetchzip}: let - version = "2.004"; + version = "3.001"; in fetchzip rec { name = "comfortaa-${version}"; - url = "http://openfontlibrary.org/assets/downloads/comfortaa/38318a69b56162733bf82bc0170b7521/comfortaa.zip"; + url = "https://orig00.deviantart.net/40a3/f/2017/093/d/4/comfortaa___font_by_aajohan-d1qr019.zip"; postFetch = '' mkdir -p $out/share/fonts $out/share/doc unzip -l $downloadedFile unzip -j $downloadedFile \*.ttf -d $out/share/fonts/truetype unzip -j $downloadedFile \*/FONTLOG.txt \*/donate.html -d $out/share/doc/${name} ''; - sha256 = "1gnscf3kw9p5gbc5594a22cc6nmiir9mhp1nl3mkbzd4v1jfbh2h"; + sha256 = "0z7xr0cnn6ghwivrm5b5awq9bzhnay3y99qq6dkdgfkfdsaz0n9h"; meta = with stdenv.lib; { homepage = http://aajohan.deviantart.com/art/Comfortaa-font-105395949; From 79dace1b308667722543b16291b58628f8538f18 Mon Sep 17 00:00:00 2001 From: Eric Wolf Date: Sat, 3 Nov 2018 00:11:11 +0100 Subject: [PATCH 15/33] haskellPackages.sdl2: test-suite needs x server, so deactivate it --- pkgs/development/haskell-modules/configuration-common.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 2c9d9d307ae..56ffd6ee54e 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -370,6 +370,7 @@ self: super: { safecopy = dontCheck super.safecopy; sai-shape-syb = dontCheck super.sai-shape-syb; scp-streams = dontCheck super.scp-streams; + sdl2 = dontCheck super.sdl2; # the test suite needs an x server sdl2-ttf = dontCheck super.sdl2-ttf; # as of version 0.2.1, the test suite requires user intervention separated = dontCheck super.separated; shadowsocks = dontCheck super.shadowsocks; From 29b4ac8e41b339afdeced9e69224773d0a109da9 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Fri, 2 Nov 2018 18:42:58 -0500 Subject: [PATCH 16/33] release-corss.nix: fix ppc-embedded name s/powerpc-embedded/ppc-embedded --- pkgs/top-level/release-cross.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/release-cross.nix b/pkgs/top-level/release-cross.nix index 456bacb106b..6cf0cb57be4 100644 --- a/pkgs/top-level/release-cross.nix +++ b/pkgs/top-level/release-cross.nix @@ -142,7 +142,7 @@ in avr = mapTestOnCross lib.systems.examples.avr embedded; arm-embedded = mapTestOnCross lib.systems.examples.arm-embedded embedded; - powerpc-embedded = mapTestOnCross lib.systems.examples.powerpc-embedded embedded; + powerpc-embedded = mapTestOnCross lib.systems.examples.ppc-embedded embedded; aarch64-embedded = mapTestOnCross lib.systems.examples.aarch64-embedded embedded; i686-embedded = mapTestOnCross lib.systems.examples.i686-embedded embedded; x86_64-embedded = mapTestOnCross lib.systems.examples.x86_64-embedded embedded; From 13effc913dd016ef5b829fbdea1437f32fa43709 Mon Sep 17 00:00:00 2001 From: Arian van Putten Date: Sat, 3 Nov 2018 00:50:35 +0100 Subject: [PATCH 17/33] terraform-providers: Bump all releases (#49582) Does what it says on the tin. Auto-generated. --- .../cluster/terraform-providers/data.nix | 132 +++++++++++------- 1 file changed, 80 insertions(+), 52 deletions(-) diff --git a/pkgs/applications/networking/cluster/terraform-providers/data.nix b/pkgs/applications/networking/cluster/terraform-providers/data.nix index 261d067eb1d..421fc652a32 100644 --- a/pkgs/applications/networking/cluster/terraform-providers/data.nix +++ b/pkgs/applications/networking/cluster/terraform-providers/data.nix @@ -11,8 +11,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-alicloud"; - version = "1.17.0"; - sha256 = "1zmywmcgfmx5ccp0qxj912sqymisxdg2s84b4qclfa225hrbaqpn"; + version = "1.21.0"; + sha256 = "17853l2s5z1y2g24wdkapdp26hw0sx5w73y118h0px85fiwhkq79"; }; archive = { @@ -39,15 +39,15 @@ { owner = "terraform-providers"; repo = "terraform-provider-aws"; - version = "1.38.0"; - sha256 = "1jhr2l8p7wf7kgr2y0c40n1jb9p2153xkpcp4b2half2vhsh1nwi"; + version = "1.42.0"; + sha256 = "1wi1m7i6vq53p36x1prax4yaz400834024q494zg0ckk4rvngfp6"; }; azurerm = { owner = "terraform-providers"; repo = "terraform-provider-azurerm"; - version = "1.15.0"; - sha256 = "1pdmj0ww5y2nwxivlf5l886nwd76hpqhwdayab2fp16zyl1qbpfd"; + version = "1.17.0"; + sha256 = "03sjlqkwy0qa382sjwi21g6h2fz1mpsiqcd4naj5zh76fkp8aslw"; }; azurestack = { @@ -88,8 +88,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-circonus"; - version = "0.1.1"; - sha256 = "05n1q9hc0h31icxsmyi2y60wiwd5fs2hz1dqm3bl6hgh5x3ss1im"; + version = "0.2.0"; + sha256 = "1vcia3p31cgdwjs06k4244bk7ib2qp1f2lhc7hmyhdfi1c8jym45"; }; clc = { @@ -102,8 +102,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-cloudflare"; - version = "1.5.0"; - sha256 = "0l8bmnxmjr2g3xxw8w0ay91cvs4kzc65wkdwybfahvq9r6mww45n"; + version = "1.7.0"; + sha256 = "0sqq6miwyh6z86b3wq2bhkaj4x39g2nqq784py8nm8gvs06gcm5a"; }; cloudscale = { @@ -130,22 +130,22 @@ { owner = "terraform-providers"; repo = "terraform-provider-consul"; - version = "2.1.0"; - sha256 = "1qm29vj8ms37zb4b3bhdv4b4vrl0am134zmc654lb2g582cnj9yw"; + version = "2.2.0"; + sha256 = "13jwvf7n7238pzvdq9m6vnl9vqa9hkr1mrcf9sa1q9lxkim9ijfk"; }; datadog = { owner = "terraform-providers"; repo = "terraform-provider-datadog"; - version = "1.3.0"; - sha256 = "0d3xccfkzibjp4jl8irja1cdhppdn3b7nh4wy857zvfxpfhz7aj2"; + version = "1.4.0"; + sha256 = "06ik2k0jkm4200d8njpsidwfjl12ikn5ciqkmlxfwr3b8s1w8kpa"; }; digitalocean = { owner = "terraform-providers"; repo = "terraform-provider-digitalocean"; - version = "0.1.3"; - sha256 = "10crxciw7y2gnm8vqp007vw0k7c1a1xk2z2zsjr5rksk6qlnri4k"; + version = "1.0.2"; + sha256 = "0ilkdnadzsidq8hia5wk4jyk6034pmajrpkgwf4ryz7kx41vy2g6"; }; dme = { @@ -172,8 +172,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-docker"; - version = "1.0.1"; - sha256 = "1q5bsdvp47gvpiyqlzgrpxczlh6m9g870pn84ks49xfkwk5izpz6"; + version = "1.1.0"; + sha256 = "1ba9z9fd69hpg6kg30nf95zzskzipi74s1aadywc068gfrkdm9jj"; }; dyn = { @@ -193,15 +193,15 @@ { owner = "terraform-providers"; repo = "terraform-provider-fastly"; - version = "0.3.0"; - sha256 = "1hh4s81g256iy1rvp9snqbyhidz8n6p7pzanlxp89ffrq9p32sp0"; + version = "0.4.0"; + sha256 = "1fkn9b6ibs36cmhknb3x05g31rf73w70xwx05rh9fhybrz5dd9z9"; }; flexibleengine = { owner = "terraform-providers"; repo = "terraform-provider-flexibleengine"; - version = "1.1.0"; - sha256 = "07g6kc211crxf9nvgvghg05jdahd1fb09lpwfcps9ph259pwwam3"; + version = "1.2.1"; + sha256 = "000v6fmmnwfibzfssk23s9qwrb8a9l0j1qd14x2dqsc7ql0kbnz8"; }; github = { @@ -221,8 +221,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-google"; - version = "1.18.0"; - sha256 = "0zwy1imby0xqvb86a82rdvglipf2sfpi3rmsj72iikp7vi3mqk64"; + version = "1.19.1"; + sha256 = "1n2a1y9103xkndmvr5cvj7i1m8s9lv61vgijgk3m2f73pb4znak0"; }; grafana = { @@ -235,15 +235,22 @@ { owner = "terraform-providers"; repo = "terraform-provider-hcloud"; - version = "1.3.0"; - sha256 = "0sb9pajsy0if18vgw5pllgv8qvb4v7pv65m2f3hfkck2za82ndwb"; + version = "1.4.0"; + sha256 = "00mq6p2y61z4hg9dncf3mj59cp6fx4iqrn86m96wkw346shs6prs"; + }; + helm = + { + owner = "terraform-providers"; + repo = "terraform-provider-helm"; + version = "0.6.2"; + sha256 = "11j4lpzbrdszgkjf1gjyibh9c5w0fly01qdkrflv98ry5csx9q5b"; }; heroku = { owner = "terraform-providers"; repo = "terraform-provider-heroku"; - version = "1.4.0"; - sha256 = "159a9add5v4dj2bry1b85i74q2lb4pjjypkm5hzrbqys6gn2imhn"; + version = "1.5.0"; + sha256 = "0hzzhqd87vkcbzndsn15g4nl3qhv2kvnhs9zv6kbxaxm7p7rm3pz"; }; http = { @@ -284,8 +291,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-kubernetes"; - version = "1.2.0"; - sha256 = "0slvhj8f7p27r9v4vb5vjyqpmzlpaji1djzwsxsf247df68mka61"; + version = "1.3.0"; + sha256 = "0fhh0r92whcxqz4z2kb6qx9dyygms5mz7ifhb9c7s2r22jnfz1j3"; }; librato = { @@ -294,6 +301,13 @@ version = "0.1.0"; sha256 = "0bxadwj5s7bvc4vlymn3w6qckf14hz82r7q98w2nh55sqr52d923"; }; + linode = + { + owner = "terraform-providers"; + repo = "terraform-provider-linode"; + version = "1.1.0"; + sha256 = "19c269w8jjx04a8rhm4x7bg2xad3y0s74wgis446mwaw7mhla3l3"; + }; local = { owner = "terraform-providers"; @@ -340,8 +354,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-newrelic"; - version = "1.0.1"; - sha256 = "0g4fd2rvx90f2bmjl6jjdvrsx7ayhf30vj9y3mklhxgsd9x83wpq"; + version = "1.1.0"; + sha256 = "040pxbr4xp0h6s0njdwy0phlkblnk5p3xrcms2gkwyzkqpd82s8b"; }; nomad = { @@ -371,12 +385,19 @@ version = "1.0.0"; sha256 = "12vpa09xrq8z1pjq0bwzq3889c4fl6c5kvynwqy0z1pdx21m60ha"; }; + nutanix = + { + owner = "terraform-providers"; + repo = "terraform-provider-nutanix"; + version = "1.0.0"; + sha256 = "16nky5ryyjvv7vny18ymxvy20ivwmqw7lagnz48pq8mnwwrp5541"; + }; oci = { owner = "terraform-providers"; repo = "terraform-provider-oci"; - version = "3.1.1"; - sha256 = "0wrvb44gs0c1khvam5lrq53l2889japg7d4nyk2hrpywy9japc8m"; + version = "3.5.0"; + sha256 = "0f4m6rahis1n62w0h0amg8sjs5bb3ifnrfzq1dys7r01k5411wcf"; }; oneandone = { @@ -389,22 +410,22 @@ { owner = "terraform-providers"; repo = "terraform-provider-opc"; - version = "1.2.1"; - sha256 = "0mnvi47kbdwwpfzdlcd1mhd15w5b0ivwxi1a5lvs0zyqf0g0cas8"; + version = "1.3.0"; + sha256 = "1ksqjfp6gxgrpc9gcs9jv3wj5058z93h7prv4mhvc2bilal4gc0p"; }; openstack = { owner = "terraform-providers"; repo = "terraform-provider-openstack"; - version = "1.9.0"; - sha256 = "0prmdj78jsyrns876cglfp8a3dbpfl33bwb0dj072flh4yknfrdr"; + version = "1.11.0"; + sha256 = "1wqb7q10nyr4jy9ny4giazblwhh3qrn4s1f0xb5q702b5igbfwwm"; }; opentelekomcloud = { owner = "terraform-providers"; repo = "terraform-provider-opentelekomcloud"; - version = "1.1.0"; - sha256 = "04pcgygcz2ld5hp7f29j2z3d4ypy4fm4m1zbbs9l9gc3fya88iny"; + version = "1.2.0"; + sha256 = "05w899l18gmdywfhakjvaxqxxzd9cxga3s932ljfibr0ssipkhh9"; }; opsgenie = { @@ -431,8 +452,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-packet"; - version = "1.2.4"; - sha256 = "11ga29d5bzmn6rzlb6sb28nh1zbbwglinzn185pysqx6n21l6wva"; + version = "1.2.5"; + sha256 = "1c40w1q18piip4fn572mnf67g07h6g03hnin23c7jw265m4yr222"; }; pagerduty = { @@ -445,8 +466,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-panos"; - version = "1.4.0"; - sha256 = "033xpglbn0q805b129kf1ywl13m4pgrkwlvgl347nldysryiasxq"; + version = "1.4.1"; + sha256 = "1mlz01v01675cf9ja8i42c6ssklf65kd8wpjzf0j472lfwki4xpp"; }; postgresql = { @@ -508,15 +529,15 @@ { owner = "terraform-providers"; repo = "terraform-provider-runscope"; - version = "0.4.0"; - sha256 = "1n3q2hdwvkkn5rphrcl5qfv4ry2mrr13dcjwzhbym2i1nhpxkld0"; + version = "0.5.0"; + sha256 = "0n0m39gaiwhqigjny51a7g36ldik33alimkqqbv6hqyzrhk0qs8h"; }; scaleway = { owner = "terraform-providers"; repo = "terraform-provider-scaleway"; - version = "1.6.0"; - sha256 = "1ykcakfw0gp239jp4brpjynxzzvlhldfpv12hkgymj22s37n5jnn"; + version = "1.7.0"; + sha256 = "0gsjvpwfw2sc6ncy8v3j6gs0aanq3b08j3gid43687mfd782f4gk"; }; softlayer = { @@ -553,6 +574,13 @@ version = "1.0.0"; sha256 = "0jl6bp6gwg96sdk5j6s13vv1j9gxjpy2yva3barmzv9138i665mz"; }; + tencentcloud = + { + owner = "terraform-providers"; + repo = "terraform-provider-tencentcloud"; + version = "1.2.2"; + sha256 = "1ypsfm48c30szg3zc1sknblhwcnca8aapfgp62bhszyqxq6zq37s"; + }; terraform = { owner = "terraform-providers"; @@ -592,8 +620,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-vault"; - version = "1.1.4"; - sha256 = "00i9rl9pnmicvndkmvcmlj6y80341dmkqnhq09f94yljh1w1zpvv"; + version = "1.2.0"; + sha256 = "1z92dcr5b665l69gxs1hw1rizc5znvf0ck1lksphd301l2ywk97b"; }; vcd = { @@ -606,8 +634,8 @@ { owner = "terraform-providers"; repo = "terraform-provider-vsphere"; - version = "1.8.1"; - sha256 = "0y6n7mvv1f3jqsxlvf68iq85k69fj7a333203vkvc83dba84aqki"; + version = "1.9.0"; + sha256 = "1by9klwvdw3m854jffimfnsz1lnbaixi4zcv4zzs63dc3flwy2b2"; }; matchbox = { From f9bf6cef541542a3b02885e6d28dbacd5b8b8450 Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 3 Nov 2018 00:52:12 +0100 Subject: [PATCH 18/33] terraform_0_11: 0.11.8 -> 0.11.10 --- pkgs/applications/networking/cluster/terraform/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/networking/cluster/terraform/default.nix b/pkgs/applications/networking/cluster/terraform/default.nix index a4ffe27102a..583b6a06aea 100644 --- a/pkgs/applications/networking/cluster/terraform/default.nix +++ b/pkgs/applications/networking/cluster/terraform/default.nix @@ -113,8 +113,8 @@ in rec { terraform_0_10-full = terraform_0_10.withPlugins lib.attrValues; terraform_0_11 = pluggable (generic { - version = "0.11.8"; - sha256 = "1kdmx21l32vj5kvkimkx0s5mxgmgkdwlgbin4f3iqjflzip0cddh"; + version = "0.11.10"; + sha256 = "08mapla89g106bvqr41zfd7l4ki55by6207qlxq9caiha54nx4nb"; patches = [ ./provider-path.patch ]; passthru = { inherit plugins; }; }); From 3fb4eb1c432a4f8cc92965db0e7b2c2856bde596 Mon Sep 17 00:00:00 2001 From: lewo Date: Sat, 3 Nov 2018 01:00:53 +0100 Subject: [PATCH 19/33] nixos/dockerPreloader: preload docker images (#49379) This module permits to preload Docker image in a VM in order to reduce OIs on file copies. This module has to be only used in testing environments, when the test requires several Docker images such as in Kubernetes tests. In this case, `virtualisation.dockerPreloader.images` can replace the `services.kubernetes.kubelet.seedDockerImages` options. The idea is to populate the /var/lib/docker directory by mounting qcow files (we uses qcow file to avoid permission issues) that contain images. For each image specified in config.virtualisation.dockerPreloader.images: 1. The image is loaded by Docker in a VM 2. The resulting /var/lib/docker is written to a QCOW file This set of QCOW files can then be used to populate the /var/lib/docker: 1. Each QCOW is mounted in the VM 2. Symlink are created from these mount points to /var/lib/docker 3. A /var/lib/docker/image/overlay2/repositories.json file is generated 4. The docker daemon is started. --- .../virtualisation/docker-preloader.nix | 135 ++++++++++++++++++ nixos/modules/virtualisation/qemu-vm.nix | 5 +- nixos/release.nix | 1 + nixos/tests/docker-preloader.nix | 27 ++++ 4 files changed, 167 insertions(+), 1 deletion(-) create mode 100644 nixos/modules/virtualisation/docker-preloader.nix create mode 100644 nixos/tests/docker-preloader.nix diff --git a/nixos/modules/virtualisation/docker-preloader.nix b/nixos/modules/virtualisation/docker-preloader.nix new file mode 100644 index 00000000000..faa94f53d98 --- /dev/null +++ b/nixos/modules/virtualisation/docker-preloader.nix @@ -0,0 +1,135 @@ +{ config, lib, pkgs, ... }: + +with lib; +with builtins; + +let + cfg = config.virtualisation; + + sanitizeImageName = image: replaceStrings ["/"] ["-"] image.imageName; + hash = drv: head (split "-" (baseNameOf drv.outPath)); + # The label of an ext4 FS is limited to 16 bytes + labelFromImage = image: substring 0 16 (hash image); + + # The Docker image is loaded and some files from /var/lib/docker/ + # are written into a qcow image. + preload = image: pkgs.vmTools.runInLinuxVM ( + pkgs.runCommand "docker-preload-image-${sanitizeImageName image}" { + buildInputs = with pkgs; [ docker e2fsprogs utillinux curl kmod ]; + preVM = pkgs.vmTools.createEmptyImage { + size = cfg.dockerPreloader.qcowSize; + fullName = "docker-deamon-image.qcow2"; + }; + } + '' + mkfs.ext4 /dev/vda + e2label /dev/vda ${labelFromImage image} + mkdir -p /var/lib/docker + mount -t ext4 /dev/vda /var/lib/docker + + modprobe overlay + + # from https://github.com/tianon/cgroupfs-mount/blob/master/cgroupfs-mount + mount -t tmpfs -o uid=0,gid=0,mode=0755 cgroup /sys/fs/cgroup + cd /sys/fs/cgroup + for sys in $(awk '!