Before this commit, the `flake` option was typed with `types.unspecified`.
This type get's merged via [`mergeDefaultOption`](ebb592a04c/lib/options.nix (L119-L128)), which has a line
```nix
else if all isFunction list then x: mergeDefaultOption loc (map (f: f x) list)
```
`lib.isFunction` detects an attrs in the shape of `{__functor = ...}` as
a function and hence this line substitutes such attrs with a function
(f: f x).
If now, a flake input has a `__functor` as it's output, this will
coerce the once attrs to a function. This breaks a lot of things later
in the stack, for example a later `lib.filterAttrs seive <LAMBDA>` will
fail for obious reasons.
According to @infinisil, `types.unspecified` is due to deprecation. In
the meantime this PR provides a specific fix for the specific problem
discovered.
(cherry picked from commit ecae25c3ef137d972e909eb0e85960d90481789e)
installer media can be used on top of existing host configs. In such
scenarions, root fs types will already be defined.
Before this change, this will inevitably lead to the following error:
```console
error: The option `fileSystems./.fsType' has conflicting definition values:
- In `/nix/store/2nl5cl4mf6vnldpbxhrbzfh0n8rsv9fm-source/DevOS/os/hardware/common.nix': "ext4"
- In `/nix/store/jbch90yqx6gg1h3fq30jjj2b6h6jfjgs-source/nixos/modules/installer/cd-dvd/iso-image.nix': "tmpfs"
```
With this patch, the installers will override those values according to
their own local requirement.
Use `mkOverride 60` so that conscientious overriding specially targeted
at the installer, e.g. with `mkForce` is still straight forward.
(cherry picked from commit c219fdffad3fa76c43824bee34d5fb424ff95b87)
https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop_20.html
This update includes 35 security fixes.
CVEs:
CVE-2021-30565 CVE-2021-30566 CVE-2021-30567 CVE-2021-30568
CVE-2021-30569 CVE-2021-30571 CVE-2021-30572 CVE-2021-30573
CVE-2021-30574 CVE-2021-30575 CVE-2021-30576 CVE-2021-30577
CVE-2021-30578 CVE-2021-30579 CVE-2021-30580 CVE-2021-30581
CVE-2021-30582 CVE-2021-30583 CVE-2021-30584 CVE-2021-30585
CVE-2021-30586 CVE-2021-30587 CVE-2021-30588 CVE-2021-30589
Note: This won't be the smoothest update. Chromium seems to be fine but
requires gtk3 in $LD_LIBRARY_PATH to find libgtk-3.so.0 (otherwise it
crashes during startup) but Google Chrome fails to initialize
("GPU process exited unexpectedly: exit_code=132") and requires
"--use-gl=angle --use-angle=swiftshader" for hardware(?) acceleration
(which seems to work work fine and performant but SwiftShader should
actually use the CPU instead of the GPU).
(cherry picked from commit 97570d30c7f632e6ca25cf8e966d2a4b7e5aa546)
This should catch regressions like #131074 in the future. In that case a
glibc update caused a regression that caused most of the text to become
invisible (just not the "Web Store" we've already been checking for).
(cherry picked from commit 11400dcd65ed95292d7ac7cb30912e15ec4cf8e1)
This can be very useful when running the test headless or e.g. when
looking at Hydra logs. Especially the chrome://gpu content contains a
lot of interesting information.
I also decided to refactor the test_new_win() function to avoid
duplicate code and rely less on xdo.
(cherry picked from commit c33015a0c94777261ef054a3d7dacd53e744ceea)
Unfortunately there are some regressions in the GPU code that cause
Chromium and Google Chrome to crash, e.g.:
machine # [0709/084047.890436:ERROR:process_memory_range.cc(75)] read out of range[ 30.153484] show_signal: 20 callbacks suppressed
machine # [ 30.153490] traps: chrome[1036] trap invalid opcode ip:55af03357b29 sp:7ffeaa69ad10 error:0 in chrome[55aefe7a4000+81ec000]
machine #
machine # [0709/084047.955039:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or directory (2)
machine # [0709/084047.955078:ERROR:file_io_posix.cc(144)] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or directory (2)
machine # [ 30.126905] systemd[1]: Created slice system-systemd\x2dcoredump.slice.
machine # [ 30.137012] systemd[1]: Started Process Core Dump (PID 1038/UID 0).
machine # [ 30.571987] systemd-coredump[1039]: Process 1036 (chrome) of user 1000 dumped core.
machine # [992:1021:0709/084048.501937:ERROR:gpu_process_host.cc(995)] GPU process exited unexpectedly: exit_code=132
machine # [ 30.594747] systemd[1]: systemd-coredump@0-1038-0.service: Succeeded.
Hopefully this'll be fixed upstream before the final release (there are
bug reports for it) but for the meantime we have to launch the beta and
dev versions with "--use-gl=angle --use-angle=swiftshader".