/^#/ { if ($4 == 1) print $1 }' /proc/cgroups); do + mkdir -p $sys + if ! mountpoint -q $sys; then + if ! mount -n -t cgroup -o $sys cgroup $sys; then + rmdir $sys || true + fi + fi + done + + dockerd -H tcp://127.0.0.1:5555 -H unix:///var/run/docker.sock & + + until $(curl --output /dev/null --silent --connect-timeout 2 http://127.0.0.1:5555); do + printf '.' + sleep 1 + done + + docker load -i ${image} + + kill %1 + find /var/lib/docker/ -maxdepth 1 -mindepth 1 -not -name "image" -not -name "overlay2" | xargs rm -rf + ''); + + preloadedImages = map preload cfg.dockerPreloader.images; + +in + +{ + options.virtualisation.dockerPreloader = { + images = mkOption { + default = [ ]; + type = types.listOf types.package; + description = + '' + A list of Docker images to preload (in the /var/lib/docker directory). + ''; + }; + qcowSize = mkOption { + default = 1024; + type = types.int; + description = + '' + The size (MB) of qcow files. + ''; + }; + }; + + config = { + assertions = [{ + # If docker.storageDriver is null, Docker choose the storage + # driver. So, in this case, we cannot be sure overlay2 is used. + assertion = cfg.dockerPreloader.images == [] + || cfg.docker.storageDriver == "overlay2" + || cfg.docker.storageDriver == "overlay" + || cfg.docker.storageDriver == null; + message = "The Docker image Preloader only works with overlay2 storage driver!"; + }]; + + virtualisation.qemu.options = + map (path: "-drive if=virtio,file=${path}/disk-image.qcow2,readonly,media=cdrom,format=qcow2") + preloadedImages; + + + # All attached QCOW files are mounted and their contents are linked + # to /var/lib/docker/ in order to make image available. + systemd.services.docker-preloader = { + description = "Preloaded Docker images"; + wantedBy = ["docker.service"]; + after = ["network.target"]; + path = with pkgs; [ mount rsync jq ]; + script = '' + mkdir -p /var/lib/docker/overlay2/l /var/lib/docker/image/overlay2 + echo '{}' > /tmp/repositories.json + + for i in ${concatStringsSep " " (map labelFromImage cfg.dockerPreloader.images)}; do + mkdir -p /mnt/docker-images/$i + + # The ext4 label is limited to 16 bytes + mount /dev/disk/by-label/$(echo $i | cut -c1-16) -o ro,noload /mnt/docker-images/$i + + find /mnt/docker-images/$i/overlay2/ -maxdepth 1 -mindepth 1 -not -name l\ + -exec ln -s '{}' /var/lib/docker/overlay2/ \; + cp -P /mnt/docker-images/$i/overlay2/l/* /var/lib/docker/overlay2/l/ + + rsync -a /mnt/docker-images/$i/image/ /var/lib/docker/image/ + + # Accumulate image definitions + cp /tmp/repositories.json /tmp/repositories.json.tmp + jq -s '.[0] * .[1]' \ + /tmp/repositories.json.tmp \ + /mnt/docker-images/$i/image/overlay2/repositories.json \ + > /tmp/repositories.json + done + + mv /tmp/repositories.json /var/lib/docker/image/overlay2/repositories.json + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + }; +} diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix index 4e9c87222d0..ed3431554be 100644 --- a/nixos/modules/virtualisation/qemu-vm.nix +++ b/nixos/modules/virtualisation/qemu-vm.nix @@ -185,7 +185,10 @@ let in { - imports = [ ../profiles/qemu-guest.nix ]; + imports = [ + ../profiles/qemu-guest.nix + ./docker-preloader.nix + ]; options = { diff --git a/nixos/release.nix b/nixos/release.nix index 51505d6aab9..2bd70f7962f 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -283,6 +283,7 @@ in rec { tests.docker-tools = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools.nix {}; tests.docker-tools-overlay = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-tools-overlay.nix {}; tests.docker-edge = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-edge.nix {}; + tests.docker-preloader = callTestOnMatchingSystems ["x86_64-linux"] tests/docker-preloader.nix {}; tests.docker-registry = callTest tests/docker-registry.nix {}; tests.dovecot = callTest tests/dovecot.nix {}; tests.dnscrypt-proxy = callTestOnMatchingSystems ["x86_64-linux"] tests/dnscrypt-proxy.nix {}; diff --git a/nixos/tests/docker-preloader.nix b/nixos/tests/docker-preloader.nix new file mode 100644 index 00000000000..eeedec9a392 --- /dev/null +++ b/nixos/tests/docker-preloader.nix @@ -0,0 +1,27 @@ +import ./make-test.nix ({ pkgs, ...} : { + name = "docker-preloader"; + meta = with pkgs.stdenv.lib.maintainers; { + maintainers = [ lewo ]; + }; + + nodes = { + docker = + { pkgs, ... }: + { + virtualisation.docker.enable = true; + virtualisation.dockerPreloader.images = [ pkgs.dockerTools.examples.nix pkgs.dockerTools.examples.bash ]; + + services.openssh.enable = true; + services.openssh.permitRootLogin = "yes"; + services.openssh.extraConfig = "PermitEmptyPasswords yes"; + users.extraUsers.root.password = ""; + }; + }; + testScript = '' + startAll; + + $docker->waitForUnit("sockets.target"); + $docker->succeed("docker run nix nix-store --version"); + $docker->succeed("docker run bash bash --version"); + ''; +}) From d87a2481d2e7dc8d1a10397c8feb56af0854eaca Mon Sep 17 00:00:00 2001 From: Vladyslav Mykhailichenko Date: Sat, 3 Nov 2018 02:06:08 +0200 Subject: [PATCH 20/33] bat: fix build on darwin --- pkgs/tools/misc/bat/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/tools/misc/bat/default.nix b/pkgs/tools/misc/bat/default.nix index 4bd4a02c7a2..d449b3b82f9 100644 --- a/pkgs/tools/misc/bat/default.nix +++ b/pkgs/tools/misc/bat/default.nix @@ -20,6 +20,9 @@ rustPlatform.buildRustPackage rec { buildInputs = stdenv.lib.optionals stdenv.isDarwin [ Security libiconv ]; + # https://github.com/NixOS/nixpkgs/issues/49642 + doCheck = !stdenv.isDarwin; + postInstall = '' install -m 444 -Dt $out/share/man/man1 doc/bat.1 From 791e98eb900377e7654cdcb1d24e1607d982b940 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Fri, 2 Nov 2018 19:07:08 -0500 Subject: [PATCH 21/33] Add myself to a few CODEOWNERS paths --- .github/CODEOWNERS | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index f222af230bb..e819d451fd5 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -12,7 +12,7 @@ # Libraries /lib @edolstra @nbp -/lib/systems @nbp @ericson2314 +/lib/systems @nbp @ericson2314 @matthewbauer /lib/generators.nix @edolstra @nbp @Profpatsch /lib/debug.nix @edolstra @nbp @Profpatsch @@ -20,9 +20,11 @@ /default.nix @nbp /pkgs/top-level/default.nix @nbp @Ericson2314 /pkgs/top-level/impure.nix @nbp @Ericson2314 -/pkgs/top-level/stage.nix @nbp @Ericson2314 -/pkgs/stdenv/generic @Ericson2314 -/pkgs/stdenv/cross @Ericson2314 +/pkgs/top-level/stage.nix @nbp @Ericson2314 @matthewbauer +/pkgs/top-level/splice.nix @Ericson2314 @matthewbauer +/pkgs/top-level/release-cross.nix @Ericson2314 @matthewbauer +/pkgs/stdenv/generic @Ericson2314 @matthewbauer +/pkgs/stdenv/cross @Ericson2314 @matthewbauer /pkgs/build-support/cc-wrapper @Ericson2314 @orivej /pkgs/build-support/bintools-wrapper @Ericson2314 @orivej /pkgs/build-support/setup-hooks @Ericson2314 @@ -74,6 +76,14 @@ /pkgs/stdenv/darwin @NixOS/darwin-maintainers /pkgs/os-specific/darwin @NixOS/darwin-maintainers +# C compilers +/pkgs/development/compilers/gcc @matthewbauer +/pkgs/development/compilers/llvm @matthewbauer + +# Compatibility stuff +/pkgs/top-level/unix-tools.nix @matthewbauer +/pkgs/development/tools/xcbuild @matthewbauer + # Beam-related (Erlang, Elixir, LFE, etc) /pkgs/development/beam-modules @gleber /pkgs/development/interpreters/erlang @gleber From 9e491f732a6c7d2ab61db0b9c0f625bf560c1b87 Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 3 Nov 2018 01:44:47 +0100 Subject: [PATCH 22/33] gitlab: 11.4.3 -> 11.4.4 SSRF in Kubernetes integration The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs. The issue is now mitigated in the latest release and is assigned CVE-2018-18843. --- .../applications/version-management/gitlab/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/version-management/gitlab/default.nix b/pkgs/applications/version-management/gitlab/default.nix index 933db40cfc0..c1c4d20feac 100644 --- a/pkgs/applications/version-management/gitlab/default.nix +++ b/pkgs/applications/version-management/gitlab/default.nix @@ -11,29 +11,29 @@ let groups = [ "default" "unicorn" "ed25519" "metrics" ]; }; - version = "11.4.3"; + version = "11.4.4"; sources = if gitlabEnterprise then { gitlabDeb = fetchurl { url = "https://packages.gitlab.com/gitlab/gitlab-ee/packages/debian/stretch/gitlab-ee_${version}-ee.0_amd64.deb/download.deb"; - sha256 = "1cw75qj508z6n00rqgqjzdm2013kyb7c57cypmq0m08nc6f3jspz"; + sha256 = "15lpcdjcw6lpmzlhqnpd6pgaxh7wvx2mldjd1vqr414r4bcnhgy4"; }; gitlab = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-ee"; rev = "v${version}-ee"; - sha256 = "1vqc77whpbsifbm9vgcmpxnw13v8jz1s9q04i8jfv99c59fjlids"; + sha256 = "046hchr7q4jnx3j4yxg3rdixfzlva35al3ci26pf9vxrbbl5y8cg"; }; } else { gitlabDeb = fetchurl { url = "https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/stretch/gitlab-ce_${version}-ce.0_amd64.deb/download.deb"; - sha256 = "0vk03k42pp92h520wnynl9czcigjhj9m7y68z1x0gwqr9m61r7zm"; + sha256 = "02p7azyjgb984bk491q6f4zk1mikbcd38rif08kl07bjjzzkir81"; }; gitlab = fetchFromGitLab { owner = "gitlab-org"; repo = "gitlab-ce"; rev = "v${version}"; - sha256 = "1zvjz2gv2vwqqjz52zcvi0ap3d8rdbpgsqk9wv80hqq4v37a5gfx"; + sha256 = "1hq9iyp0xrxwmncn61ja3pdj9h2hmdy1l63d1ic3r1dyacybaf2g"; }; }; From 0923607ff74c78c4055e936c0a5fc89015c7e6bb Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Fri, 2 Nov 2018 20:39:40 -0500 Subject: [PATCH 23/33] gemrb: add libiconv https://hydra.nixos.org/build/83508053/ --- pkgs/games/gemrb/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/games/gemrb/default.nix b/pkgs/games/gemrb/default.nix index 0e902525922..fc7bf7168dd 100644 --- a/pkgs/games/gemrb/default.nix +++ b/pkgs/games/gemrb/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchFromGitHub, cmake -, freetype, SDL2, SDL2_mixer, openal, zlib, libpng, python, libvorbis }: +, freetype, SDL2, SDL2_mixer, openal, zlib, libpng, python, libvorbis +, libiconv }: stdenv.mkDerivation rec { name = "gemrb-${version}"; @@ -13,7 +14,7 @@ stdenv.mkDerivation rec { }; # TODO: make libpng, libvorbis, sdl_mixer, freetype, vlc, glew (and other gl reqs) optional - buildInputs = [ freetype python openal SDL2 SDL2_mixer zlib libpng libvorbis ]; + buildInputs = [ freetype python openal SDL2 SDL2_mixer zlib libpng libvorbis libiconv ]; nativeBuildInputs = [ cmake ]; From 8bae7d328e072901386ff1bb255b56484a606ee1 