(cherry picked from commit f9645002a2d8615fd608bfdef4f924481dca391e)
- remove check for `connected .JID: focus@auth.server` because
- log format was changed in c1945ea6cb
- connection.getUser() in jicofo also appears to be broken, returning null instead of username
- testing for this log line shouldn't be necessary, as we also test for "Authenticated as focus@auth.server"
- remove check for `External component successfully authenticated` because
- [JVB no longer uses component](https://community.jitsi.org/t/jvb-not-connecting/91157/2)
- increase VM memory
(cherry picked from commit 85aa4bf92b34a4774f7443a87ab3524bfd152002)
Previously, a failed backup would always overwrite ${db}.sql.gz,
because the bash `>` redirect truncates the file; even if the
backup was going to fail.
On the next run, the ${db}.prev.sql.gz backup would be
overwritten by the bad ${db}.sql.gz.
Now, if the backup fails, the ${db}.in-progress.sql.gz is in an
unknown state, but ${db}.sql.gz will not be written.
On the next run, ${db}.prev.sql.gz (our only good backup) will
not be overwritten because ${db}.sql.gz does not exist.
(cherry picked from commit 81c8189a841728a813bcde8604b80427fcf33522)
As per #121293, I ensured the UMask is set correctly
and removed any unnecessary chmod/chown/chgrp commands.
The test suite already partially covered permissions
checking but I added an extra check for the selfsigned
cert permissions.
(cherry picked from commit 083aba4f83b105c30a1386bdb214cb6c85e119e6)
mkEnableOption already adds "Whether to enable" and ends with a ".", so
remove that duplication from the help text.
Also reword it slightly while at it.
(cherry picked from commit 5d3dca497ba7d20c662e8144c0bedb69433a9e4a)
Logically re-apply 64c70a8c4c ("doc: point out that nixos-21.05 has gnuradio
3.9"), because it was lost in the conversion from docbook to markdown, in
commit 32c2dd304d ("docs: nixos release notes to CommonMark (2105)").
(Apparently we have both .md and .xml release notes now, and CI fails
unless they have the same content (after .md processing), so update the
.xml file to match...)
(cherry picked from commit cfe8c3a75eaa427f48bc93b15c65b826c00d7401)
Logically re-apply 7afaacf9a8 ("doc: fix link to kodi-19.0 announcement"),
because it was lost in the conversion from docbook to markdown, in commit
32c2dd304d ("docs: nixos release notes to CommonMark (2105)").
(Hm, apparently we have *both* docbook and markdown? CI failed before I
updated the .xml file.)
(cherry picked from commit c2a3ff28be9712b598d84cdc94a7894ca59c772c)
This is breaking the tarball build, because #128502 depends on this test
existing. After this commit, nixpkgs.tarball once again evaluates.
(cherry picked from commit 0dccbe2729efbaee995605bff8de3c83ca61860f)
For plugins to work properly, their assets need to be precompiled
along with the rest of Discourse's assets. This means we need to build
new packages when the list of plugins change.
(cherry picked from commit 9af3672f4faaafba0ce0129a87fc7925c14eeb61)
In https://github.com/NixOS/nixpkgs/pull/120622 cleanup options were
added, but `remove-all-inc-of-but-n-full` was misspelled and as such
was not functioning.
(cherry picked from commit 0a977cf125a86b5580de6e05bfeaa07aa54c4a78)
Since wlroots 0.14 setting WLR_RENDERER_ALLOW_SOFTWARE=1 to allow
software rendering is now enforced [0].
[0]: https://github.com/swaywm/wlroots/pull/2810
(cherry picked from commit 73d7f08b4d89b1af213db5db34e6f39518d88634)
systemd ships `units/serial-getty@.service.m4` with the `--keep-baud`
option.
We override that unit, and didn't add the `--keep-baud` option. (We have
it in our other getty options there).
Having `--keep-baud` in `serial-getty@` makes a lot of sense - the
console keeps working if it's initialized with a less standard baud
rate, such as the [Helios64](https://wiki.kobol.io/helios64/intro/).
(cherry picked from commit ba42d639f16dc774f4fa661243b640b034d7be0a)
Different boards using u-boot SPL require to write to different
locations. Sometimes, the 8MiB gap isn't sufficient - rk3399 boards
write to 0x16384 for example, which is at 8MiB, thus overriding the
fat32 partition with the SPL.
(cherry picked from commit 1db54a5522a2d523e406ce8713bfe88bb9e3f657)
nixos tests are blended with other system configurations, hence
their settings must be either enforced or defaulted.
This particular setting is set via lib.nixosSystem as
`system.nixos.revision = final.mkIf (self ? rev) self.rev;` which would
mean that without this change no flake generated nixos could be blended
with nixos testing.
This setting was made previously constant in
169c6b4b14 in order to avoid pointless
rebuilds of the testing VMs, but was set without enforcing it.