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Fri, 2 Nov 2018 20:41:38 -0500 Subject: [PATCH 24/33] gsasl: disable check on darwin --- pkgs/development/libraries/gsasl/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/development/libraries/gsasl/default.nix b/pkgs/development/libraries/gsasl/default.nix index 71da2c716f8..a1df933149f 100644 --- a/pkgs/development/libraries/gsasl/default.nix +++ b/pkgs/development/libraries/gsasl/default.nix @@ -12,7 +12,7 @@ stdenv.mkDerivation rec { configureFlags = [ "--with-gssapi-impl=mit" ]; - doCheck = true; + doCheck = !stdenv.hostPlatform.isDarwin; meta = { description = "GNU SASL, Simple Authentication and Security Layer library"; From 3085f5fcb84f47a6ae0590f4be9c8dcce97c413b Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Fri, 2 Nov 2018 21:12:17 -0500 Subject: [PATCH 25/33] libobjc2: mark aarch64 as bad platform Apparently some assembly has not been ported. This commit should fix it: https://github.com/gnustep/libobjc2/commit/b952a21abe8b0f9878b1ec5161ea530058512f4a#diff-e49aa4e60f8ccec1be46afc5e6ffcee5 But no release has been made by the gnustep team yet! --- pkgs/desktops/gnustep/libobjc2/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/desktops/gnustep/libobjc2/default.nix b/pkgs/desktops/gnustep/libobjc2/default.nix index a3e718187c7..3aba235b3a7 100644 --- a/pkgs/desktops/gnustep/libobjc2/default.nix +++ b/pkgs/desktops/gnustep/libobjc2/default.nix @@ -24,5 +24,6 @@ stdenv.mkDerivation rec { license = licenses.mit; maintainers = with maintainers; [ ashalkhakov matthewbauer ]; platforms = platforms.unix; + badPlatforms = [ "aarch64-linux" ]; }; } From e9db1e29172f478a51b34e317cc141886785e734 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Fri, 2 Nov 2018 21:17:13 -0500 Subject: [PATCH 26/33] grpc: disable werror for unknown warning option This seems silly to do an error for. It breaks clang builds. --- pkgs/development/libraries/grpc/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/development/libraries/grpc/default.nix b/pkgs/development/libraries/grpc/default.nix index a21e2aacde2..e568ea9eb65 100644 --- a/pkgs/development/libraries/grpc/default.nix +++ b/pkgs/development/libraries/grpc/default.nix @@ -26,6 +26,8 @@ stdenv.mkDerivation rec { rm -vf BUILD ''; + NIX_CFLAGS_COMPILE = "-Wno-error=unknown-warning-option"; + enableParallelBuilds = true; meta = with stdenv.lib; { From 78ca6d885ffbeba8b2cfe1fe68c3980e74fd4e5d Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Fri, 2 Nov 2018 21:22:36 -0500 Subject: [PATCH 27/33] stage.nix: pkgsi686Linux only works on x86 family aarch64 cpus are going to break on pkgsi686Linux packages. See this error: https://hydra.nixos.org/build/82962379/ --- pkgs/top-level/stage.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix index 37724a870a3..f838d707b0c 100644 --- a/pkgs/top-level/stage.nix +++ b/pkgs/top-level/stage.nix @@ -150,7 +150,7 @@ let # All packages built for i686 Linux. # Used by wine, firefox with debugging version of Flash, ... - pkgsi686Linux = assert stdenv.hostPlatform.isLinux; nixpkgsFun { + pkgsi686Linux = assert stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86; nixpkgsFun { inherit overlays config; ${if stdenv.hostPlatform == stdenv.buildPlatform then "localSystem" else "crossSystem"} = { From 08b5cffe878bcc7ea230043332db53a0ef8d2758 Mon Sep 17 00:00:00 2001 From: Matthew Bauer Date: Sat, 3 Nov 2018 00:47:39 -0500 Subject: [PATCH 28/33] Revert "stage.nix: pkgsi686Linux only works on x86 family" This reverts commit 78ca6d885ffbeba8b2cfe1fe68c3980e74fd4e5d. Broke eval on aarch64 --- pkgs/top-level/stage.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/stage.nix b/pkgs/top-level/stage.nix index f838d707b0c..37724a870a3 100644 --- a/pkgs/top-level/stage.nix +++ b/pkgs/top-level/stage.nix @@ -150,7 +150,7 @@ let # All packages built for i686 Linux. # Used by wine, firefox with debugging version of Flash, ... - pkgsi686Linux = assert stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86; nixpkgsFun { + pkgsi686Linux = assert stdenv.hostPlatform.isLinux; nixpkgsFun { inherit overlays config; ${if stdenv.hostPlatform == stdenv.buildPlatform then "localSystem" else "crossSystem"} = { From c64624b8435af07d95effbb928d955963a5fa859 Mon Sep 17 00:00:00 2001 From: aszlig Date: Sat, 3 Nov 2018 04:50:26 +0100 Subject: [PATCH 29/33] autoPatchelfHook: Correctly detect PIE binaries I originally thought it would just be enough to just check for an INTERP section in isExecutable, however this would mean that we don't detect statically linked ELF files, which would break our recent improvement to gracefully handle those. In theory, we are only interested in ELF files that have an INTERP section, so checking for INTERP would be enough. Unfortunately the isExecutable function is already used outside of autoPatchelfHook, so we can't easily get rid of it now, so let's actually strive for more correctness and make isExecutable actually match ELF files that are executable. So what we're doing instead now is to check whether either the ELF type is EXEC *or* we have an INTERP section and if one of them is true we should have an ELF executable, even if it's statically linked. Along the way I also set LANG=C for the invocations of readelf, just to be sure we don't get locale-dependent output. Tested this with the following command (which contains almost[1] all the packages using autoPatchelfHook), checking whether we run into any library-related errors: nix-build -E 'with import ./. { config.allowUnfree = true; }; runCommand "test-executables" { drvs = [ anydesk cups-kyodialog3 elasticsearch franz gurobi masterpdfeditor oracle-instantclient powershell reaper sourcetrail teamviewer unixODBCDrivers.msodbcsql17 virtlyst vk-messenger wavebox zoom-us ]; } ("for i in $drvs; do for b in $i/bin/*; do " + "[ -x \"$b\" ] && timeout 10 \"$b\" || :; done; done") ' Apart from testing against library-related errors I also compared the resulting store paths against the ones prior to this commit. Only anydesk and virtlyst had the same as they didn't have self-references, everything else differed only because of self-references, except elasticsearch, which had the following PIE binaries: * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autoconfig * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/autodetect * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/categorize * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/controller * modules/x-pack/x-pack-ml/platform/linux-x86_64/bin/normalize These binaries were now patched, which is what this commit is all about. [1]: I didn't include the "maxx" package (MaXX Interactive Desktop) because the upstream URLs are no longer existing and I couldn't find them elsewhere on the web. Signed-off-by: aszlig Fixes: https://github.com/NixOS/nixpkgs/issues/48330 Cc: @gnidorah (for MaXX Interactive Desktop) --- pkgs/build-support/setup-hooks/auto-patchelf.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/pkgs/build-support/setup-hooks/auto-patchelf.sh b/pkgs/build-support/setup-hooks/auto-patchelf.sh index 7c165627f72..d1ae317ff9a 100644 --- a/pkgs/build-support/setup-hooks/auto-patchelf.sh +++ b/pkgs/build-support/setup-hooks/auto-patchelf.sh @@ -7,7 +7,16 @@ gatherLibraries() { addEnvHooks "$targetOffset" gatherLibraries isExecutable() { - readelf -h "$1" 2> /dev/null | grep -q '^ *Type: *EXEC\>' + # For dynamically linked ELF files it would be enough to check just for the + # INTERP section. However, we won't catch statically linked executables as + # they only have an ELF type of EXEC but no INTERP. + # + # So what we do here is just check whether *either* the ELF type is EXEC + # *or* there is an INTERP section. This also catches position-independent + # executables, as they typically have an INTERP section but their ELF type + # is DYN. + LANG=C readelf -h -l "$1" 2> /dev/null \ + | grep -q '^ *Type: *EXEC\>\|^ *INTERP\>' } # We cache dependencies so that we don't need to search through all of them on @@ -157,7 +166,7 @@ autoPatchelf() { isELF "$file" || continue if isExecutable "$file"; then # Skip if the executable is statically linked. - readelf -l "$file" | grep -q "^ *INTERP\\>" || continue + LANG=C readelf -l "$file" | grep -q "^ *INTERP\\>" || continue fi autoPatchelfFile "$file" done < <(find "$prefix" -type f -print0) From 1f21fc5e47c2bf7d9cf09cc781c76381d017894c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dani=C3=ABl=20de=20Kok?= Date: Sat, 3 Nov 2018 08:47:18 +0100 Subject: [PATCH 30/33] cargo-asm: fix build on macOS Mojave Building cargo-asm on Mojave fails with ld: framework not found Security Add Security as a build input. --- pkgs/development/tools/rust/cargo-asm/default.nix | 4 +++- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/development/tools/rust/cargo-asm/default.nix b/pkgs/development/tools/rust/cargo-asm/default.nix index ca793bf4908..246f5b18843 100644 --- a/pkgs/development/tools/rust/cargo-asm/default.nix +++ b/pkgs/development/tools/rust/cargo-asm/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchFromGitHub, rustPlatform }: +{ stdenv, fetchFromGitHub, rustPlatform, Security }: rustPlatform.buildRustPackage rec { name = "cargo-asm-${version}"; @@ -13,6 +13,8 @@ rustPlatform.buildRustPackage rec { cargoSha256 = "1m2j6i8hc8isdlj77gv9m6sk6q0x3bvzpva2k16g27i1ngy1989b"; + buildInputs = stdenv.lib.optional stdenv.isDarwin Security; + # Test checks against machine code output, which fails with some # LLVM/compiler versions. doCheck = false; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 62cef2d5068..9917acbbf10 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7357,7 +7357,9 @@ with pkgs; cargo-tree = callPackage ../tools/package-management/cargo-tree { }; cargo-update = callPackage ../tools/package-management/cargo-update { }; - cargo-asm = callPackage ../development/tools/rust/cargo-asm { }; + cargo-asm = callPackage ../development/tools/rust/cargo-asm { + inherit (darwin.apple_sdk.frameworks) Security; + }; cargo-fuzz = callPackage ../development/tools/rust/cargo-fuzz { }; pyo3-pack = callPackage ../development/tools/rust/pyo3-pack { }; From 8a8a2f61a9eebec4e330c59a6de643983dd2162e Mon Sep 17 00:00:00 2001 From: Symphorien Gibol Date: Sat, 3 Nov 2018 