(cherry picked from commit 8bbdff45816c657f679cd77c0a0dbca534a85bf3)
Reading the release notes I got the impression that the latest (and
default) was GR3.8, but it is in fact 3.9. Make that more obvioius.
(cherry picked from commit c789c53ce55d26d4963b48cb109fd3f02838fa11)
This makes the service fail when upgrading the package, so let's
properly restart it instead.
(cherry picked from commit b4c069b1476a92a540e906ef95cd7fb380d29c63)
Commit 3a2e0c36e7 has removed
`--reuse-key` from default renew options, yet the tests still expected
keys not to change. This assertion is now removed, as they are supposed
to change on each renew/change.
(cherry picked from commit b00bcf21abc392ecb1d93bd49f7a5ffbc8524ecf)
Reload only works with a static configuration path as there is no way to
pass the dynamically generated config path to a running solanum
instance, therefore we symlink the configuration to
/etc/solanum/ircd.conf.
But that will prevent reloads of the ircd, because the systemd unit
wouldn't change when the configuration changes. That is why we add the
actual location of the config file to restartTriggers and enable
reloadIfChanged, so changes will not restart, but reload on changes.
(cherry picked from commit 60c62214f5a3c7db6aa30d8a8e02c863b6abcf0a)
Previously this defaulted to the default MOTD in the solanum source
tree, and I don't want my friends to laugh at me. Includes a patch to
the tests to ensure that the MOTD is actually set.
This replicates the fix done in #109705 (solanum is a fork of charybdis,
so they share fundamental logic for this).
Signed-off-by: Christine Dodrill <me@christine.website>
(cherry picked from commit b1fe9fab6fcfa4cdefe7370ba264b281e48de0f8)
Add support for folder jobs
(https://plugins.jenkins.io/cloudbees-folder/) by reworking the service
to support nested jobs.
This also fixes this deprecation warning (as a happy side effect):
WARNING:jenkins_jobs.cli.subcommand.test:(Deprecated) The default output behavior of `jenkins-jobs test` when given the --output flag will change in JJB 3.0. Instead of writing jobs to OUTPUT/jobname; they will be written to OUTPUT/jobname/config.xml. The new behavior can be enabled by the passing `--config-xml` parameter
(cherry picked from commit 4bcb22e17aa8677c6b3fc4625732d4da791a576f)
Firefox has been decoupled from the system certificate store since the
nss p11-kit integration in combination with our cacert package does not
expose CKA_NSS_MOZILLA_CA_POLICY, which among other things is required
for addon updates.
(cherry picked from commit 2d4ed9bae6f9c80d75cf5ef18ccdac85cf889ff3)
The test doesn't evaluate since #125469 because Linux 5.11 got removed
as it's EOL.
As this fixes the evaluation of the test and it only removes a
declaration that was apparently forgotten, I figured that a push to
unbreak the test is fine.
(cherry picked from commit 10eab5b6b3d1d38ffd3594fa6e4be13924dafd15)
A hard failure breaks the NixOS installer, which can't possibly
know the interface names in advance.
(cherry picked from commit be01320a6c39867eac0a20b4dfe04680d3b1ce26)
62733b37b4 broke evaluation in all
places `pkgs.mysql` was used. Fix this by changing all occurrences to
`pkgs.mariadb`.
(cherry picked from commit 59e0120aa5c1241d48048afa615e25c65d7e366d)
In 0.3.0 of the json-exporter[1] it was switched to a different jsonpath
library which made some changes - especially for spaces in keys -
necessary. Also I decided to remove the pretty-printed JSON as this
would interfere with the bash quoting too much. If one needs
pretty-printed output, they can still pipe the output to `jq`.
[1] https://github.com/prometheus-community/json_exporter/releases/tag/v0.3.0
(cherry picked from commit 976d668e5c5566c3e96b17d667830a0f3ed1bbb5)
David Arnold
Robert Hensing
Vladimír Čunát
Martin Weinelt
Eelco Dolstra
Michael Francis
Niklas Hambüchen
Michael Weiss
Luke Granger-Brown
Maximilian Bosch
Valentin Conrad
Timothy DeHerrera
Marc 'risson' Schmitt
Jan Tojnar
Kim Lindberger
Robert Scott
Jörg Thalheim
Jeremy Kolb
Yureka
github-actions[bot]
Jörg Thalheim
illustris
Anderson Torres
Lara
Robert Hensing
Bruno Bigras
Atemu
Lucas Savva
Thomas Gerbet
Bjørn Forsman
Aaron Andersen
Philipp Hausmann
Jonathan Ringer
Alexandru Scvortov
Dima
Florian Klink
Mewp
lassulus
Christine Dodrill
Domen Kožar
Jan Solanti
Natan Lao
rnhmjoj
AmineChikhaoui
Anders Kaseorg