11:08:23 +0100 Subject: [PATCH 31/33] nix-du: 0.2.0 -> 0.3.0 --- pkgs/tools/package-management/nix-du/default.nix | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/pkgs/tools/package-management/nix-du/default.nix b/pkgs/tools/package-management/nix-du/default.nix index 24672296506..59ec714261b 100644 --- a/pkgs/tools/package-management/nix-du/default.nix +++ b/pkgs/tools/package-management/nix-du/default.nix @@ -1,25 +1,23 @@ -{ stdenv, fetchFromGitHub, rustPlatform, nix, boost, graphviz }: +{ stdenv, fetchFromGitHub, rustPlatform, nix, boost, graphviz, darwin }: rustPlatform.buildRustPackage rec { name = "nix-du-${version}"; - version = "0.2.0"; + version = "0.3.0"; src = fetchFromGitHub { owner = "symphorien"; repo = "nix-du"; rev = "v${version}"; - sha256 = "1n1qgqjbwbb59xnzgz0dn8h8pckh6yq3crh0w6x2sngijwh678x8"; + sha256 = "1x6qpivxbn94034jfdxb97xi97fhcdv2z7llq2ccfc80mgd0gz8l"; }; - cargoSha256 = "1qidbrkdpf4kliyvy2040qi3a67s8mr2r46rjcblr1v2gar0xgs0"; + cargoSha256 = "0sva4lnhccm6ly7pa6m99s3fqkmh1dzv7r2727nsg2f55prd4kxc"; - # switch to true when nix includes https://github.com/NixOS/nix/pull/2223 and - # https://github.com/NixOS/nix/pull/2234 - doCheck = false; + doCheck = true; checkInputs = [ graphviz ]; buildInputs = [ boost nix - ]; + ] ++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security; meta = with stdenv.lib; { description = "A tool to determine which gc-roots take space in your nix store"; From ffd083ec44661a263ef5c10760a47a8f92da1991 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sat, 3 Nov 2018 05:47:35 -0500 Subject: [PATCH 32/33] jq: 1.5 -> 1.6 * jq: 1.5 -> 1.6 (!!) (last release was in 2015! :)) * jq: drop darwin patch, appears resolved by upgrade commit history isn't that long, and has a few addressing behavior on osx re:strptime-- and since this patch doesn't apply it seems likely it's been resolved but probably can be checked by any interested folks w/darwin. --- .../tools/jq/darwin-strptime-test.patch | 16 --------------- pkgs/development/tools/jq/default.nix | 20 ++----------------- 2 files changed, 2 insertions(+), 34 deletions(-) delete mode 100644 pkgs/development/tools/jq/darwin-strptime-test.patch diff --git a/pkgs/development/tools/jq/darwin-strptime-test.patch b/pkgs/development/tools/jq/darwin-strptime-test.patch deleted file mode 100644 index 4ea83fc164a..00000000000 --- a/pkgs/development/tools/jq/darwin-strptime-test.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff --git a/tests/jq.test b/tests/jq.test -index 4a4018b..f5aa7d5 100644 ---- a/src/tests/jq.test -+++ b/src/tests/jq.test -@@ -1144,9 +1144,9 @@ bsearch(4) - [1,2,3] - -4 - --[strptime("%Y-%m-%dT%H:%M:%SZ")|(.,mktime)] -+[strptime("%Y-%m-%dT%H:%M:%SZ")|mktime] - "2015-03-05T23:51:47Z" --[[2015,2,5,23,51,47,4,63],1425599507] -+[1425599507] - - strftime("%Y-%m-%dT%H:%M:%SZ") - [2015,2,5,23,51,47,4,63] diff --git a/pkgs/development/tools/jq/default.nix b/pkgs/development/tools/jq/default.nix index 712ec64bd41..b7b2b5066b9 100644 --- a/pkgs/development/tools/jq/default.nix +++ b/pkgs/development/tools/jq/default.nix @@ -2,33 +2,17 @@ stdenv.mkDerivation rec { name = "jq-${version}"; - version="1.5"; + version="1.6"; src = fetchurl { url="https://github.com/stedolan/jq/releases/download/jq-${version}/jq-${version}.tar.gz"; - sha256="0g29kyz4ykasdcrb0zmbrp2jqs9kv1wz9swx849i2d1ncknbzln4"; + sha256="1a76f46a652i2g333kfvrl6mp2w7whf6h1yly519izg4y967h9cn"; }; outputs = [ "bin" "doc" "man" "dev" "lib" "out" ]; buildInputs = [ oniguruma ]; - patches = [ - (fetchpatch { - name = "CVE-2015-8863.patch"; - url = https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd.diff; - sha256 = "18bjanzvklfzlzzd690y88725l7iwl4f6wnr429na5pfmircbpvh"; - }) - (fetchpatch { - name = "CVE-2016-4074.patch"; - url = https://patch-diff.githubusercontent.com/raw/stedolan/jq/pull/1214.diff; - sha256 = "1w8bapnyp56di6p9casbfczfn8258rw0z16grydavdjddfm280l9"; - }) - ] - ++ stdenv.lib.optional stdenv.isDarwin ./darwin-strptime-test.patch; - - patchFlags = [ "-p2" ]; # `src` subdir was introduced after v1.5 was released - configureFlags = [ "--bindir=\${bin}/bin" From ca7fa914c3bd96521af466d1ed48cc0ac9657cb4 Mon Sep 17 00:00:00 2001 From: Frederik Rietdijk Date: Sat, 3 Nov 2018 12:40:03 +0100 Subject: [PATCH 33/33] python.pkgs.bsddb3: enable python3 and tests --- pkgs/development/python-modules/bsddb3/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/bsddb3/default.nix b/pkgs/development/python-modules/bsddb3/default.nix index 971aac70ad8..700f5b3d0c5 100644 --- a/pkgs/development/python-modules/bsddb3/default.nix +++ b/pkgs/development/python-modules/bsddb3/default.nix @@ -3,12 +3,12 @@ , fetchPypi , pkgs , isPy3k +, python }: buildPythonPackage rec { pname = "bsddb3"; version = "6.2.6"; - disabled = isPy3k; src = fetchPypi { inherit pname version; @@ -17,8 +17,9 @@ buildPythonPackage rec { buildInputs = [ pkgs.db ]; - # Judging from SyntaxError in test - doCheck = false; # test suite breaks python3 compatibility + checkPhase = '' + ${python.interpreter} test.py + ''; # Path to database need to be set. # Somehow the setup.py flag is not propagated.